Friday, January 13, 2017



Complete DHS Report for January 13, 2017

Daily Report                                            

Top Stories

• Ford Motor Company issued a recall January 12 for 654,695 of its model years 2005 – 2009 vehicles sold in select makes to replace fatally flawed Takata Corporation passenger-side airbags. – TheCarConnection.com

4. January 12, TheCarConnection.com – (International) Takata airbag recall list balloons again: 816,000 Ford, Lincoln, Mercury vehicles added. Ford Motor Company issued a recall January 12 for 654,695 of its model years 2005 – 2009 vehicles sold in select makes in the U.S. to replace fatally flawed Takata Corporation passenger-side airbags. The recall also includes 161,174 vehicles registered in Canada. Source: http://www.thecarconnection.com/news/1108318_takata-airbag-recall-list-balloons-again-816000-ford-lincoln-mercury-vehicles-added

• The Volkswagen Group agreed to pay $4.3 billion in criminal fines and civil penalties and pleaded guilty January 11 after the company rigged more than 500,000 vehicles with software to cheat pollution laws and lied to U.S. investigators about the nature of the conspiracy. – USA Today

6. January 11, USA Today – (International) VW pleads guilty to conspiracy, obstruction of justice; 6 execs charged. The Volkswagen Group agreed to pay $4.3 billion in criminal fines and civil penalties and pleaded guilty January 11 after the company rigged more than 500,000 vehicles with software to cheat pollution laws and lied to U.S. investigators about the nature of the conspiracy. Six German Volkswagen executives were also charged January 11 for their alleged roles in the scheme. Source: http://www.usatoday.com/story/money/cars/2017/01/11/volkswagen-epa-doj-department-of-justice-settlement/96439678/

• Straight Path Communications, Inc. agreed to pay $15 million January 12 to resolve an investigation into its former parent company IDT Corp. and its spectrum licenses following claims of fraud made against the company by an anonymous shortseller. – Reuters See item 21 below in the Communications Sector

• Ameren Missouri announced January 10 that the Lake of the Ozarks’ Bagnell Dam will receive $52 million worth of structural upgrades. – St. Louis Post-Dispatch

25. January 10, St. Louis Post-Dispatch – (Missouri) Dam at Lake of the Ozarks to receive $52-million structural upgrades. Ameren Missouri announced January 10 that the Lake of the Ozarks’ Bagnell Dam will receive $52 million worth of structural upgrades, including outfitting the dam with 68 new anchors to hold it into the bedrock, and adding over 66 million pounds of new concrete to better secure the dam, among other improvements. The project will begin in March 2017 and is expected to take 18 months to complete. Source: http://www.stltoday.com/business/local/dam-at-lake-of-the-ozarks-to-receive-- million/article_bb767264-a7d1-5ae7-b0dc-6c7a0dc4b241.html

Financial Services Sector

Nothing to report

Information Technology Sector

16. January 12, SecurityWeek – (International) Eight vulnerabilities patched in WordPress. WordPress version 4.7.1 was released, resolving a total of 8 security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws, several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue related to multisite activation keys.

17. January 12, SecurityWeek – (International) Four high severity DoS flaws patched in BIND. The Internet Systems Consortium (ICS) released BIND versions 9.9.9-P5, 9.10.4-P5, 9.11.0-P2, and 9.9.9-S7 addressing four high severity denial-of-service (DoS) flaws that can be remotely exploited to cause the BIND name server process to encounter an assertion failure and stop executing. ICS stated it was not aware of the vulnerabilities being actively exploited.

18. January 11, SecurityWeek – (International) Command execution vulnerability patched in Ansible. Red Hat released updates for the Ansible IT automation platform addressing a security bypass vulnerability after security researchers from Computest found that a flaw in the controller, the central node in an Ansible installation, could be leveraged by an attacker to bypass filters and gain control of certain facts to execute arbitrary code on the controller, and subsequently move to the other hosts. Source: http://www.securityweek.com/command-execution-vulnerability-patched-ansible

19. January 11, SecurityWeek – (International) Powerful “Spora” ransomware lets victims pay for immunity. Security researchers from Emsisoft warned that a newly observed ransomware, dubbed Spora is distributed via spam emails masked as invoices and leverages Windows CyrptoAPI for encryption, using a mix of RSA and Advanced Encryption Standard (AES) that allows the ransomware to encrypt files without a command and control (C&C) server connection, as well as ensuring that a decryption tool developed for one victim will not work for another victim. The researchers also found that Spora is able to determine how much ransom a victim should pay by creating creates statistics of the targets to encrypt and saving them to a .KEY file as a set of six numbers. Source: http://www.securityweek.com/powerful-spora-ransomware-lets-victims-pay-immunity

20. January 11, SecurityWeek – (International) RIG grabs 35% of exploit kit market in December. Symantec researchers reported that the RIG exploit kit (EK) was responsible for nearly 35 percent of the total EK activity during December 2016, with Fiesta at roughly 4 percent, and the Magnitude EK at about 3 percent. The number of Web attacks blocked by Symantec increased by about 33 percent in December 2016 after the company blocked 388,000 attacks per day in comparison to the 291,000 attacks blocked per day in November 2016. Source: http://www.securityweek.com/rig-grabs-35-exploit-kit-market-december

Communications Sector

Nothing to report