Friday, July 29, 2016



Complete DHS Report for July 29, 2016

Daily Report                                            

Top Stories

• A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares. – U.S. Attorney’s Office, Eastern District of New York

4. July 27, U.S. Attorney’s Office, Eastern District of New York – (National) Registered broker pleads guilty to securities fraud for participating in a $131 million market manipulation scheme. A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares by orchestrating the trading of ForceField stock to create the appearance of interest and trading volume in the stock, and concealing payments to stock promoters and broker dealers who claimed to be independent of the company, among other fraudulent means. The charges also state that a ForceField executive paid kickbacks to the broker in exchange for purchasing company stocks in his client’s brokerage accounts between October 2014 and April 2015. Source: https://www.justice.gov/usao-edny/pr/registered-broker-pleads-guilty-securities-fraud-particpating-131-million-market

• Good Food Concepts, LLC, doing business as Ranch Foods Direct, issued a recall July 26 for approximately 2,606 pounds of its non-intact beef products distributed in Colorado due to potential E.coli O157:H7 contamination. – U.S. Department of Agriculture

8. July 27, U.S. Department of Agriculture – (Colorado) Good Food Concepts, LLC D.B.A. Ranch Foods Direct recalls non-intact beef products due to possible E.coli O157:H7 contamination. Good Food Concepts, LLC, doing business as Ranch Foods Direct, issued a recall July 26 for approximately 2,606 pounds of its non-intact beef products sold in 25 variations due to potential E.coli O157:H7 contamination after Federal health officials discovered a potential link between the beef products and an E.coli O157:H7 illness outbreak in Colorado. The products were distributed to wholesale and retail locations in Colorado.  Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health-alerts/recall-case-archive/archive/2016/recall-064-2016-release

• Crews reached 10 percent containment July 27 of the Soberanes Fire which has burned over 23,500 acres, threatens 2,000 structures, and has destroyed 34 homes and 10 outbuildings in California. – Reuters

13. July 28, Reuters – (California) Central California wildfire destroys 34 homes, forces 350 to evacuate. Crews reached 10 percent containment of the Soberanes Fire July 27 which has burned over 23,500 acres, threatens 2,000 structures, and has destroyed 34 homes and 10 outbuildings between Big Sur and the town of Carmel-by-the-Sea. Approximately 3,000 firefighters in the State reached 40 percent containment of the 38,350-acre Sand Fire burning in the Angeles National Forest.

• The U.S. President’s administration released Presidential Policy Directive/PPD-41 July 26 detailing the U.S. Cyber Incident Coordination, setting forth principles that govern the Federal Government’s response to cyber incidents. – Whitehouse.gov See item 19 below in the Information Technology Sector

Financial Services Sector

3. July 27, SecurityWeek – (International) PayPal abused in banking trojan distribution campaign. Proofpoint security researchers discovered malicious actors were distributing the Chthonic banking trojan, a variant of the Zeus malware, via legitimate-looking PayPal emails to request money from users by sending money request messages claiming an illicit $100 transfer was made to the victim’s account which could be returned by clicking the malicious Goo.gl link that redirects the user to “katyaflash[.]com/pp.php,” where the malware is downloaded onto the device in the form of an obfuscated JavaScript file that connects to the command and control (C&C) server. Researchers discovered the malware was also downloading a previously undocumented second-stage payload dubbed AZORult.

4. July 27, U.S. Attorney’s Office, Eastern District of New York – (National) Registered broker pleads guilty to securities fraud for participating in a $131 million market manipulation scheme. A former registered broker pleaded guilty July 27 to defrauding ForceField Energy Inc., investors out of $131 million between January 2009 and April 2015 after he and co-conspirators manipulated the price and volume of traded ForceField shares by orchestrating the trading of ForceField stock to create the appearance of interest and trading volume in the stock, and concealing payments to stock promoters and broker dealers who claimed to be independent of the company, among other fraudulent means. The charges also state that a ForceField executive paid kickbacks to the broker in exchange for purchasing company stocks in his client’s brokerage accounts between October 2014 and April 2015. Source: https://www.justice.gov/usao-edny/pr/registered-broker-pleads-guilty-securities-fraud-particpating-131-million-market

Information Technology Sector

16. July 28, SecurityWeek – (International) Many web attacks come from United States: Sucuri. Researchers at Sucuri analyzed metadata from 30 days of Web traffic and blocked requests from its firewall product and found that the Structured Query Language (SQL) injection, brute force, and other exploit attempts had various browser user agents, more than one-third of the attacks came from the U.S. followed by Indonesia and China, and that when it came to operating systems (OS) 45 percent of attacks came from Microsoft Windows. Source: http://www.securityweek.com/many-web-attacks-come-united-states-sucuri

17. July 28, Help Net Security – (International) Media-stealing Android app targets developers. Google removed the “HTML Source Code Viewer” app from its Google Play distribution service after Symantec researchers discovered the malicious app stole photos and videos from victims’ mobile devices by requesting permissions to access the device’s external storage. The app targeted all versions of Android after and including Gingerbread.

18. July 28, Softpedia – (International) Chrome, Firefox vulnerable to crashes via search suggestions. Nightwatch Cybersecurity researchers found that Google Chromium, Android, and Mozilla Firefox do not protect browser built-in search suggestions via an encrypted Hypertext Transfer Protocol Secure (HTTPS) channel, which could allow an attacker on the local channel to intercept search suggestion inquiries and answer before the search provider. Firefox, Chrome, and Android are working to address the issue. Source: http://news.softpedia.com/news/chrome-firefox-vulnerable-to-crashes-via-search-suggestions-506722.shtml

19. July 26, Whitehouse.gov– (National) Presidential Policy Directive – United States Cyber Incident Coordination. The U.S. President’s administration released Presidential Policy Directive/PPD-41 July 26 detailing the U.S. Cyber Incident Coordination, which sets forth principles that govern the Federal Government’s response to cyber incidents and the designation of responsibility to certain Federal agencies, including the FBI and DHS. Source: https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident

For another story, see item 3 above in the Financial Services Sector

Communications Sector

See item 15 below from the Emergency Services Sector

15. July 27, Associated Press – (Oklahoma) AT&T: Oklahoma’s 911 emergency telephone service restored. AT&T Inc., reported that emergency 9-1-1 service was restored after call routing was impacted for approximately 2 hours July 27 in portions of Oklahoma. The company is investigating the source of the outage, which involved a power issue at a facility in the Oklahoma City area.