Thursday, October 20, 2016



Complete DHS Report for October 20, 2016

Daily Report                                            

Top Stories

A Magellan Midstream Partners pipeline ruptured and released 294,000 gallons of liquid anhydrous ammonia near Tekamah, Nebraska, October 17, prompting officials to evacuate 23 homes within a 2-mile radius of the pipeline. – Lincoln Star Journal

1. October 19, Lincoln Journal Star – (Nebraska) Anhydrous pipeline officials to meet with townspeople. A man was killed October 17 after an 8-inch Magellan Midstream Partners pipeline ruptured and released 294,000 gallons of liquid anhydrous ammonia near Tekamah, Nebraska, prompting officials to evacuate 23 homes within a 2-mile radius of the pipeline and close Interstate 75 for several hours October 17 – October 18. Crews shut off the pipeline valves and the cause of the release remains under investigation. Source: http://journalstar.com/news/state-and-regional/nebraska/man-killed-by-anhydrous-ammonia-pipeline-operator-says/article_1e12fd59-cc01-55a0-9fb7-8c30de310186.html

• Fiat Chrysler Automobiles issued a recall October 19 for 182,743 of its model years 2016 – 2017 Jeep Wrangler vehicles due to a wiring flaw associated with the vehicles front impact sensor, which could prevent the car’s airbags from deploying. – TheCarConnection.com

3. October 19, TheCarConnection.com – (International) 2016-2017 Jeep Wrangler recalled to fix airbag glitch on nearly 225,000 vehicles. Fiat Chrysler Automobiles issued a recall October 19 for 182,743 of its model years 2016 – 2017 Jeep Wrangler vehicles sold in the U.S. due to a wiring flaw associated with the vehicles front impact sensor, which could prevent the car’s airbags from deploying and the seatbelt pretensioners from activating in the event of a collision, thereby increasing the risk of injury during a crash. The recall affects an additional 18,011 vehicles in Canada, 3,087 in Mexico, and 20,948 elsewhere. Source: http://www.thecarconnection.com/news/1106767_2016-2017-jeep-wrangler-recalled-to-fix-airbag-glitch-on-nearly-225000-vehicles

• The owner of SUPES Academy and Synesi Associates pleaded guilty October 18 after he offered bribes and kickbacks to the former head of Chicago Public Schools in exchange for her funneling $23 million in contracts to his companies. – Associated Press

22. October 18, Associated Press – (Illinois) Man pleads guilty to fraud in Chicago schools bribery case. SUPES Academy and Synesi Associates and its owner pleaded guilty October 18 after he offered bribes and kickbacks to the former Chicago Public Schools chief executive officer (CEO) in exchange for her funneling $23 million in contracts to his companies. Officials stated the former CEO of the school district pleaded guilty in 2015 for her role in the scheme. Source: http://www.foxnews.com/us/2016/10/18/man-pleads-guilty-to-fraud-in-chicago-schools-bribery-case.html

• Oracle Corporation released its October 2016 Critical Patch Update to resolve a total of 253 security flaws in several of its products, including14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication. – SecurityWeek See item 26 below in the Information Technology Sector

Financial Services Sector

7. October 18, U.S. Securities and Exchange Commission – (International) Ernst & Young to pay $11.8 million for audit failures. The U.S. Securities and Exchange Commission (SEC) announced October 18 that Ernst & Young LLP agreed to pay over $11.8 million to resolve charges related to the repeated failure of its audit team to uncover fraud by its client, oil services provider Weatherford International, thereby allowing the client to inflate its earnings through deceptive income tax accounting for more than 4 years. As part of the settlement, investors affected by the accounting fraud will be reimbursed a total of over $152 million, and 2 individuals from Ernst & Young’s audit team agreed to a suspension from appearing or practicing before the SEC as accountants.

8. October 18, U.S. Department of Justice – (Kentucky; West Virginia) West Virginia business owners plead guilty to failing to pay employment taxes. Two owners of Bluegrass Aggregates in Wayne, West Virginia, pleaded guilty October 18 to withholding more than $850,000 from their employees’ paychecks from July 2007 – 2010, as well as neglecting to pay over $490,000 in employment taxes for a previous business, causing the U.S. Internal Revenue Service a total of $1.4 million in losses. The charges allege that the duo used the proceeds for personal expenses.

9. October 18, U.S. Attorney’s Office, Northern District of Florida – (International) Construction company partner pleads guilty to evading taxes on more than $1 million. A former partner at American Construction Logistics and Services LLC (ACLS) operating in Afghanistan pleaded guilty October 14 after he failed to file tax returns for tax years 2009 – 2011 on income consisting of over $1 million in wages, ACLS funds used for personal expenses, and cash wired from ACLS employees to his wife, and failed to pay the U.S. Internal Revenue Service more than $200,000 in taxes from the unreported income. The charges allege that from 2010 – 2011, the defendant diverted over $350,000 from the ACLS corporate account to his personal bank accounts to cover personal expenses.

For another story, see item 26 below in the Information Technology Sector

Information Technology Sector

26. October 19, SecurityWeek – (International) Oracle Critical Patch Update for October 2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical Patch Update (CPU) for October 2016 to resolve a total of 253 new security flaws in several of its products, including 36 flaws in its Oracle Communications Applications, 14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication, 24 flaws in its Financial Services Applications, and issues affecting its Retail Applications, among other vulnerabilities that could allow an attacker to hijack the vulnerable application stack and potentially expose confidential application data.

27. October 18, Softpedia – (International) VeraCrypt security audit concludes despite rocky start. The VeraCrypt project released version 1.19 of its encryption software after a recent security audit performed by QuarksLab revealed 26 security flaws plaguing the open-source software, including the ability to encrypt user data via the insecure GOST 2814-89 algorithm, and a flaw in the boot password mechanism that allowed attackers to determine password length. Version 1.19 also replaced the insecure XZip and XUnzip libraries with the modern libzip library, and updated the VeraCrypt bootloader component in order to secure its code against outside exploitation and data exfiltration. Source: http://news.softpedia.com/news/veracrypt-security-audit-concludes-despite-rocky-start-509414.shtml

Communications Sector

28. October 18, KECI 13 Missoula; KCFW 9 Kalispell; KTVM 6 Butte – (Montana) Charter restores internet service in Missoula area. Charter Communications crews restored Internet service to the Missoula, Montana area following a widespread outage that lasted for nearly 18 hours October 18. Source: http://www.nbcmontana.com/news/keci/charter-restores-internet-service-in-missoula-area/124688541

For another story, see item 26 above in the Information Technology Sector