Thursday, November 17, 2016
Complete DHS Report for November 17, 2016
• Mazda Motor Corporation issued a recall November 15 for 69,477 of its model years 2004 – 2008 Mazda RX-8 vehicles sold in the U.S. due to a problem affecting the fuel pump’s sealing rings. – TheCarConnection.com
2. November 15, TheCarConnection.com – (National) 2004-2008 Mazda RX-8 recalled for fire risk: nearly 70,000 U.S. vehicles affected. Mazda Motor Corporation issued a recall November 15 for 69,477 of its model years 2004 – 2008 Mazda RX-8 vehicles sold in the U.S. due to an issue with the fuel pump’s sealing rings, which can deteriorate over time when exposed to high temperatures and cause the pumps to leak fuel, thereby creating a fire hazard. Mazda has confirmed seven incidences of the sealing rings failing. Source: http://www.thecarconnection.com/news/1107294_2004-2008-mazda-rx-8-recalled-for-fire-risk-nearly-70000-u-s-vehicles-affected
• A disbarred Tulsa County, Oklahoma attorney pleaded guilty November 15 after he embezzled $587,000 from probate estate accounts at the Bank of Oklahoma from August 2012 – October 2015. – KOTV 6 Tulsa See item 3 below in the Financial Services Sector
• Three men were indicted November 15 for their alleged involvement in a more than $5 million investment scam where the trio persuaded investors to funnel funds into a new social media platform they created. – Huntington Patch See item 4 below in the Financial Services Sector
• Tennessee officials reported November 15 that code orange air quality alerts remain in effect for several regions across the State due to poor air quality stemming from 67 wildfires that have burned a total of 15,914 acres. – WKRN 2 Nashville
17. November 15, WKRN 2 Nashville – (Tennessee) More than 60 wildfires still burn in Tennessee; arson suspected in nearly half. Tennessee officials reported November 15 that code orange air quality alerts remain in effect for several regions across the State due to poor air quality stemming from 67 wildfires that have burned a total of 15,914 acres. The Tennessee Department of Health stated that more than 200 residents in Chattanooga have been hospitalized due to breathing difficulties related to the fires.
Financial Services Sector
3. November 15, KOTV 6 Tulsa – (Oklahoma) Former Tulsa attorney pleads guilty to embezzling almost $600K. A disbarred Tulsa County, Oklahoma attorney pleaded guilty November 15 after he embezzled $587,000 from probate estate accounts at the Bank of Oklahoma from August 2012 – October 2015 by illegally using checks made out to himself, diverting funds from the probate estates, and depositing the checks into his business and personal accounts to use for personal expenses. Source: http://www.newson6.com/story/33718591/former-tulsa-attorney-pleads-guilty-to-embezzling-almost-600k
4. November 15, Huntington Patch – (National) 2 Long Island men among trio charged in $5M investment scam: DA. Three men were indicted November 15 for their alleged involvement in a more than $5 million investment scam where the trio persuaded investors to funnel funds into a new social media platform they created that was purportedly sponsored by Staples, Inc. and Myspace.com. The charges allege that the trio used the proceeds to cover personal expenses and the supposed business relationship with Staples and Myspace could not be verified. Source: http://patch.com/new-york/huntington/huntington-man-among-3-charged-5m-investment-scam-da
Information Technology Sector
20. November 16, SecurityWeek – (International) Symantec patches DLL hijacking flaw in enterprise products. Symantec released updates to resolve a dynamic-link library (DLL) flaw affecting its IT Management Suite (ITMS) 8.0, Ghost Solution Suite (GSS) 3.1, and Endpoint Virtualization (SEV) 7.x products, which could cause a rogue DLL file to be loaded by the software before the legitimate file, leading to arbitrary code execution, potentially with elevated privileges, as the affected products do not use an absolute path when loading DLL files during reboot or boot-up. Source: http://www.securityweek.com/symantec-patches-dll-hijacking-flaw-enterprise-products
21. November 16, SecurityWeek – (International) Serious flaws found in Lynxspring SCADA product. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published an advisory that revealed versions 1.1.8 and earlier of Lynxspring’s JENEsys building operating system, the BAS Bridge, is affected by four remotely-exploitable vulnerabilities after a security researcher discovered a flaw that could allow an attacker with read-only access to send maliciously crafted commands to the application and make changes within the app. The researcher also found a flaw that can be exploited to access a system without authentication by using a hardcoded username with no password, as well as a cross-site request forgery (CSRF) vulnerability that could allow an attacker to carry out various malicious actions if they convince a user into accessing a maliciously crafted link, among other flaws.
22. November 15, SecurityWeek – (International) Shazam for Mac keeps listening even when disabled. Synack security researchers reported that malware could silently spy on Apple Mac OS X users through the device’s Webcam and microphone by piggybacking on legitimate applications that utilize those components, such as the Shazam music discovery app, FaceTime, and Skype after finding that the Mac version of Shazam does not deactivate the device’s microphone once the user switches off the app. The researcher warned malware could leverage this flaw to capture audio from a device’s microphone without initiating a recording.
Nothing to report