Tuesday, April 26, 2016



Complete DHS Report for April 26, 2016

Daily Report                                            

Top Stories

• Toyota Motor Corporation issued a recall April 22 for 16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus ES350 vehicles due to faulty brake actuators that may have been assembled with a damaged O-ring. – TheCarConnection.com  

3. April 22, TheCarConnection.com – (National) Brake-related recalls widens to include 2016 Toyota RAV4, Lexus RX350, ES350. Toyota Motor Corporation issued a recall April 22 for 16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus ES350 vehicles sold in the U.S. due to faulty brake actuators that may have been assembled with a damaged O-ring which can cause the brake fluid pressure to be improperly controlled during Anti-Lock Braking System (ABS), Traction Control System (TRAC), and Vehicle Stability Control System (VSC) activation, thereby increasing the required stopping distance and increasing the risk of a crash. Source: http://www.thecarconnection.com/news/1103559_brake-related-recall-widens-to-include-2016-toyota-rav4-lexus-rx350-es350

• Fiat Chrysler Automobiles (FCA) issued a recall April 22 for approximately 812,000 of its model years 2012 – 2014 Dodge Charger and Chrysler 300 vehicles, and model years 2014 – 2015 Jeep Grand Cherokee SUVs due to a problematic gear selector. – CNN

5. April 22, CNN – (International) Gear shift confusion causes Chrysler recall. Fiat Chrysler Automobiles (FCA) issued a recall April 22 for approximately 812,000 of its model years 2012 – 2014 Dodge Charger and Chrysler 300 vehicles, and model years 2014 – 2015 Jeep Grand Cherokee SUVs sold in the U.S. due to a problematic gear selector that does not move position when set to park, reverse, or drive, thereby making it difficult to determine what gear the vehicle is in after FCA received reports of 41 driver injuries potentially related to the selector. The recall affects a total of 1.1 million vehicles worldwide. Source: http://money.cnn.com/2016/04/22/autos/chrysler-gearshift-recall/

• Service between the Van Ness-UDC and Medical Center stations on Washington Metropolitan Area Transit Authority’s Red Line was disrupted for several hours April 23 due to a track fire that forced passengers to evacuate. – Washington Post

7. April 24, Washington Post – (Washington, D.C.) Federal officials investigating Saturday’s Metro track fire. Service between the Van Ness-UDC and Medical Center stations on Washington Metropolitan Area Transit Authority’s Red Line was disrupted for several hours April 23 while Federal Transit Administration officials investigated a track fire near the Friendship Heights station in Washington, D.C. that sent smoke into a Metro tunnel, forcing passengers to evacuate. A preliminary investigation determined that the incident involved an insulator and was potentially the result of electrical arcing. Source: https://www.washingtonpost.com/local/trafficandcommuting/metro-red-line-service-resumes-after-saturday-track-fire/2016/04/24/253c7a6e-0a2d-11e6-a6b6-2e6de3695b0e_story.html

• A 6-alarm fire April 24 in Brooklyn, New York, damaged 6 homes and 1 church, displaced more than a dozen people, and prompted the response of more than 200 firefighters. – WABC 7 New York City

25. April 25, WABC 7 New York City – (New York) Fast-moving fire destroys several homes in Brooklyn. A 6-alarm fire April 24 in Brooklyn, New York, damaged 6 homes and 1 church, displaced more than a dozen people, and prompted the response of more than 200 firefighters. Nine people were injured and officials believe that the fire began in a three-story home and spread to surrounding areas. Source: http://abc7ny.com/news/fast-moving-fire-destroys-several-homes-in-brooklyn/1307258/

Financial Services Sector

Nothing to report

Information Technology Sector

20. April 25, Help Net Security – (International) Compromised credentials still to blame for many data breaches. A Cloud Security Alliance survey found that a lack of scalable identity access management systems, a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates, as well as failure to use multifactor authentication were the major causes of data breaches. The findings also indicated that 22 percent of companies who suffered a data breach, attributed the breach to compromised credentials. Source: https://www.helpnetsecurity.com/2016/04/25/compromised-credentials-data-breaches/

21. April 25, Help Net Security – (International) Critical flaws in HP Data Protector open servers to remote attacks. Hewlett Packard released security updates for its HP Data Protector software patching six critical vulnerabilities for all versions prior to 7.03_108, 8.15, and 9.06 which could allow a remote code execution flaw or unauthorized disclosure of information via unauthenticated users or through an embedded Secure Sockets Layer (SSL) private key, which could increase the chance of man-in-the-middle (MitM) attacks. Source: https://www.helpnetsecurity.com/2016/04/25/critical-flaws-hp-data-protector/

22. April 22, SecurityWeek – (International) Attackers use PowerShell, Google Docs to deliver “Laziok” trojan. Security researchers from FireEye reported that attackers were able to bypass Google’s security checks and upload a trojan named Laziok to Google Docs with the intention to steal information about the user’s system by loading obfuscated JavaScript code known as “Unicorn,” as well as using “Godmode” and PowerShell to execute the malware. Source: http://www.securityweek.com/attackers-deliver-laziok-trojan-google-docs

23. April 22, SecurityWeek – (International) Attacker friendly hosting firm leveraged by Pawn Storm hackers. Security researchers from Micro Trend reported that the Pawn Storm Group was abusing a small Virtual Private Server (VPS) registered in United Arab Emirates (UAE) to attack governments in 80 counties including Bulgaria, Greece, Malaysia, Ukraine, and the U.S., and were seen executing more than 100 cyber-attacks within the past year. In addition, it was discovered that the group used the VPS hosting provider for command & control (C&C) servers, exploit sites, spear-phishing campaigns, domestic espionage in Russia, and Web mail phishing sites targeting high-profile users. Source: http://www.securityweek.com/attacker-friendly-hosting-firm-leveraged-pawn-storm-hackers

For another story, see item 14 below from the Healthcare Sector

14. April 22, Softpedia – (International) Windows XP, IE, and Flash Usage blamed for poor security of healthcare sector. Security researchers from Duo Security reported that many healthcare organizations were using outdated software or software prone to exploit kits (EK) after discovering that 33 percent of healthcare organizations were using Internet Explorer 11 rather than using updated versions of Google Chrome, and that 52 percent of healthcare organizations were using Flash Player software on all their computers, among other collected data. Source: http://news.softpedia.com/news/windows-xp-ie-and-flash-usage-blamed-for-poor-security-of-healthcare-sector-503342.shtml

Communications Sector

Nothing to report