Complete DHS Report for
October 30, 2015
Daily Report
Top Stories
• The Santa Clara
County Public Health Department reported October 28 that the number of cases in
a Shigella outbreak rose to 190 after being linked to consumption from the
Mariscos San Juan restaurant. – San Jose Mercury News
12. October
29, San Jose Mercury News – (California) Shigella outbreak reaches 190
reported cases. The Santa Clara County Public Health Department reported
October 28 that the number of cases in a Shigella outbreak rose to 190. The
cause of the outbreak remains under investigation but officials believe that
nearly all cases stem from food served at the Mariscos San Juan restaurant
between October 16 and October 17.
Source: http://www.mercurynews.com/crime-courts/ci_29039614/shigella-outbreak-reaches-190-reported-cases
• Sanofi issued a
recall October 28 for approximately 490,000 packs of Auvi-Q epinephrine
injectors used to treat severe allergic reactions following 26 reports of
malfunctions with the injectors. – Associated Press
20. October
28, Associated Press – (International) Sanofi recalls all injectors used for allergic
reactions. Sanofi issued a recall October 28 for approximately 490,000
packs of Auvi-Q epinephrine injectors used to treat severe allergic reactions
following 26 reports of malfunctions with the injectors that may not deliver
the correct amount of the drug. Source: http://abcnews.go.com/Business/wireStory/sanofi-recalls-pen-injectors-allergic-reactions-34805509
• A security expert
reported October 28 that 13 million personal user records from the free web
hosting service, 000webhost.com were compromised after its main server was
exploited via a flaw in its old version of PHP. – Securityweek See item 24 below in the Information Technology Sector
• Mapunapuna
officials reported October 28 that a building supply company housing 17
businesses sustained extensive damage October 27 after a 3-alarm fire caused
approximately $5.5 million in damages. – Honolulu Star-Advertiser
30. October
28, Honolulu Star-Advertiser – (Hawaii) Fire causes $5.5
million damage to Mapunapuna businesses. Mapunapuna officials reported
October 28 that a building supply company housing 17 businesses sustained
extensive damage October 27 after a 3-alarm fire caused approximately $5.5
million in damages. Fire crews remained on site for nearly 21 hours
extinguishing the blaze and the cause of the incident is under investigation. Source:
http://www.staradvertiser.com/news/breaking/20151027_Firefighters_respond_to_threealarm_fire_in_Mapunapuna.html?id=337815871
Financial Services Sector
6. October
28, Buffalo News – (New York) Falls businessman who shot brother-in-law
pleads guilty to bank fraud. A suspect
serving a prior prison sentence for attempted murder pleaded guilty October 28
in a Buffalo district court to defrauding M&T Bank of $177,500 by cashing
42 checks from an overdrawn company account from the now-defunct Electro-Dyne
Choke Corp., between November 2012 and March 2013. The suspect had the
company’s payroll firm issue payroll checks to himself and another individual
from bank accounts that did contain enough money.
7. October
28, Bloomberg News – (New York) Goldman agrees to pay $50 million to settle N.Y.
Fed leak case. Goldman Sachs Group Inc., reached a $50 million settlement
and accepted a 3-year suspension on some advisory capacities within New York
October 28 following allegations of unauthorized access to classified documents
from the Federal Reserve Bank of New York. The case involves a Federal Reserve
employee who provided a client’s confidential information to a Goldman Sachs
employee, who then circulated the information to senior personnel. Source: http://www.bloomberg.com/news/articles/2015-10-28/goldman-agrees-to-pay-50-million-to-settle-n-y-fed-leak-case
8. October
28, Chicago Tribune – (Illinois) Politician goes from speaker to felon, but his
dark past still a mystery. A U.S. politician plead guilty October 28 in a
Federal courtroom in Chicago to charges related to allegations of illegally
structuring more than $3.5 million in bank account withdrawals to avoid
financial reporting requirements as part of a payout to cover up alleged
wrongdoing. Source: http://www.chicagotribune.com/news/local/breaking/ct-dennis-hastert-guilty-plea-hearing-met-20151027-story.html
Information Technology Sector
24. October
29, Securityweek – (International) 13 million passwords leaked from free hosting
service. A security expert reported October 28 that 13 million personal
user records including names, emails, and plaintext passwords from the free web
hosting service, 000webhost.com were compromised after its main server was
exploited via a flaw in its old version of PHP. To mitigate future breaches,
000webhost updated its systems, increased its encryption, and changed all
passwords. Source: http://www.securityweek.com/13-million-passwords-leaked-free-hosting-service
25. October
29, Securityweek – (International) Several flaws patched in Xen Hypervisor. Researchers
from Xen Project released a total of nine advisories addressing recently patched
Xen hypervisor vulnerabilities including hypercall issues leveraged to cause a
denial-of-service (DoS) condition via repeated logging to the hypervisor
console, privilege escalation vulnerability, and a multicall issue exploited
via a malicious guest to crash a host, amongst other patched security holes
after experts from Citrix, Alibaba, and SUSE discovered each vulnerability. Source:
http://www.securityweek.com/several-flaws-patched-xen-hypervisor?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
26. October
28, Securityweek – (International) “Chikdos” Malware abuses MySQL Servers for
DDoS attacks. Researchers from Symantec reported that the Chikdos trojan
malware designed to hijack both Linux and Windows, recently targeted MySQL
servers via a malicious user-defined function (UDF) working as a downloader
trojan (Downloader.Chikdos) that allows actors to conduct distributed
denial-of-service (DDoS) attacks via SQL injection attacks. Symantec data
confirms the most infected MySQL servers were located in India, China, Brazil,
Holland, and the U.S. Source: http://www.securityweek.com/chikdos-malware-abuses-mysql-servers-ddos-attacks
27. October28,
Securityweek – (International) Infinite Automation patches flaws in
SCADA/HMI product. Infinite Automation Systems released an updated version
of its Mango Automation product patching a series of vulnerabilities after
researchers from ICS-CERT discovered unrestricted fire upload, information
exposure, SQL injection, and cross-site scripting vulnerabilities. The version
fixed all the flaws except an OS command injection and a cross-site request
forgery (CSRF) flaw.
Communications Sector
Nothing to report
No comments:
Post a Comment