Complete DHS Report for July 8, 2016
Daily Report
Top Stories
• A former executive at Park Hill Group pleaded guilty July 6 to
Federal charges after he bilked approximately $38.5 million from more than 10
individuals and entities in a Ponzi-like scheme where he convinced family and
friends to invest in a non-existent private equity firm from July 2015 – March
2016. – USA Today
5. July 6,
USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A
former executive at Park Hill Group pleaded guilty July 6 to Federal charges
after he bilked approximately $38.5 million from more than 10 individuals and
entities in a Ponzi-like scheme where he convinced family and friends to invest
in a non-existent private equity firm from July 2015 – March 2016 and used the money
for personal option trades, to repay money he had previously diverted from the
Park Hill Group, and for personal use, among other illicit purposes. Officials
stated the scheme attempted to bilk investors out of nearly $150 million. Source:
http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/
• Over 4,000 California firefighters worked July 6 to contain at
least 12 fires that have collectively burned more than 77,000 acres across the
State. – San Mateo Patch; California Department of Forestry and Fire Protection
17. July 6,
San Mateo Patch; California Department of Forestry and Fire Protection –
(California) California wildfire status: 4,000 firefighters assigned to 12+
fires. Over 4,000 California firefighters worked July 6 to contain at least
12 fires that have collectively burned more than 77,000 acres across the State.
Source: http://patch.com/california/sanmateo/california-wildfire-status-4-000-firefighters-assigned-12-fires
• General Communication Inc., agreed July 6 to pay $2.4 million to
the Federal Communications Commission after more than five 9-1-1 phone outages
limited more than 1,000 calls from reaching emergency services. – Alaska
Dispatch New See item 24 below in the Communications Sector
• The U.S. Consumer Product Safety Commission is recalling more
than 500,000 hoverboards sold from 8 manufacturers in China July 6 after the
lithium-ion batteries were reported overheating, catching fire, and causing
explosions. – ABC News
25. July 6,
ABC News – (International) CPSC recalling more than 500,000 hoverboards
because of fire hazards. The U.S. Consumer Product Safety Commission is
recalling more than 500,000 hoverboards sold from eight manufacturers in China
and made with lithium-ion battery packs July 6 after almost 100 incidences
revealed the battery packs overheated, caught fire, and exploded. The
hoverboards were primarily sold via online stores from June 2015 – May 2016. Source: http://abcnews.go.com/News/cpsc-recalling-500000-hoverboards-due-fire-hazards/story?id=40359491
Financial Services Sector
5. July 6,
USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A
former executive at Park Hill Group pleaded guilty July 6 to Federal charges
after he bilked approximately $38.5 million from more than 10 individuals and
entities in a Ponzi-like scheme where he convinced family and friends to invest
in a non-existent private equity firm from July 2015 – March 2016 and used the
money for personal option trades, to repay money he had previously diverted
from the Park Hill Group, and for personal use, among other illicit purposes.
Officials stated the scheme attempted to bilk investors out of nearly $150
million. Source: http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/
Information Technology Sector
19. July 7,
Softpedia – (International) Dangerous GNU wget vulnerability still not
patche din all Linux distros. Security researchers from Golunski and
SecuriTeam discovered a GNU wget vulnerability that could be exploited to allow
an attacker to upload arbitrary files and achieve code execution due to wget’s
improper handling of file names when redirecting users from an initial
Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) to a File
Transfer Protocol (FTP) link. Source: http://news.softpedia.com/news/dangerous-gnu-wget-vulnerability-still-not-patched-in-all-linux-distros-506076.shtml
20. July 7,
Help Net Security – (International) Google fixes 108 bugs in July Android
security update. Google released its July Android Security Bulletin that
patched 108 vulnerabilities in several of its products including seven critical
remote code execution (RCE) flaws affecting the Mediaserver component and
several elevation of privilege and information disclosure flaws in several of
its services, libraries, Bluetooth, and the Framework application program
interfaces (APIs).
21. July 7,
Softpedia – (International) Over 6,000 Redis database servers ready for
taking. Security researchers from Risk Based Security released a report
detailing that 6,338 Redis servers were compromised after performing a
non-intrusive scan using Shodan which revealed that the hacked servers featured
the “crackit” Secure Socket Shell (SSH) key and were attached to an email
address that was previously seen in other incidences. Researchers recommended
that Webmasters update their Redis database to the recent version and activate
“protected mode” feature. Source: http://news.softpedia.com/news/over-6-000-redis-database-servers-ready-for-the-taking-506056.shtml
22. July 6,
Softpedia – (International) Campaign of infected WordPress and Joomla
sites leads to CryptXXX ransomware. Security researchers from Sucuri
discovered that a new campaign dubbed Realstatistics was using outdated Content
Management Systems (CMSs), primarily WordPress and Joomla Web sites, to hack
Web sites using vulnerabilities in plugins rather than using core vulnerabilities
after discovering at least 2,000 Web sites were affected by the campaign. Source: http://news.softpedia.com/news/campaign-of-infected-wordpress-and-joomla-sites-leads-to-cryptxxx-ransomware-506054.shtml
23. July 6,
Softpedia – (International) Caja toolkit vulnerability exposed Google
Docs domain to XSS attacks. Google released patches for several cross-site
scripting (XSS) issues in its Caja toolkit used inside its Docs and Developers
series after a security researcher found the tool failed to sanitize various
types of XSS attacks, potentially allowing attackers to create malicious Google
Docs files containing Google Apps Script, that when loaded, could steal cookies
and execute malicious actions. Source: http://news.softpedia.com/news/caja-toolkit-vulnerabilities-exposed-google-docs-domains-to-xss-attacks-506052.shtml
Communications Sector
24. July 7,
Alaska Dispatch News – (Alaska) GCI to pay $2.4 million in FCC settlement over 911
outages. Alaska telecommunications provider General Communication Inc.
(GCI) agreed July 6 to a $2.4 million settlement with the Federal
Communications Commission regarding more than five 9-1-1 phone outages between
2008 and 2015 that limited more than 1,000 calls from reaching emergency
services. As part of the settlement, GCI has agreed to strengthen its procedures
for providing 9-1-1 service and to adapt robust compliance measures. Source: http://www.adn.com/alaska-news/2016/07/06/gci-to-pay-2-4-million-in-fcc-settlement-over-911-outages-4/
No comments:
Post a Comment