Wednesday, September 30, 2015



Complete DHS Report for September 30, 2015

Daily Report                                            

Top Stories

 •Volkswagen officials announced September 29 that the company will be recalling up to 11million diesel vehicles worldwide to address models fit with illegal emissions software. –Reuters

3. September 29, Reuters – (International) Volkswagen to refit cards affected by emissions scandal. Volkswagen officials announced September 29 that the company will be recalling up to 11 million diesel vehicles worldwide to address models fit with illegal emissions software. Analysts believe the move could cost the company over $6.5 billion. Source: http://www.reuters.com/article/2015/09/29/us-volkswagen-emissions-plan-idUSKCN0RT0OL20150929

 •The U.S. Securities and Exchange Commission announced September 28 that Trinity Capital Corporation and its subsidiary agreed to pay $1.5 million to settle allegations that the company materially misstated its provision and allowance for loan and lease losses in quarterly and annual filings. – U.S. Securities and Exchange Commission See item 9 below in the Financial Services Sector

 •An Arkansas official reported September 28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison hit an electricity pole that caused the ventilators in the chicken enclosure to shut down in August. – Associated Press

16. September 28, Associated Press – (Arkansas) Power outage kills thousands of Arkansas prison’s chickens. An Arkansas Department of Correction official reported September 28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison hit an electricity pole that caused the ventilators in the chicken enclosure to shut down in August. Officials reported that the chickens will cost more than $200,000 to replace and that the department will purchase a generator to mitigate future emergencies. Source: http://www.myfoxmemphis.com/story/30135685/power-outage-kills-thousands-of-arkansas-prisons-chickens

 •Two security researchers from Protiviti and NeoHapsis presented on how vulnerabilities in thousands of critical medical systems were found exposed online through the Shodan search engine. – The Register

18. September 29, The Register – (International) Thousands of ‘directly hackable’ hospital devices exposed online. Two security researchers from Protiviti and NeoHapsis presented at Derbycon on how vulnerabilities in thousands of critical medical systems including Magnetic Resonance Imaging (MRI) machines and nuclear medical devices, were found exposed online through the Shodan search engine. The researchers were able to manipulate search terms specifically targeting specialty clinics and found thousands with misconfiguration and direct attack vectors. Source: http://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/

Financial Services Sector

8. September 29, Lincoln Journal Star – (Nebraska) 5 teens arrested for suspected ATM skimming operation. Officials arrested 5 teens September 25 for their roles in an ATM fraud operation in which the suspects allegedly planted skimming devices at 3 Pinnacle Bank locations in Lincoln. Authorities believe the suspects may be part of a national criminal enterprise responsible for losses of thousands of dollars at ATMs in 17 States. Source: http://journalstar.com/news/local/911/teens-arrested-for-suspected-atm-skimming-operation/article_9dce4b14-c183-55a1-801a-a40e18f79156.html

9. September 28, U.S. Securities and Exchange Commission – (National) SEC charges Trinity Capital Corporation and former bank executives with accounting fraud. The U.S. Securities and Exchange Commission announced September 28 that Trinity Capital Corporation and its subsidiary, Los Alamos National Bank, agreed to pay $1.5 million to resolve allegations that the company materially misstated its provision and allowance for loan and lease losses in multiple quarterly and annual filings, including understating its 2011 net loss to common shareholders by $30.5 million. Five current or former executives were also charged for allegedly manipulating the company’s financial results and for failing to implement internal loan accounting controls. Source: http://www.sec.gov/news/pressrelease/2015-215.html

Information Technology Sector

23. September 29, IDG News Service – (International) Newly found TrueCrypt flaw allows full system compromise. A security researcher from Google’s Project Zero team discovered two vulnerabilities in TrueCrypt hard drive encryption software which could allow attackers to obtain elevated system privileges if they have access to a limited user account. VeraCrypt released patches for the vulnerabilities, and users were advised to switch products for these and other security improvements. Source: http://www.networkworld.com/article/2987436/newly-found-truecrypt-flaw-allows-full-system-compromise.html#tk.rss_all

24. September 28, Softpedia – (International) VBA malware makes a comeback inside booby-trapped Word documents. Security researchers from Sophos released research findings revealing that hackers are increasingly using Visual Basic for Applications (VBA) to deliver malware in Microsoft Word documents, and that the company discovers 50 – 100 new VBA templates every month which primarily deliver the Dridex, CryptoWall, Dyreza, and Zbot malware, among other findings. Source: http://news.softpedia.com/news/vba-malware-makes-a-comeback-inside-booby-trapped-word-documents-493005.shtml

Communications Sector

Nothing to report

Tuesday, September 29, 2015



Complete DHS Report for September 29, 2015

Daily Report                                            

Top Stories


 • A former La Jolla Bank official pleaded guilty September 25 to a bribery scheme in which she conspired with senior executives to arrange over $55 million in loans to unqualified borrowers. – San Diego Union-Tribune See item 3 below in the Financial Services Sector

 • California officials re-adopted the low-carbon fuel standard September 25, requiring producers to cut transportation fuel emissions 10 percent by 2020. – Associated Press

9. September 25, Associated Press – (California) California regulators restore emissions-cutting fuel rule. California officials re-adopted its low-carbon fuel standard September 25, requiring producers to cut transportation fuel emissions 10 percent by 2020. The changes are also expected to increase the cost of gasoline and diesel fuel a few cents a gallon.Source: http://lompocrecord.com/news/state-and-regional/california-regulators-restore-emissions-cutting-fuel-rule/article_6dd7fd91-4491-5272-8649-fce6b1d31eaa.html?comment_form=true

