Tuesday, November 27, 2012
Daily Report
Top Stories
• Approximately 140 people including
passengers and crew on board Royal Caribbean’s Voyager of the Seas developed
gastrointestinal symptoms resembling norovirus upon returning from New Zealand
to Sydney, according to a Royal Caribbean blog report November 23. – Denver
Examiner
10.
November 23, Denver Examiner –
(International) Norovirus outbreak sickens 140 on Royal Caribbean’s ‘Voyager
of the Seas’. Approximately 140 passengers and crew on board Royal
Caribbean’s Voyager of the Seas developed gastrointestinal symptoms resembling
norovirus upon returning from New Zealand to Sydney, according to a Royal
Caribbean blog report November 23. Those infected with the stomach bug
responded well to over-the-counter medications administered on board the ship.
Cruise officials notified passengers November 23 that they would begin cleaning
and sanitizing guest rooms per Centers for Disease Control and Prevention
recommendations. Because of these events, big lines were formed at the Overseas
Passenger Terminal in Circular Quay, which stretched hundred of meters. The
Voyager of the Seas can hold 3,138 passengers and over 1,100 crew members.
Norovirus is spread person to person particularly in crowded, closed places.
Source: http://www.examiner.com/article/norovirus-outbreak-sickens-140-on-royal-caribbean-s-voyager-of-the-seas
• Peanut products, manufactured by Sunland
Inc. in Portales, New Mexico, responsible for sickening at least 41 people in
the U.S. with Salmonella have fallen under the scrutiny of international food
safety authorities, Food Safety News reported November 26. – Food Safety
News
11.
November 26, Food Safety News –
(International) Sunland recall goes international. Peanut products
manufactured by Sunland Inc. in Portales, New Mexico, responsible for sickening
at least 41 people in the U.S. with Salmonella have fallen under the scrutiny
of international food safety authorities in recent weeks, Food Safety News
reported November 26. Consumers in Canada, Hong Kong, France, the United Kingdom,
Italy, and Norway have received warnings about the potential danger of imported
Sunland products. November 21, the UK’s Food Standards Agency issued a warning
to UK consumers concerning Sunland’s products, noting that while Sunland
products were likely not sold in UK supermarkets, they may be sold by some
online retailers who import American foods. Consumers in Hong Kong were warned
of Sunland peanut butter back November 8. Two Sunland-brand Valencia peanut
butter products were imported to Hong Kong and may be contaminated. Canadians
received a number of warnings about Sunland products as well, with many of the
products recalled in the U.S. also having been shipped to Canada. Source: http://www.foodsafetynews.com/2012/11/sunland-recall-goes-international/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+foodsafetynews/mRcs+(Food+Safety+News)
• Two individuals watching the Macy’s
Thanksgiving Day Parade in New York City November 22 discovered that shredded
documents containing sensitive police information were among the confetti being
thrown for the parade. – Help Net Security
18.
November 26, Help Net Security – (New
York) Shredded police documents showered down on Macy’s parade spectators. Two
individuals watching the Macy’s Thanksgiving Day Parade in New York City
November 22 discovered that shredded documents containing sensitive police
information were among the confetti being thrown for the parade. After picking
it up and examining it, they realized it contained numbers and the acronym
“SSN.” They thought the number was likely a social security number, and decided
to gather more of the confetti strips laying around. They realized that some
contained entire phone numbers, addresses, more social security numbers,
license plate numbers, and other confidential information. Some contained
information regarding police incident reports and police controlled events. The
logo and the information on the shredded documents made it possible to tie them
to the Nassau County Police Department, which polices parts of Long Island. It
was unknown how the strips ended up at the parade, but after being notified of
the matter, the Nassau County Police Department stated that they will be
conducting an investigation into this matter as well as reviewing their
procedures for the disposing of sensitive documents. Macy’s said that they used
only commercially manufactured multicolor confetti for the parade. Source: http://www.net-security.org/secworld.php?id=14012
• A utility worker responding to reports of a
natural gas leak in Springfield, Massachusetts, punctured a pipe and an unknown
spark ignited a massive explosion that injured 18 people and damaged 42
buildings November 23. – Associated Press
27.
