Complete DHS Report for August 12, 2016
Daily Report
Top Stories
• Approximately 3,400 pounds of sodium hydroxide spilled on the
Interstate 75 exit ramp in Anna, Ohio, August 10, prompting officials to close
the ramp for at least 24 hours while HAZMAT crews clean up the spill. – Dayton
Daily News
1. August 11,
Dayton Daily News – (Ohio) Chemical leak closes I-75 ramp in Shelby Co. for 24
hours Approximately 3,400 pounds of sodium hydroxide spilled on the exit
ramp from Ohio 119 to southbound Interstate 75 in Anna, Ohio, August 10 after a
semi-truck hauling the chemical exploded. Officials stated the ramp will be
closed for at least 24 hours while U.S. Environmental Protection Agency
personnel and HAZMAT crews clean the spill. Source: http://www.daytondailynews.com/news/news/traffic/hazmat-situation-shuts-down-sb-i-75-in-shelby-co/nsDbk/
• Officials charged Cavalier Union Investments LLC and its 2
co-owners August 10 for running a $10 million investment fraud scheme where
they allegedly diverted nearly $6 million of investors’ funds to pay for
personal expenses and to repay earlier investors. – U.S. Securities and
Exchange Commission See item 4 below in
the Financial Services Sector
• Approximately 25,000 gallons of raw sewage leaked into a canal
near Redfish Circle that feeds into Grand Lagoon in Panama City Beach, Florida,
August 9. – WMBB 13 Panama City
12. August 10,
WMBB 13 Panama City – (Florida) 25,000 gallons of sewage leaks into Grand Lagoon. Nearly
25,000 gallons of raw sewage leaked from a manhole cover into a canal near
Redfish Circle that feeds into the north side of Grand Lagoon in Panama City
Beach, Florida, August 9. Officials advised residents to avoid swimming in the
canal and Grand Lagoon until further notice.
• Nearly 100 residents were displaced from the Flower Branch
Apartments in Silver Spring, Maryland, August 10 – August 11 following a
3-alarm fire and natural gas explosion that destroyed the complex and injured
34 people. – USA Today
21. August 11,
USA Today – (Maryland) 2 dead, several missing after gas explosion, fire
in D.C. suburb. Nearly 100 residents were displaced from the Flower Branch
Apartments in Silver Spring, Maryland, August 10 – August 11 following a
3-alarm fire and natural gas explosion that destroyed the complex, damaged
surrounding buildings and streets, left 2 people dead, and injured 34 others.
Authorities were searching August 11 for several missing residents. Source: http://www.usatoday.com/story/news/nation-now/2016/08/11/fire-possible-explosion-rocks-dc-suburb/88553412/
Financial Services Sector
4. August 10,
U.S. Securities and Exchange Commission – (Virginia) SEC charges former
professional football player with running $10 million fraud. The U.S.
Securities and Exchange Commission charged Cavalier Union Investments LLC and
its 2 co-owners August 10 for running a $10 million investment fraud scheme
where the duo allegedly misled investors about the unregistered debt securities
they sold and convinced investors that the company’s investment funds were
operated by experienced advisers in order to divert nearly $6 million of the
investors’ funds to pay for personal expenses and to repay earlier investors.
Officials also announced parallel criminal charges against one of the company’s
owners for his role in the scheme. Source: https://www.sec.gov/news/pressrelease/2016-159.html
Information Technology Sector
18. August 11,
SecurityWeek – (International) Linux flaw allows attackers to hijack web
connections. Researchers from the University of California at Riverside and
the U.S. Army Research Laboratory discovered a vulnerability affecting the
Transmission Control Protocol (TCP) specification implemented in Linux kernel
could be leveraged to intercept TCP-based connections between two hosts on the
Internet, to track users’ activity, terminate connections, and inject arbitrary
data into a connection after an off-path attacker deduced the sequence numbers
that identify TCP data packets exchanged between hosts using the Internet
Protocol (IP) addresses of the targeted communicating devices. Developers of
various Linux distributors were working to fix the security hole. Source: http://www.securityweek.com/linux-flaw-allows-attackers-hijack-web-connections
19. August 10,
Softpedia – (International) Chrome, Firefox, and IE browser hijacker
distributed via legitimate software. Intel McAfee security researchers
discovered recent versions of the Bing.vc malware were being delivered to
Google Chrome, Mozilla Firefox, and Microsoft’s Internet Explorer via legitimate-looking
applications distributed by Lavians Inc., in order to take over the Website’s
homepage and insert ads into visited sites, and redirect all users to Bing.vc
in an attempt to sell victims an expensive utility to fix the browser hijacking
problem. Researchers stated users must remove the registry keys or use an
automated PC clean-up utility, as well as clean the shortcuts for each browser
in order clear the malware from an infected app. Source: http://news.softpedia.com/news/chrome-firefox-and-ie-browser-hijacker-distributed-via-legitimate-software-507183.shtml
20. August 10,
SecurityWeek – (International) Secure Boot vulnerability exposes Windows
devices to attacks. Two researchers, dubbed MY123 and Slipstream discovered
the new type of Secure Boot policy introduced in the Microsoft Windows 10
Anniversary Update, v1607, can be exploited to bypass the security feature and
install rootkits and bootkits on Windows devices after finding that the new
supplemental policies are loaded by the boot manager without being properly
checked and can be used to enable “test-signing,” a feature that allows an
attacker to bypass Secure Boot and load the malware once it is activated.
Researchers stated the attack can only be carried out by an attacker with admin
privileges or physical access to the targeted device and Microsoft was working
to release a patch for the issue. Source: http://www.securityweek.com/secure-boot-vulnerability-exposes-windows-devices-attacks
Communications Sector
Nothing to report