• An April 16 explosion at MagnaGas in
Tarpon Springs, Florida, killed one worker, left several others injured, forced
an evacuation of the building, and prompted the shut off of the facility’s
propane machine. – WTVT 13 Tampa
2. April 16, WTVT 13 Tampa – (Florida) One killed, multiple
injuries in Tarpon Springs explosion. An April 16 explosion at MagnaGas in
Tarpon Springs, Florida, killed one worker, left several other employees
injured, forced an evacuation of the building, and prompted the shut off of the
propane machine. Authorities are investigating the cause of the explosion.
Source: http://www.myfoxtampabay.com/story/28822568/crews-on-scene-of-tarpon-springs-explosion
• The Wyoming Highway Patrol closed a
150-mile section of Interstate 80 between Cheyenne and Rawlins April 16 due to
3 separate pileups involving over 60 vehicles caused by recent heavy snows. – Associated
Press; KIFI 8 Idaho Falls
12. April 16,
Associated Press; KIFI 8 Idaho Falls – (Wyoming) Heavy snow, numerous
accidents close I-80 in SE Wyoming. The Wyoming Highway Patrol closed a
150-mile section of Interstate 80 between Cheyenne and Rawlins April 16 due to
3 separate pileups involving over 60 vehicles caused by recent heavy snows.
Officials were unsure when the interstate will open again. Source: http://www.localnews8.com/news/heavy-snow-numerous-accidents-close-i80-in-se-wyoming/32407872
• Northbound Interstate 5 near the
Interstate 405 exit in Washington was closed for several hours April 7 while
crews worked to clear debris and recover bees that were released when a
semi-truck carrying 485 beehives overturned. – MyNorthwest.com
13. April 17, MyNorthwest.com – (Washington) Semi-truck carrying
bees tips on I-5 near Lynnwood. Northbound Interstate 5 near the Interstate
405 exit in Lynnwood was closed for several hours April 17 while beekeepers and
crews worked to clear debris and control swarming bees that were released when
a semi-truck carrying 485 beehives overturned and spilled its load. The driver
was not hurt but most of the 14 million bees were killed in the crash. Source: http://mynorthwest.com/11/2748952/Semitruck-carrying-bees-tips-on-I5-near-Lynnwood
• Security researchers at Trend Micro
reported that cybercriminals are concentrating attacks on U.S. personnel from
the North Atlantic Treaty Organization (NATO) and the White House as part of
the ongoing Pawn Storm cyber-espionage operation. – Help Net Security
24. April 17, Help Net Security – (International) Pawn
Storm cyberspies still at work, target NATO and the White House. Security
researchers at Trend Micro reported that cybercriminals are concentrating
attacks in the Pawn Storm cyber-espionage operation on the North Atlantic
Treaty Organization (NATO) and White House personnel in the U.S., in addition
to government and military officials and media companies. The attacks seek to
compromise targets’ computers and Microsoft Outlook accounts via spear-phishing
emails and compromised Web sites that deliver the SEDNIT/Sofacy trojan malware.
Source: http://www.net-security.org/secworld.php?id=18233
Financial Services Sector
8. April 16,
USA Today – (National) Ex-JPMorgan adviser charged in $20M fraud. A
former JPMorgan Chase investment adviser was arrested and charged April 16 for
allegedly stealing $20 million from at least 7 customers between 2011-2015 by withdrawing
funds from client accounts and convincing others to invest large sums in supposed
low-risk municipal bonds in a JPMorgan account, which he instead used to obtain
cashier’s checks that he deposited in brokerage accounts that he and his wife
held and used for personal expenses. The adviser allegedly gave clients
fraudulent account statements and shifted funds between accounts to avoid
discovery. Source: http://www.usatoday.com/story/money/business/2015/04/16/jpmorgan-investment-adviser-fraud/25891775/
9. April 16,
U.S. Securities and Exchange Commission – (National) SEC charges 10 individuals
in scheme to sell stock in blank check companies secretly bound for reverse
mergers. The U.S. Securities and Exchange Commission charged 10 individuals
April 16 for their roles in a scheme in which they allegedly collected about $6
million through penny stocks offered via undisclosed “blank” check companies
bound for reverse mergers which they misrepresented to the public as startups
with false business plans. Source: http://www.sec.gov/news/pressrelease/2015-69.html
For additional stories, see
items 22 and 30 below in the Information Technology Sector
Information Technology Sector
24. April 17,
Help Net Security – (International) Pawn Storm cyberspies still at work, target
NATO and the White House. Security researchers at Trend Micro reported that
cybercriminals are concentrating attacks in the Pawn Storm cyber-espionage
