Tuesday, August 30, 2016



Complete DHS Report for August 30, 2016

Daily Report                                            

Top Stories

• Toyota Motor Corporation issued a recall August 29 for 337,449 of its model years 2006 – 2011 Toyota RAV4 crossover vehicles and model year 2010 Lexus HS 250h vehicles due to improperly secured lock nuts on the rear suspension arms, which can make it difficult for the driver to control the vehicle. – TheCarConnection.com

4. August 29, TheCarConnection.com – (National) 2006-2011 Toyota RAV4, 2010 Lexus HS 250h recalled for suspension issue (again): 337,000 affected. Toyota Motor Corporation issued a recall August 29 for 337,449 of its model years 2006 – 2011 Toyota RAV4 crossover vehicles and its model year 2010 Lexus HS 250h vehicles sold in the U.S. due to lock nuts on the rear suspension arms that may not have been properly secured, which can allow the threading to rust and the suspension arms to fail, thereby making it difficult for the driver to control the vehicle and increasing the risk of a crash. Source: http://www.thecarconnection.com/news/1105830_2006-2011-toyota-rav4-2010-lexus-hs-250h-recalled-for-suspension-issue-again-337000-affected

• Authorities offered a reward August 26 in exchange for information leading to the arrest and conviction of a man dubbed the “Filter Bandit” who is suspected of robbing 9 Broward County, Florida banks since 2014. – WPLG 10 Miami See item 5 below in the Financial Services Sector

• A former employee at HB Nitkin Group in Greenwich, Connecticut, pleaded guilty August 26 to embezzling more than $700,000 from the company between February 2014 and December 2015. – U.S. Attorney’s Office, District of Connecticut See item 6  below in the Financial Services Sector

• Authorities are investigating the cause of a 4-alarm fire at the Incca-Carroll Street apartments in Paterson, New Jersey, August 28 that displaced over 100 residents, damaged up to 20 units, and sent 2 people to an area hospital. – Newark Star-Ledger

34. August 28, Newark Star-Ledger – (New Jersey) 4-alarm blaze tears through apartment building in Paterson. Authorities are investigating the cause of a 4-alarm fire at the Incca-Carroll Street apartments in Paterson, New Jersey, August 28 that displaced over 100 residents, damaged up to 20 units, and sent 2 people to an area hospital. The American Red Cross was assisting those displaced by the fire. Source: http://www.nj.com/passaic-county/index.ssf/2016/08/4-alarm_blaze_tears_through_apartment_building_in.html

Financial Services Sector

5. August 26, WPLG 10 Miami – (Florida) FBI offers $5K reward for ‘Filter Bandit.’ Authorities offered a reward August 26 in exchange for information leading to the arrest and conviction of a man dubbed the “Filter Bandit” who is suspected of robbing 9 Broward County, Florida banks since 2014, including a SunTrust Bank branch in Coral Springs August 26. Source: http://www.local10.com/news/florida/broward-county/fbi-offers-5k-reward-for-filter-bandit-

6. August 26, U.S. Attorney’s Office, District of Connecticut – (Connecticut) Former Greenwich resident pleads guilty to stealing more than $700K in fraud scheme. A former employee at HB Nitkin Group in Greenwich, Connecticut, pleaded guilty August 26 to embezzling more than $700,000 from the company and related companies and individuals after the employee created fraudulent invoices for carpentry, plumbing, and electrical services, and used the company’s checkbook to pay the phony invoices, which she deposited into her personal bank accounts from February 2014 – December 2015. Officials stated the former employee also cashed checks that she stole from other employees of the company, among other fraudulent actions. Source: https://www.justice.gov/usao-ct/pr/former-greenwich-resident-pleads-guilty-stealing-more-700k-fraud-scheme

For another story, see item 36 below from the Commercial Facilities Sector

36. August 26, Softpedia – (National) US Secret Service notifies two major hotel chains about possible data breaches. Millennium Hotels & Resorts North America (MHR) notified customers August 25 that it is investigating a potential data breach of its point-of-sale (PoS) systems that may have compromised customer payment card data used at all of its 14 locations nationwide between March and June 2016 after the U.S. Secret Service and a third-party service provider notified the company about the breach. Noble House Hotels and Resorts also announced August 25 it is investigating a potential data breach after U.S. Secret Service officials notified the company that the PoS systems at its Ocean Key Resort & Spa in Key West, Florida, were compromised between April 2016 and June 2018. Source: http://news.softpedia.com/news/us-secret-service-notifies-two-major-hotel-chains-about-possible-data-breaches-507658.shtml

