Complete DHS Report for October 28, 2016
Daily Report
Top Stories
• Ford Motor Company issued a recall October 26 for 400,000 of its
model years 2010 – 2012 vehicles in select makes due to a faulty fuel delivery
module supply port that may crack over time and cause a fuel leak. – TheCarConnection.com
1. October 26,
TheCarConnection.com – (National) Ford Escape, Mercury Mariner, Shelby
GT350/R Mustang recalled for oil and fuel leaks. Ford Motor Company issued
a recall October 26 for 400,000 of its model years 2010 – 2012 Ford Escape
vehicles and its model years 2010 – 2011 Mercury Mariner vehicles equipped with
3.0-liter flex-fuel engines sold in the U.S. due to a faulty fuel delivery
module supply port that may crack over time and cause a fuel leak, thereby
increasing the risk of fire. Ford issued a second recall for 8,000 of its model
years 2015 – 2017 Ford Shelby GT350/R Mustang vehicles sold in the U.S. due to
a potential engine issue. Source: http://www.thecarconnection.com/news/1106906_ford-escape-mercury-mariner-shelby-gt350-r-mustang-recalled-for-oil-and-fuel-leaks
• The former chief executive officer of Axium International, Inc.
was convicted October 25 after he and a co-conspirator diverted about $5.1
million from Axium between 2005 and 2007. – U.S. Attorney’s Office, Central
District of California See item 3 below in the Financial Services Sector
• A Manhattan tax attorney and a co-conspirator were charged
October 26 for allegedly diverting more than $3 million in fee income from
transactions the attorney performed from 2005 – 2011, and failing to report
over $1.2 million in fee income to the U.S. Internal Revenue Service. – U.S.
Attorney’s Office, Southern District of New York See
item 4 below in the Financial
Services Sector
• A 6-alarm fire at an apartment building on the Upper East Side
of New York City killed 1 person, injured 12 others, and displaced 18 families
October 27. – WCBS 2 New York
17. October 27, WCBS 2
New York – (New York) Firefighter performs ‘heroic’ rope rescue in
deadly Upper East Side fire. A 6-alarm fire at an apartment building on the
Upper East Side of New York City killed 1 person, injured 12 others, and
displaced 18 families October 27. Officials temporarily shut down surrounding
roads and the cause of the fire remains under investigation.
Financial Services Sector
2. October 26, Associated
Press – (Montana) Montana credit union tells customers about possible
security breach. Rocky Mountain Credit Union in southwestern Montana
notified 135 of its members October 26 that some of their personal information,
including Social Security numbers, bank account numbers, and driver's license
numbers may have been publicly accessible via its Website from April 15 – June
30 after the credit union detected a security issue with the Website customers
used to upload documents as part of their mortgage application. Officials did
not believe the documents were accessed by an unauthorized individual and the
credit union repaired the security flaw. Source: http://billingsgazette.com/news/state-and-regional/montana/montana-credit-union-tells-customers-about-possible-security-breach/article_39eea0fd-2a96-5380-b638-c78e2e3ca1cf.html
3. October 26, U.S.
Attorney’s Office, Central District of California – (California) Former
CEO of Hollywood payroll company convicted for tax fraud conspiracy. The
former chief executive officer (CEO) of Axium International, Inc. was convicted
October 25 after he and a co-conspirator diverted about $5.1 million from Axium
between 2005 and 2007 through various schemes, including a scheme where the CEO
diverted tax refund checks payable to Axium and its subsidiaries into shadow
bank accounts he and his co-conspirator controlled. The charges state the duo
diverted the funds after discovering the company’s Federal tax delinquencies
exceeded $100 million and its lender foreclosed on its bank accounts. Source: https://www.justice.gov/usao-cdca/pr/former-ceo-hollywood-payroll-company-convicted-tax-fraud-conspiracy
4. October 26, U.S.
Attorney’s Office, Southern District of New York – (New York) Tax
attorney and CPA indicted for tax evasion and diversion of tax shelter fees
from major Manhattan law firm. A Manhattan tax attorney and a Florida
certified public account (CPA) were charged October 26 for allegedly diverting
more than $3 million in fee income from tax shelter and related transactions
the attorney performed while serving as a partner for the Manhattan law firm
from 2005 – 2011, and failing to report over $1.2 million in fee income to the
U.S. Internal Revenue Service. The charges allege that as part of the scheme,
the tax attorney caused roughly $500,000 in tax shelter fees paid by a client
to be routed to a partnership entity he and the CPA co-owned, and used those
fees for personal expenses. Source: https://www.justice.gov/usao-sdny/pr/tax-attorney-and-cpa-indicted-tax-evasion-and-diversion-tax-shelter-fees-major
Information Technology Sector
14. October 27,
SecurityWeek – (International) Cisco patches 9 flaws in Email Security
Appliance. Cisco Systems, Inc. released software updates for its Email
Security Appliances (ESA) to resolve a total of nine vulnerabilities, including
three denial-of-service (DoS) flaws in the AsyncOS software for Cisco ESA which
could allow an unauthenticated remote attacker to cause a DoS condition using
maliciously crafted emails and attachments. Cisco also patched vulnerabilities
that could allow unauthenticated attackers to remotely trick a user into
clicking a malicious link, initiate a DoS condition, and bypass various
filters, among other flaws.
15. October 26,
SecurityWeek – (International) VMware flaws allows security bypass on
Mac OS X. VMware released VMware Tools version 10.1.0 after security
researchers from Tencent’s KeenLab discovered that VMware Tools version 9.x and
10.x are plagued with a flaw that could allow a local user to obtain
information that can be leveraged to bypass a security mechanism. VMware also
released version 8.5 of its VMware Fusion products to resolve a flaw that could
allow a privileged local user on a system with System Integrity Protection
(SIP) enabled to obtain kernel memory addresses to bypass the kASLR protection
mechanism.
16. October 26,
SecurityWeek – (International) Adobe patches Flash vulnerability used in
targeted attacks. Adobe released a Flash Player update after researchers
from Google’s Threat Analysis Group found a critical use-after-free
vulnerability that has been exploited in the wild for arbitrary code execution
and targeted attacks against users running Microsoft Windows 7, 8.1, and 10.
Adobe stated the security flaw affects Flash Player 23.0.0.185 and earlier and
Linux versions 11.2.202.637 and earlier. Source: http://www.securityweek.com/adobe-patches-flash-vulnerability-used-targeted-attacks
Communications Sector
Nothing to report