Complete DHS Report for November 25, 2016
Daily Report
Top Stories
• Duke
Energy Beckjord LLC agreed November 22 to pay a $1 million fine to resolve a
Clean Water Act violation after the firm pleaded guilty to spilling 9,000
gallons of diesel fuel into the Ohio River in 2014. – Charlotte Observer
1. November 22,
Charlotte Observer – (Ohio) Duke Energy unit to pay $1 million fine for
Ohio River spill. Duke Energy Beckjord LLC agreed November 22 to pay a $1
million fine to resolve a Clean Water Act violation after the firm pleaded
guilty to spilling 9,000 gallons of diesel fuel into the Ohio River in 2014. As
part of the agreement with the U.S. Attorney’s Office for the Southern District
of Ohio, the firm will also make a $100,000 contribution for the Foundation for
Ohio River Education. Source: http://www.charlotteobserver.com/news/local/article116383368.html
• Kia
Motor Corporation issued a recall November 22 for 71,704 of its model years
2008 – 2009 Kia Sportage crossover vehicles. – TheCarConnection.com
3. November 22,
TheCarConnection.com – (National) 2008-2009 Kia Sportage recalled:
nearly 72,000 U.S. vehicles affected. Kia Motor Corporation issued a recall
November 22 for 71,704 of its model years 2008 – 2009 Kia Sportage crossover
vehicles sold in the U.S. due to an improperly sealed wiring harness cover that
shields the hydraulic electronic control unit, which could allow moisture to
reach the component and cause corrosion, thereby increasing the risk of fire in
the engine compartment. Source: http://www.thecarconnection.com/news/1107424_2008-2009-kia-sportage-recalled-nearly-72000-u-s-vehicles-affected
• Ally
Financial Inc. agreed November 21 to pay $52 million to settle allegations that
its subsidiaries acted inappropriately in connection with 10 subprime
residential mortgage backed securities (RMBS) in 2006 and 2007. – U.S.
Attorney’s Office, Central District of California See
item 4 below in the Financial
Services Sector
• A
former owner of Amerifund Capital Finance, LLC was convicted November 21 for
his role in a stock-loan fraud scheme where he defrauded executives and
shareholders of publicly traded companies from the U.S., Canada, Mexico, and
other countries out of more than $100 million. – U.S. Attorney’s Office,
Southern District of California See item 5 below in the
Financial Services Sector
Financial Services Sector
4. November 21, U.S.
Attorney’s Office, Central District of California – (National) Ally Financial
agrees to pay $52 million to resolve investigation into improper conduct
related to issuance of mortgage-backed securities. Ally Financial Inc.
agreed November 21 to pay $52 million to settle allegations that its
subsidiaries acted inappropriately in connection with 10 subprime residential
mortgage backed securities (RMBS) in 2006 and 2007, where the firm’s registered
broker-dealer, Ally Securities, LLC, marketed subprime mortgages to investors
knowing that a considerable percentage of the pooled subprime mortgages were at
risk of falling delinquent, causing investors to lose millions of dollars from
40,000 toxic subprime mortgage loans. As part of the settlement, Ally Financial
is required to immediately cease operations of Ally Securities, LLC. Source: https://www.justice.gov/usao-cdca/pr/ally-financial-agrees-pay-52-million-resolve-investigation-improper-conduct-related
5. November 21, U.S.
Attorney’s Office, Southern District of California – (International) Owner
of stock lending firm convicted by jury in $100 million stock-loan fraud
scheme. A former owner of Amerifund Capital Finance, LLC based in Boca
Raton, Florida, was convicted November 21 for participating in a stock-loan
fraud scheme where he defrauded executives and shareholders of publicly traded
companies from the U.S., Canada, Mexico, and other countries out of more than
$100 million when the stock they pledged as collateral for loans was
immediately sold to finance the loans. The charges state that the former owner
and his co-conspirators fraudulently persuaded the borrowers to make monthly
interest payments on their loans by deceiving the investors into thinking that
their collateral was safe and would be returned if they did not default, while
the defendant and his associates kept the money and fabricated excuses as to
why they could not return their stock once borrowers paid off their loans at
the end of the loan terms. Source: https://www.justice.gov/usao-sdca/pr/owner-stock-lending-firm-convicted-jury-100-million-stock-loan-fraud-scheme
Information Technology Sector
18. November 22,
SecurityWeek – (International) Several DoS vulnerabilities patched in
NTP. The Computer Emergency Response Team (CERT) Coordination Center and
the Network Time Foundation reported the release of Network Time Protocol (NTP)
version 4.2.8p9 which includes roughly 40 security patches, bug fixes, and
system improvements including a patch for a high severity oversized User
Datagram Protocol (UDP) packet denial-of-service (DoS) flaw in Microsoft
Windows, as well as patches for 9 other security holes. Source: http://www.securityweek.com/several-dos-vulnerabilities-patched-ntp
19. November 22,
SecurityWeek – (International) Siemens releases firmware updates to
patch SIMATIC flaws. Siemens released firmware updates for its SIMATIC
S7-300 and S7-400 controllers, and its SIMATIC CP 343-1 and CP 443-1 Advanced
communications processors resolving several medium-severity flaws after
security researchers discovered the affected devices contain an integrated Web
server on port 80/TCP or 443/TCP that enables a malicious actor to carry out
operations with privileges of an authenticated user. The researchers also
discovered a flaw related to the Web server delivering cookies without the
“secure” flag, among other patched flaws.
Communications Sector
20. November 22,
SecurityWeek – (International) Researchers detect 57 million scans for
Netis router backdoor. Trend Micro security researchers warned that 57
million scans for a backdoor in Netis Systems’ routers have been registered
since August according to data collected by one of the firm’s TippingPoint
Digital Vaccine (DV) filters. The backdoor can be exploited by an attacker to
gain complete control of a targeted device, modify settings, and carry out
man-in-the-middle (MitM) attacks, among other malicious actions. Source: http://www.securityweek.com/researchers-detect-57-million-scans-netis-router-backdoor
For another story, see
item 19 above in the Information
Technology Sector