Monday, December 12, 2016



Complete DHS Report for December 12, 2016

Daily Report                                            

Top Stories

• A former JPMorgan Chase & Co employee was charged December 7 after he allegedly made or attempted to make 22 wire transfers for over $5 million from a bank account that was supposedly JPMorgan-owned from July 2014 – February 2016. – Reuters See item 3 below in the Financial Services Sector

• Eastbound lanes of Interstate 90 in Lake County, Ohio, were closed for 14 hours December 8 – December 9 after a 50-vehicle collision. – WKYC 3 Cleveland

8. December 9, WKYC 3 Cleveland – (Ohio) I-90 East reopens after 14-hour closure from Thursday pileup. Eastbound lanes of Interstate 90 in Lake County, Ohio, were closed for 14 hours December 8 – December 9 after a 50-vehicle collision involving 20 commercial vehicles, 20 passenger cars, and a Greyhound bus that injured several people. The crash also forced the closure of the westbound lanes for several hours December 8. Source: http://www.wkyc.com/news/local/lake-county/i-90-east-reopens-after-14-hour-closure-from-thursday-pileup/367035640

• Interstate 90 near Girard, Pennsylvania, was closed for several hours December 8 – December 9 after a 15-vehicle pile-up collision that injured at least 15. – KDKA 2 Pittsburgh; Associated Press

9. December 9, KDKA 2 Pittsburgh; Associated Press – (Pennsylvania) Pileup crash on I-90 in Erie blamed on lake-effect snow. Interstate 90 near Girard, Pennsylvania, was closed for several hours December 8 – December 9 after a 15-vehicle pile-up collision that injured at least15 people. Source: http://pittsburgh.cbslocal.com/2016/12/09/pileup-crash-on-i-90-in-erie-blamed-on-lake-effect-snow/

• The U.S. Securities and Exchange Commission announced December 8 that Stifel, Nicolaus & Company, Inc. and its former vice president agreed to pay $24.6 million to settle claims that the brokerage firm misled five Wisconsin school districts, causing them $200 million in losses. – Reuters

20. December 8, Reuters – (Wisconsin) Stifel, ex-executive settle SEC case over Wisconsin school investments. The U.S. Securities and Exchange Commission announced December 8 that Stifel, Nicolaus & Company, Inc. and its former vice president agreed to pay $24.6 million to settle claims that the brokerage firm misled five Wisconsin school districts about the risks of investing in synthetic collateralized debt obligations (CDO), causing the school districts $200 million in losses after the CDOs failed. Source: http://www.reuters.com/article/us-stifel-financial-wisconsin-sec-idUSKBN13X1P9
  
Financial Services Sector

3. December 8, Reuters – (National) Ex-JPMorgan employee accused of $5 million scheme to defraud bank. A former operations manager for JPMorgan Chase & Co.’s broker-dealer services was charged December 7 after he allegedly made or attempted to make 22 wire transfers for over $5 million from a bank account that was supposedly JPMorgan-owned to an account at another bank belonging to an unidentified individual from July 2014 – February 2016. The former manager reportedly defrauded the bank in order to pay personal debts. Source: http://www.reuters.com/article/us-jpmorgan-court-idUSKBN13X206

For another story, see item 20 above in Top Stories

Information Technology Sector

23. December 9, SecurityWeek – (International) Yahoo pays out $10,000 bounty for critical mail flaw. A security researcher from Finland-based software company Klikki Oy discovered a critical flaw in Yahoo! Mail that could allow attackers to steal a user’s emails and create a worm that spreads by attaching itself to outgoing emails. The researcher found the flaw is related to code inserted into an email when a victim uses the “Share files from cloud providers” attachment option to attach files from their cloud storage accounts, and reported that the code is executed as soon as the email is opened. Source: http://www.securityweek.com/yahoo-pays-out-10000-bounty-critical-mail-flaw

24. December 9, SecurityWeek – (International) Most external PowerShell scripts are malicious: Symantec. Symantec researchers reported that more than 95 percent of scripts using PowerShell were found to be malicious after the Symantec Blue Coat Malware Analysis sandbox observed 49,127 PowerShell scripts submitted in 2016 and analyzed 4,782 samples that represent a total of 111 malware families abusing the PowerShell command line. The researchers reported that attackers leverage PowerShell scripts due to the flexibility of the framework, and found that attackers use the scripts post-compromise to download additional payloads. Source: http://www.securityweek.com/most-external-powershell-scripts-are-malicious-symantec

25. December 8, SecurityWeek – (International) Petya variant Goldeneye emerges. BleepingComputer security researchers warned that a new variant of the Petya ransomware, dubbed Goldeneye was recently spotted and leverages resume-themed spam emails for distribution. The emails include two malicious documents containing macros, which once enabled, launch and save embedded base64 strings into an executable file in the temp folder, which is executed to start encrypting the files on a device. Source: http://www.securityweek.com/petya-variant-goldeneye-emerges

Communications Sector

Nothing to report