Complete DHS Report for January 12, 2015
Daily Report
Top Stories
· The
National Highway Traffic Safety Administration fined Honda $70 million January
8 for failing to report 1,729 accidents that caused deaths or serious injuries
over 11 years. – CNNMoney
4. January
8, CNNMoney – (National) Honda hit with $70 million in fines for
failing to report accidents over 11 years. The National Highway Traffic
Safety Administration fined Honda $70 million January 8 for failing to report
1,729 accidents that caused deaths or serious injuries over 11 years. Honda
stated that the failure to file reports was caused by data and computer
programming errors. Source: http://money.cnn.com/2015/01/08/news/companies/honda-safety-fine/
·
The former head of Oregon-based Sunwest Management retirement centers pleaded
guilty January 8 to running an investment fraud scheme that defrauded investors
out of $130 million. – Associated Press See item 7 below in the Financial Services Sector
· One
worker died and at least two other individuals were injured at the Green Valley
Chemical fertilizer plant in Creston January 8 following a reported explosion
at the facility. – Associated Press; Waterloo Cedar Falls Courier
13. January
9, Associated Press; Waterloo Cedar Falls Courier – (Iowa) Manager
says 1 dead following explosion at Iowa plant. One worker died and at least
two other individuals were injured at the Green Valley Chemical fertilizer
plant in Creston January 8 following a reported explosion at the facility. The
cause of the explosion was not immediately disclosed. Source: http://wcfcourier.com/news/local/manager-says-dead-following-explosion-at-iowa-plant/article_a9d0f826-980b-11e4-a1cf-c7ca67772777.html
· A
Centers for Medicare and Medicaid Services study released in December
identified 732 hospitals nationwide that will have their Medicare payments
lowered by 1 percent over the fiscal year from October 2014 through September
2015 due to medical errors that are considered avoidable. – Lawrence
Journal-World; Associated Press
23. January 9, Lawrence Journal-World; Associated Press –
(National) KU Hospital among 11 penalized in Kansas. The federal Centers
for Medicare and Medicaid Services study released in December identified 11
hospitals in Kansas and 721 nationwide that will have their Medicare payments
lowered by 1 percent over the fiscal year from October 2014 through September
2015 due to medical errors that are considered avoidable. The report found that
the hospitals had the highest rates of hospital-acquired conditions which
included infections from catheters, blood clots, bed sores, and other
preventable complications. Source: http://www2.ljworld.com/news/2015/jan/08/11-kansas-hospitals-penalized-rates-infections/
Financial Services Sector
7. January 8,
Associated Press – (Oregon) Former Sunwest CEO pleads guilty to mail fraud. The
former head of Oregon-based Sunwest Management retirement centers pleaded
guilty January 8 to running an investment fraud scheme that defrauded investors
out of $130 million. The former CEO misled investors in the chain of over 300
assisted-living centers by portraying the company as prosperous while it was
rapidly losing money in 2006. Source: http://www.columbian.com/news/2015/jan/08/former-sunwest-ceo-pleads-guilty-to-mail-fraud/
For another
story, see item 6 below from the Critical Manufacturing Sector
6. January 8, Dark Reading – (International) Banking
trojans disguised as ICS/SCADA software infecting plants. A researcher with
Trend Micro identified 13 varieties of banking malware disguised as legitimate
industrial control systems (ICS) software updates from Siemens, GE, and Advantech.
The researcher stated that he first identified the attacks in October and that
they originate as spearphishing attempts or drive-by download attacks. Source: http://www.darkreading.com/attacks-breaches/banking-trojans-disguised-as-ics-scada-software-infecting-plants/d/d-id/1318542
Information Technology Sector
29. January 9,
Softpedia – (International) Andromeda botkit used for Bitcoin mining
purpose. Fortinet researchers observed attackers using an older, cracked
version of the Andromeda botnet malware to deliver Bitcoin mining software to
compromised computers. The malware is version 2.06 of Andromeda and can also
download additional modules and updates from the attackers’ command and control
servers. Source: http://news.softpedia.com/news/Version-of-Andromeda-Bot-Used-for-Bitcoin-Mining-Purpose-469474.shtml
30. January 9,
Threatpost – (International) Schneider patches buffer overflow in
Wonderware server. Schneider Electric issued a patch for its Wonderware
InTouch Access Anywhere Server v10.6 and v11 that closes a remotely exploitable
buffer overflow vulnerability. The software is used in industries including the
chemical, energy, manufacturing, and water utility sectors. Source: http://threatpost.com/schneider-patches-buffer-overflow-in-wonderware-server/110310
31. January 9,
Softpedia – (International) Unauthorized root command execution possible
in ASUS routers. A researcher reported a vulnerability in ASUS routers
where a firmware service could be used by attackers with access to the network
to reconfigure the router. Source: http://news.softpedia.com/news/Unauthorized-Root-Command-Execution-Possible-in-ASUS-Routers-469463.shtml
32. January 9,
Help Net Security – (International) OpenSSL release patches 8 vulnerabilities. The
OpenSSL Project released updates for its open-source library, closing eight
vulnerabilities including two that could be used for denial of service (DoS)
attacks. Source: http://www.net-security.org/secworld.php?id=17803
33. January 8,
Softpedia – (International) vBulletin warns of vBSEO vulnerability. The
developers of vBulletin informed users of the now-defunct vBSEO search engine
optimization product that a security vulnerability exists in vBSEO and offered
a solution for the issue. Source: http://news.softpedia.com/news/vBbulletin-Warns-of-vBSEO-Vulnerability-469403.shtml
For another story, see item 6 above from the Critical Manufacturing Sector
Communications Sector
Nothing to report