Complete DHS Report for August 8, 2016
Daily Report
Top Stories
• General Motors issued a recall August 4 for 42,984 of its model
year 2011 Buick Regal vehicles due to faulty wiring harness covers that may be
worn down over time and cause a short circuit, thereby increasing the risk of a
fire. – TheCarConnection.com
3. August 4,
TheCarConnection.com – (National) 2016 – 2017 Buick Envision, 2011 Buick Regal
recalled: nearly 48,000 U.S. vehicles affected. General Motors issued a
recall August 4 for 42,984 of its model year 2011 Buick Regal vehicles equipped
with 8-way power adjustable front seats sold in the U.S. due to faulty wiring
harness covers that may be worn down over time and cause a short circuit,
thereby increasing the risk of a fire. The recall also affects 4,558 of its
model years 2016 –2017 Buick Envision vehicles due to inaccurate maximum weight
information printed on the vehicle’s information label which can cause an owner
to overload the vehicle, thereby reducing the ability to control the vehicle
and increasing the risk of a crash.
• The Ford Motor Company issued a recall August 4 for 766,682 of
its model years 2012 – 2016 vehicles in select makes sold in the U.S. due to
faulty side door latches that could unlatch when driving, thereby increasing
the risk of injury. – CNBC
4. August 4,
CNBC – (International) Ford recalls 830,000 2012 –2016 Ford and
Lincoln vehicles to fix latches. The Ford Motor Company issued a recall
August 4 for 766,682 of its model years 2012 – 2016 vehicles in select makes
sold in the U.S. due to faulty side door latches that could unlatch when
driving, thereby increasing the risk of injury. The recall affects an
additional 61,371 vehicles sold in Mexico. Source: http://www.cnbc.com/2016/08/04/ford-recalls-830000-2012-2016-ford-and-lincoln-vehicles-to-fix-latches.html
• Maryland officials announced August 3 that the owner and
operator of 6 Liberty Tax franchises in Baltimore has been permanently barred
from preparing Federal tax returns after she allegedly filed 1,222 fraudulent
returns. – U.S. Department of Justice See item 7 below in
the Financial Services Sector
• Officials announced August 4 that Advocate Health Care Network
agreed to pay $5.55 million to resolve alleged violations of Federal patient
privacy laws related to three separate data breaches in 2013 that compromised
the electronic health information of about 4 million patients. – Chicago
Tribune
18. August 5,
Chicago Tribune – (National) Advocate to pay $5.5 million over data breach:
record HIPAA settlement. The U.S. Department Health and Human Services
(HSS) Office for Civil Rights announced August 4 that Advocate Health Care
Network agreed to pay $5.55 million to resolve alleged violations of Federal
patient privacy laws related to three separate data breaches in 2013 involving
its subsidiary, Advocate Medical Group that compromised the electronic health
information of about 4 million patients, including medical information, names,
and credit card numbers, among other data. HHS’ investigation into the breaches
found that company failed to adequately limit access to its information
systems, failed to properly assess the risks associated with the data, and
failed to protect an encrypted laptop containing sensitive data. Source: http://www.chicagotribune.com/business/ct-advocate-settlement-privacy-0805-biz-20160804-story.html
Financial Services Sector
7. August 3,
U.S. Department of Justice – (Maryland) Federal court permanently bars
Maryland tax preparer from preparing federal tax returns. The U.S. District
Court for the District of Maryland announced August 3 that the owner and
operator of 6 Liberty Tax franchises in Baltimore has been permanently barred
from preparing Federal tax returns after she allegedly filed 1,222 fraudulent
tax returns that reported false household help incomes, among other fraudulent
claims, and intentionally omitted Social Security Income and Wage and Tax
Statement income. The charges also allege that the tax preparer kept each
refund as a fee and paid customers a $50 cash payment as part of Liberty Tax’s
“Cash-in-a-Flash” promotion. Source: https://www.justice.gov/opa/pr/federal-court-permanently-bars-maryland-tax-preparer-preparing-federal-tax-returns
Information Technology Sector
22. August 5,
Softpedia – (International) HEIST attack can steal data from
HTTP-encrypted traffic. Two security researchers discovered hackers could
carry out a Web-based attack, dubbed HEIST to steal encrypted content from
Hypertext Transfer Protocol Secure (HTTPS) traffic by embedding special
JavaScript code on a Webpage that fetches content via a hidden JavaScript call
from a private page containing sensitive information including credit card
numbers and Social Security numbers, then pinpoints the size of the embedded
data transferred in small transmission control protocol (TCP) packets using a
repeated probing mechanism in order to guess the content exchanged in the HTTPS
traffic. Researchers advised users to disable support for third-party cookies
or JavaScript execution in their browsers to block HEIST attacks. Source: http://news.softpedia.com/news/heist-attack-can-steal-data-from-https-encrypted-traffic-507009.shtml
23. August 5,
Help Net Security – (International) 58% of orgs have no controls in place to
prevent insider threats. Veriato and other firms released the Insider
Threat Spotlight Report which found that nearly half of the 500 cybersecurity
professionals surveyed experienced an increase in insider attacks since 2015,
58 percent of organizations lack appropriate control to prevent insider
attacks, and 44 percent of those surveyed were unaware if their organization
had experienced an insider attack. The survey also found that the endpoint is the
most common point for a malicious actor to launch an insider attack, followed
by mobile devices. Source: https://www.helpnetsecurity.com/2016/08/05/prevent-insider-threats/
Communications Sector
Nothing to report