Complete DHS Report for October 27, 2016
Daily Report
Top Stories
• Subaru issued a recall October 26 for over 100,000 of its model
years 2007 – 2014 vehicles in select makes due to a faulty relay that controls
a secondary air injection pump, which can cause the pump to run continuously
and overheat. – Associated Press
2. October 26, Associated
Press – (National) Subaru recalls 4 models; turbo air pump can catch
fire. Subaru issued a recall October 26 for over 100,000 of its model years
2007 – 2014 vehicles in select makes equipped with turbocharged engines sold in
the U.S. due to a faulty relay that controls a secondary air injection pump,
which can cause the pump to run continuously and overheat, thereby increasing
the risk of a fire. Source: http://www.foxbusiness.com/markets/2016/10/26/subaru-recalls-4-models-turbo-air-pump-can-catch-fire.html
• A Federal judge approved October 25 a nearly $15 billion settlement
with the Federal Government, the State of California, and the Volkswagen Group
after the automaker admitted that it rigged 11 million vehicles with software
designed to cheat emissions standards. – USA Today
3. October 25, USA Today –
(National) Judge approves $15B Volkswagen settlement. A Federal judge
approved October 25 a nearly $15 billion settlement with the Federal
Government, the State of California, and the Volkswagen Group after the
automaker admitted that it rigged 11 million vehicles internationally with
software designed to cheat emissions standards. As part of the settlement,
Volkswagen must pay $2.7 billion for environmental mitigation and initiate a
vehicle buyback program which offers 475,000 Volkswagen owners in the U.S. the
choice between a buyback or a free fix and compensation, among other
requirements. Source: http://www.usatoday.com/story/money/cars/2016/10/25/volkswagen-settlement-approved/92719174/
• Life Care Centers of America Inc. and its owner agreed October
24 to pay $145 million after the company submitted false claims to Medicare and
Tricare for rehabilitation therapy services that were medically unnecessary. – U.S.
Department of Justice
11. October 24, U.S.
Department of Justice – (National) Life Care Centers of America Inc.
agrees to pay $145 million to resolve False Claims Act allegations relating to
the provision of medically unnecessary rehabilitation therapy services. Life
Care Centers of America Inc. and its owner agreed October 24 to pay $145
million to resolve alleged False Claims Act violations after the company
submitted false claims to Medicare and Tricare for rehabilitation therapy
services that were unreasonable and medically unnecessary, and sought to keep
patients at the facilities longer than necessary in order to increase its
Medicare and Tricare billings for reimbursement between January 2006 and
February 2013. Source: https://www.justice.gov/opa/pr/life-care-centers-america-inc-agrees-pay-145-million-resolve-false-claims-act-allegations
• A therapist at JH Physical Therapy in Walnut, California,
pleaded guilty October 24 for his role in a $2.6 million Medicare fraud scheme.
– U.S. Department of Justice
12. October 24, U.S.
Department of Justice – (California) Licensed occupational therapist
pleads guilty to $2.6 million Medicare fraud conspiracy. A licensed
occupational therapist at JH Physical Therapy in Walnut, California, pleaded
guilty October 24 for his role in a $2.6 million Medicare fraud scheme where he
and co-conspirators fraudulently billed Medicare for occupational therapy
services that were not provided to Medicare beneficiaries between October 2009
and December 2012. The charges state that of the roughly $2.6 million billed in
false claims, Medicare paid the group more than $1.8 million. Source: https://www.justice.gov/opa/pr/licensed-occupational-therapist-pleads-guilty-26-million-medicare-fraud-conspiracy
Financial Services Sector
Nothing to report
Information Technology Sector
15. October 26,
SecurityWeek – (International) Data leaked by pagers useful for critical
infrastructure attacks. Trend Micro security researchers reported that
pagers used in industrial control systems (ICS) were susceptible to targeted
attacks, as the messages sent to the devices are unencrypted, thereby allowing
hackers to easily intercept the information regarding the operation of a
facility and potentially use that information in a targeted social engineering
attack against the company. Trend Micro found that messages sent by nuclear
plants, chemical facilities, defense contractors, HVAC manufacturers, and power
substations via pagers leaked potentially sensitive information. Source: http://www.securityweek.com/data-leaked-pagers-useful-critical-infrastructure-attacks
16. October 26,
Threatpost – (International) Major vulnerability found in Schneider
Electric
Unity Pro. Indegy security researchers discovered that Schneider Electric’s
Unity Pro PLC Simulator component of its Unity Pro software was plagued with a
critical vulnerability that could allow hackers to remotely execute code on
industrial networks if the Internet Protocol (IP) address of the Microsoft
Windows PC running the software is accessible to the Internet, as the software
allows any user to remotely run code directly on any device with Unity Pro
installed. The flaw, which affects all versions prior to and including 11.1,
could allow attackers to impact the production process within an industrial
control system (ICS) physical environment. Source: https://threatpost.com/major-vulnerability-found-in-schneider-electric-unity-pro/121550/
17. October 25,
SecurityWeek – (International) Apple patches multiple flaws in iOS,
macOS, Sierra, Safari. Apple released version 10.1 for its mobile operating
system (iOS) patching 13 vulnerabilities affecting components such as FaceTime,
Kernel, Security, and WebKit, among others, which could allow an attacker to
run arbitrary code on the affected devices, leak sensitive user information,
and execute arbitrary code with root privileges, among other malicious actions.
Apple also released Sierra version 10.12.1 resolving 16 vulnerabilities that
could result in privilege escalation, denial-of-service (DoS) conditions,
process memory disclosure, and arbitrary code execution, as well as Safari
version 10.0.1 resolving 3 vulnerabilities affecting WebKit, among other patches.
Source:
http://www.securityweek.com/apple-patches-multiple-flaws-ios-macos-sierra-safari
18. October 25,
SecurityWeek – (International) Critical vulnerabilities patched in
Joomla. Joomla released version 3.6.4 addressing two critical account creation
vulnerabilities in its content management system (CMS) versions 3.4.4 through
3.6.3, including a flaw that could allow an attacker to register on a Website
even if registration has been disabled due to inadequate checks. The second
vulnerability can be exploited by users to register on a Website with elevated
privileges due to an incorrect use of unfiltered data. Source: http://www.securityweek.com/critical-vulnerabilities-patched-joomla
For another story, see item 4
below from the Commercial
Facilities Sector
4. October 24, Threatpost
– (International) Rowhammer vulnerability comes to Android. Security
researchers discovered attackers could employ the Rowhammer attack to exploit
an Android vulnerability, dubbed Drammer in order to achieve root-level access
on millions of Android handsets including Nexus, Samsung, LG, and Motorola due
to a hardware flaw in the Dynamic Random Access Memory (DRAM) memory modules.
Researchers reported that Rowhammer targets rows of memory cells in DRAM
devices to cause cells to flip from one state to another, thereby allowing for
memory manipulation. Source: https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/
Communications Sector
Nothing to report
No comments:
Post a Comment