 • The U.S. Department of Health and Human Services released an audit September 24 on the Multidimensional Insurance Data Analytics System and found that it had issues with its security policy and 135 database vulnerabilities. – Associated Press

20. September 24, Associated Press – (National) Audit finds holes in government computer system that stores data on HealthCare.gov customers. The U.S. Department of Health and Human Services Inspector General’s Office released an audit September 24 on the Federal Government’s Multidimensional Insurance Data Analytics System (MIDAS), and found that the internal computer system, which is used to store sensitive personal information on millions of health insurance customers, had issues of security policy and 135 database vulnerabilities. Officials reported that it fixed all the problems identified in the audit, including the nearly two dozen that were categorized as potentially catastrophic or severe. Source: http://www.startribune.com/audit-finds-slipshod-cyber-security-at-healthcare-gov/329204921/

 • Officials reported September 27 that up to 40 people were injured at the Summer Ends music festival in Tempe Beach Park September 26 after concert-goers rushed the stage, prompting authorities to cancel a musical set due to a medical emergency. – Associated Press

28. September 27, Associated Press – (Arizona) Concert-goers injured after dozens rush music festival stage in Arizona. Arizona fire officials reported September 27 that up to 40 people were injured at the Summer Ends music festival in Tempe Beach Park September 26 after concert-goers rushed the stage when a reggae band came on, prompting authorities to cancel a musical set due to a medical emergency. Fans were moved back from the stage while medical professionals tended to the injured. Source: http://www.theguardian.com/us-news/2015/sep/27/arizona-music-festival-concert-goers-rush-stage

Financial Services Sector

3. September 26, San Diego Union-Tribune – (California) Guilty plea in La Jolla bribery scheme. A former head of La Jolla Bank’s Small Business Administration (SBA) lending department pleaded guilty September 25 to a bribery scheme in which she conspired with senior executives to arrange over $55 million in loans to unqualified borrowers, for which she and other executives took cash bribes and kickbacks in exchange. Hundreds of millions of dollars’ worth of conventional loans were reportedly part of the scheme, and the SBA-backed loans issued by the suspect resulted in almost $20 million worth of bank losses. Source: http://www.sandiegouniontribune.com/news/2015/sep/26/Amalia-Martinez-guilty-la-jolla-bank-bribery/

4. September 25, Press of Atlantic City – (New Jersey) Suspects skimmed Margate bank customers’ info, police say. Margate Police and U.S. Secret Service officials were investigating reports of fraud September 25 after ATM skimming devices installed on Bank of America ATMs in July reportedly resulted in losses of over $50,000 to 40 customers. Source: http://www.pressofatlanticcity.com/news/suspects-skimmed-margate-bank-customers-info-police-say/article_286e6f8a-63c5-11e5-a659-eb719a10e4d0.html

For another story, see item 27 below in the Information Technology Sector

Information Technology Sector

23. September 28, Securityweek – (International) Mobile ad network abused in DDoS attack: CloudFlare. CloudFlare reported that a customer was recently targeted by a Layer 7 JavaScript-based distributed denial-of-service (DDoS) attack leveraging a mobile ad network in an attack that involved over 1 billion Hypertext Transfer Protocol (HTTP) requests per hour. Security researchers warned that the attack could be signaling a new trend in DDoS attacks that are more difficult to mitigate. Source: http://www.securityweek.com/mobile-ad-network-abused-ddos-attack-cloudflare

24. September 26, Securityweek – (International) Cookies render HTTPS sessions vulnerable to data leaks. The Computer Emergency Readiness Team (CERT) published an advisory warning that cookies established via regular Hypertext Transfer Protocol (HTTP) requests are a security flaw for HTTP Secure (HTTPS) sessions, and that an attacker could set a cookie to be later used via an HTTPS connection instead of the original Web site, potentially gaining access to private information.

25. September 26, Softpedia – (International) Operation Pony Express delivers malware via Microsoft Word files. Security researchers from Sophos reported that a spear-phishing campaign active from April – May, dubbed Operation Pony Express, utilized a documented Microsoft Word vulnerability delivered via an intermediary malware downloader. The campaign targeted specific individuals and organizations with emails containing fake rich text format (RTF) invoice files purporting to be from RingCentral. Source: http://news.softpedia.com/news/operation-pony-express-delivers-malware-via-microsoft-word-files-492836.shtml

26. September 25, Softpedia – (International) Over 2,000 WordPress sites are infecting users with spyware. Security researchers from Zscaler discovered a covert spyware distribution campaign active since August that has been targeting the latest WordPress content management system (CMS) with malicious JavaScript code that uses iframes to collect user information and redirects users to pages containing spyware masked as an Adobe Flash Player update. The campaign has affected over 2,000 sites and infected over 20,000 users. Source: http://news.softpedia.com/news/over-2-000-wordpress-sites-are-infecting-users-with-spyware-492825.shtml

27. September 25, Softpedia – (International) Kasidet DDOSing bot adds credit card scraping capabilities. Security researchers from TrendMicro discovered a new version of the Kasidet/Neutrino distributed denial-of-service (DDoS) bot, which as of March added support for scraping a device’s point-of-sale (PoS) random access memory (RAM). The bot’s command-and-control (C&C) server also attempts to evade mitigation by sending “404 not found” errors to make it appear that it is not working properly. Source: http://news.softpedia.com/news/kasidet-ddosing-bot-adds-credit-card-scraping-capabilities-492802.shtml

Communications Sector

Nothing to report