Tuesday, December 6, 2016



Complete DHS Report for December 6, 2016

Daily Report                                            

Top Stories

• Ford Motor Company issued a recall December 5 for 602,739 of its model years 2013 –2017 Ford Fusion vehicles and 2013 –2015 Lincoln MKZ vehicles sold in the U.S. – TheCarConnection.com

6. December 5, TheCarConnection.com – (International) Ford recalls 2013-17 Ford Fusion, 2013-15 Lincoln MKZ for seatbelt, seat back problems. Ford Motor Company issued a recall December 5 for 602,739 of its model years 2013 –2017 Ford Fusion vehicles and model years 2013 –2015 Lincoln MKZ vehicles sold in the U.S. due to an issue with the seatbelt anchor pretensioners where heat generated during deployment can cause the pretensioner cables to separate, thereby causing the seatbelt to improperly restrain the occupant and increasing the risk of injury. The recall also affects 35,614 vehicles in Canada, 8,665 in Mexico, and 653 elsewhere. Source: http://www.thecarconnection.com/news/1107607_ford-recalls-2013-17-ford-fusion-2013-15-lincoln-mkz-for-seatbelt-seat-back-problems

• A Germantown, Maryland resident pleaded guilty December 1 to embezzling at least $1.02 million from her employer, a Chevy Chase-based financial institution, between December 2007 and June 2014. – Bethesda Magazine See item 7 below in the Financial Services Sector

• A Houston couple pleaded guilty December 2 to stealing the identities of 50,000 victims and using the identities to apply for and obtain 230 debit cards and earn $250,000 in fraudulent Federal tax returns. – Houston Chronicle See item 8 below in the Financial Services Sector

• The founder and chief executive officer of Virginia-based VitalSpring Technologies, Inc. pleaded guilty December 2 to a $30 million investment fraud scheme affecting 160 VitalSpring shareholders. – U.S. Department of Justice 

24. December 2, U.S. Department of Justice – (Delaware; Virginia) CEO of Virginia health care technology company pleads guilty to $30 million shareholder fraud and $7.5 million employment tax fraud. The founder and chief executive officer of Virginia-based VitalSpring Technologies, Inc. pleaded guilty December 2 to a $30 million investment fraud scheme where the former executive provided materially fraudulent and misleading information to 160 VitalSpring shareholders to induce investments in the company. The founder concealed that VitalSpring failed to account for and pay over $7.5 million in employment taxes to the U.S. Internal Revenue Service, and falsely claimed that the sale of the company was imminent, which would have resulted in substantial profits for the shareholders, among other misrepresentations. Source: https://www.justice.gov/opa/pr/ceo-virginia-health-care-technology-company-pleads-guilty-30-million-shareholder-fraud-and-75

Financial Services Sector

7. December 2, Bethesda Magazine – (Maryland) Woman pleads guilty to defrauding Chevy Chase financial company of more than $1 million. A Germantown, Maryland resident pleaded guilty December 1 to embezzling at least $1.02 million from her employer, a Chevy Chase-based financial institution, between December 2007 and June 2014. The charges allege that the defendant sent banks fictitious invoices where she forged the signature of another employee of her financial firm, and deposited over 60 checks issued by various banks including U.S. Bank, Bank of America, and JPMorgan Chase & Co. into her personal financial accounts. Source: http://www.bethesdamagazine.com/Bethesda-Beat/Web-2016/Woman-Pleads-Guilty-To-Defrauding-Chevy-Chase-Financial-Company-of-More-than-1-Million/

8. December 2, Houston Chronicle – (International) Couple pleads guilty to stealing 50K identities in tax fraud scam. A Houston couple pleaded guilty December 2 to stealing the identities of 50,000 victims and using the identities to apply for and obtain 230 debit cards from January 2014 – May 2015. The duo used the stolen identities to earn $250,000 in fraudulent Federal tax returns, while attempting to obtain a total of $1.9 million in tax refunds. Source: http://www.chron.com/news/houston-texas/article/Houston-couple-pleads-guilty-10688348.php

Information Technology Sector

31. December 2, SecurityWeek – (International) Eight vulnerabilities found in Moxa NPort devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that Moxa’s NPort serial device servers are plagued by eight vulnerabilities after security researchers discovered three critical flaws that can be exploited to retrieve an administrator password without authentication, update the device’s firmware without authentication, and use brute force to bypass authentication, as well as high security flaws that can be exploited to cause a denial-of-service (DoS) condition and remotely execute arbitrary code, among other flaws. Moxa released firmware updates for most of the affected servers and advised its customers to install the updates.
Source: http://www.securityweek.com/eight-vulnerabilities-found-moxa-nport-devices

For another story, see item 23 below from the Healthcare and Public Health Sector

23. December 5, Softpedia – (International) Hackers can compromise smart defibrillators and kill the host, researchers warn. A team of security researchers discovered that a malicious actor can compromise and intercept the wireless communication system between Implantable Medical Devices (IMDs) and their monitors to launch reverse engineering and distributed denial-of-service (DDoS) attacks to compromise the devices’ security systems and take control of the devices’ functions. Researchers stated that a standby mode after the communication between the monitors and implanted devices ends is the most effective way to avoid the hack.
Source: http://news.softpedia.com/news/hackers-can-compromise-smart-defibrillators-and-kill-the-host-researchers-warn-510732.shtml

Communications Sector

Nothing to report