Monday, September 28, 2015



Complete DHS Report for September 28, 2015

Daily Report                                            

Top Stories

  • Hyundai Motor Co., issued a recall for 470,000 model years 2011 – 2012 Sonata 2-liter and 2.4-liter sedans due to an issue with metal debris in the car’s crankshaft which could lead to an engine stall. – Associated Press (See item 4)

4. September 25, Associated Press – (National) Hyundai recalls 470,000 Sonatas to fix critical engine problem. Hyundai Motor Co., issued a recall for 470,000 model years 2011 – 2012 Sonata 2-liter and 2.4-liter sedans due to the possible presence of metal debris in the car’s crankshaft, which could restrict oil flow and lead to an engine stall. Owners will be notified November 2. Source: http://www.cnbc.com/2015/09/25/hyundai-recalls-470000-sonatas-to-fix-critical-engine-problem.html

• Four international students from North Seattle College were killed and 51 others were injured September 24 after a charter bus filled with 45 students collided with a “duck tour” vehicle on Seattle’s Aurora Bridge. – NBC News

10. September 25, NBC News – (Washington) Four college students killed when duck boat and charter bus crash in Seattle. The National Transportation Safety Board is investigating a September 24 incident where 4 international students from North Seattle College were killed and 51 people were injured after a charter bus filled with 45 students collided with a “duck tour” vehicle on the Aurora Bridge in Seattle. Source: http://www.nbcnews.com/news/us-news/seattle-bus-collides-duck-tour-killing-2-officials-say-n433156

 • Authorities reported September 24 that a combination of 12 inmates, prison employees, parolees, and civilians were allegedly found to be a part of a drug and identity theft ring taking place in Georgia prisons. – WXIA 11 Atlanta

20. September 24, WXIA 11 Atlanta – (Georgia) 12 indicted in prison cell phone bust. Authorities announced September 24 that a combination of 12 inmates, prison employees, parolees, and civilians were allegedly part of a drug and identity theft ring that took place in Georgia prisons. The scheme reportedly involved smuggling prescription pain medication, illegal drugs, alcohol, tobacco, and cell phones into the prisons where the inmates would use the phones to steal identities from victims in Cobb and Gwinnett counties. Source: http://www.11alive.com/story/news/crime/2015/09/24/12-indicted-prison-cell-phone-bust/72768876/

 • U.S. regulators reported September 24 that Hamilton Relay, InnoCaption, and Sprint Corp., reached a $1.4 million settlement resolving allegations over the companies’ 9-1-1 handling for hard-of-hearing callers. – U.S. Federal Communications Commission See item 27 below in the Communications Sector

Financial Services Sector

5. September 24, U.S. Securities and Exchange Commission – (International) SEC charges six in stock fraud scheme. The U.S. Securities and Exchange Commission charged 6 suspects for an investment scheme in which the suspects allegedly conspired to secretly issue $72 million Gerova shares to a family friend in Kosovo through a friend’s brokerage accounts, while bribing an investment adviser to stabilize Gerova shares in 2010. The suspects reportedly received at least $16 million in illicit profits through the scheme, and face criminal charges under a separate parallel action. Source: http://www.sec.gov/litigation/litreleases/2015/lr23360.htm

6. September 24, Reuters – (New Jersey) New Jersey’s Hudson City Bank to pay some $33 mln in redlining case. Hudson City Bancorp agreed September 24 pay $33 million in loan subsidies, community programs and outreach, and penalties to settle U.S. Department of Justice and Consumer Financial Protection Bureau allegations that the company discriminated against prospective black and Hispanic home buyers by attempting to avoid locating branches and marketing mortgages in neighborhoods with a majority of black and Hispanic residents. Source: http://www.reuters.com/article/2015/09/24/hudson-city-bcp-discrimination-idUSL1N11U1T320150924

7. September 24, Newark Patch – (New Jersey) N.J. bank fraud: Founder of defunct charter flight company pleads guilty. The former chief financial officer and co-founder of Southern Sky Air & Tours pleaded guilty September 23 to conspiracy to commit wire and bank fraud through a scheme in which he used fake documents and inflated revenue figures to defraud a New Jersey bank and other financial institutions out of millions of dollars. Source: http://patch.com/new-jersey/newarknj/nj-bank-fraud-founder-defunct-charter-flight-company-pleads-guilty

