Wednesday, October 3, 2012
Daily Report
Top Stories
• Some 39 people on an Amtrak passenger train
were injured when it derailed after a big rig crashed into it near Hanford, California,
October 1. – Associated Press
11.
October 2, Associated Press –
(California) Amtrak: Crossing gate down in Calif. train crash. The
crossing gate was down, lights were flashing and bells were ringing when a big
rig crashed into a passing Amtrak passenger train October 1 near Hanford,
California, an Amtrak official said. An Amtrak spokeswoman said 39 people on
the train from Oakland to Bakersfield were injured. The truck hit the train
being pushed by the locomotive between the locomotive and the last car.
Authorities described the injuries as mostly bumps and bruises, although the
spokeswoman said at least one person suffered a broken leg. The driver of the
big rig went through the warning arms and hit the train before his truck
overturned, according to the California Highway Patrol (CHP). The impact from
the truck pushed two of the train’s four cars and its locomotive off the tracks.
The train traveled about 600 feet after the collision before hitting a
switchback and derailing, the CHP said. Officials have not determined how fast
the train or the truck were going, but the average speed for Amtrak through the
area is 70 mph to 80 mph, while the speed limit on the roadway where the truck
was traveling is 55 mph, according to the CHP. The track reopened October 2
after crews replaced hundreds of feet of damaged track and some signal
equipment, a BNSF Railway spokeswoman said. BNSF owns the line. Source: http://www.google.com/hostednews/ap/article/ALeqM5gWG0sV284DbFwiKeZppdTCOv7EIA?docId=e163a35665544b2fb6e9bb7a34faf434
• American Airlines said passenger seats on a
third flight in 1 week came loose as the plane was airborne, and that it was
continuing to inspect other jets with similar seating. – Associated Press
12. October
2, Associated Press – (National) American Airlines inspects jets after passenger
seats break loose in mid-flight on 3 planes. American Airlines said
passenger seats on a third flight came loose as the plane was airborne, and it
was continuing to inspect other jets with similar seating. The airline
acknowledged October 2 that seats came loose on a flight the week of September
24 between Vail, Colorado, and Dallas-Fort Worth International Airport in
Texas. The same thing happened on a flight September 29 and another October 1.
An American Airlines spokeswoman said the airline is inspecting eight of its
Boeing 757s that share similar seat assemblies. An initial review by American
indicated that there could be a problem with the way the seats fit into tracks
on the floor of the Boeing 757, but technical teams from the airline ―are
looking at everything,‖ she said. The planes involved in the incidents were
recently worked on at an American Airlines maintenance base in Tulsa, Oklahoma,
and a Timco Aviation Services facility in North Carolina. The Federal Aviation
Administration said it is looking into the incidents. Source: http://www.washingtonpost.com/business/american-airlines-will-inspect-several-planes-after-seats-come-loose-on-at-least-2-jets/2012/10/01/7733e732-0c28-11e2-97a7-45c05ef136b2_story.html
• A beef recall by XL Foods, Inc.of Alberta,
Canada, expanded for the 13th time. It now has affected U.S. retailers in 41
States, and has rendered more than 1,100 beef products unsafe. – Food Safety
News
15.
October 2, Food Safety News –
(International) Canadian beef recall grows, again. October 2, Food
Safety News reported the thirteenth expansion of the XL Foods, Inc. recall.
Alberta, Canada-based XL Foods, Inc. is voluntarily recalling 260 more
varieties of beef, announced the Canadian Food Inspection Agency in a health
alert October 1. These newly recalled meats have been added to hundreds of
other beef products recalled by the company in the past 2 weeks. Some beef
products listed in this latest recall — including rump roast, soup bones, and
tenderized hip steak among others — were not listed in previous recall updates
that have mainly included ground beef and various whole and tenderized cuts.
Products affected by this update were manufactured on the same dates as XL’s
previously recalled ground beef products — August 24, 27, 28, 29, and September
5. Affected products were sold in retail stores across the United States,
including Dominion, Extra Foods, Real Atlantic, Save Easy, ValuFoods,
Valu-mart, VillageMart, and Zehrs, among others. The XL Foods recall has so far
affected U.S. retailers in 41 States, and has rendered over 1,100 beef products
unsafe. Source: http://www.foodsafetynews.com/2012/10/canadian-beef-recall-grows-again/#.UGru7pGvMcs
• A salmonella outbreak that has left hundreds
of people sick in the Netherlands and the United States was traced to smoked
salmon. – Associated Press; CBS News
16.
