Complete DHS Report for
November 4, 2015
Daily Report
Top Stories
• The U.S.
Department of Justice reported November 2 that Netcracker Technology Corp.,
agreed to pay $11.4 million and Computer Sciences Corp., agreed to pay $1.35
million for allegedly using individuals on a Defense Information Systems Agency
contract without proper security clearances. – U.S. Department of Justice
1. November
2, U.S. Department of Justice – (National) Netcracker
Technology Corp. and Computer Sciences Corp. agree to settle Civil False Claims
Act allegations. The U.S. Department of Justice announced November 2 that
Netcracker Technology Corp., agreed to pay $11.4 million and Computer Sciences
Corp., agreed to pay $1.35 million to settle charges that the companies
allegedly used individuals on a Defense Information Systems Agency (DISA)
contract without proper security clearances, violating the False Claims Act
from 2008 through 2013. Source: http://www.justice.gov/opa/pr/netcracker-technology-corp-and-computer-sciences-corp-agree-settle-civil-false-claims-act
• The Fairfax County
superintendent announced November 2 the suspension of all science experiments
involving open flames until further notice after an October 30 incident at W.T.
Woodson High School injured 5 students and a teacher. – Washington Post
12. November
2, Washington Post – (Virginia) School system bans open-flame science experiments
after accident. The Fairfax County superintendent announced November 2 the
suspension of all science experiments involving open flames until further
notice following an October 30 incident at W.T. Woodson High School where a
teacher used a flammable liquid during a science demonstration, prompting a
fire that hospitalized 5 students, injured the teacher, and evacuated the
school. Source:
https://www.washingtonpost.com/local/education/school-system-bans-open-flame-science-experiments-after-accident/2015/11/02/ac5aad7a-8163-11e5-8ba6-cec48b74b2a7_story.html
• The U.S.
Department of Justice will release 6,000 inmates from Federal prisons between
October 30 and November 2 as part of its plan to reduce prison crowding and
long punishments given to drug offenders. – WBIR 10 Knoxville
15. November
2, WBIR 10 Knoxville – (National) Inmates set free in largest one-time release from
federal prison. The U.S. Department of Justice will release 6,000 inmates
from Federal prisons between October 30 and November 2 as part of its plan to
reduce prison crowding and long punishments given to drug offenders. Source: http://www.wbir.com/story/news/local/2015/11/02/inmates-set-free-in-largest-one-time-release-from-federal-prison/75061044/
• Trend Micro
researchers reported the Moplus software development kit offered by Baidu
includes a functionality that can be abused to install backdoors on users’
devices via a Hypertext Transfer Protocol server on the targeted smartphone. – Softpedia
See item 16 below in the Information Technology Sector
Financial Services Sector
2. November
2, Reuters – (California) JPMorgan settles California debt collection
charges. JPMorgan Chase & Co., agreed to pay $50 million in a
settlement with the State of California to resolve allegations that the company
tried to collect incorrect sums, sold bad credit card debt, engaged in
“robosigning” of thousands of court documents never reviewed, and improperly
obtained default judgements against military personnel November 2 after
withholding from a July JPMorgan’s $216 million settlement for related charged
by the Federal government. Source: http://www.reuters.com/article/2015/11/02/us-jpmorgan-california-settlement-idUSKCN0SR2AU20151102
Information Technology Sector
16. November
3, Softpedia – (International) 100 million Android users may have a backdoor
on their devise thanks to the Baidu SDK. Researchers from Trend Micro
reported the Moplus software development kit (SDK) being offered by Chinese
search engine, Baidu includes a functionality that can be abused to install
backdoors on users’ devices via an Hypertext Transfer Protocol (HTTP) server on
the targeted smartphone, allowing attackers to send HTTP requests to port 6259
or 40310 and execute malicious commands. The vulnerability has been included on
an estimated 14,112 Android applications, potentially impacting over 100
million Android users. Source: http://news.softpedia.com/news/100-million-android-users-may-have-a-backdoor-on-their-device-thanks-to-the-baidu-sdk-495673.shtml
17. November
3, Softpedia – (International) Windows legacy layer used to bypass EMET
security measures. Security researchers from Duo Labs discovered that the
Windows WoW64 subsystem used to support older or newer 32-bit applications on
64-bit architectures can be leveraged to bypass security measures added by
Microsoft with the introduction of the Enhanced Mitigation Experience Toolkit
(EMET) that was specifically designed to inspect 32-and 64-bit processes,
allowing for more targeted attacks. Source: http://news.softpedia.com/news/windows-legacy-layer-used-to-bypass-emet-security-measures-495691.shtml
18. November
3, Softpedia – (International) Google researchers find 11 zero-day bugs in
Samsung Galaxy S6 Edge. Google’s Project Zero security team identified 11
zero-day vulnerabilities in Samsung’s Galaxy S6 Edge phone after the team began
investigating new flaws when Samsung adapted the Android operating system (OS)
to its custom hardware setup. Samsung fixed 8 of the vulnerabilities during its
October Maintenance Release, and the other 3 vulnerabilities are scheduled to
be resolved by November. Source: http://news.softpedia.com/news/google-researchers-find-11-zero-day-bugs-in-samsung-galaxy-s6-edge-495694.shtml
19. November
2, Securityweek – (International) Flaw in SAP firm’s XSS filter exposed many
sites to attacks. A security researcher identified a reflective cross-site
scripting (XSS) flaw on SuccessFactors, a SAP-owned company, and discovered
that about 100 Web sites were exposed to the XSS filter, potentially allowing
attackers to easily bypass Web pages due to the developers’ failure to escape
certain strings when sanitizing user input. Source: http://www.securityweek.com/flaw-sap-firms-xss-filter-exposed-many-sites-attacks
20. November
2, IDG News Service – (International) Google patches critical media processing
flaws in Android. Google released security patches for Nexus devices
running both Android 5.1 (Lollipop) and 6.0 (Marshmallow) versions addressing
seven vulnerabilities, two of which are critical and can be exploited remotely
via specially crafted media files including sending multimedia messaging
service (MMS) messages and deceiving users to play media in the browsers. The
flaws are located in the mediaserver, libstagefright, Bluetooth, Telephony, and
libutils components of Android. Source: http://www.computerworld.com/article/3000492/security/google-patches-critical-media-processing-flaws-in-android.html
Communications Sector
See item 16 above in the Information Technology
Sector