Complete DHS Report for January 6, 2016
Daily Report
Top Stories
• Huisken Meat Company issued a nationwide recall January 4
for 89,568 pounds of its Sam’s Choice Black Angus Beef Patties products due to
possible contamination of extraneous wood materials. – U.S. Department of
Agriculture
9. January 4,
U.S. Department of Agriculture – (National) Huisken Meat
Company recalls beef products due to possible foreign matter contamination. The
Food Safety and Inspection Service announced January 4 that Minnesota-based
Huisken Meat Company issued a nationwide recall for 89,568 pounds of its Sam’s
Choice Black Angus Beef Patties with 19% Vidalia Onion products packaged in 2
pound boxes due to possible contamination of extraneous wood materials that
originated from an incoming ingredient which was discovered during production. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-001-2016-release
• Approximately 20 million gallons of sewage continues to
flow into the Meramec River watershed in St. Louis daily while the Metropolitan
St. Louis Sewer District works to reopen two flooded treatment plants. – St.
Louis Post-Dispatch
10. January 4,
St. Louis Post-Dispatch – (Missouri) Flooded MSD plants still
releasing millions of gallons of sewage. Approximately 20 million gallons
of sewage continues to flow into the Meramec River watershed in St. Louis daily
while the Metropolitan St. Louis Sewer District works to reopen two flooded
treatment plants. Officials reported that the Grand Glaize plant, which treats
approximately 15 million gallons of sewage daily, is partially operational
while the Fenton plant remains completely shut down. Source: http://www.stltoday.com/news/local/flooded-msd-plants-still-releasing-millions-of-gallons-of-sewage/article_506069a2-be55-5d5f-a0d5-af27ede4f35f.html
• Google released patches for 12 vulnerabilities, five of
which were categorized as critical, for its Android operating system (OS)
including a remote code execution (RCE) flaw in its Mediaserver component. – Softpedia
See item 16 below in the Information Technology Sector
• Sony Computer Entertainment reported that its PlayStation
Network was back online following a 12-hour outage that affected almost all of
its systems. – London Independent See
item 17 below in the Information Technology Sector
Financial Services Sector
2. January 4,
WFTV 9 Orlando – (Florida) ‘Operation Nip Tuck’ cuts women off in credit card
scheme. Authorities in Orlando, Florida, announced January 4 the arrest of
8 women allegedly involved in a scheme that stole personal and credit card
information in order to undergo $160,000 worth of plastic surgery and dental
work. Three additional warrants were issued and five others could face charges
in connection to the scheme. Source: http://www.wftv.com/news/news/local/operation-nip-tuck-cuts-women-credit-card-scheme/npxXN/
Information Technology Sector
16. January 5,
Softpedia – (International) Google patches Android for yet another RCE
flaw in its Mediaserver component. Google released patches for 12
vulnerabilities, five of which were categorized as critical, for its Android
operating system (OS) including a remote code execution (RCE) flaw in its
Mediaserver component, which allowed attackers to craft malicious media files
and send them via a multimedia messaging service (MMS) or stream them through a
user’s browser. Other issues included an elevation of privilege vulnerability
in misc-sd driver and elevation of privilege vulnerabilities in Trustzone,
among other flaws.
17. January 5,
London Independent – (International) PSN down: PlayStation Network mostly back
online following 12-hour outage. Sony Computer Entertainment reported that
its PlayStation Network was back online following a 12-hour outage that
affected almost all its systems including the PlayStation Store and online
play, PlayStation Vita, PS3, and PlayStation 4. Some users continued to have issues
following the outage. Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/psn-down-playstation-network-mostly-back-online-after-12-hour-outage-a6797041.html
18. January 4,
Softpedia – (International) Cisco Jabber client flawed, exposes users to
MitM
attacks. Security researchers from Synacktiv discovered a serious security
vulnerability, which affects Cisco’s Jabber client for Windows versions 10.6.x,
11.0.x and 11.1.x that allows attackers to expose a user’s private conversations
and steal their login credentials via a simple Man-in-the-Middle (MitM) attack
that would downgrade STARTTLS settings and force communications to take place
through cleartext, tricking the desktop application into exposing sensitive
information. Cisco released version 1.1 after discovering Jabber versions 9.x,
10.6.x, 11.0.x, and 11.1.x for Apple’s iPhone and iPad and Jabber for Android
were affected. Source: http://news.softpedia.com/news/cisco-jabber-implementation-flawed-exposes-users-to-mitm-attacks-498412.shtml
19. January 4,
Softpedia – (International) Mozilla adds W^X security feature to Firefox.
Mozilla reported a new security feature, Write XOR Execute (W^X) was added
to its web browser, Firefox in an attempt to protect against basic buffer
overflow flaws and memory corruption issues in its OpenBSD operating system
(OS). W^X affects how the code, executed inside the browser, interacts with the
operating system’s memory and does not allow a process to be writeable and
executable simultaneously. Source: http://news.softpedia.com/news/mozilla-adds-w-x-security-feature-to-firefox-498416.shtml
Communications Sector
Nothing to report