Complete DHS Report for February 2, 2016
Daily Report
Top Stories
• The U.S. Food and Drug Administration (FDA) issued a ban
January 29 on the import and sale of genetically engineered salmon until the
FDA finalizes its labeling guidelines. – Washington Post
11. January
29, Washington Post – (National) FDA bans imports of genetically engineered salmon
-- for now. The U.S. Food and Drug Administration (FDA) issued a ban
January 29 on the import and sale of genetically engineered salmon after the
Federal government passed a bill which instructed regulators to forbid the sale
of genetically engineered salmon until the FDA finalizes labeling guidelines. Source: https://www.washingtonpost.com/news/to-your-health/wp/2016/01/29/fda-bans-imports-of-genetically-engineered-salmon-for-now/
• Sheriff’s officials reported January 31 that all 3
inmates who escaped from the Men’s Central Jail in Orange County January 22
were back in custody after 1 turned himself in January 29 while the other 2
were arrested January 30. – Associated Press
15. January
31, Associated Press – (California) 2 remaining escapees returned to southern
California jail. The Orange County Sheriff’s officials reported January 31
that all 3 inmates who escaped from the Men’s Central Jail in California
January 22 were back in custody after 1 turned himself in January 29 while the
other 2 were arrested January 30 after a civilian reported seeing a parked
vehicle similar to the one authorities were searching for. An investigation
into their escape is ongoing. Source: http://www.foxnews.com/us/2016/01/31/2-remaining-escapees-returned-to-southern-california-jail.html
• Wendy’s restaurant chain is investigating February 1 a
possible data breach in their information technology (IT) networks after
reports revealed that stores in the Midwest and East Coast may have had their
customers’ cards illegally stolen and used in fraudulent transactions. – Softpedia
21. February
1, Softpedia – (National) Wendy’s restaurant chain is investigating data breach.
Officials from Wendy’s fast food restaurant chain is investigating February
1 a possible data breach in their information technology (IT) networks after
reports from the company’s financial sector revealed that stores in the Midwest
and East Coast may have had their customers’ cards illegally stolen and used in
fraudulent transactions outside the restaurant chain. Officials reported that
they are unsure how many stores were affected.
Source: http://news.softpedia.com/news/wendy-s-restaurant-chain-is-investigating-data-breach-499704.shtml
• Denver police reported January 30 that the second day of
the 38th Annual Colorado Motorcycle Expo was cancelled after two motorcycle
gangs allegedly opened fire, injured seven people, and killed one other. – Denver
Post
24. January
30, Denver Post – (Colorado) Denver cancels second day of motorcycle expo after
shooting kills one. The Denver Police Department reported January 30 that
the second day of the 38th Annual Colorado Motorcycle Expo was cancelled due to
safety concerns after two motorcycle gangs allegedly shot four people, injured
two people, and killed one other at the conference. Officials believe there was
more than one shooter and are investigating the incident. Source: http://www.denverpost.com/news/ci_29453858/shootings-stabbings-reported-at-denver-coliseum
Financial Services Sector
3. January
31, U.S. Securities and Exchange Commission – (National) Barclays,
Credit Suisse charged with dark pool violations. The U.S. Securities and
Exchange Commission announced January 31 that Barclays Capital Inc., and Credit
Suisse Securities LLC agreed to pay a combined $154.3 million to settle
separate charges that the companies violated Federal securities laws while
operating alternative trading systems known as dark pools and Credit Suisse’s
Light Pool after Barclays Capital Inc., misrepresented its efforts to police
its dark pool, overrode its surveillance tool, and misled its subscribers about
data feeds. Officials stated that Credit Suisse LLC failed to operate as
advertised and did not comply with numerous regulatory requirements.
4. January
29, U.S. Department of Justice – (International) Founder of
Liberty Reserve pleads guilty to laundering more than $250 million through his
digital currency business. The founder of Liberty Reserve pleaded guilty
January 29 to 1 count of conspiracy to commit money laundering after he
laundered more than $250 million through his underworld cyber-banking system
which allowed over 5 million users to conduct anonymous and untraceable illegal
transactions, and to distribute, store, and launder the proceeds of their
crimes. In addition, charges against two co-conspirators and the company remain
pending. Source: http://www.justice.gov/opa/pr/founder-liberty-reserve-pleads-guilty-laundering-more-250-million-through-his-digital
Information Technology Sector
17. February
1, SecurityWeek – (International) New Cross-Platform backdoors target Linux,
Windows. Security researchers from Kaspersky Lab reported that the Linux
backdoor dubbed OLMyJuxM.exe was recently found infecting Window-based systems
with new capabilities similar to the 32-bit Windows variant of the DropboxCache
and uses the same filename templates to steal screenshots, audiocaptures,
keylogs, and other arbitrary data by using the SetWindowsHook API for keylogger
functionality to contact the command and control (C&C) server for commands,
and sends a heartbeat signal via Hypertext Transfer Protocol (HTTP) similar to
the Linux variant. Users were advised to have an anti-virus program enabled on
their systems, to avoid opening emails from unknown sources, and to avoid
installing applications from untrusted sources.
18. January
31, Softpedia – (International) OS X Security Compromised via the update
process of many popular Mac apps. Sparkle released version 0.13.1 that
patched a flaw in its Sparkle Updater framework, used to disseminate app
updates to Apple Mac users after a security researcher discovered that all the
updated information was sent out in Hypertext Transfer Protocol (HTTP), which
can allow an attacker to set up a Man-in-the-Middle (MitM) attack by
intercepting update requests from the Appcast server and modifying the update
message Extensible Markup Language (XML) request to add their own malicious
code. Source: http://news.softpedia.com/news/os-x-security-compromised-via-the-update-process-of-many-popular-mac-apps-499666.shtml
19. January
30, Softpedia – (International) iOS app hot patching reveals a gaping
security hole in Apple’s Walled Garden. Security researchers from FireEye
discovered a process flaw in how Apple’s iOS developers patch their
applications using the JSPatch library after researchers found they could
deliver malicious instructions to test application, such as loading sensitive
local iOS application program interfaces (APIs) and using them to access
personal information, which was an unapproved function. The JSPatch engine
translates the JavaScript code into Objective-C, which can allow any type of
iOS exploit to be executed. Source: http://news.softpedia.com/news/ios-app-hot-patching-reveals-a-gaping-security-hole-in-apple-s-walled-garden-499654.shtml
20. January
29, SecurityWeek – (International) Firefox warns of password requests over HTTP.
Firefox released updates to its Mozilla browser, starting with Firefox
DevEdition 46 that warned users when passwords were requested over non-secure
connections and advised users to only provide passwords on secure connections
such as Hypertext Transfer Protocol (HTTP) after a security researcher
discovered the non-secure Web sites could be manipulated by a Man-in-the-Middle
(MitM) attacker. The new Mozilla feature will check each web page against the
algorithm in the World Wide Web Consortium’s (W3C) Secure Contexts
Specification to determine whether the page is secure or not, and will warn
security developers if the page is not secure.
Communications Sector
Nothing to report