Wednesday, January 6, 2016



Complete DHS Report for January 6, 2016

Daily Report                                            

Top Stories

• Huisken Meat Company issued a nationwide recall January 4 for 89,568 pounds of its Sam’s Choice Black Angus Beef Patties products due to possible contamination of extraneous wood materials. – U.S. Department of Agriculture

9. January 4, U.S. Department of Agriculture – (National) Huisken Meat Company recalls beef products due to possible foreign matter contamination. The Food Safety and Inspection Service announced January 4 that Minnesota-based Huisken Meat Company issued a nationwide recall for 89,568 pounds of its Sam’s Choice Black Angus Beef Patties with 19% Vidalia Onion products packaged in 2 pound boxes due to possible contamination of extraneous wood materials that originated from an incoming ingredient which was discovered during production. Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-001-2016-release

• Approximately 20 million gallons of sewage continues to flow into the Meramec River watershed in St. Louis daily while the Metropolitan St. Louis Sewer District works to reopen two flooded treatment plants. – St. Louis Post-Dispatch

10. January 4, St. Louis Post-Dispatch – (Missouri) Flooded MSD plants still releasing millions of gallons of sewage. Approximately 20 million gallons of sewage continues to flow into the Meramec River watershed in St. Louis daily while the Metropolitan St. Louis Sewer District works to reopen two flooded treatment plants. Officials reported that the Grand Glaize plant, which treats approximately 15 million gallons of sewage daily, is partially operational while the Fenton plant remains completely shut down. Source: http://www.stltoday.com/news/local/flooded-msd-plants-still-releasing-millions-of-gallons-of-sewage/article_506069a2-be55-5d5f-a0d5-af27ede4f35f.html

• Google released patches for 12 vulnerabilities, five of which were categorized as critical, for its Android operating system (OS) including a remote code execution (RCE) flaw in its Mediaserver component. – Softpedia See item 16 below in the Information Technology Sector

• Sony Computer Entertainment reported that its PlayStation Network was back online following a 12-hour outage that affected almost all of its systems. – London Independent See item 17 below in the Information Technology Sector

Financial Services Sector

2. January 4, WFTV 9 Orlando – (Florida) ‘Operation Nip Tuck’ cuts women off in credit card scheme. Authorities in Orlando, Florida, announced January 4 the arrest of 8 women allegedly involved in a scheme that stole personal and credit card information in order to undergo $160,000 worth of plastic surgery and dental work. Three additional warrants were issued and five others could face charges in connection to the scheme. Source: http://www.wftv.com/news/news/local/operation-nip-tuck-cuts-women-credit-card-scheme/npxXN/

Information Technology Sector

16. January 5, Softpedia – (International) Google patches Android for yet another RCE flaw in its Mediaserver component. Google released patches for 12 vulnerabilities, five of which were categorized as critical, for its Android operating system (OS) including a remote code execution (RCE) flaw in its Mediaserver component, which allowed attackers to craft malicious media files and send them via a multimedia messaging service (MMS) or stream them through a user’s browser. Other issues included an elevation of privilege vulnerability in misc-sd driver and elevation of privilege vulnerabilities in Trustzone, among other flaws.

17. January 5, London Independent – (International) PSN down: PlayStation Network mostly back online following 12-hour outage. Sony Computer Entertainment reported that its PlayStation Network was back online following a 12-hour outage that affected almost all its systems including the PlayStation Store and online play, PlayStation Vita, PS3, and PlayStation 4. Some users continued to have issues following the outage. Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/psn-down-playstation-network-mostly-back-online-after-12-hour-outage-a6797041.html

18. January 4, Softpedia – (International) Cisco Jabber client flawed, exposes users to

MitM attacks. Security researchers from Synacktiv discovered a serious security vulnerability, which affects Cisco’s Jabber client for Windows versions 10.6.x, 11.0.x and 11.1.x that allows attackers to expose a user’s private conversations and steal their login credentials via a simple Man-in-the-Middle (MitM) attack that would downgrade STARTTLS settings and force communications to take place through cleartext, tricking the desktop application into exposing sensitive information. Cisco released version 1.1 after discovering Jabber versions 9.x, 10.6.x, 11.0.x, and 11.1.x for Apple’s iPhone and iPad and Jabber for Android were affected. Source: http://news.softpedia.com/news/cisco-jabber-implementation-flawed-exposes-users-to-mitm-attacks-498412.shtml

19. January 4, Softpedia – (International) Mozilla adds W^X security feature to Firefox. Mozilla reported a new security feature, Write XOR Execute (W^X) was added to its web browser, Firefox in an attempt to protect against basic buffer overflow flaws and memory corruption issues in its OpenBSD operating system (OS). W^X affects how the code, executed inside the browser, interacts with the operating system’s memory and does not allow a process to be writeable and executable simultaneously. Source: http://news.softpedia.com/news/mozilla-adds-w-x-security-feature-to-firefox-498416.shtml

Communications Sector

Nothing to report