Complete DHS Report for January 11, 2017
Daily Report
Top Stories
• Fiat Chrysler Automobiles issued a recall January 9 for 86,403
of its model years 2005 – 2010 vehicles in select makes to replace Takata
airbag inflators. – TheCarConnection.com
2. January 9,
TheCarConnection.com – (International) Chrysler Aspen, Dodge Durango,
Ram 2500 and 3500 recalled to fix Takata airbags. Fiat Chrysler Automobiles
issued a recall January 9 for 86,403 of its model years 2005 – 2010 vehicles in
select makes sold in the U.S. to replace Takata airbag inflators on the
driver’s or passenger’s side of the vehicles. The recall also includes roughly
14,000 vehicles sold in Canada, Mexico, and outside of North America. Source: http://www.thecarconnection.com/news/1108255_chrysler-aspen-dodge-durango-ram-2500-3500-recalled-to-fix-takata-airbags
• The former top emissions compliance manager for Volkswagen in
the U.S. was charged January 7 in Florida for allegedly conspiring to defraud
the U.S. after playing a central role in the carmaker’s efforts to conceal its
emissions cheating from U.S. regulators with a so-called defeat device. – New
York Times
3. January 9, New York
Times – (National) F.B.I. arrests Volkswagen executive on conspiracy
charge in emissions scandal. The former top emissions compliance manager
for Volkswagen in the U.S. was charged January 7 in Florida for allegedly
conspiring to defraud the U.S. after playing a central role in the carmaker’s
efforts to conceal its emissions cheating from U.S. regulators with a so-called
defeat device. The arrest came as Volkswagen and the U.S. Department of Justice
neared a deal to pay over $2 billion to settle the criminal investigation into
the emissions cheating.
• Officials in Santa Cruz, California, declared an emergency water
shortage January 9 and asked residents to limit their water use by 30 percent
until January 16. – KGO 7 San Francisco
11. January 10, KGO 7 San
Francisco – (California) Drinking water emergency declared in Santa
Cruz. Officials in Santa Cruz, California, declared an emergency water
shortage January 9 and asked residents to limit their water use by 30 percent
until January 16 after a storm the weekend of January 7 caused a critical water
pipeline to leak 1,500 gallons per minute for several hours. City officials
have no estimate of how long it will take to repair the leak. Source: http://abc7news.com/weather/drinking-water-emergency-declared-in-santa-cruz/1694992/
• The former president of United Auto Workers Local 2326 and an
insurance broker were charged January 9 for allegedly defrauding Horizon Blue
Cross Blue Shield of New Jersey out of roughly $6.6 million. – Associated
Press
12. January 10,
Associated Press – (National) Former union official, broker charged in
$6.6 million fraud. The former president of United Auto Workers Local 2326
and an insurance broker were charged January 9 for allegedly defrauding Horizon
Blue Cross Blue Shield of New Jersey out of roughly $6.6 million after the
broker created two shell companies to market insurance to hundreds of people
across the country not employed by them, and allowed some of those people to
stay on the union’s plan even after the health care program discovered they did
not meet eligibility requirements.
Financial Services Sector
4. January 9, McLean
Patch – (Virginia) Police seize 87 fraudulent credit cards from suspects
Sunday at Tysons shopping center. Authorities in Fairfax County, Virginia,
arrested and charged 3 suspects after they seized 87 fraudulent credit cards in
the suspects’ possession at Tysons Corner Center January 8. Further investigation
revealed the suspects also possessed several items used to manufacture fake
credit cards and identification cards. Source: http://patch.com/virginia/mclean/police-seize-87-fraudulent-credit-cards-suspects-sunday-tysons-shopping-center
Information Technology Sector
21. January 9,
SecurityWeek – (International) Rockwell Automation addresses flaws in
programmable controllers. Rockwell Automation released firmware updates for
its Allen-Bradley programmable automation controllers, programmable logic
controllers, and safety programmable controllers after Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) reported that versions 16 –21
of the devices were plagued with a critical stack-based buffer overflow flaw
that could be remotely exploited to execute arbitrary code on a controller or
cause the device to enter a denial-of-service (DoS) condition by sending
maliciously crafted common industrial protocol (CIP) packets to the targeted
device. Source: http://www.securityweek.com/rockwell-automation-addresses-flaws-programmable-controllers
22. January 9,
SecurityWeek – (International) Edge exploits added to Sundown EK. A
security researcher discovered that the operators of the Sundown exploit kit
(EK) started leveraging two memory corruption flaws in Microsoft Edge that can
be remotely exploited to execute arbitrary code in the context of the user by
tricking a victim into accessing a maliciously crafted Website.
23. January 9,
SecurityWeek – (International) Mac crashing attack method used in tech
support scam. Malwarebytes Labs security researchers discovered that
attackers are leveraging drive-by downloads to deliver malicious code targeting
Apple’s Safari browser on Macs via a newly registered scam Website that pushes
two different types of denial-of-service malware as part of a campaign to trick
victims into calling a fake tech support service. The researchers stated that
the attack does not work against machines running Mac’s operating system Sierra
10.12.2 or above.
For additional stories, see
item 13 below from the Healthcare
and Public Health Sector and item 19 below from the Government Facilities Sector
13. January 9, Threatpost
– (National) St. Jude Medical patches vulnerable cardiac devices. St.
Jude Medical, Inc. and the U.S. Food and Drug Administration announced January
9 the release of a software update for St. Jude’s Merlin at home Transmitter
medical device after MedSec Holdings and Muddy Waters discovered in 2016 that
the remote transmitting devices used to communicate with St. Jude’s implantable
cardiac devices were plagued with vulnerabilities that exposed pacemakers and
defibrillators to attacks, putting patients’ physical safety at risk.
19. January 9,
SecurityWeek – (International) Man pleads guilty to hacking accounts of U.S.
officials. A North Carolina resident pleaded guilty the week of January 2
for his role in the “Crackas With Attitude” hacking group’s conspiracy to gain
access to the online accounts of Federal Government officials and their
families, as well as government computer systems from October 2015 and February
2016. The group published the officials’ personal details on the Internet and
harassed them over the phone.
Source:
http://www.securityweek.com/man-pleads-guilty-hacking-accounts-us-officials
Communications Sector
Nothing to report