Complete DHS Report for
October 2, 2015
Daily Report
Top Stories
• Officials reported September 28 that the number of
information security incidents affecting systems supporting the Federal
Government grew 1,121 percent since 2006 and the number of incidents involving
personal identifiable information more than doubled from 2009 to 2014. – Network
World
23. September
30, Network World – (National) Network security weaknesses plague federal
agencies. The U.S. Government Accountability Office released a report the
week of September 28 which found that the number of information security
incidents affecting systems supporting the Federal Government grew 1,121
percent since 2006 and that the number of incidents involving personal
identifiable information (PII) more than doubled from 2009 to 2014. The report
also detailed how information and systems remain at high risk of unauthorized
access and disruption, and that weaknesses existed at effectively implementing
security controls, among other findings.
• Apple released OS
X version 10.11 El Capitan to address over 100 security vulnerabilities. – Threatpost See item 25 below
in the Information Technology Sector
• Researchers
discovered a series of Android media processing vulnerabilities, dubbed
Stagefright 2.0, affecting over 1 billion devices which could allow an attacker
to trick users into visiting maliciously crafted Web sites. – IDG News
Service See item
26 below in the Information Technology Sector
• Researchers
disclosed a critical zero day WinRAR remote code execution vulnerability
affecting up to 500 million users, where an attacker could inject malicious
code into an archive that would automatically execute upon unzipping. – Computerworld
See item 27 below in the Information Technology Sector
Financial Services Sector
6. September
30, KDKA 2 Pittsburgh – (Pennsylvania) Feds seize assets, cash
from woman accused in $15M embezzlement scheme. Federal authorities were
investigating a former Matthews International Corporation treasurer specialist
in Pittsburgh and seized millions of dollars in cash and assets September 30 in
connection to an alleged fraud scheme in which the suspect allegedly took $15
million from the company since 2003. Source: http://pittsburgh.cbslocal.com/2015/09/30/feds-seize-assets-cash-from-woman-accused-in-15m-embezzlement-scheme/
Information Technology Sector
25. October 1,
Threatpost – (International) Apple patches 100+ vulnerabilities in OS X,
Safari, iOS. Apple released OS X version 10.11 El Capitan addressing over
100 security vulnerabilities, including 20 hypertext preprocessor (PHP) flaws,
XARA password stealing vulnerabilities which could allow an attacker to use a
malicious application to access a user’s keychain, and 45 issues in the Safari
9 Web browser, among others. Source: https://threatpost.com/apple-patches-100-vulnerabilities-in-os-x-safari-ios/114876/
26. October 1,
IDG News Service – (International) New Android vulnerabilities put over a
billion devices at risk of remote hacking. Security researchers from
Zimperium discovered a series of Android media processing vulnerabilities,
dubbed Stagefright 2.0, affecting over 1 billion devices which could allow an
attacker to trick users into visiting maliciously crafted Web sites that would
exploit the flaws and lead to remote code execution on almost all devices
starting with version 1.0 of the operating system (OS). Source: http://www.computerworld.com/article/2988157/android/new-android-vulnerabilities-put-over-a-billion-devices-at-risk-of-remote-hacking.html
27. September
30, Computerworld – (International) Critical flaw puts 500 million WinRAR users
at risk of being pwned by unzipping a file. Security researchers disclosed
a critical zero day WinRAR remote code execution vulnerability affecting up to
500 million users, in which an attacker could inject malicious code into an
archive that would automatically execute upon unzipping. The vulnerability can
be exploited without system user privileges or user interaction. Source: http://www.computerworld.com/article/2987749/cybercrime-hacking/critical-flaw-puts-500-million-winrar-users-at-risk-of-being-pwned-by-unzipping-a-file.html
Communications Sector
Nothing to report
No comments:
Post a Comment