Wednesday, July 27, 2016



Complete DHS Report for July 27, 2016

Daily Report 

My apologies to all due to the tardiness of this blog.  However, the basis for it was not published by DHS until well after 3PM.                                      

Top Stories

• Fiat Chrysler Automobiles issued a recall July 26 for 323,000 of its model years 2014 – 2015 vehicles in select makes sold in the U.S. due to faulty wiring and software that could cause the vehicles to lose propulsion or stall. – TheCarConnection.com

3. July 26, TheCarConnection.com – (International) 2015 Chrysler 200, Jeep Renegade; 2014 – 2015 Jeep Cherokee recalled: 410,000 vehicles affected. Fiat Chrysler Automobiles issued a recall July 26 for 323,000 of its model years 2014 – 2015 vehicles in select makes sold in the U.S. due to faulty wiring and software that could cause the vehicles to lose propulsion or stall. No injuries have been reported in connection with the recall which affects an additional 35,500 vehicles in Canada and 51,000 elsewhere. Source: http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected

• General Mills, Inc., expanded a previous recall July 25 to include an additional 15 million pounds of its Gold Medal flour, Signature Kitchens flour, and Wondra flour products after health officials notified the company of 4 more E.coli infection cases linked to the consumption of the flour products. – Food Safety News

12. July 25, Food Safety News – (National) More sick; General Mills recalls 15 million more pounds of flour. General Mills, Inc., expanded a previous recall July 25 to include an additional 15 million pounds of its Gold Medal flour, Signature Kitchens flour, and Wondra flour products after Federal health officials notified the company of 4 more confirmed cases of E.coli infections linked to the consumption of the flour products. Health officials reported the E.coli outbreak has sickened 46 people across 21 States since December 2015. Source: http://www.foodsafetynews.com/2016/07/more-sick-general-mills-recalls-more-flour-traced-to-outbreak/#.V5dk_fkrKUk

• Crews reached 10 percent containment July 25 of the 35,155-acre Sand Fire burning in the Santa Clarita area that has destroyed 18 structures. – KABC 7 Los Angeles

13. July 26, KABC 7 Los Angeles – (California) Many evacuated due to Sand Fire allowed to return home. Crews reached 10 percent containment July 25 of the 35,155-acre Sand Fire burning in the Santa Clarita area that has destroyed 18 structures. Mandatory evacuations were lifted for about 20,000 residents while evacuation orders remained in place for residents around Placerita Canyon Road, Little Tujunga Canyon Road, and surrounding areas. Source: http://abc7.com/news/many-evacuated-due-to-sand-fire-allowed-to-return-home/1441587/

• Cymmetria and Symantec researchers reported that the Patchwork advanced persistent threat (APT), also known as Dropping Elephant, cyber-espionage group has begun targeting energy, financial, and pharmaceutical companies, among others, in order to obtain sensitive information from infected computers. – Softpedia See item 18 below in the Information Technology Sector

Financial Services Sector

See item 18 below in the Information Technology Sector

Information Technology Sector

17. July 26, Help Net Security – (International) Low-cost wireless keyboards open to keystroke sniffing and injection attacks. Bastille Networks researchers reported that a set of security flaws exploited via KeySniffer in low-cost wireless keyboards that are produced by at least 8 different vendors, can be exploited to collect passwords, security questions, and other sensitive financial and personal information due to a lack of encryption on keystroke data before it is transmitted wirelessly to the Universal Serial Bus (USB) dongle. Researchers noted that Bluetooth keyboards, wired keyboards, and higher-end wireless keyboards are not susceptible to KeySniffer.

18. July 26, Softpedia – (International) Patchwork cyber-espionage group evolves to target enterprises. Researchers from Cymmetria and Symantec reported that the Patchwork advanced persistent threat (APT), also known as Dropping Elephant, cyber-espionage group has begun targeting aviation, energy, financial, pharmaceutical, and software companies, among others, with malicious Microsoft PowerPoint and Word files in order to install Enfourks and Steladok backdoor trojans to obtain sensitive information from infected computers. Source: http://news.softpedia.com/news/patchwork-cyber-espionage-group-evolves-to-target-enterprises-506623.shtml

19. July 26, Help Net Security – (International) Amazon Silk browser removes Google’s default encryption. Amazon released version v51.2.1 of its Silk browser, patching a vulnerability that allows Google searches to be conducted without Secure Sockets Layer (SSL) protection, potentially allowing the flaw to be exploited in man-in-the-middle (MitM) attacks. Source: https://www.helpnetsecurity.com/2016/07/26/amazon-silk-bug-encryption/

20. July 25, Softpedia – (International) Windows 10 disk cleanup utility abused to bypass UAC. Security researchers advised Microsoft Windows 10 users to disable or uncheck the “Run with the highest privileges” option in the Disk Cleanup utility following the discovery of a method to bypass the Windows User Access Control (UAC) security system, potentially allowing malicious files to be executed without alerting users. Once the Disk Cleanup app is executed, it copies DismHost.exe and Dynamic Link Libraries (DLL) files, and loads the LogProvider.dll as the last DLL file, allowing time for an attacker to launch an attack. Source: http://news.softpedia.com/news/windows-10-disk-cleanup-utility-abused-to-bypass-uac-506614.shtml

Communications Sector

21. July 22, U.S. Department of Justice – (National) Defendants charged with participating in sophisticated international cell phone fraud scheme. The U.S. Department of Justice announced July 22 that three Florida residents were charged for their participation in a global cell phone fraud scheme where the defendants and co-conspirators stole access to and fraudulently opened new cell phone accounts using the personal information of individuals around the U.S., in order to transmit thousands of international calls to Cuba, Jamaica, the Dominican Republic, and other countries with high calling rates. The conspirators also used reprogrammed cell phones and additional telecommunications equipment to run illegal call-termination businesses. Source: https://www.justice.gov/opa/pr/defendants-charged-participating-sophisticated-international-cell-phone-fraud-scheme

For another story, see item 18 above in the Information Technology Sector