Complete DHS Report for
June 18, 2015
Daily Report
Top Stories
· Toyota
Motor Corporation expanded recalls June 16 for 1.37 million vehicles due to
ongoing issues with airbag inflators manufactured by the Takata Corporation
that could cause airbags to prematurely inflate or explode. – CNBC
6. June
16, CNBC – (National) Toyota expanding U.S. airbag-related
recalls by 1.37M vehicles. Toyota Motor Corporation reported expanded
recalls June 16 for 1.37 million model year 2003 – 2007 Corolla and Corolla
Matrix, 2005 – 2006 Tundra, 2005 – 2007 Sequoia, and 2003 – 2007 Lexus SC430
vehicles due to ongoing issues with airbag inflators manufactured by the Takata
Corporation that could cause airbags to prematurely inflate or explode.
· California
authorities arrested 2 people June 16 after discovering thousands of stolen
credit, identification, Social Security cards, income tax documents, and more
in their vehicle’s trunk. – KABC 7 Los Angeles See item 7 below in the Financial Services Sector
· The U.S.
Food and Drug Administration announced June 16 that food manufacturers will
have 3 years to remove partially hydrogenated oils from products unless
specifically approved. – U.S. Food and Drug Administration
14. June
16, U.S. Food and Drug Administration – (National) The FDA takes
step to remove artificial trans fats in processed foods. The U.S. Food and
Drug Administration (FDA) announced June 16 that partially hydrogenated oils
(PHOs), a source of artificial trans fat, are not “generally recognized as
safe” for use in human food and food manufacturers will have a compliance
period of three years to remove PHOs from products. Following the compliance
period, no PHOs can be added to human food unless approved by the FDA. Source: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm451237.htm
· The
director of the U.S. Office of Personnel Management claimed June 16 that the
agency fends off an average of 10 million hacking attempts per month and that
the number of attacks will increase. – Bloomberg
21. June 16, Bloomberg – (National) U.S. jobs
agency thwarts 10 million hacks a month, director says. The director of the
U.S. Office of Personnel Management claimed June 16 in a U.S. House of
Representatives committee hearing that the agency fends off an average of 10
million hacking attempts per month, and that the number of attacks will
increase. Officials reported that the June breach may have compromised personal
information of up to 14 million current and former Federal employees and their
associates. Source: http://www.bloomberg.com/news/articles/2015-06-16/u-s-jobs-agency-thwarts-10-million-hacks-a-month-director-says
Financial Services Sector
7. June 16,
KABC 7 Los Angeles – (California) 2 arrested for stealing thousands of credit, ID,
Social Security cards in Highland. Highland, California authorities
arrested 2 people June 16 after discovering thousands of stolen credit,
identification, Social Security cards, income tax documents, and more in their
vehicle’s trunk, as well as an embossing machine allegedly used to flatten
names on cards for replacement. The investigation is ongoing. Source: http://abc7.com/news/2-arrested-for-stealing-thousands-of-credit-id-social-security-cards-in-highland/789473/
8. June 16,
U.S. Securities and Exchange Commission – (National) SEC announces
charges against retirement plan custodian in connection with Ponzi scheme. The
U.S. Securities and Exchange Commission announced charges June 16 against
Westlake, Ohio-based Equity Trust Company, alleging that the company failed to
protect its customers from a Ponzi retirement fund investment scheme that 2
representatives used to defraud over 100 investors out of more than $5 million.
The two representatives were indicted for alleged offering fraud in New Jersey.
Source: http://www.sec.gov/news/pressrelease/2015-121.html
Information Technology Sector
26. June 17,
Softpedia – (International) Retrospect clients patched to prevent
exposure of backup files. Retrospect Inc., released a patch addressing a
password hashing vulnerability in its network backup utility for Apple, Linux,
and Microsoft Windows operating systems (OS) in which an attacker with access
to networked clients could gain access to users’ backup files. Source: http://news.softpedia.com/news/Retrospect-Clients-Patched-to-Prevent-Exposure-of-Backup-Files-484577.shtml
27. June 17,
Softpedia – (International) Over 600 million Samsung devices vulnerable
to keyboard security risk. Security researchers at NowSecure discovered a
remote code execution vulnerability in the SwiftKey Android app in which an
attacker could access device sensors, pictures, and text messages, alter or
install apps, or listen to voice-calls. The vulnerability was patched in early
2015. Source: http://news.softpedia.com/news/Over-600-Million-Samsung-Devices-Vulnerable-to-Keyboard-Security-Risk-484562.shtml
28. June 16,
SC Magazine – (International) Study: 15-30 percent of eCommerce site
visitors infected with CSIM. A report released by Namogoo revealed that 15
– 30 percent of eCommerce site visitors are infected with client-side injected
malware (CSIM), and that attacks have increased by 20 percent in the last 6
months, among other findings. Source: http://www.scmagazine.com/namogoo-study-shows-nearly-a-third-of-ecommerce-site-visitors-could-be-infected-with-csim/article/420346/
For
additional stories, see item 1 below from the Energy Sector and 20 below from the Government Facilities Sector
1. June 17, Threatpost – (National) Plaintext
credentials threaten RLE wind turbine HMI. The DHS Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory after a
security researcher discovered a vulnerability in the Nova-Wind Turbine
human-machine interface (HMI) for turbines manufactured by RLE International
GmbH in which an attacker could leverage credentials stored in plaintext to
perform actions on the device, resulting in a possible loss of power for all
attached systems. Source: https://threatpost.com/plaintext-credentials-threaten-rle-wind-turbine-hmi/113354
20. June 16, SC Magazine – (North Dakota) North
Dakota Workforce Safety Institute experiences a breach. Authorities
reported that about 43,000 incident reports and 13,000 payroll reports
containing Social Security, names, employer, and medical information for
employee and worker reports filled online between 2006 – 2013 were compromised
in a breach of the North Dakota Workforce and Safety Institute (WSI) servers.
The WSI became aware of the breach June 10 and is offering free identity repair
services to affected individuals. Source: http://www.scmagazine.com/north-dakota-wsi-experiences-breach-thousands-at-risk/article/421053/
Communications Sector
29. June 17, KMA 960 AM
Shenandoah – (Iowa) CenturyLink service has reportedly been
restored. CenturyLink customers in Page and Montgomery counties along with
customers in Fremont, Mills and Taylor counties were impacted by an Internet
and telephone outage June 16 – 17 that affected 9-1-1 service. Source: http://www.kmaland.com/news/centurylink-problems-persist-this-morning/article_9d1edca8-14dc-11e5-b838-ef28d41ab8c9.html
For another story, see item 27 above in the Information Technology
Sector