Monday, September 21, 2015



Complete DHS Report for September 21, 2015

Daily Report                                            

Top Stories

 • Five people were killed by the Valley and Butte fires that collectively burned over 145,000 acres in northern California, destroyed 585 structures, and forced 20,000 people to evacuate by September 17. – Reuters

18. September 17, Reuters – (California) Death toll in northern California wildfires jumps to five. Five people were killed by the Valley and Butte fires that collectively have burned over 145,000 acres in northern California, destroyed 585 structures, and forced 20,000 people to evacuate by September 17. Crews reached 35 percent containment of the Valley Fire and 55 percent containment of the Butte Fire. Source: http://www.reuters.com/article/2015/09/18/us-usa-wildfires-idUSKCN0RC0J720150918

 • Apple released software updates adding new capabilities and addressing over 100 vulnerabilities in iOS, Mac OS X, iTunes, Xcode, and others. – Securityweek  See item 23 below in the Information Technology Sector

 • Comcast Corp reached a $33 million settlement with California State officials September 17 over allegations that Comcast disclosed about 75,000 customers’ information online over a 2-year period after each customer paid for unlisted Voice over Internet Protocol. – Reuters See item 25 below in the Communications Sector

 • U.S. officials reported September 18 that American-based companies are now able to open up offices, stores, and warehouses in Cuba after a regulation was issued easing restrictions and opening up travel. – Reuters

27. September 18, Reuters – (International) U.S. moves to open up business with Cuba, ease embargo. U.S. officials reported September 18 that American-based companies including Internet-based services, business operations, banking and remittances, travel services, and telecommunication companies are now able to open up offices, stores, and warehouses in Cuba after a regulation was issued that eased restrictions and opened up travel. The regulations also increase educational opportunities by allowing Internet-based courses and further expanding humanitarian efforts through disaster relief. Source: http://www.msn.com/en-us/news/us/us-moves-to-open-up-business-with-cuba-ease-embargo/ar-AAestRP

Financial Services Sector

3. September 17, U.S. Securities and Exchange Commission – (National) SEC charges clearing firm officials for improper margin loans, accounting and disclosure failures. The U.S. Securities and Exchange Commission charged 4 Penson Financial Services officials September 17 for alleged accounting and disclosure failures that resulted in loaning nearly $100 million in margin loans secured by impaired, unrated municipal bonds that cost investors $60 million. The SEC filed a separate complaint against a customer who benefited from one of the margin loans, for allegedly fraudulently obtaining $6.8 million in loans or credit from Penson. Source: http://www.sec.gov/news/pressrelease/2015-194.html

4. September 17, U.S. Attorney’s Office District of Kansas – (Kansas) Shawnee Mission man pleads guilty to $6 million embezzlement. A Shawnee Mission man pleaded guilty September 16 to embezzling over $6 million from Overland Park-based Commodity Specialists Company by creating fake companies and by billing CSC for fake deliveries and associated invoices. The suspect also failed to report the income on Federal tax returns. Source: http://www.justice.gov/usao-ks/pr/shawnee-mission-man-pleads-guilty-6-million-embezzlement

For another story, see item 27 above in Top Stories

Information Technology Sector

19. September 18, SC Magazine – (International) VMware addresses vulnerability in vCenter server. VMware released an update addressing a certificate validation vulnerability in select versions of its vCenter Server which an attacker could exploit to intercept traffic between the vCenter Server and the Lightweight Directory Access Protocol (LDAP) server to capture sensitive information.

20. September 18, Softpedia – (International) D-Link accidentally publishes code signing keys. A Norwegian developer and researchers from Fox-IT discovered that D-Link inadvertently released private code signing keys along with a recent firmware update following the purchase of the company’s DCS-5020L surveillance camera. D-Link revoked the certificate and published new versions of the firmware that do not contain the code signing keys. Source: http://news.softpedia.com/news/d-link-accidentally-publishes-code-signing-keys-492032.shtml

21. September 18, Help Net Security – (International) Critical Bugzilla flaw allows access to unpatched vulnerability information. Mozilla released an update addressing a critical vulnerability in its Bugzilla bug-tracking software in which an attacker could gain access to information about a project’s unpatched flaws by tricking the system into granting domain-specific privileges. Attackers can create an account with an email address different than originally requested due to a vulnerability where login names longer than 127 characters could cause the domain name of the email address to be corrupted. Source: http://www.net-security.org/secworld.php?id=18868

22. September 18, Help Net Security – (International) Malicious SYNful Cisco router implant found on more devices across the globe. Security researchers followed recent FireEye findings of SYNful modified malicious router firmware with four scans of public IPv4 addresses and found that 79 hosts displayed behavior consistent with the SYNful Knock implant, including 25 in the U.S. which belong to a single East Coast service provider. Source: http://www.net-security.org/malware_news.php?id=3104

23. September 17, Securityweek – (International) Apple patches vulnerabilities in iOS, OS X, iTunes, Xcode. Apple released software updates adding new capabilities and addressing over 100 vulnerabilities in iOS, Mac OS X, iTunes, and Xcode, including a security flaw in AirDrop that could allow an attacker to send malicious files to an affected device within Bluetooth range, 33 vulnerabilities affecting WebKit, and 9 relating to CFNetwork, among others. Source: http://www.securityweek.com/apple-patches-vulnerabilities-ios-os-x-itunes-xcode

24. September 17, Network World – (International) Under DDoS attack? It could just be a distraction. Kaspersky Lab released findings from polling of managers and information technology professionals at 5,500 companies in 26 countries revealing that three-quarters of distributed denial-of-service (DDoS) attacks are accompanied by other security incidents, implying that the attacks are often used as a diversion tactic and that businesses should keep resources available to manage corporate security in its entirety. Source: http://www.computerworld.com/article/2984606/security/under-ddos-attack-it-could-be-just-a-distraction.html

Communications Sector 

25. September 17, Reuters – (California) Comcast reaches $33 mln settlement with California privacy violations. Comcast Corp reached a $33 million settlement with California Department of Justice and the California Public Utilities Commission September 17 over allegations that Comcast disclosed about 75,000 customers’ names, phone numbers, and addresses online over a 2-year period after each customer paid for unlisted Voice over Internet Protocol (VoIP). Comcast will refund all fees paid for unlisted service and pay each customer an additional $100.

For additional stories, see item 23 above in the Information Technology Sector and item 27 above in Top Stories