Complete DHS Report for June 3, 2016
Daily Report
Top Stories
• Seven automakers announced an expanded recall June 2 for nearly
4.4 million model years 2004 – 2011 vehicles sold in the U.S. due to defective
Takata Corp., passenger-side air bag inflators linked to 11 deaths and over 100
injuries globally. – Associated Press
4. June 2, Associated
Press – (International) 7 automakers add 4.4M vehicles to Takata
recall. Seven automakers announced an expanded recall June 2 for nearly 4.4
million model years 2004 – 2011 vehicles sold in the U.S. due to defective
Takata Corp., passenger-side air bag inflators equipped with ammonium nitrate,
a chemical that may deteriorate over time when exposed to variations in
temperature and cause the airbags to deploy with excessive force, spraying hot
shrapnel into vehicle passenger compartments. The defective inflators have been
linked to at least 11 deaths and over 100 injuries globally. Source: http://www.mlive.com/auto/index.ssf/2016/06/7_automakers_add_44m_vehicles.html
• Pasadena Public Health Department officials reported June 1 that
11 of the 16 patients infected by dangerous bacteria from duodenoscopes at
Huntington Hospital have died. – Los Angeles Times
15. June 1,
Los Angeles Times – (California) 11 deaths at Huntington Hospital among patients
infected by dirty scopes, city report says. Pasadena Public Health
Department officials reported June 1 that 11 of the 16 patients infected by
dangerous bacteria from duodenoscopes at Huntington Hospital have died. Health
department investigators found visible residues in the machines used to clean
the scopes and determined that the hospital was using canned compressed air
from an office supply store to dry the scopes, which is not recommended by the
manufacturer. Source: http://www.latimes.com/business/la-fi-huntington-hospital-scopes-20160601-snap-story.html
• Federal authorities announced June 1 that a Federal defendant
and former Swedish Medical Center of Colorado employee is HIV positive, and
urged approximately 3,000 patients who were potentially impacted to undergo
testing for blood-borne pathogens. – KMGH 7 Denver
16. June 1,
KMGH 7 Denver – (Colorado) Surgical tech in needle-swap scandal at Swedish
Medical Center has HIV, officials confirm. Federal authorities reported
June 1 that a Federal defendant and former Swedish Medical Center of Colorado
employee is HIV positive, and urged approximately 3,000 patients who were
potentially impacted by the suspect’s conduct to undergo testing for
blood-borne pathogens. The defendant allegedly diverted syringes containing
fentanyl from the facility and replaced them with similar syringes containing
another substance. Source: http://www.thedenverchannel.com/news/local-news/surgical-tech-in-needle-swap-scandal-at-swedish-medical-center-has-hiv-officials-confirm
• The University of California, Los Angeles campus was locked down
and classes were cancelled June 1 in response to a murder-suicide involving a
professor inside the university’s engineering complex. – Los Angeles Times
17. June 1,
Los Angeles Times – (California) Professor killed in UCLA murder-suicide was brilliant,
kind and caring, colleagues say. The University of California, Los Angeles
campus was locked down and classes were cancelled June 1 as students took cover
in response to a murder-suicide involving a professor which took place in an
office inside the university’s engineering complex. An investigation is ongoing
and classes are scheduled to resume June 2. Source: http://www.latimes.com/local/lanow/la-me-ln-ucla-shooting-20160601-snap-story.html
Financial Services Sector
6. June 1,
WVLT 8 Knoxville – (Tennessee) Couple arrested for allegedly manufacturing 80
fake credit cards. Two Tennessee residents were arrested in Kingston May 27
for allegedly manufacturing about 80 counterfeit credit and gift cards after a
routine traffic stop led authorities to the duo’s motel room, prompting a
subsequent search of the room which revealed a card reader, a machine used to
punch numbers on credit cards, and blank cards, among other illicit materials. Source: http://www.local8now.com/content/news/Couple-arrested-for-allegedly-manufacturing-80-fake-credit-cards-381588511.html
Information Technology Sector
18. June 2,
Help Net Security – (International) KeePass update check MitM flaw can lead to
malicious downloads. A security researcher reported that all versions of
KeePass, an open source password manager, were susceptible to a man-in-the-middle
(MitM) attack that could allow attackers to trick users into downloading
malware disguised as a software update as the product uses Hypertext Transfer
Protocol (HTTP) to request the current version information, allowing an
attacker to modify the server response. A KeePass developer stated the
vulnerability will not be fixed as the cost of switching to Hypertext Transfer
Protocol Secure (HTTPS) make it a inviable solution.
19. June 2,
SecurityWeek – (International) Cisco fixes flaws in network analysis
modules. Cisco released patches addressing high and medium severity
vulnerabilities in its Prime Network Analysis Module products that could allow
a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition
by sending a specially crafted Internet Protocol v6 (IPv6) packets on the
network, as well as remotely execute arbitrary commands on the underlying
operating system via specially crafted Hypertext Transfer Protocol (HTTP). Source:
http://www.securityweek.com/cisco-fixes-flaws-network-analysis-modules
20. June 1,
Softpedia – (International) Google fixes 15 security bugs in Chrome,
awards $26,000 to researchers. Google released version 51.0.2704.79 for its
Chrome Web browser which fixes 15 security flaws including two high-level
vulnerabilities that could allow attackers to bypass the browser’s cross-origin
code execution restrictions and run malicious code via the Blink engine and its
Extensions component. The new Web browser version also patched some flaws that
crashed the browser or scrambled up its download file paths. Source: http://news.softpedia.com/news/google-fixes-15-security-bugs-in-chrome-awards-26-000-to-researchers-504764.shtml
21. June 1,
Softpedia – (International) Microsoft patches Outlook.com to fix recent
spam flood. Microsoft released a patch for its Outlook and Hotmail products
after the company received reports of a massive spam flood that bypassed the
products spam filters, allowing hackers to inundate users with Viagra ads and
Russian bride ads. Source: http://news.softpedia.com/news/microsoft-patches-outlook-com-to-fix-recent-spam-flood-504753.shtml
22. June 1,
SecurityWeek – (International) ABB patches password flaws in substation
automation tool. ABB released software updates for one of its substation
automation products, PCM600 after a security researcher from Positive
Technologies found several vulnerabilities in industrial control systems (ICS)
and found that the PCM600 product was plagued with four password-related flaws.
The flaw can be exploited via the hash, which can be easily broken and allow an
attacker to obtain the password. Source: http://www.securityweek.com/abb-patches-password-flaws-substation-automation-tool
23. June 1,
SecurityWeek – (International) User data possible stolen in Scrum.org hack. Scrum.org
released a patch and warned its users that their usernames, email addresses,
encrypted passwords, password decryption keys, profile pictures, and
certification information may have been compromised after an investigation revealed
that an unknown user had created a new admin account on the mail server and
modified the settings. In addition, Scrum.org was notified that its software
was plagued with a flaw that could be exploited to conduct the same malicious
activities.
Communications Sector
Nothing to report