Complete DHS Report for January 5, 2017
Daily Report
Top Stories
• A Bellevue, Washington-based developer was charged January 3 for
allegedly orchestrating a scheme that defrauded hundreds of Asian investors who
hoped to receive green cards through the Federal Government’s EB-5 program out
of about $150 million. – Seattle Times See item 3
below in the Financial Services Sector
• New York officials reported that an equipment failure at the
wastewater treatment plant in Amsterdam caused over 30,000 gallons of raw
sewage to spill into the Mohawk River January 3. – WNYT 13 Albany
10. January 3, WNYT 13
Albany – (New York) 30,000 gallons of raw sewage spill into Mohawk River
in Amsterdam. The New York State Department of Environmental Conservation
reported that an equipment failure at the wastewater treatment plant in
Amsterdam, New York, caused over 30,000 gallons of raw sewage to spill into the
Mohawk River January 3.
• A Tennessee woman pleaded guilty January 3 after she stole more
than $1.5 million from the U.S. Department of Agriculture’s Child and Adult
Care Food Program. – Nashville Tennessean
16. January 3, Nashville
Tennessean – (Tennessee) Tennessee woman pleads guilty to child food
program fraud. A Tennessee woman pleaded guilty January 3 after she stole
more than $1.5 million from the U.S. Department of Agriculture’s Child and
Adult Care Food Program after she used her sponsor agency, All About Giving,
Inc., to make monthly reimbursement requests to the Federal program that
overstated the number of child care providers and meals served between March
2015 and July 2016 in order to obtain more funds. In order to conceal the
scheme, the woman and co-conspirators created fake names and addresses of child
care providers that did not exist, and wrote checks to providers who returned a
portion to her in cash, among other fraudulent actions.
• A fire at JR’s Repair and Import Sales in Billings, Montana,
caused an estimated $750,000 in damages January 3. – Billings Gazette
23. January 3, Billings
Gazette – (Montana) Repair shop destroyed by fire, damage estimated at
$750,000. A fire at JR’s Repair and Import Sales in Billings, Montana,
caused an estimated $750,000 in damages January 3. No injuries were reported
and the cause of the fire remains under investigation. Source:
http://billingsgazette.com/news/local/repair-shop-destroyed-by-fire-damage-estimated-at/article_4a776546-1768-5818-9080-5dd4224ca7bb.html
Financial Services Sector
3. January 4, Seattle
Times – (International) Seattle-area developer charged with fraud after
collecting $150M from Asian investors. A Bellevue, Washington-based
commercial developer was charged January 3 for allegedly orchestrating a scheme
that defrauded hundreds of Asian investors who hoped to receive green cards
through the Federal Government’s EB-5 program out of about $150 million, the
Federal agency that approved the conditional green cards based on the
developer’s false assurances, as well as American and Chinese companies that
raised tens of millions of dollars for the job creation projects. The charges
allege that the scheme threatened the permanent green card status of more than
200 foreign investors, as well as the financial institutions that approved the
defendant for $85 million in loans. Source: http://www.seattletimes.com/business/real-estate/seattle-developer-charged-with-fraud-after-collecting-150m-from-asian-investors/
Information Technology Sector
18. January 4,
SecurityWeek – (International) Pseudo-Darkleech remains prominent
distributor of ransomware. Palo Alto Networks security researchers reported
that the pseudo-Darkleech campaign is expected to remain a prominent ransomware
distributor in 2017 after finding the campaign’s operators were able to quickly
adapt to major exploit kit (EK) and ransomware landscape changes during 2016 to
maintain the high level of attacks and to ensure the campaign remained
relevant. The researchers found, however, that the pseudo-Darkleech campaign’s
infection method remains the same, in that it directs a victim who visits a
compromised Website with malicious script to an EK landing page designed to
fingerprint the device to find vulnerable applications and exploit them.
19. January 4,
SecurityWeek – (International) Google researcher finds certificate flaws
in Kaspersky products. Kaspersky Lab resolved two flaws in its anti-malware
products after a Google Project Zero security researcher found the products
were plagued with a critical flaw related to how Kaspersky Antivirus inspects
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) connections that
could allow an attacker to intercept all traffic to a certain domain by sending
the targeted Kaspersky Antivirus user two certificates with the same key. The
researcher also found a high severity flaw involving improper protection of the
private key for the local certificate authority (CA) root which could allow any
unprivileged user to become a CA. Source: http://www.securityweek.com/google-researcher-finds-certificate-flaws-kaspersky-products
20. January 4,
SecurityWeek – (International) XSS flaws decline, DoS becomes more
common: Imperva. Imperva analyzed Web application vulnerability trends in
2016, and found that the total number of vulnerabilities discovered since 2015
has increased, while the number of issues impacting Web applications has declined
potentially due to a shift in research focus, and not due to Web applications
being more secure than before. Imperva found that more than 25 percent of flaws
observed were classified as high priority, and that the number of
denial-of-service (DoS) bugs has significantly increased, but the amount of
cross-site scripting (XSS) flaws has declined, among other findings. Source: http://www.securityweek.com/xss-flaws-decline-dos-becomes-more-common-imperva
Communications Sector
Nothing to report