Complete DHS Report for August 10, 2016
Daily Report
Top Stories
• Delta Airlines canceled 300 more flights August 9 after a power
outage caused a computer system failure, forcing the cancelation of
approximately 1,000 flights August 8. – Atlanta Journal-Constitution
5. August 9,
Atlanta Journal-Constitution – (International) Delta cancels
300 flights on second day of computer outage fallout. Delta Airlines was
forced to cancel 300 more flights August 9 after a power outage caused a
computer system failure, forcing the cancelation of approximately 1,000 flights
August 8. Source: http://www.ajc.com/news/business/delta-cancels-250-flights-on-second-day-of-compute/nsCYP/
• Newkirk Products, Inc., announced August 5 that approximately
3.3 million customers covered by select health insurance plans were notified of
a data breach after an unauthorized individual gained access to a server
containing member and group ID numbers, among other personal information May
21. – SC Magazine
13. August 8,
SC Magazine – (National) Newkirk medical records breach impacts 3.3M, Blue
Cross Blue Shield customers affected. Newkirk Products, Inc., announced
August 5 that approximately 3.3 million customers covered by select health
insurance plans including multiple Blue Cross Blue Shield branches were
notified of a data breach after an unauthorized individual gained access to a
server containing names, mailing addresses, member and group ID numbers, and
Medicaid ID numbers, among other personal information May 21. Officials shut
down the server and the breach remains under investigation. Source:
• Check Point researchers reported 4 vulnerabilities, dubbed
QuadRooter were affecting the software drivers in Qualcomm chipsets used in
over 900 million Android products that could allow an attacker root access to a
device. – Help Net Security See item 20 below in
the Communications Sector
• Federal officials announced August 8 that AT&T Inc. will pay
$7.75 million in fines for allowing unauthorized third-parties to fraudulently
charge thousands of consumers for a monthly directory-assistance service on
their landline bills. – Reuters See item 21 below in
the Communications Sector
Financial Services Sector
Nothing to report
Information Technology Sector
18. August 9,
SecurityWeek – (International) Vulnerabilites found in several Fortinet
products. Vulnerability Lab released the details of several flaws affecting
the Web interface of the Fortinet FortiManager and FortiAnalyzer security
management and reporting appliances including a vulnerability that can be
exploited by a remote attacker with access to a low-privileged user account to
inject arbitrary code into the application if a victim clicks on a link or
visits a Webpage containing the malicious code, a filter bypass issue, and
multiple persistent cross-site scripting (XSS) flaws in the FortiVoice enterprise
phone systems that can be exploited by a remote, authenticated attacker, among
other security flaws. Fortinet released patches for all of the vulnerabilities
and advised users to update their Fortinet product installations.
19. August 8,
SecurityWeek – (International) Serious flaws found in Netgear, NUUO network
video recorders. U.S. Computer Emergency Readiness Team (CERT) Coordination
Center researchers warned that select network video recorders from NUUO Inc.,
and Netgear, Inc., were plagued by seven vulnerabilities including two input
validation issues that could allow unauthenticated attackers to execute
arbitrary code with root or admin privileges, an information disclosure bug
that could allow a remote, unauthenticated attacker to view details on system
processes, available memory and filesystem status by accessing a hidden page
with a hardcoded username and password, and two flaws that can be leveraged to
carry out arbitrary operating system (OS) commands and arbitrary code by any
remote attacker who obtains admin privileges, among other flaws.
For another story, see item 20 below in the Communications Sector
Communications Sector
20. August 8,
Help Net Security – (International) New vulnerabilities affect over 900 million
Android devices, enable complete control of devices. Security researchers
from Check Point reported four vulnerabilities, dubbed QuadRooter were
affecting the software drivers in Qualcomm chipsets used in over 900 million
Android smartphones and tablets and could trigger privilege escalations and
gain root access to a device, allowing an attacker to change or remove
system-level files, delete or add apps, and access the device’s screen, among
other privileges, if any one of the four vulnerabilities is exploited. Check
Point released a free QuadRooter scanner app that allows Android users to
determine if their device is vulnerable, and advised Android users to download
and install the latest software updates, among other practices, in order to
avoid attacks.
21. August 8,
Reuters – (National) AT&T to pay $7.75 million for allowing sham
directory-assistance calls. The Federal Communications Commission announced
August 8 that AT&T Inc. will pay a total of $7.75 million in Federal fines
and refunds to affected customers after the U.S. Drug Enforcement Agency
discovered that AT&T allowed Discount Directory Inc. and Enhanced
Telecommunications Services to fraudulently charge thousands of consumers for a
monthly directory-assistance service on their AT&T landline telephone
bills. As part of the settlement, AT&T must cease billing for nearly all
third-party products and services on landline bills, and adopt procedures to
obtain express consent from customers prior to allowing third-party charges. Source:
http://www.reuters.com/article/us-at-t-fcc-idUSKCN10J1TX