Complete DHS Report for June 29, 2016
Daily Report
Top Stories
• The U.S. Securities and Exchange Commission announced June 27
that beginning in 2018 oil, gas, and mining companies must disclose all
payments made to foreign governments. – Reuters
3. June 27,
Reuters – (International) SEC adopts rule on oil, mining payments to
foreign governments. The U.S. Securities and Exchange Commission announced
that it approved a rule June 27 requiring oil, gas, and mining companies to
disclose payments made to foreign governments beginning in 2018. The rule
requires companies to publicly release how much they pay governments in taxes,
royalties, and other types of fees for exploration, extraction, and other
activities.
• Volkswagen AG agreed June 28 to pay $14.7 billion to the State
of California and the U.S. Federal Trade Commission to settle allegations that
the company cheated emissions tests and deceived nearly 500,000 customers by
installing illegal software in select model years 2009 – 2015 Volkswagen and
Audi vehicles. – U.S. Department of Justice
6. June 28,
U.S. Department of Justice – (National) Volkswagen to spend up to $14.7
billion to settle allegations of cheating emissions tests and deceiving
customers on 2.0 liter diesel vehicles. In parallel settlements with the
U.S. and the State of California, and the U.S. Federal Trade Commission, Volkswagen
AG and related entities agreed June 28 to pay up to $14.7 billion to settle
allegations that the company cheated emissions tests and deceived nearly
500,000 customers by installing illegal software in select makes of its model
years 2009 – 2015 Volkswagen and Audi vehicles equipped with turbocharged
direct injection (TDI) 2.0-liter diesel engines that detects when the car is
being tested for compliance with Federal or California State emissions
standards, and turns on full emissions controls only during the testing
process. As part of the settlement, Volkswagen will spend $10.03 billion to
compensate consumers and an additional $4.7 billion to mitigate the pollution
from the vehicles and invest in green vehicle technology. Source: https://www.justice.gov/opa/pr/volkswagen-spend-147-billion-settle-allegations-cheating-emissions-tests-and-deceiving
• Two Michigan men were arrested in Canton, Ohio, June 24 for
allegedly using stolen credit card information to clone a credit card and
purchase 501 gift cards and pre-paid debit cards. – Canton Repository See
item 10 below in
the Financial Services Sector
• More than 5,000 firefighters worked June 27 to contain 9
wildfires in California that collectively burned nearly 70,000 acres and
damaged hundreds of structures. – Los Angeles Times
16. June 27,
Los Angeles Times – (California) Nine California wildfires destroy almost 70,000
acres. More than 5,000 firefighters worked June 27 to contain 9 wildfires
in California, which have collectively burned nearly 70,000 acres and damaged
hundreds of structures, including the 45,388-acre Erskine Fire burning in Kern
County which has destroyed 250 structures and caused 2 deaths. Source: http://www.latimes.com/local/lanow/la-me-ln-wildfire-update-20160627-snap-story.html
Financial Services Sector
9. June 27,
U.S. Department of Justice – (California) Former attorney pleads guilty
to participating in fraudulent mortgage modification scheme. A former
Irvine, California-based attorney pleaded guilty June 27 to Federal charges for
his role in a multi-million dollar fraudulent mortgage modification scheme
where he and co-conspirators allegedly convinced homeowners facing foreclosure
to pay up to $5,500 for services from the Rodis Law Group (RLG) by falsely
claiming that RLG consisted of a team of attorneys experienced in negotiating
loan modifications from the homeowners’ mortgage lenders, and by purporting
that RLG was consistently successful in obtaining lower interest rates for
homeowners, among other misrepresentations between October 2008 and June 2009. Source:
http://www.ocregister.com/articles/rodis-720743-mortgage-fraud.html
10. June 27,
Canton Repository – (Ohio) Michigan men suspected in Canton credit card fraud. Two
Michigan men were arrested at a Walmart store in Canton, Ohio, June 24 for
allegedly using stolen credit card information to clone a credit card and
purchase 501 gift cards and pre-paid debit cards. Authorities stated the cards
were worth over $50,000. Source: http://www.cantonrep.com/news/20160627/michigan-men-suspected-in-canton-credit-card-fraud
For another story, see item 3 above in Top Stories
Information Technology Sector
19. June 28,
Softpedia – (International) Microsoft Office 365 corporate users hit by
Cerber ransomware attack. Avanan researchers reported that about 57 percent
of all companies using Microsoft Office 365 received at least 1 copy of the
Cerber ransomware in their inboxes in a June 22 attack that lasted 5 hours
before Microsoft blocked the malicious file attachments. Source: http://news.softpedia.com/news/microsoft-office-365-corporate-users-hit-by-cerber-ransomware-attack-505726.shtml
20. June 27,
SecurityWeek – (International) MIRCOP ransomware claims to be victim,
demands payback. Trend Micro researchers reported that the MIRCOP
ransomware abuses Microsoft PowerShell to download and execute the malicious
payload, and sends the user a ransom note claiming that the victim stole 48.48
Bitcoins, suggesting that the victim knows how to return the money. MIRCOP
prepends files with the string “Lock” and can steal credentials from various
applications including Mozilla Firefox, Google Chrome, Opera, FileZilla, and Skype. Source: http://www.securityweek.com/mircop-ransomware-claims-be-victim-demands-payback
For additional stories, see
items 7 and 8 below from the Critical Manufacturing Sector
7. June 28,
Help Net Security – (International) 25,000-strong CCTV botnet used for crippling
DDoS attacks. Sucuri researchers discovered that a closed circuit
television (CCTV) botnet comprised of 25,000 cameras worldwide was carrying out
distributed denial-of-service (DDoS) attacks against a jewelry store Web site
and found that the compromised cameras were able to emulate normal behavior of
popular browsers in order to make the botnet more difficult to identify and
block. Researchers reported that the attackers could have hacked the devices
via a recently disclosed remote code execution (RCE) vulnerability in
CCTV-Digital Video Recorders (DVRs).
8. June 28,
The Register – (International) Riverbed’s NetProfiler, NetExpress virty
appliances patched. Riverbed released an update for two of its virtual
security appliances, the SteelCentral NetProfiler and NetExpress, patching a
Structured Query Language (SQL) injection, command injection, privilege
escalation, local file intrusion, cross-site scripting (XSS), account hijacks,
and hard-coded credential vulnerabilities, which could be linked together to
obtain unauthenticated remote code execution (RCE) as the root user. Source: http://www.theregister.co.uk/2016/06/28/riverbeds_netprofiler_netexpress_virty_appliances_patched/
Communications Sector
Nothing to report
No comments:
Post a Comment