Complete DHS Report for April 26, 2016
Daily Report
Top Stories
• Toyota Motor Corporation issued a recall April 22 for
16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus ES350
vehicles due to faulty brake actuators that may have been assembled with a
damaged O-ring. – TheCarConnection.com
3. April 22,
TheCarConnection.com – (National) Brake-related recalls widens to include 2016
Toyota RAV4, Lexus RX350, ES350. Toyota Motor Corporation issued a recall
April 22 for 16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus
ES350 vehicles sold in the U.S. due to faulty brake actuators that may have
been assembled with a damaged O-ring which can cause the brake fluid pressure
to be improperly controlled during Anti-Lock Braking System (ABS), Traction
Control System (TRAC), and Vehicle Stability Control System (VSC) activation,
thereby increasing the required stopping distance and increasing the risk of a
crash. Source:
http://www.thecarconnection.com/news/1103559_brake-related-recall-widens-to-include-2016-toyota-rav4-lexus-rx350-es350
• Fiat Chrysler Automobiles (FCA) issued a recall April 22
for approximately 812,000 of its model years 2012 – 2014 Dodge Charger and
Chrysler 300 vehicles, and model years 2014 – 2015 Jeep Grand Cherokee SUVs due
to a problematic gear selector. – CNN
5. April 22,
CNN – (International) Gear shift confusion causes Chrysler recall. Fiat
Chrysler Automobiles (FCA) issued a recall April 22 for approximately 812,000
of its model years 2012 – 2014 Dodge Charger and Chrysler 300 vehicles, and
model years 2014 – 2015 Jeep Grand Cherokee SUVs sold in the U.S. due to a
problematic gear selector that does not move position when set to park,
reverse, or drive, thereby making it difficult to determine what gear the
vehicle is in after FCA received reports of 41 driver injuries potentially
related to the selector. The recall affects a total of 1.1 million vehicles
worldwide. Source:
http://money.cnn.com/2016/04/22/autos/chrysler-gearshift-recall/
• Service between
the Van Ness-UDC and Medical Center stations on Washington Metropolitan Area
Transit Authority’s Red Line was disrupted for several hours April 23 due to a
track fire that forced passengers to evacuate. – Washington Post
7. April 24,
Washington Post – (Washington, D.C.) Federal officials investigating Saturday’s
Metro track fire. Service between the Van Ness-UDC and Medical Center
stations on Washington Metropolitan Area Transit Authority’s Red Line was
disrupted for several hours April 23 while Federal Transit Administration
officials investigated a track fire near the Friendship Heights station in Washington,
D.C. that sent smoke into a Metro tunnel, forcing passengers to evacuate. A
preliminary investigation determined that the incident involved an insulator
and was potentially the result of electrical arcing. Source: https://www.washingtonpost.com/local/trafficandcommuting/metro-red-line-service-resumes-after-saturday-track-fire/2016/04/24/253c7a6e-0a2d-11e6-a6b6-2e6de3695b0e_story.html
• A 6-alarm fire
April 24 in Brooklyn, New York, damaged 6 homes and 1 church, displaced more
than a dozen people, and prompted the response of more than 200 firefighters. –
WABC 7 New York City
25. April 25,
WABC 7 New York City – (New York) Fast-moving fire destroys several homes in
Brooklyn. A 6-alarm fire April 24 in Brooklyn, New York, damaged 6 homes
and 1 church, displaced more than a dozen people, and prompted the response of
more than 200 firefighters. Nine people were injured and officials believe that
the fire began in a three-story home and spread to surrounding areas. Source: http://abc7ny.com/news/fast-moving-fire-destroys-several-homes-in-brooklyn/1307258/
Financial Services Sector
Nothing
to report
Information Technology Sector
20. April 25,
Help Net Security – (International) Compromised credentials still to blame for
many data breaches. A Cloud Security Alliance survey found that a lack of
scalable identity access management systems, a lack of ongoing automated
rotation of cryptographic keys, passwords, and certificates, as well as failure
to use multifactor authentication were the major causes of data breaches. The
findings also indicated that 22 percent of companies who suffered a data
breach, attributed the breach to compromised credentials. Source: https://www.helpnetsecurity.com/2016/04/25/compromised-credentials-data-breaches/
21. April 25,
Help Net Security – (International) Critical flaws in HP Data Protector open
servers to remote attacks. Hewlett Packard released security updates for
its HP Data Protector software patching six critical vulnerabilities for all
versions prior to 7.03_108, 8.15, and 9.06 which could allow a remote code
execution flaw or unauthorized disclosure of information via unauthenticated
users or through an embedded Secure Sockets Layer (SSL) private key, which
could increase the chance of man-in-the-middle (MitM) attacks. Source: https://www.helpnetsecurity.com/2016/04/25/critical-flaws-hp-data-protector/
22. April 22,
SecurityWeek – (International) Attackers use PowerShell, Google Docs to
deliver “Laziok” trojan. Security researchers from FireEye reported that attackers
were able to bypass Google’s security checks and upload a trojan named Laziok
to Google Docs with the intention to steal information about the user’s system
by loading obfuscated JavaScript code known as “Unicorn,” as well as using
“Godmode” and PowerShell to execute the malware. Source: http://www.securityweek.com/attackers-deliver-laziok-trojan-google-docs
23. April 22,
SecurityWeek – (International) Attacker friendly hosting firm leveraged by
Pawn Storm hackers. Security researchers from Micro Trend reported that the
Pawn Storm Group was abusing a small Virtual Private Server (VPS) registered in
United Arab Emirates (UAE) to attack governments in 80 counties including
Bulgaria, Greece, Malaysia, Ukraine, and the U.S., and were seen executing more
than 100 cyber-attacks within the past year. In addition, it was discovered
that the group used the VPS hosting provider for command & control
(C&C) servers, exploit sites, spear-phishing campaigns, domestic espionage
in Russia, and Web mail phishing sites targeting high-profile users. Source: http://www.securityweek.com/attacker-friendly-hosting-firm-leveraged-pawn-storm-hackers
For another story, see item 14 below from the Healthcare Sector
14. April 22,
Softpedia – (International) Windows XP, IE, and Flash Usage blamed for
poor security of healthcare sector. Security researchers from Duo Security
reported that many healthcare organizations were using outdated software or
software prone to exploit kits (EK) after discovering that 33 percent of
healthcare organizations were using Internet Explorer 11 rather than using
updated versions of Google Chrome, and that 52 percent of healthcare
organizations were using Flash Player software on all their computers, among
other collected data. Source: http://news.softpedia.com/news/windows-xp-ie-and-flash-usage-blamed-for-poor-security-of-healthcare-sector-503342.shtml
Communications Sector
Nothing to report
No comments:
Post a Comment