Complete DHS Report for June 20, 2016
Daily Report
Top Stories
• Utility crews worked to restore power to more than 150,000
customers across central Virginia June 17 following severe storms that produced
strong winds and frequent lightning June 16. – WWBT 12 Richmond
1. June 17,
WWBT 12 Richmond – (Virginia) Over 150,000 homes, businesses without power in
central Va. Utility crews worked to restore power to more than 150,000
customers across central Virginia June 17 following severe storms that produced
strong winds and frequent lightning June 16. Source: http://www.nbc12.com/story/32244892/nearly-150000-homes-businesses-without-power-in-central-va?clienttype=generic
• The Willy Wonka Candy Factory in Itasca was evacuated overnight
June 16 – June 17 after lithium chloride was spilled when a pipe carrying the
chemical burst, injuring a dozen workers. – WBBM 2 Chicago
12. June 17,
WBBM 2 Chicago – (Illinois) Chemical spill at suburban candy factory sickens
workers. The Willy Wonka Candy Factory in Itasca, Illinois, was evacuated
overnight June 16 – June 17 after lithium chloride, a product used for humidity
control, was spilled when a pipe carrying the chemical burst, prompting around
a dozen workers to be transported to area hospitals with respiratory issues.
Authorities stated that the material was non-hazardous and the spill was contained. Source: http://chicago.cbslocal.com/2016/06/17/chemical-spill-at-suburban-candy-factory-sickens-workers/
• Thirty-two municipal wells owned by the Security Water and
Sanitation District were contaminated with Perfluorinated chemicals June 15,
placing about 80,000 residents near Colorado Springs at risk. – Denver Post
19. June 16,
Denver Post – (Colorado) Drinking water in three Colorado cities
contaminated with toxic chemicals above EPA limits. Officials announced
June 15 that 32 municipal wells owned by the Security Water and Sanitation
District are contaminated with invisible toxic Perfluorinated chemicals,
placing approximately 80,000 residents near Colorado Springs at risk and
prompting officials to shut down seven wells. Officials notified residents
informing them of the contaminated waters. Source: http://www.denverpost.com/2016/06/15/colorado-widefield-fountain-security-water-chemicals-toxic-epa/
• The U.S. Department of Justice reported June 15 that a former
leader of the hacking group, Kosova Hacker’s Security pleaded guilty to stealing
data on more than 1,300 U.S. military and government personnel while providing
the information to the Islamic State. – IDG News Service
24. June 16,
IDG News Service – (International) Pro-ISIS hacker pleads guilty to stealing
U.S. military data. The U.S. Department of Justice reported June 15 that a
former leader of the hacking group, Kosova Hacker’s Security pleaded guilty to
stealing data on more than 1,300 U.S. military and government personnel while
providing the information to the Islamic State. The FBI investigated the hacked
server and found the same Internet Protocol (IP) address the man used to carry
out the attacks was the same IP address used for his personal Facebook and
Twitter accounts. Source: http://www.computerworld.com/article/3085209/security/pro-isis-hacker-pleads-guilty-to-stealing-us-military-data.html#tk.rss_security
Financial Services Sector
6. June 17,
Bergen County Record – (New Jersey) Time runs out for suspected ‘Countdown Bandit;’
arrest made in North Jersey bank heists. A man dubbed the “Countdown
Bandit” was arrested June 16 after he allegedly robbed the Spencer Savings Bank
in Wallington, New Jersey, and at least nine other banks in the region since
February 2015. Source: http://www.northjersey.com/news/time-runs-out-for-suspected-countdown-bandit-arrest-made-in-north-jersey-bank-heists-1.1617419
Information Technology Sector
25. June 17,
SecurityWeek – (International) Adobe patches flash zero-day exploited by APT
Group. Adobe released Flash Player 22.0.0.192 which addressed 36 flaws that
could be exploited for arbitrary code execution and information disclosure
after a new advanced persistent threat (APT) group dubbed, “ScarCruft” was
using the flaws to disseminate its “Operation DayBreak” campaign to target
high-profile targets. In addition, researchers discovered that attackers were
using a method to bypass modern anti-malware products by decrypting and
executing a shellcode that downloads and runs a Dynamic Link Library (DLL)
file. Source: http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-apt-group
26. June 16,
Softpedia – (International) GitHub resets some user passwords after
brute-force attack. GitHub reported that it reset all its users’ passwords
and advised its users to look at their password complexity level and enable the
two-factor authentication for their accounts after the company’s security
researchers found a hacker had used credentials leaked during a previous breach
to access GitHub users’ accounts. The company stated their systems were not
compromised or breached in the attack. Source: http://news.softpedia.com/news/github-resets-some-user-passwords-after-brute-force-attack-505340.shtml
27. June 16,
Softpedia – (International) Microsoft open-sources “Checked C,” a safer C
version. Microsoft released its open-sourced Checked C, which will help
developers detect common programming errors such as buffer overruns,
out-of-bounds memory access, and incorrect type casts that were previously used
in vulnerabilities including Shellshock, Heartbleed, and Sandworm. Checked C
will modify how pointers are handled and will allow programmers to detect
errors as they create the code. Source: http://news.softpedia.com/news/microsoft-open-sources-checked-c-a-safer-c-version-505331.shtml
For another story, see item 24 above in Top Stories
Communications Sector
28. June 17,
KMOV4 St. Louis – (Missouri) AT&T restored Friday Morning. AT&T
customers in four Missouri cities experienced outages June 16 including
firefighters and police officers forcing them to use map books to find
locations. Source: http://www.wnem.com/story/32238092/att-outage-reported-in-parts-of-missouri