Friday, June 3, 2016



Complete DHS Report for June 3, 2016

Daily Report                                            

Top Stories

• Seven automakers announced an expanded recall June 2 for nearly 4.4 million model years 2004 – 2011 vehicles sold in the U.S. due to defective Takata Corp., passenger-side air bag inflators linked to 11 deaths and over 100 injuries globally. – Associated Press

4. June 2, Associated Press – (International) 7 automakers add 4.4M vehicles to Takata recall. Seven automakers announced an expanded recall June 2 for nearly 4.4 million model years 2004 – 2011 vehicles sold in the U.S. due to defective Takata Corp., passenger-side air bag inflators equipped with ammonium nitrate, a chemical that may deteriorate over time when exposed to variations in temperature and cause the airbags to deploy with excessive force, spraying hot shrapnel into vehicle passenger compartments. The defective inflators have been linked to at least 11 deaths and over 100 injuries globally. Source: http://www.mlive.com/auto/index.ssf/2016/06/7_automakers_add_44m_vehicles.html

• Pasadena Public Health Department officials reported June 1 that 11 of the 16 patients infected by dangerous bacteria from duodenoscopes at Huntington Hospital have died. – Los Angeles Times

15. June 1, Los Angeles Times – (California) 11 deaths at Huntington Hospital among patients infected by dirty scopes, city report says. Pasadena Public Health Department officials reported June 1 that 11 of the 16 patients infected by dangerous bacteria from duodenoscopes at Huntington Hospital have died. Health department investigators found visible residues in the machines used to clean the scopes and determined that the hospital was using canned compressed air from an office supply store to dry the scopes, which is not recommended by the manufacturer. Source: http://www.latimes.com/business/la-fi-huntington-hospital-scopes-20160601-snap-story.html

• Federal authorities announced June 1 that a Federal defendant and former Swedish Medical Center of Colorado employee is HIV positive, and urged approximately 3,000 patients who were potentially impacted to undergo testing for blood-borne pathogens. – KMGH 7 Denver

16. June 1, KMGH 7 Denver – (Colorado) Surgical tech in needle-swap scandal at Swedish Medical Center has HIV, officials confirm. Federal authorities reported June 1 that a Federal defendant and former Swedish Medical Center of Colorado employee is HIV positive, and urged approximately 3,000 patients who were potentially impacted by the suspect’s conduct to undergo testing for blood-borne pathogens. The defendant allegedly diverted syringes containing fentanyl from the facility and replaced them with similar syringes containing another substance. Source: http://www.thedenverchannel.com/news/local-news/surgical-tech-in-needle-swap-scandal-at-swedish-medical-center-has-hiv-officials-confirm

• The University of California, Los Angeles campus was locked down and classes were cancelled June 1 in response to a murder-suicide involving a professor inside the university’s engineering complex. – Los Angeles Times

17. June 1, Los Angeles Times – (California) Professor killed in UCLA murder-suicide was brilliant, kind and caring, colleagues say. The University of California, Los Angeles campus was locked down and classes were cancelled June 1 as students took cover in response to a murder-suicide involving a professor which took place in an office inside the university’s engineering complex. An investigation is ongoing and classes are scheduled to resume June 2. Source: http://www.latimes.com/local/lanow/la-me-ln-ucla-shooting-20160601-snap-story.html

Financial Services Sector

6. June 1, WVLT 8 Knoxville – (Tennessee) Couple arrested for allegedly manufacturing 80 fake credit cards. Two Tennessee residents were arrested in Kingston May 27 for allegedly manufacturing about 80 counterfeit credit and gift cards after a routine traffic stop led authorities to the duo’s motel room, prompting a subsequent search of the room which revealed a card reader, a machine used to punch numbers on credit cards, and blank cards, among other illicit materials. Source: http://www.local8now.com/content/news/Couple-arrested-for-allegedly-manufacturing-80-fake-credit-cards-381588511.html

Information Technology Sector

18. June 2, Help Net Security – (International) KeePass update check MitM flaw can lead to malicious downloads. A security researcher reported that all versions of KeePass, an open source password manager, were susceptible to a man-in-the-middle (MitM) attack that could allow attackers to trick users into downloading malware disguised as a software update as the product uses Hypertext Transfer Protocol (HTTP) to request the current version information, allowing an attacker to modify the server response. A KeePass developer stated the vulnerability will not be fixed as the cost of switching to Hypertext Transfer Protocol Secure (HTTPS) make it a inviable solution.

19. June 2, SecurityWeek – (International) Cisco fixes flaws in network analysis modules. Cisco released patches addressing high and medium severity vulnerabilities in its Prime Network Analysis Module products that could allow a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a specially crafted Internet Protocol v6 (IPv6) packets on the network, as well as remotely execute arbitrary commands on the underlying operating system via specially crafted Hypertext Transfer Protocol (HTTP). Source: http://www.securityweek.com/cisco-fixes-flaws-network-analysis-modules

20. June 1, Softpedia – (International) Google fixes 15 security bugs in Chrome, awards $26,000 to researchers. Google released version 51.0.2704.79 for its Chrome Web browser which fixes 15 security flaws including two high-level vulnerabilities that could allow attackers to bypass the browser’s cross-origin code execution restrictions and run malicious code via the Blink engine and its Extensions component. The new Web browser version also patched some flaws that crashed the browser or scrambled up its download file paths. Source: http://news.softpedia.com/news/google-fixes-15-security-bugs-in-chrome-awards-26-000-to-researchers-504764.shtml

21. June 1, Softpedia – (International) Microsoft patches Outlook.com to fix recent spam flood. Microsoft released a patch for its Outlook and Hotmail products after the company received reports of a massive spam flood that bypassed the products spam filters, allowing hackers to inundate users with Viagra ads and Russian bride ads. Source: http://news.softpedia.com/news/microsoft-patches-outlook-com-to-fix-recent-spam-flood-504753.shtml

22. June 1, SecurityWeek – (International) ABB patches password flaws in substation automation tool. ABB released software updates for one of its substation automation products, PCM600 after a security researcher from Positive Technologies found several vulnerabilities in industrial control systems (ICS) and found that the PCM600 product was plagued with four password-related flaws. The flaw can be exploited via the hash, which can be easily broken and allow an attacker to obtain the password. Source: http://www.securityweek.com/abb-patches-password-flaws-substation-automation-tool

23. June 1, SecurityWeek – (International) User data possible stolen in Scrum.org hack. Scrum.org released a patch and warned its users that their usernames, email addresses, encrypted passwords, password decryption keys, profile pictures, and certification information may have been compromised after an investigation revealed that an unknown user had created a new admin account on the mail server and modified the settings. In addition, Scrum.org was notified that its software was plagued with a flaw that could be exploited to conduct the same malicious activities.

Communications Sector

Nothing to report