Tuesday, December 15, 2015



Complete DHS Report for December 15, 2015

Daily Report                                            

Top Stories

• Nissan Motor Company Ltd recalled nearly 34,000 model year 2015 Rogue sport utility vehicles December 12 due to a faulty shift selector knob that can cause the vehicle to unexpectedly move out of the park position. – Associated Press

2. December 12, Associated Press – (National) Nissan recalling recent Rogue models with shift defect. Nissan Motor Company Ltd announced the nationwide recall of nearly 34,000 model year 2015 Rogue sport utility vehicles December 12 due to a faulty shift selector knob that can cause the vehicle to unexpectedly move out of the park position.

• The Santa Clara Valley Medical Center in San Jose announced December 13 that 368 parents, 308 employees, and 350 infants were possibly exposed to tuberculosis at the hospital after an employee was suspected of having active tuberculosis. – CNN

16. December 13, CNN – (California) 350 infants may have been exposed to tuberculosis at California hospital. The Santa Clara Valley Medical Center in San Jose announced December 13 that 368 mothers or parents, 308 employees, and 350 infants were possibly exposed to tuberculosis at the hospital due to an employee who was suspected of having active tuberculosis. The employee was placed on leave in mid-November and officials stated that the risk of infection is low.

• Security researchers from Bugsec Group and Cynet reported the flaw, FireStorm can exhausted enterprise-grade firewalls and extract data out of corporate networks via Transmission Control Protocol (TCP) handshakes.– Softpedia See item 24 below in the Information Technology Sector

• Officials reported that bomb threats across three States in several malls prompted the evacuation of thousands of shoppers and prompted mall closures while police crews searched the buildings for explosive devices December 12. – Reuters

26. December 13, Reuters – (National) Malls in 3 U.S. states evacuated on busy holiday shopping day. Officials reported that bomb threats across three States in multiple malls including Largo Mall in Florida, Shops at Riverside in New Jersey, and the Animas Valley Mall in New Mexico, prompted the evacuation of thousands of shoppers and prompted mall closures while police crews searched the buildings for explosive devices December 12. Police found no traces of bomb devices in the facilities and reopened all the malls. Source: http://www.msn.com/en-us/news/us/malls-in-3-us-states-evacuated-on-busy-holiday-shopping-day/ar-BBntYWu?li=BBnb7Kz
  
Financial Services Sector

4. December 11, South Florida Sun-Sentinel – (National) Nine South Floridians charged in $6.6 million stock fraud. Federal prosecutors unsealed an indictment December 11 charging 9 South Florida residents for allegedly netting $6.6 million in a fraudulent stock investment scheme affecting 150 victims through Oxford City Football Club Inc. The group claimed that the business was profiting millions through its sports, education, media, and real estate acquisitions. Source: http://www.sun-sentinel.com/news/fl-fraud-oxford-city-20151211-story.html

5. December 11, U.S. Securities and Exchange Commission – (National) SEC: Sports team offering is a penny stock fraud. Authorities from the U.S. Securities and Exchange Commission announced December 11 that Oxford City Football Club Inc., and its chief executive officer were charged for allegedly raising over $6.5 million from inexperienced investors who were misled to believe that the Florida-based penny stock company was profiting millions from sports teams, academic institutions, and real estate holdings through pressure tactics and a boiler room scheme. Source: http://www.sec.gov/news/pressrelease/2015-278.html

6. December 11, U.S. Department of Justice – (National) Former New York City corrections officer pleads guilty to multimillion dollar tax refund conspiracy. A New York resident pleaded guilty December 11 for his role in a scheme to defraud the Internal Revenue Service (IRS) of more than $3.4 million by submitting fraudulent 1099-OID tax forms. The man worked alongside a former IRS employee and a third co-conspirator who collected fees from clients and supplied correspondence containing false claims to send to the agency. Source: http://www.justice.gov/opa/pr/former-new-york-city-corrections-officer-pleads-guilty-multimillion-dollar-tax-refund

7. December 10, Newark Star-Ledger – (New Jersey) 12 charged in ‘elaborate’ $3M credit card scheme, AG says. New Jersey officials announced December 9 that 12 foreign nationals and U.S. citizens were charged in connection to a credit card scheme that stole $3 million by passing bad checks and making fake credit card payments. The group would create false identities by pairing real Social Security numbers with phony names and birth dates to open checking accounts and credit cards online, which they would max out through shell companies. Source: http://www.nj.com/news/index.ssf/2015/12/12_charged_in_elaborate_credit_card_scheme_that_st.html

Information Technology Sector

22. December 14, SecurityWeek – (International) Twitter warns users of state sponsored hacking. Twitter reported December 14 that its customers’ user names, Internet Protocol (IP) addresses, phone numbers, and email addresses may have been compromised after a potential state sponsored attack occurred in its systems. Twitter officials advised users to use Tor Project, a software enabling anonymous communication, to protect affected users on social networks. Source: http://www.securityweek.com/twitter-warns-users-state-sponsored-hacking

23. December 12, Softpedia – (International) Malware spread via The Guardian’s Article on cybercrime. Researchers from FireEye discovered a report, hosted on The Guardian’s Web site about cybercrime, had a flaw in one of its links that was redirecting users to an Angler Exploit Kit installation that would search targets’ personal computers (PC) for the CVE-2014-6332 flaw, which is a Windows Object Linking and Embedding (OLE) Automation Remote Code Execution vulnerability, triggered through VBScript. The Guardian is working to patch the vulnerability. Source: http://news.softpedia.com/news/malware-spread-via-the-guardian-s-article-on-cybercrime-497519.shtml

24. December 11, Softpedia – (International) FireStorm vulnerability leaves next-gen enterprise firewalls open to attacks. Security researchers from Bugsec Group and Cynet reported a vulnerability, dubbed FireStorm, that can exhausted enterprise-grade firewalls and extract data out of corporate networks via Transmission Control Protocol (TCP) synchronize (SYN) packets by avoiding a full TCP connection, allowing the flaw to disguise its connection type, source, or target from corporate firewalls. Source: http://news.softpedia.com/news/firestorm-vulnerability-leaves-next-gen-enterprise-firewalls-open-to-attacks-497481.shtml

For another story, see item 25 below in the Communications Sector

Communications Sector

25. December 14, SecurityWeek – (International) Wireless Routers plagued by unpatched flaws. Security researchers from Ethical Reporting discovered wireless SOHO routers from ZyXEL, Belkin, ReadyNet, Amped Wireless, Buffalo, and Netgear had several unpatched vulnerabilities including authentication bypass flaws, remote code execution flaws, default credential flaws, and DNS spoofing flaws, among other vulnerabilities, that can allow attackers to access potentially sensitive application program interface (API) and alter an infected device’s settings. Source: http://www.securityweek.com/wireless-routers-plagued-unpatched-flaws