Complete DHS Report for June 27, 2016
Daily Report
Top Stories
• Officials announced June 23 that approximately 29,400 gallons of
unrefined crude was released from a Crimson Pipeline LLC-owned 10-inch
underground pipeline in Ventura, California. – Los Angeles Times
2. June 23,
Los Angeles Times – (California) Ventura oil spill misses the ocean, but damage
on land is unclear. Officials announced June 23 that approximately 29,400
gallons of unrefined crude was released from a Crimson Pipeline LLC-owned
10-inch underground pipeline in Ventura which pooled in a storm water basin,
allowing officials to block the crude from continuing to flow. Crimson Pipeline
is responsible for cleanup efforts and authorities are investigating the
incident.
Source: http://www.latimes.com/local/lanow/la-me-ln-ventura-county-oil-spill-20160623-snap-story.html
• Fiat Chrysler Automobiles NV’s Maserati unit issued a recall
June 23 for 13,092 of its model year 2014 Quattroporte and Ghibli vehicles sold
in the U.S. due to a confusing gear shift selector. – Reuters
3. June 23,
Reuters – (National) Fiat Chrysler recalls 13,000 Maserati cars for
rollaway issue. Fiat Chrysler Automobiles NV’s Maserati unit issued a
recall June 23 for 13,092 of its model year 2014 Quattroporte and Ghibli
vehicles sold in the U.S. due to a confusing gear shift selector that may cause
drivers to falsely believe they have engaged the vehicles in “park” mode,
thereby increasing the risk of the vehicle rolling away and injuring people or
damaging nearby property. Fiat Chrysler announced June 22 it is speeding up a
software fix for 1.1 million of its Dodge, Chrysler, and Jeep vehicles recalled
in April due to the same issue after receiving reports of 212 accidents, 41
injuries, and one death that was potentially linked to the faulty gear
selectors.
• The U.S. Securities and Exchange Commission announced June 23
that Merrill Lynch Wealth Management agreed to pay $415 million and admit
wrongdoing to settle charges that it misused customer cash and failed to
protect customer securities from the claims of its creditors. – U.S.
Securities and Exchange Commission See item 4 below in
the Financial Services Sector
• Crews worked June 24 to contain the 8,000-acre Erskine Fire
burning in Kern County, California, which has destroyed nearly 100 structures
and threatens an additional 1,000. – KTLA 5 Los Angeles
16. June 24,
KTLA 5 Los Angeles – (California) Erskine Fire in Kern County grows to 8,000 acres,
about 100 structures burned. Crews worked June 24 to contain the 8,000-acre
Erskine Fire burning in the Lake Isabella area of Kern County which has
destroyed nearly 100 structures and threatens an additional 1,000. Evacuations
were ordered for surrounding areas and three firefighters suffered smoke
inhalation injuries. Source: http://ktla.com/2016/06/24/erskine-fire-in-kern-county-grows-to-8000-acres-about-100-structures-burned/
Financial Services Sector
4. June 23,
U.S. Securities and Exchange Commission – (National) Merrill Lynch to
pay $415 million for misusing customer cash and putting customer securities at
risk. The U.S. Securities and Exchange Commission (SEC) announced June 23
that Merrill Lynch Wealth Management agreed to pay $415 million and admit
wrongdoing to settle charges that it violated the SEC’s Customer Protection
Rule after the firm misused customer cash by engaging in complex options trades
that artificially reduced the required deposit of customer cash in a reserve
account in order to free up billions of dollars per week from 2009 – 2012,
which the firm used for its own trading activities. The charges also allege
that the firm failed to protect customer securities from the claims of its
creditors by holding up to $58 billion per day of customer securities in a
clearing account subject to liens from 2009 – 2015. Source: https://www.sec.gov/news/pressrelease/2016-128.html
5. June 23,
U.S. Securities and Exchange Commission – (National) Merrill Lynch
paying $10 million penalty for misleading investors in structured notes. The
U.S. Securities and Exchange Commission announced June 23 that Merrill Lynch
Wealth Management agreed to pay a $10 million penalty to settle charges that
the firm made misleading statements to retail investors in offering materials
for structured notes issued by its parent company, Bank of America Corporation,
which were linked to a proprietary volatility index. The charges also allege
that the firm failed to implement effective policies or procedures to ensure
its personnel drafted and approved disclosures that adequately stated all of
the costs included in the volatility index.
Information Technology Sector
21. June 24,
SecurityWeek – (International) Malware can steal data from air-gapped
devices via fans. Security researchers from Ben-Gurion University of the
Negev discovered a new acoustic data exfiltration method dubbed Fansmitter was
leveraging the noise emitted by a computer’s fans to transmit data without
relying on speakers by sending bits of data to a nearby mobile phone or a
computer equipped with a microphone. Attackers can control the fan to rotate at
a specific speed to transmit a “0” bit and a different speed to transmit a “1”
bit as the frequency and the strength of the acoustic noise depends on the
revolutions per minute (RPM).
22. June 24,
Help Net Security – (International) Crypto-ransomware attacks hit over 700,000
users in one year. Security researchers from Kaspersky Lab reported that
there was a 17.7 percent increase in encryption ransomware attacks between
April 2015 and March 2016 after discovering 718,536 users were infected with
crypto-ransomware. Researchers advised customers to use a reliable security
solution, back-up all files, and keep all software up-to-date to avoid
infection, among other recommendations.
23. June 23,
Softpedia – (International) Six malicious Android apps removed from the
Google Play store. Google reported that it removed six Android applications
that were reported to have malicious actions after a security researcher from
Dr. Web discovered the apps infected more than 55,000 users with the
Android.Valeriy malware via the Google Play store. Once the malware is
installed, it connects to a command-and-control (C&C) server from which it
receives a list of Uniform Resource Locators (URLs) and opens the links in the WebView
browser component. Source: http://news.softpedia.com/news/six-malicious-android-apps-removed-from-the-google-play-store-505604.shtml
24. June 23,
SecurityWeek – (International) Advantech patches flaws in WebAccess SCADA
software. Advantech released updates for its WebAccess product after a
security researcher from Acorn Network Security discovered the product was
susceptible to two medium severity vulnerabilities including a flaw in the
ActiveX Control that can be exploited by a local attacker to execute
unauthorized code or commands, and a buffer overflow flaw that can be triggered
by using a specially crafted Dynamic Link Libraries (DLL) file which can lead
to crashes or arbitrary code execution. Source: http://www.securityweek.com/advantech-patches-flaws-webaccess-scada-software
Communications Sector
Nothing to report