Complete DHS Report for September 28, 2016
Daily Report
Top Stories
• Volkswagen Group issued a recall September 26 for 79,895 of its
model years 2015 – 2017 Audi vehicles in select makes due to a glitch affecting
the side marker lights, which may decrease visibility. – TheCarConnection.com
1. September 26,
TheCarConnection.com – (National) Audi recalls A3, A3 e-tron, A4, Q3,
Q7, TT for lighting problem: nearly 80,000 cars affected. Volkswagen Group
issued a recall September 26 for 79,895 of its model years 2015 – 2017 Audi
vehicles in select makes sold in the U.S. due to a software glitch affecting
the vehicles’ side marker lights, which may become inoperative when a car’s
parking light or headlights are illuminated, thereby making it more difficult
for a driver to see and increasing the risk of a crash. Source:
http://www.thecarconnection.com/news/1106305_audi-recalls-a3-a3-e-tron-a4-q3-q7-tt-for-lighting-problem-nearly-80000-cars-affected
• A former tax preparer at K&S Tax Solution, Inc. was
convicted September 23 for her role in a fraudulent tax refund scheme where she
and 14 co-conspirators attempted to recieve more than $281 million in fraudulent
Federal tax returns since 2010. – U.S. Attorney’s Office, Southern District
of New York See item 3 below in the Financial Services Sector
• The U.S. Securities and Exchange Commission charged the former
chief executive officer of Sanomedics Inc. and Fun Cool Free Inc., and a
co-conspirator September 26 for their roles in a penny stock scheme that
defrauded several hundred investors nationwide out of approximately $20
million. – U.S. Securities and Exchange Commission See item 5
below in the Financial Services Sector
• A 2-alarm fire at the Oak Springs Apartments in San Antonio,
Texas, September 26 displaced 32 people and damaged 24 units. – KSAT 12 San
Antonio
25. September 26, KSAT 12
San Antonio – (Texas) Fire causes significant damage to NE side
apartment complex. A 2-alarm fire displaced 32 people from the Oak Springs
Apartments in San Antonio, Texas, September 26 and damaged 24 units. No
injuries were reported and officials believe the fire began in an electrical
outlet on the second or third floor. Source: http://www.ksat.com/news/firefighters-battle-2-alarm-apartment-fire-on-ne-side
Financial Services Sector
3. September 26, U.S.
Attorney’s Office, Southern District of New York – (National) Bronx tax
preparer found guilty of participation in scheme to steal millions using
fraudulent tax returns. A former tax preparer at K&S Tax Solution, Inc.
(K&S) was convicted September 23 for her role in a more than $19 million
fraudulent tax refund scheme where she and 14 co-conspirators filed fraudulent
tax returns using identities stolen from Puerto Rico residents, including the
identities of patients at a medical clinic in Ponce, Puerto Rico, in order to
obtain fraudulent refunds through wire transfers and in check form since 2010.
The U.S. Internal Revenue Service identified more than $281 million in
attempted fraudulent returns. Source: https://www.justice.gov/usao-sdny/pr/bronx-tax-preparer-found-guilty-participation-scheme-steal-millions-using-fraudulent
4. September 26, U.S.
Securities and Exchange Commission – (International) Merrill Lynch
charged with trading controls failures that led to mini-flash crashes. The
U.S. Securities and Exchange Commission (SEC) announced September 26 that
Merrill Lynch Wealth Management agreed to pay a $12.5 million penalty after an
SEC investigation revealed that the firm caused market disruptions at least 15
times from 2012 – 2014, and violated the Market Access Rule after the firm set
its internal controls that prevent incorrect trading orders at high levels,
making them ineffective and causing select stock prices to plunge then suddenly
recover. As part of the settlement, Merrill Lynch agreed to be censured and is
prohibited from further violations of the Securities Exchange Act. Source: https://www.sec.gov/news/pressrelease/2016-192.html
5. September 26, U.S.
Securities and Exchange Commission – (National) SEC charges CEO and
boiler room operator with fraud. The U.S. Securities and Exchange
Commission charged September 26 the former chief executive officer (CEO) of
Sanomedics Inc. and Fun Cool Free Inc., and a boiler room operator for their
roles in a penny stock scheme that defrauded several hundred investors
nationwide out of approximately $20 million after boiler-room agents hired by
the pair pressured senior citizens and others to invest in the former CEO’s 2
companies by claiming the investors’ funds would be used for research and
development, while the money was used for personal expenses and to pay the
boiler-room agents. Officials stated the duo agreed to be barred from
subsequent penny stock offerings, and the former executive agreed to be barred
from operating as an officer or director of a public business. Source: https://www.sec.gov/news/pressrelease/2016-193.html
Information Technology Sector
20. September 27,
SecurityWeek – (International) Russian cyberspies use “Komplex” trojan
to target OS X systems. Palo Alto Networks discovered an Apple Mac
operating system (OS) X trojan, dubbed Komplex establishes contact with its
command and control (C&C) server after infecting a device in order to
collect system information, and allows an attacker to execute arbitrary
commands and download files to the affected machine. The researchers stated
Komplex has reportedly been used by a Russian cyber espionage group known as
Sofacy to target the U.S. government, the World Anti-Doping Agency (WADA), and
the German parliament. Source: http://www.securityweek.com/russian-cyberspies-use-komplex-trojan-target-os-x-systems
21. September 26,
SecurityWeek – (International) Microsoft removes Windows Journal due to
security flaws. Microsoft removed the Windows Journal application available
in Windows versions from XP Tablet PC edition through Windows 10 after
researchers discovered about a dozen denial-of-service (DoS) flaws, remote code
execution vulnerabilities, and a heap overflow issue discovered by a Fortinet
researcher which could cause the application to crash. Microsoft advised
customers to switch to OneNote. Source: http://www.securityweek.com/microsoft-removes-windows-journal-due-security-flaws
22. September 26,
SecurityWeek – (International) OpenSSL patch for low severity issue
creates critical flaw. OpenSSL released version 1.1.0b after it was
discovered that a low severity denial-of-service (DoS) patched in OpenSSL
1.1.0a created a critical use-after-free vulnerability associated with large
message sizes which could lead to arbitrary code execution or cause a system to
crash. OpenSSL developers also released version 1.0.2j resolving a missing
certificate revocation list (CRL) sanity check flaw in version 1.0.2i. Source: http://www.securityweek.com/openssl-patch-low-severity-issue-creates-critical-flaw
For additional stories, see
item 5 above in the Financial
Services Sector and item 17 below in the Communications Sector
Communications Sector
See item 17 below from the Government Facilities
Sector
17. September 26,
SecurityWeek – (International) New MarsJoke ransomware targets
government agencies. Proofpoint security researchers reported a new
ransomware variant, dubbed MarsJoke was primarily targeting State and local
government agencies, as well as primary and secondary educational institutions
via spam email campaigns fueled by the Kelihos botnet that mimic the style of
CTB-Locker and changes the victim’s desktop background before displaying a
ransom message in several different languages. Proofpoint researchers also
found the malware was targeting healthcare, telecommunications, and insurance
companies, among others, in smaller numbers.