Complete DHS Report for November 2, 2016
Daily Report
Top Stories
• Six individuals were charged October 31 for their roles in a
more than $100 million money laundering scheme that operated in the U.S. and
Mexico from approximately June 2011 – May 2016. – U.S. Attorney’s Office,
Southern District of New York See item 9 below in the Financial Services Sector
• City leaders in Sacramento, California, announced October 29
that the Sacramento River Water Treatment Plant is running at full capacity
following a 3-year, $165 million rehabilitation project. – KCRA 3 Sacramento
14. October 30, KCRA 3
Sacramento – (California) Sacramento River Water Treatment Plant back at
full capacity. City leaders in Sacramento, California, announced October 29
that the Sacramento River Water Treatment Plant is running at full capacity
following a 3-year, $165 million rehabilitation project that replaced the
plant’s old machinery, enabling it to treat up to 160 million gallons of water
per day. Source: http://www.kcra.com/article/sacramento-river-water-treatment-plant-back-at-full-capacity/8009480
• Google disclosed a Microsoft Windows zero-day local privilege
escalation vulnerability in the Windows kernel that could allow attackers to
escape the sandbox, and warned that the flaw is being exploited in the wild. – Help
Net Security See item 17 below in the Information Technology Sector
• Over 1,500 Ford Motor Company employees were evacuated and sent
home from the Ford World Headquarters in Dearborn, Michigan, October 31 after a
fire at an electrical substation in the building’s basement that prompted
officials to shut off power to the building. – CNBC
20. October 31, CNBC –
(Michigan) Fire at Ford World Headquarters forces evacuation. Over 1,500
Ford Motor Company employees were evacuated and sent home from the Ford World
Headquarters in Dearborn, Michigan, October 31 after a fire at an electrical
substation in the building’s basement that prompted officials to shut off power
to the building. No injuries were reported and the cause of the fire remains
under investigation. Source: http://www.cnbc.com/2016/10/31/fire-at-ford-world-headquarters-forces-evacuation.html
Financial Services Sector
7. October 31, U.S.
Securities and Exchange Commission – (Minnesota; North Dakota) Company
co-founder charged in manipulation scheme. The U.S. Securities and Exchange
Commission charged October 31 the co-founder of Minnesota-based Dakota Plains
Holdings Inc. for orchestrating a scheme where he and co-conspirators allegedly
siphoned $32 million from the company by concealing his control of the company,
manipulating the company’s stock prices, and issuing millions of shares to
himself, family, and friends. Dakota Plains’ co-founder agreed to pay almost $8
million to resolve allegations that he acquired illicit payments and evaded
public disclosure requirements by disseminating his company’s stock holdings
across 10 accounts in various names to hide his ownership of over 20 percent of
the firm’s shares and his accumulation of millions of dollars in bonus
payments. Source: https://www.sec.gov/news/pressrelease/2016-231.html
8. October 31, U.S.
Securities and Exchange Commission – (California) Audit partner charged
in failed audits of venture capital fund. The U.S. Securities and Exchange
Commission announced October 31 proceedings against a PricewaterhouseCoopers
LLP audit partner after the partner allegedly failed to scrutinize millions of
dollars taken from Burrill Life Sciences Capital Fund III, LP during
independent audits, failed to establish whether the fund’s adviser had
appropriate authorization and reasoning for taking the money, and neglected to
confirm that the transactions were accurately disclosed in the fund’s financial
statements. The money taken from the venture capital fund was allegedly used by
the owner and principal of the investment adviser to cover personal and
business expenses. Source: https://www.sec.gov/news/pressrelease/2016-230.html
9. October 31, U.S.
Attorney’s Office, Southern District of New York – (International) Manhattan
U.S. Attorney announces charges against six individuals for their role in
international money laundering scheme involving over $100 million. Six
individuals were charged October 31 for their roles in a more than $100 million
money laundering scheme where the group allegedly caused front companies in
Mexico to export outdated cell phones to other shell companies in the U.S., and
created export documents that falsely inflated the value of the exported phones
in order to deceitfully obtain value added tax (VAT) refunds from the Mexican
government from about June 2011 – May 2016. The charges allege that each mobile
phone transfer was accompanied by a transfer of funds to and from accounts in
the names of the relevant front companies owned and controlled by the group in
order to make the cell phone sales appear legitimate. Source: https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-six-individuals-their-role
Information Technology Sector
17. November 1, Help Net
Security – (International) Google warns of actively exploited Windows
zero-day. Google disclosed a Microsoft Windows zero-day local privilege
escalation vulnerability in the Windows kernel that could allow attackers to escape
the sandbox. Google researchers warned that the flaw is being actively
exploited in the wild. Source: https://www.helpnetsecurity.com/2016/11/01/google-warns-actively-exploited-windows-zero-day/
18. October 31,
SecurityWeek – (International) Nymaim starts using PowerShell to
download payload. Verint security researchers discovered the Nymaim malware
dropper received updates and is now delivered via spear-phishing emails
carrying Macro-enabled Microsoft Word documents, uses PowerShell to download a
first-stage payload, includes more effective obfuscation methods, and abuses
MaxMind to avoid detection by security software. If the MaxMind query response
includes a string of interest, such as the names of security vendors, the first
stage Nymaim payload is not downloaded. Source: http://www.securityweek.com/nymaim-starts-using-powershell-download-payload
19. October 31, IDG News
Service – (International) Joomla websites attacked en masse using
recently patched exploits. Sucuri security researchers discovered that
malicious actors were exploiting two critical vulnerabilities patched in Joomla
3.6.4 to create accounts with elevated privileges on Websites built with the
Joomla content management system, even in cases where registration is disabled.
Sucuri researchers reported that nearly every Joomla Website on its network was
impacted and between October 26 and October 28, there were roughly 28,000
attacks. Source: http://www.computerworld.com/article/3136932/security/joomla-websites-attacked-en-masse-using-recently-patched-exploits.html#tk.rss_security
Communications Sector
Nothing to report