Wednesday, October 26, 2016



Complete DHS Report for October 26, 2016

Daily Report                                            

Top Stories

• Officials announced October 24 that Embraer S.A. agreed to pay over $205 million to resolve alleged violations of the Foreign Corrupt Practices Act after its U.S.-based subsidiary paid bribes to foreign government representatives in order to win contracts in those countries. – U.S. Securities and Exchange Commission See item 2 below in the Financial Services Sector
• The president of TelexFree, Inc., pleaded guilty October 24 to operating a pyramid scheme that bilked over $3 billion from roughly 965,000 investors in 240 countries from February 2012 – April 2014. – U.S. Attorney’s Office, District of Massachusetts See item 3 below in the Financial Services Sector

• Fresno, California city officials awarded an $18.2 million contract to Floyd Johnston Construction Company Inc. the week of October 17 to build the A-2 segment, a 4-mile section of water mains that will connect the city’s water system to the Southeast Surface Water Treatment Plant. – Fresno Bee

8. October 24, Fresno Bee – (California) Fresno starts work on pipes to connect new southeast water plant. City officials in Fresno, California, awarded an $18.2 million contract to Floyd Johnston Construction Company Inc. the week of October 17 to build the A-2 segment, a 4-mile section of water mains that will connect the city’s water system to the Southeast Surface Water Treatment Plant being built in southeast Fresno as part of the city’s $429 million Recharge Fresno plan. Officials state that construction of the A-2 regional transmission pipeline segment may begin by the end of 2016, and is expected to be completed in early 2018. Source: http://www.fresnobee.com/news/local/article110235877.html

• Around 50 people were evacuated from a Bellevue, Washington condo complex October 24 due to a fire that prompted the response of over 24 firefighters. –

15. October 24, KOMO 4 Seattle – (Washington) 4 injured as fire guts condo complex near downtown Bellevue. Around 50 people were evacuated from a Bellevue, Washington condominium complex October 24 following a 2-alarm fire that prompted the response of more than 2 dozen firefighters. Four people were injured and the cause of the fire remains under investigation. Source: http://komonews.com/news/local/firefighters-battling-2-alarm-fire-in-downtown-bellevue

Financial Services Sector

2. October 24, U.S. Securities and Exchange Commission – (International) Embraer paying $205 million to settle FCPA charges. The U.S. Securities and Exchange Commission, in collaboration with the U.S. Department of Justice and Brazilian authorities announced October 24 that Embraer S.A. agreed to pay over $205 million to resolve alleged violations of the Foreign Corrupt Practices Act after the company made more than $83 million in profits as a result of bribe payments its U.S.-based subsidiary paid through third-party agents to foreign government representatives in the Dominican Republic, Saudi Arabia, and Mozambique in order to win contracts in those countries. Officials stated Embraer allegedly created false records and books, and participated in an accounting scheme in India to conceal the illicit payments. Source: https://www.sec.gov/news/pressrelease/2016-224.html

3. October 24, U.S. Attorney’s Office, District of Massachusetts – (International) President of Telexfree pleads guilty to billion dollar pyramid scheme. The president of TelexFree, Inc., pleaded guilty October 24 to operating a pyramid scheme that bilked over $3 billion from roughly 965,000 investors in more than 240 countries between February 2012 and April 2014 by recruiting participants to make continuous payments to TelexFree to be promoters for the company and sell Voice-over-Internet Protocol (VoIP) telephone services, and giving participants substantial monetary incentives for recruiting others to join the scheme. The charges state that the participants met their sales requirements by buying the products themselves, thereby creating the illusion that TelexFree had thousands of legitimate VoIP customers, while the company only derived two percent of its total revenue from VoIP service sales. Source: https://www.justice.gov/usao-ma/pr/president-telexfree-pleads-guilty-billion-dollar-pyramid-scheme

Information Technology Sector

11. October 25, SecurityWeek – (International) Android root exploits abuse Dirty COW vulnerability. Security researchers found that the Dirty COW Linux kernel vulnerability disclosed the week of October 17 can be exploited by a local attacker to escalate privileges to root on Android devices running a Linux kernel higher than 2.6.22 and to compromise an entire system by altering the copy-on-write cache provided by the kernel to change what the system and apps see when reading the affected files. NowSecure researchers stated in order to exploit the vulnerability, an attacker must run code on the device via the Android Debug Bridge (ADB) over universal serial bus (USB) or by installing an app that leverages the exploit. Source: http://www.securityweek.com/android-root-exploits-abuse-dirty-cow-vulnerability

12. October 25, SecurityWeek – (International) Researchers leverage voicemail flaw to compromise messaging apps. InTheCyber security researchers discovered a voicemail caller-ID spoofing flaw could be leveraged to steal activation codes sent by messaging applications such as Telegram, WhatsApp, and Signal and compromise accounts after finding that an automated call leaves the account activation code in a user’s voicemail if the code sent via text message is not promptly inputted into the app. Once the activation code has reached a victim’s voicemail, the attacker can spoof their caller ID to impersonate the victim in order to access the targeted voicemail and activation code. Source: http://www.securityweek.com/researchers-leverage-voicemail-flaw-compromise-messaging-apps

13. October 24, SecurityWeek – (International) Russian man accused of hacking LinkedIn, Dropbox. A Russian national was arrested in the Czech Republic October 5 and indicted on Federal charges in the U.S. October 21 for his alleged role in the 2012 LinkedIn, Formspring, and Dropbox breaches. Officials reported that the Dropbox hack has affected more than 68 million accounts and all 3 hacks were carried out after attackers stole employee credentials. Source: http://www.securityweek.com/russian-man-accused-hacking-linkedin-dropbox

Communications Sector

See item 3 above in Top Stories and 12 above in the Information Technology Sector