Complete DHS Report for November 28, 2016
Daily Report
Top Stories
• Bechtel Corporation and AECOM agreed November 23 to pay $125
million to resolve allegations that the contractors violated the Federal False
Claims Act by improperly billing the U.S. Department of Energy for materials
and services that did not meet quality control requirements. – Wall Street Journal
2. November 23, Wall
Street Journal – (Washington) Contractors settle case over cleanup
effort at Hanford nuclear site. Bechtel Corporation and AECOM agreed
November 23 to pay $125 million to resolve allegations that the contractors
violated the Federal False Claims Act by improperly billing the U.S. Department
of Energy for materials and services from vendors that did not meet quality
control requirements in relation to the contractors’ cleanup efforts at the
Hanford Site near Richland, Washington. Source: http://www.wsj.com/articles/contractors-settle-case-over-cleanup-effort-at-hanford-nuclear-site-1479951868
• Toyota Motor Corporation issued a recall November 23 for roughly
744,000 of its model years 2011 – 2016 Toyota Sienna vehicles due to an
electrical problem in the vehicle’s sliding door. – TheCarConnection.com
3. November 23,
TheCarConnection.com – (National) 2011-2016 Toyota Sienna recalled to
fix dodgy doors: 744,00 U.S. vehicles affected. Toyota Motor Corporation
issued a recall November 23 for roughly 744,000 of its model years 2011 – 2016
Toyota Sienna vehicles sold in the U.S. due to an electrical problem in the
vehicle’s sliding door where the door’s fuse could trip if the door is
prevented from opening and allow the door to open while the vehicle is in
motion, thereby creating a safety hazard for passengers. Source: http://www.thecarconnection.com/news/1107442_2011-2016-toyota-sienna-recalled-to-fix-dodgy-doors-744000-u-s-vehicles-affected
• U.S. Steel Corporation agreed November 22 to perform 7
environmental projects totaling $1.9 million, among other actions, to resolve
alleged Clean Air Act violations at its 3 iron and steel manufacturing plants
in the Midwest. – U.S. Department of Justice
4. November 22, U.S.
Department of Justice – (Indiana; Illinois; Michigan) U.S. Steel
Corporation agrees to end litigation, improve environmental compliance at its
three Midwest facilities, pay civil penalty of $2.2 million and perform
projects to aid communities affected by U.S. Steel’s pollution. U.S. Steel
Corporation agreed November 22 to pay a $2.2 million civil penalty to resolve
alleged Clean Air Act violations at its 3 iron and steel manufacturing plants
in Gary, Indiana; Ecorse, Michigan; and Granite City, Illinois. In addition to
the civil penalty, U.S. Steel will undertake measures to reduce pollution at
its three facilities, perform seven supplemental environmental projects
totaling $1.9 million, and spend $800,000 to remove contaminated transformers
at its Gary and Ecorse plants, among other actions. Source: https://www.justice.gov/opa/pr/u-s-steel-corporation-agrees-end-litigation-improve-environmental-compliance-its-three
• The U.S. Navy reported November 24 that the personal details of
134,386 current and former U.S. sailors were exposed after Hewlett-Packard
Company officials discovered an employee’s laptop was hacked. – Softpedia
21. November 24,
Softpedia – (National) US Navy hacked, Social Security numbers of
134,000 sailors stolen. The U.S. Navy reported November 24 that the
personal details of 134,386 current and former U.S. sailors were exposed after
Hewlett-Packard Company officials notified the Navy of the breach October 27
when the firm discovered an employee’s laptop used as part of the Enterprises
Services agreement was hacked. U.S. Navy officials reported there is no
evidence that the stolen information is being misused by the hackers and the
investigation into the breach is ongoing. Source: http://news.softpedia.com/news/us-navy-hacked-social-security-numbers-of-134-000-sailors-stolen-510466.shtml
Financial Services Sector
5. November 23, WVEC 13
Hampton – (Virginia) ‘Soul Patch Bandit’ caught, accused of killing
infant son in Newport News. A man dubbed the “Soul Patch Bandit” was
arrested in Petersburg, Virginia, November 22 after he allegedly robbed 6 banks
in the Richmond area. The suspect was also sought in connection with a murder
in Newport News.
6. November 23, WCBS 2
New York – (New York) ATM skimmers found at Memorial Sloan-Kettering, 3
other hospitals; thousands stolen from victims. Authorities are searching
November 23 for 2 suspects who allegedly installed ATM skimming devices at
several hospitals in New York City between August 24 and November 1, 2016,
stealing around $46,000 from at least 75 victims.
Source:
http://newyork.cbslocal.com/2016/11/23/atm-hospital-skimmers/
7. November 22, U.S.
Attorney’s Office, Southern District of California – (National) Founder
of litigation marketing company guilty of multi-million dollar securities fraud.
The co-founder of PLCMGMT LLC, doing business as Prometheus pleaded guilty
November 22 after he and a co-conspirator defrauded about 200 investors out of
$8.5 million in a securities fraud scheme where the duo falsely claimed
investor funds would be allocated for marketing efforts to recruit plaintiffs
for lawsuits against prescription drugs and medical device manufacturers. The
duo solicited investors by promising investors up to 300 percent returns,
falsely claiming the investors could redeem their investments at any time, and
that their investments were secured by enforceable liens, among other
fraudulent claims. Source: https://www.justice.gov/usao-sdca/pr/founder-litigation-marketing-company-guilty-multi-million-dollar-securities-fraud
Information Technology Sector
23. November 24,
Softpedia – (International) Hackers can steal Tesla cars using Android
app. Security researchers from Promon discovered a flaw in Tesla Motors
companion applications for Android and Apple iOS that could enable hackers to
locate, unlock, and steal Tesla vehicles by convincing a Tesla owner to
download a malicious version of the companion app by offering a free burger
upon installation, which allows the hacker to connect to the phone and begin
the hijack process. As the flaw is in the mobile apps and not the vehicles,
researches advised users to update their systems and apps and to avoid
downloading apps from untrusted sources.
24. November 23, Help Net
Security – (International) Telecrypt Decryptor foils ransomware’s simple
encryption method. A malware analyst released Telecrypt Decryptor, a tool
that is able to decrypt files encrypted by the Telecrypt ransomware when
running on an Administrator account and if an affected user has .NET 4.0 and
above or has at least one of the encrypted files in an unencrypted form. Source:
https://www.helpnetsecurity.com/2016/11/23/telecrypt-decryptor-ransomware/
25. November 23,
SecurityWeek – (International) Information disclosure flaws patched in
VMware products. VMware released two security advisories, one of which
includes patches for three flaws in VMware vCenter Server, vSphere Client, and
vRealize Automation after security researchers from Positive Technologies
discovered XML External Entity (XXE) flaws that could lead to information
disclosure and a denial-of-service (DoS) condition. The second advisory
describes a medium-severity information disclosure bug in Identity Manager and
vRealize Automation that could allow an attacker to access folders that do not
contain sensitive data. Source: http://www.securityweek.com/information-disclosure-flaws-patched-vmware-products
Communications Sector
Nothing to report