Saturday, January 21, 2017
I know that this is unusual but I feel necessary….the DHS has found it necessary to abandon security duties to the private and business sectors due to its obligations to the new president. I find this unacceptable. You likely assume that I follow other lists in performing my duties to my clients and that is correct. However, for more than six years I have not challenged the DHS report which I will do in the future.
I trust that you will not be concerned by my additional reports which will be clearly labeled.
Bob Johnston, CISSP
P.S. If you wish to write to me on this matter please reply to firstname.lastname@example.org
Complete DHS Report for January 18, 2017
• Enbridge Energy, Inc. officials reported January 14 that 15,330 gallons of crude oil leaked from a 22-inch pipeline near Everton, Missouri. – KYTV 3 Springfield
1. January 16, KYTV 3 Springfield – (Missouri) Oil spill worse than initially thought. Enbridge Energy, Inc. officials reported January 14 that 15,330 gallons of crude oil leaked from a 22-inch pipeline near Everton, Missouri, forcing officials to shut down Highway M in Lawrence County while crews from Enbridge and the State Department of Natural Resources worked to clean up the spill. Source: http://www.ky3.com/content/news/UPDATE--Oil-spill-worse-than-initially-thought-410874425.html
• Toyota Motor Corporation issued a recall January 13 for 543,000 of its model years 2006 – 2012 vehicles in select makes sold in the U.S. due to faulty Takata Corporation front passenger-side airbag inflators. – TheCarConnection.com
4. January 13, TheCarConnection.com – (International) Toyota adds 543,000 Lexus, Scion, Toyota vehicles to Takata recall roster. Toyota Motor Corporation issued a recall January 13 for 543,000 of its model years 2006 – 2012 Lexus, Scion, and Toyota vehicles in select makes sold in the U.S. to replace faulty Takata Corporation front passenger-side airbag inflators equipped with ammonium nitrate, which can become destabilized when exposed to moisture and high temperatures, causing the airbags to deploy with too much force. The faulty inflators have been linked to 16 deaths and
more than 100 injuries worldwide. Source: http://www.thecarconnection.com/news/1108340_toyota-adds-543000-lexus-scion-toyota-vehicles-to-takata-recall-roster
• Moody’s Investors Service Inc., Moody’s Analytics Inc., and their parent, Moody’s Corporation agreed January 13 to pay nearly $864 million after the firm allegedly deviated from its credit rating standards for Residential Mortgage-Backed Securities (RMBS) and Collateralized Debt Obligations (CDO). – U.S. Department of Justice See item 5 below in the Financial Services Sector
• About 300,000 Midco customers in South Dakota, North Dakota, and Minnesota were without Internet service for more than 8 hours January 13. – Forum of Fargo-Moorhead See item 23 below in the Communications Sector
Financial Services Sector
5. January 13, U.S. Department of Justice – (National) Justice Department and State partners secure nearly $864 million settlement with Moody’s arising from conduct in the lead up to the financial crisis. The U.S. Department of Justice, 21 States, and the District of Columbia reached a nearly $864 million settlement with Moody’s Investors Service Inc., Moody’s Analytics Inc., and their parent, Moody’s Corporation January 13 to resolve allegations that the firm deviated from its credit rating standards and methodologies for Residential Mortgage-Backed Securities (RMBS) and Collateralized Debt Obligations (CDO) and failed to disclose those changes to the public, causing people to make poor investment decisions. The Statement of Facts included in the settlement acknowledges that beginning in 2001, Moody’s RMBS group used an internal RMBS rating tool that did not calculate the loss given default or expected loss for RMBS below AAA and failed to integrate Moody’s own rating standards, among other violations. Source: https://www.justice.gov/opa/pr/justice-department-and-state-partners-secure-nearly-864-million-settlement-moody-s-arising
Information Technology Sector
19. January 16, SecurityWeek – (International) Flaws found in Carlo Gavazzi energy monitoring products. Carlo Gavazzi released firmware updates after a security researcher found that the company’s VMU-C product was plagued with a flaw that grants a malicious actor access to most of the application’s functions without authentication, as well as a cross-site request forgery (CSRF) issue that can be exploited to change configuration parameters. The researcher also found the product stores some sensitive information in clear text, and warned that the flaws can be remotely exploited if the device’s administrator interface is accessible from the Internet or local network.
20. January 15, SecurityWeek – (International) New RIG campaign distributes Cerber
ransomware. Researchers from Heimdal Security found that a recently spotted campaign is leveraging the Empire Pack version of the RIG exploit kit (EK) to exploit one of eight vulnerabilities plaguing outdated versions of Adobe Flash Player, Microsoft Internet Explorer, Microsoft Edge, and Microsoft Silverlight in order to compromise a victim’s device and download and install the Cerber ransomware. The researchers reported that users must keep their software updated at all times to ensure protection against such attacks. Source: http://www.securityweek.com/new-rig-campaign-distributes-cerber-ransomware
21. January 13, Washington Post – (International) Virginia college student pleads guilty to federal computer malware charges. A student at James Madison University in Virginia pleaded guilty January 13 to Federal charges after he developed malicious keylogger software and sold the malware to more than 3,000 users, who subsequently used the software to infect more than 16,000 computers. Source: https://www.washingtonpost.com/local/education/virginia-college-student-pleads-guilty-to-federal-computer-malware-charges/2017/01/13/993fb4d2-d9c4-11e6-9f9f-5cdb4b7f8dd7_story.html?utm_term=.279d0dae49a1
22. January 13, SecurityWeek – (International) Advantech WebAccess flaws allow access to sensitive data. Advantech released patches addressing several serious vulnerabilities in version 8.1 of its WebAccess software package after researchers from Tenable Network Security discovered that the product was impacted by a critical Structured Query Language (SQL) injection flaw and a critical authentication bypass issue, which could enable a remote attacker to access potentially sensitive information. Source: http://www.securityweek.com/advantech-webaccess-flaws-allow-access-sensitive-data
23. January 16, Forum of Fargo-Moorhead – (South Dakota; North Dakota; Minnesota) Midco not sure of root cause of Internet outage Friday. Midco officials are investigating the root cause of an Internet and email service outage January 13 that left about 300,000 Midco customers in South Dakota, North Dakota, and Minnesota without service for more than 8 hours. Source: http://www.inforum.com/news/4199843-midco-not-sure-root-cause-internet-outage-friday