Friday, December 23, 2016
The report upon which this is based was not published until December 27, 2016 at 11:42AM. My apologies but it is beyond my control!
Complete DHS Report for December 23, 2016
• The former director of fixed income for the New York State Common Retirement Fund and 2 representatives at separate broker-dealers were charged December 21 for their alleged roles in a $2.5 billion pay-to-play scheme. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector
• The founder and chief executive officer (CEO) of Frisco-based Texas First Financial LLC was arrested December 20 for allegedly orchestrating a Ponzi scheme that defrauded investors out of $6 million. – Downtown Austin Patch See item 5 below in the Financial Services Sector
• More than 430 flights were delayed and 59 others were canceled at Los Angeles International Airport December 21 – December 22. – ABC News
6. December 22, ABC News – (California) Holiday travelers gripe as delays pile up at Los Angeles International Airport. More than 430 flights were delayed and 59 others were canceled at Los Angeles International Airport December 21 – December 22 due to airport construction, inclement weather, and the increased number of flights and passengers.
• Community Health Plan of Washington began notifying nearly 400,000 current and former patients December 21 that their personal information, including Social Security numbers, was exposed in a data breach. – Seattle Times; Yakima Herald-Republic
18. December 22, Seattle Times; Yakima Herald-Republic – (Washington) Data breach exposes info for 400,000 Community Health Plan members. Community Health Plan of Washington is notifying nearly 400,000 current and former patients December 21 that their personal information, including Social Security numbers, was exposed in a data breach after an anonymous caller notified the firm November 7 that they had discovered a vulnerability in the computer network of the company that provides the health organization technical services. Officials stated there is no evidence that the information was misused.
Financial Services Sector
4. December 21, U.S. Securities and Exchange Commission – (International) SEC charges former New York pension official and two brokers in pay-to-play scheme.
The former director of fixed income for the New York State Common Retirement Fund and 2 representatives at separate broker-dealers were charged December 21 for their alleged roles in a pay-to-play scheme where the director used his position to divert $2.5 billion in State business to the brokers’ firms in exchange for over $100,000 worth of illicit bribes and benefits from January 2014 – February 2016. The charges allege that the scheme netted the brokers millions of dollars in commissions, and allege that the brokers provided considerable assistance to the State official in hiding the scheme from the Retirement Fund.
5. December 20, Downtown Austin Patch – (Texas) Dallas man billing self as financial guru via investment seminars arrested in alleged Ponzi scheme. The founder and chief executive officer (CEO) of Frisco-based Texas First Financial LLC was arrested December 20 for allegedly orchestrating a Ponzi scheme that defrauded investors out of $6 million from the sale of notes, stock certificates, and investment contracts in Dallas-based StaMedia Group from 2014 to 2016 and Frisco-based TenList Inc. The executive and his sales associates allegedly raised money from StaMedia investors without disclosing that the business had negligible revenue and net income since its establishment in 2013, and reportedly concealed ongoing Federal investigations into his sale of investments. Source: http://patch.com/us/across-america/man-billing-himself-financial-guru-investment-seminars-arrested-alleged-ponzi
Information Technology Sector
22. December 21, SecurityWeek – (International) Rakos malware takes over embedded Linux devices. ESET security researchers warned that a newly observed piece of malware, dubbed Rakos is targeting embedded Linux devices via brute force Secure Shell (SSH) login attempts in order to infect the vulnerable devices and servers with an open SSH port, and use them to create a large botnet and further spread the malware. The researchers also found that Rakos is able to update its configuration file from a specific command and control (C&C) location, and provides the attacker with complete control over an impacted device as it sends information including the device’s Internet Protocol (IP) address, username, and password.
23. December 21, SecurityWeek – (International) Vulnerabilities found in Siemens Desigo PX, SIMATIC products. Siemens released patches and workarounds to address several flaws in all versions of its SIMATIC S7-300 and S7-400 programmable logic controllers (PLCs) after researchers from Beijing Acorn Network Technology found the security holes can be exploited to obtain credentials from a PLC configuration with protection level 2, and cause a denial-of-service condition by sending maliciously crafted packets to transmission control protocol (TCP) port 80. Siemens also described a cryptographic issue in its Desigo PX product which could allow a remote attacker to reconstruct the corresponding private key. Source: http://www.securityweek.com/vulnerabilities-found-siemens-desigo-px-simatic-products
24. December 21, SecurityWeek – (International) Spam “hailstorms” deliver variety of threats. Researchers from Cisco Talos warned that a new type of spam campaign, dubbed hailstorm spam sends over 75,000 Domain Name System (DNS) queries per hour and relies on the use of a large number of Internet Protocol (IP) addresses from around the world to send the queries. Cisco determined that servers in the U.S. are targeted the most by hailstorm spam campaigns compared to other countries. Source: http://www.securityweek.com/spam-hailstorms-deliver-variety-threats
Nothing to report