Complete DHS Report for
May 26, 2015
Daily Report
Top Stories
· Officials ordered Amtrak May 21 to identify within 5 days,
all curves that drop more than 20 mph in speed limit when approaching and to
install an automatic control system that slows trains or come up with an
acceptable alternative. – Philly.com
4. May 22, Philly.com – (National) Feds order
Amtrak to improve safety on dangerous curves. The U.S. Federal Railroad
Association ordered Amtrak May 21 to identify within 5 days, all curves that
drop more than 20 mph in speed limit when approaching and to install an
automatic control system that slows trains at the identified curves or come up
with an acceptable alternative. Amtrak must submit a plan within 20 days. Source:
http://www.philly.com/philly/business/20150522_Feds_order_Amtrak_to_improve_safety_on_dangerous_curves.html
· New York’s Westchester County will pay roughly $22 million
to settle a Federal government lawsuit that accused Westchester of having
failed to comply the U.S. Environmental Protection Agency rule requiring public
water systems to treat unfiltered surface water for cryptosporidium. – Reuters
9. May 21, Reuters – (New York) New York’s
Westchester County settles U.S. water safety lawsuit, pays record fine. New
York’s Westchester County will pay roughly $22 million to settle a 2013 Federal
government lawsuit that accused Westchester of having failed to comply the U.S.
Environmental Protection Agency rule requiring public water systems to treat
unfiltered surface water for cryptosporidium exposing thousands of residents to
greater risk of severe gastrointestinal illness since April 2012. Source: http://www.reuters.com/article/2015/05/21/us-newyork-westchester-water-decree-idUSKBN0O62KH20150521
· A May 21 fire at the Louisiana State Police data center in
Baton Rouge, Louisiana, shut down all automated systems at the Louisiana
Department of Public Safety, including all motor vehicle offices in the State.
– Associated Press
19. May 22, Associated Press – (Louisiana) Louisiana
motor vehicle offices can’t process transactions after fire at data center. A
May 21 fire at the Louisiana State Police data center in Baton Rouge shut down
all automated systems at the Louisiana Department of Public Safety, including
all motor vehicle offices in the State. Authorities worked to restore the
system by May 22 and reported that the fire was caused due to an electrical
malfunction, disrupted administrative processes, and shut down department-wide
email and Internet systems. Source: http://www.nola.com/traffic/index.ssf/2015/05/fire_louisiana_dmv_baton_rouge.html
· Officials adopted rules May 21 that ensure individuals who
are blind or visually impaired can quickly access critical information shown on
television in the event of an emergency. – U.S. Federal Communications
Commission
See
item 24 below in the Communications Sector
Financial Services Sector
3. May 22,
South Florida Sun-Sentinel – (International) South Florida men
targeted seniors around the world in $28M sweepstakes fraud, feds say. Authorities
arrested 4 individuals in connection to a sweepstakes fraud ring that allegedly
bilked about $28 million from hundreds of thousands of victims internationally
by targeting senior citizens with false notifications of sweepstake winnings
that were guaranteed in exchange for small payments from the winners. Source: http://www.sun-sentinel.com/news/fl-sweepstakes-fraud-20150521-story.html
Information Technology Sector
21. May 22, Softpedia – (International) Apache
Hive infrastructures vulnerable to authentication flaw in HiveServer2. Apache
reported that a vulnerability in all versions of its HiveServer2 interface for
Apache Hive enterprise data warehouse infrastructure in which users without
proper credentials could gain access by exploiting a flaw in the Lightweight
Directory Access Protocol (LDAP) authentication mode. The company recommended
that users update to the newest version or disable unauthenticated binds in the
LDAP service. Source: http://news.softpedia.com/news/Apache-Hive-Infrastructures-Vulnerable-to-Authentication-Flaw-in-HiveServer2-482001.shtml
22. May 22, Securityweek – (International) Flawed
Android factory reset allows recovery of sensitive data: researchers. Security
researchers at the University of Cambridge discovered that up to 500 million
Android devices may not properly sanitize data partitions containing
credentials and other personal data when users utilize the “factory reset”
feature. Source: http://www.securityweek.com/flawed-android-factory-reset-allows-recovery-sensitive-data-researchers
23. May 22, Help Net Security – (International) mSpy
finally admits they’ve been hacked. Officials from mSpy announced that
their servers had been breached, and that data from 80,000 customers could have
been stolen and leaked on the Dark Web. The software is intended for legal
monitoring of individuals’ online and phone activity. Source: http://www.net-security.org/secworld.php?id=18420
Communications Sector
24. May 21, U.S. Federal
Communications Commission – (National) FCC takes additional steps
to make emergency information in TV programming accessible to individuals who
are blind or visually impaired. The U.S. Federal Communications Commission
adopted rules May 21 that ensure individuals who are blind or visually impaired
can quickly access critical information shown on television in the event of an
emergency by requiring that emergency information may be made accessible on
secondary audio stream on tablets, smartphones, laptops, and similar devices
when subscription television providers, such as cable and satellite operators,
permit consumers to access programing over their networks using an app on these
devices. These additional steps implement provisions of the Twenty-First
Century Communications and Video Accessibility Act of 2010. Source: https://www.fcc.gov/document/fcc-adopts-cvaa-related-emergency-information-rules
25. May 21, Threatpost –
(National) Charter communications fixes website data leak vulnerability. Charter
Communications recently fixed a vulnerability that with its Web site that was
inadvertently leaking information of tens of thousands of customers including
payment details, modem serial numbers, device names, account numbers, home
addresses. The vulnerability was found by researchers at Cinder and Blake
Welsh. Source: https://threatpost.com/charter-communications-fixes-website-data-leak-vulnerability/112962
No comments:
Post a Comment