Friday, October 2, 2015



Complete DHS Report for October 2, 2015

Daily Report                                            

Top Stories

• Officials reported September 28 that the number of information security incidents affecting systems supporting the Federal Government grew 1,121 percent since 2006 and the number of incidents involving personal identifiable information more than doubled from 2009 to 2014. – Network World

23. September 30, Network World – (National) Network security weaknesses plague federal agencies. The U.S. Government Accountability Office released a report the week of September 28 which found that the number of information security incidents affecting systems supporting the Federal Government grew 1,121 percent since 2006 and that the number of incidents involving personal identifiable information (PII) more than doubled from 2009 to 2014. The report also detailed how information and systems remain at high risk of unauthorized access and disruption, and that weaknesses existed at effectively implementing security controls, among other findings.

 • Apple released OS X version 10.11 El Capitan to address over 100 security vulnerabilities. – Threatpost See item 25 below in the Information Technology Sector

 • Researchers discovered a series of Android media processing vulnerabilities, dubbed Stagefright 2.0, affecting over 1 billion devices which could allow an attacker to trick users into visiting maliciously crafted Web sites. – IDG News Service See item 26 below in the Information Technology Sector

 • Researchers disclosed a critical zero day WinRAR remote code execution vulnerability affecting up to 500 million users, where an attacker could inject malicious code into an archive that would automatically execute upon unzipping. – Computerworld See item 27 below in the Information Technology Sector


Financial Services Sector

6. September 30, KDKA 2 Pittsburgh – (Pennsylvania) Feds seize assets, cash from woman accused in $15M embezzlement scheme. Federal authorities were investigating a former Matthews International Corporation treasurer specialist in Pittsburgh and seized millions of dollars in cash and assets September 30 in connection to an alleged fraud scheme in which the suspect allegedly took $15 million from the company since 2003. Source: http://pittsburgh.cbslocal.com/2015/09/30/feds-seize-assets-cash-from-woman-accused-in-15m-embezzlement-scheme/

Information Technology Sector

25. October 1, Threatpost – (International) Apple patches 100+ vulnerabilities in OS X, Safari, iOS. Apple released OS X version 10.11 El Capitan addressing over 100 security vulnerabilities, including 20 hypertext preprocessor (PHP) flaws, XARA password stealing vulnerabilities which could allow an attacker to use a malicious application to access a user’s keychain, and 45 issues in the Safari 9 Web browser, among others. Source: https://threatpost.com/apple-patches-100-vulnerabilities-in-os-x-safari-ios/114876/

26. October 1, IDG News Service – (International) New Android vulnerabilities put over a billion devices at risk of remote hacking. Security researchers from Zimperium discovered a series of Android media processing vulnerabilities, dubbed Stagefright 2.0, affecting over 1 billion devices which could allow an attacker to trick users into visiting maliciously crafted Web sites that would exploit the flaws and lead to remote code execution on almost all devices starting with version 1.0 of the operating system (OS). Source: http://www.computerworld.com/article/2988157/android/new-android-vulnerabilities-put-over-a-billion-devices-at-risk-of-remote-hacking.html

27. September 30, Computerworld – (International) Critical flaw puts 500 million WinRAR users at risk of being pwned by unzipping a file. Security researchers disclosed a critical zero day WinRAR remote code execution vulnerability affecting up to 500 million users, in which an attacker could inject malicious code into an archive that would automatically execute upon unzipping. The vulnerability can be exploited without system user privileges or user interaction. Source: http://www.computerworld.com/article/2987749/cybercrime-hacking/critical-flaw-puts-500-million-winrar-users-at-risk-of-being-pwned-by-unzipping-a-file.html

Communications Sector

Nothing to report