Friday, February 26, 2016



Complete DHS Report for February 26, 2016

Daily Report                                            

Top Stories

• A severe storm system that moved across southern and eastern States February 23 – February 24 caused 52 tornadoes, left 7 people dead and injured 20 others, knocked out power to more than 100,000 customers, and cancelled schools, among other actions. – CNN

1. February 25, CNN – (National) Seven dead after tornadoes, powerful storms hit the U.S. East Coast, South. A severe storm system that moved across southern and eastern States February 23 – February 24 caused 52 tornadoes, left 7 people dead and injured 20 others, knocked out power to more than 100,000 customers, cancelled schools, prompted several States to declare states of emergency, and forced the cancellation of over 2,800 flights nationwide. Source: http://www.cnn.com/2016/02/25/us/severe-weather-threat-for-southeast/index.html

• Honda Motor Co. Ltd., issued a nationwide recall February 9 for 42,129 of its Honda Civic sedans due to a potentially missing piston wrist pin circlip or an incorrectly installed piston wrist pin circlip which could cause the engine to seize. – Autoblog

4. February 24, Autoblog – (National) Honda recalls 2016 Civic 2.0-liter engine for piston issue. The National Highway Traffic Safety Administration announced February 9 that Honda Motor Co. Ltd., issued a recall for 42,129 of its model year 2016 Honda Civic sedans with the 2.0-liter 4-cylinder engine sold in the U.S. due to a potentially missing piston wrist pin circlip or an incorrectly installed piston wrist pin circlip which could cause the engine to seize, resulting in engine damage and increasing the risk of fire during a crash. Honda Motor Co. Ltd., received one report of an engine fire. Source: http://www.autoblog.com/2016/02/24/2016-honda-civic-sedan-2-liter-recall-official/

• New York officials reported February 24 that three people were charged for their roles in an $8 million fraud scheme by diverting 30 Federal grant money from several Federal agencies and using the money for personal expenses. – Elmira Star-Gazette See item 6 below in the Financial Services Sector

• Officials are investigating a theft incident at York Hospital in York County, Maine after the personal information of hundreds of employees and four campuses were stolen by cyber criminals February 22. – Portland Press Herald  

9. February 25, Portland Press Herald – (Maine) York Hospital reports data breach affecting its employees. A spokesperson for York Hospital in York County, Maine, stated February 24 that the personal information, including Social Security numbers, of hundreds of employees and four campuses in the county was stolen by cyber criminals February 22, and that the theft remains under investigation. The hospital asserted that no patient information was compromised in the breach. Source: http://www.pressherald.com/2016/02/24/york-hospital-reports-data-breach-affecting-its-employees/

Financial Services Sector

6. February 24, Elmira Star-Gazette – (National) Former Horseheads residents face fraud charges. The U.S. Attorney’s Office in Rochester, New York announced February 24 that 2 Virginia residents and a Washington man were charged for their roles in an $8 million fraud scheme where the group allegedly diverted 30 Federal grant money from several Federal agencies including the U.S. Department of Energy, and the U.S. Department of Transportation, among other agencies, into their personal bank accounts in Horseheads and Elmira, New York and used the money for personal expenses. The trio allegedly fabricated letters of support and investment, provided false information on research grant proposals and reports on business entities, facilities, and employees, and provided falsified reports on how Federal funds were expended. Source: http://www.stargazette.com/story/news/local/2016/02/24/former-horseheads-residents-face-fraud-charges/80877220/

Information Technology Sector

16. February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source: http://www.securityweek.com/openssl-preparing-patches-high-severity-flaws

17. February 25, SecurityWeek – (International) Critical Drupal updates patch several vulnerabilities. Drupal released versions 6.38, 7.43, and 8.0.4 that patches ten vulnerabilities including a bypass issue, denial-of-service (DDoS) vulnerability, and an open redirect vulnerability, among other flaws. Source: http://www.securityweek.com/critical-drupal-updates-patch-several-vulnerabilities

18. February 24, Softpedia – (International) Attackers can hijack wireless mice and keyboards to install malware. Security researchers from Bastille discovered that wireless mouse and keyboard USB dongles, sold by Dell, HP, Lenovo, and Microsoft, among other companies, were susceptible to a remote attack called, Mousejack after finding that the USB dongles did not have unique pairings between a computer and its device, allowing attackers to use similar devices with the victim’s dongle and take control of a victim’s computer and carry out malicious actions. Source: http://news.softpedia.com/news/attackers-can-hijack-wireless-mice-and-keyboards-to-install-malware-500925.shtml

19. February 24, SecurityWeek – (International) Sony hackers linked to many espionage, destruction campaigns. Novetta, Kaspersky Lab, AlientVault, and Symantec security firms released a report February 24 detailing that the activities of the threat group dubbed, the Lazarus Group was allegedly linked to numerous attacks including a 2014 attack on Sony Pictures Entertainment, the Dark Seoul and Operation Tory campaigns, and attacks on government, media, military, aerospace, manufacturing, and financial organizations located in South Korea and the U.S. Researchers found that the attacks and the Lazarus Group shared similar code between malicious tools and similarities in the attackers’ modus operandi. Source: http://www.securityweek.com/sony-hackers-linked-many-espionage-destruction-campaigns

Communications Sector

Nothing to report