Complete DHS Report for September 9, 2016
Daily Report
Top Stories
• Mazda Motor Corporation issued a recall September 8 for more
than 759,000 of its model years 2010 – 2016 vehicles in select makes due to a
problem affecting the vehicles’ rear hatches where the hatch lift supports can
corrode and break, thereby increasing the risk of injury. – TheCarConnection.com
2. September
8, TheCarConnection.com – (International) Mazda recalls 2010-2013
Mazda3, 2012-2015 Mazda5, 2013-2016 CX-5, 2016 CX-3: 2.2 million affected. Mazda
Motor Corporation issued a recall September 8 for more than 759,000 of its
model years 2010 – 2016 vehicles in select makes sold in the U.S. and Canada
due to a problem affecting the vehicles’ rear hatches where the protective
coating applied to the hatch lift supports does not protect the supports from
water intrusion, which can lead to corrosion and cause the supports to break,
thereby increasing the risk of injury. Source:
• Four people were arrested in Brooklyn, New York, September 7
after authorities discovered 2,433 blank credit cards and other illicit
materials while executing a search warrant at the group’s apartment. – WNBC
4 New York See item 3 below in
the Financial Services Sector
• Missouri officials lifted a precautionary boil water advisory
for approximately 85,000 customers in St. Louis County September 7 that was
issued after the company’s water treatment plant temporarily lost power. – St.
Louis Post-Dispatch
12. September
7, St. Louis Post-Dispatch – (Missouri) Boil advisory reportedly
triggered by car accident. Missouri American Water officials lifted a
precautionary boil water advisory for approximately 85,000 customers in St.
Louis County September 7 that was issued September 6 after the company’s water
treatment plant on Hog Hollow Road temporarily lost power when a vehicle
reportedly hit an electric pole at Pritchard Farm and Creve Coeur Mill Roads.
Officials stated water quality tests confirmed the water is safe to consume. Source:
http://www.stltoday.com/news/local/metro/boil-advisory-reportedly-triggered-by-car-accident/article_cea97122-a9c8-5391-bf0d-f80ada404094.html
• Florida officials announced September 6 that the Albert Whitted
plant in St. Petersburg released nearly 20 million gallons of partially treated
sewage September 5 due to heavy rains from Hurricane Hermine. – WTSP 10 St.
Petersburg
13. September
6, WTSP 10 St. Petersburg – (Florida) Hermine overwhelmed sewer
facilities around Bay area. The Florida Department of Environmental
Protection announced September 6 that the Albert Whitted plant in St.Petersburg
released nearly 20 million gallons of partially treated sewage September 5 and
2,000 gallon of raw sewage August 31 due to heavy rains from Hurricane Hermine.
Officials also announced that millions of gallons of sewage mixed with storm
water spilled near the Marshall Street wastewater treatment plant in
Clearwater, Florida, August 31 after the plant received more than 20 million
gallons of wastewater per day during the storm. Source: http://www.wtsp.com/news/hermine-overwhelmed-sewer-facilities-around-bay-area/314610723
Financial Services Sector
3. September
8, WNBC 4 New York – (New York) 4 arrested, guns and thousands of blank credit
cards seized in Brooklyn: NYPD. Four people were arrested in
Bedford-Stuyvesant in Brooklyn, New York, September 7 after authorities
discovered 2,433 blank credit cards, 2 credit card embossing machines, and 3
credit card skimmers, among other illicit materials, while executing a search
warrant at the group’s apartment. Source: http://www.nbcnewyork.com/news/local/NYC-4-Arrested-Guns-Thousands-Fake-Credit-Cards-Seized-Forgery-392697211.html
4. September
7, SecurityWeek – (International) Gugi banking trojan can bypass Android 6
protection. Kaspersky security researchers discovered a variant of the Gugi
mobile banking trojan can bypass two security features in Google’s Android 6.0,
including the permission-based app overlays and the dynamic permission
requirement for dangerous in-app activities like calls or short message service
(SMS) in order to overlay applications and steal mobile banking credentials
from its victims, and found the trojan is being distributed via SMS spam that
tricks victims into accessing phishing Websites, which downloads the malware
onto the device. Researchers advised users to reboot the infected device in
safe mood and attempt to uninstall the trojan. Source: http://www.securityweek.com/gugi-banking-trojan-can-bypass-android-6-protection
Information Technology Sector
22. September
8, Softpedia – (International) WordPress 4.6.1 security update is out, time
to update peeps. WordPress released version 4.6.1 of its WordPress Content
Management System (CMS) resolving a path traversal vulnerability and a
cross-site scripting (XSS) flaw affecting the admin panel that can be exploited
via image metadata and allow a malicious actor to take over the affected
Website. The update also patches 15 other bugs related to the underlying CMS
codebase.
23. September
8, Help Net Security – (International) Flaws in Network Management Systems open
enterprise networks to attacks. Rapid7 researchers and an independent
researcher discovered over 12 vulnerabilities plaguing 9 different Network
Management Systems (NMSs) products that could be exploited via cross-site
scripting (XSS) attacks over Simple Network Management Protocol (SNMP)
agent-provided data, which could allow a local attacker to add a malicious
device to the network, XSS attacks over SNMP trap alert messages, and format
string processing on the NMS Web management console that can be carried out via
specially crafted trap alert messages. Researchers reported that all the flaws
have received patches. Source: https://www.helpnetsecurity.com/2016/09/08/flaws-network-management-systems/
24. September
7, SecurityWeek – (International) Google patches QuadRooter, other critical
Android vulnerabilities. Google released its September 2016 Android
Security Bulletin resolving 55 vulnerabilities, including 2 critical remote
code execution (RCE) flaws in LibUtils and Mediaserver, a high risk RCE in
MediaMuxer, and 2 issues in QuadRooter that impacted over 900 million Android
devices using Qualcomm chipsets, among other vulnerabilities. Source: http://www.securityweek.com/google-patches-quadrooter-other-critical-android-vulnerabilities
25. September
7, SecurityWeek – (International) Siemens fixes several flaws in SIPROTEC
products. Siemens released firmware updates addressing vulnerabilities in its
SIPROTEC 4 and SIPROTEC Compact devices after Kaspersky Lab researchers found
the devices were plagued with a flaw that an attacker with network access could
exploit to bypass authentication mechanisms and carry out administrative
operations, and a flaw that could allow an attacker with network access to
perform those actions while a legitimate user is logged in to the Web
interface. Siemens advised customers to use network segmentation, virtual
private networks (VPNs), and firewalls to protect their systems against
attacks. Source: http://www.securityweek.com/siemens-fixes-several-flaws-siprotec-products
For another story, see item 4 above in the Financial Services Sector
Communications Sector
See item 4 above
in the Financial Services Sector
and item 24 above in the Information Technology Sector