Complete DHS Report for June 6, 2016
Daily Report
Top Stories
• The U.S. Securities and Exchange Commission announced June 2
charges against a North Carolina-based investment advisor for allegedly
defrauding at least 85 investors out of approximately $11.5 million. – U.S.
Securities and Exchange Commission See item 3 below in
the Financial Services Sector
• The U.S. Securities and Exchange Commission announced June 2
charges against a New York City-based trader for allegedly defrauding over 30
investors out of $14 million since 2012. – U.S. Securities and Exchange
Commission See item 4 below in
the Financial Services Sector
• The U.S. Army announced that at least five soldiers were killed
and three soldiers were injured June 2, after their Light Medium Tactical
Vehicle got stuck and overturned in Owl Creek at Fort Hood in Texas during a
training exercise. – USA Today; KVUE 24 Austin
16. June 3,
USA Today; KVUE 24 Austin – (Texas) 5 Fort Hood soldiers dead, 4
missing after Army truck overturns in flooding. The U.S. Army announced
that at least five soldiers were killed, three soldiers were injured, and four
other soldiers remained unaccounted for June 2 after their Light Medium
Tactical Vehicle got stuck and overturned in Owl Creek at Fort Hood in Texas
during a training exercise. Source: http://www.usatoday.com/story/news/2016/06/02/3-fort-hood-soldiers-dead-6-missing-after-army-truck-overturns-flooding/85317150/
• Officials reported June 2 that two men pleaded guilty in New
Jersey for their involvement in a hacking and spamming scheme that generated
more than $2 million in illegal profits after the duo stole the personal
information of 60 million people. – Reuters See item 22 below in
the Information Technology Sector
Financial Services Sector
3. June 2,
U.S. Securities and Exchange Commission – (North Carolina) SEC: Adviser
steered investor money to his own companies. The U.S. Securities and
Exchange Commission announced June 2 charges against a North Carolina-based
investment advisor for allegedly defrauding at least 85 investors out of
approximately $11.5 million after he sold interests in two unregistered pooled
investment vehicles, DCG Commercial Fund I LLC and DCG Real Estate Assets LLC,
siphoned the investment funds into deals with companies he owned and operated,
and improperly received over $1.5 million from the investor funds’ bank
accounts in management fees. Officials stated that the adviser continued the
scheme by making false or misleading statements to investors regarding their
investments, and failed to inform investors of their losses as his companies
failed to pay the loans in full, among other illicit actions. Source: https://www.sec.gov/news/pressrelease/2016-104.html
4. June 2,
U.S. Securities and Exchange Commission – (New York) SEC: forex trader
misrepresented track record and hid massive losses. The U.S. Securities and
Exchange Commission announced June 2 charges against a New York City-based
trader for allegedly defrauding over 30 investors out of $14 million since 2012
by misrepresenting her investment track record, the profitability of her
investments, and her use of investor funds after she purported to have
profitable foreign currency (forex) trading strategies and sent investors
fraudulent account statements showing fictitious profits. New York officials
filed parallel criminal charges June 2 against the trader for the scheme which
caused over $16 million in losses. Source: https://www.sec.gov/news/pressrelease/2016-106.html
For additional stories, see
items 21 and 22 below in the Information Technology Sector
Information Technology Sector
19. June 3,
Softpedia – (International) One in ten NFS servers worldwide is
misconfigured, exposes sensitive files. Fortinet researchers found that
tens of thousands of inattentive system administrators are using older versions
of the Network File System (NFS) protocol, such as insecure NFSv3, which can
expose private or sensitive files to the Internet including server logs, server
backups, the source code of various Web sites, and server image files.
Researchers recommended companies to switch to NFSv4 protocol which has been
modified to use Kerberos to provide a basic level of authentication. Source: http://news.softpedia.com/news/one-in-ten-nfs-servers-worldwide-is-misconfigured-exposes-sensitive-files-504830.shtml
20. June 3,
Softpedia – (International) WordPress sites under attack from new
zero-day in WP mobile detector plugin. Security researchers from Plugin
Vulnerabilities discovered that hackers were exploiting an arbitrary file
upload vulnerability in WP Mobile Detector plugin, which handles image uploads,
to upload Hypertext Preprocessor (PHP)-based backdoors on WordPress Web sites
after finding that the plugin lacks basic input filtering, allowing attackers
to pass a malicious file to upload it to the plugin’s /cache directory. Source:
http://news.softpedia.com/news/wordpress-sites-under-attack-from-new-zero-day-in-wp-mobile-detector-plugin-504818.shtml
21. June 2,
Softpedia – (International) Researchers find 5,275 login credentials for
top 100 companies on the Dark Web. A U.K.-based security firm, Anomali
reported that over 5,000 login credentials including email addresses, cleartext
passwords, and usernames were posted online via the Dark Web, potentially
allowing hackers to use the stolen information to access various sections of an
Information Technology (IT) network owned by the top 100 international
companies. The firm stated that the credentials were primarily from the oil and
gas industry, pharmaceuticals, consumer goods, banking, telecommunications, and
military sectors. Source: http://news.softpedia.com/news/researchers-find-5-275-login-credentials-for-top-100-companies-on-the-dark-web-504798.shtml
22. June 2,
Reuters – (National) Two men plead guilty in U.S. to hacking, spamming
scheme. Officials reported June 2 that two men pleaded guilty in New Jersey
for their involvement in a hacking and spamming scheme that generated more than
$2 million in illegal profits after the duo and a co-conspirator targeted and
stole the personal information of 60 million people, hacked into corporate
email accounts, seized control of corporate mail servers, and created their own
software to exploit vulnerabilities in numerous corporate Web sites via
specially crafted code in computer programs, which hid the origin of the spam
and bypassed spam filters. Source: http://www.reuters.com/article/us-usa-cyber-pleas-idUSKCN0YO2TQ
Communications Sector
See items 21 and 22 above in the Information Technology Sector