Friday, December 11, 2015





Complete DHS Report for December 11, 2015

Daily Report                                            

Top Stories

• Bollinger Shipyards will pay the U.S. $8.5 million December 9 to settle claims that the company falsely misrepresented the longitudinal strength of patrol boats it delivered to the U.S. Coast Guard. – U.S. Department of Justice

4. December 9, U.S. Department of Justice – (National) Bollinger Shipyards agrees to settle False Claims Act suit. The U.S. Department of Justice announced December 9 that Louisiana-based Bollinger Shipyards will pay the U.S. $8.5 million and release contract claims to settle False Claims Act violations after an investigation found that the company falsely misrepresented the longitudinal strength of patrol boats it delivered to the U.S. Coast Guard that resulted in the boats buckling and failing. Source: http://www.justice.gov/opa/pr/bollinger-shipyards-agrees-settle-false-claims-act-suit

• Heavy storms across Seattle and Oregon December 8 closed multiple roadways, prompted school closures, killed 2 people, and left approximately 63,000 customers without power. – Reuters

6. December 10, Reuters – (Oregon; Washington) Two dead, thousands without power after US Pacific Northwest storms. Heavy storms across Seattle and Oregon triggered mudslides and flooding December 8 which closed multiple roadways and interstate highways until at least December 10, prompted school closures for 3 consecutive days, killed 2 people, and left approximately 26,000 customers in Portland and 37,000 customers in Seattle without power. Source: http://www.cnbc.com/2015/12/10/two-dead-thousands-without-power-after-us-pacific-northwest-storms.html

• Officials approved the production of Kanuma, a drug used to treat patients with lysosomal acid lipase (LAL) deficiency December 8, through genetically engineered chickens. – U.S. Food and Drug Administration

20. December 8, U.S. Food and Drug Administration – (National) FDA approves first drug to treat rare enzyme disorder in pediatric and adults patients. The U.S. Food and Drug Administration approved the production of Kanuma (sebelipase alfa) a drug used to treat patients with the disease lysosomal acid lipase (LAL) deficiency December 8. The drug gained approval to be constructed in chickens that are genetically engineered to produce a recombinant form of human lysosomal acid lipase (rhLAL) protein in their egg whites. Source: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm476013.htm

• Wyndham Worldwide Corp. agreed to settle charges December 9 alleging that it failed to properly safeguard information on 619,000 customers following 3 data breaches that resulted in more than $10.6 million in fraudulent charges. – Reuters

31. December 9, Reuters – (New Jersey) Wyndham settles FTC data breach charges. Wyndham Worldwide Corp. agreed to settle charges December 9 filed by the U.S. Federal Trade Commission to resolve allegations that the company failed to properly safeguard information on 619,000 customers following 3 data breaches in which attackers hacked into the company’s computer system and stole customers’ payment card and personal information, resulting in more than $10.6 million in fraudulent charges. As part of the settlement, Wyndham is required to comply with a widely used industry standard to protect the safety of payment card information. Source: http://www.reuters.com/article/us-wyndham-ftc-cybersecurity-idUSKBN0TS24220151209#RHSWcQQVCPUHqTt0.97

Financial Services Sector

5. December 9, KUTV 2 Salt Lake City – (Utah) Police looking for ‘bucket list bandit’ involved in Salt Lake Valley robberies. Unified Police are searching for a suspect December 9 believed to be connected to a string of robberies in the Salt Lake County area which include two hotels in addition to a Wells Fargo bank branch, a US Bank branch, and an Americas First Credit Union branch. Authorities believe the suspect is armed. Source: http://kutv.com/news/local/police-looking-for-bucket-list-bandit-who-has-robbed-banks-around-the-salt-lake-valley

Information Technology Sector

24. December 10, SecurityWeek – (International) Many Cisco products plagued by deserializations flaws. Cisco Systems reported that it is investigating which of its products are affected by the Java deserialization vulnerability that can be exploited for remote code execution (RCE) via the Apache Commons Collections library due to the failure of developers to ensure that untrusted serialized data is not accepted for deserialization. Cisco will release software updates addressing the flaw. Source: http://www.securityweek.com/many-cisco-products-plagued-deserialization-flaws

25. December 10, SecurityWeek – (International) Google launches Data Loss Prevention (DLP) for Gmail. Google announced its new feature, Data Loss Prevention (DLP) for Gmail will help administrators enforce DLP policies and will automatically take action based on predefined content detectors in email text and attachment types, including documents, presentations, and spreadsheets to ensure that sensitive information cannot be exposed to unauthorized viewers. The feature is available for Google Apps for Work Unlimited customers only. Source: http://www.securityweek.com/google-launches-data-loss-prevention-dlp-gmail

26. December 10, Softpedia – (International) Barbeques are now hackable thanks to ever-evolving technology. Two American security researchers discovered that smart Internet of Things (IoT) devices can be easily abused after discovering ways to infiltrate the BBQ Guru-owned CyberQ Wifi BBQ Control, which comes manufactured with Internet capabilities, via a malicious Uniform Resource Locator (URL) code crafted by attackers intended to deceive a CyberQ owner into opening the link via a simple spear phishing campaign. Once the malicious link is opened, hackers can access the user’s privileges and command the barbeque to alter its behavior. Source: http://news.softpedia.com/news/barbeques-are-now-hackable-thanks-to-ever-evolving-technology-497418.shtml

27. December 9, SecurityWeek – (International) Google brings safe browsing to Chrome for Android. Google released its Safe Browsing technology in Google Play Services version 8.1, and Chrome for Android version 46 and above versions that will warn users when accessing a flagged Web site, including social engineering, phishing, and other malicious Web sites. Source: http://www.securityweek.com/google-brings-safe-browsing-chrome-android

28. December 9, Zero Day – (International) Microsoft warns of possible attacks after Xbox certificate leaked. Microsoft released an advisory stating that the private keys to the xboxlive.com domain were inadvertently disclosed, allowing attackers to impersonate Xbox users and carry out man-in-the-middle (MitM) attacks, as well as intercept the Web site’s secure connection to deceive users in providing their username and passwords to hackers. Source: http://www.zdnet.com/article/microsoft-warns-attacks-possible-after-xbox-certificate-leaked/

Communications Sector

Nothing to report