Tuesday, July 14, 2015
Complete DHS Report for July 14, 2015
· Fiat Chrysler Automobiles issued a recall July 11 for 88,346 model year 2008 – 2010 Dodge Challenger vehicles due to ongoing issues with Takata Corporation air bag inflators which could cause air bags to prematurely inflate or explode. – Bloomberg
3. July 11, Bloomberg – (National) Chrysler recalls Dodge Challengers to fix flawed air bags. Fiat Chrysler Automobiles issued a recall July 11 for 88,346 model year 2008 – 2010 Dodge Challenger vehicles due to ongoing issues with air bag inflators manufactured by the Takata Corporation which could cause air bags to prematurely inflate or explode.
· A former professional football player and a business partner were indicted July 10 for their roles in an alleged Ponzi scheme in which they used their company, Capital Financial Partners LLC, to solicit $32 million from over 40 investors to fund high-interest loans. – Boston Globe See item 6 below in the Financial Services Sector
· All lanes of northbound 110 Freeway in Carson, California were shut down for several hours July 12 due to a 13-vehicle car accident that injured 12 people. – KABC 7 Los Angeles
7. July 12, KABC 7 Los Angeles – (California) Northbound 110 Freeway shut down after 13-car crash. All lanes of northbound 110 Freeway in Carson, California were shut down for several hours July 12 while officials investigated a 13-vehicle car accident that injured 12 people, including 2 in critical condition.
· Metro Detroit customers of WOW, an Internet, cable and phone service provider, experienced an Internet outage during the weekend of July 11 due to an attack on the Domain Name Server. – WXYZ 7 Detroit See item 23 below in the Communications Sector
Financial Services Sector
4. July 11, Bay News 9 St. Petersburg – (Florida) Police: men use backhoe to steal ATM at Winter Haven bank. Winter Haven, Florida police charged two Clewiston men with grand theft after the pair allegedly used a backhoe to steal an ATM machine from a CenterState Bank July 10. Source: http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2015/7/11/police_men_use_backh.html
5. July 10, Las Vegas Review-Journal – (Nevada) Grand jury indicts 11 for making credit cards at Las Vegas hotels. Las Vegas prosecutors reported July 10 that 11 suspects were indicted for a year-long credit card scheme operated out of casino hotels in which they allegedly used stolen information to manufacture thousands of credit cards that they would use for thousands of fraudulent transactions. Source: http://www.reviewjournal.com/news/las-vegas/grand-jury-indicts-11-making-credit-cards-las-vegas-hotels
6. July 10, Boston Globe – (National) Ex-Patriot indicted for alleged Ponzi scheme. A former professional football player and a business partner were indicted July 10 for their roles in an alleged Ponzi scheme in which they used their company, Capital Financial Partners LLC, to solicit $32 million from over 40 investors to fund high-interest, short-term loans to athletes, from which they would use new investors’ funds to pay off earlier ones while diverting a portion for their personal use. Source: https://www.bostonglobe.com/business/2015/07/10/former-patriot-will-allen-indicted-for-alleged-ponzi-scheme/JJd1keF75EdQDH1FaxwA1M/story.html
For another story, see item 28 below from the Commercial Facilities Sector
28. July 10, Associated Press – (National) Data breach at ‘sweetest place on earth’ may have compromised guests’ financial info. Hershey Entertainment & Resorts reported July 10 that its point-of-sale system (PoS) was compromised after a program was installed in its payment system that extracted payment card data from February 14 – June 2. The company is working to resolve the issue and is offering card monitoring to those affected.
Information Technology Sector
20. July 13, Securityweek – (International) APT group uses Seaduke trojan to steal data from high-value targets. Security researchers from Symantec released an analysis of the highly-configurable Seaduke trojan used by an advanced persistent threat (APT) group known for cyber-espionage attacks against high-value targets including government organizations. The report revealed that the trojan is installed onto select systems through the CozyDuke trojan, and that it shares similarities with other “Duke” malware.
21. July 13, Securityweek – (International) Java zero-day used in attacks on NATO member, U.S. defense organization. Security researchers at Trend Micro reported that the cyber-espionage group with monikers including Pawn Storm and APT28 was using a Java Oracle SE zero-day remote code execution vulnerability in attacks directed against the armed forces of a NATO member country as well as a U.S. defense organization by sending out emails containing links to malicious domains containing the exploit and a trojan dropper. Source: http://www.securityweek.com/java-zero-day-used-attacks-nato-member-us-defense-organization
22. July 13, Securityweek – (International) Two new Flash Player zero-day bugs found in Hacking Team leak. Security researchers discovered exploits for two additional Adobe Flash Player zero-day vulnerabilities in the recent Hacking Team data leak, including a flaw in the DisplayObject class in ActionScript 3, and a use-after-free (UAF) vulnerability in the ActionScript3 BitmapData object. Both vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. Source: http://www.securityweek.com/two-new-flash-player-zero-day-bugs-found-hacking-team-leak
For additional stories, see item 16 below from the Government Facilities Sector and 23 below in the Communications Sector
16. July 10, Nextgov – (National) Not just OPM – agency cybersecurity incidents on the rise. A report released by the Government Accountability Office July 8 showed both cyber and non-cyber security breaches affecting Federal systems have steadily increased from 6,000 in 2006 to 67,000 in 2014. The report advocated risk-based cybersecurity programs and improved responses to security incidents.
23. July 13, WXYZ 7 Detroit – (Michigan) Cable provider WOW says weekend attach on servers left Michigan customers without internet service. Metro Detroit customers of WOW, an Internet, cable and phone service provider, experienced an Internet outage during the weekend of July 11 due to an attack on the Domain Name Server. Crews repaired the issue July 13 and most customers have internet service. Source: http://www.wxyz.com/news/cable-provider-wow-says-attack-has-left-michigan-customers-without-internet-service
24. July 11, WSIL 3 Harrisburg – (Illinois) Major Frontier Internet outage affects thousands. A Frontier Communications spokesperson reported July 10 that tens of thousands of customers in Southern Illinois experienced an Internet outage after railroad workers cut one of the company’s cables in Du Quoin. The cable has now been repaired and service was restored. Source: http://www.wsiltv.com/home/top-story/Major-Frontier-Internet-Outage-Affects-Thousands-313868071.html