Thursday, February 18, 2016



Complete DHS Report for February 18, 2016

Daily Report                                            

Top Stories

• General Motors Corporation issued a recall February 16 for approximately 180,000 vehicles including Saab and Saturn Astra models due to potentially faulty Takata Corporation PSDI-5 driver front air bag inflators. – Detroit Free Press

4. February 16, Detroit Free Press – (International) GM recalls 200,000 Saabs, Saturns for air bag inflators. General Motors Corporation issued a recall February 16 for approximately 180,000 vehicles including model years 2003 – 2011 Saab 9-3 vehicles, model years 2010 – 2011 Saab 9-5 vehicles, and model years 2008 – 2009 Saturn Astra vehicles sold in the U.S. due to potentially faulty Takata Corporation PSDI-5 driver front air bag inflators after 10 worldwide deaths and over 100 injuries were linked to the bags deploying improperly when activated and discharging metal fragments into vehicle occupants. Approximately 20,000 of the vehicles affected by the recall are located in Canada. Source: http://www.freep.com/story/money/cars/general-motors/2016/02/16/gm-recall-saab-saturn-takata-air-bag/80444792/

• PTC Inc., and 2 of its Chinese subsidiaries agreed to pay more than $28 million February 16 to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act. – U.S. Securities and Exchange Commission See item 5 below in the Financial Services Sector

• Officials closed a 24-mile stretch of Interstate 70 in Glenwood Springs, Colorado, through at least February 18 while crews worked to remove debris from a February 15 rockslide. – Associated Press

7. February 17, Associated Press – (Colorado) Rock slide forces closure of major Colorado highway. Officials closed a 24-mile stretch of Interstate 70 in Glenwood Springs through at least February 18 while crews worked to remove debris from a February 15 rockslide. Source: http://www.msn.com/en-us/news/us/rock-slide-forces-closure-of-major-colorado-highway/ar-BBpAtLl

• Rhode Island State Police announced that a teenager was arrested February 12 in connection to at least 15 bomb hoaxes at schools and businesses inside and outside of the State. – WCVB 5 Boston; Associated Press

14. February 17, WCVB 5 Boston; Associated Press – (Rhode Island) Rhode Island teenager arrested for series of bomb hoaxes at schools and businesses. State police in Rhode Island announced that a student from Rogers High School in Newport was arrested February 12 in connection to at least 15 bomb hoaxes at schools and businesses inside and outside of the State. Officials stated that the teenager was running the calls through a Russian Web site to avoid detection. Source: http://www.wcvb.com/news/rhode-island-teenager-arrested-for-series-of-bomb-hoaxes-at-schools-and-businesses/38037714

Financial Services Sector

5. February 16, U.S. Securities and Exchange Commission – (International) SEC: Tech company bribed Chinese officials. The U.S. Securities and Exchange Commission announced February 16 that Massachusetts-based PTC Inc., and 2 of its Chinese subsidiaries agreed to pay more than $28 million to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act (FCPA) after the 2 subsidiaries provided nearly $1.5 million worth of improper travel, gifts, and entertainment to Chinese government officials from 2006 – 2011 in an effort to win business. The subsidiaries disguised the payments as legitimate business expenses and PTC Inc., failed to stop the illicit payments despite indicators of corruption.

Information Technology Sector

18. February 17, SecurityWeek – (International) Fysbis backdoor preferred by Pawn Storm group to target Linux. Security researchers at Palo Alto Networks released a report revealing that the Pawn Storm threat group improved their obfuscation technique for their preferred Linux malware, Fysbis, to ensure that the malware installation information is no longer available in the open and that the malware runs a series of shell commands to establish persistency through newly found command and control (C&C) domain mozilla-plugins[.]com, which was reportedly believed to be associated to a newer campaign. Source: http://www.securityweek.com/fysbis-backdoor-preferred-pawn-storm-group-target-linux

19. February 16, Softpedia – (International) Buffer overflow bug in glibc exposes users to attacks from rogue DNS servers. Security researchers from Google’s Project Zero and Red Hat fixed a security flaw in GNU C Library (glibc) that could allow an attacker to send oversized Domain Name System (DNS) responses and force buffer overflow and remote code execution attacks, enabling hackers to run malicious code on a victim’s machine with the same privileges as glibc’s parent application. Google released a proof-of-concept code that should help system administrators detect if their systems are vulnerable to the flaw. Source: http://news.softpedia.com/news/buffer-overflow-bug-in-glibc-exposes-users-to-attack-from-rogue-dns-servers-500484.shtml

20. February 16, SecurityWeek – (International) Unpatched flaw plagues Cisco industrial switches. Cisco reported February 15 that IOS software 15.2(4)E running on its Industrial Ethernet 2000 Series Switches is vulnerable to a denial-of-service (DoS) issue due to the faulty way its system processes Cisco Discovery Protocol (CDP) packets which could allow an unauthenticated attacker to send specially crafted CDP packets. In addition, Cisco reported that its Emergency Responder product was vulnerable to a cross-site scripting (XSS) flaw, which can allow an unauthenticated attacker to execute arbitrary code in the context of the vulnerable Web interface and access potentially sensitive browser information. Source: http://www.securityweek.com/unpatched-flaw-plagues-cisco-industrial-switches

For another story, see item 3 below from the Critical Manufacturing Sector

3. February 17, Softpedia – (International) Backdoor in MVPower DVR firmware sends CCTV stills to an email address in China. Security researchers from Pen Test Partners discovered digital video recorder (DVR) devices manufactured by MVPower and deployed by closed-circuit television (CCTV) surveillance systems were vulnerable to security flaws which can allow attackers to execute Man-in-the-Middle (MitM) attacks, bypass the device’s Web-based login system, and use a backdoor functionality to send CCTV feed snapshots to a hard-coded email address hosted on a Chinese email provider, among other vulnerabilities. Source: http://news.softpedia.com/news/backdoor-in-mvpower-dvr-firmware-sends-cctv-stills-to-an-email-address-in-china-500502.shtml

Communications Sector

Nothing to report