8. September 24, InsideNoVa.com – (National) ‘Black Hat Bandit’ pleads guilty to 9 bank robberies. The suspect dubbed the “Black Hat Bandit” pleaded guilty September 24 in connection to 9 bank robberies throughout Virginia, Maryland, and Washington, D.C. earlier this year from January – March and resulted in more than $180,000 in losses to BB&T and Wells Fargo bank branches that he struck. Source: http://www.insidenova.com/headlines/black-hat-bandit-pleads-guilty-to-bank-robberies/article_a417d4f4-62e0-11e5-b049-df27a854c2b7.html

9. September 24, IDG News Service – (International) New malware infects ATMs, dispenses cash on command. Security researchers from Proofpoint detected a new malware ATM malware program dubbed GreenDispenser that allows attackers to withdraw cash on demand by hooking into the eXtensions for Financial Services (XFS) middleware on Microsoft Windows-based ATMs. The malware was first spotted in Mexico, and researchers warned it will likely spread quickly to the U.S. Source: http://www.computerworld.com/article/2985860/malware-vulnerabilities/new-malware-infects-atms-dispenses-cash-on-command.html#tk.rss_security

Information Technology Sector

22. September 25, Securityweek – (International) Vulnerabilities found in several SCADA products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published advisories identifying vulnerabilities in supervisory control and data acquisition (SCADA) products, including a privilege escalation bug in Resource Data Management’s Data Manager that could allow an attacker to change the passwords of users, a cross-site request forgery (CSRF) that an attacker could use to perform actions on behalf of authenticated users, and other vulnerabilities in IBC Solar and EasyIO products. Source: http://www.securityweek.com/vulnerabilities-found-several-scada-products

23. September 25, Help Net Security – (International) Cisco releases tool for detecting malicious router implants. Cisco Systems released a Python script called the SYNful Knock Scanner which scans networks for routers compromised by malicious SYNful Knock implants and provides next steps to users with affected routers. Source: http://www.net-security.org/malware_news.php?id=3114

24. September 25, The Register – (International) XcodeGhost-infected apps open gates to malware hijacking. Security researchers from Palo Alto Networks reported that the DES ECB mode-encrypted communication streams between XcodeGhost-infected applications and the attacker’s command-and-control (C&C) servers lack proper encryption, leaving them vulnerable to man-in-the-middle (MitM) attacks that could expose affected users to additional malware. Source: http://www.theregister.co.uk/2015/09/25/xcodeghost_mitm_palo_alto/

25. September 25, Softpedia – (International) Kovter malware now lives solely in the Windows registry. Security researchers from Symantec discovered a new version of the Kovter trojan that reportedly mimics the Poweliks malware’s survival methods, including the ability to hide its code in the Microsoft Windows registry, ensuring persistence and serving as an entry point for other malware. The Kovter trojan focuses primarily on click-fraud, and 56 percent of all infections have targeted U.S. users. Source: http://news.softpedia.com/news/kovter-malware-now-lives-solely-in-your-computer-s-registry-492722.shtml

26. September 24, Threatpost – (International) Cisco patches denial-of-service, bypass vulnerabilities in IOS. Cisco released updates for its IOS router and switch software addressing three denial-of-service (DoS) vulnerabilities and one authentication bypass flaw affecting RSA-based user authentication in which an attacker knowing a legitimate username and the user’s public key could log in with their privileges. Source: https://threatpost.com/cisco-patches-denial-of-service-bypass-vulnerabilities-in-ios/114792/

For another story, see item 9 above in the Financial Services Sector

Communications Sector

27. September 24, U.S. Federal Communications Commission – (National) Companies fined $1.4 million for failing to accept 911. The U.S. Federal Communications Commission’s (FCC) Enforcement Bureau reported September 24 that Hamilton Relay, InnoCaption, and Sprint Corp., reached a settlement totaling $1.4 million to resolve allegations of the companies’ inability to handle 9-1-1 calls through applications used by callers who are hard of hearing over periods varying from 5 weeks to approximately 10 months. Source: https://www.fcc.gov/document/cos-fined-14m-failing-accept-911-calls-hearing-impaired-0