Wednesday, January 11, 2017



Complete DHS Report for January 11, 2017

Daily Report                                            

Top Stories

• Fiat Chrysler Automobiles issued a recall January 9 for 86,403 of its model years 2005 – 2010 vehicles in select makes to replace Takata airbag inflators. – TheCarConnection.com

2. January 9, TheCarConnection.com – (International) Chrysler Aspen, Dodge Durango, Ram 2500 and 3500 recalled to fix Takata airbags. Fiat Chrysler Automobiles issued a recall January 9 for 86,403 of its model years 2005 – 2010 vehicles in select makes sold in the U.S. to replace Takata airbag inflators on the driver’s or passenger’s side of the vehicles. The recall also includes roughly 14,000 vehicles sold in Canada, Mexico, and outside of North America. Source: http://www.thecarconnection.com/news/1108255_chrysler-aspen-dodge-durango-ram-2500-3500-recalled-to-fix-takata-airbags

• The former top emissions compliance manager for Volkswagen in the U.S. was charged January 7 in Florida for allegedly conspiring to defraud the U.S. after playing a central role in the carmaker’s efforts to conceal its emissions cheating from U.S. regulators with a so-called defeat device. – New York Times

3. January 9, New York Times – (National) F.B.I. arrests Volkswagen executive on conspiracy charge in emissions scandal. The former top emissions compliance manager for Volkswagen in the U.S. was charged January 7 in Florida for allegedly conspiring to defraud the U.S. after playing a central role in the carmaker’s efforts to conceal its emissions cheating from U.S. regulators with a so-called defeat device. The arrest came as Volkswagen and the U.S. Department of Justice neared a deal to pay over $2 billion to settle the criminal investigation into the emissions cheating.

• Officials in Santa Cruz, California, declared an emergency water shortage January 9 and asked residents to limit their water use by 30 percent until January 16. – KGO 7 San Francisco

11. January 10, KGO 7 San Francisco – (California) Drinking water emergency declared in Santa Cruz. Officials in Santa Cruz, California, declared an emergency water shortage January 9 and asked residents to limit their water use by 30 percent until January 16 after a storm the weekend of January 7 caused a critical water pipeline to leak 1,500 gallons per minute for several hours. City officials have no estimate of how long it will take to repair the leak. Source: http://abc7news.com/weather/drinking-water-emergency-declared-in-santa-cruz/1694992/

• The former president of United Auto Workers Local 2326 and an insurance broker were charged January 9 for allegedly defrauding Horizon Blue Cross Blue Shield of New Jersey out of roughly $6.6 million. – Associated Press

12. January 10, Associated Press – (National) Former union official, broker charged in $6.6 million fraud. The former president of United Auto Workers Local 2326 and an insurance broker were charged January 9 for allegedly defrauding Horizon Blue Cross Blue Shield of New Jersey out of roughly $6.6 million after the broker created two shell companies to market insurance to hundreds of people across the country not employed by them, and allowed some of those people to stay on the union’s plan even after the health care program discovered they did not meet eligibility requirements.

Financial Services Sector

4. January 9, McLean Patch – (Virginia) Police seize 87 fraudulent credit cards from suspects Sunday at Tysons shopping center. Authorities in Fairfax County, Virginia, arrested and charged 3 suspects after they seized 87 fraudulent credit cards in the suspects’ possession at Tysons Corner Center January 8. Further investigation revealed the suspects also possessed several items used to manufacture fake credit cards and identification cards. Source: http://patch.com/virginia/mclean/police-seize-87-fraudulent-credit-cards-suspects-sunday-tysons-shopping-center

Information Technology Sector

21. January 9, SecurityWeek – (International) Rockwell Automation addresses flaws in programmable controllers. Rockwell Automation released firmware updates for its Allen-Bradley programmable automation controllers, programmable logic controllers, and safety programmable controllers after Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that versions 16 –21 of the devices were plagued with a critical stack-based buffer overflow flaw that could be remotely exploited to execute arbitrary code on a controller or cause the device to enter a denial-of-service (DoS) condition by sending maliciously crafted common industrial protocol (CIP) packets to the targeted device. Source: http://www.securityweek.com/rockwell-automation-addresses-flaws-programmable-controllers

22. January 9, SecurityWeek – (International) Edge exploits added to Sundown EK. A security researcher discovered that the operators of the Sundown exploit kit (EK) started leveraging two memory corruption flaws in Microsoft Edge that can be remotely exploited to execute arbitrary code in the context of the user by tricking a victim into accessing a maliciously crafted Website.

23. January 9, SecurityWeek – (International) Mac crashing attack method used in tech support scam. Malwarebytes Labs security researchers discovered that attackers are leveraging drive-by downloads to deliver malicious code targeting Apple’s Safari browser on Macs via a newly registered scam Website that pushes two different types of denial-of-service malware as part of a campaign to trick victims into calling a fake tech support service. The researchers stated that the attack does not work against machines running Mac’s operating system Sierra 10.12.2 or above.

For additional stories, see item 13 below from the Healthcare and Public Health Sector and item 19 below from the Government Facilities Sector


13. January 9, Threatpost – (National) St. Jude Medical patches vulnerable cardiac devices. St. Jude Medical, Inc. and the U.S. Food and Drug Administration announced January 9 the release of a software update for St. Jude’s Merlin at home Transmitter medical device after MedSec Holdings and Muddy Waters discovered in 2016 that the remote transmitting devices used to communicate with St. Jude’s implantable cardiac devices were plagued with vulnerabilities that exposed pacemakers and defibrillators to attacks, putting patients’ physical safety at risk.


19. January 9, SecurityWeek – (International) Man pleads guilty to hacking accounts of U.S. officials. A North Carolina resident pleaded guilty the week of January 2 for his role in the “Crackas With Attitude” hacking group’s conspiracy to gain access to the online accounts of Federal Government officials and their families, as well as government computer systems from October 2015 and February 2016. The group published the officials’ personal details on the Internet and harassed them over the phone.
Source: http://www.securityweek.com/man-pleads-guilty-hacking-accounts-us-officials

Communications Sector

Nothing to report