October 2, Associated Press; CBS News –
(International) Salmonella tied to Dutch salmon sickens hundreds. A
salmonella outbreak that has left hundreds of people sick in the Netherlands
and the United States was traced to smoked salmon, CBS News reported October 2.
The Netherlands’ National Institute for Public Health and the Environment
(RIVM) said the salmon was traced to Dutch company Foppen, which sells fish to
many major Dutch supermarkets and to stores around the world, including the
United States. RIVM said that around 200 people — and likely more — in the
Netherlands, and more than 100 people in the United States were sickened. A
RIVM spokesman said the institute got its information on Americans becoming ill
from the Centers for Disease Control and Prevention (CDC). However, a CDC
representative said the agency had not confirmed any illnesses. A Foppen
company spokesman said that in the United States, Foppen sells only to Costco
Wholesale Corp., which would deal with any U.S. recall. The smoked salmon was
sold under the Foppen name, as well as under Costco’s store-brank name,
Kirkland. Costco said it had no reports of illness. Source: http://www.cbsnews.com/8301-204_162-57524385/salmon-based-salmonella-outbreak-sickens-hundreds/
• A U.S. Border Patrol agent was killed and
another wounded in a shooting October 2 in Naco, Arizona, near the U.S.-Mexico
line. – Associated Press
37.
October 2, Associated Press –
(Arizona) Border Patrol agent shot, killed on patrol in Ariz. A U.S.
Border Patrol agent was killed and another wounded in a shooting October 2 in
Arizona near the U.S.-Mexico line, according to the Border Patrol. The agents
were shot while patrolling on horseback in Naco, Arizona, October 2, the Border
Patrol said in a statement. The agents who were shot were on patrol with a
third agent, who was not harmed, according to the president of the National
Border Patrol Council, a union representing about 17,000 border patrol agents.
The shooting occurred after an alarm was triggered on one of the many sensors
along the border and the three agents went to investigate, said a Cochise
County Sheriff’s spokeswoman. Authorities have not identified any suspects, she
said. It is not known whether the agents returned fire. The wounded agent was
airlifted to a hospital after being shot in the ankle and buttocks, the Border
Patrol said. That agent was in surgery and expected to recover said the union
president. Source: http://www.myrtlebeachonline.com/2012/10/02/3092994/homeland-security-says-border.html
Details
Banking and Finance Sector
7. October
1, Ars Technica – (International) DSL modem hack used to infect millions with
banking fraud malware. Millions of Internet users in Brazil fell victim to
a sustained attack that exploited vulnerabilities in DSL modems, forcing people
visiting sites such as Google or Facebook to reach imposter sites that
installed malicious software and stole online banking credentials, a Kaspersky
security researcher said. The attack, described the week of September 24 during
a presentation at the Virus Bulletin conference in Dallas, infected more than
4.5 million DSL modems, said the researcher, citing statistics provided by Brazil’s
Computer Emergency Response Team. The cross-site request forgery (CSRF)
vulnerability allowed attackers to use a simple script to steal passwords
required to remotely log in to and control the devices. The attackers then
configured the modems to use malicious domain name system servers that caused
users trying to visit popular Web sites to instead connect to booby-trapped
imposter sites. Source: http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
8. October
2, Softpedia – (International) Persistent flaws in PayPal allow
cybercriminals to hijack user sessions and more. Multiple Web
vulnerabilities have been identified by Vulnerability Lab researchers on the
official PayPal Web site, Softpedia reported October 2. The high-severity
security holes could have been exploited by a remote attacker against Pro,
seller, or regular customer accounts. ―A persistent input validation
vulnerability is detected in the official Paypal ecommerce website content
management system (Customer/Pro/Seller). The bugs allow remote attackers to
implement/inject malicious script code on the application side (persistent) of
the paypal web service,‖ the experts explained. ―The vulnerability is located
in the company profile input fields with the bound vulnerable address_id,
details (mail) & companyname parameters. The bug affects the important user
profile listing, the address listings & security notification (mail),‖ they
