Complete DHS Report for March 4, 2016
Daily Report
Top Stories
• Toyota Motor Corp., expanded a previous recall March 2 to
include an additional 198,000 vehicles due to potentially defective Takata Corp
front passenger air bag inflators. – Reuters
3. March 2,
Reuters – (International) Toyota adds 331,200 vehicles to Takata air
bag recalls. Toyota Motor Corp., expanded a previous recall March 2 to
include an additional 198,000 vehicles including model year 2008 Corolla and Corolla
Matrix and model years 2008 – 2010 Lexus SC 430 vehicles sold in the U.S. due
to potentially defective Takata Corp front passenger air bag inflators that can
activate with too much force and release metal shrapnel into the passenger
compartment, severely injuring or killing passengers. The expanded recall
affects an additional 331,200 vehicles worldwide. Source: http://www.reuters.com/article/us-autos-takata-toyota-idUSKCN0W42AW
• The U.S. Secretary of Defense announced March 2 that the
Pentagon is launching a program dubbed “Hack the Pentagon” for white-hat
hackers to attempt to breach the U.S. Department of Defense’s networks. – Associated
Press
14. March 3,
Associated Press – (National) Pentagon seeks hackers to test defense
department’s cybersecurity. The U.S. Secretary of Defense announced March 2
that the Pentagon is launching a program dubbed “Hack the Pentagon” for
white-hat hackers to attempt to breach the U.S. Department of Defense’s
networks. Officials stated that the intent of the program is to invite
responsible hackers to test the department’s cybersecurity in order to
strengthen digital defenses and enhance national security. Source: http://www.foxnews.com/politics/2016/03/03/pentagon-seeks-hackers-to-test-defense-departments-cybersecurity.html
• Cisco Systems, Inc., released patches addressing critical
vulnerabilities in several of its products including the NX-OS network
operating system (OS) running on Nexus 3000 series and Nexus 3500 platform
switches. – SecurityWeek See item 21 below in
the Information Technology Sector
• The former owner of several sports memorabilia businesses in
Maryland and Pennsylvania pleaded guilty to Federal charges February 29 after
he obtained approximately $2.5 million through the sale of counterfeit sports
jerseys and forged athletes’ signatures. – Salisbury Daily Times See item 28 below in
the Communications Sector
Financial Services Sector
5. March 3,
Chicago Tribune – (Illinois) FBI: ‘Pinball Bandit’ robs another Hyde Park bank.
The FBI is searching for a suspect dubbed the “Pinball Bandit” after he
allegedly robbed the Fifth Third Bank in Hyde Park, Illinois, March 2 and is
suspected of committing five other bank robberies across Chicago since January.
Source: http://www.chicagotribune.com/news/local/breaking/ct-fbi-pinball-bandit-robs-another-hyde-park-bank-20160303-story.html
Information Technology Sector
20. March 3,
SecurityWeek – (International) Apple reissues security update after blocking
Ethernet on Mac OS X. Apple Inc., reissued a security updates for its OS X
El Capitan systems, which patched a blacklisting issue after an initial
security update blocked Ethernet drivers and blocked Internet access to
affected Mac systems when using an Ethernet connection. Apple reported that
Wi-Fi connections were not affected. Source: http://www.securityweek.com/apple-reissues-security-update-after-blocking-ethernet-mac-os-x
21. March 3,
SecurityWeek – (International) Cisco patches critical, high severity flaws
in NX-OS. Cisco Systems, Inc., released software updates for several of its
products including the NX-OS network operating system (OS) running on Nexus
3000 series, Nexus 3500 platform switches, which patched a critical
vulnerability that could allow a remote, unauthenticated attacker to log into a
compromised device with root privileges via an account with default
credentials, among other vulnerabilities. Cisco also released patches for
several other versions of its Nexus series products, including a high severity
denial-of-service (DoS) vulnerability in the Simple Network Management Protocol
(SNMP) input packet processor. Source: http://www.securityweek.com/cisco-patches-critical-high-severity-flaws-nx-os
22. March 3,
SecurityWeek – (International) Hardcoded password exposes RSA Conference
badge scanning app. Researchers from Bluebox Security reported that the
badge scanning application provided by organizers of the 2016 RSA Conference to
vendors was susceptible to a security bypass flaw after researchers analyzed
the app’s code and discovered that the security mechanism could be bypassed due
to an embedded plain text default password in the application’s code. Source: http://www.securityweek.com/hardcoded-password-exposes-rsa-conference-badge-scanning-app
23. March 3,
Softpedia – (International) Ad Code for many advertising networks
vulnerable to basic XSS attacks. An independent security researcher
discovered that many advertising networks were unknowingly allowing attackers
to launch cross-site scripting (XSS) attacks by not applying the same input
sanitization procedures to data following a hash (#) in the code of the Uniform
Resource Locator (URL). Attackers could spread links to legitimate, authentic
pages that have malicious XSS payloads attached to the end of a URL. Source: http://news.softpedia.com/news/ad-code-for-many-advertising-networks-vulnerable-to-basic-xss-attacks-501284.shtml
24. March 3,
Help Net Security – (International) Dell SecureWorks speeds up endpoint intrusion
detection, response. Dell SecureWorks Inc., reported that it is launching
its Advanced Endpoint Threat Detection (AETD) Red Cloak solution which is
designed to cut down the time required to detect and respond to cyber-attacks,
especially for non-malware attacks. The Software as a Service (SaaS) solution
will be powered by experts from the Counter Threat Unit (CTU), who will provide
updated threat intelligence information. Source: https://www.helpnetsecurity.com/2016/03/03/dell-secureworks-speeds-up-endpoint-intrusion-detection-response/
25. March 2,
Softpedia – (International) Windows built-in PDF reader exposes Edge
browser to hacking. A security researcher from IBM’s X-Force Advanced
Research team discovered that Microsoft Window’s built-in Windows Runtime
(WinRT) PDF for its Edge Web browser can be leveraged by attackers to execute
drive-by attacks in a similar method that the Angler or Neutrino exploit kits
(EK) deliver Flash, Java, or Silverlight payloads. Attackers can create a WinRT
PDF exploit within their PDF file, which can be secretly opened while using an
iframe positioned off screen with Cascading Style Sheets (CSS), and can use the
malicious code to execute and exploit the WinRT PDF vulnerability. Source: http://news.softpedia.com/news/windows-built-in-pdf-reader-exposes-edge-browser-to-hacking-501265.shtml
For another story, see item 14 above in Top Stories
Communications Sector
Nothing to report
No comments:
Post a Comment