Complete DHS Report for January 3, 2017
• A powerful snowstorm caused nearly 100,000 people across Maine to lose power December 30. – Portland Press Herald
1. December 30, Portland Press Herald – (Maine) Nearly 100,000 Mainers still without power after snowstorm dumps up to 27 inches in state. A powerful snowstorm caused nearly 100,000 people across Maine to lose power December 30. Central Maine Power Company officials reported it may take several days to restore power in some areas due to widespread damage and difficult travel conditions. Source: http://www.pressherald.com/2016/12/30/storm-dumps-nearly-2-feet-in-parts-of-maine-causes-widespread-power-outages/
• Honda Motor Co. issued a recall December 29 for 633,753 of its model years 2011 – 2016 Honda Odyssey vehicles sold in the U.S. due to faulty release levers on the second-row outboard seats that can stay unlocked. – TheCarConnection.com
3. December 29, TheCarConnection.com – (National) 2011-2016 Honda Odyssey minivans recalled: 641,000 vehicles affected. Honda Motor Co. issued a recall December 29 for 633,753 of its model years 2011 – 2016 Honda Odyssey vehicles sold in the U.S. due to faulty release levers on the second-row outboard seats that can stay in the unlocked position even after the seats are returned to the proper position, which can increase the risk of injury in the event of a collision or sudden stop. Honda Motor Co. also issued a recall December 29 for 7,549 of its 2016 Honda Odyssey vehicles sold in the U.S. because of an issue with the horizontal adjuster bar in the second-row center seat that may also remain in the unlocked position. Source: http://www.thecarconnection.com/news/1108052_2011-2016-honda-odyssey-minivans-recalled-641000-vehicles-affected
• General Cable Corporation agreed December 29 to pay $20 million to resolve Foreign Corrupt Practices Act violations after the company made improper payments to government officials in China, Angola, Indonesia, and other countries to illicitly win business worth more than $50 million in profits. – U.S. Department of Justice
4. December 29, U.S. Department of Justice – (International) General Cable Corporation agrees to pay $20 million penalty for foreign bribery schemes in Asia and Africa. General Cable Corporation agreed December 29 to pay $20 million to resolve Foreign Corrupt Practices Act violations after the company made improper payments to government officials in China, Angola, and Indonesia, among other countries in order to illicitly win business, which resulted in more than $50 million in profits. In a related settlement, the U.S. Securities and Exchange Commission (SEC) filed a cease and desist order against the company, and General Cable agreed to pay the SEC about $55 million.
• The U.S. Department of Homeland Security and FBI published a Joint Analysis Report (JAR) December 29 detailing the tools Russian hackers used to attack the U.S. presidential election after two actors, Advanced Persistent Threat (APT) 29 and APT 28, participated in cyberattacks against a U.S. political party in 2015 and 2016. – SecurityWeek
15. December 30, SecurityWeek – (International) U.S. attributes election hacks to Russian threat groups. The U.S. Department of Homeland Security and FBI published a Joint Analysis Report (JAR) December 29 detailing the tools that Russian hackers used in attacks against the U.S. presidential election after two different actors, Advanced Persistent Threat (APT) 29 and APT 28, participated in cyberattacks against a U.S. political party in 2015 and 2016. The U.S. President announced several retaliatory actions against Russia in response to the election hacks, which include denying access to two Russian compounds inside the U.S., expelling 35 diplomats, and implementing sanctions on two intelligence agencies.
Financial Services Sector
6. December 29, WSOC 9 Charlotte – (North Carolina) Feds arrest two in complex Charlotte credit-card fraud scheme. Two individuals were charged the week of December 19 for allegedly using their accounts at a Rock Hill, North Carolina-based business known as P.A. to obtain the Social Security numbers and other personal information of Charlotte area residents by using skiptracing services provided by another company, TransUnion Risk and Alternative Data Solutions, Inc., to run queries on 10,000 victims and acquire at least 80 fraudulent credit cards in their names. The charges allege that one of the suspects stole the credit cards that they fraudulently applied for out of residents’ mailboxes. Source: http://www.wsoctv.com/news/local/feds-arrest-two-in-complex-charlotte-credit-card-fraud-scheme/479451022
Information Technology Sector
18. December 30, SecurityWeek – (International) Sundown exploit kit starts using steganography. Trend Micro security researchers reported that a new version of the Sundown exploit kit (EK) leverages steganography to hide its malicious traffic in legitimate-seeming Portable Network Graphics (PNG) image files to disguise various exploits, including those targeting Microsoft’s Internet Explorer and Adobe’s Flash Player.
For another story, see item 20 below from the Commercial Facilities Sector
20. December 29, SecurityWeek – (International) Topps customer data exposed after Website hack. The Topps Company, Inc. notified its customers the week of December 26 that one or more attackers hacked its Website and accessed sensitive information including names, addresses, payment card data, and phone numbers of those customers who placed an order via the company’s Website between July and October 2016.
See item 4 above in Top Stories