Complete DHS Report for March
5, 2015
Daily Report
Top Stories
· California
officials stopped production at 12 wells used to pump oil-and-gas in Central
Valley March 3 in order to protect underground drinking-water from
contamination. – Associated Press
1. March
4, Associated Press – (California) California shuts down oil
wells to protect ground water. The California Department of Conservation
stopped production at 12 wells used to pump oil-and-gas in Central Valley March
3 in order to protect underground drinking-water from contamination following a
review that found over 2,500 instances when the State authorized the injection
of oilfield waste into protected aquifers used for drinking water or irrigating
crops. Two operators were issued cease-and-desist orders while 10 other oil
wells in Kern County stopped production. Source: http://www.nbcbayarea.com/news/california/California-Shuts-Down-Oil-Wells-to-Protect-Ground-Water-294933891.html
· A former
correctional officer was arrested and charged March 3 in connection to two
separate shooting incidents including one on the Maryland Intercounty
Connector, and a second incident where shots were fired near the NSA
headquarters in Fort Meade. – WRC 4 Washington, D.C.
13. March
4, WRC 4 Washington, D.C. – (Maryland; Washington, D.C.) Former
correctional officer charged in shootings at NSA, ICC. A former
correctional officer was arrested and charged March 3 in connection to two
separate shooting incidents, including one on the Maryland Intercounty
Connector near Interstate 95 where two individuals were struck by bullets, and
a second incident where shots were fired near the NSA headquarters in Fort
Meade where a building was damaged. Authorities are investigating if the
suspect is connected to a series of other shootings in the Washington, D.C. and
Baltimore areas beginning February 24 targeting individuals at shopping centers,
a Walmart, and an AMC Theater. Source: http://www.nbcwashington.com/news/local/Shots-Fired-Near-NSA-Headquarters-294909111.html
· A
vulnerability dubbed FREAK was found in the implementation of secure sockets
layer (SSL) and transport layer security (TLS) protocols on Apple and Android
devices that can be abused through man-in-the-middle (MitM). – Softpedia See item 20 below in the Information Technology Sector
· Four
suspects were charged March 3 in connection to more than 40 crash-and-grab
thefts netting over $2 million across Chicago and other areas of the Midwest
since 2014. – Chicago Sun-Times
24. March
3, Chicago Sun-Times – (Illinois) Crash-and-grab suspects nabbed
in $2 million spree. The Chicago Police Department announced charges March
3 against four suspects who are believed to be part of a theft ring that is
responsible for more than 40 crash-and-grab thefts across the city and other
areas of the Midwest since 2014. The suspects are accused of stealing more than
$2 million in merchandise and causing more than $500,000 in damage to
businesses. Source: http://chicago.suntimes.com/news-chicago/7/71/411528/crash-grab-suspects-nabbed-2-million-spree
Financial Services Sector
4. March
3, Softpedia – (International) Banking malware targets almost
1,500 financial institutions in 86 countries. Security researchers from
Symantec reported an analysis of 999 banking malware configurations that
targeted 1,467 financial institutions worldwide in 2014, most of which were in
the U.S. where consumers have been attacked with 95 percent of the trojans
analyzed. The analysis also revealed that 4.1 million users’ systems had been
compromised in 2014. Source: http://news.softpedia.com/news/Banking-Malware-Targets-Almost-1-500-Financial-Institutions-in-86-Countries-474782.shtml
5. March
3, Threatpost – (International) New POS malware uses mailslots to
avoid detection. Security researchers from Morphick discovered that the new
LogPOS point-of-sale (PoS) malware uses Microsoft Windows’ mailslots technology
to avoid detection. inject code, and act like a client while it relays stolen
payment card numbers to a command and control (C&C) server. Source: http://threatpost.com/new-pos-malware-uses-mailslots-to-avoid-detection/111391
For another story, see item 20 below
in the Information Technology Sector
Information Technology Sector
20. March 4,
Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak
crypto key in FREAK attack. A security researcher at INRIA and the
Microsoft Research Team identified a serious vulnerability in the
implementation of secure sockets layer (SSL) and transport layer security (TLS)
protocols on Apple and Android devices that can be abused through man-in-the-middle
(MitM) attacks that capitalize on abandoned policies to force the use of weak
RSA keys, potentially leaving a wide range of government and other Web sites
vulnerable. The researchers have dubbed the attack FREAK (Factoring RSA Export
Keys) and Akamai cloud platform announced that it patched the vulnerability.
Source: http://news.softpedia.com/news/Strong-SSL-TLS-Ciphers-Downgraded-to-Use-Weak-Crypto-Key-in-FREAK-Attack-474842.shtml
21. March 4,
Securityweek – (International) Google fixes 51 vulnerabilities with release
of Chrome 41. Google addressed 51 security issues and added new apps,
extension application program interfaces (APIs), and stability and performance
improvements in the release of Google Chrome version 41. The addressed vulnerabilities
include 13 high-severity and 6-medium-severity issues discovered by external
researchers. Source: http://www.securityweek.com/google-fixes-51-vulnerabilities-release-chrome-41
For additional stories, see
items 4 and 5 above in the Financial Services Sector
Communications Sector
22. March 2, KHQ 6 Spokane –
(Washington) Homeless man caught stealing $10,000 in radio equipment. Police
arrested a man March 2 for stealing radio equipment in Quincy from Cherry Creek
Radio’s KWWW 96.7 FM Wenatchee radio station worth $10,000 after station
personnel notified the utility company when their transmitter went offline.
Source: http://www.khq.com/story/28243325/homeless-man-caught-stealing-10000-in-radio-equipment