Thursday, August 20, 2015



Complete DHS Report for August 20, 2015

Daily Report                                            

Top Stories

 · All lanes of eastbound Interstate 64 in Kanawha County, West Virginia, reopened August 19 after being closed for nearly 30 hours following an August 17 accident involving a semi-truck. – WSAZ 3 Huntington

8. August 19, WSAZ 3 Huntington – (West Virginia) All lanes of I-64 east reopen near Institute. All lanes of Eastbound Interstate 64 in Kanawha County reopened August 19 after being closed for nearly 30 hours while crews cleaned up and replaced 400 feet of guardrail damaged by a semi-truck accident August 17. Source: http://www.wsaz.com/home/headlines/Tractor-Trailer-Rollover-Shuts-Down-I-64-Near-Cross-Lanes-322124872.html

 · Firefighters continued to contain 12 wildfires that collectively burned over 110,000 acres across Oregon, destroyed over 60 homes, and still threaten over 500 structures August 18. – Associated Press; KOIN 6 Portland

12. August 19, Associated Press; KOIN 6 Portland – (Oregon) John Day fire: 36 homes destroyed, 50 damaged. Firefighters continued work August 18 to contain 12 wildfires that collectively have burned over 110,000 acres across Oregon and have destroyed over 60 homes, damaged at least 50 others, and threaten more than 500 structures. Source: http://koin.com/2015/08/18/gov-suspends-delivery-rules-for-fuel-to-firefighters/

 · Microsoft released an emergency patch for all supported versions of its Internet Explorer Web browser addressing a zero-day remote code execution memory corruption vulnerability being exploited in the wild. – Threatpost See item 21 below in the Information Technology Sector

 · The mayor of New York City signed a bill August 18 requiring city landlords to register, inspect, and clean air-conditioning cooling towers regularly after Legionnaire’s disease sickened 127 individuals in the South Bronx. – USA Today

26. August 18, USA Today – (New York) NYC mayor signs anti-Legionnaires’ bill. The mayor of New York City signed a bill August 18 requiring city landlords to register, inspect, and clean air-conditioning cooling towers on a regular basis, in addition to certifying the towers. The legislation was created following an outbreak of Legionnaires’ disease in the South Bronx that sickened 127 individuals. Source: http://www.msn.com/en-us/news/us/nyc-mayor-signs-anti-legionnaires-bill/ar-BBlRhap

Financial Services Sector

4. August 18, U.S. Securities and Exchange Commission – (International) SEC charges BNY Mellon with FCPA violations. The U.S. Securities and Exchange Commission announced August 18 that BNY Mellon agreed to pay $14.8 million to resolve allegations that the company violated the Foreign Corrupt Practices Act (FCPA) by providing student internships to family members of government officials affiliated with a Middle Eastern sovereign wealth fund, and that BNY Mellon lacked sufficient internal controls to guard against improper hiring practices. Source: https://www.sec.gov/news/pressrelease/2015-170.html

5. August 18, New York Times – (International) Promontory Financial settles with New York regulator. Promontory Financial Group agreed August 18 to pay a $15 million penalty and admitted fault to settle New York Department of Financial Services allegations that the firm’s work for British bank Standard Chartered was not truly independent and did not meet agency standards for consultants. Source: http://www.nytimes.com/2015/08/19/business/dealbook/promontory-financial-settles-with-new-york-regulator.html?_r=0

For additional stories, see item 20 below in the Information Technology Sector and 25 below from the Commercial Facilities Sector

25. August 18, Minneapolis Star Tribune – (National) Target settles Visa card issuer claims in breach. Target Corp., agreed to pay Visa Inc., up to $67 million August 18 to resolve financial claims related to a 2013 data breach at Target that compromised the credit card information of at least 40 million customers over a 3-week period. Target has reported $252 million in expenses tied to the breach to-date. Source: http://www.startribune.com/target-settles-visa-card-issuer-claims-in-breach/322178271/

Information Technology Sector

18. August 19, Securityweek – (International) Hackers leak Ashley Madison user data. Security experts reported that hackers released a 10 gigabyte (GB) file containing the personal information and payment records of over 30 million Ashley Madison discrete dating Web sites users following a July breach and threats that information would be released if Avid Life Media Inc., continued its practices regarding user profile retention and confidentiality. Source: http://www.securityweek.com/hackers-leak-ashley-madison-user-data

19. August 19, Securityweek – (International) Adobe patches vulnerability in LiveCycle data services. Adobe released a security hotfix for its LiveCycle Data Services (DS) framework addressing an XML Eternal Entity (XXE) vulnerability that could result in information disclosure.Source: http://www.securityweek.com/adobe-patches-vulnerability-livecycle-data-services

20. August 19, IDG News Service – (International) Internet company Web.com hit by credit card breach. The Web.com Group reported that a security breach discovered August 13 compromised the name, address, and credit card information of around 93,000 customers. The company reported that no verification codes or other customer information was exposed. Source: http://www.pcworld.com/article/2973024/internet-company-web-com-hit-by-credit-card-breach.html

21. August 18, Threatpost – (International) Emergency IE patch fixes vulnerability under attack. Microsoft released an emergency patch August 18 for all supported versions if its Internet Explorer Web browser addressing a zero-day memory corruption vulnerability that an attacker could leverage to remotely execute arbitrary code in the context of the current user. Source: https://threatpost.com/emergency-ie-patch-fixes-vulnerability-under-attack/114342

Communications Sector

22. August 18, U.S. Federal Communications Commission – (National) FCC fines Smart City $750,000 for blocking Wi-Fi. The Federal Communications Commission’s Enforcement Bureau announced a settlement with Smart City Holdings, LLC August 18 for $750,000 after an investigation revealed that the company blocked consumers’ mobile Wi-Fi hotspots at various convention centers nationwide while charging an exorbitant fee for access to its Wi-Fi service on-site. Source: https://www.fcc.gov/document/fcc-fines-smart-city-750k-blocking-wi-fi-0