Daily Report
Top Stories
• Bollinger Shipyards will pay the U.S. $8.5 million
December 9 to settle claims that the company falsely misrepresented the
longitudinal strength of patrol boats it delivered to the U.S. Coast Guard. – U.S.
Department of Justice
4. December
9, U.S. Department of Justice – (National) Bollinger Shipyards
agrees to settle False Claims Act suit. The U.S. Department of Justice
announced December 9 that Louisiana-based Bollinger Shipyards will pay the U.S.
$8.5 million and release contract claims to settle False Claims Act violations
after an investigation found that the company falsely misrepresented the
longitudinal strength of patrol boats it delivered to the U.S. Coast Guard that
resulted in the boats buckling and failing. Source: http://www.justice.gov/opa/pr/bollinger-shipyards-agrees-settle-false-claims-act-suit
• Heavy storms across Seattle and Oregon December 8 closed
multiple roadways, prompted school closures, killed 2 people, and left
approximately 63,000 customers without power. – Reuters
6. December
10, Reuters – (Oregon; Washington) Two dead, thousands without power after
US Pacific Northwest storms. Heavy storms across Seattle and Oregon
triggered mudslides and flooding December 8 which closed multiple roadways and
interstate highways until at least December 10, prompted school closures for 3
consecutive days, killed 2 people, and left approximately 26,000 customers in
Portland and 37,000 customers in Seattle without power. Source: http://www.cnbc.com/2015/12/10/two-dead-thousands-without-power-after-us-pacific-northwest-storms.html
• Officials approved the production of Kanuma, a drug used
to treat patients with lysosomal acid lipase (LAL) deficiency December 8,
through genetically engineered chickens. – U.S. Food and Drug Administration
20. December
8, U.S. Food and Drug Administration – (National) FDA approves first
drug to treat rare enzyme disorder in pediatric and adults patients. The
U.S. Food and Drug Administration approved the production of Kanuma (sebelipase
alfa) a drug used to treat patients with the disease lysosomal acid lipase
(LAL) deficiency December 8. The drug gained approval to be constructed in
chickens that are genetically engineered to produce a recombinant form of human
lysosomal acid lipase (rhLAL) protein in their egg whites. Source: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm476013.htm
• Wyndham Worldwide Corp. agreed to settle charges December
9 alleging that it failed to properly safeguard information on 619,000 customers
following 3 data breaches that resulted in more than $10.6 million in
fraudulent charges. – Reuters
31. December
9, Reuters – (New Jersey) Wyndham settles FTC data breach charges. Wyndham
Worldwide Corp. agreed to settle charges December 9 filed by the U.S. Federal
Trade Commission to resolve allegations that the company failed to properly
safeguard information on 619,000 customers following 3 data breaches in which
attackers hacked into the company’s computer system and stole customers’
payment card and personal information, resulting in more than $10.6 million in
fraudulent charges. As part of the settlement, Wyndham is required to comply
with a widely used industry standard to protect the safety of payment card
information. Source: http://www.reuters.com/article/us-wyndham-ftc-cybersecurity-idUSKBN0TS24220151209#RHSWcQQVCPUHqTt0.97
Financial Services Sector
5. December
9, KUTV 2 Salt Lake City – (Utah) Police looking for ‘bucket list bandit’
involved in Salt Lake Valley robberies. Unified Police are searching for a
suspect December 9 believed to be connected to a string of robberies in the
Salt Lake County area which include two hotels in addition to a Wells Fargo
bank branch, a US Bank branch, and an Americas First Credit Union branch.
Authorities believe the suspect is armed. Source: http://kutv.com/news/local/police-looking-for-bucket-list-bandit-who-has-robbed-banks-around-the-salt-lake-valley
Information Technology Sector
24. December
10, SecurityWeek – (International) Many Cisco products plagued by
deserializations flaws. Cisco Systems reported that it is investigating
which of its products are affected by the Java deserialization vulnerability
that can be exploited for remote code execution (RCE) via the Apache Commons
Collections library due to the failure of developers to ensure that untrusted
serialized data is not accepted for deserialization. Cisco will release
software updates addressing the flaw. Source: http://www.securityweek.com/many-cisco-products-plagued-deserialization-flaws
25. December
10, SecurityWeek – (International) Google launches Data Loss Prevention (DLP)
for Gmail. Google announced its new feature, Data Loss Prevention (DLP) for
Gmail will help administrators enforce DLP policies and will automatically take
action based on predefined content detectors in email text and attachment
types, including documents, presentations, and spreadsheets to ensure that
sensitive information cannot be exposed to unauthorized viewers. The feature is
available for Google Apps for Work Unlimited customers only. Source: http://www.securityweek.com/google-launches-data-loss-prevention-dlp-gmail
26. December
10, Softpedia – (International) Barbeques are now hackable thanks to
ever-evolving technology. Two American security researchers discovered that
smart Internet of Things (IoT) devices can be easily abused after discovering
ways to infiltrate the BBQ Guru-owned CyberQ Wifi BBQ Control, which comes
manufactured with Internet capabilities, via a malicious Uniform Resource
Locator (URL) code crafted by attackers intended to deceive a CyberQ owner into
opening the link via a simple spear phishing campaign. Once the malicious link
is opened, hackers can access the user’s privileges and command the barbeque to
alter its behavior. Source: http://news.softpedia.com/news/barbeques-are-now-hackable-thanks-to-ever-evolving-technology-497418.shtml
27. December
9, SecurityWeek – (International) Google brings safe browsing to Chrome for
Android. Google released its Safe Browsing technology in Google Play
Services version 8.1, and Chrome for Android version 46 and above versions that
will warn users when accessing a flagged Web site, including social
engineering, phishing, and other malicious Web sites. Source: http://www.securityweek.com/google-brings-safe-browsing-chrome-android
28. December
9, Zero Day – (International) Microsoft warns of possible attacks after
Xbox certificate leaked. Microsoft released an advisory stating that the
private keys to the xboxlive.com domain were inadvertently disclosed, allowing
attackers to impersonate Xbox users and carry out man-in-the-middle (MitM)
attacks, as well as intercept the Web site’s secure connection to deceive users
in providing their username and passwords to hackers. Source: http://www.zdnet.com/article/microsoft-warns-attacks-possible-after-xbox-certificate-leaked/
Communications Sector
Nothing to report