Complete DHS Report for January 13, 2017
Daily Report
Top Stories
• Ford Motor Company issued a recall January 12 for 654,695 of its
model years 2005 – 2009 vehicles sold in select makes to replace fatally flawed
Takata Corporation passenger-side airbags. – TheCarConnection.com
4. January 12, TheCarConnection.com
– (International) Takata airbag recall list balloons again: 816,000
Ford, Lincoln, Mercury vehicles added. Ford Motor Company issued a recall
January 12 for 654,695 of its model years 2005 – 2009 vehicles sold in select
makes in the U.S. to replace fatally flawed Takata Corporation passenger-side
airbags. The recall also includes 161,174 vehicles registered in Canada. Source:
http://www.thecarconnection.com/news/1108318_takata-airbag-recall-list-balloons-again-816000-ford-lincoln-mercury-vehicles-added
• The Volkswagen Group agreed to pay $4.3 billion in criminal
fines and civil penalties and pleaded guilty January 11 after the company
rigged more than 500,000 vehicles with software to cheat pollution laws and
lied to U.S. investigators about the nature of the conspiracy. – USA Today
6. January 11, USA Today –
(International) VW pleads guilty to conspiracy, obstruction of justice; 6
execs charged. The Volkswagen Group agreed to pay $4.3 billion in criminal
fines and civil penalties and pleaded guilty January 11 after the company
rigged more than 500,000 vehicles with software to cheat pollution laws and
lied to U.S. investigators about the nature of the conspiracy. Six German
Volkswagen executives were also charged January 11 for their alleged roles in
the scheme. Source: http://www.usatoday.com/story/money/cars/2017/01/11/volkswagen-epa-doj-department-of-justice-settlement/96439678/
• Straight Path Communications, Inc. agreed to pay $15 million
January 12 to resolve an investigation into its former parent company IDT Corp.
and its spectrum licenses following claims of fraud made against the company by
an anonymous shortseller. – Reuters See item 21
below in the Communications Sector
• Ameren Missouri announced January 10 that the Lake of the
Ozarks’ Bagnell Dam will receive $52 million worth of structural upgrades. – St.
Louis Post-Dispatch
25. January 10, St. Louis
Post-Dispatch – (Missouri) Dam at Lake of the Ozarks to receive
$52-million structural upgrades. Ameren Missouri announced January 10 that
the Lake of the Ozarks’ Bagnell Dam will receive $52 million worth of
structural upgrades, including outfitting the dam with 68 new anchors to hold
it into the bedrock, and adding over 66 million pounds of new concrete to
better secure the dam, among other improvements. The project will begin in
March 2017 and is expected to take 18 months to complete. Source: http://www.stltoday.com/business/local/dam-at-lake-of-the-ozarks-to-receive--
million/article_bb767264-a7d1-5ae7-b0dc-6c7a0dc4b241.html
Financial Services Sector
Nothing to report
Information Technology Sector
16. January 12,
SecurityWeek – (International) Eight vulnerabilities patched in
WordPress. WordPress version 4.7.1 was released, resolving a total of 8
security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws,
several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue
related to multisite activation keys.
17. January 12,
SecurityWeek – (International) Four high severity DoS flaws patched in
BIND. The Internet Systems Consortium (ICS) released BIND versions
9.9.9-P5, 9.10.4-P5, 9.11.0-P2, and 9.9.9-S7 addressing four high severity
denial-of-service (DoS) flaws that can be remotely exploited to cause the BIND
name server process to encounter an assertion failure and stop executing. ICS
stated it was not aware of the vulnerabilities being actively exploited.
18. January 11,
SecurityWeek – (International) Command execution vulnerability patched
in Ansible. Red Hat released updates for the Ansible IT automation platform
addressing a security bypass vulnerability after security researchers from
Computest found that a flaw in the controller, the central node in an Ansible
installation, could be leveraged by an attacker to bypass filters and gain
control of certain facts to execute arbitrary code on the controller, and
subsequently move to the other hosts. Source: http://www.securityweek.com/command-execution-vulnerability-patched-ansible
19. January 11,
SecurityWeek – (International) Powerful “Spora” ransomware lets victims
pay for immunity. Security researchers from Emsisoft warned that a newly
observed ransomware, dubbed Spora is distributed via spam emails masked as
invoices and leverages Windows CyrptoAPI for encryption, using a mix of RSA and
Advanced Encryption Standard (AES) that allows the ransomware to encrypt files
without a command and control (C&C) server connection, as well as ensuring
that a decryption tool developed for one victim will not work for another
victim. The researchers also found that Spora is able to determine how much ransom
a victim should pay by creating creates statistics of the targets to encrypt
and saving them to a .KEY file as a set of six numbers. Source: http://www.securityweek.com/powerful-spora-ransomware-lets-victims-pay-immunity
20. January 11,
SecurityWeek – (International) RIG grabs 35% of exploit kit market in
December. Symantec researchers reported that the RIG exploit kit (EK) was
responsible for nearly 35 percent of the total EK activity during December
2016, with Fiesta at roughly 4 percent, and the Magnitude EK at about 3
percent. The number of Web attacks blocked by Symantec increased by about 33
percent in December 2016 after the company blocked 388,000 attacks per day in
comparison to the 291,000 attacks blocked per day in November 2016. Source:
http://www.securityweek.com/rig-grabs-35-exploit-kit-market-december
Communications Sector
Nothing to report