Monday, November 19, 2012
Daily Report
Top Stories
• The Coast Guard was investigating a fire on
an oil rig around 20 miles south of Grand Isle, Louisiana, in the Gulf of
Mexico November 16. Eleven people were medevaced to local hospitals and two
people were reported missing by the Coast Guard. – Business Insider
1.
November 16, Business Insider –
(Louisiana; International) Gulf of Mexico oil rig evacuated after fire. The
Coast Guard was investigating a fire on an oil rig in the Gulf of Mexico, the
Associated Press reported November 16. KHOU 2 Houston reported that the rig was
no longer on fire. It is around 20 miles south of Grand Isle, Louisiana. A
Coast Guard press conference said that they have not had any confirmation of
deaths, but 11 people were medevaced to local hospitals, and 2 people were
still missing. Twenty-eight gallons of product could have been released from
the pipe, the Coast Guard believed. The rig is owned by Black Elk Energy, a
relatively new, Houston-based company. Twenty-eight people were thought to have
been onboard at the time of the mishap. A spokesperson for Black Elk told KHOU
2 Houston that preliminary reports suggested workers were doing maintenance on
the platform and cut into a pipe that contained oil. This appears to have
caused a fire or explosion. Associated Press reported that it is not a
deepwater site like the Macondo well that blew in 2010 and caused the worst oil
spill in U.S. history. Black Elk have also said the rig was not an oil
producing platform at present. Black Elk said there was an oil sheen on the
water but this appears to be due to the oil in the pipe cut by the workers.
Source: http://www.businessinsider.com/gulf-of-mexico-oil-rig-fire-2012-11
• A pilot received
medical treatment after an Air Force F-22 Raptor fighter jet crashed on a
Florida highway near Tyndall Air Force Base November 15. – Associated Press
9.
November 15, Associated Press –
(Florida) F-22 crashes on highway near Tyndall. An Air Force F-22 Raptor
fighter jet crashed near a Florida Panhandle highway November 15, but the pilot
was able to eject safely and there were no injuries on the ground, the military
said. The single-seat stealth fighter, part of a program that has been plagued
with problems, went down November 15 near Tyndall Air Force Base. The pilot
received medical treatment and a section of Highway 98 that runs through the
base was closed as rescuers responded. The crash was on Tyndall land and no one
on the ground was hurt, said an Air Force spokeswoman for the base where F-22
pilots train. The cause of the crash was not clear, but the Air Force has been
trying to address problems with the $190 million aircraft for several years.
Source: http://www.militarytimes.com/news/2012/11/ap-f22-crash-highway-tyndall-111512/
• Authorities said
eight county courthouses around the State of Washington received bomb threats,
forcing evacuations and police searches November 15. – Associated Press
34.
November 15, Associated Press –
(Washington) Several Washington State courthouses receive bomb threats. Authorities
said eight county courthouses around the State of Washington received bomb
threats, forcing evacuations and police searches. KOMO 4 Seattle reported that
authorities do not know if the November 15 threats were coordinated. No devices
were found at any of the courthouses. Threats were made to Thurston, Chelan,
Douglas, Benton, Adams, Clark, Pacific, and Columbia counties. The Douglas
County sheriff told the Wenatchee World that the Douglas County Commissioner's
Office received a phone call warning them of a bomb in the courthouse.
Authorities evacuated the courthouse and searched area, but did not find a
bomb. Similar sounding calls were made to the other counties. Source: http://seattletimes.com/html/localnews/2019692704_apwacourthousethreats.html
• Researchers from
malware.lu have created proof-of-concept malware that allows attackers to gain
access to and remotely control users' USB smart card readers, devices used for
user identification and authentication. – Help Net Security See item 42 below in the Information Technology Sector
