Have a safe and pleasant celebration on New Year’s Eve

 

Monday, December 31, 2012  


Daily Report

Top Stories

 • A Norfolk Southern tanker carrying 33,000 gallons of propane derailed in Bridgeville December 26, prompting authorities to evacuate nearby homes and residences and close nearby roads as a precaution. – Sussex County Post

2. December 27, Sussex County Post – (Delaware) Emergency ends with propane tanker removal. A Norfolk Southern tanker carrying 33,000 gallons of propane derailed in Bridgeville December 26, prompting authorities to evacuate nearby homes and residences and close nearby roads as a precaution. Source: http://delaware.newszap.com/southerndelaware/118755-70/emrgency-ends-with-propane-tanker-removal

 • Two people were injured at a hazardous waste treatment and storage facility in Cincinnati when a flash fire caused by shredding an industrial filter containing sodium chlorate sparked an explosion. – WCPO 5 Cincinnati

3. December 28, WCPO 5 Cincinnati – (Ohio) 2 injured in chemical explosion at Cincinnati industrial waste facility. Two people were injured at a hazardous waste treatment and storage facility in Cincinnati when a flash fire caused by shredding an industrial filter containing sodium chlorate sparked an explosion. Source: http://www.newsnet5.com/dpp/news/state/2-injured-in-chemical-explosion-at-cincinnati-industrial-waste-facility

 • Around 36,000 individuals who worked at or gained access to Army commands stationed at the former Fort Monmouth in New Jersey had their personal information compromised by computer hackers, the Army confirmed. – Asbury Park Press

17. December 28, Asbury Park Press – (New Jersey; National) Hackers take data of Monmouth workers, visitors. Around 36,000 individuals who worked at or gained access to Army commands stationed at the former Fort Monmouth in New Jersey had their personal information compromised by computer hackers, the Army confirmed. The breach discovered December 6 included Social Security numbers, salaries, home addresses, and places of birth along with dates. Source: http://www.militarytimes.com/news/2012/12/gannett-army-monmouth-hackers-gain-data-employees-visitors-122812/

 • Three officers were shot by a man in custody before he was shot and killed by police in a New Jersey police station December 28. – Associated Press

19. December 28, Associated Press – (New Jersey) 3 officers hurt in shooting at NJ police station. Three officers were shot by a man in custody before he was shot and killed by police in a New Jersey police station December 28. Source: http://www.charlotteobserver.com/2012/12/28/3750787/3-officers-hurt-in-shooting-at.html

Details

Banking and Finance Sector

5. December 28, BankInfoSecurity – (National) Wholesaler’s POS network hacked again. Wholesale restaurant supplier Restaurant Depot notified officials in several States after a point of sale (POS) breach exposed an unknown number of customers’ debit and credit card numbers. Source: http://www.bankinfosecurity.com/wholesalers-pos-network-hacked-again-a-5392

6. December 27, BankInfoSecurity – (International) DDoS: Citi takes post-holiday hit. Citigroup reported Web site interruptions December 26 after a hacktivist group announced a third week of distributed denial of service (DDoS) attacks. Source: http://www.bankinfosecurity.com/ddos-citi-takes-post-holiday-hit-a-5384

Information Technology Sector

21. December 28, Softpedia – (International) Flaw in Facebook allowed attackers to record video of user and post it on the timeline. Researchers from XYSEC Labs identified a cross site request forgery (CSRF) vulnerability in Facebook that could allow an attacker to record video from the victim’s webcam or other source and then post it to the victim’s timeline. Source: http://news.softpedia.com/news/Flaw-in-Facebook-Allowed-Attackers-to-Record-Video-of-User-and-Post-It-on-the-Timeline-Video-317462.shtml

22. December 28, Softpedia – (International) New Android trojan capable of launching DDoS attacks, sending SMSs. Researchers from Doctor Web identified a new Android trojan dubbed “Android.DDoS.1.origin” that can execute malicious tasks such as using the infected device for distributed denial of service (DDoS) attacks and sending out SMS messages. Source: http://news.softpedia.com/news/New-Android-Trojan-Capable-of-Launching-DDOS-Attacks-Sending-SMSs-317524.shtml

23. December 28, Softpedia – (International) Security update released for IP.Board 3.4, 3.3, 3.2, and 3.1 to address critical issue. A security update was released by Invision Power Services (IPS) for versions 3.4, 3.3, 3.2, and 3.1 of the software after a critical security vulnerability was identified. IPS recommended that users apply the update immediately. Source: http://news.softpedia.com/news/Security-Update-Released-for-IP-Board-3-4-3-3-3-2-and-3-1-to-Address-Critical-Issue-317539.shtml

24. December 28, Softpedia – (International) XSS and cookie handling vulnerabilities identified on HTC website. A researcher uncovered three cross-site scripting (XSS) vulnerabilities as well as a cookie handling flaw on HTC’s Web site, which was addressed by the company after they were notified. Source: http://news.softpedia.com/news/XSS-and-Cookie-Handling-Vulnerabilities-Identified-on-HTC-Website-317621.shtml

25. December 28, Softpedia – (International) Cybercriminals are using digitally signed QQ component as an infection catalyst. FireEye researchers found in an attack analysis that cybercriminals used the QQLive.exe file as a means to load a malicious .dll file since the legitimate QQ messenger service installer is signed with a certificate from Tencent Technology. Source: http://news.softpedia.com/news/Cybercriminals-Are-Using-Digitally-Signed-QQ-Component-as-an-Infection-Catalyst-317646.shtml

