Friday, July 8, 2016



Complete DHS Report for July 8, 2016

Daily Report                                            

Top Stories

• A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016. – USA Today

5. July 6, USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016 and used the money for personal option trades, to repay money he had previously diverted from the Park Hill Group, and for personal use, among other illicit purposes. Officials stated the scheme attempted to bilk investors out of nearly $150 million. Source: http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/

• Over 4,000 California firefighters worked July 6 to contain at least 12 fires that have collectively burned more than 77,000 acres across the State. – San Mateo Patch; California Department of Forestry and Fire Protection

17. July 6, San Mateo Patch; California Department of Forestry and Fire Protection – (California) California wildfire status: 4,000 firefighters assigned to 12+ fires. Over 4,000 California firefighters worked July 6 to contain at least 12 fires that have collectively burned more than 77,000 acres across the State. Source: http://patch.com/california/sanmateo/california-wildfire-status-4-000-firefighters-assigned-12-fires

• General Communication Inc., agreed July 6 to pay $2.4 million to the Federal Communications Commission after more than five 9-1-1 phone outages limited more than 1,000 calls from reaching emergency services. – Alaska Dispatch New See item 24 below in the Communications Sector

• The U.S. Consumer Product Safety Commission is recalling more than 500,000 hoverboards sold from 8 manufacturers in China July 6 after the lithium-ion batteries were reported overheating, catching fire, and causing explosions. – ABC News

25. July 6, ABC News – (International) CPSC recalling more than 500,000 hoverboards because of fire hazards. The U.S. Consumer Product Safety Commission is recalling more than 500,000 hoverboards sold from eight manufacturers in China and made with lithium-ion battery packs July 6 after almost 100 incidences revealed the battery packs overheated, caught fire, and exploded. The hoverboards were primarily sold via online stores from June 2015 – May 2016. Source: http://abcnews.go.com/News/cpsc-recalling-500000-hoverboards-due-fire-hazards/story?id=40359491

Financial Services Sector

5. July 6, USA Today – (National) Ex-Wall Streeter pleads guilty in fraud case. A former executive at Park Hill Group pleaded guilty July 6 to Federal charges after he bilked approximately $38.5 million from more than 10 individuals and entities in a Ponzi-like scheme where he convinced family and friends to invest in a non-existent private equity firm from July 2015 – March 2016 and used the money for personal option trades, to repay money he had previously diverted from the Park Hill Group, and for personal use, among other illicit purposes. Officials stated the scheme attempted to bilk investors out of nearly $150 million. Source: http://www.usatoday.com/story/money/2016/07/06/ex-wall-streeter-expected-plead-guilty-fraud-case/86747794/

Information Technology Sector

19. July 7, Softpedia – (International) Dangerous GNU wget vulnerability still not patche din all Linux distros. Security researchers from Golunski and SecuriTeam discovered a GNU wget vulnerability that could be exploited to allow an attacker to upload arbitrary files and achieve code execution due to wget’s improper handling of file names when redirecting users from an initial Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) to a File Transfer Protocol (FTP) link. Source: http://news.softpedia.com/news/dangerous-gnu-wget-vulnerability-still-not-patched-in-all-linux-distros-506076.shtml

20. July 7, Help Net Security – (International) Google fixes 108 bugs in July Android security update. Google released its July Android Security Bulletin that patched 108 vulnerabilities in several of its products including seven critical remote code execution (RCE) flaws affecting the Mediaserver component and several elevation of privilege and information disclosure flaws in several of its services, libraries, Bluetooth, and the Framework application program interfaces (APIs).

21. July 7, Softpedia – (International) Over 6,000 Redis database servers ready for taking. Security researchers from Risk Based Security released a report detailing that 6,338 Redis servers were compromised after performing a non-intrusive scan using Shodan which revealed that the hacked servers featured the “crackit” Secure Socket Shell (SSH) key and were attached to an email address that was previously seen in other incidences. Researchers recommended that Webmasters update their Redis database to the recent version and activate “protected mode” feature. Source: http://news.softpedia.com/news/over-6-000-redis-database-servers-ready-for-the-taking-506056.shtml

22. July 6, Softpedia – (International) Campaign of infected WordPress and Joomla sites leads to CryptXXX ransomware. Security researchers from Sucuri discovered that a new campaign dubbed Realstatistics was using outdated Content Management Systems (CMSs), primarily WordPress and Joomla Web sites, to hack Web sites using vulnerabilities in plugins rather than using core vulnerabilities after discovering at least 2,000 Web sites were affected by the campaign. Source: http://news.softpedia.com/news/campaign-of-infected-wordpress-and-joomla-sites-leads-to-cryptxxx-ransomware-506054.shtml

23. July 6, Softpedia – (International) Caja toolkit vulnerability exposed Google Docs domain to XSS attacks. Google released patches for several cross-site scripting (XSS) issues in its Caja toolkit used inside its Docs and Developers series after a security researcher found the tool failed to sanitize various types of XSS attacks, potentially allowing attackers to create malicious Google Docs files containing Google Apps Script, that when loaded, could steal cookies and execute malicious actions. Source: http://news.softpedia.com/news/caja-toolkit-vulnerabilities-exposed-google-docs-domains-to-xss-attacks-506052.shtml

Communications Sector

24. July 7, Alaska Dispatch News – (Alaska) GCI to pay $2.4 million in FCC settlement over 911 outages. Alaska telecommunications provider General Communication Inc. (GCI) agreed July 6 to a $2.4 million settlement with the Federal Communications Commission regarding more than five 9-1-1 phone outages between 2008 and 2015 that limited more than 1,000 calls from reaching emergency services. As part of the settlement, GCI has agreed to strengthen its procedures for providing 9-1-1 service and to adapt robust compliance measures. Source: http://www.adn.com/alaska-news/2016/07/06/gci-to-pay-2-4-million-in-fcc-settlement-over-911-outages-4/

No comments: