Monday, July 27, 2015




Complete DHS Report for July 27, 2015

Daily Report                                            

Top Stories

 · Fiat Chrysler Automobiles U.S. issued a voluntary recall and software update July 24 for various 1.4 million model year 2013 – 2015 vehicles with Uconnect systems to increase their security against remote manipulation. – Autoblog

4. July 24, Autoblog – (National) FCA issuing software update for 1.4M vehicles to prevent hacking. Fiat Chrysler Automobiles U.S. issued a voluntary recall and software update for 1.4 million model year 2013 – 2015 Chrysler 200 and 300, Dodge Charger, Challenger, Viper, Ram, Durango, and Jeep Cherokee and Grand Cherokee vehicles with 8.4-inch touchscreen Uconnect systems to protect vehicles from remote manipulation, following reports that a security expert remotely hacked a vehicle via a cellular connection.

 · The U.S. Office of Personnel Management announced July 23 that access to the Web-based e-QIP system is being incrementally restored following security upgrades performed in response to detected vulnerabilities. – Nextgov

19. July 23, Nextgov – (National) OPM says background check system now back online after security tweaks. The U.S. Office of Personnel Management announced July 23 access to the Web-based e-QIP system is being incrementally restored after security upgrades, including enhanced password protections and secured transmission of data within the system, were performed in response to detected vulnerabilities.

 · About 87,000 Verizon phone lines in Santa Monica, California were without service for almost 9 hours July 24 after water damaged a call routing center July 23. – Los Angeles Daily News See item 28 below in the Communications Sector

 · The Louisiana State Police reported July 24 that an Alabama man indiscriminately shot and killed 2 people and injured 9 others before shooting himself while attending a movie in Lafayette July 23. – CNN

29. July 24, CNN – (Louisiana) Man described as drifter kills 2, himself in Lafayette, Louisiana movie theater. The Louisiana State Police reported July 24 that an Alabama man indiscriminately shot and killed 2 people and injured 9 others before shooting himself while attending a movie in Lafayette July 23. The theater was evacuated and police are investigating the case.

Financial Services Sector

8. July 23, KCBS 2 Los Angeles – (California) Retired LAPD detective arrested in series of ‘Snowbird Bandit’ bank robberies. Orange County authorities arrested a former Los Angeles Police Department detective July 23 on suspicion of being the ‘Snowbird Bandit,” who robbed at least 5 Orange County banks since March.

9. July 23, Bay City News Service – (California) Four east coast men arrested in San Carlos for credit card fraud. San Mateo County officials arrested 4 suspects July 22 after deputies discovered hundreds of fraudulent gift and credit cards, equipment used to manufacture cards, and various merchandise valued at $125,000 in their vehicle. Source: http://patch.com/california/sancarlos/four-east-coast-men-arrested-san-carlos-credit-card-fraud

10. July 22, Reuters – (National) Discover to pay $18.5 mln over student loan allegations. U.S. regulators reported July 22 that Discover Financial Services agreed to pay $18.5 million in penalties and consumer refunds to resolve allegations that Discover Bank overstated minimum amounts due on billing statements, took unfair actions on debt collection, and failed to provide basic student loan servicing functions. Source: http://www.reuters.com/article/2015/07/22/usa-banks-studentloans-idUSL1N1021F620150722

Information Technology Sector

26. July 24, Securityweek – (International) Red Hat patches “libuser” library vulnerabilities. Red Hat patched two vulnerabilities in its “libuser” library, including a race condition flaw that could lead to a denial-of-service (DoS) condition and a bug in the chfn function of the userhelper utility that an attacker could leverage to create a DoS condition and achieve privilege escalation on the system.

27. July 24, SC Magazine – (International) Sophos moves to patch Web Security Appliance flaws. A security researcher from Info-Assure Ltd discovered two vulnerabilities in Sophos Security’s Web Appliance prior to version 4.0.4 that could allow unauthenticated users to read files from the device and inject arbitrary JavaScript via its management interface. Source: http://www.scmagazineuk.com/sophos-moves-to-patch-web-security-appliance-flaws/article/428301/

For additional stories, see item 4 above in Top Stories item 5 below from the Critical Manufacturing Sector and item 20 below from the Government Facilities Sector

5. July 24, Computerworld – (International) Firewalls can’t protect today’s connected cars. Security and automotive experts reported on the risks associated with Internet-enabled vehicles, including a lack of operational security and multiple access wireless access points to vehicles’ controller area networks (CAN). The researchers recommended alternate approaches to vehicle security such as encrypted CAN messaging or detection-software. Source: http://www.networkworld.com/article/2951888/security/firewalls-cant-protect-todays-connected-cars.html#tk.rss_all

20. July 23, FierceGovernmentIT – (National) Census Bureau confirms ‘unauthorized access’ to system; Anonymous members claim responsibility. The online activist group Anonymous claimed responsibility July 22 for a cyber-attack on the U.S. Census Bureau, which leaked non-confidential information including email addresses, phone numbers, and job titles of the organization’s 4,200 employees. The organization’s internal systems were not affected, and the compromised servers have been locked down. Source: http://www.fiercegovernmentit.com/story/census-bureau-confirms-unauthorized-access-system-anonymous-claims-responsi/2015-07-23

Communications Sector

28. July 24, Los Angeles Daily News – (California) Verizon phone service restored in Santa Monica. About 87,000 Verizon phone lines in Santa Monica were without service for nearly 9 hours July 24 after water damaged a call routing center July 23, leaving customers unable to make or receive calls from outside the affected area. Calls to 9-1-1 centers were not affected.Source: http://www.dailynews.com/general-news/20150723/verizon-phone-service-down-in-santa-monica