Complete DHS Report for October 31, 2016
Daily Report
Top Stories
• Officials reached a $150,000 settlement October 27 with
Specialty Materials Inc. after a July 2014 inspection found that the company
failed to properly manage methylene chloride and other hazardous materials. – U.S.
Environmental Protection Agency
1. October 27, U.S.
Environmental Protection Agency – (Massachusetts) Lowell company settles
with EPA for hazardous waste concerns. The U.S. Environmental Protection Agency
(EPA) announced October 27 that it reached a $150,000 settlement with Lowell,
Massachusetts-based Specialty Materials Inc. to resolve alleged violations of
the Federal Resource Conservation and Recovery Act and Massachusetts hazardous
waste management regulations after a July 2014 EPA inspection found that the
company failed to properly store, handle, and manage methylene chloride,
mercury-contaminated solids and wastewater, and other hazardous wastes;
neglected to ensure safety and emergency preparedness procedures were followed;
and failed to maintain appropriate records on the storage and handling of
hazardous wastes, among other violations. Source: https://www.epa.gov/newsreleases/lowell-company-settles-epa-hazardous-waste-concerns
• BMW issued a recall October 28 for 136,188 of its model years
2007 – 2012 vehicles in select makes due to faulty wiring in the fuel pump that
could result in a buildup of electrical resistance and cause the pump to
overheat and melt. – TheCarConnection.com
2. October 28,
TheCarConnection.com – (National) BMW recalls 136,000 vehicles in the
U.S. to fix stalling & fuel leaks. BMW issued a recall October 28 for
136,188 of its model years 2007 – 2012 vehicles in select makes equipped with
an in-tank fuel pump sold in the U.S. due to faulty wiring in the fuel pump
that may have been improperly crimped, which could result in a buildup of
electrical resistance and cause the pump to overheat and melt, thereby
increasing the risk of stalling and fuel leaks. Source: http://www.thecarconnection.com/news/1106957_bmw-recalls-136000-vehicles-in-the-u-s-to-fix-stalling-fuel-leaks
• A total of 61 individuals
and entities were charged in an indictment unsealed October 27 for their
alleged roles in a call center scheme that defrauded at least 15,000 U.S.
residents out of more than $250 million. – Washington Post below in the Financial Services Sector
• The U.S. Environmental Protection Agency announced October 27
that Bacon-Agostini Construction Co., Inc. and K.R. Rezendes, Inc. agreed to
pay $49,500 to resolve alleged violations of the Clean Water Act. – U.S.
Environmental Protection Agency
12. October 27, U.S.
Environmental Protection Agency – (Massachusetts) Companies and EPA
settle matter of stormwater discharges during construction of Somerset, Mass.
school. The U.S. Environmental Protection Agency (EPA) announced October 27
that Bacon-Agostini Construction Co., Inc. and excavation company K.R.
Rezendes, Inc. agreed to pay $49,500 to resolve alleged violations of the Clean
Water Act after the companies discharged sediment-filled stormwater from the
construction site of the new Somerset-Berkley Regional High School in Somerset,
Massachusetts, into catch basins for the town’s municipal storm sewer system
and the Taunton River in 2012. As part of the settlement, the company’s must
take necessary steps to protect the Taunton River and the local storm sewer
system from contamination, and correct their violations of the EPA permit to
discharge storm water. Source: https://www.epa.gov/newsreleases/companies-and-epa-settle-matter-stormwater-discharges-during-construction-somerset-mass
Financial Services Sector
4. October 27, Washington
Post – (International) Justice Department charges dozens in massive
Indian call center scheme. A total of 61 individuals and entities were
charged in an indictment unsealed October 27 for their alleged roles in a call
center scheme that defrauded at least 15,000 U.S. residents out of more than
$250 million after call center operators in India impersonated U.S. Internal
Revenue Service or U.S. Citizenship and Immigration Services officials and
threatened potential victims with arrest, imprisonment, or deportation if they
failed to pay taxes or debts to the government. The charges state that a
network of U.S.-based co-conspirators liquidated and laundered the extorted
funds through wire transfers or by purchasing prepaid debit cards that were
registered with stolen information from the identity theft victims. Source: https://www.washingtonpost.com/world/national-security/justice-department-charges-dozens-in-massive-indian-call-center-scheme/2016/10/27/ae64a6b0-9c48-11e6-a0ed-ab0774c1eaa5_story.html
Information Technology Sector
17. October 28,
SecurityWeek – (International) Apple patches flaws in Xcode, Windows
software. Apple released version 8.1 of its Xcode integrated development
environment (IDE) to address 10 vulnerabilities in Node.js and OpenSSL that an
attacker could exploit for arbitrary code execution or to cause an application
to crash. Apple also released iTunes version 12.5.2 and iCloud version 6.0.1
for Microsoft Windows due to flaws in the WebKit Web browser engine, which can
be exploited through processing specially crafted Web content for arbitrary
code execution and disclosure of user information. Source: http://www.securityweek.com/apple-patches-flaws-xcode-windows-software
18. October 28, Help Net
Security – (International) New code injection attack works on all
Windows versions. Security researchers from enSilo discovered a code
injection method, dubbed AtomBombing can be leveraged against all Microsoft
Windows versions without triggering security solutions. The researchers found
attackers can write malicious code into the operating system’s atom table in
order to force a legitimate program to retrieve the malicious code and
manipulate the program to execute that code, thereby enabling attackers to take
screenshots, access encrypted passwords, and perform Man in the Browser (MitB)
attacks. Source: https://www.helpnetsecurity.com/2016/10/28/code-injection-windows-atombombing/
Communications Sector
19. October 27,
Washington Post – (National) The FCC just passed sweeping new rules to
protect your online privacy. The Federal Communications Commission approved
new rules October 27 that require Internet service providers to receive
explicit consent from their customers before using or sharing sensitive
personal information, including app and browsing history and mobile location
data, among other information generated while using the Internet. The ruling
also requires service providers to inform customers about what data they
collect and why, and notify customers of data breaches. Source: https://www.washingtonpost.com/news/the-switch/wp/2016/10/27/the-fcc-just-passed-sweeping-new-rules-to-protect-your-online-privacy/