Tuesday, December 22, 2015



Complete DHS Report for December 22, 2015

Daily Report                                            

Top Stories

• J.P. Morgan Securities LLC and JPMorgan Chase Bank N.A. agreed to pay $267 million December 18 to settle charges that they failed to disclose numerous conflicts of interest to investors. – U.S. Securities and Exchange Commission See item 5 below in the Financial Services Sector

• The owners and employees of G&G Translation Services in California were charged December 17 for allegedly billing $24.6 million worth of fraudulent workers’ compensation claims. – KABC 7 Los Angeles See item 6 below in the Financial Services Sector

• The U.S. Congress passed the Cybersecurity Act December 18 which aims to fight cyber threats and effectively identify and prevent cyber-attacks. – Agence France-Presse See item 22 below in the Information Technology Sector

• Police reported that 1 person was killed and more than 30 others were injured December 20 after a woman drove onto the sidewalk in front of two resorts on the Las Vegas Strip and struck pedestrians. – Associated Press

24. December 21, Associated Press – (Nevada) 1 dead, at least 30 injured in Las Vegas Strip hit-and-run crash, police say. Las Vegas police reported that 1 person was killed and more than 30 others were injured December 20 after a woman drove onto the sidewalk in front of the Paris Hotel & Casino and Planet Hollywood Las Vegas Resort & Casino and struck pedestrians. The driver was arrested and police reported the incident was not an act of terrorism. Source: http://www.abc15.com/news/national/several-people-struck-by-car-on-las-vegas-strip-police-say

Financial Services Sector

3. December 20, Chicago Sun-Times – (Chicago) Police: Man caught in Loop with 100 fake debit cards, $44K in cash. Chicago Police arrested and charged a man December 19 after he was found in the Loop neighborhood with more than 100 fraudulent debit/credit cards, stolen personal identification numbers (PINs), and $44,000 in cash. Source: http://chicago.suntimes.com/news/7/71/1195403/police-man-caught-loop-100-fake-debit-cards-44k-cash

4. December 18, U.S. Securities and Exchange Commission – (National) Convicted fraudster using aliases charged again for defrauding investors. The U.S. Securities and Exchange Commission (SEC) and the U.S. Attorney’s Office for the Southern District of New York issued parallel charges against a man December 18 for stock and investment fraud after he allegedly defrauded at least 50 inexperienced investors by disguising himself under three aliases to sell at least $11 million in VGTel stock. The suspect also falsely informed investors that the funds were used for company operations, but used the funds for personal use. Source: http://www.sec.gov/news/pressrelease/2015-285.html

5. December 18, U.S. Securities and Exchange Commission – (National) J.P Morgan to pay $267 million for disclosure failures. The U.S. Securities and Exchange Commission announced December 18 that J.P. Morgan Securities LLC and JPMorgan Chase Bank N.A. agreed to pay $267 million to settle charges that they failed to disclose numerous conflicts of interest involving a preference for their clients to invest in the firm-managed mutual funds and hedge funds, which kept clients from making fully informed investment decisions. Source: http://www.sec.gov/news/pressrelease/2015-283.html

6. December 17, KABC 7 Los Angeles – (California) North Hollywood home raided in $24 million workers’ compensation fraud case, officials say. Authorities arrested and charged the owners and employees of G&G Translation Services in North Hollywood December 17 for allegedly billing $24.6 million in fraudulent workers’ compensation cases. The individuals reportedly submitted false claims from 2008 – 2012 for translation services that never occurred after obtaining patient lists from medical offices. Source: http://abc7.com/news/noho-home-raided-in-$24m-workers-comp-fraud-case/1127408/

Information Technology Sector

21. December 21, SecurityWeek – (International) High severity flaw found in Schneider PLC products. Schneider Electric will release a second round of firmware updates for its Modicon M340 programmable logic controller (PLC) product line following the discovery of a buffer overflow vulnerability that can be used to remotely execute arbitrary code in the device’s memory and cause the affected devices to crash when an attacker inputs a 90-100 character password. The devices are used in sectors such as Energy, Defense Industrial Base, Nuclear, Transportation, Government Facilities, and Water and Wastewater. Source: http://www.securityweek.com/high-severity-flaw-found-schneider-plc-products

22. December 18, Agence France-Presse – (National) Congress passes long-stalled Cybersecurity Bill. The U.S. Congress passed the Cybersecurity Act December 18 which aims to fight cyber threats and effectively identify and prevent cyber-attacks, after the legislation was embedded into the “omnibus” funding bill that funds the Federal government through September 2016. The legislation would establish DHS as a “portal” for cyber threat information and help authorize defensive actions to counter a cybersecurity threat. Source: http://www.securityweek.com/congress-passes-long-stalled-cybersecurity-bill

23. December 18, SecurityWeek – (International) Several vulnerabilities found in eWON industrial routers. eWON, a company that specializes in virtual private network (VPN) routers and remote connectivity solutions, released firmware versions 10.1s0 for its industrial routers after an independent researcher discovered several vulnerabilities in the firmware including a user rights management issue that can be exploited by an authenticated hacker using a forged Uniform Resource Identifier (URL); a password visibility vulnerability that allows a man-in-the-middle (MitM) attacker to intercept information; a cross-site request forgery (CSRF) vulnerability that can be exploited to perform actions on a victim’s behalf; and a cross-site scripting (XSS) vulnerability found in the web application’s configuration fields, among other flaws. Source: http://www.securityweek.com/several-vulnerabilities-found-ewon-industrial-routers

Communications Sector

See item 23 above in the Information Technology Sector