Details
Banking and Finance Sector
10. November 16, U.S.
Securities and Exchange Commission –
(National) SEC charges J.P. Morgan and Credit Suisse with misleading
investors in RMBS offerings. The U.S. Securities and Exchange Commission
(SEC) November 16 charged J.P. Morgan Securities LLC and Credit Suisse
Securities (USA) with misleading investors in offerings of residential
mortgage-backed securities (RMBS). The firms agreed to settlements in which
they will pay more than $400 million combined, and the SEC plans to distribute
the money to harmed investors. The SEC alleges that J.P. Morgan misstated
information about the delinquency status of mortgage loans that provided
collateral for an RMBS offering in which it was the underwriter. J.P. Morgan
was also charged for Bear Stearns' failure to disclose its practice of
obtaining and keeping cash settlements from mortgage loan originators on
problem loans that Bear Stearns had sold into RMBS trusts. According to the
SEC's order against Credit Suisse, the firm similarly failed to accurately
disclose its practice of retaining cash for itself from the settlement of claims
against mortgage loan originators for problems with loans that Credit Suisse
had sold into RMBS trusts and no longer owned. Credit Suisse also made
misstatements in SEC filings about when it would repurchase mortgage loans from
trusts if borrowers missed the first payment due. Source: http://www.sec.gov/news/press/2012/2012-233.htm
11. November 16, Help Net
Security –
(International) German police warns about Android banking Trojans. Following
a string of complaints about fraudulent cash withdrawals, Germany's Berlin
Police Department issued a warning for all Android users, telling them to
carefully review any security update that is delivered to their smartphones,
Help Net Security reported November 16. Users who opted to receive mTAN (mobile
transaction authentication numbers) as an additional way to assure the security
of their online banking transactions are especially targeted, since the fake
security updates carry Zeus-in-the-Mobile (Zitmo). The malware in question is
harmless if the criminals have not managed to infect the users' computer with
the Zeus banking Trojan beforehand. The Windows-based Trojan is capable of
injecting an additional form during the users' banking session, asking them to
share their phone number and model. Armed with this information, the criminals
send Zitmo masquerading as a security update to them. If the users install the
"update", the criminals have access to the mTANs and are ready to
perform illegal transactions. Source: http://www.net-security.org/malware_news.php?id=2324&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
12. November 16, Brevard
Times – (Florida;
Georgia; South Carolina) Check cashing scheme targeted Publix in SC, FL, GA.
The Florida Department of Law Enforcement Orlando Regional Operations
Center charged nine individuals who were involved in an organized counterfeit
check cashing scheme that resulted in losses of approximately $650,000 to
Publix Supermarkets. The group targeted Publix Supermarkets in Florida,
Georgia, and South Carolina. Authorities estimate the group cashed over 1,000
counterfeit checks. According to agents, and with the assistance of
investigators with Publix, the 8-month investigation alleges that the suspected
individuals worked together to manufacture and then distribute counterfeit
payroll checks. Six of the individuals were in custody, while three remained at
large. Officials asked for the public's assistance in locating the three
fugitives. Source: http://news.brevardtimes.com/2012/11/check-cashing-scheme-targeted-publix-in.html
13. November 16, U.S. Federal
Bureau of Investigation –
(Pennsylvania) Philadelphia man convicted of securities fraud & insider
trading scheme. A Philadelphia man was convicted November 16 of one count
of securities fraud and one count of perjury in a case of insider trading that
netted him approximately $292,000. Between July 14, 2008 and July 22, 2008, the
man purchased shares of a publicly traded company based on non-public
information he received from a fellow member of Alcoholics Anonymous
immediately following a meeting the two had attended together. An executive
with Philadelphia Consolidated Holding Corporation (PHLY) told the man that the
company was in discussions with a potential acquirer. In the week following the
executive’s disclosure, the man purchased 10,250 shares of PHLY stock for less
than $39 per share. The day after he made his final purchase of PHLY stock, the
company announced that it would be acquired by Tokio Marine in a cash deal by
which shareholders would receive $61.50 per share of PHLY stock. Just days
following the public announcement of the merger, he sold 4,750 shares of PHLY
stock for $58.50 per share. After the merger's consummation, the man netted personal
profits of approximately $292,000 from his unlawful PHLY trades. Source: http://www.loansafe.org/philadelphia-man-convicted-of-securities-fraud-insider-trading-scheme
14. November 15, Reuters – (National) SEC finds problems in
review of credit: raters. Some credit-rating agencies failed to disclose
ratings method changes or were lax in following policies on timely downgrades
of securities, according to a report issued by the U.S. Securities and Exchange
Commission (SEC) November 15. The SEC summarized the results of its annual
examination of raters, a requirement under the 2010 Dodd-Frank Act that called
for greater scrutiny of ratings agencies following the 2007-2009 financial
