Complete DHS Report for
August 3, 2015
Daily Report
Top Stories
· The General Motors Company confirmed
July 30 that OnStar-equipped vehicles are vulnerable to a flaw that could allow
an attacker to remotely locate the vehicle and issue commands through OnStar’s
RemoteLink app. – CNET
3. July 30,
CNET – (National) GM quickly issues fix for OnStar hack, but service
still vulnerable. The General Motors Company confirmed July 30 that
OnStar-equipped vehicles are vulnerable to a flaw that could allow an attacker
to remotely locate the vehicle and issue commands through OnStar’s RemoteLink
app, such as locking doors or starting the engine. A hacker demonstrated the
vulnerability using a device called “OwnStar,” which he claimed allowed him to
intercept communications between the app and the vehicle. Source: http://www.cnet.com/news/ownstar-onstar-hack/
· Matson Navigation Company agreed to
reimburse the State of Hawaii more than $15 million in cleanup costs and
restoration fees following a 2013 incident in which a faulty loading pipeline
leaked 1,400 tons of molasses into the Honolulu Harbor. – Reuters
5. July 30,
Reuters – (International) Shipping company Matson to pay Hawaii $15
million over molasses spill. The Matson Navigation Company agreed to pay
the State of Hawaii more than $15 million in cleanup costs and restoration fees
July 30 following a 2013 incident in which a faulty loading pipeline leaked
1,400 tons of molasses into the Honolulu Harbor, damaging the ecosystem and
closing parts of the harbor for days. Source: http://www.reuters.com/article/2015/07/30/usa-molasses-hawaii-idUSL1N10A10920150730
· The July 29 Rocky fire in Lake County,
California reached 15,000 acres by July 30, burning parts of the Cache Creek
Wilderness Area and the Snow Mountain National Monument Area, and forcing the
evacuation of 650 people. – Sacramento Bee
9. July 30,
Sacramento Bee – (California) Rocky fire grows to 15,000 acres burned, 5
percent contained. The July 29 Rocky fire in Lake County, California
reached 15,000 acres by July 30, burning parts of the Cache Creek Wilderness
Area and the federal Snow Mountain National Monument Area and forcing the
evacuation of 650 people. About 1,000 first responders, 150 fire engines, 8
airplanes, and 8 helicopters are schedule to arrive onsite July 31.
· Two California residents were indicted
July 30 on charges alleging they were conspirators to a 2011 cyberattack in
which 94,000 credit and debit card numbers were stolen from Michaels Stores
Inc., customers. – Reuters
16. July 31,
Reuters – (California) Two charged in 2011 cyber breach at Michaels
retailer. Two California residents were indicted July 30 on charges
alleging that they were conspirators to a 2011 cyberattack in which 94,000
credit and debit card numbers were stolen from Michaels Stores Inc., customers.
Source: http://www.businessinsurance.com/article/20150731/NEWS06/150739970/two-charged-in-2011-cyber-breach-at-michaels-retailer?tags=
Financial Services Sector
4. July 31,
MarketWatch – (National) How vulnerable are the U.S. stock markets to
hackers? An analysis of information security and cyber risk trends in the
financial sector cited findings from a 2015 U.S. Securities and Exchange
Commission Risk Alert revealing that about 88 percent of brokerages and 74
percent of financial advisers in the U.S. have suffered cyber-attacks, and that
according to Congressional testimony, a major U.S. bank is attacked every 34
seconds, among other disclosures. Source: http://www.marketwatch.com/story/how-vulnerable-are-the-us-stock-markets-to-hackers-2015-07-31
For another story, see item 16 above in Top Stories
Information Technology Sector
13. July 31,
Help Net Security – (International) Cybercriminals are preying on existing
vulnerabilities to plan future attacks. An analysis of cyber threats by
Solutionary identified several campaigns consisting of over 600,000 events
worldwide that targeted the bash vulnerability in the second quarter of 2015,
and found that the U.S. was a leading source of command and control traffic and
malware threats, among other findings. Source: http://www.net-security.org/secworld.php?id=18691
14. July 30,
Securityweek – (International) Stack ranking the SSL vulnerabilities for the
enterprise. Security researchers discovered an OpenSSL vulnerability dubbed
“OprahSSL” in which an attacker with a legitimate end-leaf certificate could
circumvent OpenSSL code validating the certificate’s purpose, and sign other
certificates in order to perpetrate man-in-the-middle (MitM) attacks on Secure
Sockets Layer (SSL) sessions, and ranked the severity of the flaw in relation
to other SSL vulnerabilities, including Heatbleed, Early CCS, and LOGJAM. Source:
http://www.securityweek.com/stack-ranking-ssl-vulnerabilities-enterprise
15. July 30,
Softpedia – (International) Google fixes Chrome issue that leaked the
user’s real IP from behind a VPN. Google released a Chrome Web browser
extension called “WebRTC Network Limiter” to address an issue with the WebRTC
protocol in which certain circumstances could reveal the real public and local
Internet Protocol (IP) address of a user connected via a virtual private
network (VPN). Source: http://news.softpedia.com/news/google-fixes-chrome-issue-that-leaked-the-user-s-real-ip-from-behind-a-vpn-488143.shtml
For additional stories, see
item 3 above in Top Stories
and item 4 above in the Financial Services Sector
Communications Sector
Nothing to report
No comments:
Post a Comment