Complete DHS Report for June 28, 2016
Daily Report
Top Stories
• Dozens of residents were displaced for 6 hours and a portion of
Highway 146 was closed June 26 due to two separate chemical incidences at the
LyondellBasell Industries plant and the Lone Star NGL plant in Mont Belvieu,
Texas. – KHOU 11 Houston
2. June 26,
KHOU 11 Houston – (Texas) Chemical leak, fire prompts evacuations in Mont
Belvieu. Dozens of residents were displaced for 6 hours and a portion of
Highway 146 was temporarily closed June 26 due to two separate chemical
incidences after a chemical leaked at LyondellBasell Industries plant and a
fire began at the Lone Star NGL plant in Mont Belvieu, Texas. Officials stated
the air was deemed safe and LyondellBasell reported that the leak was due to a
pressure build-up in a wellhead at their pipeline storage plant. Source: http://www.khou.com/news/local/chemical-leak-fire-prompts-evacuations-in-mont-belvieu/256468826
• The U.S. Internal Revenue Service announced the week of June 20
that it will retire its Electronic Filing (E-File) Personal Identification
Numbers (PINs) Web application after hackers used stolen taxpayer information
to obtain 101,000 E-file PINs through its Web site on several occasions. – IDG
News Service
17. June 27,
IDG News Service – (National) IRS kills electronic filing PIN feature due to
repeated attacks. The U.S. Internal Revenue Service announced the week of
June 20 that it will retire its Electronic Filing (E-File) Personal
Identification Numbers (PINs) Web application, which was used for obtaining
PINs that taxpayers could use to file tax returns electronically due to
questionable activity after hackers used stolen taxpayer information to obtain
101,000 E-file PINs through its Web site on several occasions. Source: http://www.networkworld.com/article/3088671/irs-kills-electronic-filing-pin-feature-due-to-repeated-attacks.html
• The U.S. President declared West Virginia a disaster area June
25 following severe flooding that led to 24 deaths, the loss of power to more
than 32,000 customers, and severe damage to homes and infrastructure across the
State. – CNN
23. June 26,
CNN – (West Virginia) West Virginia flooding leaves at least 24
dead. The U.S. President declared West Virginia a disaster area June 25
after the governor declared states of emergency in 44 counties June 23
following severe flooding that led to 24 deaths, the loss of power to more than
32,000 customers, and severe damage to homes and infrastructure across the
State. Roads were swept away and hundreds of rescue personnel responded to
emergency calls.
• A June 26 fire at the Newton Village Apartments in Newton Falls,
Ohio, caused an estimated $750,000 in damages and displaced 56 residents after
the fire allegedly began in a third-floor air conditioning unit that overheated.
– WKBN 27 Youngstown
28. June 27,
WKBN 27 Youngstown – (Ohio) 56 displaced in Newton Falls apartment fire. A
June 26 fire at the Newton Village Apartments in Newton Falls, Ohio, caused an
estimated $750,000 in damages, injured 1 person, and displaced 56 residents
after the fire allegedly began in a third-floor air conditioning unit that
overheated. Fire crews extinguished the flames.Source: http://wkbn.com/2016/06/27/crews-battle-apartment-fire-in-newton-falls/
Financial Services Sector
Nothing
to report
Information Technology Sector
24. June 26,
Softpedia – (International) Uber bugs allowed hackers to gather details
on rides, drivers, passengers. Security researchers from Integrity
discovered 14 issues in Uber Technologies Inc.’s system that could be exploited
to extract user details via the mobile app’s Help Section, obtain a driver’s
and user’s universally unique identifier (UUID) and request private information
such as names, pictures, location, car types, status, among other data, and use
over 1,000 active promo codes that could have added $100 to each driver’s fair
earnings, among other flaws. Source: http://news.softpedia.com/news/uber-bugs-allowed-hackers-to-gather-details-on-uber-rides-drivers-passengers-505663.shtml
25. June 25,
Softpedia – (International) Bart ransomware locks files as individual
password-protected ZIP archives. Security researchers from PhishMe,
Proofpoint, and other firms reported that a new ransomware dubbed Bart was similar
to the Locky ransomware and believe the ransomware was created by the same
cyber-criminals as the distribution of the two ransomwares utilizes email spam
campaigns to deliver a ZIP archive containing a malicious JavaScript (JS) file,
which downloads RockLoader and the Bart ransomware. The Bart ransomware uses a
different encryption method by placing each file in its ZIP archive file and
securing the archive with a password. Source: http://news.softpedia.com/news/bart-ransomware-locks-files-as-individual-password-protected-zip-archives-505659.shtml
26. June 24,
SecurityWeek – (International) Severe vulnerabilities found in Meinberg NTP
servers. Meinberg released firmware updates for several of its network time
protocol (NTP) time servers after a security researcher found the devices were
plagued with two stack-based buffer overflows and a weak access control issue
that could allow an attacker to exploit the vulnerabilities to escalate the
privileges to root.
27. June 24,
SecurityWeek – (International) Flaw allowed hackers to deliver malicious
images via PayPal. PayPal fixed a flaw in its Web site after a security
researcher discovered the Uniform Resource Locator (URL) of payment pages set
by users included a parameter named “image_url” that could be replaced with a
URL pointing to an image hosted on a remote server, which could allow an
attacker to use a third-party vendor’s PayPal payment page to deliver malicious
images. Source: http://www.securityweek.com/flaw-allowed-hackers-deliver-malicious-images-paypal
Communications Sector
Nothing to report