Complete DHS Report for November 14, 2016
• Volvo Group notified customers October 28 of a recall for roughly 74,000 of its model years 2016 – 2017 vehicles in select makes due to a faulty connecting pin in the seat belt buckle that could prevent the belts from properly restraining occupants in the event of a crash. – TheCarConnection.com; Automotive News
2. November 9, TheCarConnection.com; Automotive News – (International) 2016-2017 Volvo S60, S90, V60, XC60, XC90 recalled: 74,000 U.S. vehicles affected. Volvo Group issued a recall October 28 for roughly 74,000 of its model years 2016 – 2017 vehicles in select makes sold in the U.S. due to a faulty connecting pin in the seat belt buckle that could prevent the belts from properly restraining occupants in the event of a crash, thereby increasing the risk of injury. An additional 5,000 vehicles in Canada are also affected by the recall. Source: http://www.thecarconnection.com/news/1107174_2016-2017-volvo-s60-s90-v60-xc60-xc90-recalled-74000-u-s-vehicles-affected#image=100477796
• Two people were convicted November 9 for defrauding foreign banks involved in the U.S. Department of Agriculture’s GSM-102 Export Credit Guarantee Program out of more than $25 million. – Stamford Advocate See item 3 below in the Financial Services Sector
• A Florida resident pleaded guilty November 8 for his role in a scheme where he and co-conspirators defrauded ForceField Energy Inc. investors out of roughly $131 million from 2009 – 2015. – U.S. Attorney’s Office, Eastern District of New York See item 5 below in the Financial Services Sector
• The Iowa Department of Natural Resources reported that around 150,000 gallons of untreated wastewater were discharged into Silver Creek in DeWitt November 9. – WQAD 8 Moline
14. November 9, WQAD 8 Moline – (Iowa) 150,000 gallons of wastewater leak in DeWitt, Iowa. The Iowa Department of Natural Resources reported that around 150,000 gallons of untreated wastewater were discharged into Silver Creek in DeWitt November 9. Officials were working to repair the issue and redirect wastewater into the city lagoon.
Financial Services Sector
3. November 10, Stamford Advocate – (International) Darien man convicted of bank fraud. A Darien, Connecticut resident and Minneapolis resident were convicted November 9 for defrauding foreign banks involved in the U.S. Department of Agriculture’s GSM-102 Export Credit Guarantee Program out of more than $25 million from September 2007 – January 2012 in a scheme where the duo and a co-conspirator obtained shipment lists and created fictitious invoices for agricultural products that they did not physically ship, and subsequently used the fake documents to secure capital from banks and collect millions of dollars in fees from the transactions. As part of the scheme, the duo created several companies under different names to acquire a larger share of the allocation of guarantees from the GSM-102 program, and used multiple bank accounts under the various entity names. Source: http://www.stamfordadvocate.com/local/article/Darien-man-convicted-of-bank-fraud-10605826.php
4. November 9, U.S. Department of Justice – (International) Futures trader pleads guilty to illegally manipulating the futures market in connection with 2010 “Flash Crash.” A British futures trader pleaded guilty November 9 for his role in a more than 5-year, $12.8 million market manipulation scheme, which included his role in the May 2010 “Flash Crash,” where he manipulated the market for E-mini Standard & Poor’s Financial Services LLC (S&P)’s 500 futures contracts (E-minis) by using an automated trading program and placing thousands of spoof orders for E-minis that he did not intend to trade, among other methods, in order to create the appearance of a substantial supply and demand, as well as to persuade other market participants to trade E-minis at prices and quantities they typically would not have traded. Source: https://www.justice.gov/opa/pr/futures-trader-pleads-guilty-illegally-manipulating-futures-market-connection-2010-flash
5. November 8, U.S. Attorney’s Office, Eastern District of New York – (International) Florida registered broker pleads guilty to securities fraud for participating in a $131 million market manipulation scheme. A registered stockbroker and resident of Boca Raton, Florida, pleaded guilty November 8 for his role in a scheme where he and co-conspirators defrauded ForceField Energy Inc. investors out of roughly $131 million from January 2009 – April 2015 by artificially regulating the price and volume of traded ForceField shares through nominees that bought and sold ForceField stock without revealing the information to investors and prospective investors. In order to conceal their involvement in the fraudulent scheme, the group used prepaid cell phones, communicated via encrypted messaging applications, and paid kickbacks in cash, among other methods.
Information Technology Sector
19. November 10, SecurityWeek – (International) Hackers can abuse iOS WebView to make phone calls. A security researcher reported that Apple mobile operating system (iOS) applications such as LinkedIn, Twitter, and others can be abused by a malicious actor to initiate phone calls to arbitrary phone numbers from a victim’s device by convincing a user to open a specially crafted Webpage via an affected app that redirects the victim to a TEL Uniform Resource Identifier (URI), which triggers the call. The researcher reported that the vulnerability can also prevent a victim from ending the call, and is related to how certain iOS applications handle the WebView component.
20. November 9, SecurityWeek – (International) Privilege escalation flaw affects several Siemens products. Siemens released updates and temporary fixes addressing a medium-severity privilege escalation vulnerability in many of its industrial products, including several Siemens SCADA systems, SOFTNET, Security Configuration Tool (SCT), and distributed control systems (DCS), among other products. Researchers warned that users with local access to the Microsoft Windows operating system running on the same device as an affected Siemens application can escalate their privileges, and reported that the flaw cannot be exploited if the affected product is installed in the default path.
21. November 8, SecurityWeek – (International) SAP patches OS command execution vulnerabilities. SAP released its November 2016 security updates resolving a total of 16 security flaws, including 2 critical flaws in the SAP Report for Terminology Exportl component and the SAP Text Conversion component that could be exploited to execute operating system (OS) commands without authorization, thereby allowing an attacker access to arbitrary files and directories located in a SAP server file system. SAP also patched a denial-of-service (DoS) flaw in SAP Message Server and an information disclosure vulnerability in SAP Software Update Manager component, which can be leveraged to reveal information about an impacted system, among other vulnerabilities.
Nothing to report