Complete DHS Report for February 19, 2016
Daily Report
Top Stories
• Toyota Motor Corporation issued a recall February 18 for
more than 2.9 million sport utility vehicles worldwide due to potentially
faulty seat belts in second-row window seats. – Associated Press
4. February
18, Associated Press – (International) Toyota recalls 2.9M SUVs over seat belts. Toyota
Motor Corporation issued a recall February 18 for more than 1.1 million sports
utility vehicles including its model years 2005 – 2014 RAV4 Sport Utility
Vehicles (SUVs) and its model years 2012 – 2014 RAV4 electric vehicles sold in
the U.S. due to potentially faulty seat belts in second-row window seats which
could sever and/or fail to restrain passengers after coming into contact with a
metal seat cushion frame during a severe frontal crash. The recall affects an
additional 1.8 million vehicles worldwide. Source: http://www.usatoday.com/story/money/cars/2016/02/18/toyota-recalls-29m-suvs-over-seat-belts/80544376/
• The Massachusetts Bay Transportation Authority’s Orange
Line in Boston was evacuated along with two trains February 16 after a metal
panel struck the electrified third rail filling the station with smoke and
causing the trains to become disabled. – Associated Press
10. February
17, Associated Press – (Massachusetts) 12-foot metal panel falls off of a Boston
train, hits 3rd rail. The State Street station on Massachusetts Bay
Transportation Authority’s (MBTA) Orange Line was evacuated along with two
trains February 16 after a metal panel struck the electrified third rail
filling the station with smoke and causing the two trains to become disabled
after running over the panel. MBTA officials ordered inspections of all 120
Orange Line trains and found no major issues. Source: http://www.fairfieldcitizenonline.com/news/us/article/Officials-MBTA-trains-evacuated-due-to-smoke-6835877.php
• Officials announced February 17 that Interstate 70 in
Colorado Springs, Colorado, will be closed for several weeks while crews
continue to remove loose rocks following a February 15 rock slide. – Associated
Press
11. February
17, Associated Press – (Colorado) Rock slide will keep Colorado highway mostly shut
for weeks. Colorado Department of Transportation officials announced
February 17 that Interstate 70 in Colorado Springs will be closed for several
weeks while crews continue to remove loose rocks from the roadway following a
February 15 rock slide that forced the interstate’s closure. Source: http://www.foxnews.com/us/2016/02/17/rock-slide-will-keep-colorado-highway-mostly-shut-for-weeks.html
• Federal authorities announced February 17 that it reached
settlements with 51 hospitals in 15 States totaling more than $23 million for
violations over the improper embedding of implantable cardioverter
defibrillator devices. – U.S. Department of Justice
17. February
17, U.S. Department of Justice – (National) Fifty-one hospitals
pay United States more than $23 million to resolve False Claims Act allegations
related to implantation of cardiac devices. The U.S. Department of Justice
announced February 17 that it reached settlements with 51 hospitals in 15
States totaling more than $23 million for violations of the False Claims Act
regarding the improper embedding of implantable cardioverter defibrillator
(ICD) devices during periods prohibited by a National Coverage Determination
(NCD) from 2003 to 2010. Officials determined that the hospitals did not abide
by the predetermined waiting period provided by the NCD prior to the
implantation of the devices. Source: http://www.justice.gov/opa/pr/fifty-one-hospitals-pay-united-states-more-23-million-resolve-false-claims-act-allegations
Financial Services Sector
5. February
18, Portland Oregonian – (National) 40,500 Oregonians hit by $25
million tax fraud scheme, feds say. The U.S. Attorney’s Office in Oregon
announced February 17 that six individuals face Federal charges for their roles
in a $25 million tax-fraud scheme in which the men based on the East Coast
stole the names, addresses, and Social Security numbers of over 250,000 people,
83,000 of which were stolen from Oregon-based CICS Employment Services
database, and netted $4.7 million in profits. The group used the information to
obtain electronic filing information from the Internal Revenue Service (IRS),
filed fraudulent tax returns, and deposited the money using prepaid debit
cards. Source: http://www.oregonlive.com/pacific-northwest-news/index.ssf/2016/02/40500_oregonians_hit_by_25_mil.html
6. February
17, U.S. Securities and Exchange Commission – (California) SEC
charges biopesticide company and former executive with accounting fraud. The
U.S. Securities and Exchange Commission announced February 17 that Marrone Bio
Innovations agreed to pay a $1.75 million penalty to settle charges that the
Davis, California-based company and a former chief operating officer (COO)
inflated financial results to meet its first year projections by concealing
sales concessions from financial personnel and independent auditors and causing
the company to improperly recognize revenue on sales at its business.
Information Technology Sector
20. February
17, SecurityWeek – (International) Flaw allowed attackers to bypass FireEye
detection engine. FireEye released patches fixing an evasion technique
vulnerability in its Virtual Execution Engine (VXE), Network Security (NX),
Email Security (EX), File Content Security (FX), and Malware Analysis (AX)
products after researchers from Blue Frost Security discovered that attackers
could bypass the company’s detection engine and temporarily whitelist malware
by copying the system engine’s binary into a virtual machine with the name
“malware.exe” and rename the file to its original filename, which would avoid
detection due to the lack of sanitization within the original filename. Once
the file is labeled as non-malicious, its MD5 hash is added to a list of
binaries that attackers can later use to attack the system with an arbitrary
file name. Source: http://www.securityweek.com/flaw-allowed-attackers-bypass-fireeye-detection-engine
21. February
17, Softpedia – (International) 26,000 WordPress sites leveraged in layer 7
DDoS attack. A security researcher from Sucuri released instructions on how
to prevent a new Layer 7 distributed denial-of-service (DDoS) attack on 26,000
WordPress Web sites that previously allowed attackers to abuse the WordPress
WML-RPC service to throttle pingback requests to the victim’s Web site while
sending the pingback requests via Hypertext Transfer Protocol (HTTP), which
forced the central processing unit (CPU) to go into overdrive as it handled
multiple encrypted connections. Source: http://news.softpedia.com/news/26-000-wordpress-sites-leveraged-in-layer-7-ddos-attack-500552.shtml
Communications Sector
Nothing to report