Monday, November 23, 2015



Complete DHS Report for November 23, 2015

Daily Report                                            

Top Stories

• The New York State Public Service Commission announced November 19 that Con Ed violated 11 gas-safety regulations following a 2014 building explosion that killed 8 people, injured 50 others, and displaced over 100 families. – New York Daily News

2. November 19, New York Daily News – (New York) Con Ed accused of 11 gas-safety violations in 2014 East Harlem blast after state probe. The New York State Public Service Commission announced November 19 that Con Ed violated 11 gas-safety regulations following its investigation into a 2014 East Harlem building explosion that killed 8 people, injured 50 others, and displaced over 100 families. The commission determined that Con Ed failed to properly install a gas pipe leading to the building and failed to call for emergency backup after the utility received 2 reports of gas odors, among other violations. Source: http://www.nydailynews.com/new-york/manhattan/ed-accused-11-violations-east-harlem-gas-blast-article-1.2440460

• Officials announced November 18 that Home Depot continued to sell 28 types of products that had fire, burn, shock, fall, laceration, and other hazards after they were recalled from 2012 – 2015. – U.S. Consumer Product Safety Commission

5. November 18, U.S. Consumer Product Safety Commission – (National) Recalled products sold by Home Depot after recalls were announced. The U.S. Consumer Product Safety Commission announced November 18 that Home Depot continued to sell 28 types of products that had fire, burn, shock, fall, laceration, and other hazards after they were recalled from 2012 – 2015. Approximately 1,300 units were sold to customers in Home Depot stores and 1,010 were sold by recyclers or salvagers. Source: http://www.cpsc.gov/en/Recalls/2016/Recalled-Products-Sold-by-Home-Depot-After-Recalls-Were-Announced/

• Schaumburg, Illinois-based Nation Pizza issued November 19 a nationwide recall of 59,028 pounds of frozen Mama Cozzi’s Pizza Kitchen products due to undeclared soy allergens. – U.S. Department of Agriculture

15. November 19, U.S. Department of Agriculture – (National) Nation Pizza recalls Mama Cozzi’s Pizza Kitchen products due to misbranding and undeclared allergens. Schaumburg, Illinois-based Nation Pizza issued November 19 a nationwide recall of 59,028 pounds of frozen 27.5-ounce cartons of Mama Cozzi’s Pizza Kitchen products after in-plant review revealed that the product contained undeclared soy allergens. Products were distributed exclusively to ALDI grocery stores in 4 States. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2015/recall-142-2015-release

• Officials reported November 19 that 71 additional cases of Salmonella Poona infection, connected to imported cucumbers from Mexico were reported in 23 States following an October 14 outbreak. – U.S. Centers for Disease Control and Prevention

16. November 19, U.S. Centers for Disease Control and Prevention – (International) Multistate outbreak of Salmonella Poona infections linked to imported cucumbers. The U.S. Centers for Disease Control and Prevention reported November 19 that 71 more cases of Salmonella Poona infections connected to imported cucumbers from Mexico have been reported in 23 States since the agency’s last report on the outbreak October 14. The agency reported that the frequency of cases has declined since July and August. Source: http://www.cdc.gov/salmonella/poona-09-15/index.html

Financial Services Sector

6. November 20, New London Day – (Connecticut) Connecticut man faces federal charges for alleged housing scams. An Easton man was charged November 19 in Federal court for a $5 million fraud scheme, in which he targeted foreclosure victims by promising homeowners debt relief, but used their homes for profit and pocketed the money for personal expenses instead of applying the funds to homeowners’ mortgages, taxes, and other property-related expenses. Source: http://www.theday.com/local/20151119/connecticut-man-faces-federal-charges-for-alleged-housing-scams

7. November 20, Securityweek – (International) New Dyre variant can target Windows 10 and Microsoft Edge users. Security researchers from Heimdal discovered a new version of Dyre/Dyreza banking malware that can compromise a variety of Windows systems, connect into various browsers including Google Chrome and Internet Explorer, and terminate security software processes via a disguised Upatre trojan sent through spam emails that allows attackers to inject additional malware once the computer system has been compromised. Source: http://www.net-security.org/malware_news.php?id=3156

8. November 19, U.S. Securities and Exchange Commission – (National) Assets frozen in alleged immigration scam. The U.S. Securities and Exchange Commission reported November 19 that the assets of a South Florida woman and her company would be frozen following allegations that the woman diverted $1 million to her personal expenses after collecting funds from investors seeking to invest $8.5 million in the EB-5 Immigrant Visa Program. Source: http://www.sec.gov/news/pressrelease/2015-263.html

9. November 19, Belleville News-Democrat – (Illinois) Scott Credit Union employee from Columbia charged with nine counts of fraud. A former manager at Scott Credit Union in Columbia was charged with 9 counts of fraud November 19 for conspiring to steal over $12 million from 2005 – 2014 by making up false loans, paying loans with misappropriated funds, and issuing loans and credit without authorization or required documentation. Source: http://www.bnd.com/news/local/crime/article45482790.html

Information Technology Sector

23. November 20, Softpedia – (International) Backdoor within backdoor puts over 600,000 Arris cable modems in danger. A Brazilian security researcher discovered that over 600,000 Arris’ old cable modems, TG862A, TG862G, DG860A, were manufactured with 2 backdoor codes installed in its hardware that can be activated via the libarris_password.so library, and if exploited, enables attackers to access the modem and enable Secure Shell (SSH) or Telnet ports, to access a BusyBox shell. Source: http://news.softpedia.com/news/backdoor-within-backdoor-puts-over-600-000-arris-cable-modems-in-danger-496485.shtml

24. November 20, Securityweek – (International) LinkedIn patches persistent XSS flaw in help center. LinkedIn patched a cross-site scripting (XSS) vulnerability, discovered by an independent security researcher, in its official Help Center Web site that allowed attackers to inject malicious code and enable the XSS vulnerability to perform actions on the victims’ behalf and inject an XSS worm designed to spread on LinkedIn’s forums. Source: http://www.securityweek.com/linkedin-patches-persistent-xss-flaw-help-center

25. November 19, Securityweek – (International) VMware updates products due to flaw in Apache Flex BlazeDS. VMware released updates for several of its products including Flex BlazeDS 4.7.1 , which addresses Extensible Markup Language (XML) External Entity (XXE) vulnerability in Apache Flex BlazeDS that can be exploited by a remote attacker to cause a server to disclose information via a special crafted XML. Source: http://www.securityweek.com/vmware-updates-products-due-flaw-apache-flex-blazeds

Communications Sector

Nothing to report