Friday, November 25, 2016



Complete DHS Report for November 25, 2016

Daily Report                                            

Top Stories

Duke Energy Beckjord LLC agreed November 22 to pay a $1 million fine to resolve a Clean Water Act violation after the firm pleaded guilty to spilling 9,000 gallons of diesel fuel into the Ohio River in 2014. – Charlotte Observer

1. November 22, Charlotte Observer – (Ohio) Duke Energy unit to pay $1 million fine for Ohio River spill. Duke Energy Beckjord LLC agreed November 22 to pay a $1 million fine to resolve a Clean Water Act violation after the firm pleaded guilty to spilling 9,000 gallons of diesel fuel into the Ohio River in 2014. As part of the agreement with the U.S. Attorney’s Office for the Southern District of Ohio, the firm will also make a $100,000 contribution for the Foundation for Ohio River Education. Source: http://www.charlotteobserver.com/news/local/article116383368.html

Kia Motor Corporation issued a recall November 22 for 71,704 of its model years 2008 – 2009 Kia Sportage crossover vehicles. – TheCarConnection.com

3. November 22, TheCarConnection.com – (National) 2008-2009 Kia Sportage recalled: nearly 72,000 U.S. vehicles affected. Kia Motor Corporation issued a recall November 22 for 71,704 of its model years 2008 – 2009 Kia Sportage crossover vehicles sold in the U.S. due to an improperly sealed wiring harness cover that shields the hydraulic electronic control unit, which could allow moisture to reach the component and cause corrosion, thereby increasing the risk of fire in the engine compartment. Source: http://www.thecarconnection.com/news/1107424_2008-2009-kia-sportage-recalled-nearly-72000-u-s-vehicles-affected

Ally Financial Inc. agreed November 21 to pay $52 million to settle allegations that its subsidiaries acted inappropriately in connection with 10 subprime residential mortgage backed securities (RMBS) in 2006 and 2007. – U.S. Attorney’s Office, Central District of California See item 4 below in the Financial Services Sector

A former owner of Amerifund Capital Finance, LLC was convicted November 21 for his role in a stock-loan fraud scheme where he defrauded executives and shareholders of publicly traded companies from the U.S., Canada, Mexico, and other countries out of more than $100 million. – U.S. Attorney’s Office, Southern District of California See item 5 below in the Financial Services Sector

Financial Services Sector

4. November 21, U.S. Attorney’s Office, Central District of California – (National) Ally Financial agrees to pay $52 million to resolve investigation into improper conduct related to issuance of mortgage-backed securities. Ally Financial Inc. agreed November 21 to pay $52 million to settle allegations that its subsidiaries acted inappropriately in connection with 10 subprime residential mortgage backed securities (RMBS) in 2006 and 2007, where the firm’s registered broker-dealer, Ally Securities, LLC, marketed subprime mortgages to investors knowing that a considerable percentage of the pooled subprime mortgages were at risk of falling delinquent, causing investors to lose millions of dollars from 40,000 toxic subprime mortgage loans. As part of the settlement, Ally Financial is required to immediately cease operations of Ally Securities, LLC. Source: https://www.justice.gov/usao-cdca/pr/ally-financial-agrees-pay-52-million-resolve-investigation-improper-conduct-related

5. November 21, U.S. Attorney’s Office, Southern District of California – (International) Owner of stock lending firm convicted by jury in $100 million stock-loan fraud scheme. A former owner of Amerifund Capital Finance, LLC based in Boca Raton, Florida, was convicted November 21 for participating in a stock-loan fraud scheme where he defrauded executives and shareholders of publicly traded companies from the U.S., Canada, Mexico, and other countries out of more than $100 million when the stock they pledged as collateral for loans was immediately sold to finance the loans. The charges state that the former owner and his co-conspirators fraudulently persuaded the borrowers to make monthly interest payments on their loans by deceiving the investors into thinking that their collateral was safe and would be returned if they did not default, while the defendant and his associates kept the money and fabricated excuses as to why they could not return their stock once borrowers paid off their loans at the end of the loan terms. Source: https://www.justice.gov/usao-sdca/pr/owner-stock-lending-firm-convicted-jury-100-million-stock-loan-fraud-scheme

Information Technology Sector

18. November 22, SecurityWeek – (International) Several DoS vulnerabilities patched in NTP. The Computer Emergency Response Team (CERT) Coordination Center and the Network Time Foundation reported the release of Network Time Protocol (NTP) version 4.2.8p9 which includes roughly 40 security patches, bug fixes, and system improvements including a patch for a high severity oversized User Datagram Protocol (UDP) packet denial-of-service (DoS) flaw in Microsoft Windows, as well as patches for 9 other security holes. Source: http://www.securityweek.com/several-dos-vulnerabilities-patched-ntp

19. November 22, SecurityWeek – (International) Siemens releases firmware updates to patch SIMATIC flaws. Siemens released firmware updates for its SIMATIC S7-300 and S7-400 controllers, and its SIMATIC CP 343-1 and CP 443-1 Advanced communications processors resolving several medium-severity flaws after security researchers discovered the affected devices contain an integrated Web server on port 80/TCP or 443/TCP that enables a malicious actor to carry out operations with privileges of an authenticated user. The researchers also discovered a flaw related to the Web server delivering cookies without the “secure” flag, among other patched flaws.

Communications Sector

20. November 22, SecurityWeek – (International) Researchers detect 57 million scans for Netis router backdoor. Trend Micro security researchers warned that 57 million scans for a backdoor in Netis Systems’ routers have been registered since August according to data collected by one of the firm’s TippingPoint Digital Vaccine (DV) filters. The backdoor can be exploited by an attacker to gain complete control of a targeted device, modify settings, and carry out man-in-the-middle (MitM) attacks, among other malicious actions. Source: http://www.securityweek.com/researchers-detect-57-million-scans-netis-router-backdoor

For another story, see item 19 above in the Information Technology Sector