Complete DHS Report for July 27, 2016
Daily Report
My apologies to all due to the tardiness of this blog. However, the basis for it was not published by DHS until well after 3PM.
Top Stories
• Fiat Chrysler Automobiles issued a recall July 26 for 323,000 of
its model years 2014 – 2015 vehicles in select makes sold in the U.S. due to
faulty wiring and software that could cause the vehicles to lose propulsion or
stall. – TheCarConnection.com
3. July 26,
TheCarConnection.com – (International) 2015 Chrysler 200, Jeep Renegade; 2014 – 2015
Jeep Cherokee recalled: 410,000 vehicles affected. Fiat Chrysler
Automobiles issued a recall July 26 for 323,000 of its model years 2014 – 2015
vehicles in select makes sold in the U.S. due to faulty wiring and software
that could cause the vehicles to lose propulsion or stall. No injuries have
been reported in connection with the recall which affects an additional 35,500
vehicles in Canada and 51,000 elsewhere. Source: http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected
• General Mills, Inc., expanded a previous recall July 25 to
include an additional 15 million pounds of its Gold Medal flour, Signature
Kitchens flour, and Wondra flour products after health officials notified the
company of 4 more E.coli infection cases linked to the consumption of the flour
products. – Food Safety News
12. July 25,
Food Safety News – (National) More sick; General Mills recalls 15 million more
pounds of flour. General Mills, Inc., expanded a previous recall July 25 to
include an additional 15 million pounds of its Gold Medal flour, Signature
Kitchens flour, and Wondra flour products after Federal health officials
notified the company of 4 more confirmed cases of E.coli infections linked to the
consumption of the flour products. Health officials reported the E.coli
outbreak has sickened 46 people across 21 States since December 2015. Source: http://www.foodsafetynews.com/2016/07/more-sick-general-mills-recalls-more-flour-traced-to-outbreak/#.V5dk_fkrKUk
• Crews reached 10 percent containment July 25 of the 35,155-acre
Sand Fire burning in the Santa Clarita area that has destroyed 18 structures. –
KABC 7 Los Angeles
13. July 26,
KABC 7 Los Angeles – (California) Many evacuated due to Sand Fire allowed to
return home. Crews reached 10 percent containment July 25 of the
35,155-acre Sand Fire burning in the Santa Clarita area that has destroyed 18
structures. Mandatory evacuations were lifted for about 20,000 residents while
evacuation orders remained in place for residents around Placerita Canyon Road,
Little Tujunga Canyon Road, and surrounding areas. Source: http://abc7.com/news/many-evacuated-due-to-sand-fire-allowed-to-return-home/1441587/
• Cymmetria and Symantec researchers reported that the Patchwork
advanced persistent threat (APT), also known as Dropping Elephant,
cyber-espionage group has begun targeting energy, financial, and pharmaceutical
companies, among others, in order to obtain sensitive information from infected
computers. – Softpedia See item 18 below in
the Information Technology Sector
Financial Services Sector
See item 18 below in the Information Technology
Sector
Information Technology Sector
17. July 26,
Help Net Security – (International) Low-cost wireless keyboards open to keystroke
sniffing and injection attacks. Bastille Networks researchers reported that
a set of security flaws exploited via KeySniffer in low-cost wireless keyboards
that are produced by at least 8 different vendors, can be exploited to collect
passwords, security questions, and other sensitive financial and personal
information due to a lack of encryption on keystroke data before it is
transmitted wirelessly to the Universal Serial Bus (USB) dongle. Researchers
noted that Bluetooth keyboards, wired keyboards, and higher-end wireless keyboards
are not susceptible to KeySniffer.
18. July 26,
Softpedia – (International) Patchwork cyber-espionage group evolves to
target enterprises. Researchers from Cymmetria and Symantec reported that
the Patchwork advanced persistent threat (APT), also known as Dropping
Elephant, cyber-espionage group has begun targeting aviation, energy,
financial, pharmaceutical, and software companies, among others, with malicious
Microsoft PowerPoint and Word files in order to install Enfourks and Steladok
backdoor trojans to obtain sensitive information from infected computers. Source:
http://news.softpedia.com/news/patchwork-cyber-espionage-group-evolves-to-target-enterprises-506623.shtml
19. July 26,
Help Net Security – (International) Amazon Silk browser removes Google’s default
encryption. Amazon released version v51.2.1 of its Silk browser, patching a
vulnerability that allows Google searches to be conducted without Secure Sockets
Layer (SSL) protection, potentially allowing the flaw to be exploited in
man-in-the-middle (MitM) attacks. Source: https://www.helpnetsecurity.com/2016/07/26/amazon-silk-bug-encryption/
20. July 25,
Softpedia – (International) Windows 10 disk cleanup utility abused to
bypass UAC. Security researchers advised Microsoft Windows 10 users to
disable or uncheck the “Run with the highest privileges” option in the Disk
Cleanup utility following the discovery of a method to bypass the Windows User
Access Control (UAC) security system, potentially allowing malicious files to
be executed without alerting users. Once the Disk Cleanup app is executed, it
copies DismHost.exe and Dynamic Link Libraries (DLL) files, and loads the
LogProvider.dll as the last DLL file, allowing time for an attacker to launch
an attack. Source: http://news.softpedia.com/news/windows-10-disk-cleanup-utility-abused-to-bypass-uac-506614.shtml
Communications Sector
21. July 22,
U.S. Department of Justice – (National) Defendants charged with
participating in sophisticated international cell phone fraud scheme. The
U.S. Department of Justice announced July 22 that three Florida residents were
charged for their participation in a global cell phone fraud scheme where the
defendants and co-conspirators stole access to and fraudulently opened new cell
phone accounts using the personal information of individuals around the U.S.,
in order to transmit thousands of international calls to Cuba, Jamaica, the
Dominican Republic, and other countries with high calling rates. The
conspirators also used reprogrammed cell phones and additional
telecommunications equipment to run illegal call-termination businesses. Source:
https://www.justice.gov/opa/pr/defendants-charged-participating-sophisticated-international-cell-phone-fraud-scheme
For another story, see item 18 above in the Information Technology Sector