Complete DHS Report for November 23, 2016
Daily Report
Top Stories
• North Dakota officials reported that crews contained around
16,800 gallons of oil that spilled after a valve at an oil well on the Fort
Berthold Indian Reservation near Killdeer failed November 19. – Forum of
Fargo-Moorhead
1. November 21, Forum of
Fargo-Moorhead – (North Dakota) Oil spill reported, contained near
Killdeer, N.D. The North Dakota Industrial Commission, Oil and Gas Division
reported that crews contained around 16,800 gallons of oil that spilled after a
valve at an oil well on the Fort Berthold Indian Reservation near Killdeer
failed November 19.
• Florida health officials issued a health advisory for Lake
Vivien and the Choctawhatchee Bay in Shalimar November 21 after 2,800 gallons
of sewage spilled following the overflow of a wastewater manhole. – WJHG 7 Panama
City/WECP 18 Panama City
7. November 22, WJHG 7
Panama City/WECP 18 Panama City – (Florida) Health advisories issued
after 2,800-gallon sewage spill. Florida Department of Health officials
issued a health advisory for Lake Vivien, also known as Lake Clyde, and the
Choctawhatchee Bay in Shalimar November 21 after 2,800 gallons of sewage
spilled at the intersection of Bayshore Drive and Palm Boulevard following the
overflow of a wastewater manhole. Crews contained the spill and health
officials reported that the sewage did not contaminate any drinking water
sources.
• The U.S. National Transportation Safety Board is investigating
after a school bus transporting 37 Woodmore Elementary School students
overturned and crashed into a tree in Chattanooga, Tennessee, November 21,
killing 5 students and hospitalizing 12 others. – Chattanooga Times Free
Press
11. November 22,
Chattanooga Times Free Press – (Tennessee) 6 students in ICU after
school bus driver charged in crash that killed Woodmore Elementary students. The
U.S. National Transportation Safety Board is investigating after a school bus
transporting 37 Woodmore Elementary School students overturned and crashed into
a tree in Chattanooga, Tennessee, November 21, killing 5 students and hospitalizing
12 others. The driver was arrested and charged following the incident. Source: http://www.timesfreepress.com/news/local/story/2016/nov/22/federal-investigators-probe-crash-killed-mult/399118/
• A fire at the Mike Raahauge Shooting Enterprises range in
Corona, California, November 21 caused an estimated $2.5 million in damages and
forced the facility to close until November 25. – Los Angeles Times
21. November 21, Los
Angeles Times – (California) Firefighters take cover when ammunition
explodes during blaze at Corona shooting range. A fire at the Mike Raahauge
Shooting Enterprises range in Corona, California, November 21 caused an
estimated $2.5 million in damages and forced the facility to close until
November 25. The cause of the fire remains under investigation.
Source: http://www.latimes.com/local/lanow/la-me-ln-raahauges-shooting-range-fire-20161121-story.html
Financial Services Sector
Nothing to report
Information Technology Sector
18. November 22,
SecurityWeek – (International) Office 365 flaw made fake Microsoft
emails look legitimate. A Turkey-based security researcher discovered a
flaw in Microsoft Office 365 that could be exploited by attackers to send
malicious emails and make them appear as if they were sent from a legitimate
microsoft.com email address after a test of different email services’ spam
filters found that some of his phishing emails that were marked as valid came
from a spoofed microsoft.com address and were forwarded through Outlook 365 to
the Yandex email service. Additional testing found that Gmail also accepted the
spoofed microsoft.com emails that were forwarded from Outlook as legitimate.
19. November 21,
SecurityWeek – (International) Code execution flaws patched in HDF5
library. The HDF Group released version 1.8.18 of its HDF5 library after
researchers from Cisco’s Talos Vulnerability Development Team discovered the
library was plagued with a total of 4 local heap-buffer overflow flaws that could
allow an attacker to execute arbitrary code in the context of the application
using the library if they trick a victim into opening a maliciously crafted
file. The vulnerabilities are the result of a failure to check if the number of
dimensions for an array from a file is within bounds, failure to check if
certain message types support a specific flag, and insufficient handling of
select values in memory when parsing a Hierarchical Date Format (HDF) file,
among other failures. Source: http://www.securityweek.com/code-execution-flaws-patched-hdf5-library
For another story, see item 12 below from the Government Facilities
Sector
12. November 22,
Softpedia – (International) US Government invites hackers to attack US
Army domains. The U.S. Department of Defense (DOD) and partner company
HackerOne reported November 22 that hackers can now register for the Hack the
Army bug bounty challenge, which will allow 500 security researchers to hack
U.S. Army domains and find unpatched vulnerabilities in exchange for a reward.
DOD officials reported the program concerns any public-facing Website that is
owned, operated, or controlled by the department, and is part of an effort to
explore new security approaches.
Source:
http://news.softpedia.com/news/us-government-invites-hackers-to-attack-us-army-domains-510418.shtml
Communications Sector
Nothing to report