Complete DHS Report for January 12, 2017
• Honda Motor Co. Ltd. issued a recall January 11 for 1.29 million of its model years 2005 – 2012 Acura and Honda vehicles in select makes to replace faulty Takata Corporation passenger-side airbags. – TheCarConnection.com
4. January 11, TheCarConnection.com – (National) Honda adds 772,000 Accord, Civic, CR-V, and other models to Takata airbag recall. Honda Motor Co. Ltd. issued a recall January 11 for 1.29 million of its model years 2005 – 2012 Acura and Honda vehicles sold in select makes in the U.S. to replace faulty Takata Corporation passenger-side airbags. The recall includes 518,000 vehicles that were previously involved in recalls for driver-side Takata Corporation airbags.
• The U.S. Federal Deposit Insurance Corporation (FDIC) filed a $542 million lawsuit against Bank of America Corp. January 9 for reportedly failing to pay the FDIC for deposit insurance protection. – Bloomberg News See item 6 below in the Financial Services Sector
• The former operator of Coin.mx pleaded guilty January 9 to violating Federal anti-money laundering laws and regulations by processing over $10 million in illegal Bitcoin transactions. – U.S. Attorney’s Office, Southern District of New York See item 7 below in the Financial Services Sector
• The Port Authority of New York and New Jersey agreed January 10 to pay a $400,000 penalty after it offered and sold $2.3 billion worth of bonds to roadway project investors without informing them of risks associated with certain projects. – U.S. Securities and Exchange Commission
11. January 10, U.S. Securities and Exchange Commission – (New York; New Jersey) SEC: Port Authority omitted risks to investors in roadway projects. The U.S. Securities and Exchange Commission announced January 10 that the Port Authority of New York and New Jersey agreed to pay a $400,000 penalty and admit wrongdoing after it offered and sold $2.3 billion worth of bonds to roadway project investors without informing the investors that certain projects listed in the offering documents were outside its mandate and potentially illegal to pursue.
Financial Services Sector
6. January 9, Bloomberg News – (National) Bank of America sued for $542 million over FDIC risk rule. The U.S. Federal Deposit Insurance Corporation (FDIC) filed a $542 million lawsuit against Bank of America Corp. January 9 for reportedly failing to pay the FDIC for deposit insurance protection from 2013 – 2014 after the bank ignored FDIC instructions and improperly calculated exposure faced by its parent-level firms, thereby causing the bank to understate how much it owed in insurance protection for its 20 largest counterparties. The FDIC claims the bank owes a total of more than $1 billion in underpayments made since 2011. Source: https://www.bloomberg.com/news/articles/2017-01-09/bank-of-america-sued-by-fdic-over-542-million-of-insurance
7. January 9, U.S. Attorney’s Office, Southern District of New York – (International) Operator of unlawful Bitcoin exchange pleads guilty in multimillion-dollar money laundering and fraud scheme. The former operator of Coin.mx, an Internet-based Bitcoin exchange, pleaded guilty January 9 to violating Federal anti-money laundering laws and regulations by processing over $10 million in illegal Bitcoin transactions from 2013 – July 2015 via a sham front company, Collectables Club that the operator and co-conspirators created in order to avoid detection. To further avoid scrutiny from financial institutions about the nature of Coin.mx’s business, the group gained control of New Jersey-based Helping Other People Excel Federal Credit Union in 2014 after making more than $150,000 in illegal bribes. Source: https://www.justice.gov/usao-sdny/pr/operator-unlawful-bitcoin-exchange-pleads-guilty-multimillion-dollar-money-laundering
Information Technology Sector
24. January 10, SecurityWeek – (International) Microsoft patches flaws in Windows, Office, Edge. Microsoft released a total of four security bulletins, including a critical bulletin that resolves a memory corruption flaw in Office that can be exploited by convincing a targeted user to open a maliciously crafted file or to visit a Website hosting a malicious file due to the way the software handles objects in memory. Microsoft also released bulletins patching a privilege escalation flaw in Edge, a denial-of-service (DoS) flaw, as well as vulnerabilities in Adobe Flash Player used in several versions of Windows.
25. January 10, SecurityWeek – (International) SAP patches multiple XSS and missing authorization vulnerabilities. SAP released its January 2017 security patches resolving a total of 23 flaws across its products, including a severe buffer overflaw bug that an attacker could leverage to inject malicious code into memory and cause a compromised application to execute it, enabling the attacker to take complete control of an application, cause a denial-of-service (DoS) condition, or execute arbitrary commands, among other malicious actions. The patches also addressed a critical Structured Query Language (SQL) injection flaw in SAP Business Intelligence Platform that could allow a malicious actor using specially crafted SQL queries to access and modify sensitive information from a database, remove the data, and execute administration operations, among other addressed flaws. Source: http://www.securityweek.com/sap-patches-multiple-xss-and-missing-authorization-vulnerabilities
26. January 10, SecurityWeek – (International) Adobe patches 42 flaws in Reader, Acrobat, Flash. Adobe released security updates addressing a total of 42 vulnerabilities in its products, including 29 issues affecting Acrobat and Reader versions 11 and 15 that could allow a malicious actor to take control of impacted system. The updates also resolve 13 critical security flaws in Flash Player, which can lead to arbitrary code execution or information disclosure.
27. January 10, SecurityWeek – (International) New Terror exploit kit emerges. Security researchers from Trustwave reported cybercriminals started leveraging a new exploit kit (EK), dubbed Terror which packs at least eight different operational exploits for Microsoft Internet Explorer, Adobe Flash Player, and Mozilla Firefox that are a combination of metasploit exploits and ones borrowed from the Hunter or Sundown EKs. The developer of Terror was observed leveraging the EK to deliver a cryptocurrency miner to the compromised device.
Nothing to report