Monday, November 7, 2016



Complete DHS Report for November 7, 2016

Daily Report                                            

Top Stories

• Samsung Electronics Co. issued a recall November 4 for about 2.8 million of its top-load washing machines due to a risk of injury, as the machine top can unexpectedly detach from the washing machine chassis. – U.S. Consumer Product Safety Commission  

4. November 4, U.S. Consumer Product Safety Commission – (National) Samsung recalls top-load washing machines due to risk of impact injuries. Samsung Electronics Co. issued a recall November 4 for about 2.8 million of its top-load washing machines in various models after the firm received 733 reports of the washing machines experiencing excessive vibration or the top detaching from the washing machine chassis and 9 related reports of injuries. The products were sold at home appliance stores nationwide. Source: https://www.cpsc.gov/Recalls/2016/samsung-recalls-top-load-washing-machines

• A former chief financial officer at Clarkston Brandon Community Credit Union pleaded guilty November 3 to embezzling over $18 million from his employer from 2003 – 2016. – U.S. Attorney’s Office, Eastern District of Michigan See item 7 below in the Financial Services Sector

• Over 400,000 gallons of raw sewage spilled into the Hudson River from several areas in Washington, Warren, and Albany counties in New York November 4 after heavy rains caused the local sewer system to overload. – WNYT 13 Albany

13. November 3, WNYT 13 Albany – (New York) 400,000 gallons of raw sewage spill into Hudson River. Over 400,000 gallons of raw sewage spilled into the Hudson River from several areas in Washington, Warren, and Albany counties in New York November 4 after heavy rains caused the local sewer system to overload. Source: http://wnyt.com/news/raw-sewage-spill-hudson-river/4309669/

• Around 3,000 people were evacuated from the Paris Las Vegas hotel and casino for around 20 hours November 3 – November 4 after a worker inadvertently cut into the power main while performing work in a sub-basement. – Associated Press

21. November 4, Associated Press – (Nevada) Vegas strip resort reopens after power outage, evacuation. Around 3,000 people were evacuated from the Paris Las Vegas hotel and casino for around 20 hours November 3 – November 4 after a worker inadvertently cut into the power main while performing work in a sub-basement.

Financial Services Sector

6. November 3, Atlanta Journal-Constitution – (Georgia) FBI: 'Scruffy Faced Bandit' robs sixth area bank, this one in Kennesaw. Authorities are searching November 3 for a man dubbed the “Scruffy Faced Bandit” who is suspected of robbing 6 banks in Cobb and Fulton counties in Georgia since August 2016, including a Chase Bank branch in Kennesaw November 1. Source: http://www.ajc.com/news/crime--law/fbi-scruffy-faced-bandit-robs-sixth-area-bank-this-one-kennesaw/ghNUOJdThjEnNpBf5Kf1IM/

7. November 3, U.S. Attorney’s Office, Eastern District of Michigan – (Michigan) Former chief financial officer pleads guilty to embezzlement. A former chief financial officer (CFO) at Clarkston Brandon Community Credit Union (CBCCU) pleaded guilty November 3 for embezzling over $18 million from his employer from January 2003 – January 2016 by issuing cashier’s checks from different CBCCU accounts without authorization and depositing those funds into accounts that he managed at other financial institutions, as well as using Automated Clearing House withdrawals to illicitly transfer funds from CBCCU’s accounts to his personal accounts at other banks. The charges also state that in order to conceal the fraud, the CFO created fraudulent investments in certificates of deposit and bonds, leading auditors and bank examiners to believe that the money he embezzled was invested in these vehicles. Source: https://www.justice.gov/usao-edmi/pr/former-chief-financial-officer-pleads-guilty-embezzlement

Information Technology Sector

19. November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Source: https://www.helpnetsecurity.com/2016/11/04/gitlab-plugs-critical-flaw/

20. November 3, SecurityWeek – (International) PLCs vulnerable to stealthy pin control attacks. Security researchers at the Black Hat Europe 2016 security conference discovered two new attack methods involving manipulating programmable logic controllers’ (PLCs) input and output at a low level, thereby allowing attackers to control the physical processes managed by the PLCs without triggering any alarms. The first method involves changing the pin’s configuration and allows malware in the PLC to switch a pin from input to output, or vice-versa, while the second attack method involves multiplexing and changes the functionality of the same pin. Source: http://www.securityweek.com/plcs-vulnerable-stealthy-pin-control-attacks

Communications Sector

Nothing to report