Wednesday, September 30, 2015



Complete DHS Report for September 30, 2015

Daily Report                                            

Top Stories

 •Volkswagen officials announced September 29 that the company will be recalling up to 11million diesel vehicles worldwide to address models fit with illegal emissions software. –Reuters

3. September 29, Reuters – (International) Volkswagen to refit cards affected by emissions scandal. Volkswagen officials announced September 29 that the company will be recalling up to 11 million diesel vehicles worldwide to address models fit with illegal emissions software. Analysts believe the move could cost the company over $6.5 billion. Source: http://www.reuters.com/article/2015/09/29/us-volkswagen-emissions-plan-idUSKCN0RT0OL20150929

 •The U.S. Securities and Exchange Commission announced September 28 that Trinity Capital Corporation and its subsidiary agreed to pay $1.5 million to settle allegations that the company materially misstated its provision and allowance for loan and lease losses in quarterly and annual filings. – U.S. Securities and Exchange Commission See item 9 below in the Financial Services Sector

 •An Arkansas official reported September 28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison hit an electricity pole that caused the ventilators in the chicken enclosure to shut down in August. – Associated Press

16. September 28, Associated Press – (Arkansas) Power outage kills thousands of Arkansas prison’s chickens. An Arkansas Department of Correction official reported September 28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison hit an electricity pole that caused the ventilators in the chicken enclosure to shut down in August. Officials reported that the chickens will cost more than $200,000 to replace and that the department will purchase a generator to mitigate future emergencies. Source: http://www.myfoxmemphis.com/story/30135685/power-outage-kills-thousands-of-arkansas-prisons-chickens

 •Two security researchers from Protiviti and NeoHapsis presented on how vulnerabilities in thousands of critical medical systems were found exposed online through the Shodan search engine. – The Register

18. September 29, The Register – (International) Thousands of ‘directly hackable’ hospital devices exposed online. Two security researchers from Protiviti and NeoHapsis presented at Derbycon on how vulnerabilities in thousands of critical medical systems including Magnetic Resonance Imaging (MRI) machines and nuclear medical devices, were found exposed online through the Shodan search engine. The researchers were able to manipulate search terms specifically targeting specialty clinics and found thousands with misconfiguration and direct attack vectors. Source: http://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/

Financial Services Sector

8. September 29, Lincoln Journal Star – (Nebraska) 5 teens arrested for suspected ATM skimming operation. Officials arrested 5 teens September 25 for their roles in an ATM fraud operation in which the suspects allegedly planted skimming devices at 3 Pinnacle Bank locations in Lincoln. Authorities believe the suspects may be part of a national criminal enterprise responsible for losses of thousands of dollars at ATMs in 17 States. Source: http://journalstar.com/news/local/911/teens-arrested-for-suspected-atm-skimming-operation/article_9dce4b14-c183-55a1-801a-a40e18f79156.html

9. September 28, U.S. Securities and Exchange Commission – (National) SEC charges Trinity Capital Corporation and former bank executives with accounting fraud. The U.S. Securities and Exchange Commission announced September 28 that Trinity Capital Corporation and its subsidiary, Los Alamos National Bank, agreed to pay $1.5 million to resolve allegations that the company materially misstated its provision and allowance for loan and lease losses in multiple quarterly and annual filings, including understating its 2011 net loss to common shareholders by $30.5 million. Five current or former executives were also charged for allegedly manipulating the company’s financial results and for failing to implement internal loan accounting controls. Source: http://www.sec.gov/news/pressrelease/2015-215.html

Information Technology Sector

23. September 29, IDG News Service – (International) Newly found TrueCrypt flaw allows full system compromise. A security researcher from Google’s Project Zero team discovered two vulnerabilities in TrueCrypt hard drive encryption software which could allow attackers to obtain elevated system privileges if they have access to a limited user account. VeraCrypt released patches for the vulnerabilities, and users were advised to switch products for these and other security improvements. Source: http://www.networkworld.com/article/2987436/newly-found-truecrypt-flaw-allows-full-system-compromise.html#tk.rss_all

24. September 28, Softpedia – (International) VBA malware makes a comeback inside booby-trapped Word documents. Security researchers from Sophos released research findings revealing that hackers are increasingly using Visual Basic for Applications (VBA) to deliver malware in Microsoft Word documents, and that the company discovers 50 – 100 new VBA templates every month which primarily deliver the Dridex, CryptoWall, Dyreza, and Zbot malware, among other findings. Source: http://news.softpedia.com/news/vba-malware-makes-a-comeback-inside-booby-trapped-word-documents-493005.shtml

Communications Sector

Nothing to report