Thursday, May 21, 2015




Complete DHS Report for May 21, 2015

Daily Report

Top Stories

 • Officials reported May 19 a settlement with the Takata Corporation in which the air bag manufacturer agreed to declare 33.8 million of its inflator mechanisms defective, leading to the largest recorded U.S. auto recall.– NBC News

2. May 19, NBC News – (National) Takata recalling 33.8M air bags, biggest ever in U.S. The National Highway Traffic Safety Administration announced May 19 a settlement with the Takata Corporation in which the air bag manufacturer agreed to declare 33.8 million of its inflator mechanisms defective, leading to the largest recorded U.S. auto recall. The defect has led to recalls from 10 automakers and included 17 million vehicles in the U.S. prior to the May 19 announcement. Source: http://www.nbcnews.com/business/autos/takata-expected-declare-33-8m-vehicles-defective-report-says-n361446

• Five major banks agreed to plead guilty and pay $6 billion May 20 in a settlement with authorities to resolve charges of foreign currency exchange manipulation that had occurred until regulators started punishing banks for the misconduct in 2013.– Reuters See item 3 below in the Financial Services Sector

• Six train tankers carrying hazardous chemicals derailed in Louisiana, May 19, prompting officials to declare a state of emergency and a mandatory evacuation for residents within 1,000 feet of the area. – NBC News

6. May 20, NBC News – (Louisiana) Evacuations ordered after chemical cars derailed in Louisiana. Six tankers from a Union Pacific train carrying sodium hydroxide, propylene oxide, and propylene dichloride derailed in Addis May 19, prompting the parish’s Office of Homeland Security to declare a state of emergency and a mandatory evacuation for residents within 1,000 feet of the area while officials cleared the scene. The cause of the derailment is suspected to be damaged track. Source: http://www.nbcnews.com/news/us-news/evacuations-ordered-after-chemical-cars-derail-louisiana-n361661

 • Federal authorities and agencies in all 50 States filed a joint lawsuit May 18 against the Tennessee-based Cancer Fund of America, its 3 affiliated nonprofits, and the individuals who run the charities for allegedly using the $187 million raised for personal use.– Knoxville News Sentinel

14. May 20, Knoxville News Sentinel – (National) Lawsuit: Cancer charities built multimillion-dollar fraud empire. The U.S. Federal Trade Commission along with agencies in all 50 States filed a joint lawsuit May 18 against Knoxville-based Cancer Fund of America, its 3 affiliated nonprofits, and the individuals who run the charities for allegedly using the $187 million raised for personal use. Three individuals and 2 of the charities negotiated settlements with the government totaling over $200 million. Source: http://www.knoxnews.com/news/local-news/ftc-states-file-complaint-against-knoxville-charity_92306448

Financial Services Sector

3. May 20, Reuters – (International) Major banks admit guilt in forex probe, fined $6 billion. Citigroup, JP Morgan, Barclays, the United Bank of Switzerland (UBS), and the Royal Bank of Scotland (RBS) agreed to plead guilty and pay $6 billion in fines May 20 in a settlement with the U.S. Federal Reserve and U.S. Department of Justice (DOJ) to resolve charges of foreign currency exchange manipulation that had occurred until regulators started punishing banks for the misconduct in 2013. The settlement represents the largest antitrust fines issued by the DOJ in agency history. Source: http://www.reuters.com/article/2015/05/20/us-banks-forex-settlement-idUSKBN0O50CQ20150520

4. May 19, Orlando Sentinel – (Florida) State finds 103 credit-card skimmers in 3-month inspection of gas pumps. Florida’s Commissioner of Agriculture and Consumer Services announced May 19 that a 3-month inspection of 7,571 gas pumps revealed 103 credit-card skimming devices across the State. The Florida Petroleum Council and the Florida Petroleum Marketers and Convenience Store Association plan to train employees to be vigilant for skimmers. Source: http://www.orlandosentinel.com/business/os-gas-pump-skimmers-20150519-story.html

5. May 19, Reuters – (National) U.S. regulator says PayPal to pay $25 mln over credit product problems. The U.S. Consumer Financial Protection Bureau (CFPB) announced allegations May 19 that PayPal illegally signed consumers up for an online credit product without their knowledge or permission, and has issued the company to pay $25 million in fines to the government and consumer refunds. The CFPB also alleged that PayPal Credit failed to honor advertised promotions and charged illegitimate late fees when Web site problems prevented customers from making payments. Source: http://www.reuters.com/article/2015/05/19/financial-regulation-paypal-idUSL1N0YA1AD20150519

Information Technology Sector

18. May 20, Softpedia – (International) TLS protocol flawed, HTTPS connections susceptible to FREAK-like attack. Cryptography and security researchers discovered that approximately 8.4 percent of the top one million domains containing mail and web servers are vulnerable to an attack dubbed Logjam, in which an attacker could compromise a secure communication between a client and server by downgrading the transport layer security (TLS) connection to 512-bit export-grade cryptography due to left over variants of the Diffie-Hellman cryptographic key exchange mechanism from the 1990s. The attack method is similar to the one used in the Factoring RSA Export Keys (FREAK) attacks from early 2015. Source: http://news.softpedia.com/news/TLS-Protocol-Flawed-HTTPS-Connections-Susceptible-to-FREAK-Like-Attack-481744.shtml

19. May 20, Securityweek – (International) Millions of routers vulnerable to attacks due to NetUSB bug. Security researchers at SEC Consult discovered a kernel stack buffer overflow vulnerability in NetUSB drivers developed by Taiwan-based KCodes, in which an unauthenticated attacker can execute arbitrary code or cause a denial-of-service (DoS) condition by specifying a computer name longer than 64 characters when the client connects to the server. The driver is found in millions of routers from vendors including Netgear, TP-Link, ZyXEL, and TRENDnet. Source: http://www.securityweek.com/millions-routers-vulnerable-attacks-due-netusb-bug

20. May 19, Threatpost – (International) Google fixes sandbox escape in Chrome. Google patched 37 bugs in Chrome version 43, including 6 high-risk sandbox-escape, cross-origin bypass, and use-after-free vulnerabilities discovered by various security researchers. Source: https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899

21. May 19, Threatpost – (International) Malvertising leads to Magnitude exploit kit, ransomware infection. Security researchers at Zscaler discovered that attackers are using malicious ads and 302 cushioning attacks to direct users to sites hosting the Magnitude exploit kit (EK), which in turn infects users with CryptoWall ransomware. The researchers reported that most of the threat infrastructure for these attacks is housed in Germany. Source: https://threatpost.com/malvertising-leads-to-magnitude-exploit-kit-ransomware-infection/112894

Communications Sector

22. May 19, Associated Press – (National) Nashville radio show fined $1 million for fake emergency broadcast. The U.S. Federal Communications Commission fined iHeartMedia $1 million May 19 after an October 2014 incident where an Emergency Alert System (EAS) tone was misused on the Nashville-based program “The Bobby Bones Show” and was sent to more than 70 affiliated stations across the nation. In addition to the fine, iHeartMedia is required to implement a comprehensive plan and delete EAS tones from its audio production libraries. Source: http://www.knoxnews.com/business/radio-show-fined-1-million-for-fake-emergency-broadcast_00045265_