Complete DHS Report for
October
29, 2015
Daily Report
Top Stories
•
BMW announced a recall October 28 for 86,000
model year 2002 – 2005 Mini Cooper and Cooper S vehicles due to a power
steering failure issue following 339 consumer complaints. – Associated Press
2. October
28, Associated Press – (National) Mini recalls 86,000 cars to fix power steering
problems. BMW announced a recall October 28 for 86,000 model year 2002 –
2005 Mini Cooper and Cooper S vehicles due to a power steering failure issue
following a Federal investigation into 339 consumer complaints including 5
crashes and 3 fires as a result of the failure. Source:
http://www.detroitnews.com/story/business/autos/foreign/2015/10/28/mini-recall/74730982/
•
New York officials reported October 27 that 4
suspects pleaded guilty and 11 others were charged for participating in a $31
million fraudulent debt collection scheme which misled victims into paying debt
amounts greater than they owed. – Buffalo News See item 6 below in the Financial Services Sector
•
The owner of 2 medical clinics in New York
pleaded guilty October 26 to her role in a money laundering scheme that
defrauded Medicaid and Medicare programs out of $55 million. – U.S.
Department of Justice
16. October
26, U.S. Department of Justice – (New York) Owner of two New
York medical clinics pleads guilty to role in $55 million health care fraud
scheme. The U.S. Department of Justice announced October 26 that the owner
of 2 medical clinics in New York pleaded guilty to her role in a money
laundering scheme that defrauded Medicaid and Medicare programs of $55 million
by offering patients kickbacks to allow medically unnecessary therapy, testing,
and office visits that were never performed by licensed professional. The
suspect admitted to diverting funds deposited into the clinics’ bank accounts
by the Federal programs to herself, co-conspirators, and patients instead. Source: http://www.justice.gov/opa/pr/owner-two-new-york-medical-clinics-pleads-guilty-role-55-million-health-care-fraud-scheme
•
One person was killed and 20 students were
transported to area hospitals following an October 27 accident where a school
bus collided with another vehicle on U.S. Route 22 in Lehigh County,
Pennsylvania. – Fox News; Allentown Morning Call
18. October
27, Fox News; Allentown Morning Call – (Pennsylvania) One person
killed in Pennsylvania crash involving Lehigh University bus. One person
was killed and 20 students were transported to area hospitals with minor
injuries following an October 27 accident where a school bus transporting
Lehigh University students collided with another vehicle on U.S. Route 22 in
Lehigh County before flipping onto its roof. Source: http://www.foxnews.com/us/2015/10/27/13-reportedly-injured-in-pennsylvania-crash-involving-lehigh-university-bus/
Financial Services Sector
5. October
27, KSHB 41 Kansas City – (International) Johnson County man
sentenced in credit card ID fraud case. A suspect in Johnson County was
convicted by the Kansas Department of Corrections October 27 in connection to
stealing over 500 credit card account numbers from Canadian citizens through
skimming devices. The suspect re-coded the numbers on bank cards in the U.S. Source: http://www.kshb.com/news/crime/johnson-county-man-sentenced-in-credit-card-id-fraud-case
6. October
27, Buffalo News – (National) Guilty pleas by 4, charges against 11 announced in
federal fraud prosecution of Buffalo debt collectors. The U.S. attorney’s
office in Manhattan reported October 27 that 4 suspects pleaded guilty and 11
others were charged for participating in a $31 million fraudulent debt
collection scheme in which victims were misled and served threats including
felony charges and driver’s license suspensions unless they paid debts in
amounts greater than they owed. Source: http://www.buffalonews.com/city-region/guilty-pleas-by-4-charges-against-11-announced-in-federal-fraud-prosecution-of-buffalo-debt-collectors-20151027
For another story, see item 23 below in the Information Technology Sector
Information Technology Sector
22. October
28, Softpedia – (International) Adobe patches critical vulnerability in
Shockwave Player. Adobe released a patch resolving a memory corruption
vulnerability in its Shockwave Player 12.2.0.162 for Windows and Mac user after
researchers from Fortinet’s Fortiguard Labs discovered that the vulnerability
allowed attackers to compromise remote computers and execute remote code,
allowing full control of the operating system without the victim being aware. Source: http://www.securityweek.com/adobe-patches-critical-vulnerability-shockwave-player
23. October
28, Softpedia – (International) Oracle EBS fixed against XSS, XXE, and SQL
injection vulnerabilities. Oracle released patches for 154 fixes addressing
vulnerabilities in several of its products including six found by ERPScan
researchers in the Oracle E-Business Suite (Oracle EBS) including 3 XXE (XML
External Entity) injection vulnerabilities, a user enumeration flaw, a
cross-site scripting (XSS) problem, and a Structured Query Language (SQL) flaw
that could potentially give attackers administrative rights over the Oracle EBS
and its subsequent applications to access sensitive company data including
financial, human resources, supply chain, and customer support departments. Source:
http://news.softpedia.com/news/oracle-ebs-fixed-against-xss-xxe-and-sql-injection-vulnerabilities-495419.shtml
24. October
28, Securityweek – (International) Flaws in Rockwell PLCs expose operational
networks. Rockwell Automation released firmware updates and mitigations
addressing several vulnerabilities in its 1400 programmable logic controllers
(PLCs) and its MicroLogix 1100 products including a buffer overflow bug that
remotely crashes affected devices or executes arbitrary code, and a
denial-of-service (DoS) bug dubbed “FrostyURL” that can be exploited to crash
MicroLogix PLCs via a specially crafted uniform resource locator (URL) sent to
victims through email, and a cross-site scripting (XSS) vulnerability that can
be exploited to inject malicious JavaScript code in a device’s Web server,
among others. Source: http://www.securityweek.com/flaws-rockwell-plcs-expose-operational-networks
Communications Sector
Nothing to report