Friday, June 19, 2015




Complete DHS Report for June 19, 2015

Daily Report

Top Stories

 · Officials released a report June 16 revealing that the Washington Metropolitan Area Transit Authority had failed to improve efforts on safety measures for employees following a January 12 smoke incident in which 1 woman died and 80 riders sickened. – Washington Post

10. June 17, Washington Post – (Washington, D.C.) FTA report: there are significant
flaws in Metro’s safety management system. The Federal Transit Administration
(FTA) reported June 16 that the Washington Metropolitan Area Transit Authority
(WMATA) had failed to improve efforts on safety measures for employees, lacked adequate training for workers, and found the department severely understaffed with authorized drivers, following a January 12 smoke incident in which 1 woman died and 80 riders sickened. The Government Accountability Office is reviewing Metro operations and the National Transportation Safety Board is scheduled to hold hearings for two days on the January 12 incident. Source: http://www.washingtonpost.com/local/trafficandcommuting/fta-report-metrofailed-to-follow-through-on-safety-efforts/2015/06/17/9c8be738-146c-11e5-9518-f9e0a8959f32_story.html

 · Researchers identified critical inter-app interaction services and cross-app resource access (XARA) vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use sandboxed malware to bypass protections and steal confidential information from affected devices. – Help Net Security See item 25 below in the Information Technology Sector

 · Federal officials proposed a $100 million fine to AT&T for allegedly violating the
“Transparency Rule” in the 2010 Open Internet Order. – Forbes See item 26 below in the Communications Sector

 · Officials reported June 18 that a man who fatally shot and killed 9 people at the Emanuel African Methodist Episcopal Church in South Carolina was taken into custody in North Carolina June 18. – CNN

27. June 18, CNN – (South Carolina) Charleston church shooting suspect arrested in North Carolina. Charleston police reported June 18 that a man fatally shot and killed 9 people at the Emanuel African Methodist Episcopal Church in South Carolina, after attending a Bible study class with the victims June 17. Officials reported the shooter was taken into custody in North Carolina June 18. Source: http://www.cnn.com/2015/06/18/us/charleston-south-carolina-shooting/

Financial Services Sector

5. June 17, U.S. Securities and Exchange Commission – (Massachusetts) SEC charges investment adviser with fraudulently funneling client assets to companies in owner’s interest. The U.S. Securities and Exchange Commission charged Boston based Interinvest Corporation and its owner June 17 with allegedly defrauding investors out of up to $12 million after funneling $17 million worth of investments into Canadian penny stock companies in which the owner had undisclosed business interests. Source: https://www.sec.gov/news/pressrelease/2015-122.html

6. June 17, Milpitas Patch – (California) Suspected gas pump identity snatchers arrested for luxe shopping sprees in Santa Clara Co. Santa Clara County authorities reported June 16 that 4 suspects were charged with allegedly using credit card information stolen from gas station pumps to create counterfeit cards in which they used to purchase over $500,000 in luxury items at 31 stores in Santa Clara and 1 store in Fresno County from August 2014 – February 2015.

Information Technology Sector

23. June 18, Help Net Security – (International) Reddit announces switch to HTTPS only. Reddit Web site developers reported that starting June 29, the site will only be accessible over hypertext transfer protocol secure (HTTPS) encrypted connections served via the company’s CloudFlare content delivery network (CDN). Source: http://www.net-security.org/secworld.php?id=18526

24. June 18, Securityweek – (International) Drupal security updates patch several vulnerabilities. Drupal developers released updates patching open redirect, information disclosure, and access bypass vulnerabilities in versions 6 and 7 of its open source content management software (CMS). Source: http://www.securityweek.com/drupal-security-updates-patch-severalvulnerabilities

25. June 17, Help Net Security – (International) Unpatched OS X, iOS flaws allow password, token theft from keychain, apps. Researchers from three universities identified critical inter-app interaction services and cross-app resource access (XARA) vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use sandboxed malware to bypass protections and steal confidential information from affected devices. Source: http://www.net-security.org/secworld.php?id=18523

For another story, see item 18 below from the Government Facilities Sector

18. June 17, CNN – (National) OPM inspector general questioned over hacking report. The U.S. Office of Personnel Management’s (OPM) inspector general released testimony to the House Oversight Committee June 15 revealing that large portions of OPM’s critical and sensitive databases had failed to meet Federal security standards in audits completed months before the breach all of the way back to 2007. Source: http://www.cnn.com/2015/06/16/politics/opm-hack-ig-testimony/

Communications Sector

26. June 18, Forbes – (National) FCC plans to fine AT&T $100 million for throttling data speeds. The Federal Communications Commission (FCC) is fining AT&T for allegedly failing to adequately notify its customers that they could receive speeds slower than the normal networks that were advertised which violates the “Transparency Rule” in the 2010 Open Internet Order. The proposed fine is $100 million, the largest fine proposed by the FCC. Source: http://www.forbes.com/sites/amitchowdhry/2015/06/18/fcc-fines-att-100-million-for-throttling-data-speeds/

For another story, see item 22 below from the Emergency Services Sector
22. June 17, Lansing State Journal – (Michigan) 911 service restored in southern
Clinton County. 911 services were restored to Clinton County, Michigan and surrounding areas June 17 after a fiber optic telephone line was cut earlier in the day. Residents were without service for a number of hours. Source: http://www.lansingstatejournal.com/story/news/local/2015/06/17/clintonservice-disrupted/28868729/