Wednesday, August 10, 2016



Complete DHS Report for August 10, 2016

Daily Report                                            

Top Stories

• Delta Airlines canceled 300 more flights August 9 after a power outage caused a computer system failure, forcing the cancelation of approximately 1,000 flights August 8. – Atlanta Journal-Constitution

5. August 9, Atlanta Journal-Constitution – (International) Delta cancels 300 flights on second day of computer outage fallout. Delta Airlines was forced to cancel 300 more flights August 9 after a power outage caused a computer system failure, forcing the cancelation of approximately 1,000 flights August 8. Source: http://www.ajc.com/news/business/delta-cancels-250-flights-on-second-day-of-compute/nsCYP/

• Newkirk Products, Inc., announced August 5 that approximately 3.3 million customers covered by select health insurance plans were notified of a data breach after an unauthorized individual gained access to a server containing member and group ID numbers, among other personal information May 21. – SC Magazine

13. August 8, SC Magazine – (National) Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected. Newkirk Products, Inc., announced August 5 that approximately 3.3 million customers covered by select health insurance plans including multiple Blue Cross Blue Shield branches were notified of a data breach after an unauthorized individual gained access to a server containing names, mailing addresses, member and group ID numbers, and Medicaid ID numbers, among other personal information May 21. Officials shut down the server and the breach remains under investigation. Source:

• Check Point researchers reported 4 vulnerabilities, dubbed QuadRooter were affecting the software drivers in Qualcomm chipsets used in over 900 million Android products that could allow an attacker root access to a device. – Help Net Security See item 20 below in the Communications Sector

• Federal officials announced August 8 that AT&T Inc. will pay $7.75 million in fines for allowing unauthorized third-parties to fraudulently charge thousands of consumers for a monthly directory-assistance service on their landline bills. – Reuters See item 21 below in the Communications Sector

Financial Services Sector

Nothing to report

Information Technology Sector

18. August 9, SecurityWeek – (International) Vulnerabilites found in several Fortinet products. Vulnerability Lab released the details of several flaws affecting the Web interface of the Fortinet FortiManager and FortiAnalyzer security management and reporting appliances including a vulnerability that can be exploited by a remote attacker with access to a low-privileged user account to inject arbitrary code into the application if a victim clicks on a link or visits a Webpage containing the malicious code, a filter bypass issue, and multiple persistent cross-site scripting (XSS) flaws in the FortiVoice enterprise phone systems that can be exploited by a remote, authenticated attacker, among other security flaws. Fortinet released patches for all of the vulnerabilities and advised users to update their Fortinet product installations.

19. August 8, SecurityWeek – (International) Serious flaws found in Netgear, NUUO network video recorders. U.S. Computer Emergency Readiness Team (CERT) Coordination Center researchers warned that select network video recorders from NUUO Inc., and Netgear, Inc., were plagued by seven vulnerabilities including two input validation issues that could allow unauthenticated attackers to execute arbitrary code with root or admin privileges, an information disclosure bug that could allow a remote, unauthenticated attacker to view details on system processes, available memory and filesystem status by accessing a hidden page with a hardcoded username and password, and two flaws that can be leveraged to carry out arbitrary operating system (OS) commands and arbitrary code by any remote attacker who obtains admin privileges, among other flaws.

For another story, see item 20 below in the Communications Sector

Communications Sector

20. August 8, Help Net Security – (International) New vulnerabilities affect over 900 million Android devices, enable complete control of devices. Security researchers from Check Point reported four vulnerabilities, dubbed QuadRooter were affecting the software drivers in Qualcomm chipsets used in over 900 million Android smartphones and tablets and could trigger privilege escalations and gain root access to a device, allowing an attacker to change or remove system-level files, delete or add apps, and access the device’s screen, among other privileges, if any one of the four vulnerabilities is exploited. Check Point released a free QuadRooter scanner app that allows Android users to determine if their device is vulnerable, and advised Android users to download and install the latest software updates, among other practices, in order to avoid attacks.

21. August 8, Reuters – (National) AT&T to pay $7.75 million for allowing sham directory-assistance calls. The Federal Communications Commission announced August 8 that AT&T Inc. will pay a total of $7.75 million in Federal fines and refunds to affected customers after the U.S. Drug Enforcement Agency discovered that AT&T allowed Discount Directory Inc. and Enhanced Telecommunications Services to fraudulently charge thousands of consumers for a monthly directory-assistance service on their AT&T landline telephone bills. As part of the settlement, AT&T must cease billing for nearly all third-party products and services on landline bills, and adopt procedures to obtain express consent from customers prior to allowing third-party charges. Source: http://www.reuters.com/article/us-at-t-fcc-idUSKCN10J1TX