Thursday, October 24, 2013

Complete DHS Daily Report for October 24, 2013

Daily Report

Top Stories

 • Nissan announced a recall of 153,000 Nissan and Infiniti vehicles due to issues with their antilock braking system software. – Detroit News

5. October 23, Detroit News – (National) Nissan to recall 153,000 vehicles for braking issue. Nissan announced a recall of 153,000 model year 2013-2014 Pathfinder, model year 2013 Infiniti JX35, and model year Infiniti QX60 vehicles due to an issue with antilock braking system software that may lead to increased stopping distances. Source:

 • Owners of Jensen Farms cantaloupes farm in Colorado pleaded guilty to federal misdemeanor charges tied to a 2011 listeria outbreak that killed 33 people. – Associated Press

13. October 22, Associated Press – (Colorado) Colo. farmers plead guilty in tainted melon case. Two owners of Jensen Farms in Colorado, whose cantaloupes were tied to a 2011 listeria outbreak that killed 33 people, pleaded guilty to 6 counts of introducing adulterated food into interstate commerce October 22. Source:

 • A 14-year old student was charged in the death of a teacher at a high school in Danvers, Massachusetts, after the teacher’s body was found in the woods behind the school. – Associated Press

21. October 23, Associated Press – (Massachusetts) Mass. teacher slain; 14-year-old student charged. Police charged a teenage student in connection with the death of a Danvers High School teacher and closed the school October 23 after the teacher’s body was found in the woods behind the school. Source:

 • U.S. Air Force officers in charge of guarding long-range nuclear missiles were caught violating protocols in two incidents in 2013. – Associated Press

26. October 22, Associated Press – (Wyoming; North Dakota; Montana) Nuclear officers napped with blast door left open. U.S. Air Force officials announced officers in charge of guarding launch keys to long-range nuclear missiles were caught twice in 2013 leaving open a blast door used to help prevent intruders from entering their underground command post. In both cases one of the crew members inside was asleep, violating protocol of never leaving the blast doors open if crew members are not awake and alert. Source:


Banking and Finance Sector

8. October 22, Fort Worth Star-Telegram – (Texas) ‘Regular Joe Bandit’ suspected in north Texas bank holdups. A suspect known as the “Regular Joe Bandit” was identified as the man believed responsible for robbing six bank branches and a credit union in north Texas. The suspect was arrested September 26 following the robbery of a bank branch in Allen, Texas. Source:

9. October 22, Softpedia – (National) U.S. financial institutions complete Quantum Dawn 2 cybersecurity exercise. The Securities Industry and Financial Markets Association (SIFMA) published the results of its Quantum Dawn 2 cybersecurity exercise. The exercise involved over 50 financial organizations, tested participants against several simulated cyberattacks, and led to a report on the observed strengths and weaknesses of financial services cybersecurity. Source:

Information Technology Sector

32. October 23, Softpedia – (International) Experts warn of critical flaws in Netgear ReadyNAS storage devices. Researchers at Tripwire identified several critical vulnerabilities in Netgear ReadyNAS RAIDiator firmware that could allow attackers to inject their own commands without authentication. Newer versions of the firmware address the vulnerabilities, but the researchers found that 73 percent of the appliances connected to the Internet were not patched. Source:

33. October 23, Softpedia – (International) Network Solutions apologizes to customers after DNS incident. Network Solutions informed users experiencing DNS and email issues October 21 that the problems were caused by spam abuse that resulted in blacklisting by four organizations. Source:

34. October 23, Softpedia – (International) Apache Shindig 2.5.0 updated to address XXE vulnerability. The Apache Software Foundation released Apache Shindig 2.5.0-update 1 which closes an XML external entity (XXE) vulnerability that could allow a malicious gadget author to perform actions that would display the content in a gadget iframe. Source:

35. October 22, SC Magazine – (International) U.S. enterprises in path of data-hijacking Sazoora campaign, firm finds. A researcher at Seculert reported that more than 1,800 machines in the U.S. were infected by the latest version of the Sazoora data-hijacking trojan, Sazoora.B. The malware has affected around 23,000 machines globally and the newest variant contains new features to help it avoid detection and botnet hijacking. Source:

36. October 22, CNET News – (National) Aaron’s computer rental chain settles FTC spying charges. Rent-to-own computer chain Aaron’s agreed to settle Federal Trade Commission charges that the company installed spyware on customers’ computers that took photos and used keyloggers to steal login credentials. Under the agreement, the company is prohibited from using monitoring programs and must obtain customer consent to use location-tracking software on its rental computers. Source:

37. October 22, Network World – (International) Apple quietly releases iOS 7.0.3, with new fixes and features. Apple released an update for its iOS 7 mobile operating system which closes a security issue where a ‘supervised’ device could revert to ‘unsupervised’ status during an update, as well resolving several other functional issues. Source:

38. October 21, Threatpost – (International) Simple bug exposed Verizon Wireless users’ SMS history. A researcher found and reported a vulnerability in Verizon Wireless’s customer portal that enabled anyone to use a subscriber’s phone number to download that user’s SMS history by modifying the portal URL. Source:

Communications Sector

39. October 22, Bemidji Pioneer – (Minnesota) Service back on for CenturyLink customers after cut line. CenturyLink estimated repairs would be completed by October 23 after a local power company accidentally cut its fiber line October 22 causing phone, Internet, and 9-1-1 service outages in Beltrami County. Source:

40. October 22, Boston Globe – (Massachusetts) Verizon cable accidentally cut, interrupting Internet service for some Boston businesses. Verizon announced a fiber optic cable cut by a worker only impacted the Internet service for a couple hundred businesses in Boston and is expected to be restored October 22. Source:

41. October 22, Chaffee County Times – (Colorado) Verizon Wireless problems to be fixed Tuesday. Equipment damage at a Verizon Wireless cell site October 18 was believed to be the cause of some Buena Vista, Colorado customers having difficulty placing calls or sending text messages. Problems continued to persist through October 22 after the company worked to fix the issue. Source:

42. October 22, Anniston Star – (Alabama) Cable One’s morning Internet outage caused by router upgrade at Phoenix headquarters. A Cable One spokeswoman reported an Internet and phone outage for 2,000 Calhoun County area customers October 22 was caused by a glitch during a routine router upgrade. Source:

For another story, see item 38 above in the Information Technology Sector