Complete DHS Report for
September 30, 2015
Daily Report
Top Stories
•Volkswagen
officials announced September 29 that the company will be recalling up to
11million diesel vehicles worldwide to address models fit with illegal
emissions software. –Reuters
3. September
29, Reuters – (International) Volkswagen to refit cards affected by
emissions scandal. Volkswagen officials announced September 29 that the
company will be recalling up to 11 million diesel vehicles worldwide to address
models fit with illegal emissions software. Analysts believe the move could
cost the company over $6.5 billion. Source: http://www.reuters.com/article/2015/09/29/us-volkswagen-emissions-plan-idUSKCN0RT0OL20150929
•The U.S. Securities
and Exchange Commission announced September 28 that Trinity Capital Corporation
and its subsidiary agreed to pay $1.5 million to settle allegations that the
company materially misstated its provision and allowance for loan and lease
losses in quarterly and annual filings. – U.S. Securities and Exchange
Commission See item 9 below in the Financial Services Sector
•An Arkansas
official reported September 28 that 41,000 chickens suffocated after an inmate
at Cummins Unit prison hit an electricity pole that caused the ventilators in
the chicken enclosure to shut down in August. – Associated Press
16. September
28, Associated Press – (Arkansas) Power outage kills thousands of Arkansas prison’s
chickens. An Arkansas Department of Correction official reported September
28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison hit
an electricity pole that caused the ventilators in the chicken enclosure to
shut down in August. Officials reported that the chickens will cost more than $200,000
to replace and that the department will purchase a generator to mitigate future
emergencies. Source:
http://www.myfoxmemphis.com/story/30135685/power-outage-kills-thousands-of-arkansas-prisons-chickens
•Two security
researchers from Protiviti and NeoHapsis presented on how vulnerabilities in thousands
of critical medical systems were found exposed online through the Shodan search
engine. – The Register
18. September
29, The Register – (International) Thousands of ‘directly hackable’ hospital
devices exposed online. Two security researchers from Protiviti and
NeoHapsis presented at Derbycon on how vulnerabilities in thousands of critical
medical systems including Magnetic Resonance Imaging (MRI) machines and nuclear
medical devices, were found exposed online through the Shodan search engine.
The researchers were able to manipulate search terms specifically targeting
specialty clinics and found thousands with misconfiguration and direct attack
vectors. Source: http://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/
Financial Services Sector
8. September
29, Lincoln Journal Star – (Nebraska) 5 teens arrested for suspected
ATM skimming operation. Officials arrested 5 teens September 25 for their
roles in an ATM fraud operation in which the suspects allegedly planted
skimming devices at 3 Pinnacle Bank locations in Lincoln. Authorities believe
the suspects may be part of a national criminal enterprise responsible for
losses of thousands of dollars at ATMs in 17 States. Source: http://journalstar.com/news/local/911/teens-arrested-for-suspected-atm-skimming-operation/article_9dce4b14-c183-55a1-801a-a40e18f79156.html
9. September
28, U.S. Securities and Exchange Commission – (National) SEC charges
Trinity Capital Corporation and former bank executives with accounting fraud. The
U.S. Securities and Exchange Commission announced September 28 that Trinity
Capital Corporation and its subsidiary, Los Alamos National Bank, agreed to pay
$1.5 million to resolve allegations that the company materially misstated its
provision and allowance for loan and lease losses in multiple quarterly and
annual filings, including understating its 2011 net loss to common shareholders
by $30.5 million. Five current or former executives were also charged for
allegedly manipulating the company’s financial results and for failing to
implement internal loan accounting controls. Source: http://www.sec.gov/news/pressrelease/2015-215.html
Information Technology Sector
23. September
29, IDG News Service – (International) Newly found TrueCrypt flaw allows full system
compromise. A security researcher from Google’s Project Zero team
discovered two vulnerabilities in TrueCrypt hard drive encryption software
which could allow attackers to obtain elevated system privileges if they have
access to a limited user account. VeraCrypt released patches for the vulnerabilities,
and users were advised to switch products for these and other security
improvements. Source: http://www.networkworld.com/article/2987436/newly-found-truecrypt-flaw-allows-full-system-compromise.html#tk.rss_all
24. September
28, Softpedia – (International) VBA malware makes a comeback inside
booby-trapped Word documents. Security researchers from Sophos released
research findings revealing that hackers are increasingly using Visual Basic
for Applications (VBA) to deliver malware in Microsoft Word documents, and that
the company discovers 50 – 100 new VBA templates every month which primarily
deliver the Dridex, CryptoWall, Dyreza, and Zbot malware, among other findings.
Source: http://news.softpedia.com/news/vba-malware-makes-a-comeback-inside-booby-trapped-word-documents-493005.shtml
Communications Sector
Nothing to report