Monday, August 8, 2016



Complete DHS Report for August 8, 2016

Daily Report                                            

Top Stories

• General Motors issued a recall August 4 for 42,984 of its model year 2011 Buick Regal vehicles due to faulty wiring harness covers that may be worn down over time and cause a short circuit, thereby increasing the risk of a fire. – TheCarConnection.com

3. August 4, TheCarConnection.com – (National) 2016 – 2017 Buick Envision, 2011 Buick Regal recalled: nearly 48,000 U.S. vehicles affected. General Motors issued a recall August 4 for 42,984 of its model year 2011 Buick Regal vehicles equipped with 8-way power adjustable front seats sold in the U.S. due to faulty wiring harness covers that may be worn down over time and cause a short circuit, thereby increasing the risk of a fire. The recall also affects 4,558 of its model years 2016 –2017 Buick Envision vehicles due to inaccurate maximum weight information printed on the vehicle’s information label which can cause an owner to overload the vehicle, thereby reducing the ability to control the vehicle and increasing the risk of a crash.

• The Ford Motor Company issued a recall August 4 for 766,682 of its model years 2012 – 2016 vehicles in select makes sold in the U.S. due to faulty side door latches that could unlatch when driving, thereby increasing the risk of injury. – CNBC

4. August 4, CNBC – (International) Ford recalls 830,000 2012 –2016 Ford and Lincoln vehicles to fix latches. The Ford Motor Company issued a recall August 4 for 766,682 of its model years 2012 – 2016 vehicles in select makes sold in the U.S. due to faulty side door latches that could unlatch when driving, thereby increasing the risk of injury. The recall affects an additional 61,371 vehicles sold in Mexico. Source: http://www.cnbc.com/2016/08/04/ford-recalls-830000-2012-2016-ford-and-lincoln-vehicles-to-fix-latches.html

• Maryland officials announced August 3 that the owner and operator of 6 Liberty Tax franchises in Baltimore has been permanently barred from preparing Federal tax returns after she allegedly filed 1,222 fraudulent returns. – U.S. Department of Justice See item 7 below in the Financial Services Sector

• Officials announced August 4 that Advocate Health Care Network agreed to pay $5.55 million to resolve alleged violations of Federal patient privacy laws related to three separate data breaches in 2013 that compromised the electronic health information of about 4 million patients. – Chicago Tribune

18. August 5, Chicago Tribune – (National) Advocate to pay $5.5 million over data breach: record HIPAA settlement. The U.S. Department Health and Human Services (HSS) Office for Civil Rights announced August 4 that Advocate Health Care Network agreed to pay $5.55 million to resolve alleged violations of Federal patient privacy laws related to three separate data breaches in 2013 involving its subsidiary, Advocate Medical Group that compromised the electronic health information of about 4 million patients, including medical information, names, and credit card numbers, among other data. HHS’ investigation into the breaches found that company failed to adequately limit access to its information systems, failed to properly assess the risks associated with the data, and failed to protect an encrypted laptop containing sensitive data. Source: http://www.chicagotribune.com/business/ct-advocate-settlement-privacy-0805-biz-20160804-story.html

Financial Services Sector

7. August 3, U.S. Department of Justice – (Maryland) Federal court permanently bars Maryland tax preparer from preparing federal tax returns. The U.S. District Court for the District of Maryland announced August 3 that the owner and operator of 6 Liberty Tax franchises in Baltimore has been permanently barred from preparing Federal tax returns after she allegedly filed 1,222 fraudulent tax returns that reported false household help incomes, among other fraudulent claims, and intentionally omitted Social Security Income and Wage and Tax Statement income. The charges also allege that the tax preparer kept each refund as a fee and paid customers a $50 cash payment as part of Liberty Tax’s “Cash-in-a-Flash” promotion. Source: https://www.justice.gov/opa/pr/federal-court-permanently-bars-maryland-tax-preparer-preparing-federal-tax-returns

Information Technology Sector

22. August 5, Softpedia – (International) HEIST attack can steal data from HTTP-encrypted traffic. Two security researchers discovered hackers could carry out a Web-based attack, dubbed HEIST to steal encrypted content from Hypertext Transfer Protocol Secure (HTTPS) traffic by embedding special JavaScript code on a Webpage that fetches content via a hidden JavaScript call from a private page containing sensitive information including credit card numbers and Social Security numbers, then pinpoints the size of the embedded data transferred in small transmission control protocol (TCP) packets using a repeated probing mechanism in order to guess the content exchanged in the HTTPS traffic. Researchers advised users to disable support for third-party cookies or JavaScript execution in their browsers to block HEIST attacks. Source: http://news.softpedia.com/news/heist-attack-can-steal-data-from-https-encrypted-traffic-507009.shtml

23. August 5, Help Net Security – (International) 58% of orgs have no controls in place to prevent insider threats. Veriato and other firms released the Insider Threat Spotlight Report which found that nearly half of the 500 cybersecurity professionals surveyed experienced an increase in insider attacks since 2015, 58 percent of organizations lack appropriate control to prevent insider attacks, and 44 percent of those surveyed were unaware if their organization had experienced an insider attack. The survey also found that the endpoint is the most common point for a malicious actor to launch an insider attack, followed by mobile devices. Source: https://www.helpnetsecurity.com/2016/08/05/prevent-insider-threats/

Communications Sector

Nothing to report