Complete DHS Report for
September 21, 2015
Daily Report
Top Stories
• Five people were
killed by the Valley and Butte fires that collectively burned over 145,000
acres in northern California, destroyed 585 structures, and forced 20,000
people to evacuate by September 17. – Reuters
18. September
17, Reuters – (California) Death toll in northern California wildfires
jumps to five. Five people were killed by the Valley and Butte fires that
collectively have burned over 145,000 acres in northern California, destroyed
585 structures, and forced 20,000 people to evacuate by September 17. Crews
reached 35 percent containment of the Valley Fire and 55 percent containment of
the Butte Fire. Source:
http://www.reuters.com/article/2015/09/18/us-usa-wildfires-idUSKCN0RC0J720150918
• Apple released
software updates adding new capabilities and addressing over 100
vulnerabilities in iOS, Mac OS X, iTunes, Xcode, and others. – Securityweek See item 23
below in the Information
Technology Sector
• Comcast Corp
reached a $33 million settlement with California State officials September 17
over allegations that Comcast disclosed about 75,000 customers’ information
online over a 2-year period after each customer paid for unlisted Voice over
Internet Protocol. – Reuters
See item 25 below in the Communications Sector
• U.S. officials
reported September 18 that American-based companies are now able to open up
offices, stores, and warehouses in Cuba after a regulation was issued easing
restrictions and opening up travel. – Reuters
27. September
18, Reuters – (International) U.S. moves to open up business with Cuba,
ease embargo. U.S. officials reported September 18 that American-based
companies including Internet-based services, business operations, banking and
remittances, travel services, and telecommunication companies are now able to
open up offices, stores, and warehouses in Cuba after a regulation was issued that eased
restrictions and opened up travel. The regulations also increase educational
opportunities by allowing Internet-based courses and further expanding
humanitarian efforts through disaster relief. Source: http://www.msn.com/en-us/news/us/us-moves-to-open-up-business-with-cuba-ease-embargo/ar-AAestRP
Financial Services Sector
3. September
17, U.S. Securities and Exchange Commission – (National) SEC charges
clearing firm officials for improper margin loans, accounting and disclosure
failures. The U.S. Securities and Exchange Commission charged 4 Penson
Financial Services officials September 17 for alleged accounting and disclosure
failures that resulted in loaning nearly $100 million in margin loans secured
by impaired, unrated municipal bonds that cost investors $60 million. The SEC
filed a separate complaint against a customer who benefited from one of the
margin loans, for allegedly fraudulently obtaining $6.8 million in loans or
credit from Penson. Source: http://www.sec.gov/news/pressrelease/2015-194.html
4. September
17, U.S. Attorney’s Office District of Kansas – (Kansas) Shawnee Mission man pleads guilty to $6
million embezzlement. A Shawnee Mission man pleaded guilty September 16 to
embezzling over $6 million from Overland Park-based Commodity Specialists
Company by creating fake companies and by billing CSC for fake deliveries and
associated invoices. The suspect also failed to report the income on Federal
tax returns. Source: http://www.justice.gov/usao-ks/pr/shawnee-mission-man-pleads-guilty-6-million-embezzlement
For another story, see item 27 above in Top Stories
Information Technology Sector
19. September
18, SC Magazine – (International) VMware addresses vulnerability in vCenter
server. VMware released an update addressing a certificate validation
vulnerability in select versions of its vCenter Server which an attacker could
exploit to intercept traffic between the vCenter Server and the Lightweight
Directory Access Protocol (LDAP) server to capture sensitive information.
20. September
18, Softpedia – (International) D-Link accidentally publishes code signing
keys. A Norwegian developer and researchers from Fox-IT discovered that
D-Link inadvertently released private code signing keys along with a recent
firmware update following the purchase of the company’s DCS-5020L surveillance
camera. D-Link revoked the certificate and published new versions of the
firmware that do not contain the code signing keys. Source: http://news.softpedia.com/news/d-link-accidentally-publishes-code-signing-keys-492032.shtml
21. September
18, Help Net Security – (International) Critical Bugzilla flaw
allows access to unpatched vulnerability information. Mozilla released an
update addressing a critical vulnerability in its Bugzilla bug-tracking
software in which an attacker could gain access to information about a
project’s unpatched flaws by tricking the system into granting domain-specific
privileges. Attackers can create an account with an email address different
than originally requested due to a vulnerability where login names longer than
127 characters could cause the domain name of the email address to be
corrupted. Source: http://www.net-security.org/secworld.php?id=18868
22. September
18, Help Net Security – (International) Malicious SYNful Cisco
router implant found on more devices across the globe. Security researchers
followed recent FireEye findings of SYNful modified malicious router firmware
with four scans of public IPv4 addresses and found that 79 hosts displayed
behavior consistent with the SYNful Knock implant, including 25 in the U.S.
which belong to a single East Coast service provider. Source: http://www.net-security.org/malware_news.php?id=3104
23. September
17, Securityweek – (International) Apple patches vulnerabilities in iOS, OS X,
iTunes, Xcode. Apple released software updates adding new capabilities and
addressing over 100 vulnerabilities in iOS, Mac OS X, iTunes, and Xcode,
including a security flaw in AirDrop that could allow an attacker to send
malicious files to an affected device within Bluetooth range, 33
vulnerabilities affecting WebKit, and 9 relating to CFNetwork, among others. Source: http://www.securityweek.com/apple-patches-vulnerabilities-ios-os-x-itunes-xcode
24. September
17, Network World – (International) Under DDoS attack? It could just be a
distraction. Kaspersky Lab released findings from polling of managers and
information technology professionals at 5,500 companies in 26 countries
revealing that three-quarters of distributed denial-of-service (DDoS) attacks
are accompanied by other security incidents, implying that the attacks are
often used as a diversion tactic and that businesses should keep resources
available to manage corporate security in its entirety. Source: http://www.computerworld.com/article/2984606/security/under-ddos-attack-it-could-be-just-a-distraction.html
Communications Sector
25. September
17, Reuters – (California) Comcast reaches $33 mln settlement with
California privacy violations. Comcast Corp reached a $33 million
settlement with California Department of Justice and the California Public
Utilities Commission September 17 over allegations that Comcast disclosed about
75,000 customers’ names, phone numbers, and addresses online over a 2-year
period after each customer paid for unlisted Voice over Internet Protocol
(VoIP). Comcast will refund all fees paid for unlisted service and pay each
customer an additional $100.
For additional stories, see item 23 above in the Information Technology Sector and item 27 above in Top
Stories