Tuesday, January 17, 2017



Complete DHS Report for January 17, 2017

Daily Report

Top Stories

Investment Technology Group, Inc. (ITG) agreed January 12 to pay over $24.4 million to settle charges that it violated Federal securities laws from 2011 – 2014. – U.S. Securities and Exchange Commission See item 2 below in the Financial Services Sector

The Siskiyou County Community Development Department in California was notified January 11 that an estimated 1.3 million gallons of untreated sewage escaped into Cold Creek due to a break in a main sewer line. – KRCR 7 Redding/Chico

11. January 12, KRCR 7 Redding/Chico – (California) Cold Creek sewage spill update. The Siskiyou County Community Development Department in California was notified January 11 that an estimated 1.3 million gallons of untreated sewage escaped into Cold Creek due to a break in a main sewer line. Work crews are installing a bypass pump system to prevent any subsequent wastewater loss and expect the repair to take up to 2 weeks. Source: http://www.krcrtv.com/news/local/siskiyou/cole-creek-sewage-spill-update/265681638 

Zimmer Biomet agreed January 12 to pay more than $30 million to resolve Federal investigations into the company’s alleged Foreign Corrupt Practices Act (FCPA) violations. – U.S. Securities and Exchange Commission

15. January 12, U.S. Securities and Exchange Commission – (International) Biomet charged with repeating FCPA violations. The U.S. Securities and Exchange Commission (SEC) announced January 12 that Warsaw, Indiana-based Zimmer Biomet agreed to pay more than $30 million to resolve parallel SEC and U.S. Department of Justice investigations into the company’s alleged Foreign Corrupt Practices Act (FCPA) violations after Biomet continued to interact and improperly record transactions with a prohibited distributer in Brazil, and used a third-party customs broker to pay bribes to Mexican customs officials to enable the smuggling of unregistered dental products. Source: https://www.sec.gov/news/pressrelease/2017-8.html 

The U.S. Government agreed January 12 to provide $2.2 billion in disability benefits to as many as 900,000 U.S. Marine Corps service members who were potentially exposed to contaminated drinking water between August 1953 and December 1987. – Associated Press 

22. January 12, Associated Press – (National) US agrees to pay billions to Marines affected by toxic water. The U.S. Government agreed January 12 to provide $2.2 billion in disability benefits to as many as 900,000 U.S. Marine Corps service members who were potentially exposed to contaminated drinking water while stationed at Camp Lejeune in North Carolina for at least 30 cumulative days between August 1953 and December 1987. The payouts are scheduled to begin in March 2017 and veterans are required to submit evidence of their diagnoses and service information in order to receive the benefits. Source: http://abcnews.go.com/Politics/wireStory/us-agrees-pay-billions-marines-affected-toxic-water-44743897
  
Financial Services Sector

2. January 12, U.S. Securities and Exchange Commission – (National) ITG paying $24 million for improper handling of ADRs. The U.S. Securities and Exchange Commission announced January 12 that Investment Technology Group, Inc. (ITG) agreed to pay over $24.4 million to settle charges that it violated Federal securities laws from 2011 – 2014 by facilitating pre-releases of American Depository Receipts (ADRs) to its counterparties without owning the foreign shares or taking the necessary steps to ensure they were protected by the counterparty on whose behalf they were being acquired. Many of the ADRs obtained by ITG through pre-releases were ultimately used to engage in short selling and dividend arbitrage although that they may not have been backed by foreign shares, leaving them exposed to market abuse. Source: https://www.sec.gov/news/pressrelease/2017-6.html 

3. January 12, SecurityWeek – (International) New Ploutus ATM malware variant at large. Security researchers from FireEye reported that a new variant of the Ploutus ATM malware targeting machines from Diebold, dubbed Ploutus-D is capable of significantly expanding its list of targets with minor code changes, as it is capable of interacting with KAL’s Kalignite multivendor ATM platform which runs on 40 different ATM vendors in 80 countries. The new variant requires an attacker or money mule to open the top portion of the ATM, connect a keyboard to the machine, and use an activation code that is provided by the actor in charge of the operation in order to dispense the money from the machine. Source: http://www.securityweek.com/new-ploutus-atm-malware-variant-large

Information Technology Sector

26. January 12, SecurityWeek – (International) GoDaddy revokes nearly 9,000 SSL certificates. GoDaddy revoked nearly 9,000 Secure Sockets Layer (SSL) certificates after discovering that a software bug, which was introduced in July 2016 as part of a routine code change intended to improve the certificate issuance process, can cause the domain validation process to be unreliable. GoDaddy provides the customer a random code and directs the customer to place it in a specific location on their Website in order to validate the domain name for a certificate, however the systems were observed validating domains even if the code was not found. Source: http://www.securityweek.com/godaddy-revokes-nearly-9000-ssl-certificates

Communications Sector

Nothing to report