Complete DHS Report for November 7, 2016
Daily Report
Top Stories
• Samsung Electronics Co. issued a recall November 4 for about 2.8
million of its top-load washing machines due to a risk of injury, as the
machine top can unexpectedly detach from the washing machine chassis. – U.S.
Consumer Product Safety Commission
4. November 4, U.S.
Consumer Product Safety Commission – (National) Samsung recalls top-load
washing machines due to risk of impact injuries. Samsung Electronics Co.
issued a recall November 4 for about 2.8 million of its top-load washing
machines in various models after the firm received 733 reports of the washing
machines experiencing excessive vibration or the top detaching from the washing
machine chassis and 9 related reports of injuries. The products were sold at
home appliance stores nationwide. Source:
https://www.cpsc.gov/Recalls/2016/samsung-recalls-top-load-washing-machines
• A former chief financial officer at Clarkston Brandon Community
Credit Union pleaded guilty November 3 to embezzling over $18 million from his
employer from 2003 – 2016. – U.S. Attorney’s Office, Eastern District of
Michigan See item 7 below in the Financial Services Sector
• Over 400,000 gallons of raw sewage spilled into the Hudson River
from several areas in Washington, Warren, and Albany counties in New York
November 4 after heavy rains caused the local sewer system to overload. – WNYT
13 Albany
13. November 3, WNYT 13
Albany – (New York) 400,000 gallons of raw sewage spill into Hudson
River. Over 400,000 gallons of raw sewage spilled into the Hudson River
from several areas in Washington, Warren, and Albany counties in New York
November 4 after heavy rains caused the local sewer system to overload. Source:
http://wnyt.com/news/raw-sewage-spill-hudson-river/4309669/
• Around 3,000 people were evacuated from the Paris Las Vegas
hotel and casino for around 20 hours November 3 – November 4 after a worker
inadvertently cut into the power main while performing work in a sub-basement.
– Associated Press
21. November 4,
Associated Press – (Nevada) Vegas strip resort reopens after power
outage, evacuation. Around 3,000 people were evacuated from the Paris Las
Vegas hotel and casino for around 20 hours November 3 – November 4 after a
worker inadvertently cut into the power main while performing work in a
sub-basement.
Financial Services Sector
6. November 3, Atlanta
Journal-Constitution – (Georgia) FBI: 'Scruffy Faced Bandit' robs sixth
area bank, this one in Kennesaw. Authorities are searching November 3 for a
man dubbed the “Scruffy Faced Bandit” who is suspected of robbing 6 banks in
Cobb and Fulton counties in Georgia since August 2016, including a Chase Bank
branch in Kennesaw November 1. Source:
http://www.ajc.com/news/crime--law/fbi-scruffy-faced-bandit-robs-sixth-area-bank-this-one-kennesaw/ghNUOJdThjEnNpBf5Kf1IM/
7. November 3, U.S.
Attorney’s Office, Eastern District of Michigan – (Michigan) Former
chief financial officer pleads guilty to embezzlement. A former chief
financial officer (CFO) at Clarkston Brandon Community Credit Union (CBCCU)
pleaded guilty November 3 for embezzling over $18 million from his employer
from January 2003 – January 2016 by issuing cashier’s checks from different
CBCCU accounts without authorization and depositing those funds into accounts
that he managed at other financial institutions, as well as using Automated
Clearing House withdrawals to illicitly transfer funds from CBCCU’s accounts to
his personal accounts at other banks. The charges also state that in order to
conceal the fraud, the CFO created fraudulent investments in certificates of
deposit and bonds, leading auditors and bank examiners to believe that the
money he embezzled was invested in these vehicles. Source: https://www.justice.gov/usao-edmi/pr/former-chief-financial-officer-pleads-guilty-embezzlement
Information Technology Sector
19. November 4, Help Net
Security – (International) GitLab plugs critical flaw in its code
repository manager software. GitLab released security updates for its Community
Edition (CE) and Enterprise Edition (EE) of its code repository manager
software resolving a critical flaw in the import/export project feature that
did not adequately check for symbolic links in user-provided archives, thereby
allowing an authenticated user to access the contents of any file accessible to
the GitLab service account. Source:
https://www.helpnetsecurity.com/2016/11/04/gitlab-plugs-critical-flaw/
20. November 3,
SecurityWeek – (International) PLCs vulnerable to stealthy pin control
attacks. Security researchers at the Black Hat Europe 2016 security
conference discovered two new attack methods involving manipulating
programmable logic controllers’ (PLCs) input and output at a low level, thereby
allowing attackers to control the physical processes managed by the PLCs
without triggering any alarms. The first method involves changing the pin’s
configuration and allows malware in the PLC to switch a pin from input to
output, or vice-versa, while the second attack method involves multiplexing and
changes the functionality of the same pin. Source: http://www.securityweek.com/plcs-vulnerable-stealthy-pin-control-attacks
Communications Sector
Nothing to report