operation on the North Atlantic Treaty Organization (NATO) and White House
personnel in the U.S., in addition to government and military officials and
media companies. The attacks seek to compromise targets’ computers and
Microsoft Outlook accounts via spear-phishing emails and compromised Web sites
that deliver the SEDNIT/Sofacy trojan malware. Source: http://www.net-security.org/secworld.php?id=18233
25. April 17,
Softpedia – (International) Flash Player bug allows video, audio
recording without user consent. A security researcher from Klikki Oy
discovered a vulnerability in versions of Adobe Flash Player prior to
17.0.0.169 in which an information disclosure could be leveraged to deliver
audio and/or video streams captured on victims’ devices to remote locations
controlled by attackers. The flaw is connected to another double-free
vulnerability that could allow an attacker to execute arbitrary code on the
affected system. Source: http://news.softpedia.com/news/Flash-Player-Bug-Allows-Video-Audio-Recording-Without-User-Consent-478664.shtml
26. April 17,
Help Net Security – (International) 1 in 4 employees enable cloud attacks. CloudLock
released research from a study of over 750 million files, 77,500 apps, and 6
million users in the cloud that concludes nearly 1 in 4 employees violate
corporate data security policy in public cloud applications, culminating in an
average of 4,000 instances of exposed credentials in each organization, among
other findings. Source: http://www.net-security.org/secworld.php?id=18232
27. April 16,
Securityweek – (International) Users warned of serious flaw in deprecated
Cisco Secure Desktop feature. Cisco released a security advisory warning of
a high severity command execution vulnerability affecting Cisco-signed Java
Archive (JAR) executables in Cache Cleaner for Cisco Secure Desktop that could
allow an unauthenticated attacker to run arbitrary commands on affected
systems. The company deprecated the Cache Cleaner product over 2 years ago and
advised users to transition to the Cisco Host Scan standalone package. Source: http://www.securityweek.com/users-warned-serious-flaw-deprecated-cisco-secure-desktop-feature
28. April 16,
Securityweek – (International) D-Link failed to patch HNAP flaws in routers:
Researcher. D-Link published security advisories for multiple router models
that identify vulnerabilities related to the Home Network Administration
Protocol (HNAP) that could allow unauthenticated attackers to inject commands
through HNAP requests, leverage flaws to gain access to information on hosts
connected to the network, change system settings, and reset the devices to
factory settings. D-Link is working on fixing the flaws through additional
firmware updates. Source: http://www.securityweek.com/d-link-failed-patch-hnap-flaws-routers-researcher
29. April 16,
SC Magazine – (International) PCI SSC releases version 3.1, eschews SSL,
early TLS. The Payment Card Industry Security Standards Council (PCI SSC)
announced in its release of PCI Data Security Standard (PCI DSS) Version 3.1
that secure-sockets layer (SSL) support would be discontinued in favor of
current transport layer security (TLS) encryption, due to weaknesses that were
identified in SSL by the National Institute of Standards and Technology that
could put payment data at risk. The change also occurred as a result of
previous Web browser attacks that took advantage of SSL vulnerabilities such as
POODLE and BEAST. Source: http://www.scmagazine.com/orgs-have-14-months-to-move-to-pci-ssc-version-31/article/409549/
30. April 16,
SC Magazine – (International) POS threat ‘Punkey’ allows additional malware
download for greater access. An investigation by the U.S. Secret Service and
Trustwave researchers discovered a new point-of-sale (POS) malware threat
resembling NewPosThings that utilizes advanced encryption standard (AES)
encryption with an embedded key, and has the capability to download additional
malware on affected systems. Authorities revealed that up to 75 unique POS
terminals may be infected with the malware. Source: http://www.scmagazine.com/investigation-uncovers-new-pos-malware-punkey/article/409559/
31. April 16,
ZDNet – (International) IBM’s X-Force Exchange to make decades worth
of cyber-threat data public. IBM announced that that it will release a raw
cyber-threat database of over 700 terabytes to cyber-threat data and
intelligence companies, as well as malware threat data from 270 million
computers and devices, 25 billion Web pages and images, and spam and phishing
attack emails in an initiative called X-Force Exchange, which seeks to help
companies mobilize against ongoing threats. Source: http://www.zdnet.com/article/ibm-opens-up-decades-worth-of-threat-data-to-combat-cybercrime/
Communications Sector
See item 24 above in the Information Technology
Sector
