Complete DHS Report for January 12, 2017
Daily Report
Top Stories
• Honda Motor Co. Ltd. issued a recall January 11 for 1.29 million
of its model years 2005 – 2012 Acura and Honda vehicles in select makes to
replace faulty Takata Corporation passenger-side airbags. – TheCarConnection.com
4. January 11,
TheCarConnection.com – (National) Honda adds 772,000 Accord, Civic,
CR-V, and other models to Takata airbag recall. Honda Motor Co. Ltd. issued
a recall January 11 for 1.29 million of its model years 2005 – 2012 Acura and
Honda vehicles sold in select makes in the U.S. to replace faulty Takata
Corporation passenger-side airbags. The recall includes 518,000 vehicles that
were previously involved in recalls for driver-side Takata Corporation airbags.
• The U.S. Federal Deposit Insurance Corporation (FDIC) filed a
$542 million lawsuit against Bank of America Corp. January 9 for reportedly
failing to pay the FDIC for deposit insurance protection. – Bloomberg News See item 6
below in the Financial Services Sector
• The former operator of Coin.mx pleaded guilty January 9 to
violating Federal anti-money laundering laws and regulations by processing over
$10 million in illegal Bitcoin transactions. – U.S. Attorney’s Office,
Southern District of New York See item 7 below in the Financial Services Sector
• The Port Authority of New York and New Jersey agreed January 10
to pay a $400,000 penalty after it offered and sold $2.3 billion worth of bonds
to roadway project investors without informing them of risks associated with
certain projects. – U.S. Securities and Exchange Commission
11. January 10, U.S.
Securities and Exchange Commission – (New York; New Jersey) SEC: Port
Authority omitted risks to investors in roadway projects. The U.S.
Securities and Exchange Commission announced January 10 that the Port Authority
of New York and New Jersey agreed to pay a $400,000 penalty and admit
wrongdoing after it offered and sold $2.3 billion worth of bonds to roadway
project investors without informing the investors that certain projects listed
in the offering documents were outside its mandate and potentially illegal to
pursue.
Source:
https://www.sec.gov/news/pressrelease/2017-4.html
Financial Services Sector
6. January 9, Bloomberg
News – (National) Bank of America sued for $542 million over FDIC risk
rule. The U.S. Federal Deposit Insurance Corporation (FDIC) filed a $542
million lawsuit against Bank of America Corp. January 9 for reportedly failing
to pay the FDIC for deposit insurance protection from 2013 – 2014 after the
bank ignored FDIC instructions and improperly calculated exposure faced by its
parent-level firms, thereby causing the bank to understate how much it owed in
insurance protection for its 20 largest counterparties. The FDIC claims the
bank owes a total of more than $1 billion in underpayments made since 2011. Source:
https://www.bloomberg.com/news/articles/2017-01-09/bank-of-america-sued-by-fdic-over-542-million-of-insurance
7. January 9, U.S.
Attorney’s Office, Southern District of New York – (International) Operator
of unlawful Bitcoin exchange pleads guilty in multimillion-dollar money
laundering and fraud scheme. The former operator of Coin.mx, an
Internet-based Bitcoin exchange, pleaded guilty January 9 to violating Federal
anti-money laundering laws and regulations by processing over $10 million in
illegal Bitcoin transactions from 2013 – July 2015 via a sham front company,
Collectables Club that the operator and co-conspirators created in order to
avoid detection. To further avoid scrutiny from financial institutions about
the nature of Coin.mx’s business, the group gained control of New Jersey-based
Helping Other People Excel Federal Credit Union in 2014 after making more than
$150,000 in illegal bribes. Source: https://www.justice.gov/usao-sdny/pr/operator-unlawful-bitcoin-exchange-pleads-guilty-multimillion-dollar-money-laundering
Information Technology Sector
24. January 10,
SecurityWeek – (International) Microsoft patches flaws in Windows,
Office, Edge. Microsoft released a total of four security bulletins,
including a critical bulletin that resolves a memory corruption flaw in Office
that can be exploited by convincing a targeted user to open a maliciously
crafted file or to visit a Website hosting a malicious file due to the way the
software handles objects in memory. Microsoft also released bulletins patching
a privilege escalation flaw in Edge, a denial-of-service (DoS) flaw, as well as
vulnerabilities in Adobe Flash Player used in several versions of Windows.
25. January 10,
SecurityWeek – (International) SAP patches multiple XSS and missing
authorization vulnerabilities. SAP released its January 2017 security
patches resolving a total of 23 flaws across its products, including a severe
buffer overflaw bug that an attacker could leverage to inject malicious code
into memory and cause a compromised application to execute it, enabling the
attacker to take complete control of an application, cause a denial-of-service
(DoS) condition, or execute arbitrary commands, among other malicious actions.
The patches also addressed a critical Structured Query Language (SQL) injection
flaw in SAP Business Intelligence Platform that could allow a malicious actor
using specially crafted SQL queries to access and modify sensitive information
from a database, remove the data, and execute administration operations, among
other addressed flaws. Source: http://www.securityweek.com/sap-patches-multiple-xss-and-missing-authorization-vulnerabilities
26. January 10,
SecurityWeek – (International) Adobe patches 42 flaws in Reader,
Acrobat, Flash. Adobe released security updates addressing a total of 42
vulnerabilities in its products, including 29 issues affecting Acrobat and
Reader versions 11 and 15 that could allow a malicious actor to take control of
impacted system. The updates also resolve 13 critical security flaws in Flash
Player, which can lead to arbitrary code execution or information disclosure.
Source:
http://www.securityweek.com/adobe-patches-42-flaws-reader-acrobat-flash
27. January 10,
SecurityWeek – (International) New Terror exploit kit emerges. Security
researchers from Trustwave reported cybercriminals started leveraging a new
exploit kit (EK), dubbed Terror which packs at least eight different
operational exploits for Microsoft Internet Explorer, Adobe Flash Player, and
Mozilla Firefox that are a combination of metasploit exploits and ones borrowed
from the Hunter or Sundown EKs. The developer of Terror was observed leveraging
the EK to deliver a cryptocurrency miner to the compromised device.
Communications Sector
Nothing to report