Friday, December 23, 2016



The report upon which this is based was not published until December 27, 2016 at 11:42AM.  My apologies but it is beyond my control!

Complete DHS Report for December 23, 2016

Daily Report                                            

Top Stories

• The former director of fixed income for the New York State Common Retirement Fund and 2 representatives at separate broker-dealers were charged December 21 for their alleged roles in a $2.5 billion pay-to-play scheme. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• The founder and chief executive officer (CEO) of Frisco-based Texas First Financial LLC was arrested December 20 for allegedly orchestrating a Ponzi scheme that defrauded investors out of $6 million. – Downtown Austin Patch  See item 5 below in the Financial Services Sector

• More than 430 flights were delayed and 59 others were canceled at Los Angeles International Airport December 21 – December 22. – ABC News

6. December 22, ABC News – (California) Holiday travelers gripe as delays pile up at Los Angeles International Airport. More than 430 flights were delayed and 59 others were canceled at Los Angeles International Airport December 21 – December 22 due to airport construction, inclement weather, and the increased number of flights and passengers.

• Community Health Plan of Washington began notifying nearly 400,000 current and former patients December 21 that their personal information, including Social Security numbers, was exposed in a data breach. – Seattle Times; Yakima Herald-Republic

18. December 22, Seattle Times; Yakima Herald-Republic – (Washington) Data breach exposes info for 400,000 Community Health Plan members. Community Health Plan of Washington is notifying nearly 400,000 current and former patients December 21 that their personal information, including Social Security numbers, was exposed in a data breach after an anonymous caller notified the firm November 7 that they had discovered a vulnerability in the computer network of the company that provides the health organization technical services. Officials stated there is no evidence that the information was misused.

Financial Services Sector

4. December 21, U.S. Securities and Exchange Commission – (International) SEC charges former New York pension official and two brokers in pay-to-play scheme.
The former director of fixed income for the New York State Common Retirement Fund and 2 representatives at separate broker-dealers were charged December 21 for their alleged roles in a pay-to-play scheme where the director used his position to divert $2.5 billion in State business to the brokers’ firms in exchange for over $100,000 worth of illicit bribes and benefits from January 2014 – February 2016. The charges allege that the scheme netted the brokers millions of dollars in commissions, and allege that the brokers provided considerable assistance to the State official in hiding the scheme from the Retirement Fund.

5. December 20, Downtown Austin Patch – (Texas) Dallas man billing self as financial guru via investment seminars arrested in alleged Ponzi scheme. The founder and chief executive officer (CEO) of Frisco-based Texas First Financial LLC was arrested December 20 for allegedly orchestrating a Ponzi scheme that defrauded investors out of $6 million from the sale of notes, stock certificates, and investment contracts in Dallas-based StaMedia Group from 2014 to 2016 and Frisco-based TenList Inc. The executive and his sales associates allegedly raised money from StaMedia investors without disclosing that the business had negligible revenue and net income since its establishment in 2013, and reportedly concealed ongoing Federal investigations into his sale of investments. Source: http://patch.com/us/across-america/man-billing-himself-financial-guru-investment-seminars-arrested-alleged-ponzi

Information Technology Sector

22. December 21, SecurityWeek – (International) Rakos malware takes over embedded Linux devices. ESET security researchers warned that a newly observed piece of malware, dubbed Rakos is targeting embedded Linux devices via brute force Secure Shell (SSH) login attempts in order to infect the vulnerable devices and servers with an open SSH port, and use them to create a large botnet and further spread the malware. The researchers also found that Rakos is able to update its configuration file from a specific command and control (C&C) location, and provides the attacker with complete control over an impacted device as it sends information including the device’s Internet Protocol (IP) address, username, and password.

23. December 21, SecurityWeek – (International) Vulnerabilities found in Siemens Desigo PX, SIMATIC products. Siemens released patches and workarounds to address several flaws in all versions of its SIMATIC S7-300 and S7-400 programmable logic controllers (PLCs) after researchers from Beijing Acorn Network Technology found the security holes can be exploited to obtain credentials from a PLC configuration with protection level 2, and cause a denial-of-service condition by sending maliciously crafted packets to transmission control protocol (TCP) port 80. Siemens also described a cryptographic issue in its Desigo PX product which could allow a remote attacker to reconstruct the corresponding private key. Source: http://www.securityweek.com/vulnerabilities-found-siemens-desigo-px-simatic-products

24. December 21, SecurityWeek – (International) Spam “hailstorms” deliver variety of threats. Researchers from Cisco Talos warned that a new type of spam campaign, dubbed hailstorm spam sends over 75,000 Domain Name System (DNS) queries per hour and relies on the use of a large number of Internet Protocol (IP) addresses from around the world to send the queries. Cisco determined that servers in the U.S. are targeted the most by hailstorm spam campaigns compared to other countries. Source: http://www.securityweek.com/spam-hailstorms-deliver-variety-threats

