Tuesday, November 29, 2016



Complete DHS Report for November 29, 2016

Daily Report                                            

Top Stories

• More than 9,000 gallons of fuel spilled from an overturned tanker truck in Cape Coral, Florida, November 27 and caught fire, prompting officials to evacuate all residents within a half-mile radius of the spill for several hours. – WBBH 20 Fort Myers

1. November 28, WBBH 20 Fort Myers – (Florida) Leaking fuel tanker catches fire in Cape, causes evacuations. More than 9,000 gallons of fuel spilled from an overturned tanker truck on Del Prado Boulevard in Cape Coral, Florida, November 27 and caught fire, prompting officials to evacuate all residents within a half-mile radius of the spill for several hours. A portion of the road was shut down for several hours while officials worked to clean up the gasoline and contain the fire. Source: http://www.nbc-2.com/story/33800101/evacuations-begin-as-leaking-fuel-tanker-catches-fire-in-cape

• Officials reported November 26 that roughly 3,200 gallons of sewage overflowed from a manhole on Kuhio Highway in Hanamaulu, Hawaii, into Hanamaulu Stream. – Lihue Garden Island

12. November 27, Lihue Garden Island – (Hawaii) Lanes closed after crash, sewage spill. Officials from the Kauai County Public Works Department, Wastewater Division reported November 26 that roughly 3,200 gallons of sewage overflowed from a manhole on Kuhio Highway in Hanamaulu, Hawaii, into Hanamaulu Stream due to a partially-blocked sewer line that crosses the stream along the highway. Officials advised the public to avoid the water until further notice. Source: http://thegardenisland.com/news/local/lanes-closed-after-crash-sewage-spill/article_930bb5c7-c192-5f36-b511-bde4418906f7.html

• Officials from the Berkshire Medical Center in Massachusetts reported November 23 that the personal information of 1,745 cardiology patients may have been exposed after the records were discovered on thumb drives recovered from a former employee of Ambucor Health Solutions. – Berkshire Eagle

13. November 24, Berkshire Eagle – (Massachusetts) Hundreds of BMC patients’ info found on vendor’s thumb drives. Officials from the Berkshire Medical Center in Pittsfield, Massachusetts, reported November 23 that the personal information of 1,745 cardiology patients may have been exposed after the records were discovered on thumb drives recovered from a former employee of Ambucor Health Solutions, an outside service vendor. The thumb drive did not include patients’ Social Security numbers, Medicare, insurance, or financial information, and officials stated there is no evidence the information was misused. Source: http://www.berkshireeagle.com/stories/hundreds-of-bmc-patients-info-found-on-vendors-thumb-drives,490304

• Fire crews from 25 States reached more than 50 percent containment November 26 of almost all of the major wildfires burning in western North Carolina. – WSOC 9 Charlotte

14. November 28, WSOC 9 Charlotte – (North Carolina) Rain to bring some relief to NC wildfires. Fire crews from 25 States reached more than 50 percent containment November 26 of almost all of the major wildfires burning in western North Carolina, including 77 percent containment of the 9,036-acre Boteler Fire and 90 percent containment of the 7,145-acre Party Rock Fire. Burn bans remain in effect for 47 counties across North Carolina. Source: http://www.wsoctv.com/news/north-carolina/firefighters-make-progress-on-north-carolina-wildfires_/470603987

Financial Services Sector

See item 23 below from the Commercial Facilities Sector

23. November 24, Softpedia – (New York) Hackers hijack Madison Square Garden payment systems, credit card data at risk. The Madison Square Garden Company reported November 24 that it detected an attack on its payment system that may have exposed the credit card information of all of its customers between November 9, 2015 and October 24, 2016, including card numbers, verification codes, cardholder names, and expiration dates. The firm stated the attack took place outside of its network and did not leverage accessories attached to the Point-of-Sale (PoS) systems, and the hack remains under investigation. Source: http://news.softpedia.com/news/hackers-hijack-madison-square-garden-payment-systems-credit-card-data-at-risk-510472.shtml

Information Technology Sector

16. November 28, SecurityWeek – (International) cURL security audit reveals several vulnerabilities. The developer of cURL released version 7.51.0 to resolve a total of 11 vulnerabilities following a security audit by Cure53, which revealed the open source tool was plagued with 23 issues and 9 security flaws including 4 high severity issues that could lead to remote code execution. Source: http://www.securityweek.com/curl-security-audit-reveals-several-vulnerabilities

17. November 25, SecurityWeek – (International) Cerber 5.0 ransomware uses new IP ranges. Check Point security researchers discovered that version 5.0 of the Cerber ransomware was released and now uses new Internet Protocol (IP) ranges for the command and control (C&C) communication, skips 640 bytes when encrypting a file, targets files that feature the secret extension, and no longer encrypts files smaller than 2,560 bytes, among other new features. Check Point also found that the ransomware leverages spam email campaigns and the Rig-V exploit kit for distribution, and as with previous versions, Cerber 5.0 randomly generates encrypted file extensions using four alphabetic numbers. Source: http://www.securityweek.com/cerber-50-ransomware-uses-new-ip-ranges

18. November 25, SecurityWeek – (International) Flaws in Uber’s UberCENTRAL tool exposed user data. A security researcher discovered several issues in Uber Technologies Inc.’s UberCENTRAL service including a flaw that allows attackers to enumerate users’ universally unique identifiers (UUIDs) by sending requests with possible email addresses, and an issue that can be exploited to obtain full names, phone numbers, and email addresses of customers, among other flaws. Uber released patches for the flaws.

Communications Sector

19. November 25, Roseburg News-Review – (Oregon) Telephone and internet outage affecting thousands on coast, possible 911 outages. Approximately 15,000 Charter Communications customers from Florence to Coos Bay, Oregon, were without telephone and Internet service for roughly 9 hours November 25. Officials reported during the outage, customers may not have been able to dial 9-1-1 from a landline, but emergency services were reachable via cell phone. Source: http://www.nrtoday.com/news/local/north_county/reedsport/telephone-and-internet-outage-affecting-thousands-on-coast-possible-outages/article_ab5b8a6a-66d6-5510-9d60-f927ac38a821.html