Information Technology Sector

27. August 29, Help Net Security – (International) XSS flaw in D-Link NAS devices allows attackers to mess with your data. A security researcher discovered seven D-Link network-attached storage (NAS) devices were plagued with a cross-site scripting (XSS) flaw in the device’s administrative Web interface that can be exploited through an authenticated Server Message Block (SMB) login attempt and could allow attackers to access a targeted device and change the stored contents after detecting the flaw in the firmware of D-Link DNS-320 rev A. The researcher stated this XSS flaw does not require the victim to visit a malicious Website or open an attacker-supplied link, and that the malicious code can be injected without direct nor indirect access to the vulnerable application. Source: https://www.helpnetsecurity.com/2016/08/29/xss-flaw-d-link-nas-devices-allows-attackers-mess-data/

28. August 29, SecurityWeek – (International) Kaspersky patches vulnerabilities in consumer products. Kaspersky Lab released updated for its KLIF, KLDISK, and KL1 Internet security products resolving several denial-of-service (DoS) and memory disclosure vulnerabilities after Cisco researchers discovered a flaw in KLIF drivers that can allow a malicious app to execute an application programming interface (API) call using invalid parameters and crash the system, a flaw related to how the KL1 driver handles input/output control (IOCTL) calls, which could be exploited to cause a memory access violation and crash the system, and a flaw caused by weak implementation of the KlDiskCtl service in the KLDISK that can allow attackers to use specially crafted IOCTL calls to leak kernel memory content and obtain information. Source: http://www.securityweek.com/kaspersky-patches-vulnerabilities-consumer-products

29. August 29, Softpedia – (International) Tech support scammers find new tricks to hijack Chrome browser. Malwarebytes researchers discovered a new method to hijack Google Chrome Web browsers where hidden JavaScript code puts the user’s browser into full screen mode, hiding the address bar and user interface (UI) toolbar in order to load a JPEG image at the top of the page that is crafted to look like Chrome’s original UI bar. The researchers also discovered a second trick targeting Chrome users where scammers created popups that mimicked original Chrome alerts, and would continue to display more alerts if a user clicked the appropriate checkmark. Source: http://news.softpedia.com/news/tech-support-scammers-find-new-trick-to-hijack-chrome-browsers-507715.shtml

30. August 29, SecurityWeek – (International) User data possibly stolen in Opera Sync breach. Opera notified 1.7 million Sync customers August 26 of a potential data breach discovered the week of August 22 after an attacker hacked the system and potentially accessed user information, including usernames and passwords. Opera officials advised its customers to change their Sync passwords, as well as any passwords to third-party Websites synchronized with the service. Source: http://www.securityweek.com/user-data-possibly-stolen-opera-sync-breach

31. August 26, Softpedia – (International) Fantom ransomware mimics Windows update screen. An AVG security researcher discovered a new ransomware variant, dubbed Fantom was being distributed as a fake Microsoft Windows critical update screen to trick users into running the malicious file, criticalupdate01.exe, which encrypts victims’ files and displays a ransom note in Hypertext Markup Language (HTML) or TXT files after the encryption process ends. Researchers stated that users must contact the malicious actor via email to get the private key and unlock their encrypted files, and then the ransomware runs two batch scripts to delete its installation files. Source: http://news.softpedia.com/news/fantom-ransomware-mimics-windows-update-screen-507668.shtml

Communications Sector

32. August 28, WUSA 9 Washington, D.C. – (Washington, D.C.) D.C. 911 system restored after outage. Officials from the Office of Unified Communications in Washington, D.C. reported August 28 that 9-1-1 services have been restored after an internal power failure caused a service outage for 2 hours August 27. Officials set up an alternative emergency phone number during the outage and the investigation is ongoing. Source: http://www.wusa9.com/news/local/dc/dc-911-system-restored-after-outage/309753694