Friday, December 30, 2016



Complete DHS Report for December 30, 2016

Daily Report                                            

Top Stories

• Troy, Michigan-based United Shore Financial Services LLC agreed December 28 to pay $48 million to resolve alleged violations of the False Claims Act by deliberately originating and underwriting federally insured mortgage loans. – U.S. Department of Justice See item 2 below in the Financial Services Sector

• The owner and marketing director of Salon Success Strategies was arrested December 21 in Roseville, California, for allegedly bilking 10 or more of her clients’ customers out of more than $100,000 since 2014. – Sacramento Bee See item 3 below in the Financial Services Sector

• A Romanian citizen pleaded guilty December 28 to stealing $127,000 through skimming devices on bank ATMs in Chatham and Delmar, New York, and in Great Barrington, Massachusetts, between August and October 2015. – Albany Times Union See item 4 below in the Financial Services Sector

• The U.S. President designated December 28 Bears Ears National Monument in Utah, which will span 1.35 million acres of tribal land in the Four Corners region of the State. – Associated Press

15. December 29, Associated Press – (Utah; Nevada) President designates Bears Ears National Monument in Utah. The U.S. President designated December 28 Bears Ears National Monument in Utah, which will span 1.35 million acres of tribal land in the Four Corners region of the State as part of an effort to ensure protections for lands that are home to roughly 100,000 archaeological sites. The U.S. President also designated the Gold Butte National Monument near Las Vegas, which will cover 300,000 acres of ecologically fragile land. Source: http://www.nbc11news.com/content/news/408552945.html

Financial Services Sector

2. December 28, U.S. Department of Justice – (National) United Shore Financial Services LLC agrees to pay $48 million to resolve alleged False Claims Act liability arising from FHA-insured mortgage lending. Troy, Michigan-based United Shore Financial Services LLC (USFS) agreed December 28 to pay $48 million to resolve alleged violations of the False Claims Act by deliberately originating and underwriting mortgage loans insured by the U.S. Department of Housing and Urban Development (HUD)’s Federal Housing Administration (FHA) from January 2006 – December 2011 that did not meet relevant requirements, causing HUD to insure hundreds of loans approved by USFS that were not eligible for FHA mortgage insurance under the Direct Endorsement program. As part of the settlement, USFS admitted it inappropriately pressured underwriters to approve FHA mortgages, and falsely certified that direct endorsement underwriters personally reviewed appraisal reports before USFS approved and endorsed mortgages for FHA insurance, among other violations. Source: https://www.justice.gov/opa/pr/united-shore-financial-services-llc-agrees-pay- 48-million-resolve-alleged-false-claims-act

3. December 28, Sacramento Bee – (International) Roseville police: Woman ran up fraudulent credit card charges of salon, day spa customers. The owner and marketing director of Salon Success Strategies was arrested December 21 in Roseville, California, for allegedly bilking 10 or more of her clients’ customers in California, Florida, Canada, and Australia out of more than $100,000 by fraudulently charging their credit cards since 2014.

4. December 28, Albany Times Union – (Massachusetts; New York) Feds: ATM skimmer admits stealing $127,000. A Romanian citizen pleaded guilty December 28 to stealing $127,000 through skimming devices he and a co-conspirator installed on ATMs at First Niagara Bank, TrustCo Bank, and Berkshire Bank branches in Chatham and Delmar, New York, and in Great Barrington, Massachusetts, between August and October 2015. Source: http://www.timesunion.com/local/article/Feds-ATM-skimmer-admits-stealing- 127-000-10823421.php

For another story, see item 18 below from the Commercial Facilities Sector

18. December 29, SecurityWeek – (National) InterContinental Hotels investigating possible card breach. InterContinental Hotels Group PLC (IHG) announced December 29 it is investigating a possible payment card breach at some of its U.S. locations after the firm was notified of a report of unauthorized charges occurring on customers’ debit and credit cards that were used at the company’s properties. IHG officials advised customers to monitor their payment card statements until the investigation is completed.

Information Technology Sector

16. December 28, SecurityWeek – (International) Destructive KillDisk malware turns into ransomware. A CyberX security researcher reported that a recently observed variant of the KillDisk malware encrypts each file with a specific Advanced Encryption Standard (AES) key, which are subsequently encrypted using an RSA 1028 key stored in the body of the malware, and holds the files for ransom instead of deleting them. The ransomware is designed to encrypt select types of files, including source code, emails and media files, and documents, among other file types, and requires elevated privileges.

17. December 28, SecurityWeek – (International) Vulnerabilities plague PHP 7’s unserialize mechanism. Check Point security researchers reported that PHP 7’s unserialize function is plagued with three vulnerabilities that can be exploited to read memory, forge objects, and achieve code execution on the impacted server. The researchers found that the first two flaws could enable a malicious actor to take total control of the affected server, while the third flaw can be used to create a denial-of-service (DoS) attack.
Source: http://www.securityweek.com/vulnerabilities-plague-php-7s-unserialize-mechanism

For another story, see item 13 below from the Healthcare and Public Health Sector

13. December 29, SecurityWeek – (National) FDA releases guidance for medical device cybersecurity. The U.S. Food and Drug Administration (FDA) released December 29 guidance on the management of cybersecurity risks for medical devices after they have been deployed on a patient’s home network, in a patient’s body, or on a hospital’s network, which advises medical device manufacturers to establish and maintain a process for detecting cybersecurity holes in their devices, evaluating and controlling the associated risks, and deploying hardware and software patches and updates before the vulnerabilities are exploited. The guidance states that manufacturers do not need to report the vulnerabilities to the FDA unless they result in patient death or other adverse events, or cannot be patched within 60 days.

Communications Sector

Nothing to report