Complete DHS Report for
September 22, 2015
Daily Report
Top Stories
• The U.S.
Government ordered Volkswagen to recall about 482,000 diesel Jetta, Beetle,
Golf, and Passat vehicles September 18 after an investigation found the company
installed software to conceal vehicle nitrogen oxide emissions. – New York
Times
3. September
18, New York Times – (National) Volkswagen told to recall nearly 500,000 vehicles.
The U.S. government ordered Volkswagen to recall about 482,000 diesel model
year 2009 – 2015 Jetta, Beetle, Golf, and Passat vehicles September 18 after
the U.S. Environmental Protection Agency issued a notice of violation and
alleged the company installed “defeat device” software to evade clean air
standards and conceal nitrogen oxide emissions.Source: http://www.cnbc.com/2015/09/18/volkswagen-ordered-to-recall-nearly-500000-vehicles.html
• The Federal
Aviation Administration fined the city of Cleveland September 18 after
investigations into Hopkins International Airport revealed a series of
incidents in which the airport failed to clear runways and taxiways of snow and
ice. – CNN
9. September
19, CNN – (Ohio) FAA fines Cleveland for airport’s snow, ice troubles. The
Federal Aviation Administration fined the city of Cleveland September 18 after
multiple investigations starting in 2013 into Hopkins International Airport
revealed a series of incidents in which the airport failed to adequately clear
its runways and taxiways of snow and ice. Incidents included taxiing issues due
to ice that resulted in canceled landing clearances and an airport safety
vehicle inadvertently sliding onto an inactive runway, among other findings. Source: http://www.cnn.com/2015/09/18/us/cleveland-winter-weather-fine/index.html
• Seven cars of a
Burlington Northern Santa Fe Railroad train derailed in Scotland, South Dakota,
burst into flames, and collapsed a bridge after ethanol spilled from their
cargo September 19. – Grand Forks Herald
10. September
19, Grand Forks Herald – (South Dakota) Ethanol train derails,
catches fire in South Dakota. Seven cars of a Burlington Northern Santa Fe
Railroad train derailed in Scotland, South Dakota, burst into flames, and
collapsed a bridge after an unknown amount of ethanol spilled from their cargo
September 19. Crews responded to the derailment, began rebuilding the bridge,
and were working to reopen the rail line. Source: http://www.grandforksherald.com/news/region/3843037-ethanol-train-derails-catches-fire-south-dakota
• Crews reached 70
percent containment of the 75,781-acre Valley Fire and 74-percent containment
of the 70,760-acre Butte fire in California September 21. – San Francisco
Bay City News
18. September
21, San Francisco Bay City News – (California) Massive Valley
Fire is at 75,711 acres and 70 percent containment. Crews reached 70
percent containment September 21 of the 75,781-acre Valley Fire burning in
Napa, Sonoma, and Lake counties, which has killed 3 people and destroyed at
least 888 structures. Fire crews also continued to battle the 70,760-acre Butte
Fire in Amador and Calaveras counties, reaching 74-percent containment. Source: http://www.nbcbayarea.com/news/local/Massive-Valley-Fire-is-at-75100-Acres-and-53-Percent-Containment-328418221.html
Financial Services Sector
4. September
21, Reuters – (National) First Eagle to pay nearly $40 mln in SEC case over
distribution fees. First Eagle Investment Management and its affiliated
distributor FEF Distributors agreed to pay $25 million to shareholders and
$12.5 million in penalties to resolve U.S. Securities and Exchange Commission
allegations that the investment firm improperly used mutual fund assets to pay
for marketing and distribution fees without permissions from the fund’s board.
5. September
19, WFOR 4 Miami – (Florida) “Filter Bandit” robs plantation bank on
back-to-back days. Authorities are searching for a suspect dubbed the
“Filter Bandit” who struck a Plantation Chase bank September 18 and 19, and may
be linked to 9 other robberies in Plantation, Coral Springs, and Tamarac since
August 2014. Source: http://miami.cbslocal.com/2015/09/19/fbi-filter-bandit-robs-plantation-bank-on-back-to-back-days/
Information Technology Sector
22. September
20, Softpedia – (International) Three Symantec employees fired for issuing
fake Google SSL certificates. Symantec fired three employees for issuing
rogue Secure Sockets Layer (SSL) certificates after Google engineers working
for the Certificate Transparency project discovered that the company had issued
fake Google.com certificates with “extended validation” labels.
23. September
20, IDG News Service – (International) Apple removes malware-infected iOS apps from
store. Apple officials reported that the company had taken down about 40
iOS applications that were affected by a new form of malware called XcodeGhost,
which modifies the Xcode integrated development environment and collects
information on devices. Source: http://www.computerworld.com/article/2985018/apple-ios/apple-removes-malware-infected-ios-apps-from-store.html#tk.rss_security
24. September
19, Softpedia – (International) Ghost Push Android malware infects 600,000
new users per day. Security researchers from Cheetah Mobile discovered that
a new type of boot-persistent Android malware called Ghost Push is being
packaged with 39 applications distributed through unofficial channels. The
malware has infected 14,847 phone types and models across 3,658 brands worldwide.
Source: http://news.softpedia.com/news/ghost-push-android-malware-infects-600-000-new-users-per-day-492167.shtml
25. September
18, Softpedia – (International) Infographic: Over 170,000 Magento shops are
still vulnerable to Shoplift bug. Security researchers from Byte reported
that 173,547 Magento stores are still vulnerable to the Shoplift vulnerability
discovered in February, which resulted in stolen customer data and diverted
payments. Source: http://news.softpedia.com/news/over-170-000-magento-shops-are-still-vulnerable-to-the-shoplift-bug-492136.shtml
26. September
18, Softpedia – (International) Thousands of WordPress sites hijacked to
distribute malware in the last two days. Security researchers from Sucuri
discovered a new malware campaign affecting thousands of WordPress Web sites,
called VisitorTracker, in which hackers are hijacking sites and adding
malicious JavaScript code that uses iframe calls to direct users to a site
hosting the Nuclear Exploit Kit (EK). Source: http://news.softpedia.com/news/thousands-of-wordpress-hijacked-to-distribute-malware-in-the-last-two-days-492117.shtml
27. September
18, Threatpost – (International) Google details plans to disable SSLV3 RC4. Google
officials announced the company’s formal intent to move away from the Rivest
Cipher 4 (RC4) and Secure Sockets Layer version 3 (SSLv3) protocols due to
security concerns, and laid out future standards for Transport Layer Security
(TLS) clients. Source: https://threatpost.com/google-details-plans-to-disable-sslv3-and-rc4/114732/
Communications Sector
28. September
19, Softpedia – (National) AT&T employees installed malware on their PCs
to aid phone unlocking service. AT&T filed a law suit against three
former call center employees for allegedly installing malware on their servers
with the purpose of aiding a phone unlocking service, Swift Unlocks, in
obtaining AT&T Torch unlock codes, after AT&T reportedly noticed a high
number of generated unlock codes missing and alerted Torch’s administrators. Source:
http://news.softpedia.com/news/at-t-employees-installed-malware-on-their-pcs-to-aid-phone-unlocking-service-492145.shtml