Wednesday, November 2, 2016



Complete DHS Report for November 2, 2016

Daily Report                                            

Top Stories

• Six individuals were charged October 31 for their roles in a more than $100 million money laundering scheme that operated in the U.S. and Mexico from approximately June 2011 – May 2016. – U.S. Attorney’s Office, Southern District of New York See item 9 below in the Financial Services Sector

• City leaders in Sacramento, California, announced October 29 that the Sacramento River Water Treatment Plant is running at full capacity following a 3-year, $165 million rehabilitation project. – KCRA 3 Sacramento

14. October 30, KCRA 3 Sacramento – (California) Sacramento River Water Treatment Plant back at full capacity. City leaders in Sacramento, California, announced October 29 that the Sacramento River Water Treatment Plant is running at full capacity following a 3-year, $165 million rehabilitation project that replaced the plant’s old machinery, enabling it to treat up to 160 million gallons of water per day. Source: http://www.kcra.com/article/sacramento-river-water-treatment-plant-back-at-full-capacity/8009480

• Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox, and warned that the flaw is being exploited in the wild. – Help Net Security See item 17 below in the Information Technology Sector

• Over 1,500 Ford Motor Company employees were evacuated and sent home from the Ford World Headquarters in Dearborn, Michigan, October 31 after a fire at an electrical substation in the building’s basement that prompted officials to shut off power to the building. – CNBC

20. October 31, CNBC – (Michigan) Fire at Ford World Headquarters forces evacuation. Over 1,500 Ford Motor Company employees were evacuated and sent home from the Ford World Headquarters in Dearborn, Michigan, October 31 after a fire at an electrical substation in the building’s basement that prompted officials to shut off power to the building. No injuries were reported and the cause of the fire remains under investigation. Source: http://www.cnbc.com/2016/10/31/fire-at-ford-world-headquarters-forces-evacuation.html
  
Financial Services Sector

7. October 31, U.S. Securities and Exchange Commission – (Minnesota; North Dakota) Company co-founder charged in manipulation scheme. The U.S. Securities and Exchange Commission charged October 31 the co-founder of Minnesota-based Dakota Plains Holdings Inc. for orchestrating a scheme where he and co-conspirators allegedly siphoned $32 million from the company by concealing his control of the company, manipulating the company’s stock prices, and issuing millions of shares to himself, family, and friends. Dakota Plains’ co-founder agreed to pay almost $8 million to resolve allegations that he acquired illicit payments and evaded public disclosure requirements by disseminating his company’s stock holdings across 10 accounts in various names to hide his ownership of over 20 percent of the firm’s shares and his accumulation of millions of dollars in bonus payments. Source: https://www.sec.gov/news/pressrelease/2016-231.html

8. October 31, U.S. Securities and Exchange Commission – (California) Audit partner charged in failed audits of venture capital fund. The U.S. Securities and Exchange Commission announced October 31 proceedings against a PricewaterhouseCoopers LLP audit partner after the partner allegedly failed to scrutinize millions of dollars taken from Burrill Life Sciences Capital Fund III, LP during independent audits, failed to establish whether the fund’s adviser had appropriate authorization and reasoning for taking the money, and neglected to confirm that the transactions were accurately disclosed in the fund’s financial statements. The money taken from the venture capital fund was allegedly used by the owner and principal of the investment adviser to cover personal and business expenses. Source: https://www.sec.gov/news/pressrelease/2016-230.html

9. October 31, U.S. Attorney’s Office, Southern District of New York – (International) Manhattan U.S. Attorney announces charges against six individuals for their role in international money laundering scheme involving over $100 million. Six individuals were charged October 31 for their roles in a more than $100 million money laundering scheme where the group allegedly caused front companies in Mexico to export outdated cell phones to other shell companies in the U.S., and created export documents that falsely inflated the value of the exported phones in order to deceitfully obtain value added tax (VAT) refunds from the Mexican government from about June 2011 – May 2016. The charges allege that each mobile phone transfer was accompanied by a transfer of funds to and from accounts in the names of the relevant front companies owned and controlled by the group in order to make the cell phone sales appear legitimate. Source: https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-six-individuals-their-role

Information Technology Sector

17. November 1, Help Net Security – (International) Google warns of actively exploited Windows zero-day. Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox. Google researchers warned that the flaw is being actively exploited in the wild. Source: https://www.helpnetsecurity.com/2016/11/01/google-warns-actively-exploited-windows-zero-day/

18. October 31, SecurityWeek – (International) Nymaim starts using PowerShell to download payload. Verint security researchers discovered the Nymaim malware dropper received updates and is now delivered via spear-phishing emails carrying Macro-enabled Microsoft Word documents, uses PowerShell to download a first-stage payload, includes more effective obfuscation methods, and abuses MaxMind to avoid detection by security software. If the MaxMind query response includes a string of interest, such as the names of security vendors, the first stage Nymaim payload is not downloaded. Source: http://www.securityweek.com/nymaim-starts-using-powershell-download-payload

19. October 31, IDG News Service – (International) Joomla websites attacked en masse using recently patched exploits. Sucuri security researchers discovered that malicious actors were exploiting two critical vulnerabilities patched in Joomla 3.6.4 to create accounts with elevated privileges on Websites built with the Joomla content management system, even in cases where registration is disabled. Sucuri researchers reported that nearly every Joomla Website on its network was impacted and between October 26 and October 28, there were roughly 28,000 attacks. Source: http://www.computerworld.com/article/3136932/security/joomla-websites-attacked-en-masse-using-recently-patched-exploits.html#tk.rss_security

Communications Sector

Nothing to report