Complete DHS Report for
June 19, 2015
Daily Report
Top Stories
· Officials released a report June 16 revealing
that the Washington Metropolitan Area Transit Authority had failed to improve
efforts on safety measures for employees following a January 12 smoke incident
in which 1 woman died and 80 riders sickened. – Washington Post
10. June 17,
Washington Post – (Washington, D.C.) FTA report: there are significant
flaws in
Metro’s safety management system. The Federal Transit Administration
(FTA) reported June 16 that
the Washington Metropolitan Area Transit Authority
(WMATA) had failed to
improve efforts on safety measures for employees, lacked adequate training for
workers, and found the department severely understaffed with authorized
drivers, following a January 12 smoke incident in which 1 woman died and 80
riders sickened. The Government Accountability Office is reviewing Metro operations
and the National Transportation Safety Board is scheduled to hold hearings for
two days on the January 12 incident. Source: http://www.washingtonpost.com/local/trafficandcommuting/fta-report-metrofailed-to-follow-through-on-safety-efforts/2015/06/17/9c8be738-146c-11e5-9518-f9e0a8959f32_story.html
· Researchers identified critical inter-app
interaction services and cross-app resource access (XARA) vulnerabilities in
Apple’s OS X and iOS platforms in which an attacker could use sandboxed malware
to bypass protections and steal confidential information from affected devices.
– Help Net Security See item 25 below in
the Information Technology Sector
· Federal officials proposed a $100 million fine
to AT&T for allegedly violating the
“Transparency Rule” in the 2010 Open Internet Order. – Forbes See item 26 below in
the Communications Sector
· Officials reported June 18 that a man who
fatally shot and killed 9 people at the Emanuel African Methodist Episcopal
Church in South Carolina was taken into custody in North Carolina June 18. – CNN
27. June 18,
CNN – (South Carolina) Charleston church shooting suspect arrested
in North Carolina. Charleston police reported June 18 that a man fatally
shot and killed 9 people at the Emanuel African Methodist Episcopal Church in
South Carolina, after attending a Bible study class with the victims June 17.
Officials reported the shooter was taken into custody in North Carolina June
18. Source: http://www.cnn.com/2015/06/18/us/charleston-south-carolina-shooting/
Financial Services Sector
5. June 17,
U.S. Securities and Exchange Commission – (Massachusetts) SEC charges investment
adviser with fraudulently funneling client assets to companies in owner’s
interest. The U.S. Securities and Exchange Commission charged Boston based Interinvest
Corporation and its owner June 17 with allegedly defrauding investors out of up
to $12 million after funneling $17 million worth of investments into Canadian
penny stock companies in which the owner had undisclosed business interests. Source:
https://www.sec.gov/news/pressrelease/2015-122.html
6. June 17,
Milpitas Patch – (California) Suspected gas pump identity snatchers arrested
for luxe shopping sprees in Santa Clara Co. Santa Clara County authorities reported
June 16 that 4 suspects were charged with allegedly using credit card information
stolen from gas station pumps to create counterfeit cards in which they used to
purchase over $500,000 in luxury items at 31 stores in Santa Clara and 1 store in
Fresno County from August 2014 – February 2015.
Information Technology Sector
23. June 18,
Help Net Security – (International) Reddit announces switch to HTTPS only. Reddit
Web site developers reported that starting June 29, the site will only be accessible
over hypertext transfer protocol secure (HTTPS) encrypted connections served
via the company’s CloudFlare content delivery network (CDN). Source: http://www.net-security.org/secworld.php?id=18526
24. June 18,
Securityweek – (International) Drupal security updates patch several vulnerabilities.
Drupal developers released updates patching open redirect, information
disclosure, and access bypass vulnerabilities in versions 6 and 7 of its open source
content management software (CMS). Source: http://www.securityweek.com/drupal-security-updates-patch-severalvulnerabilities
25. June 17,
Help Net Security – (International) Unpatched OS X, iOS flaws allow password,
token theft from keychain, apps. Researchers from three universities identified
critical inter-app interaction services and cross-app resource access (XARA) vulnerabilities
in Apple’s OS X and iOS platforms in which an attacker could use sandboxed
malware to bypass protections and steal confidential information from affected
devices. Source: http://www.net-security.org/secworld.php?id=18523
For another
story, see item 18 below from the Government Facilities Sector
18. June 17,
CNN – (National) OPM inspector general questioned over hacking
report. The U.S. Office of Personnel Management’s (OPM) inspector general
released testimony to the House Oversight Committee June 15 revealing that
large portions of OPM’s critical and sensitive databases had failed to meet
Federal security standards in audits completed months before the breach all of
the way back to 2007. Source: http://www.cnn.com/2015/06/16/politics/opm-hack-ig-testimony/
Communications Sector
26. June 18,
Forbes – (National) FCC plans to fine AT&T $100 million for
throttling data speeds. The Federal Communications Commission (FCC) is fining
AT&T for allegedly failing to adequately notify its customers that they
could receive speeds slower than the normal networks that were advertised which
violates the “Transparency Rule” in the 2010 Open Internet Order. The proposed
fine is $100 million, the largest fine proposed by the FCC. Source: http://www.forbes.com/sites/amitchowdhry/2015/06/18/fcc-fines-att-100-million-for-throttling-data-speeds/
For another story, see item 22 below from the Emergency
Services Sector
22. June 17,
Lansing State Journal – (Michigan) 911 service restored in
southern
Clinton
County. 911 services were restored to Clinton County, Michigan and surrounding
areas June 17 after a fiber optic telephone line was cut earlier in the day. Residents
were without service for a number of hours. Source: http://www.lansingstatejournal.com/story/news/local/2015/06/17/clintonservice-disrupted/28868729/