Complete DHS Report for May 18, 2016
Daily Report
Top Stories
• Fiat Chrysler Automobiles issued a recall May 16 for 32,267 of
its 2016 Jeep Cherokee vehicles sold in the U.S. due to an electrical flaw
rooted in select wiring harnesses that may have been improperly crimped by the
supplier. – CarConnection.com
7. May 16,
CarConnection.com – (International) 2016 Jeep Grand Cherokee recalled for
transmission problem, over 37,000 vehicles affected. Fiat Chrysler
Automobiles issued a recall May 16 for 32,267 of its model year 2016 Jeep
Cherokee vehicles sold in the U.S. due to an electrical flaw rooted in select
wiring harnesses that may have been improperly crimped by the supplier, which
can result in associated wire terminals losing their electrical connection,
thereby causing the gear shifter to become locked in “park” or “neutral” when
the vehicle is stopped. The recall also affects 2,095 vehicles in Canada, 538
in Mexico, and 2,472 elsewhere. Source: http://www.thecarconnection.com/news/1103972_2016-jeep-grand-cherokee-recalled-for-transmission-problem-over-37000-vehicles-affected
• A Ukrainian citizen was charged May 16 for his role in a $30
million illegal earnings scheme where he and 9 co-conspirators hacked into
business newswires to acquire advance notice on over 150,000 company’s earnings
statements. – Newark Star-Ledger See item 8 below in
the Financial Services Sector
• The Ohio Environmental Protection Agency (EPA) established new
rules which will go into effect June 1 stating that all public water systems
that use surface water as a source will be required to monitor and report the
occurrence of harmful instances of cyanobacteria and harmful algal blooms (HAB)
to the Ohio EPA. – WKYC 3 Cleveland
18. May 17,
WKYC 3 Cleveland – (Ohio) Ohio implements new rules for drinking water suppliers.
The Ohio Environmental Protection Agency (EPA) established new rules which
will go into effect June 1 stating that all public water systems that use
surface water as a source will be required to monitor and report the occurrence
of harmful instances of cyanobacteria and harmful algal blooms (HAB) to the Ohio
EPA. The new rules also establish microcystin action levels in drinking water,
require public notification in cases of monitoring violations and exceedances
of actions levels in drinking water, and the establishment of requirements for
laboratory certification, among other rules. Source: http://www.wkyc.com/news/health/ohio-implements-new-rules-for-drinking-water-suppliers/199011369
• Residents were urged to avoid the waters of La Volla Creek in
Corpus Christi until further notice after heavy flooding near Saratoga and
Greenwood Drive caused an estimated 400,000 gallons of sewage to overflow May
15. – KRIS 6 Corpus Christi
20. May 16,
KRIS 6 Corpus Christi – (Texas) 400,000 gallons of sewage
overflows into La Volla Creek. Residents were urged to avoid the waters of
La Volla Creek in Corpus Christi until further notice after heavy flooding near
Saratoga and Greenwood Drive caused an estimated 400,000 gallons of sewage to
overflow from a wastewater line into La Volla Creek May 15. The city will
conduct water testing. Source: http://www.kristv.com/story/31983399/400000-gallons-of-sewage-overflows-into-la-volla-creek
Financial Services Sector
8. May 16,
Newark Star-Ledger – (International) Ukrainian hacker admits stealing business
press releases for $30M gain. A Ukrainian citizen pleaded guilty May 16 to
Federal charges for his role in a $30 million hacking scheme where the man and
9 co-conspirators hacked into PR Newswire, Business Wire, and Marketwired to
get advance notice on over 150,000 company’s earnings statements, and sold the
insider trading information for tens of thousands of dollars to traders who
executed deals to buy or sell stocks based on the stolen information, which had
not yet been released from 2010 – 2015. Officials stated that once the
transactions were complete, the traders shared the illegal profits with the
hackers through foreign shell companies. Source: http://www.nj.com/news/index.ssf/2016/05/ukrainian_hacker_admits_stealing_business_press_re.html
9. May 16,
WWMT 3 Kalamazoo – (Michigan) Possible security breach at local bank has
customers concerned. Southern Michigan Bank and Trust alerted its customers
May 6 to a possible security breach targeting the bank chain after a company
laptop containing sensitive information including customers’ names, addresses,
and account numbers, among other data, was stolen from a vehicle owned by the
company’s operations manager in April. Bank officials stated the laptop is
password protected and there have been no indications of an active breach of
sensitive information. Source: http://wwmt.com/news/local/possible-security-breach-at-local-bank-has-customers-concerned
Information Technology Sector
25. May 17,
SecurityWeek– (International) Critical vulnerability in Symantec AV Engine
exploited by just sending an email. Symantec updated its Antivirus Engine
(AVE) addressing a critical memory corruption flaw after a security researcher
from Google Project Zero discovered the flaw affected most Symantec and
Norton-branded antivirus products and reported the issue related to how the
antivirus products handle executables compressed in the ASPack file compressor.
The vulnerability can be remotely exploited for code execution by sending a
specially crafted file to the victim. Source: http://www.securityweek.com/critical-vulnerability-symantec-av-engine-can-be-exploited-sending-email
26. May 17,
SecurityWeek – (International) Apple patches flaws in iOS, OS X, other
products. Apple released version 9.3.2 for its mobile operating systems
(iOS) including its OS X, iOS, iTunes, Safari, tvOS, and watchOS products which
patched 39 flaws after security researchers from Google, Trend Micro, and
Context Information Security, among other security companies, found a way to
bypass the lockscreen on the iPhone 6s and access photos and contacts by using
Siri to conduct an online search for email addresses via Twitter. Source: http://www.securityweek.com/apple-patches-flaws-ios-os-x-other-products
27. May 16,
Softpedia – (International) Million-Machine botnet manipulates search
results for popular search engines. Security researchers from Bitdefender
reported that a click-fraud botnet, Million-Machine can modify Internet
Explorer proxy settings and add a Proxy Auto Configuration (PAC) script to
hijack all Web traffic through a local proxy server and view all Web traffic
originating from the personal computer (PC) via infected downloadable versions
of popular software programs including WinRAR, YouTube Downloader, and
Connectify, among other products. The malware’s dissemination was assisted by
the Redirector.Paco botnet that modifies a computer’s local registry keys with
two entries disguised as Adobe products to make the Million-Machine malware
begin its operations after each PC restart. Source: http://news.softpedia.com/news/million-machine-botnet-manipulates-search-results-for-popular-search-engines-504108.shtml
28. May 16,
SecurityWeek – (International) Chrome to deprecate Flash in favor of HTML5. The
technical program manager at Google (Chrome) reported that they will only allow
Flash Player execution if a user has indicated that the domain should execute
the program and will begin to implement an “HTML5 by Default” policy on its
Chrome Web browser by Quarter 4 (Q4) 2016. Chrome will introduce the new
feature with a temporary whitelist of the current top Flash Player Web sites,
which will expire after one year. Source: http://www.securityweek.com/chrome-deprecate-flash-favor-html5
29. May 16,
SecurityWeek – (International) Attackers deliver latest Flash exploit via
malicious documents. Security researchers from FireEye reported that a type
confusion flaw, previously patched by Adobe, was revealed to have disseminated
the exploit via Uniform Resource Identifier (URL) or email attachment after
attackers embedded the Flash Player exploit inside Microsoft Office documents,
which attackers hosted onto their Web server, and used a Dynamic DNS (DDNS)
domain to reference the document and payload. Source: http://www.securityweek.com/attackers-deliver-latest-flash-exploit-malicious-documents
Communications Sector
Nothing to report
No comments:
Post a Comment