Monday, June 6, 2016



Complete DHS Report for June 6, 2016

Daily Report                                            

Top Stories

• The U.S. Securities and Exchange Commission announced June 2 charges against a North Carolina-based investment advisor for allegedly defrauding at least 85 investors out of approximately $11.5 million. – U.S. Securities and Exchange Commission See item 3 below in the Financial Services Sector

• The U.S. Securities and Exchange Commission announced June 2 charges against a New York City-based trader for allegedly defrauding over 30 investors out of $14 million since 2012. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• The U.S. Army announced that at least five soldiers were killed and three soldiers were injured June 2, after their Light Medium Tactical Vehicle got stuck and overturned in Owl Creek at Fort Hood in Texas during a training exercise. – USA Today; KVUE 24 Austin

16. June 3, USA Today; KVUE 24 Austin – (Texas) 5 Fort Hood soldiers dead, 4 missing after Army truck overturns in flooding. The U.S. Army announced that at least five soldiers were killed, three soldiers were injured, and four other soldiers remained unaccounted for June 2 after their Light Medium Tactical Vehicle got stuck and overturned in Owl Creek at Fort Hood in Texas during a training exercise. Source: http://www.usatoday.com/story/news/2016/06/02/3-fort-hood-soldiers-dead-6-missing-after-army-truck-overturns-flooding/85317150/

• Officials reported June 2 that two men pleaded guilty in New Jersey for their involvement in a hacking and spamming scheme that generated more than $2 million in illegal profits after the duo stole the personal information of 60 million people. – Reuters See item 22 below in the Information Technology Sector

Financial Services Sector

3. June 2, U.S. Securities and Exchange Commission – (North Carolina) SEC: Adviser steered investor money to his own companies. The U.S. Securities and Exchange Commission announced June 2 charges against a North Carolina-based investment advisor for allegedly defrauding at least 85 investors out of approximately $11.5 million after he sold interests in two unregistered pooled investment vehicles, DCG Commercial Fund I LLC and DCG Real Estate Assets LLC, siphoned the investment funds into deals with companies he owned and operated, and improperly received over $1.5 million from the investor funds’ bank accounts in management fees. Officials stated that the adviser continued the scheme by making false or misleading statements to investors regarding their investments, and failed to inform investors of their losses as his companies failed to pay the loans in full, among other illicit actions. Source: https://www.sec.gov/news/pressrelease/2016-104.html

4. June 2, U.S. Securities and Exchange Commission – (New York) SEC: forex trader misrepresented track record and hid massive losses. The U.S. Securities and Exchange Commission announced June 2 charges against a New York City-based trader for allegedly defrauding over 30 investors out of $14 million since 2012 by misrepresenting her investment track record, the profitability of her investments, and her use of investor funds after she purported to have profitable foreign currency (forex) trading strategies and sent investors fraudulent account statements showing fictitious profits. New York officials filed parallel criminal charges June 2 against the trader for the scheme which caused over $16 million in losses. Source: https://www.sec.gov/news/pressrelease/2016-106.html

For additional stories, see items 21 and 22 below in the Information Technology Sector

Information Technology Sector

19. June 3, Softpedia – (International) One in ten NFS servers worldwide is misconfigured, exposes sensitive files. Fortinet researchers found that tens of thousands of inattentive system administrators are using older versions of the Network File System (NFS) protocol, such as insecure NFSv3, which can expose private or sensitive files to the Internet including server logs, server backups, the source code of various Web sites, and server image files. Researchers recommended companies to switch to NFSv4 protocol which has been modified to use Kerberos to provide a basic level of authentication. Source: http://news.softpedia.com/news/one-in-ten-nfs-servers-worldwide-is-misconfigured-exposes-sensitive-files-504830.shtml

20. June 3, Softpedia – (International) WordPress sites under attack from new zero-day in WP mobile detector plugin. Security researchers from Plugin Vulnerabilities discovered that hackers were exploiting an arbitrary file upload vulnerability in WP Mobile Detector plugin, which handles image uploads, to upload Hypertext Preprocessor (PHP)-based backdoors on WordPress Web sites after finding that the plugin lacks basic input filtering, allowing attackers to pass a malicious file to upload it to the plugin’s /cache directory. Source: http://news.softpedia.com/news/wordpress-sites-under-attack-from-new-zero-day-in-wp-mobile-detector-plugin-504818.shtml

21. June 2, Softpedia – (International) Researchers find 5,275 login credentials for top 100 companies on the Dark Web. A U.K.-based security firm, Anomali reported that over 5,000 login credentials including email addresses, cleartext passwords, and usernames were posted online via the Dark Web, potentially allowing hackers to use the stolen information to access various sections of an Information Technology (IT) network owned by the top 100 international companies. The firm stated that the credentials were primarily from the oil and gas industry, pharmaceuticals, consumer goods, banking, telecommunications, and military sectors. Source: http://news.softpedia.com/news/researchers-find-5-275-login-credentials-for-top-100-companies-on-the-dark-web-504798.shtml

22. June 2, Reuters – (National) Two men plead guilty in U.S. to hacking, spamming scheme. Officials reported June 2 that two men pleaded guilty in New Jersey for their involvement in a hacking and spamming scheme that generated more than $2 million in illegal profits after the duo and a co-conspirator targeted and stole the personal information of 60 million people, hacked into corporate email accounts, seized control of corporate mail servers, and created their own software to exploit vulnerabilities in numerous corporate Web sites via specially crafted code in computer programs, which hid the origin of the spam and bypassed spam filters. Source: http://www.reuters.com/article/us-usa-cyber-pleas-idUSKCN0YO2TQ

Communications Sector

See items 21 and 22 above in the Information Technology Sector