Complete DHS Report for May 19, 2016
Daily Report
Top Stories
• General Motors issued a
recall May 17 for 317,572 of its Chevrolet Sonic, Trax, and Spark vehicles
equipped with a Bring Your Own Media (BYOM) radio due to a software glitch. – TheCarConnection.com
4. May 17,
TheCarConnection.com – (National) 2013 – 2016 Chevrolet Sonic, Trax, 2013 – 2015
Chevrolet Spark recalled for software glitch. General Motors issued a
recall May 17 for 317,572 of its model years 2013 – 2016 Chevrolet Sonic and
Trax vehicles, and its model years 2013 – 2015 Chevrolet Spark vehicles
equipped with a Bring Your Own Media (BYOM) radio sold in the U.S. due to a
software glitch that prevents the radio from providing an audible warning when
the driver waits 10 or more minutes to exit the vehicle after turning off the
ignition and leaving the key in the cylinder, which can cause the driver to
forget the key in the ignition, thereby making the vehicles more susceptible to
theft. Source: http://www.thecarconnection.com/news/1103991_2013-2016-chevrolet-sonic-trax-2013-2015-chevrolet-spark-recalled-for-software-glitch
• A Minnesota man pleaded
guilty May 17 to running a $250 million Ponzi scheme across 7 States where he
used his business, Minnesota Print Services Inc., to defraud investors by
promising stakeholders discounts with major printing corporations if they paid
him in cash. – Southern California City News Service See item 6 below in
the Financial Services Sector
• Metro-North service resumed on an abbreviated schedule May 18
following a May 17 fire that began beneath elevated tracks near Manhattan’s
East Harlem station, which halted service and left thousands of commuters
stranded. – Associated Press
10. May 18,
Associated Press – (New York) After fire, NYC rail passengers endure overcrowded
commutes. Metro-North service resumed on an abbreviated schedule May 18
following a May 17 fire that began at a garden center underneath tracks near
Manhattan’s East Harlem station, which halted service and left thousands of
commuters stranded. More than 150 firefighters responded to the blaze that
damaged a column located beneath elevated tracks and involved construction
debris.
• A senior
security researcher at enSilo reported that the malware, Furtim was seen
evading antivirus detection due to the malware’s ability to search an infected
machine for registry entries or service executable names of 400 security
products. – SecurityWeek See item 21 below from
the Information Technology Sector
Financial Services Sector
5. May 17,
WNCT 9 Greenville – (North Carolina) Fraud alert: Card skimmers discovered at 4
Greenville First Citizens Bank ATM locations. Authorities are searching May
17 for the persons responsible for installing card skimmers at four different
First Citizen Bank ATM locations in Greenville, North Carolina, after a bank
employee discovered one of the malicious card readers during an ATM inspection.
Police and First Citizen Bank staff were monitoring account activity for
suspicious transactions. Source: http://wnct.com/2016/05/17/fraud-alert-card-skimmers-discovered-at-4-greenville-first-citizens-bank-atm-locations/
6. May 17,
Southern California City News Service – (National) Guilty plea in
multi-million-dollar Ponzi scheme. A Minnesota resident pleaded guilty May
17 to running a $250 million Ponzi scheme where the man used his business,
Minnesota Print Services Inc., to defraud investors by claiming he had printing
contracts with major corporations and needed cash upfront to receive discounts
on purchasing paper, causing investors in 7 States up to $54 million in losses.
Officials stated the man used the investors’ funds for personal expenses. Source:
http://www.nbclosangeles.com/news/local/Guilty-Plea-in-Multi-Million-Dollar-Ponzi-Scheme-379846151.html
7. May 17,
WJW 8 Cleveland – (Ohio) ‘BDL’ bandit robs Warrensville Heights bank. FBI
authorities are searching for a man dubbed the “BDL Bandit” who is suspected of
robbing five banks including the First Merit Bank in Warrensville Heights,
Ohio, May 17. Authorities stated the suspect is considered armed and dangerous.
Source: http://fox8.com/2016/05/17/bdl-bandit-robs-warrensville-heights-bank/
8. May 16,
KMSP 9 Minneapolis – (International) Minnesota woman pleads guilty to faking
husband’s death for insurance money. A Minnesota woman pleaded guilty May
16 to defrauding Mutual of Omaha Insurance Company out of more than $2 million
in life insurance proceeds by falsely claiming her ex-husband’s death after she
identified the remains of a body in Moldova as her former husband. Officials
stated the woman recruited a third party to open a U.S. bank account and
transfered $1.5 million of the insurance proceeds to her son’s account, which
was then transferred to bank accounts in Switzerland and Moldova from March
2012 – January 2015. Source: http://www.fox9.com/news/142050073-story
Information Technology Sector
20. May 18, SC
Magazine – (International) Cisco patch blocks DoS vulnerability. Cisco
released patches for its Adaptive Security Appliance (ASA) software after
security researchers found attackers could alter a memory block, allowing the
system to cease transferring traffic and cause a denial-of-service (DoS)
situation. The flaw was reportedly linked to an issue in the installation of
Internet Control Message Protocol (ICMP) error handling for Internet Protocol
Security (IPSec) packets. Source: http://www.scmagazine.com/cisco-patch-blocks-dos-vulnerability/article/497148/
21. May 18,
SecurityWeek – (International) Windows malware tries to avoid 400 security
products. A senior security researcher at enSilo reported that the malware,
Furtim was seen avoiding security detection as the malware has the ability to
search the infected machine for registry entries or service executable names of
400 security products, including rare security products, virtualization
environments, and sandboxing products. Once the malware detects a security
product, the malware terminates itself and leaves the computer unharmed,
avoiding any type of detection.
22. May 17,
Softpedia – (International) Researcher wins $5,000 for finding XSS bug on
Google in most peculiar manner. A security researcher from ERNW found a
“sleeping stored” cross-site scripting (XSS) vulnerability in Google’s Cloud
Console product which could allow an attacker to create a project with a
payload in its name and leave it on the dashboard, tricking an administrator
into deleting the unknown project and triggering the exploit. Google was made
aware of the exploit. Source: http://news.softpedia.com/news/researcher-wins-5-000-for-finding-xss-bug-on-google-in-most-peculiar-manner-504174.shtml
Communications Sector
Nothing to report