Tuesday, July 28, 2015




Complete DHS Report for July 28, 2015

Daily Report                                            

Top Stories


 · The U.S. Department of Transportation Secretary reported July 24 that the U.S. Federal government opened a price-gouging investigation into Delta, American, United, Southwest, and JetBlue airlines, alleging the companies raised airfares in the Northeast after a May 12 Amtrak crash disrupted rail service. – Associated Press

9. July 24, Associated Press – (Pennsylvania) Transportation Chief: 5 airlines probed for price-gouging after deadly train derailment. The U.S. Department of Transportation Secretary reported July 24 that the U.S. Federal government opened a price-gouging investigation into Delta, American, United, Southwest, and JetBlue airlines, alleging the companies raised airfares in the Northeast after a May 12 deadly Amtrak crash in Philadelphia disrupted rail service. The department has sent letters to the involved airlines explaining that the investigation is exploring whether the price hikes violated Federal regulations prohibiting airlines from engaging in unfair and deceptive practices. Source: http://philadelphia.cbslocal.com/2015/07/24/transportation-chief-5-airlines-probed-for-price-gouging-after-deadly-train-derailment/

 · All 700,000 residents in Dekalb County remain under a boil water advisory July 27 after crews fixed a 48-inch transmission line that broke July 23. – WSB 2 Atlanta

10. July 27, WSB 2 Atlanta – (Georgia) 700,000 DeKalb residents under boil water advisory. All 700,000 residents in Dekalb County remain under a boil water advisory July 27 after crews fixed a 48-inch transmission line that broke July 23 and caused residents to have low or no pressure even after it was fixed. DeKalb Watershed reported that pressure would slowly build overnight and that water should be back by July 27.

 · Security researchers at Zimperium zLabs reported that about 950 million Android devices are vulnerable to flaws in the operating system’s (OS) Stagefright media engine. – Threatpost See item 20 below in the Information Technology Sector

 · Fifteen families were displaced July 26 after a 5-alarm fire severely damaged 3 apartment buildings in Union City, New Jersey after beginning inside a home – WABC 7 New York City

28. July 26, WABC 7 New York City – (New Jersey) 15 families displaced in Union City 5-alarm fire. Fifteen families were displaced July 26 after a 5-alarm fire severely damaged 3 apartment buildings in Union City, New Jersey after beginning inside a home. Five firefighters were injured and an investigation is ongoing to determine the cause of the incident.

Financial Services Sector

5. July 24, KNXV 15 Phoenix – (Arizona) FBI asks public’s help identifying “Sabbatical Bandit” bank robber. FBI officials are looking for information leading to the capture of a suspect dubbed the “Sabbatical Bandit”, who allegedly robbed a Mesa bank July 18 in addition to at least 4 others since 2010. Source: http://www.abc15.com/news/region-phoenix-metro/central-phoenix/fbi-asks-public-to-help-identify-sabbatical-bandit-bank-robber

Information Technology Sector

20. July 27, Threatpost – (International) Android Stagefright flaws put 950 million devices at risk. Security researchers at Zimperium zLabs reported that about 950 million Android devices are vulnerable to flaws in the operating system’s (OS) Stagefright media engine, in which excessive permissions could allow an attacker to send a Multimedia Messaging Service (MMS) or Google Hangouts message to trigger the vulnerability, granting system access on the affected device.

21. July 27, Securityweek – (International) Many high-profile firms using vulnerable PHP File Manager: researcher. A security researcher identified several vulnerabilities in Revived Wire Media’s PHP File Manager application, including the existence of a default user account with backdoor access to systems running the software, lack of protection for the user database, and arbitrary file upload vulnerabilities, among other flaws. Many firms reportedly still use the application even though it has not been updated since its release in 2010 – 2011. Source: http://www.securityweek.com/many-high-profile-firms-using-vulnerable-php-file-manager-researcher

22. July 27, Help Net Security – (International) Over 5,000 mobile apps found performing in-app ad fraud. Security researchers from Forensiq discovered at least 5,000 mobile applications being used for mobile hijacking ad fraud worldwide that were observed affecting 12 million unique devices over a 10-day period. Source: http://www.net-security.org/secworld.php?id=18667

23. July 27, Threatpost – (International) Pair of bugs open Honeywell home controllers up to easy hacks. Researchers discovered vulnerabilities in Honeywell’s Tuxedo touch devices used for controlling home systems, including an authentication bypass bug that could grant access to restricted systems, and a cross-site request forgery bug that an attacker could use during an active authenticated session to execute the same commands as the user. Source: https://threatpost.com/pair-of-bugs-open-honeywell-home-controllers-up-to-easy-hacks/113965

For another story, see item 15 below from the Government Facilities Sector

15. July 25, Military Times – (National) GAO: defense installation utilities at risk of cyber attack. A recent report released by the U.S. Government Accountability Office warned against vulnerabilities in the military’s industrial control systems (ICS) network controlling essential services to military installations worldwide. A 2018 deadline set by the Pentagon to address limited cyber defenses for the ICS will be difficult to meet due to delays and unreliable data, according to the report. Source: http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/

Communications Sector

24. July 26, Syracuse.com – (New York) Phone service restored to most Oswego County residents. Service has been restored to the majority of Time Warner Cable customers in Oswego County, New York after losing telephone access, including 9-1-1 service July 26. The cause of the outage remains unknown.

For additional stories, 20 and 22 above in the Information Technology Sector