Complete DHS Report for November 17, 2016
Daily Report
Top Stories
• Mazda Motor Corporation
issued a recall November 15 for 69,477 of its model years 2004 – 2008 Mazda
RX-8 vehicles sold in the U.S. due to a problem affecting the fuel pump’s
sealing rings. – TheCarConnection.com
2. November 15,
TheCarConnection.com – (National) 2004-2008 Mazda RX-8 recalled for fire
risk: nearly 70,000 U.S. vehicles affected. Mazda Motor Corporation issued
a recall November 15 for 69,477 of its model years 2004 – 2008 Mazda RX-8
vehicles sold in the U.S. due to an issue with the fuel pump’s sealing rings,
which can deteriorate over time when exposed to high temperatures and cause the
pumps to leak fuel, thereby creating a fire hazard. Mazda has confirmed seven
incidences of the sealing rings failing. Source: http://www.thecarconnection.com/news/1107294_2004-2008-mazda-rx-8-recalled-for-fire-risk-nearly-70000-u-s-vehicles-affected
• A disbarred Tulsa County, Oklahoma attorney pleaded guilty
November 15 after he embezzled $587,000 from probate estate accounts at the
Bank of Oklahoma from August 2012 – October 2015. – KOTV 6 Tulsa See item 3
below in the Financial Services Sector
• Three men were indicted November 15 for their alleged
involvement in a more than $5 million investment scam where the trio persuaded
investors to funnel funds into a new social media platform they created. – Huntington
Patch See item 4 below in the Financial Services Sector
• Tennessee officials reported November 15 that code orange air
quality alerts remain in effect for several regions across the State due to
poor air quality stemming from 67 wildfires that have burned a total of 15,914
acres. – WKRN 2 Nashville
17. November 15, WKRN 2
Nashville – (Tennessee) More than 60 wildfires still burn in Tennessee;
arson suspected in nearly half. Tennessee officials reported November 15
that code orange air quality alerts remain in effect for several regions across
the State due to poor air quality stemming from 67 wildfires that have burned a
total of 15,914 acres. The Tennessee Department of Health stated that more than
200 residents in Chattanooga have been hospitalized due to breathing
difficulties related to the fires.
Financial Services Sector
3. November 15, KOTV 6
Tulsa – (Oklahoma) Former Tulsa attorney pleads guilty to embezzling
almost $600K. A disbarred Tulsa County, Oklahoma attorney pleaded guilty
November 15 after he embezzled $587,000 from probate estate accounts at the
Bank of Oklahoma from August 2012 – October 2015 by illegally using checks made
out to himself, diverting funds from the probate estates, and depositing the
checks into his business and personal accounts to use for personal expenses.
Source: http://www.newson6.com/story/33718591/former-tulsa-attorney-pleads-guilty-to-embezzling-almost-600k
4. November 15, Huntington
Patch – (National) 2 Long Island men among trio charged in $5M
investment scam: DA. Three men were indicted November 15 for their alleged
involvement in a more than $5 million investment scam where the trio persuaded
investors to funnel funds into a new social media platform they created that
was purportedly sponsored by Staples, Inc. and Myspace.com. The charges allege
that the trio used the proceeds to cover personal expenses and the supposed
business relationship with Staples and Myspace could not be verified. Source: http://patch.com/new-york/huntington/huntington-man-among-3-charged-5m-investment-scam-da
Information Technology Sector
20. November 16,
SecurityWeek – (International) Symantec patches DLL hijacking flaw in
enterprise products. Symantec released updates to resolve a dynamic-link
library (DLL) flaw affecting its IT Management Suite (ITMS) 8.0, Ghost Solution
Suite (GSS) 3.1, and Endpoint Virtualization (SEV) 7.x products, which could
cause a rogue DLL file to be loaded by the software before the legitimate file,
leading to arbitrary code execution, potentially with elevated privileges, as
the affected products do not use an absolute path when loading DLL files during
reboot or boot-up. Source: http://www.securityweek.com/symantec-patches-dll-hijacking-flaw-enterprise-products
21. November 16,
SecurityWeek – (International) Serious flaws found in Lynxspring SCADA
product. The Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) published an advisory that revealed versions 1.1.8 and earlier of
Lynxspring’s JENEsys building operating system, the BAS Bridge, is affected by
four remotely-exploitable vulnerabilities after a security researcher
discovered a flaw that could allow an attacker with read-only access to send
maliciously crafted commands to the application and make changes within the
app. The researcher also found a flaw that can be exploited to access a system
without authentication by using a hardcoded username with no password, as well
as a cross-site request forgery (CSRF) vulnerability that could allow an
attacker to carry out various malicious actions if they convince a user into
accessing a maliciously crafted link, among other flaws.
22. November 15,
SecurityWeek – (International) Shazam for Mac keeps listening even when
disabled. Synack security researchers reported that malware could silently
spy on Apple Mac OS X users through the device’s Webcam and microphone by
piggybacking on legitimate applications that utilize those components, such as
the Shazam music discovery app, FaceTime, and Skype after finding that the Mac
version of Shazam does not deactivate the device’s microphone once the user
switches off the app. The researcher warned malware could leverage this flaw to
capture audio from a device’s microphone without initiating a recording.
Communications Sector
Nothing to report