added. A similar vulnerability also affects the mail security notification
module. If exploited successfully, the flaws could have allowed a cybercriminal
to hijack user sessions, steal accounts via persistent Web attacks, and
manipulate context in the affected modules. According to the experts, the
payment processor was notified of the issues in July, but the security holes
were addressed only in mid-September. Source: http://news.softpedia.com/news/Persistent-Flaws-in-PayPal-Allow-Cybercriminals-to-Hijack-User-Sessions-and-More-296107.shtml
9. October
1, Agence France-Presse – (National) Scam went back further than
thought. The Bernard L. Madoff Investment Securities LLC’s multi-billion
dollar Wall Street fraud, the largest in U.S. history, started in the early
1970s, at least two decades earlier than previously thought, officials said
October 1. The revelation was contained in a superseding indictment that adds
charges against five former employees of the investment firm who are accused of
conspiring to defraud clients of billions. The alleged new crimes in the
indictment include bank fraud charges and tax offenses, the federal
prosecutor’s office in Manhattan, New York said. ―Whereas the November 2010
Indictment alleged that the conspiracy to defraud BLMIS’s clients began in or
about 1992, the Superseding Indictment dates the conspiracy back to at least
the early 1970s,‖ the prosecutor’s office said in a statement. A FBI official
said the five defendants were ―at the core‖ of the scheme. Shielded by a
reputation as one of Wall Street’s most savvy investors, the firm’s leader
secretly stole clients’ capital to pay back steady returns in phony profits.
The scheme only collapsed in 2008 amid the U.S. financial crisis. Source: http://www.google.com/hostednews/afp/article/ALeqM5gDs6GNYPoPWPNgz-SKZgGX-TRWiw?docId=CNG.4f566a1bee1ffb2806d0dacbf247b94d.561
10. October
1, Associated Press – (Kentucky; New York) Federal authorities in NY charge Ky. man
and 2 others in $100M fraud linked to bank collapse. A Kentucky businessman
was arrested October 1 in a $100 million scheme that contributed to the
collapse of a bank and tried to drain money from the federal bank bailout
program before some funds were used to pay his mortgages and to buy luxury
goods, authorities said. Along with two alleged accomplices arrested in New
York, the man faces various charges, including conspiracy to commit bank
bribery, bank and insurance fraud, and tax evasion. A U.S. attorney in New York
City alleged that the man carried out several illegal financial schemes that
relied largely on his corrupt relationship with New York’s Park Avenue Bank,
its former president, and the bank’s senior vice president. The former
president previously pleaded guilty to fraud, bank bribery, embezzlement, and
conspiracy. The bank’s senior vice president also was arrested, along with the
executive director of investments at an investment bank and financial services
company headquartered in Manhattan. The government said the executive director
also aided the Kentucky man in his schemes. Source: http://www.washingtonpost.com/business/federal-authorities-in-ny-charge-ky-man-and-2-others-in-100m-fraud-linked-to-bank-collapse/2012/10/01/fe19125c-0bf8-11e2-97a7-45c05ef136b2_story.html
For
another story, see item 38 below in the Information
Technology Sector
Information Technology Sector
38. October
2, Softpedia – (International) Prolexic: ‘itsoknoproblembro’ DDoS attacks
are highly sophisticated. Experts from Prolexic Technologies claim a new
type of distributed denial-of-service (DDoS) attack has not only increased in
size, but also reached a new level of sophistication. DDoS attacks have
recently caused a lot of problems for organizations; in September, the sites of
several financial institutions were disrupted as a result of such operations.
Prolexic found that many of the recent attacks against their customers relied
on the itsoknoproblembro DDoS toolkit. By combining the toolkit’s capabilities
with other sophisticated methods, the cyber criminals have been able to launch
attacks that are difficult to mitigate even for specialized firms. Prolexic
recorded massive sustained floods, some of which peaked at 70 Gbps and over 30
million pps. Itsoknoproblembro includes a number of application layer and
infrastructure attack vectors, such as UDP and SSL encrypted attack types, SYN
floods, and ICMP. The botnet that powers these attacks contains a large number
of legitimate IP addresses. This allows the attack to bypass the anti-spoofing
mechanisms deployed by companies.
