Complete DHS Report for
May 21, 2015
Daily Report
Top Stories
• Officials reported May 19 a settlement with
the Takata Corporation in which the air bag manufacturer agreed to declare 33.8
million of its inflator mechanisms defective, leading to the largest recorded
U.S. auto recall.– NBC News
2. May 19,
NBC News – (National) Takata recalling 33.8M air bags, biggest
ever in U.S. The National Highway Traffic Safety Administration announced
May 19 a settlement with the Takata Corporation in which the air bag
manufacturer agreed to declare 33.8 million of its inflator mechanisms
defective, leading to the largest recorded U.S. auto recall. The defect has led
to recalls from 10 automakers and included 17 million vehicles in the U.S.
prior to the May 19 announcement. Source: http://www.nbcnews.com/business/autos/takata-expected-declare-33-8m-vehicles-defective-report-says-n361446
• Five
major banks agreed to plead guilty and pay $6 billion May 20 in a settlement
with authorities to resolve charges of foreign currency exchange manipulation
that had occurred until regulators started punishing banks for the misconduct
in 2013.– Reuters See item 3
below in the Financial Services Sector
• Six
train tankers carrying hazardous chemicals derailed in Louisiana, May 19,
prompting officials to declare a state of emergency and a mandatory evacuation
for residents within 1,000 feet of the area. – NBC News
6. May 20,
NBC News – (Louisiana) Evacuations ordered after chemical cars
derailed in Louisiana. Six tankers from a Union Pacific train carrying
sodium hydroxide, propylene oxide, and propylene dichloride derailed in Addis
May 19, prompting the parish’s Office of Homeland Security to declare a state
of emergency and a mandatory evacuation for residents within 1,000 feet of the
area while officials cleared the scene. The cause of the derailment is
suspected to be damaged track. Source: http://www.nbcnews.com/news/us-news/evacuations-ordered-after-chemical-cars-derail-louisiana-n361661
• Federal authorities and agencies in all 50
States filed a joint lawsuit May 18 against the Tennessee-based Cancer Fund of
America, its 3 affiliated nonprofits, and the individuals who run the charities
for allegedly using the $187 million raised for personal use.– Knoxville
News Sentinel
14. May 20, Knoxville News Sentinel – (National) Lawsuit:
Cancer charities built multimillion-dollar fraud empire. The U.S. Federal
Trade Commission along with agencies in all 50 States filed a joint lawsuit May
18 against Knoxville-based Cancer Fund of America, its 3 affiliated nonprofits,
and the individuals who run the charities for allegedly using the $187 million
raised for personal use. Three individuals and 2 of the charities negotiated
settlements with the government totaling over $200 million. Source: http://www.knoxnews.com/news/local-news/ftc-states-file-complaint-against-knoxville-charity_92306448
Financial Services Sector
3. May 20,
Reuters –
(International) Major banks admit guilt in forex probe, fined $6 billion. Citigroup, JP
Morgan, Barclays, the United Bank of Switzerland (UBS), and the Royal Bank of
Scotland (RBS) agreed to plead guilty and pay $6 billion in fines May 20 in a
settlement with the U.S. Federal Reserve and U.S. Department of Justice (DOJ)
to resolve charges of foreign currency exchange manipulation that had occurred
until regulators started punishing banks for the misconduct in 2013. The
settlement represents the largest antitrust fines issued by the DOJ in agency
history. Source: http://www.reuters.com/article/2015/05/20/us-banks-forex-settlement-idUSKBN0O50CQ20150520
4. May 19,
Orlando Sentinel – (Florida) State finds 103 credit-card skimmers in 3-month
inspection of gas pumps. Florida’s Commissioner of Agriculture and Consumer
Services announced May 19 that a 3-month inspection of 7,571 gas pumps revealed
103 credit-card skimming devices across the State. The Florida Petroleum
Council and the Florida Petroleum Marketers and Convenience Store Association
plan to train employees to be vigilant for skimmers. Source: http://www.orlandosentinel.com/business/os-gas-pump-skimmers-20150519-story.html
5. May 19,
Reuters – (National) U.S. regulator says PayPal to pay $25 mln over
credit product problems. The U.S. Consumer Financial Protection Bureau
(CFPB) announced allegations May 19 that PayPal illegally signed consumers up
for an online credit product without their knowledge or permission, and has
issued the company to pay $25 million in fines to the government and consumer
refunds. The CFPB also alleged that PayPal Credit failed to honor advertised
promotions and charged illegitimate late fees when Web site problems prevented
customers from making payments. Source: http://www.reuters.com/article/2015/05/19/financial-regulation-paypal-idUSL1N0YA1AD20150519
Information Technology Sector
18. May 20,
Softpedia –
(International) TLS protocol flawed, HTTPS connections susceptible to FREAK-like attack. Cryptography and security researchers discovered that
approximately 8.4 percent of the top one million domains containing mail and
web servers are vulnerable to an attack dubbed Logjam, in which an attacker
could compromise a secure communication between a client and server by
downgrading the transport layer security (TLS) connection to 512-bit export-grade
cryptography due to left over variants of the Diffie-Hellman cryptographic key
exchange mechanism from the 1990s. The attack method is similar to the one used
in the Factoring RSA Export Keys (FREAK) attacks from early 2015. Source: http://news.softpedia.com/news/TLS-Protocol-Flawed-HTTPS-Connections-Susceptible-to-FREAK-Like-Attack-481744.shtml
19. May 20,
Securityweek – (International) Millions of routers vulnerable to attacks due
to NetUSB bug. Security researchers at SEC Consult discovered a kernel
stack buffer overflow vulnerability in NetUSB drivers developed by Taiwan-based
KCodes, in which an unauthenticated attacker can execute arbitrary code or
cause a denial-of-service (DoS) condition by specifying a computer name longer
than 64 characters when the client connects to the server. The driver is found
in millions of routers from vendors including Netgear, TP-Link, ZyXEL, and
TRENDnet. Source: http://www.securityweek.com/millions-routers-vulnerable-attacks-due-netusb-bug
20. May 19,
Threatpost – (International) Google fixes sandbox escape in Chrome. Google
patched 37 bugs in Chrome version 43, including 6 high-risk sandbox-escape,
cross-origin bypass, and use-after-free vulnerabilities discovered by various
security researchers. Source: https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899
21. May 19,
Threatpost – (International) Malvertising leads to Magnitude exploit kit,
ransomware infection. Security researchers at Zscaler discovered that
attackers are using malicious ads and 302 cushioning attacks to direct users to
sites hosting the Magnitude exploit kit (EK), which in turn infects users with
CryptoWall ransomware. The researchers reported that most of the threat infrastructure
for these attacks is housed in Germany. Source: https://threatpost.com/malvertising-leads-to-magnitude-exploit-kit-ransomware-infection/112894
Communications Sector
22. May 19, Associated Press –
(National) Nashville radio show fined $1 million for fake emergency
broadcast. The U.S. Federal Communications Commission fined iHeartMedia $1
million May 19 after an October 2014 incident where an Emergency Alert System
(EAS) tone was misused on the Nashville-based program “The Bobby Bones Show”
and was sent to more than 70 affiliated stations across the nation. In addition
to the fine, iHeartMedia is required to implement a comprehensive plan and
delete EAS tones from its audio production libraries. Source: http://www.knoxnews.com/business/radio-show-fined-1-million-for-fake-emergency-broadcast_00045265_