Complete DHS Report for April 29, 2014
Daily Report
Details
• Authorities are investigating a plane crash
over the San Francisco Bay April 27, in which 2 small planes collided in the
air sending 1 plane crashing into the bay while the other plane landed later at
Eagle’s Nest Airport in Ione, California. – Associated Press
5.
April 28, Associated Press –
(California) Pilot missing after 2 planes collide in California. The
Federal Aviation Administration is investigating a plane crash over the San
Francisco Bay April 27, in which 2 small planes collided in the air, sending 1
plane crashing into the bay while the other plane with 2 onboard landed 40
minutes later at Eagle’s Nest Airport in Ione, California. Source: http://news.msn.com/us/2-planes-collide-over-northern-san-francisco-bay
• Interstate 15 in Beaver County, Utah, was
shut down for several hours April 27 after a suspect kidnapped a child and
started a high-speed chase, eventually barricading himself and the child in the
vehicle for hours before giving up peacefully. – KSL 102.7 FM Salt Lake City
6.
April 27, KSL 102.7 FM Salt Lake City –
(Utah) I-15 standoff ends as a man holding child hostage surrenders. Interstate
15 in Beaver County, Utah, was shut down for several hours April 27 after a
suspect in a homicide investigation in Louisiana kidnapped a 2-year-old child
and started a high-speed chase, eventually barricading himself and the child in
the vehicle for hours before giving up peacefully. Source: http://www.ksl.com/?sid=29660803&nid=148
• Authorities arrested 5 nurses of Prime
Health LLC in Plaquemine, Louisiana, April 24 in connection to accepting money
in exchange for obtaining fake prescriptions for drugs used to make a
recreational drug mixture. – Baton Rouge Advocate
15.
April 27, Baton Rouge Advocate –
(Louisiana) Five booked in ‘purple drank’ investigation. Authorities
arrested 5 current and former nurses of Prime Health LLC in Plaquemine April 24
in connection to accepting money during the past 6 months in exchange for
obtaining fake prescriptions for drugs used to make a recreational drug mixture
consisting of prescription-strength cough syrup. Officials stated that more
arrests are expected in the investigation. Source: http://theadvocate.com/home/8994791-125/five-booked-in-purple-drank
• Microsoft warned users of its Internet
Explorer (IE) browser after researchers discovered a critical zero day
vulnerability that affects IE 6 through IE 11 and could allow an attacker to
use a Flash exploitation technique to remotely execute code. – V3.co.uk See item 19 below in the Information Technology Sector
Financial Services Sector
3. April 25, Atlanta
Journal-Constitution – (Georgia) FDIC sues directors
and officers of failed Bartow bank. The Federal Deposit Insurance
Corporation (FDIC) filed a lawsuit against the former directors and officers of
the failed Bartow County Bank in Georgia for allegedly making risky loans and
not adhering to the bank’s loan policies, which led to the bank’s collapse and
cost the FDIC around $69.5 million. Source: http://www.ajc.com/news/business/fdic-sues-directors-and-officers-of-failed-bartow-/nfhjS/
4. April 25, Associated Press – (National) Ex-Islanders partial owner admits investment
fraud. A former partial owner of the New York Islanders pleaded guilty to
participating in a 13-year investment fraud scheme that enabled him to
misappropriate $50.7 million from investors. The fraud scheme involved
securities businesses in Connecticut and California and misappropriated
hundreds of millions of dollars from accounts belonging to clients, including
university foundations and pension plans. Source: http://abcnews.go.com/Sports/wireStory/islanders-partial-owner-admits-investment-fraud-23471790
Information Technology Sector
19. April 28, V3.co.uk – (International) Critical Microsoft Internet Explorer
flaw leaves one in four web users vulnerable. Microsoft warned users of its
Internet Explorer (IE) browser after FireEye researchers discovered a critical
zero day vulnerability that affects IE 6 through IE 11 and could allow an
attacker to use a Flash exploitation technique to remotely execute code.
FireEye researchers spotted attacks using the vulnerability targeting IE 9
through IE 11, representing about a quarter of total browser users. Source: http://www.v3.co.uk/v3-uk/news/2341834/critical-microsoft-internet-explorer-flaw-leaves-one-in-four-web-users-vulnerable
20. April 28, Softpedia – (International) 4 vulnerabilities and 38 bugs fixed
with the release of MyBB 1.6.13. The latest version of MyBB was released
for download, closing 4 security vulnerabilities and addressing 38
functionality bugs. Source: http://news.softpedia.com/news/4-Vulnerabilities-and-38-Bugs-Fixed-With-the-Release-of-MyBB-1-6-13-439653.shtml
21. April 28, Softpedia – (International) Apache Struts 2.3.16.2 released to
properly fix zero-day vulnerability. The Apache Software Foundation
released an update for its Apache Struts open-source framework, addressing an
issue with a previous update that included a fix for a zero day vulnerability
that was not efficient. Source: http://news.softpedia.com/news/Apache-Struts-2-3-16-2-Released-to-Properly-Fix-Zero-Day-Vulnerability-439621.shtml
22. April 28, Softpedia – (International) XSS vulnerability in Sohu.com
leveraged for large-scale DDoS attacks. The source of a distributed denial
of service (DDoS) attack on a client of Incapsula early in April that involved
20 million GET requests was found to be Sohu.com, a popular Chinese Web portal.
Incapsula informed Sohu.com of the issue and the site was able to close a
cross-site scripting (XSS) vulnerability that was used to power the attack.
Source: http://news.softpedia.com/news/XSS-Vulnerability-in-Sohu-com-Leveraged-for-Large-Scale-DDOS-Attacks-439606.shtml
23. April 25, Softpedia – (International) Security patches released for IP.Board
3.3.x and 3.4.x. Invision Power Services released security patches for its
IP.Board 3.3.x and 3.4.x products, addressing three file inclusion issues and a
cross-site scripting (XSS) vulnerability. Source: http://news.softpedia.com/news/Security-Patches-Released-for-IP-Board-3-3-x-and-3-4-x-439416.shtml
24. April 25, Threatpost – (International) Exploiting Facebook Notes to launch
DDoS. A security researcher discovered and reported a method that can be
used to launch distributed denial of service (DDoS) attacks through the
Facebook Notes feature by using random GET parameters for HTML tags. Facebook
stated that they acknowledged the issue but would not change the method the
tags are handled because it would degrade user functionality. Source: http://threatpost.com/exploiting-facebook-notes-to-launch-ddos/105701
Communications Sector
Nothing
to report