Monday, May 23, 2016

Complete DHS Report for May 23, 2016

Daily Report                                            

Top Stories

• Fiat Chrysler Automobiles issued a recall May 19 for 392,464 of its Jeep Wrangler vehicles due to faulty clocksprings that can prevent driver-side airbags from deploying in a crash. – TheCarConnection.com

6. May 19, TheCarConnection.com – (International) 2007-2016 Jeep Wrangler recalled for airbag problem: 506,000 vehicles affected. Fiat Chrysler Automobiles issued a recall May 19 for 392,464 of its model years 2007 – 2016 Jeep Wrangler vehicles and 7,435 of its model years 2011-2016 special-duty, right-hand-drive Jeep Wrangler vehicles sold in the U.S. due to faulty clocksprings that can be compromised following excessive exposure to dust and dirt, thereby preventing driver-side airbags from deploying in a crash. The recall affects an additional 35,412 vehicles in Canada, 8,529 in Mexico, and 62,580 elsewhere. Source: http://www.thecarconnection.com/news/1104048_2007-2016-jeep-wrangler-recalled-for-airbag-problem-506000-vehicles-affected

• Federal regulators issued stricter guidelines May 19 for human exposure to the chemicals perfluorooctanoic acid (PFOA) and perfluorooctane sulfonate (PFOS), and advised water systems with high concentrations of the chemicals to notify residents and consult with their State drinking water agencies. – Associated Press

16. May 19, Associated Press – (National) EPA suggests tighter limits for industrial chemical in water. The U.S. Environmental Protection Agency (EPA) issued stricter guidelines May 19 for human exposure to the chemicals perfluorooctanoic acid (PFOA) and perfluorooctane sulfonate (PFOS), and advised water systems where concentrations of PFOA or PFOS are found above 70 parts per trillion to promptly notify residents and consult with their State drinking water agencies. Source: https://www.washingtonpost.com/politics/federal_government/epa-suggests-tighter-limits-for-industrial-chemical-in-water/2016/05/19/fc135574-1e16-11e6-82c2-a7dcb313287d_story.html

• Authorities announced May 18 that 14 vendors were taken into custody out of the 21 who were charged in connection to selling New York tourists tickets for ferries that circled New York Harbor without stopping. – New York Times

20. May 18, New York Times – (New York) 21 vendors face charges of selling fake tickets to the Statue of Liberty. Authorities announced May 18 that 14 vendors were taken into custody out of the 21 who were charged in connection to selling New York tourists tickets for ferries that circled New York Harbor without stopping, under the guise of tickets to boats that stopped at the Statue of Liberty and Ellis Island. The vendors reportedly used aggressive tactics. Source: http://www.nytimes.com/2016/05/19/nyregion/21-vendors-face-charges-of-selling-fake-tickets-to-the-statue-of-liberty.html

• The Barry-Eaton District Health Department reported May 19 that a norovirus outbreak has ceased after more than 100 people were sickened from May 7 – May 8 at the Carrabba’s Italian Grill restaurant in Lansing, Michigan. – Food Poisoning Bulletin

27. May 19, Food Poisoning Bulletin – (Michigan) Norovirus outbreak at Carrabba’s in Lansing, MI ends 100+ sick. The Barry-Eaton District Health Department reported May 19 that a norovirus outbreak has ceased after more than 100 people were sickened from May 7 – May 8 at the Carrabba’s Italian Grill restaurant in Lansing, Michigan. The restaurant closed voluntarily to conduct sanitation procedures, and the exact cause of the outbreak was not yet determined. Source: https://foodpoisoningbulletin.com/2016/norovirus-outbreak-at-carrabbas-in-lansing-mi-ends-100-sick/

Financial Services Sector

8. May 19, U.S. Securities and Exchange Commission – (National) SEC announces insider trading charges in case involving sports gambler and board member. The U.S. Securities and Exchange Commission announced insider trading charges May 19 against a professional sports gambler and a former board member at Dean Foods Company after the board member allegedly provided the gambler with advance information about Dean Foods including market-moving events, and company earnings statements from 2008 – 2012, among other information regarding Darden Restaurants stocks, which the gambler used to make $40 million in illegal profits. Officials stated the duo used prepaid cell phones and other methods to conceal the illicit activity, and convinced a professional athlete to trade the food company’s securities to pay off a gambling debt.

Source: https://www.sec.gov/news/pressrelease/2016-92.html

Information Technology Sector

22. May 20, The Register – (International) 60 percent of Androids exposed by new attack on mediaserver. A security researcher from Duo reported that about 60 percent of enterprise Android phones running Lollipop version 5 operating system (OS), KitKat version 4.4, and Marshmallow version 6 OS were susceptible to a Qualcomm Secure Execution Environment (QSEE) vulnerability after researchers discovered the flaw in the mediaserver component that could allow an attacker to gain complete control over the device by tricking users into installing a malicious app. Source: http://www.theregister.co.uk/2016/05/20/pick_your_favourite_new_attack_pwns_60_percent_of_new_old_androids/

23. May 20, Softpedia – (International) Researcher wins $5,000 for finding two ways to brute-force Instagram accounts. Facebook fixed two security flaws on its social network, Instagram that could have allowed an attacker to execute brute-force attacks and gain control over users’ accounts due to Instagram’s weak password policy, its usage of incremental user identifications, and lack of proper rate limiting protection. Source: http://news.softpedia.com/news/researcher-wins-5-000-for-finding-two-ways-to-brute-force-instagram-accounts-504290.shtml

24. May 20, SecurityWeek – (International) Vulnerabilities found in Siemens SIPROTEC protection relays. Security researchers from Siemens and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) discovered SIPROTEC 4 and SIPROTEC Compact devices were plagued with several information disclosure vulnerabilities that can allow attackers to obtain sensitive device information if hackers gain access to the network hosting the devices. Siemen released updates for its firmware version 4.27, but has yet to release updates for other relays. Source: http://www.securityweek.com/vulnerabilities-found-siemens-siprotec-protection-relays

Communications Sector

25. May 19, SecurityWeek – (National) Serious vulnerabilities found in Moxa industrial secure routers. Moxa released a firmware update for its EDR-G903 series industrial routers versions 3.4.11 and older, patching several high severity vulnerabilities that can be exploited for denial-of-service (DoS) attacks, privilege escalation, and arbitrary code execution, including configuration and log files that can be accessed on the Web server by accessing a specific Uniform Resource Locator (URL), allowing an unauthenticated attacker to download the configuration and log files. Source: http://www.securityweek.com/serious-vulnerabilities-found-moxa-industrial-secure-routers