Complete DHS Report for November 28, 2016
• Bechtel Corporation and AECOM agreed November 23 to pay $125 million to resolve allegations that the contractors violated the Federal False Claims Act by improperly billing the U.S. Department of Energy for materials and services that did not meet quality control requirements. – Wall Street Journal
2. November 23, Wall Street Journal – (Washington) Contractors settle case over cleanup effort at Hanford nuclear site. Bechtel Corporation and AECOM agreed November 23 to pay $125 million to resolve allegations that the contractors violated the Federal False Claims Act by improperly billing the U.S. Department of Energy for materials and services from vendors that did not meet quality control requirements in relation to the contractors’ cleanup efforts at the Hanford Site near Richland, Washington. Source: http://www.wsj.com/articles/contractors-settle-case-over-cleanup-effort-at-hanford-nuclear-site-1479951868
• Toyota Motor Corporation issued a recall November 23 for roughly 744,000 of its model years 2011 – 2016 Toyota Sienna vehicles due to an electrical problem in the vehicle’s sliding door. – TheCarConnection.com
3. November 23, TheCarConnection.com – (National) 2011-2016 Toyota Sienna recalled to fix dodgy doors: 744,00 U.S. vehicles affected. Toyota Motor Corporation issued a recall November 23 for roughly 744,000 of its model years 2011 – 2016 Toyota Sienna vehicles sold in the U.S. due to an electrical problem in the vehicle’s sliding door where the door’s fuse could trip if the door is prevented from opening and allow the door to open while the vehicle is in motion, thereby creating a safety hazard for passengers. Source: http://www.thecarconnection.com/news/1107442_2011-2016-toyota-sienna-recalled-to-fix-dodgy-doors-744000-u-s-vehicles-affected
• U.S. Steel Corporation agreed November 22 to perform 7 environmental projects totaling $1.9 million, among other actions, to resolve alleged Clean Air Act violations at its 3 iron and steel manufacturing plants in the Midwest. – U.S. Department of Justice
4. November 22, U.S. Department of Justice – (Indiana; Illinois; Michigan) U.S. Steel Corporation agrees to end litigation, improve environmental compliance at its three Midwest facilities, pay civil penalty of $2.2 million and perform projects to aid communities affected by U.S. Steel’s pollution. U.S. Steel Corporation agreed November 22 to pay a $2.2 million civil penalty to resolve alleged Clean Air Act violations at its 3 iron and steel manufacturing plants in Gary, Indiana; Ecorse, Michigan; and Granite City, Illinois. In addition to the civil penalty, U.S. Steel will undertake measures to reduce pollution at its three facilities, perform seven supplemental environmental projects totaling $1.9 million, and spend $800,000 to remove contaminated transformers at its Gary and Ecorse plants, among other actions. Source: https://www.justice.gov/opa/pr/u-s-steel-corporation-agrees-end-litigation-improve-environmental-compliance-its-three
• The U.S. Navy reported November 24 that the personal details of 134,386 current and former U.S. sailors were exposed after Hewlett-Packard Company officials discovered an employee’s laptop was hacked. – Softpedia
21. November 24, Softpedia – (National) US Navy hacked, Social Security numbers of 134,000 sailors stolen. The U.S. Navy reported November 24 that the personal details of 134,386 current and former U.S. sailors were exposed after Hewlett-Packard Company officials notified the Navy of the breach October 27 when the firm discovered an employee’s laptop used as part of the Enterprises Services agreement was hacked. U.S. Navy officials reported there is no evidence that the stolen information is being misused by the hackers and the investigation into the breach is ongoing. Source: http://news.softpedia.com/news/us-navy-hacked-social-security-numbers-of-134-000-sailors-stolen-510466.shtml
Financial Services Sector
5. November 23, WVEC 13 Hampton – (Virginia) ‘Soul Patch Bandit’ caught, accused of killing infant son in Newport News. A man dubbed the “Soul Patch Bandit” was arrested in Petersburg, Virginia, November 22 after he allegedly robbed 6 banks in the Richmond area. The suspect was also sought in connection with a murder in Newport News.
6. November 23, WCBS 2 New York – (New York) ATM skimmers found at Memorial Sloan-Kettering, 3 other hospitals; thousands stolen from victims. Authorities are searching November 23 for 2 suspects who allegedly installed ATM skimming devices at several hospitals in New York City between August 24 and November 1, 2016, stealing around $46,000 from at least 75 victims.
7. November 22, U.S. Attorney’s Office, Southern District of California – (National) Founder of litigation marketing company guilty of multi-million dollar securities fraud. The co-founder of PLCMGMT LLC, doing business as Prometheus pleaded guilty November 22 after he and a co-conspirator defrauded about 200 investors out of $8.5 million in a securities fraud scheme where the duo falsely claimed investor funds would be allocated for marketing efforts to recruit plaintiffs for lawsuits against prescription drugs and medical device manufacturers. The duo solicited investors by promising investors up to 300 percent returns, falsely claiming the investors could redeem their investments at any time, and that their investments were secured by enforceable liens, among other fraudulent claims. Source: https://www.justice.gov/usao-sdca/pr/founder-litigation-marketing-company-guilty-multi-million-dollar-securities-fraud
Information Technology Sector
23. November 24, Softpedia – (International) Hackers can steal Tesla cars using Android app. Security researchers from Promon discovered a flaw in Tesla Motors companion applications for Android and Apple iOS that could enable hackers to locate, unlock, and steal Tesla vehicles by convincing a Tesla owner to download a malicious version of the companion app by offering a free burger upon installation, which allows the hacker to connect to the phone and begin the hijack process. As the flaw is in the mobile apps and not the vehicles, researches advised users to update their systems and apps and to avoid downloading apps from untrusted sources.
24. November 23, Help Net Security – (International) Telecrypt Decryptor foils ransomware’s simple encryption method. A malware analyst released Telecrypt Decryptor, a tool that is able to decrypt files encrypted by the Telecrypt ransomware when running on an Administrator account and if an affected user has .NET 4.0 and above or has at least one of the encrypted files in an unencrypted form. Source: https://www.helpnetsecurity.com/2016/11/23/telecrypt-decryptor-ransomware/
25. November 23, SecurityWeek – (International) Information disclosure flaws patched in VMware products. VMware released two security advisories, one of which includes patches for three flaws in VMware vCenter Server, vSphere Client, and vRealize Automation after security researchers from Positive Technologies discovered XML External Entity (XXE) flaws that could lead to information disclosure and a denial-of-service (DoS) condition. The second advisory describes a medium-severity information disclosure bug in Identity Manager and vRealize Automation that could allow an attacker to access folders that do not contain sensitive data. Source: http://www.securityweek.com/information-disclosure-flaws-patched-vmware-products
Nothing to report