Friday, October 07, 2016



Complete DHS Report for October 07, 2016

Daily Report                                            

Top Stories

• Credit Suisse AG agreed to pay $90 million October 5 to resolve charges that it misrepresented how it determined net new assets in order to meet specific targets created by the firm’s senior executives. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• More than 1,400 flights in the U.S. traveling to and from Florida and Georgia were canceled October 6 in anticipation of Hurricane Matthew. – WLS 7 Chicago; Associated Press

6. October 6, WLS 7 Chicago; Associated Press – (National) Hurricane Matthew path, updated to category 4 by NOAA, approaches Florida. More than 1,400 flights in the U.S. traveling to and from Florida and Georgia were canceled October 6 in anticipation of Hurricane Matthew. Officials closed the Fort Lauderdale-Hollywood International Airport to all flights and shut down Walt Disney World theme parks in Florida through at least October 7. Source: http://abc7chicago.com/weather/hundreds-of-flights-canceled-as-hurricane-matthew-approaches-florida/1541841/

• The former manager of a Long Beach Shavings Company (LBS) plant in Hoquiam, Washington, was convicted October 5 for stealing more than $1.3 million from the business. – U.S. Attorney’s Office, Western District of Washington

12. October 5, U.S. Attorney’s Office, Western District of Washington – (Washington; Oregon) Long time manager of Hoquiam wood shavings business convicted of mail fraud, tax evasion, money laundering and interstate transportation of stolen property. The former manager of a Long Beach Shavings Company (LBS) plant in Hoquiam, Washington, was convicted October 5 for stealing more than $1.3 million from the business after he sold wood shavings directly to customers in Washington and Oregon without reimbursing the company, and created M & R Lumber, a fictitious entity that LBS paid in order to get free wood chips from a Montesano, Washington lumber mill. The charges state the former manager generated fraudulent invoices to bill LBS for the shavings and kept the profits for personal use. Source: https://www.justice.gov/usao-wdwa/pr/long-time-manager-hoquiam-wood-shavings-business-convicted-mail-fraud-tax-evasion-money

• Authorities are investigating after approximately 1 million gallons of raw sewage spilled from a ruptured pipe in Palm Harbor, Florida, October 4. – WFLA 8 Tampa

13. October 5, WFLA 8 Tampa – (Florida) 1 million gallons of raw sewage leaked from ruptured Palm Harbor pipe. Authorities are investigating after approximately 1 million gallons of raw sewage spilled from a ruptured pipe in Palm Harbor, Florida, October 4. Pinellas County Utilities crews stopped the leak and officials advised residents to avoid the affected areas and to limit water usage until the pipe is repaired.
Source: http://wfla.com/2016/10/05/1-million-gallons-of-raw-sewage-leaked-from-ruptured-palm-harbor-pipe/

Financial Services Sector

3. October 6, WHSV 3 Harrisonburg – (Virginia) ATM data-skimmers target the valley. Virginia authorities are searching October 6 for a group of Romanian nationals suspected of installing four skimming devices on ATMs at banks in Virginia’s Shenandoah Valley since March 2016, including the DuPont Community Credit Union in Staunton October 2.

4. October 5, U.S. Securities and Exchange Commission – (International) Credit Suisse paying $90 million penalty for misrepresenting performance metric. The U.S. Securities and Exchange Commission announced October 5 that Credit Suisse AG agreed to pay $90 million to resolve charges that it misrepresented how it determined its net new assets (NNA) by applying an undisclosed results-driven approach to determining NNA in order to meet specific targets created by the company’s senior executives. As part of the settlement, a former executive agreed to settle charges that he was a cause of the violations. Source: https://www.sec.gov/news/pressrelease/2016-210.html

5. October 5, U.S. Department of Justice – (Illinois; Kansas; Missouri) Owner of tax preparation franchises in Illinois, Kansas and Missouri convicted of tax evasion. The owner and operator of at least 20 Instant Tax Service (ITS) franchise locations in Illinois, Kansas, and Missouri was convicted October 5 after he filed fraudulent Federal tax returns that underreported over $1.5 million in income and submitted falsified financial summaries to his tax return preparer from 2010 – 2011 that undervalued the gross receipts generated by his franchises, A&S Tax Service LLC and ERI Enterprises LLC, which his tax preparer used to generate his individual Federal income tax returns. The charges also state that the franchise owner and A&S have been permanently enjoined from operating a tax preparation business and preparing Federal tax returns since 2013. Source: https://www.justice.gov/opa/pr/owner-tax-preparation-franchises-illinois-kansas-and-missouri-convicted-tax-evasion

For another story, see item 21 below in the Information Technology Sector

Information Technology Sector

20. October 6, SecurityWeek – (International) Mac malware can abuse legitimate apps to spy on users. A security researcher from Synack discovered that Apple Mac operating system (OS) X malware can monitor an infected system for legitimate user-initiated video sessions on applications such as FaceTime, Skype, and Google Hangouts, and piggyback on those legitimate sessions to record video and spy on users without their knowledge or authorization.

21. October 5, Softpedia – (International) New backdoor trojan spreads through RDP brute-force attacks. GuardiCore security researchers discovered a new malware family, dubbed Trojan.sysscan was being leveraged as a backdoor trojan to collect data and credentials used for accounts on banking, gambling, and tax Websites from compromised systems and transfer the information to an attacker’s remote server by carrying out brute-force attacks on open Remote Desktop Protocol (RDP) ports. GuardiCore reported the trojan is coded in the Delphi programming language and is equipped with support for dumping passwords from locally installed applications including databases, point of sale (PoS) software, and Web browsers. Source: http://news.softpedia.com/news/new-backdoor-trojan-spreads-through-rdp-brute-force-attacks-508989.shtml

22. October 5, SecurityWeek – (International) iMessage URL preview exposes user data. A security researcher discovered that Apple’s iMessage service could leak user data including the message receivers Internet Protocol (IP) address, device type, and operating system (OS) version when the user receives a Uniform Resource Locator (URL) in a message due to a feature available in MacOS and iOS that enables the service to extract metadata from the URL and display it as an accessible link. The researcher stated the iMessage implementation sends requests from each of the devices the receiver has, which could allow an attacker sending the URL to determine the victim’s physical location based on the IP address. Source: http://www.securityweek.com/imessage-url-preview-exposes-user-data

Communications Sector

Nothing to report