Thursday, October 29, 2015



Complete DHS Report for October 29, 2015

Daily Report                                            

Top Stories

 BMW announced a recall October 28 for 86,000 model year 2002 – 2005 Mini Cooper and Cooper S vehicles due to a power steering failure issue following 339 consumer complaints. – Associated Press

2. October 28, Associated Press – (National) Mini recalls 86,000 cars to fix power steering problems. BMW announced a recall October 28 for 86,000 model year 2002 – 2005 Mini Cooper and Cooper S vehicles due to a power steering failure issue following a Federal investigation into 339 consumer complaints including 5 crashes and 3 fires as a result of the failure. Source: http://www.detroitnews.com/story/business/autos/foreign/2015/10/28/mini-recall/74730982/

 New York officials reported October 27 that 4 suspects pleaded guilty and 11 others were charged for participating in a $31 million fraudulent debt collection scheme which misled victims into paying debt amounts greater than they owed. – Buffalo News See item 6 below in the Financial Services Sector

 The owner of 2 medical clinics in New York pleaded guilty October 26 to her role in a money laundering scheme that defrauded Medicaid and Medicare programs out of $55 million. – U.S. Department of Justice

16. October 26, U.S. Department of Justice – (New York) Owner of two New York medical clinics pleads guilty to role in $55 million health care fraud scheme. The U.S. Department of Justice announced October 26 that the owner of 2 medical clinics in New York pleaded guilty to her role in a money laundering scheme that defrauded Medicaid and Medicare programs of $55 million by offering patients kickbacks to allow medically unnecessary therapy, testing, and office visits that were never performed by licensed professional. The suspect admitted to diverting funds deposited into the clinics’ bank accounts by the Federal programs to herself, co-conspirators, and patients instead.  Source: http://www.justice.gov/opa/pr/owner-two-new-york-medical-clinics-pleads-guilty-role-55-million-health-care-fraud-scheme

 One person was killed and 20 students were transported to area hospitals following an October 27 accident where a school bus collided with another vehicle on U.S. Route 22 in Lehigh County, Pennsylvania. – Fox News; Allentown Morning Call

18. October 27, Fox News; Allentown Morning Call – (Pennsylvania) One person killed in Pennsylvania crash involving Lehigh University bus. One person was killed and 20 students were transported to area hospitals with minor injuries following an October 27 accident where a school bus transporting Lehigh University students collided with another vehicle on U.S. Route 22 in Lehigh County before flipping onto its roof. Source: http://www.foxnews.com/us/2015/10/27/13-reportedly-injured-in-pennsylvania-crash-involving-lehigh-university-bus/

Financial Services Sector

5. October 27, KSHB 41 Kansas City – (International) Johnson County man sentenced in credit card ID fraud case. A suspect in Johnson County was convicted by the Kansas Department of Corrections October 27 in connection to stealing over 500 credit card account numbers from Canadian citizens through skimming devices. The suspect re-coded the numbers on bank cards in the U.S.  Source: http://www.kshb.com/news/crime/johnson-county-man-sentenced-in-credit-card-id-fraud-case

6. October 27, Buffalo News – (National) Guilty pleas by 4, charges against 11 announced in federal fraud prosecution of Buffalo debt collectors. The U.S. attorney’s office in Manhattan reported October 27 that 4 suspects pleaded guilty and 11 others were charged for participating in a $31 million fraudulent debt collection scheme in which victims were misled and served threats including felony charges and driver’s license suspensions unless they paid debts in amounts greater than they owed.  Source: http://www.buffalonews.com/city-region/guilty-pleas-by-4-charges-against-11-announced-in-federal-fraud-prosecution-of-buffalo-debt-collectors-20151027

For another story, see item 23 below in the Information Technology Sector

Information Technology Sector

22. October 28, Softpedia – (International) Adobe patches critical vulnerability in Shockwave Player. Adobe released a patch resolving a memory corruption vulnerability in its Shockwave Player 12.2.0.162 for Windows and Mac user after researchers from Fortinet’s Fortiguard Labs discovered that the vulnerability allowed attackers to compromise remote computers and execute remote code, allowing full control of the operating system without the victim being aware.  Source: http://www.securityweek.com/adobe-patches-critical-vulnerability-shockwave-player

23. October 28, Softpedia – (International) Oracle EBS fixed against XSS, XXE, and SQL injection vulnerabilities. Oracle released patches for 154 fixes addressing vulnerabilities in several of its products including six found by ERPScan researchers in the Oracle E-Business Suite (Oracle EBS) including 3 XXE (XML External Entity) injection vulnerabilities, a user enumeration flaw, a cross-site scripting (XSS) problem, and a Structured Query Language (SQL) flaw that could potentially give attackers administrative rights over the Oracle EBS and its subsequent applications to access sensitive company data including financial, human resources, supply chain, and customer support departments. Source: http://news.softpedia.com/news/oracle-ebs-fixed-against-xss-xxe-and-sql-injection-vulnerabilities-495419.shtml

24. October 28, Securityweek – (International) Flaws in Rockwell PLCs expose operational networks. Rockwell Automation released firmware updates and mitigations addressing several vulnerabilities in its 1400 programmable logic controllers (PLCs) and its MicroLogix 1100 products including a buffer overflow bug that remotely crashes affected devices or executes arbitrary code, and a denial-of-service (DoS) bug dubbed “FrostyURL” that can be exploited to crash MicroLogix PLCs via a specially crafted uniform resource locator (URL) sent to victims through email, and a cross-site scripting (XSS) vulnerability that can be exploited to inject malicious JavaScript code in a device’s Web server, among others. Source: http://www.securityweek.com/flaws-rockwell-plcs-expose-operational-networks

Communications Sector

Nothing to report