Communications Sector

Nothing to report


Tuesday, December 27, 2016



Complete DHS Report for December 27, 2016

Daily Report                                            

Top Stories

• A December 22 explosion at the New Haven Chlor-Alkali LLC facility in Connecticut prompted nearby residents to evacuate and forced the temporary shutdown of Amtrak trains from New Haven to Hartford. – New Haven Register
2. December 22, New Haven Register – (Connecticut) Explosion in New Haven damages Welton Street building, rocks nearby areas. A December 22 explosion at the New Haven Chlor-Alkali LLC facility in Connecticut caused extensive damage to the rear of the facility, prompted the evacuation of homes within 1,500 feet of the building, and forced the temporary shutdown of Amtrak trains from New Haven to Hartford after some debris from the explosion landed on the tracks. No injuries were reported and the cause of the explosion remains under investigation. Source: http://www.nhregister.com/general-news/20161222/explosion-in-new-haven-damages-welton-street-building-rocks-nearby-areas
• Two Orlando residents were charged December 22 for their alleged roles in a multi-state debit card skimming scheme that bilked over 100 victims out of thousands of dollars. – WSFA 12 Montgomery

4. December 22, WSFA 12 Montgomery – (National) AL authorities catch suspects in multi-state debit card skimming scheme. Two Orlando residents were charged December 22 for their alleged roles in a multi-state debit card skimming scheme that bilked over 100 victims in Alabama, Florida, Tennessee, and Virginia out of thousands of dollars. Authorities seized $6,490 in cash, 39 stolen debit card numbers with PIN numbers, and 315 gift cards when the suspects were arrested in Baldwin County, Alabama.  Source: http://www.wbrc.com/story/34115240/al-authorities-catch-suspects-in-multi-state-debit-card-skimming-scheme

• Teva Pharmaceutical Industries Ltd., and its subsidiary, Teva LLC agreed December 22 to pay a total of more than $283 million to resolve criminal charges associated with Foreign Corrupt Practices Act violations. – U.S. Department of Justice

21. December 22, U.S. Department of Justice – (International) Teva Pharmaceutical Industries Ltd. agrees to pay more than $283 million to resolve Foreign Corrupt Practices Act charges. Teva Pharmaceutical Industries Ltd., and its wholly-owned Russian subsidiary, Teva LLC agreed December 22 to pay a total of more than $283 million to resolve criminal charges associated with Foreign Corrupt Practices Act (FCPA) violations where the company and its subsidiaries paid millions of dollars in bribes to a high-ranking government official in Russia to influence the official to use his authority to increase sales of the firm’s drug, Copaxone, and bribed a senior government official in Ukraine to approve Teva drug registrations. In addition, the firm failed to implement adequate internal accounting controls and failed to enforce controls it had in place at its Mexican subsidiary, allowing bribes to be paid to doctors employed by the Mexican government.

• Federal officials announced December 22 that Gardena, California-based Total Call Mobile, LLC agreed to pay $30 million for defrauding the Federal Government’s Lifeline Program. – U.S. Attorney’s Office, Southern District of New York  See item 25 below in the Communications Sector

Financial Services Sector

4. December 22, WSFA 12 Montgomery – (National) AL authorities catch suspects in multi-state debit card skimming scheme. Two Orlando residents were charged December 22 for their alleged roles in a multi-state debit card skimming scheme that bilked over 100 victims in Alabama, Florida, Tennessee, and Virginia out of thousands of dollars. Authorities seized $6,490 in cash, 39 stolen debit card numbers with PIN numbers, and 315 gift cards when the suspects were arrested in Baldwin County, Alabama.  Source: http://www.wbrc.com/story/34115240/al-authorities-catch-suspects-in-multi-state-debit-card-skimming-scheme

Information Technology Sector

23. December 22, SecurityWeek – (International) Cisco CloudCenter Orchestrator flaw exploited in attacks. Cisco warned customers about a critical privilege escalation flaw that has been exploited against its CloudCenter Orchestrator (CCO) systems to allow an unauthenticated attacker to remotely install malicious Docker containers with arbitrary privileges, including root by abusing a flaw in the Docker Engine configuration. Cisco reported the flaw exists due to a misconfiguration that makes the Docker Engine management port accessible from the outside, and the flaw has been resolved with the release of CCO version 4.6.2.

Communications Sector

24. December 22, SecurityWeek – (International) Remotely exploitable 0-day impacts NETGEAR WNR2000 routers. A security researcher found that version 5 of Netgear’s WNR2000 routers are plagued with several flaws, including a stack buffer overflow issue that could allow an unauthenticated attacker to take full control of the device and remotely execute code, as well as an issue where the router allows an admin to perform various functions through a function invoked in the Hypertext Transfer Protocol (HTTP) server, uhttpd, which once reversed, allows an unauthenticated attacker to perform sensitive admin functions and retrieve the administrative password. The flaws are exploitable over a local area network (LAN), and remotely for routers with remote administration enabled. Source: http://www.securityweek.com/remotely-exploitable-0-day-impacts-netgear-wnr2000-routers

25. December 22, U.S. Attorney’s Office, Southern District of New York – (National) Manhattan U.S. Attorney announces $30 million settlement with Total Call Mobile for defrauding government program offering discounted mobile services for low-income consumers. The U.S. Federal Communications Commission (FCC) and other officials announced December 22 that Gardena, California-based Total Call Mobile, LLC agreed to pay $30 million for defrauding the Federal Government’s Lifeline Program after Total Call, Locus Telecommunications, LLC, and their shared corporate parent, KDDI America, Inc. knowingly submitted false claims to the program that sought reimbursement for tens of thousands of consumers who did not meet Lifelines eligibility requirements. As part of the settlement, Total Call agreed to no longer participate in the Lifeline Program. Source: https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-30-million-settlement-total-call-mobile-defrauding