crisis. The largest ratings firms, Moody's Corp and Standard & Poor's, were
criticized for helping to exacerbate the crisis by giving rosy ratings to
subprime mortgage securities that quickly turned toxic. The SEC report did not
name which firms had violations, but did distinguish between larger versus
smaller credit-raters. The SEC's exams were conducted on site at all nine
raters registered with the SEC. The SEC found that each of the larger raters
and two smaller firms failed to follow their own methodologies and policies for
determining ratings. Source: http://www.reuters.com/article/2012/11/15/us-credit-raters-sec-idUSBRE8AE19420121115
15. November 15, Wall Street
Journal – (National) SEC
receives 3,000 tips in the past year. The U.S. Securities and Exchange
Commission (SEC) said November 15 it received more than 3,000 tips through its
whistleblower program in the past fiscal year. The SEC said the tips — 3,001 in
all — came from all 50 States, Washington, D.C., Puerto Rico, and from 49
countries. It announced the findings in a report required by the Dodd-Frank Act
on the activity of the SEC’s whistleblower office, which opened its doors in
August 2011. “In just its first year, the whistleblower program already has
proven to be a valuable tool in helping us ferret out financial fraud,” said
the SEC chairman in a statement. ”When insiders provide us with high-quality
road maps of fraudulent wrongdoing, it reduces the length of time we spend
investigating and saves the agency substantial resources.” Under the program
created by the Dodd-Frank Act, whistleblowers can receive a 10 to 30 percent
reward if they provide original information that leads to a successful
enforcement case netting a penalty of $1 million or more. Source: http://blogs.wsj.com/corruption-currents/2012/11/15/sec-receives-3000-tips-in-the-past-year/
16. November 15, Investment News – (Texas) Big
wheel in hubcap business charged with real estate investment fraud. An
Austin, Texas hubcap salesman turned real estate investment expert is scheduled
to appear in court the week of November 19 for a plea agreement on charges of
fraud and money laundering in an alleged $16 million real estate Ponzi scheme,
Investment News reported November 15. The man, who sold his hubcap business,
Wheel Master Inc., in 1997, got into real estate lending in 2001, working
briefly for a company, Capital Funding, that put together loan packages for
real estate developers. He launched his own business shortly thereafter,
representing himself as an “experienced real estate bridge lender,” according
to the documents. The scheme purported to be making short-term bridge loans to
developers who would repay the loan from proceeds of a sale of the property or
from long-term financing. The U.S. attorney for the Western District of Texas
alleges that between 2005 and 2009, the man was operating a Ponzi scheme,
paying off earlier investors with money from newer ones. Source: http://www.investmentnews.com/article/20121115/FREE/121119950
For another story,
see item 42 below in the Information Technology Sector
Information Technology Sector
41.
November 16, Threatpost –
(International) VMware security update fixes DoS, other vulnerabilities. Virtualization
software maker VMware shipped a security update for its vSphere API November 15
that resolved a denial of service (DoS) vulnerability in ESX and ESXi, as well
as adding a number of open source security updates to the ESX Service Console.
The patch affects the following releases: VMware ESXi 4.1 without patch
ESXi410-201211401-SG and VMware ESX 4.1 without patches ESX410-201211401-SG,
ESX410-201211402-SG, ESX410-201211405-SG, and ESX410-201211407-SG. The advisory
addresses an issue in VMware’s vSphere API that, if unpatched, could give unauthenticated
users the ability to send maliciously crafted API requests and disable the host
daemon. A successful exploit would hinder management activities but would not
affect virtual machines running on the host. Source: http://threatpost.com/en_us/blogs/vmware-security-update-fixes-dos-other-vulnerabilities-111612
42.
November 16, Help Net Security –
(International) PoC malware for remote hijacking of USB smart readers. Researchers
from malware.lu have created proof-of-concept malware that allows attackers to
gain access to and remotely control users' USB smart card readers. Smart cards
(chip cards) are used for various purposes, among which are also user
identification and authentication. Spanish and Belgian citizens already have an
eID card that is used for identification, authentication, and for digital
signing. Banks issue smart cards to customers who have opted for 2-factor
authentication when accessing their online banking service, and many companies
give them out to employees in order for them to be able to authenticate
themselves when accessing the corporate network from a remote location. The
malware works by installing on the victims' computer a special driver that
shares the USB reader over TCP/IP, and another driver on the attacker's
computer is able to translate that signal and make it look like the device is
physically attached to his computer, Computerworld reports. The malware also
has a keylogger component, making it possible for attackers to harvest any of
the PINs or passwords that are used with the cards if the reader does not have
its own keypad. Another current limitation of the malware is that the driver is
not digitally signed and some OS will not accept unsigned software. Source: http://www.net-security.org/malware_news.php?id=2325&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment