Complete DHS Report for September 20, 2016
Daily Report
Top Stories
• A co-founder of Cavalier Union Investments, LLC and Black Bull
Wealth Management, LLC, pleaded guilty September 16 to Federal charges after he
and a co-conspirator caused more than 50 investors to lose over $9 million from
2009 – 2016. – U.S. Attorney’s Office, Eastern District of Virginia See item 5 below in
the Financial Services Sector
• An accountant and founder of Westtree Financial pleaded guilty
September 15 after he embezzled over $3 million from Houston-based Airis
International Holdings from 2005 – 2012. – U.S. Attorney’s Office, Southern
District of Texas
16. September
15, U.S. Attorney’s Office, Southern District of Texas – (Florida;
Georgia; Texas) Accountant convicted of embezzling more than $3 million from
Houston company. An accountant and founder of Westtree Financial pleaded
guilty September 15 to Federal charges after he embezzled over $3 million from
Houston-based Airis International Holdings from 2005 – 2012 while providing
accounting services to the company and holding signature authority on the
company’s bank accounts. The charges allege that the accountant used the
embezzled funds for personal expenses in Florida and Georgia. Source: https://www.justice.gov/usao-sdtx/pr/accountant-convicted-embezzling-more-3-million-houston-company
• Mosaic Company officials reported September 16 that a 45-foot
sinkhole discovered at its New Wales facility in Mulberry, Florida, August 27
leaked 215 million gallons of radioactive water into a nearby aquifer. – Reuters
18. September
17, Reuters – (Florida) Florida sinkhole at Mosaic fertilizer site leaks
radioactive water. Mosaic Company officials reported September 16 that a
45-foot sinkhole discovered at its New Wales facility in Mulberry, Florida,
August 27 leaked 215 million gallons of radioactive water into a nearby aquifer
after the liner system at the base of a phosphogypsum stack was damaged.
Officials were monitoring and sampling groundwater and stated no offsite impact
has been detected.
• A levee
breach at the sewage treatment plant in Brookhaven, Mississippi, caused about 6
million gallons of storm water-diluted sewage to be released into the East
Branch of the Bogue Chitto River September 16. – New Orleans Times-Picayune
33. September
17, New Orleans Times-Picayune – (Mississippi; Louisiana) Warning
issued for Bogue Chitto River after sewage release in Mississippi. A levee
breach at the sewage treatment plant in Brookhaven, Mississippi, caused
approximately 6 million gallons of storm water-diluted sewage to be released
into the East Branch of the Bogue Chitto River September 16, prompting the Louisiana
Department of Health and the Louisiana Department of Environmental Quality to
issue a water contact advisory for the entire length of the river in Louisiana.
Financial Services Sector
4. September
19, U.S. Attorney’s Office, District of Massachusetts –
(International) Former Massachusetts man pleads guilty to multi-million
ponzi scheme. A former Massachusetts resident pleaded guilty September 16
to Federal charges in connection with running a $10 million Ponzi scheme after he
convinced more than 20 investors their funds would be used to finance Jamaican
businesses through bridge loans while using the funds to repay investment
principal to previous investors from 2008 – 2015. Source: https://www.justice.gov/usao-ma/pr/former-massachusetts-man-pleads-guilty-multi-million-dollar-ponzi-scheme
5. September
16, U.S. Attorney’s Office, Eastern District of Virginia –
(Virginia) Former owner of investment firms pleads guilty to $9 million
fraud. A co-founder of Cavalier Union Investments, LLC and Black Bull
Wealth Management, LLC, pleaded guilty September 16 to Federal charges after he
and a co-conspirator allegedly caused more than 50 investors to lose over $9
million from 2009 – 2016 by soliciting individuals to invest money in private
investment funds that the duo controlled, in addition to specific investment
opportunities that they proposed. The charges allege that the pair used the
money for personal expenses. Source: https://www.justice.gov/usao-edva/pr/former-owner-investment-firms-pleads-guilty-9-million-fraud
For another story, see item 27 below in the Information Technology Sector
Information Technology Sector
26. September
19, SecurityWeek – (International) Cisco finds new zero-day linked to “Shadow
Brokers” exploit. Cisco researchers discovered another zero-day
vulnerability leaked by Shadow Brokers in August, which affects the Internet
Key Exchange (IKE) v1 packet processing code in Cisco IOS XR versions 4.3.x,
5.0.x, 5.1.x, and 5.2.x and could allow a remote, unauthenticated attacker to
retrieve memory contents potentially containing sensitive information by
sending a specially crafted IKEv1 packet to an affected device that is
configured to accept IKEv1 security negotiation requests. Cisco was working to
release a patch for the vulnerability and stated no workaround is available.
27. September
17, Softpedia – (International) H1N1 malware adds support for infostealing
features, UAC bypass. Cisco, Proofpoint, and independent security
researchers reported recent H1N1 malware versions include a User Access Control
(UAC) bypass that can be exploited via unique code obfuscation and a
dynamic-link library (DLL) hijacking technique, a self-propagation feature that
enables the malware to spread itself to other computers on the same network,
and the ability to collect information from infected systems and send it to a
central command and control (C&C) server, thereby allowing an attacker to
collect and steal information from organizations in the energy, communications,
financial, and government sectors, including email login data from Microsoft
Outlook and Mozilla Firefox profile login data, among other data. Source: http://news.softpedia.com/news/h1n1-malware-adds-support-for-infostealing-features-uac-bypass-508408.shtml
28. September
16, SecurityWeek – (International) Serious flaws found in Cisco WebEx Meetings
Server. Cisco released software updates to resolve vulnerabilities in its
WebEx Meetings Server version 2.6 including a critical flaw caused by
insufficient sanitization of user-supplied data that can be remotely exploited
to execute arbitrary commands with elevated privileges, and a high-severity
issue that could allow an unauthenticated attacker to carry out
denial-of-service (DoS) attacks by repeatedly attempting to access a specific
service. Source: http://www.securityweek.com/serious-flaws-found-cisco-webex-meetings-server
Communications Sector
29. September
16, SecurityWeek – (International) Flaw allows hackers to alter “Signal”
attachments. Security researchers discovered the Android version of the
secure messaging application Signal is plagued with several flaws, including
one related to the message authentication code (MAC) used to verify attachments
that can be exploited by a man-in-the-middle (MitM) attacker with access to any
certificate trusted by Android to deliver an altered attachment to a targeted
device. The researchers also discovered a flaw related to how the app’s
CallAudioManager class handles Real-time Transfer Protocol (RTP) packets that
could allow a remote attacker to crash the app. Source: http://www.securityweek.com/flaw-allows-hackers-alter-signal-attachments
For another story, see item 27 above in the Information Technology Sector
No comments:
Post a Comment