Complete DHS Report for October 20, 2016
Daily Report
Top Stories
A Magellan Midstream Partners pipeline ruptured and released
294,000 gallons of liquid anhydrous ammonia near Tekamah, Nebraska, October 17,
prompting officials to evacuate 23 homes within a 2-mile radius of the
pipeline. – Lincoln Star Journal
1. October 19, Lincoln
Journal Star – (Nebraska) Anhydrous pipeline officials to meet with
townspeople. A man was killed October 17 after an 8-inch Magellan Midstream
Partners pipeline ruptured and released 294,000 gallons of liquid anhydrous
ammonia near Tekamah, Nebraska, prompting officials to evacuate 23 homes within
a 2-mile radius of the pipeline and close Interstate 75 for several hours
October 17 – October 18. Crews shut off the pipeline valves and the cause of
the release remains under investigation. Source: http://journalstar.com/news/state-and-regional/nebraska/man-killed-by-anhydrous-ammonia-pipeline-operator-says/article_1e12fd59-cc01-55a0-9fb7-8c30de310186.html
• Fiat Chrysler Automobiles issued a recall October 19 for 182,743
of its model years 2016 – 2017 Jeep Wrangler vehicles due to a wiring flaw
associated with the vehicles front impact sensor, which could prevent the car’s
airbags from deploying. – TheCarConnection.com
3. October 19,
TheCarConnection.com – (International) 2016-2017 Jeep Wrangler recalled
to fix airbag glitch on nearly 225,000 vehicles. Fiat Chrysler Automobiles
issued a recall October 19 for 182,743 of its model years 2016 – 2017 Jeep
Wrangler vehicles sold in the U.S. due to a wiring flaw associated with the
vehicles front impact sensor, which could prevent the car’s airbags from
deploying and the seatbelt pretensioners from activating in the event of a
collision, thereby increasing the risk of injury during a crash. The recall
affects an additional 18,011 vehicles in Canada, 3,087 in Mexico, and 20,948
elsewhere. Source: http://www.thecarconnection.com/news/1106767_2016-2017-jeep-wrangler-recalled-to-fix-airbag-glitch-on-nearly-225000-vehicles
• The owner of SUPES Academy and Synesi Associates pleaded guilty
October 18 after he offered bribes and kickbacks to the former head of Chicago
Public Schools in exchange for her funneling $23 million in contracts to his
companies. – Associated Press
22. October 18,
Associated Press – (Illinois) Man pleads guilty to fraud in Chicago
schools bribery case. SUPES Academy and Synesi Associates and its owner
pleaded guilty October 18 after he offered bribes and kickbacks to the former
Chicago Public Schools chief executive officer (CEO) in exchange for her
funneling $23 million in contracts to his companies. Officials stated the
former CEO of the school district pleaded guilty in 2015 for her role in the
scheme. Source: http://www.foxnews.com/us/2016/10/18/man-pleads-guilty-to-fraud-in-chicago-schools-bribery-case.html
• Oracle Corporation released its October 2016 Critical Patch
Update to resolve a total of 253 security flaws in several of its products,
including14 flaws in the Oracle E-Business Suite that can be remotely exploited
without authentication. – SecurityWeek See item 26
below in the Information Technology
Sector
Financial Services Sector
7. October 18, U.S.
Securities and Exchange Commission – (International) Ernst & Young
to pay $11.8 million for audit failures. The U.S. Securities and Exchange
Commission (SEC) announced October 18 that Ernst & Young LLP agreed to pay
over $11.8 million to resolve charges related to the repeated failure of its
audit team to uncover fraud by its client, oil services provider Weatherford
International, thereby allowing the client to inflate its earnings through
deceptive income tax accounting for more than 4 years. As part of the
settlement, investors affected by the accounting fraud will be reimbursed a
total of over $152 million, and 2 individuals from Ernst & Young’s audit
team agreed to a suspension from appearing or practicing before the SEC as
accountants.
8. October 18, U.S.
Department of Justice – (Kentucky; West Virginia) West Virginia business
owners plead guilty to failing to pay employment taxes. Two owners of
Bluegrass Aggregates in Wayne, West Virginia, pleaded guilty October 18 to
withholding more than $850,000 from their employees’ paychecks from July 2007 –
2010, as well as neglecting to pay over $490,000 in employment taxes for a
previous business, causing the U.S. Internal Revenue Service a total of $1.4
million in losses. The charges allege that the duo used the proceeds for
personal expenses.
9. October 18, U.S.
Attorney’s Office, Northern District of Florida – (International) Construction
company partner pleads guilty to evading taxes on more than $1 million. A
former partner at American Construction Logistics and Services LLC (ACLS)
operating in Afghanistan pleaded guilty October 14 after he failed to file tax
returns for tax years 2009 – 2011 on income consisting of over $1 million in
wages, ACLS funds used for personal expenses, and cash wired from ACLS
employees to his wife, and failed to pay the U.S. Internal Revenue Service more
than $200,000 in taxes from the unreported income. The charges allege that from
2010 – 2011, the defendant diverted over $350,000 from the ACLS corporate
account to his personal bank accounts to cover personal expenses.
For another story, see item 26
below in the Information
Technology Sector
Information Technology Sector
26. October 19,
SecurityWeek – (International) Oracle Critical Patch Update for October
2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical
Patch Update (CPU) for October 2016 to resolve a total of 253 new security
flaws in several of its products, including 36 flaws in its Oracle
Communications Applications, 14 flaws in the Oracle E-Business Suite that can
be remotely exploited without authentication, 24 flaws in its Financial
Services Applications, and issues affecting its Retail Applications, among
other vulnerabilities that could allow an attacker to hijack the vulnerable
application stack and potentially expose confidential application data.
Source: http://www.securityweek.com/oracle-critical-patch-update-october-2016-fixes-253-vulnerabilities
27. October
18, Softpedia – (International) VeraCrypt security audit concludes
despite rocky start. The VeraCrypt project released version 1.19 of its
encryption software after a recent security audit performed by QuarksLab
revealed 26 security flaws plaguing the open-source software, including the
ability to encrypt user data via the insecure GOST 2814-89 algorithm, and a
flaw in the boot password mechanism that allowed attackers to determine
password length. Version 1.19 also replaced the insecure XZip and XUnzip
libraries with the modern libzip library, and updated the VeraCrypt bootloader
component in order to secure its code against outside exploitation and data
exfiltration. Source: http://news.softpedia.com/news/veracrypt-security-audit-concludes-despite-rocky-start-509414.shtml
Communications Sector
28. October 18, KECI 13
Missoula; KCFW 9 Kalispell; KTVM 6 Butte – (Montana) Charter restores
internet service in Missoula area. Charter Communications crews restored
Internet service to the Missoula, Montana area following a widespread outage
that lasted for nearly 18 hours October 18. Source: http://www.nbcmontana.com/news/keci/charter-restores-internet-service-in-missoula-area/124688541
For another story, see item 26
above in the Information
Technology Sector