Monday, October 31, 2016 -- Halloween



Complete DHS Report for October 31, 2016

Daily Report                                            

Top Stories

• Officials reached a $150,000 settlement October 27 with Specialty Materials Inc. after a July 2014 inspection found that the company failed to properly manage methylene chloride and other hazardous materials. – U.S. Environmental Protection Agency

1. October 27, U.S. Environmental Protection Agency – (Massachusetts) Lowell company settles with EPA for hazardous waste concerns. The U.S. Environmental Protection Agency (EPA) announced October 27 that it reached a $150,000 settlement with Lowell, Massachusetts-based Specialty Materials Inc. to resolve alleged violations of the Federal Resource Conservation and Recovery Act and Massachusetts hazardous waste management regulations after a July 2014 EPA inspection found that the company failed to properly store, handle, and manage methylene chloride, mercury-contaminated solids and wastewater, and other hazardous wastes; neglected to ensure safety and emergency preparedness procedures were followed; and failed to maintain appropriate records on the storage and handling of hazardous wastes, among other violations. Source: https://www.epa.gov/newsreleases/lowell-company-settles-epa-hazardous-waste-concerns

• BMW issued a recall October 28 for 136,188 of its model years 2007 – 2012 vehicles in select makes due to faulty wiring in the fuel pump that could result in a buildup of electrical resistance and cause the pump to overheat and melt. – TheCarConnection.com

2. October 28, TheCarConnection.com – (National) BMW recalls 136,000 vehicles in the U.S. to fix stalling & fuel leaks. BMW issued a recall October 28 for 136,188 of its model years 2007 – 2012 vehicles in select makes equipped with an in-tank fuel pump sold in the U.S. due to faulty wiring in the fuel pump that may have been improperly crimped, which could result in a buildup of electrical resistance and cause the pump to overheat and melt, thereby increasing the risk of stalling and fuel leaks. Source: http://www.thecarconnection.com/news/1106957_bmw-recalls-136000-vehicles-in-the-u-s-to-fix-stalling-fuel-leaks

• A total of 61 individuals and entities were charged in an indictment unsealed October 27 for their alleged roles in a call center scheme that defrauded at least 15,000 U.S. residents out of more than $250 million. – Washington Post below in the Financial Services Sector

• The U.S. Environmental Protection Agency announced October 27 that Bacon-Agostini Construction Co., Inc. and K.R. Rezendes, Inc. agreed to pay $49,500 to resolve alleged violations of the Clean Water Act. – U.S. Environmental Protection Agency

12. October 27, U.S. Environmental Protection Agency – (Massachusetts) Companies and EPA settle matter of stormwater discharges during construction of Somerset, Mass. school. The U.S. Environmental Protection Agency (EPA) announced October 27 that Bacon-Agostini Construction Co., Inc. and excavation company K.R. Rezendes, Inc. agreed to pay $49,500 to resolve alleged violations of the Clean Water Act after the companies discharged sediment-filled stormwater from the construction site of the new Somerset-Berkley Regional High School in Somerset, Massachusetts, into catch basins for the town’s municipal storm sewer system and the Taunton River in 2012. As part of the settlement, the company’s must take necessary steps to protect the Taunton River and the local storm sewer system from contamination, and correct their violations of the EPA permit to discharge storm water. Source: https://www.epa.gov/newsreleases/companies-and-epa-settle-matter-stormwater-discharges-during-construction-somerset-mass

Financial Services Sector

4. October 27, Washington Post – (International) Justice Department charges dozens in massive Indian call center scheme. A total of 61 individuals and entities were charged in an indictment unsealed October 27 for their alleged roles in a call center scheme that defrauded at least 15,000 U.S. residents out of more than $250 million after call center operators in India impersonated U.S. Internal Revenue Service or U.S. Citizenship and Immigration Services officials and threatened potential victims with arrest, imprisonment, or deportation if they failed to pay taxes or debts to the government. The charges state that a network of U.S.-based co-conspirators liquidated and laundered the extorted funds through wire transfers or by purchasing prepaid debit cards that were registered with stolen information from the identity theft victims. Source: https://www.washingtonpost.com/world/national-security/justice-department-charges-dozens-in-massive-indian-call-center-scheme/2016/10/27/ae64a6b0-9c48-11e6-a0ed-ab0774c1eaa5_story.html

Information Technology Sector

17. October 28, SecurityWeek – (International) Apple patches flaws in Xcode, Windows software. Apple released version 8.1 of its Xcode integrated development environment (IDE) to address 10 vulnerabilities in Node.js and OpenSSL that an attacker could exploit for arbitrary code execution or to cause an application to crash. Apple also released iTunes version 12.5.2 and iCloud version 6.0.1 for Microsoft Windows due to flaws in the WebKit Web browser engine, which can be exploited through processing specially crafted Web content for arbitrary code execution and disclosure of user information. Source: http://www.securityweek.com/apple-patches-flaws-xcode-windows-software

18. October 28, Help Net Security – (International) New code injection attack works on all Windows versions. Security researchers from enSilo discovered a code injection method, dubbed AtomBombing can be leveraged against all Microsoft Windows versions without triggering security solutions. The researchers found attackers can write malicious code into the operating system’s atom table in order to force a legitimate program to retrieve the malicious code and manipulate the program to execute that code, thereby enabling attackers to take screenshots, access encrypted passwords, and perform Man in the Browser (MitB) attacks. Source: https://www.helpnetsecurity.com/2016/10/28/code-injection-windows-atombombing/

Communications Sector

19. October 27, Washington Post – (National) The FCC just passed sweeping new rules to protect your online privacy. The Federal Communications Commission approved new rules October 27 that require Internet service providers to receive explicit consent from their customers before using or sharing sensitive personal information, including app and browsing history and mobile location data, among other information generated while using the Internet. The ruling also requires service providers to inform customers about what data they collect and why, and notify customers of data breaches. Source: https://www.washingtonpost.com/news/the-switch/wp/2016/10/27/the-fcc-just-passed-sweeping-new-rules-to-protect-your-online-privacy/