The report upon which this is based was not published until
December 27, 2016 at 11:42AM. My
apologies but it is beyond my control!
Complete DHS Report for December 23, 2016
Daily Report
Top Stories
• The former director of fixed income for the New York State
Common Retirement Fund and 2 representatives at separate broker-dealers were
charged December 21 for their alleged roles in a $2.5 billion pay-to-play
scheme. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector
• The founder and chief executive officer (CEO) of Frisco-based
Texas First Financial LLC was arrested December 20 for allegedly orchestrating
a Ponzi scheme that defrauded investors out of $6 million. – Downtown Austin
Patch See item 5 below in the Financial Services Sector
• More than 430 flights were delayed and 59 others were canceled
at Los Angeles International Airport December 21 – December 22. – ABC News
6. December
22, ABC News – (California) Holiday travelers gripe as delays pile up at Los
Angeles International Airport. More than 430 flights were delayed and 59
others were canceled at Los Angeles International Airport December 21 –
December 22 due to airport construction, inclement weather, and the increased
number of flights and passengers.
• Community Health Plan of Washington began notifying nearly
400,000 current and former patients December 21 that their personal information,
including Social Security numbers, was exposed in a data breach. – Seattle
Times; Yakima Herald-Republic
18. December
22, Seattle Times; Yakima Herald-Republic – (Washington) Data
breach exposes info for 400,000 Community Health Plan members. Community
Health Plan of Washington is notifying nearly 400,000 current and former
patients December 21 that their personal information, including Social Security
numbers, was exposed in a data breach after an anonymous caller notified the
firm November 7 that they had discovered a vulnerability in the computer
network of the company that provides the health organization technical
services. Officials stated there is no evidence that the information was
misused.
Financial Services Sector
4. December
21, U.S. Securities and Exchange Commission – (International) SEC
charges former New York pension official and two brokers in pay-to-play scheme.
The former director of fixed
income for the New York State Common Retirement Fund and 2 representatives at
separate broker-dealers were charged December 21 for their alleged roles in a
pay-to-play scheme where the director used his position to divert $2.5 billion
in State business to the brokers’ firms in exchange for over $100,000 worth of
illicit bribes and benefits from January 2014 – February 2016. The charges
allege that the scheme netted the brokers millions of dollars in commissions,
and allege that the brokers provided considerable assistance to the State
official in hiding the scheme from the Retirement Fund.
5. December
20, Downtown Austin Patch – (Texas) Dallas man billing self as
financial guru via investment seminars arrested in alleged Ponzi scheme. The
founder and chief executive officer (CEO) of Frisco-based Texas First Financial
LLC was arrested December 20 for allegedly orchestrating a Ponzi scheme that
defrauded investors out of $6 million from the sale of notes, stock
certificates, and investment contracts in Dallas-based StaMedia Group from 2014
to 2016 and Frisco-based TenList Inc. The executive and his sales associates
allegedly raised money from StaMedia investors without disclosing that the
business had negligible revenue and net income since its establishment in 2013,
and reportedly concealed ongoing Federal investigations into his sale of
investments. Source: http://patch.com/us/across-america/man-billing-himself-financial-guru-investment-seminars-arrested-alleged-ponzi
Information Technology Sector
22. December
21, SecurityWeek – (International) Rakos malware takes over embedded Linux
devices. ESET security researchers warned that a newly observed piece of
malware, dubbed Rakos is targeting embedded Linux devices via brute force
Secure Shell (SSH) login attempts in order to infect the vulnerable devices and
servers with an open SSH port, and use them to create a large botnet and
further spread the malware. The researchers also found that Rakos is able to
update its configuration file from a specific command and control (C&C)
location, and provides the attacker with complete control over an impacted
device as it sends information including the device’s Internet Protocol (IP) address,
username, and password.
23. December
21, SecurityWeek – (International) Vulnerabilities found in Siemens Desigo PX,
SIMATIC products. Siemens released patches and workarounds to address
several flaws in all versions of its SIMATIC S7-300 and S7-400 programmable
logic controllers (PLCs) after researchers from Beijing Acorn Network
Technology found the security holes can be exploited to obtain credentials from
a PLC configuration with protection level 2, and cause a denial-of-service
condition by sending maliciously crafted packets to transmission control
protocol (TCP) port 80. Siemens also described a cryptographic issue in its
Desigo PX product which could allow a remote attacker to reconstruct the
corresponding private key. Source: http://www.securityweek.com/vulnerabilities-found-siemens-desigo-px-simatic-products
24. December
21, SecurityWeek – (International) Spam “hailstorms” deliver variety of threats.
Researchers from Cisco Talos warned that a new type of spam campaign,
dubbed hailstorm spam sends over 75,000 Domain Name System (DNS) queries per
hour and relies on the use of a large number of Internet Protocol (IP)
addresses from around the world to send the queries. Cisco determined that
servers in the U.S. are targeted the most by hailstorm spam campaigns compared
to other countries. Source: http://www.securityweek.com/spam-hailstorms-deliver-variety-threats
Communications Sector
Nothing to report