Friday, May 6, 2016



Complete DHS Report for May 6, 2016

Daily Report                                            

Top Stories

• The National Highway Traffic Safety Administration expanded a previous recall May 4 to include up to 40 million additional Takata Corporation air bag inflators equipped with a faulty ammonium nitrate propellant. – Bloomberg News

7. May 4, Bloomberg News – (National) U.S. orders up to 40 million more Takata airbags recalled. The National Highway Traffic Safety Administration expanded a previous recall May 4 to include up to 40 million additional Takata Corporation air bag inflators equipped with a faulty ammonium nitrate propellant after investigations revealed that the propellants lacked a desiccant to reduce moisture, which could cause misfires that spray vehicle occupants with metal shards. Officials stated that the recall affects several automakers and the defect has been linked to 10 U.S. deaths. Source: http://www.bloomberg.com/news/articles/2016-05-04/u-s-orders-up-to-40-million-more-takata-airbags-recalled

• U.S. Environmental Protection Agency officials stated that Schneider Electric USA will pay more than $6.8 million for allegedly violating the terms of a 2002 court-approved Superfund consent decree during cleanup at the Rodale Manufacturing Superfund Site in Emmaus, Pennsylvania. – WFMZ 69 Allentown

8. May 3, WFMZ 69 Allentown – (Pennsylvania) Company fined $6.8 million for Emmaus Superfund site. U.S. Environmental Protection Agency officials stated that Schneider Electric USA will pay more than $6.8 million for allegedly violating the terms of a 2002 court-approved Superfund consent decree during cleanup at the Rodale Manufacturing Superfund Site in Emmaus, Pennsylvania, which resulted in uncontrolled emissions of air pollutants. The company reportedly failed to properly maintain air pollution control equipment, failed to alert Federal and State authorities of its malfunctioning equipment, and failed to provide records to authorities, among other violations. Source: http://www.wfmz.com/news/news-regional-lehighvalley/company-fined-68-million-for-emmaus-superfund-site/39360402

• The governor of California signed several bills May 4, including raising the smoking age in the State from 18 to 21, and expanding no-smoking areas at public schools, among other new measures, which will take effect June 9. – Los Angeles Times

17. May 4, Los Angeles Times – (California) California’s smoking age raised from 18 to 21 under bills signed by governor. The governor of California signed several bills May 4 which included raising the smoking age in the State from 18 to 21, restricting the use of electronic cigarettes in public places, and expanding no-smoking areas at public schools, among other new measures. The bills will go into effect June 9. Source: http://www.latimes.com/politics/la-pol-sac-jerry-brown-smoking-bills-20160504-story.html

• Hold Security reported that 273.3 million stolen accounts including users of Mail.ru, Google accounts, Yahoo accounts, and Microsoft accounts were being traded in Russia’s criminal underworld. – Reuters See item 24 below in the Information Technology Sector

Financial Services Sector

See item 24 below in the Information Technology Sector

Information Technology Sector

22. May 5, SecurityWeek – (International) Cisco patches serious flaws in FirePOWER , TelePresence. Cisco released software updates patching several vulnerabilities in its FirePOWER and TelePresence products including a critical vulnerability that allows a remote, unauthenticated attacker to bypass authentication and gain access to a targeted system, as well as several high severity denial-of-service (DoS) vulnerabilities that could allow a remote attacker to cause a system to stop inspecting and processing packets by sending a specially crafted packet. The company stated there was no evidence to suggest the exploits were used for malicious purposes.

23. May 5, SecurityWeek – (International) Apple updates Xcode to patch Git vulnerabilities. Apple released Git version 2.7.4 and Xcode version 7.3.1, patching several remote code execution (RCE) vulnerabilities affecting Git versions 2.7.3 and earlier versions, after discovering attackers could exploit the flaws to push or clone a repository with a large file name or a large number of nested trees in Apple’s operating system (OS) X El Capitan. Source: http://www.securityweek.com/apple-updates-xcode-patch-git-vulnerabilities

24. May 5, Reuters – (International) Exclusive: Big data breaches found at major email services – expert. The founder and chief information security officer of Hold Security reported that 273.3 million stolen accounts including users of Mail.ru, Google accounts, Yahoo accounts, and Microsoft accounts were being traded in Russia’s criminal underworld after the security firm discovered a Russian hacker, dubbed, “The Collector” was seen bragging in an online forum pertaining to the number of stolen credentials he collected and was prepared to sell. Many of the stolen username and passwords allegedly belong to employees in U.S. banking, manufacturing, and retail companies.

25. May 4, SecurityWeek – (International) Lost door RAT promoted via Facebook and Google’s Blogspot. Security researchers from Trend Micro reported that a remote access trojan (RAT) named, Lost Door can be customizable and difficult to detect, posing a challenge to information technology (IT) administrators after researchers found the trojan leverages a router’s Port Forward feature to access the server of a private network and disguises malicious traffic or communication as normal traffic. Attackers can mask their command and control (C&C) addresses and evade network monitoring as the servers only connect to an internal router Internet Protocol (IP) address. Source: http://www.securityweek.com/lost-door-rat-promoted-facebook-and-googles-blogspot

Communications Sector

See item 25 above in the Information Technology Sector