26. December 27, Threatpost – (International) WordPress W3 Total Cache misconfiguration leaves some blogs vulnerable. A vulnerability was found in the W3 Total Cache plugin for WordPress which could allow anyone to browse and download the database cache keys and extract sensitive information from them, including passwords, if a directory listing is left enabled. Source: http://threatpost.com/en_us/blogs/misconfiguration-flaw-wordpress-leaves-some-blogs-vulnerable-122712

Communications Sector

27. December 28, Ft. Lauderdale Sun-Sentinel – (Florida) Keyless car entry blocked by pirate radio station broadcasted from Hollywood bank roof. For several months, numerous individuals were unable to access their keyless car entry systems when their cars were parked near the Hollywood, Florida police station, due to an illegal pirate radio station being broadcast from the rooftop of a Hollywood bank that was blocking signals. Authorities found and confiscated the equipment but are still searching for the person who set up the illegal station. Source: http://www.huffingtonpost.com/2012/12/27/keyless-entry-blocked_n_2372306.html


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.


Friday, December 28, 2012
   

Daily Report

Top Stories

 • The number of Entergy customers in Arkansas with power outages breached 140,000 December 27. Crews estimated it could take up to one week to restore power to some areas. – Associated Press

1. December 27, Associated Press – (Arkansas) Entergy: More than 140K without power in Arkansas. The number of Entergy customers in Arkansas with power outages breached 140,000 December 27. Crews estimated it could take up to one week to restore power to some areas. Source: http://www.knoe.com/story/20431588/more-than-132000-still-without-power-in-arkansas

 • Idaho’s Department of Finance filed a lawsuit against a former Boise-based mortgage broker, accusing him of defrauding investors of $24 million and violating securities regulations. – Associated Press See item 4 below in the Banking and Finance Sector

 • A winter storm prompted the cancellation of over 400 flights around the country and caused traffic accidents and train delays throughout the Northeast. – CNN

8. December 27, CNN – (National) Winter storm strands travelers. A winter storm prompted the cancellation of over 400 flights around the country and caused traffic accidents and train delays throughout the Northeast. Source: http://www.cnn.com/2012/12/27/travel/airline-delays/index.html

 • Due to an increased demand in water combined with a decrease in precipitation, many development projects in Williamsport, Pennsylvania, have stopped or been altered. – Williamsport Sun-Gazette

18. December 26, Williamsport Sun-Gazette – (Pennsylvania) Water shortage stopping growth in Tioga County. Due to an increased demand in water combined with a decrease in precipitation, many development projects in Williamsport have stopped or been altered. Business owners are currently investigating alternative methods to obtain water; including drilling private wells and importing purchased water from other locations. Source: http://www.sungazette.com/page/content.detail/id/587322.html

Details

Banking and Finance Sector

4. December 27, Associated Press – (Idaho) Former Boise broker accused of $24 million investor fraud. Idaho’s Department of Finance filed a lawsuit against a former Boise-based mortgage broker, accusing him of defrauding investors of $24 million and violating securities regulations. Source: http://www.ktvb.com/news/Lawsuit-filed-against-former-Boise-mortgage-broker-184932281.html

5. December 27, Bloomberg News – (International) Analyst indicted on insider-trading charges tied to IBM. An Australian financial analyst was indicted by federal prosecutors in New York City for his alleged role in a scheme that traded on confidential information ahead of IBM’s acquisition of SPSS Inc. Source: http://www.businessweek.com/news/2012-12-26/analyst-indicted-on-insider-trading-charges-tied-to-ibm

6. December 26, Yuma News Now – (Arizona; International) Extradited Romanian fugitive arraigned on mortgage fraud charges. A Romanian man was arraigned on charges of fraud and money laundering for his alleged role in a $6.5 million mortgage fraud scheme. Source: http://www.yumanewsnow.com/index.php/news/arizona/2062-extradited-romanian-fugitive-arraigned-on-mortgage-fraud-charges

Information Technology Sector

23. December 27, Softpedia – (International) Flaw in Facebook Camera for iOS allowed hackers to hijack accounts. Facebook released an updated 1.1.2 version of their Facebook Camera app for iOS to correct a vulnerability that allowed man-in-the-middle attacks by an attacker connected to the same WiFi network as the target. Source: http://news.softpedia.com/news/Flaw-in-Facebook-Camera-for-iOS-Allowed-Hackers-to-Hijack-Accounts-317253.shtml

24. December 27, Softpedia – (International) Researcher finds XSS vulnerabilities in cPanel and WHM 11.34. A researcher released a video where he identified cross-site scripting (XSS) vulnerabilities in the popular cPanel and WHM 11.34 Web hosting control panel. Source: http://news.softpedia.com/news/Researcher-Finds-XSS-Vulnerabilities-in-cPanel-WHM-11-34-Video-317356.shtml

Communications Sector

25. December 26, DavisonNews.net – (North Carolina) WDAV-FM to replace antenna after lightning strike. WDAV 89.9 FM Davidson planned on purchasing a new antenna after a storm in August caused “catastrophic damage” to the original one, resulting in lost signals for some listeners. Source: http://davidsonnews.net/blog/2012/12/26/wdav-fm-to-replace-antenna-after-lightning-strike/


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.