Complete DHS Report for March 30, 2016
Daily Report
Top Stories
• The U.S. Coast Guard worked March 29 to clean approximately
11,500 gallons of crude oil that spilled and reached the Bayou Teche while a
tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. – WAFB
9 Baton Rouge; Associated Press
1. March 29,
WAFB 9 Baton Rouge; Associated Press – (Louisiana) Contractor
reportedly cleaning more than 11,000 gallons of oil due to spill near
Charenton. The U.S. Coast Guard was working to clean March 29 approximately
11,500 gallons of crude oil that spilled and reached the Bayou Teche while a
tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. The
spill prompted a shelter in place advisory for nearby residents, the closure of
LA 98, and the closure of the Bayou Teche to all commercial boat traffic
between Jeanerette and Charenton for several hours. Source: http://www.ksla.com/story/31584484/charenton-sorrel-area-residents-under-shelter-in-place-advisory-due-to-chemical-spill
• A dust storm that passed through San Bernardino County March 28
led to a 15-car pileup near California 18 and Rabbit Springs Road that left 28
people injured. – Los Angeles Times
12. March 28,
Los Angeles Times – (California) Dust storm triggers 15-vehicle pile-up in
Lucerne Valley; 28 people injured. A dust storm that passed through San
Bernardino County March 28 led to a 15-car pileup near California 18 and Rabbit
Springs Road that left 28 people injured.
Source: http://www.latimes.com/local/lanow/la-me-ln-dust-collision-lucerne-valley-20160328-story.html
• Rainfall and melting snow led to the discharge of more than 49
million gallons of treated wastewater after 3 of Saginaw’s retention treatment
basins overflowed March 24 – March 27. – Saginaw News
15. March 28,
Saginaw News – (Michigan) 49 million gallons of treated sewage discharged
into Saginaw River. Rainfall and melting snow led to the discharge of more
than 49 million gallons of treated wastewater into the Saginaw River after 3 of
Saginaw’s retention treatment basins overflowed beginning March 24 through
March 27. Source: http://www.mlive.com/news/saginaw/index.ssf/2016/03/49_million_gallons_of_treated.html
• MedStar Health Inc.,
reported March 28 that a computer virus forced its records systems offline in
Washington, D.C and Maryland, leaving patients unable to book appointments and
locking staff out of email access. – Associated Press (See item 16)
16. March 29,
Associated Press – (Maryland; Washington, D.C.) FBI probing virus behind outage
at MedStar Health facilities. MedStar Health Inc., reported March 28 that a
computer virus forced its records systems offline for thousands of patients and
doctors in Washington, D.C and Maryland, leaving patients unable to book
appointments and kept staff locked out of email accounts. The FBI is assisting
in the investigation. Source:
http://www.newscenter1.tv/story/31582141/fbi-probing-virus-behind-outage-at-medstar-health-facilities
Financial Services Sector
7. March 29,
Softpedia – (National) TreasureHunt PoS malware linked to illegal credit
card sharing forum. Researchers from FireEye reported that a new strain of
point of sale (PoS) malware, dubbed TreasureHunt was being used by BearsInc, a cyber-crime
group, to power its malicious campaign targeting small businesses and banks in
the U.S. that have not yet transitioned to the new Europay, MasterCard, and
Visa (EMV) chip and Personal Identification Number (PIN) card system. The new
strain adds a registry key for boot persistence to a device, scans the device’s
memory for credit card information, and encodes and sends the data to a command
and control (C&C) server.
8. March 29,
McDonough Henry Herald – (Georgia) Miami men arrested for
possessing over 100 fraudulent bank cards. Two Florida men were arrested in
Henry County, Georgia, March 22 after authorities found 187 fraudulent bank
cards and 2 electronic card skimming devices in the pair’s vehicle after a
Police Department K-9 unit detected the illicit materials during a traffic
stop, prompting a search of the vehicle. Source: http://www.henryherald.com/news/miami-men-arrested-for-possessing-over-fraudulent-bank-cards/article_b7a3c22e-dfb4-5589-a9b7-22762fd24a66.html
9. March 28,
U.S. Securities and Exchange Commission – (New York) Securities professional
charged with defrauding institutional investors. The U.S. Securities and
Exchange Commission charged a New York-based securities professional March 28
after he allegedly solicited approximately $95 million from 2 institutional
investors by offering promissory notes issued by Irving Place III SPV LLC, a
shell entity with no legitimate business operations, obtained a $25 million
investment in November 2015 and used the funds for personal use, and attempted
to solicit an additional $70 million from 2 investors using false and
misleading statements. The U.S. Attorney’s Office for the Southern District of
New York announced March 28 parallel criminal charges against the securities
officer. Source: https://www.sec.gov/news/pressrelease/2016-58.html
10. March 28,
KHON 2 Honolulu – (International) Honolulu man arrested in credit card scheme
involving cyber black market. FBI officials arrested a man from Hawaii
March 28 after he allegedly purchased information on the cyber black market to
obtain credit cards from Russia, China, and Vietnam as part of an elaborate
scheme that used online credit card applications, temporary mail forwarding
requests, burner phones, and shopping sprees to steal the identities of over 40
people, open 80 bank accounts with the stolen information, and accumulate over
$100,000 in fraudulent credit card activity. Source: http://khon2.com/2016/03/28/fbi-arrests-honolulu-man-for-credit-card-fraud/
Information Technology Sector
21. March 28,
Softpedia – (International) Flaw in Truecaller Android app leaves data of
millions of users exposed. Security researchers from Cheetah Mobile Security
Research Lab discovered a remotely exploitable flaw in the Truecaller app that
exposed the personal information of millions of users and could allow attackers
to modify users’ account settings through the application’s international
mobile equipment identity (IMEI) code. Attackers could write scripts through
query random IMEI codes to collect a user’s data and subsequently, use the
collected data in spam or phishing campaigns.
22. March 28,
SecurityWeek – (International) Zen Cart patches multiple XSS
vulnerabilities. Zen Cart released an updated version to its online open
source shopping cart application, Zen Cart 1.5.4 that patched several
cross-site scripting (XSS) vulnerabilities after researchers from Trustwave
found the flaws in the administrative section of Zen Cart that could result in
access to cookies, sensitive information, or site defacement. Researchers
advised users to upgrade their software to the latest version to avoid the
flaws. Source: http://www.securityweek.com/zen-cart-patches-multiple-xss-vulnerabilities
23. March 28,
Softpedia – (International) Facebook fixes Instagram issue that allowed
account takeover. A Belgian security researcher discovered critical flaws
in Instagram that could have allowed an attacker to reset emails attached to an
account and reset the account’s password after Facebook was discovered printing
sensitive Instagram user information on the Web page. In addition, an Insecure
Direct Object Reference vulnerability allowed unauthenticated users to access
other users’ information and could potentially allow an attacker to do the same.
Source: http://news.softpedia.com/news/facebook-fixes-instagram-issue-that-allowed-account-takeover-502277.shtml
For another story, see item 7 above in the Information Technology Sector
Communications Sector
24. March 28,
CNBC – (National) Sprint struck with multistate network problems. Sprint
Corporation announced March 28 that network issues prompted a loss of service
for customers across several States. All services were restored after crews
spent several hours resolving the issue.