39. October
2, Softpedia – (International) Twitter authentication flaw allows hackers to
hijack user accounts. Cyber criminals can steal Twitter accounts by
leveraging a flaw in the social network’s authentication system. In a recent
case, a hacker utilized software that repeatedly tests common passwords against
the account. This type of brute force attack is possible because Twitter only
limits the log-in attempts if they come from the same IP address. Most Web
sites implemented a system that prevents potential criminals from hijacking
accounts by trying out random passwords. However, since Twitter only prevents
multiple log-in attempts from the same computer, attackers can try out as many
passwords as they want as long as they change their IP address. Source: http://news.softpedia.com/news/Twitter-Authentication-Flaw-Allows-Hackers-to-Hijack-User-Accounts-296206.shtml
40. October
2, The H – (International) Internet Explorer security examined. A
security expert illustrated how different statistical approaches can provide
differing perspectives on browser security. For example, if only
vulnerabilities are counted, Internet Explorer compares well with its
competitors. However, if vulnerabilities that are actually exploited are
counted, Internet Explorer fares comparatively poorly, according to the
researcher. He calculated that 275 vulnerabilities were reported for Google
Chrome in 2011, 97 for Mozilla Firefox, and only 45 for Internet Explorer.
Using this method, Internet Explorer appears to be have a solid security story.
However, looking at the statistics for zero-day exploits actually spread by
malicious Web sites, Internet Explorer ranks far behind other browsers. Between
January 2011 and September 2012, the researcher counted 89 days on which
Internet Explorer users were exposed to actively exploited security
vulnerabilities, compared to none at all for either Google Chrome or Mozilla
Firefox. The researcher argues that, ―Active exploitation is the most important
qualifier of a true zero-day.‖ He believes this is what matters from a user
perspective. Source: http://www.h-online.com/security/news/item/Internet-Explorer-security-examined-1721876.html
41. October
1, Help Net Security – (International) IEEE password compromise was due to proxy
‘anomaly’. The week of September 24, a researcher revealed that he found
the usernames and passwords of 100,000 members of the Institute of Electrical
and Electronics Engineers (IEEE) unencrypted on a FTP server, available for
anyone to find. Upon being notified of the matter, the organization mounted an
investigation, and revealed its results: ―The incident related to the
communication of user IDs and passwords between two specific applications
within our internal network resulting in the inclusion of such data in web
logs. An anomaly occurred with a process executed in coordination with a proxy
provider of IEEE, with the result that copies of some of the logs were placed
on our public FTP server. These communications affected approximately two
percent of our users. The log files in question contained user IDs and
accompanying passwords that matched our directory. The primary logs were, and
are, stored in protected areas.‖ IEEE made also sure to note that it does not
store its corporate directory information in the clear, does not expose it to
the public, and was not compromised. Source: http://www.net-security.org/secworld.php?id=13697
42. October
1, Softpedia – (International) Quervar malware found to download ZeroAcess
trojans and ransomware. September 27, security researchers from Trend Micro
spotted a new variant of the Quervar malware. Cyber criminals launched a new
Quervar campaign paired with two different payloads: ZeroAccess trojans and
ransomware. The ransomware is designed to lock computers and demand ransoms in
the name of the FBI. The trojan, TROJ_SIREFEF.SZP, is a rootkit malware that
hides its presence by patching the services.exe file, and by disabling all the
operating system’s security-related services. Source: http://news.softpedia.com/news/Quervar-Malware-Found-to-Download-ZeroAcess-Trojans-and-Ransomware-295909.shtml
43. October
1, The H – (International) SQL injection in Trend Micro’s Control
Manager. Trend Micro’s platform for centralized security management is
vulnerable to SQL injection attacks. According to the U.S. Computer Emergency
Readiness Team, versions 5.5 and 6.0 of the Trend Micro Control Manager are
vulnerable. The company provided patches for both affected versions. The
vulnerability in question concerns a blind SQL injection attack which means the
Web frontend does not divulge any information from the database. According to a
report by security consulting firm Spentera that includes a proof-of-concept,
the vulnerable system can be made to leak information such as password hashes
by analyzing the timing of SQL queries. Source: http://www.h-online.com/security/news/item/SQL-injection-in-Trend-Micro-s-Control-Manager-1721385.html
For more stories, see items 7 and 8 above in
the Banking and Finance Sector
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment