Complete DHS Report for December 5, 2014
Daily Report
Top Stories
· Honda
announced December 3 that it will expand its recall of vehicles equipped with
airbags manufactured by Takata to include all 50 States due to the potential
for the airbag inflators to shatter and send shrapnel into vehicles’ cabins. – Washington
Post
4. December
3, Washington Post – (National) Honda expands Takata air bag recall to all 50
states. Honda announced December 3 that it will expand its recall of
vehicles equipped with airbags manufactured by Takata to include all 50 States
due to the potential for the airbag inflators to shatter and send shrapnel into
vehicles’ cabins. The announcement could result in the recall of several
million vehicles. Source: http://www.washingtonpost.com/local/trafficandcommuting/honda-expands-takata-air-bag-recall-to-all-50-states/2014/12/03/e2c9e3f4-7b14-11e4-b821-503cc7efed9e_story.html
· A fire
at the American Appliance Factory in Newport, Tennessee, December 3 caused
around $1 million in damage and stopped work at the facility. – WVLT 8
Knoxville
5. December
3, WVLT 8 Knoxville – (Tennessee) Fire shuts down work at Newport
factory. A fire at the American Appliance Factory in Newport, Tennessee,
December 3 caused around $1 million in damage and stopped work at the facility.
The fire was believed to have started in a paint room at the factory. Source: http://www.local8now.com/home/headlines/Fire-shuts-down-work-at-Newport-factory-284662001.html
· A U.S.
Department of Justice’s Office of the Inspector General report found that a
former-operator of the FEBG Bond Fund operated the fund as a Ponzi scheme that
defrauded around 130 individuals of over $30 million. –Tribune News Service See item 7 below in the Financial Services Sector
· Eight
workers at a U.S. Postal Service processing center in Bethpage, New York, were
charged December 3 for allegedly stealing illegal shipments of marijuana and
conspiring to deal the drugs which held an estimated street value of up to
$930,000. – New York Daily News
12. December
3, New York Daily News – (New York) Postal workers on Long Island
busted for stealing pot packages. Eight workers at a U.S. Postal Service
processing center in Bethpage were charged December 3 on federal charges for
allegedly stealing illegal shipments of marijuana and conspiring to deal the
drugs. Federal agents seized 129 pounds of marijuana with an estimated street
value of up to $930,000. Source: http://www.nydailynews.com/new-york/postal-workers-busted-stealing-pot-packages-article-1.2032179
Financial Services Sector
6. December
4, Softpedia – (International) Critical PayPal bug left all accounts
vulnerable to hijacking. A security researcher identified and reported a
cross-site request forgery (CSRF) vulnerability that could have been used with
other flaws to allow an attacker to link their email address to a victim’s
account by capturing a reusable authentication token that was valid for all
PayPal accounts. The vulnerability was fixed by PayPal before the researcher
publicly disclosed his findings, and the researcher was awarded $10,000 from
PayPal’s Bug Bounty program. Source: http://news.softpedia.com/news/Critical-PayPal-Bug-Left-All-Accounts-Vulnerable-to-Hijacking-466500.shtml
7. December
3, Tribune News Service – (Florida) Investigation reveals how
Florida man ripped off DEA. A report from the U.S. Department of Justice’s
Office of the Inspector General found that a now-deceased Jacksonville man who
ran the FEBG Bond Fund operated the fund as a Ponzi scheme that defrauded
around 130 individuals of over $30 million, more than half of whom were current
or former Drug Enforcement Agency (DEA) employees or connected to DEA
employees. The report found that some DEA personnel exercised poor judgment in
giving the man access to DEA personnel and facilities and receiving gifts from
the man. Source: http://www.msn.com/en-us/news/other/investigation-reveals-how-florida-man-ripped-off-dea-agents/ar-BBgigCn
8. December
3, Charlotte Observer – (North Carolina; South Carolina) Charlotte
man pleads guilty to role in Wax House scheme. A Charlotte, North Carolina
man pleaded guilty December 3 for his role in the $75 million Operation Wax
House mortgage and investment fraud scheme in North Carolina and South
Carolina. The man was charged with laundering over $200,000 in loan proceeds
through his Perry Masonry Construction company and for working as a promoter to
recruit straw buyers. Source: http://www.charlotteobserver.com/2014/12/03/5359034/charlotte-man-pleads-guilty-to.html
Information Technology Sector
27. December
4, The Register – (International) Big Blue patches big blooper in Endpoint
Manager for mobes. IBM released a patch for its Endpoint Manager for Mobile
Devices product that allowed attackers to gain remote access and compromise
mobile devices connected to the network. Source: http://www.theregister.co.uk/2014/12/04/ibm_endpoint_manager_patch/
28. December
3, Softpedia – (International) Asprox operators have started recruiting for
a larger botnet. Researchers with Malcovery found that the operators of the
Asprox botnet began a campaign using spam emails purporting to be order
confirmation from major retailers such as HomeDepot, WalMart, CostCo, and
Target in order to infect more users and expand the Asprox botnet. Source: http://news.softpedia.com/news/Asprox-Operators-Have-Started-Recruiting-For-a-Larger-Botnet-466482.shtml
29. December
3, Softpedia – (International) Vulnerability in WhatsApp leads to losing
conversations. Two security researchers reported and released a
proof-of-concept (PoC) for a flaw in WhatsApp where an attacker could send a
2KB text containing special characters that would cause the app to crash unless
the conversation thread is deleted. The researchers stated that the app affects
WhatsApp versions 2.11.431 and 2.11.432 on Android devices. Source: http://news.softpedia.com/news/Vulnerability-in-WhatsApp-Leads-to-Losing-Contacts-and-Conversations-466481.shtml
30. December
3, Securityweek – (International) DNSimple suffers downtime due to 25 Gbps DDoS
attack. Florida-based DNS provider DNSimple reported that it experienced a
distributed denial of service (DDoS) attack December 1 that peaked at 25 Gbps
and lasted around 12 hours, causing outages for the company and its customers.
The company stated that DNSimple was not targeted but was affected by the DDoS
attack after domains already under attack were delegated to the company.
Source: http://www.securityweek.com/dnsimple-suffers-downtime-due-25-gbps-ddos-attack
31. December
3, Softpedia – (International) LastPass master password can be decrypted. Researchers
presenting at the DefCamp 2014 conference during the November 29-30 weekend
demonstrated how an attacker could use a man-in-the-middle (MitM) attack to
trick users into running a malicious payload that could expose LastPass
password manager passwords under certain conditions. Source: http://news.softpedia.com/news/Saving-LastPass-Master-Password-Locally-Is-A-Bad-Idea-466472.shtml
Communications Sector
32. December 3,
Charlottesville Daily Progress – (Virginia) Crash disrupts
CenturyLink service along U.S. 29 in southern Albemarle. Cellphone and
landline services for CenturyLink customers in southern Albemarle County were
disrupted for around 8 hours December 3 when a vehicle crashed on U.S. Route 29
South and struck a box containing CenturyLink fiber optics. Source: http://www.dailyprogress.com/news/local/crash-disrupts-centurylink-service-along-u-s-in-southern-albemarle/article_92cf08ce-7b38-11e4-8b10-17928eaf2149.html
33. December 3, WSBT 22 South
Bend – (Indiana) Over 18,000 Frontier customers reportedly lose
phone service. Frontier Communications crews worked to restore phone
service in the LaPorte, South Bend, and Valparaiso areas after equipment at
their main office failed December 3 affecting over 18,000 customers. Source: http://www.wsbt.com/news/local/Over-18-000-Frontier-customers-reportedly-lose-phone-service/30034428