Monday, January 12, 2015



Complete DHS Report for January 12, 2015

Daily Report

Top Stories

 · The National Highway Traffic Safety Administration fined Honda $70 million January 8 for failing to report 1,729 accidents that caused deaths or serious injuries over 11 years. – CNNMoney

4. January 8, CNNMoney – (National) Honda hit with $70 million in fines for failing to report accidents over 11 years. The National Highway Traffic Safety Administration fined Honda $70 million January 8 for failing to report 1,729 accidents that caused deaths or serious injuries over 11 years. Honda stated that the failure to file reports was caused by data and computer programming errors. Source: http://money.cnn.com/2015/01/08/news/companies/honda-safety-fine/

 · The former head of Oregon-based Sunwest Management retirement centers pleaded guilty January 8 to running an investment fraud scheme that defrauded investors out of $130 million. – Associated Press See item 7 below in the Financial Services Sector

 · One worker died and at least two other individuals were injured at the Green Valley Chemical fertilizer plant in Creston January 8 following a reported explosion at the facility. – Associated Press; Waterloo Cedar Falls Courier

13. January 9, Associated Press; Waterloo Cedar Falls Courier – (Iowa) Manager says 1 dead following explosion at Iowa plant. One worker died and at least two other individuals were injured at the Green Valley Chemical fertilizer plant in Creston January 8 following a reported explosion at the facility. The cause of the explosion was not immediately disclosed. Source: http://wcfcourier.com/news/local/manager-says-dead-following-explosion-at-iowa-plant/article_a9d0f826-980b-11e4-a1cf-c7ca67772777.html

 · A Centers for Medicare and Medicaid Services study released in December identified 732 hospitals nationwide that will have their Medicare payments lowered by 1 percent over the fiscal year from October 2014 through September 2015 due to medical errors that are considered avoidable. – Lawrence Journal-World; Associated Press

23. January 9, Lawrence Journal-World; Associated Press – (National) KU Hospital among 11 penalized in Kansas. The federal Centers for Medicare and Medicaid Services study released in December identified 11 hospitals in Kansas and 721 nationwide that will have their Medicare payments lowered by 1 percent over the fiscal year from October 2014 through September 2015 due to medical errors that are considered avoidable. The report found that the hospitals had the highest rates of hospital-acquired conditions which included infections from catheters, blood clots, bed sores, and other preventable complications. Source: http://www2.ljworld.com/news/2015/jan/08/11-kansas-hospitals-penalized-rates-infections/

Financial Services Sector

7. January 8, Associated Press – (Oregon) Former Sunwest CEO pleads guilty to mail fraud. The former head of Oregon-based Sunwest Management retirement centers pleaded guilty January 8 to running an investment fraud scheme that defrauded investors out of $130 million. The former CEO misled investors in the chain of over 300 assisted-living centers by portraying the company as prosperous while it was rapidly losing money in 2006. Source: http://www.columbian.com/news/2015/jan/08/former-sunwest-ceo-pleads-guilty-to-mail-fraud/

For another story, see item 6 below from the Critical Manufacturing Sector

6. January 8, Dark Reading – (International) Banking trojans disguised as ICS/SCADA software infecting plants. A researcher with Trend Micro identified 13 varieties of banking malware disguised as legitimate industrial control systems (ICS) software updates from Siemens, GE, and Advantech. The researcher stated that he first identified the attacks in October and that they originate as spearphishing attempts or drive-by download attacks. Source: http://www.darkreading.com/attacks-breaches/banking-trojans-disguised-as-ics-scada-software-infecting-plants/d/d-id/1318542

Information Technology Sector

29. January 9, Softpedia – (International) Andromeda botkit used for Bitcoin mining purpose. Fortinet researchers observed attackers using an older, cracked version of the Andromeda botnet malware to deliver Bitcoin mining software to compromised computers. The malware is version 2.06 of Andromeda and can also download additional modules and updates from the attackers’ command and control servers. Source: http://news.softpedia.com/news/Version-of-Andromeda-Bot-Used-for-Bitcoin-Mining-Purpose-469474.shtml

30. January 9, Threatpost – (International) Schneider patches buffer overflow in Wonderware server. Schneider Electric issued a patch for its Wonderware InTouch Access Anywhere Server v10.6 and v11 that closes a remotely exploitable buffer overflow vulnerability. The software is used in industries including the chemical, energy, manufacturing, and water utility sectors. Source: http://threatpost.com/schneider-patches-buffer-overflow-in-wonderware-server/110310

31. January 9, Softpedia – (International) Unauthorized root command execution possible in ASUS routers. A researcher reported a vulnerability in ASUS routers where a firmware service could be used by attackers with access to the network to reconfigure the router. Source: http://news.softpedia.com/news/Unauthorized-Root-Command-Execution-Possible-in-ASUS-Routers-469463.shtml

32. January 9, Help Net Security – (International) OpenSSL release patches 8 vulnerabilities. The OpenSSL Project released updates for its open-source library, closing eight vulnerabilities including two that could be used for denial of service (DoS) attacks. Source: http://www.net-security.org/secworld.php?id=17803

33. January 8, Softpedia – (International) vBulletin warns of vBSEO vulnerability. The developers of vBulletin informed users of the now-defunct vBSEO search engine optimization product that a security vulnerability exists in vBSEO and offered a solution for the issue. Source: http://news.softpedia.com/news/vBbulletin-Warns-of-vBSEO-Vulnerability-469403.shtml

For another story, see item 6 above from the Critical Manufacturing Sector

Communications Sector

Nothing to report