Complete DHS Report for October 28, 2016
• Ford Motor Company issued a recall October 26 for 400,000 of its model years 2010 – 2012 vehicles in select makes due to a faulty fuel delivery module supply port that may crack over time and cause a fuel leak. – TheCarConnection.com
1. October 26, TheCarConnection.com – (National) Ford Escape, Mercury Mariner, Shelby GT350/R Mustang recalled for oil and fuel leaks. Ford Motor Company issued a recall October 26 for 400,000 of its model years 2010 – 2012 Ford Escape vehicles and its model years 2010 – 2011 Mercury Mariner vehicles equipped with 3.0-liter flex-fuel engines sold in the U.S. due to a faulty fuel delivery module supply port that may crack over time and cause a fuel leak, thereby increasing the risk of fire. Ford issued a second recall for 8,000 of its model years 2015 – 2017 Ford Shelby GT350/R Mustang vehicles sold in the U.S. due to a potential engine issue. Source: http://www.thecarconnection.com/news/1106906_ford-escape-mercury-mariner-shelby-gt350-r-mustang-recalled-for-oil-and-fuel-leaks
• The former chief executive officer of Axium International, Inc. was convicted October 25 after he and a co-conspirator diverted about $5.1 million from Axium between 2005 and 2007. – U.S. Attorney’s Office, Central District of California See item 3 below in the Financial Services Sector
• A Manhattan tax attorney and a co-conspirator were charged October 26 for allegedly diverting more than $3 million in fee income from transactions the attorney performed from 2005 – 2011, and failing to report over $1.2 million in fee income to the U.S. Internal Revenue Service. – U.S. Attorney’s Office, Southern District of New York See item 4 below in the Financial Services Sector
• A 6-alarm fire at an apartment building on the Upper East Side of New York City killed 1 person, injured 12 others, and displaced 18 families October 27. – WCBS 2 New York
17. October 27, WCBS 2 New York – (New York) Firefighter performs ‘heroic’ rope rescue in deadly Upper East Side fire. A 6-alarm fire at an apartment building on the Upper East Side of New York City killed 1 person, injured 12 others, and displaced 18 families October 27. Officials temporarily shut down surrounding roads and the cause of the fire remains under investigation.
Financial Services Sector
2. October 26, Associated Press – (Montana) Montana credit union tells customers about possible security breach. Rocky Mountain Credit Union in southwestern Montana notified 135 of its members October 26 that some of their personal information, including Social Security numbers, bank account numbers, and driver's license numbers may have been publicly accessible via its Website from April 15 – June 30 after the credit union detected a security issue with the Website customers used to upload documents as part of their mortgage application. Officials did not believe the documents were accessed by an unauthorized individual and the credit union repaired the security flaw. Source: http://billingsgazette.com/news/state-and-regional/montana/montana-credit-union-tells-customers-about-possible-security-breach/article_39eea0fd-2a96-5380-b638-c78e2e3ca1cf.html
3. October 26, U.S. Attorney’s Office, Central District of California – (California) Former CEO of Hollywood payroll company convicted for tax fraud conspiracy. The former chief executive officer (CEO) of Axium International, Inc. was convicted October 25 after he and a co-conspirator diverted about $5.1 million from Axium between 2005 and 2007 through various schemes, including a scheme where the CEO diverted tax refund checks payable to Axium and its subsidiaries into shadow bank accounts he and his co-conspirator controlled. The charges state the duo diverted the funds after discovering the company’s Federal tax delinquencies exceeded $100 million and its lender foreclosed on its bank accounts. Source: https://www.justice.gov/usao-cdca/pr/former-ceo-hollywood-payroll-company-convicted-tax-fraud-conspiracy
4. October 26, U.S. Attorney’s Office, Southern District of New York – (New York) Tax attorney and CPA indicted for tax evasion and diversion of tax shelter fees from major Manhattan law firm. A Manhattan tax attorney and a Florida certified public account (CPA) were charged October 26 for allegedly diverting more than $3 million in fee income from tax shelter and related transactions the attorney performed while serving as a partner for the Manhattan law firm from 2005 – 2011, and failing to report over $1.2 million in fee income to the U.S. Internal Revenue Service. The charges allege that as part of the scheme, the tax attorney caused roughly $500,000 in tax shelter fees paid by a client to be routed to a partnership entity he and the CPA co-owned, and used those fees for personal expenses. Source: https://www.justice.gov/usao-sdny/pr/tax-attorney-and-cpa-indicted-tax-evasion-and-diversion-tax-shelter-fees-major
Information Technology Sector
14. October 27, SecurityWeek – (International) Cisco patches 9 flaws in Email Security Appliance. Cisco Systems, Inc. released software updates for its Email Security Appliances (ESA) to resolve a total of nine vulnerabilities, including three denial-of-service (DoS) flaws in the AsyncOS software for Cisco ESA which could allow an unauthenticated remote attacker to cause a DoS condition using maliciously crafted emails and attachments. Cisco also patched vulnerabilities that could allow unauthenticated attackers to remotely trick a user into clicking a malicious link, initiate a DoS condition, and bypass various filters, among other flaws.
15. October 26, SecurityWeek – (International) VMware flaws allows security bypass on Mac OS X. VMware released VMware Tools version 10.1.0 after security researchers from Tencent’s KeenLab discovered that VMware Tools version 9.x and 10.x are plagued with a flaw that could allow a local user to obtain information that can be leveraged to bypass a security mechanism. VMware also released version 8.5 of its VMware Fusion products to resolve a flaw that could allow a privileged local user on a system with System Integrity Protection (SIP) enabled to obtain kernel memory addresses to bypass the kASLR protection mechanism.
16. October 26, SecurityWeek – (International) Adobe patches Flash vulnerability used in targeted attacks. Adobe released a Flash Player update after researchers from Google’s Threat Analysis Group found a critical use-after-free vulnerability that has been exploited in the wild for arbitrary code execution and targeted attacks against users running Microsoft Windows 7, 8.1, and 10. Adobe stated the security flaw affects Flash Player 184.108.40.206 and earlier and Linux versions 220.127.116.117 and earlier. Source: http://www.securityweek.com/adobe-patches-flash-vulnerability-used-targeted-attacks
Nothing to report