Complete DHS Report for December 1, 2016
Daily Report
Top Stories
• A Rockville, Maryland resident pleaded guilty November 29 to
embezzling nearly $290,000 from 3 of her employers while she worked as an
office manager or executive assistant for the companies. – U.S Attorney’s
Office, District of Columbia See item 4 below in the Financial Services Sector
• A New York-based corporate accountant for Cargill Inc. pleaded
guilty November 28 to embezzling at least $3.1 million from the company over a
10-year period and causing $25 million in losses to the firm’s grain shipping
operations at the Port of Albany. – Associated Press
10. November 29,
Associated Press – (New York) Cargill accountant admits stealing $3M,
causing $25M in losses. A New York-based corporate accountant for Cargill
Inc. pleaded guilty November 28 to embezzling at least $3.1 million from the
company over a 10-year period and causing $25 million in losses to the firm’s
grain shipping operations at the Port of Albany by sending customers invoices
for animal feed at prices well below what her employer paid, and directing
customers to send the payments directly to her in order to bypass the
business’s corporate controls. The charges also allege that the accountant
declared $61,208 in income on her 2015 individual tax return, omitting over
$450,000 that she received from defrauding Cargill customers. Source: http://www.twincities.com/2016/11/28/accountant-admits-stealing-3-million-from-cargill/
• City officials in Lawrence, Kansas, issued a health and stream
advisory for the area after nearly 2 million gallons of raw sewage overflowed
from a manhole into Naismith Creek November 28 due to a pump failure. – Lawrence
Journal-World
13. November 29, Lawrence
Journal-World – (Kansas) Close to 2 million gallons of raw sewage
overflows in south Lawrence; health advisory issued. City officials in Lawrence,
Kansas, issued a health and stream advisory for the area after nearly 2 million
gallons of raw sewage overflowed from a manhole into nearby Naismith Creek
November 28 due to a pump failure. Lawrence officials reported the overflow to
the Kansas Department of Health and Environment, and crews are monitoring the
condition of the water. Source: http://www2.ljworld.com/news/2016/nov/29/city-issues-health-advisory-after-sewage-overflow/
• Tennessee fire crews continued working November 30 to contain
wildfires burning in the Great Smoky Mountains National Park and Gatlinburg
area that have scorched 15,000 acres, killed 4 people, and forced the
evacuation of 14,000 residents. – CNN
15. November 30, CNN –
(Tennessee) Gatlinburg fires: 4 dead; crews search for missing. Tennessee
fire crews continued working November 30 to contain wildfires burning in the
Great Smoky Mountains National Park and Gatlinburg area that have scorched a
total of 15,000 acres, forced the evacuation of more than 14,000 residents and
tourists from Gatlinburg and Pigeon Forge, killed 4 people, and damaged or
destroyed 250 homes and businesses. Source: http://www.cnn.com/2016/11/30/us/gatlinburg-fires/
Financial Services Sector
4. November 29, U.S.
Attorney’s Office, District of Columbia – (International) Former office
worker pleads guilty to stealing nearly $290,000 from three different employers.
A Rockville, Maryland resident pleaded guilty November 29 to embezzling
nearly $290,000 from 3 of her employers between September 2012 and September
2015 while she worked as an office manager or executive assistant for the
companies and had access to the firms’ financial information and accounts. The
charges state the woman stole $218,802 from a consulting firm from September
2012 – February 2014, $41,240 from a non-profit organization, and an additional
$29,598 from a management consulting company during the course of her
employment. Source: https://www.justice.gov/usao-dc/pr/former-office-worker-pleads-guilty-stealing-nearly-290000-three-different-employers
For additional stories, see
items 10 above in Top Stories
and 20 below in the Information
Technology Sector
Information Technology Sector
19. November 30,
SecurityWeek– (International) Tor users targeted with Firefox zero-day
exploit. Mozilla’s Firefox team and Tor Browser developers are working to
release updates after Trail of Bits security researchers spotted a JavaScript
exploit leveraging a zero-day use-after-free vulnerability in the Scalable
Vector Graphics (SVG) parser in Firefox to target Tor users. The exploit
reportedly consists of one Hypertext Markup Language (HTML) file and one
Cascading Style Sheet (CSS) file.
20. November 30, Help Net
Security – (International) 158% increase in Android platform
vulnerabilities. Quick Heal released a report which revealed a 14 percent
increase in the detection count of malware on Microsoft Windows-based computers
in the third quarter of 2016, a 33 percent rise in the amount of mobile
ransomware in comparison to the second quarter, and a 25 percent increase in
the detection of mobile banking trojans in the third quarter, among other
findings.
For another story, see item 9
below from the Transportation
Systems Sector
9. November 28,
Softpedia; San Francisco Examiner – (California) San Francisco metro
system hacked, everyone getting free rides. The San Francisco Municipal
Railway (MUNI) was hacked November 25 to provide free rides to all passengers
through November 26, and the attacker demanded a ransom of 100 Bitcoin, or
$73,000 if the transit system wanted the ransomware removed from its ticketing
systems and its services restored. MUNI officials reported the service was not
impacted during the hack and the investigation is ongoing. Source: http://news.softpedia.com/news/san-francisco-metro-system-hacked-everyone-getting-free-rides-510545.shtml
Communications Sector
21. November 29, IDG News
Service – (International) The new Mirai strain has spread far beyond
Deutsche Telekom. Flashpoint security researchers reported that the most
recent strain of the Mirai malware, which infected the routers of nearly 1
million Deutsche Telekom customers, has spread to Internet routers and modems
in at least 10 other countries. This new strain infects routers produced by
Zyxel and exploits a known flaw in the product’s Simple Object Access Protocol
(SOAP) to take control of the devices in order to form a botnet of captured
devices that can be used to launch massive distributed denial-of-service (DDoS)
attacks. Source: http://www.computerworld.com/article/3145403/security/the-new-mirai-strain-has-spread-far-beyond-deutsche-telekom.html#tk.rss_security