Tuesday, September 22, 2015



Complete DHS Report for September 22, 2015

Daily Report                                            

Top Stories


 • The U.S. Government ordered Volkswagen to recall about 482,000 diesel Jetta, Beetle, Golf, and Passat vehicles September 18 after an investigation found the company installed software to conceal vehicle nitrogen oxide emissions. – New York Times

3. September 18, New York Times – (National) Volkswagen told to recall nearly 500,000 vehicles. The U.S. government ordered Volkswagen to recall about 482,000 diesel model year 2009 – 2015 Jetta, Beetle, Golf, and Passat vehicles September 18 after the U.S. Environmental Protection Agency issued a notice of violation and alleged the company installed “defeat device” software to evade clean air standards and conceal nitrogen oxide emissions.Source: http://www.cnbc.com/2015/09/18/volkswagen-ordered-to-recall-nearly-500000-vehicles.html

 • The Federal Aviation Administration fined the city of Cleveland September 18 after investigations into Hopkins International Airport revealed a series of incidents in which the airport failed to clear runways and taxiways of snow and ice. – CNN

9. September 19, CNN – (Ohio) FAA fines Cleveland for airport’s snow, ice troubles. The Federal Aviation Administration fined the city of Cleveland September 18 after multiple investigations starting in 2013 into Hopkins International Airport revealed a series of incidents in which the airport failed to adequately clear its runways and taxiways of snow and ice. Incidents included taxiing issues due to ice that resulted in canceled landing clearances and an airport safety vehicle inadvertently sliding onto an inactive runway, among other findings. Source: http://www.cnn.com/2015/09/18/us/cleveland-winter-weather-fine/index.html

 • Seven cars of a Burlington Northern Santa Fe Railroad train derailed in Scotland, South Dakota, burst into flames, and collapsed a bridge after ethanol spilled from their cargo September 19. – Grand Forks Herald

10. September 19, Grand Forks Herald – (South Dakota) Ethanol train derails, catches fire in South Dakota. Seven cars of a Burlington Northern Santa Fe Railroad train derailed in Scotland, South Dakota, burst into flames, and collapsed a bridge after an unknown amount of ethanol spilled from their cargo September 19. Crews responded to the derailment, began rebuilding the bridge, and were working to reopen the rail line. Source: http://www.grandforksherald.com/news/region/3843037-ethanol-train-derails-catches-fire-south-dakota

 • Crews reached 70 percent containment of the 75,781-acre Valley Fire and 74-percent containment of the 70,760-acre Butte fire in California September 21. – San Francisco Bay City News

18. September 21, San Francisco Bay City News – (California) Massive Valley Fire is at 75,711 acres and 70 percent containment. Crews reached 70 percent containment September 21 of the 75,781-acre Valley Fire burning in Napa, Sonoma, and Lake counties, which has killed 3 people and destroyed at least 888 structures. Fire crews also continued to battle the 70,760-acre Butte Fire in Amador and Calaveras counties, reaching 74-percent containment. Source: http://www.nbcbayarea.com/news/local/Massive-Valley-Fire-is-at-75100-Acres-and-53-Percent-Containment-328418221.html
 
Financial Services Sector

4. September 21, Reuters – (National) First Eagle to pay nearly $40 mln in SEC case over distribution fees. First Eagle Investment Management and its affiliated distributor FEF Distributors agreed to pay $25 million to shareholders and $12.5 million in penalties to resolve U.S. Securities and Exchange Commission allegations that the investment firm improperly used mutual fund assets to pay for marketing and distribution fees without permissions from the fund’s board.

5. September 19, WFOR 4 Miami – (Florida) “Filter Bandit” robs plantation bank on back-to-back days. Authorities are searching for a suspect dubbed the “Filter Bandit” who struck a Plantation Chase bank September 18 and 19, and may be linked to 9 other robberies in Plantation, Coral Springs, and Tamarac since August 2014. Source: http://miami.cbslocal.com/2015/09/19/fbi-filter-bandit-robs-plantation-bank-on-back-to-back-days/

Information Technology Sector

22. September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels.

23. September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials reported that the company had taken down about 40 iOS applications that were affected by a new form of malware called XcodeGhost, which modifies the Xcode integrated development environment and collects information on devices. Source: http://www.computerworld.com/article/2985018/apple-ios/apple-removes-malware-infected-ios-apps-from-store.html#tk.rss_security

24. September 19, Softpedia – (International) Ghost Push Android malware infects 600,000 new users per day. Security researchers from Cheetah Mobile discovered that a new type of boot-persistent Android malware called Ghost Push is being packaged with 39 applications distributed through unofficial channels. The malware has infected 14,847 phone types and models across 3,658 brands worldwide. Source: http://news.softpedia.com/news/ghost-push-android-malware-infects-600-000-new-users-per-day-492167.shtml

25. September 18, Softpedia – (International) Infographic: Over 170,000 Magento shops are still vulnerable to Shoplift bug. Security researchers from Byte reported that 173,547 Magento stores are still vulnerable to the Shoplift vulnerability discovered in February, which resulted in stolen customer data and diverted payments. Source: http://news.softpedia.com/news/over-170-000-magento-shops-are-still-vulnerable-to-the-shoplift-bug-492136.shtml

26. September 18, Softpedia – (International) Thousands of WordPress sites hijacked to distribute malware in the last two days. Security researchers from Sucuri discovered a new malware campaign affecting thousands of WordPress Web sites, called VisitorTracker, in which hackers are hijacking sites and adding malicious JavaScript code that uses iframe calls to direct users to a site hosting the Nuclear Exploit Kit (EK). Source: http://news.softpedia.com/news/thousands-of-wordpress-hijacked-to-distribute-malware-in-the-last-two-days-492117.shtml

27. September 18, Threatpost – (International) Google details plans to disable SSLV3 RC4. Google officials announced the company’s formal intent to move away from the Rivest Cipher 4 (RC4) and Secure Sockets Layer version 3 (SSLv3) protocols due to security concerns, and laid out future standards for Transport Layer Security (TLS) clients. Source: https://threatpost.com/google-details-plans-to-disable-sslv3-and-rc4/114732/

Communications Sector

28. September 19, Softpedia – (National) AT&T employees installed malware on their PCs to aid phone unlocking service. AT&T filed a law suit against three former call center employees for allegedly installing malware on their servers with the purpose of aiding a phone unlocking service, Swift Unlocks, in obtaining AT&T Torch unlock codes, after AT&T reportedly noticed a high number of generated unlock codes missing and alerted Torch’s administrators. Source: http://news.softpedia.com/news/at-t-employees-installed-malware-on-their-pcs-to-aid-phone-unlocking-service-492145.shtml