November 25, Associated Press –
(Massachusetts) Utility worker pierced pipe before Springfield, Mass., gas
explosion that injured 18 people and damaged 42 buildings. A utility worker
responding to reports of a natural gas leak in Springfield, Massachusetts,
punctured a pipe and an unknown spark ignited a massive explosion that injured
18 people and damaged 42 buildings, the State fire marshal announced November
25. The November 23 natural gas blast in the city’s entertainment district was
caused by “human error,” the fire marshal said at a news conference. The worker
was trying to locate the source of the leak with a metal probe that tests
natural gas levels when the probe damaged the underground pipe, he said. A
flood of gas then built up in a building that housed a strip club, and a spark
touched off the blast, officials said. Preliminary reports showed the blast
damaged 42 buildings housing 115 residential units. Three buildings were
immediately condemned, and 24 others require additional inspections by
structural engineers to determine whether they are safe. The building that
housed the Scores Gentleman’s Club was destroyed. After the pipe was ruptured,
authorities evacuated several buildings. Most of the people injured were part
of a group of gas workers, firefighters, and police officers who ducked for cover
behind a utility truck just before the blast. The truck was destroyed. Source: http://www.nydailynews.com/news/national/utility-worker-pierced-pipe-mass-gas-explosion-article-1.1207741
Details
Banking and Finance Sector
6. November 25, KFVS 12 Cape Girardeau –
(Missouri; Michigan) Forgery suspects found in Perryville. A Michigan
man’s stolen credit card information lead to three arrests in Perryville,
Missouri, where three men were arrested for credit card fraud. The Michigan man
reported his card being used fraudulently in Perryville November 23. Police
then used surveillance video to identify the suspects, who were later found at
a local hotel. Police obtained a search warrant for the room where the suspects
were found. Officers said they found a laptop computer connected to stripe card
reader/writer. They also found 112 credit cards and gift cards. Police said the
suspects were creating usable credit cards and gift cards by transferring other
persons personal information onto the cards. Police also found 23 more cards
inside a vehicle owned by one of the suspects. They also found more than $1,000
worth of cigarettes, which were purchased using the fraudulent credit cards.
Source: http://www.kfvs12.com/story/20177571/forgery-suspects-found-in-perryville
7. November 24, Orange County Register –
(California) Police arrest suspect in ‘desperate bandit’ robberies. Law-enforcement
authorities believe they arrested the “desperate bandit” November 23, wanted in
connection with numerous bank robberies in California’s Orange, Riverside, and
San Bernardino counties. Indio police arrested a man after a bank robbery in
that city. A FirstBank branch was robbed after a man approached the teller with
a note demanding money. Police radioed the car’s description and an officer
spotted a vehicle matching that description on westbound I-10 about a mile west
of the bank, an Indio police spokesman said. The car was pulled over and the
driver arrested. A two-liter plastic bottle filled with clear liquid and
suspicious wiring was found by investigators during a search of the car. The
Riverside Sheriff’s Department sent out its Hazardous Device Team in response
and determined that the device was not a bomb. FBI officials suspected the man
might be connected to the nine robberies that occurred over the past year
because of the nature of the crime and the man’s physical description. Source: http://www.ocregister.com/news/bank-378651-police-downing.html
Information Technology Sector
22. November
26, Threatpost – (International) Researcher finds nearly two dozen SCADA bugs
in a few hours’ time. A researcher at Exodus Intelligence says that after
spending a few hours looking for bugs in SCADA applications, he came up with
more than 20, several of which are remote code-execution vulnerabilities. The
vice president of research at Exodus said that finding the flaws was not even
difficult. In fact, he said that locating the software was more difficult than
finding the bugs themselves. He said he decided to go after the SCADA apps,
which he had never researched before, after seeing a video posted by ReVuln the
week of November 19. In the video, ReVuln researchers say they have server-side
remote code-execution flaws in software from GE, Schneider Electric, Siemens,
Kaskad, ABB/Rockwell, and Eaton. The Exodus researcher also found flaws in
Schneider Electric, Rockwell, and Eaton apps, as well as in software from
Indusoft and RealFlex. ReVuln does not disclose vulnerabilities to vendors, but
instead keeps the information to itself and sells it to customers. The Exodus
researcher, meanwhile, said he plans to disclose all of the bugs he found to
the Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT). Of the
23 bugs he discovered, 7 of them were remotely exploitable code execution
flaws. Source: http://threatpost.com/en_us/blogs/researcher-finds-nearly-two-dozen-scada-bugs-few-hours-time-112612
23. November
25, The H – (International) eBay closes critical security holes. The
online auction house eBay has fixed two vulnerabilities in its U.S. Web site.
One of the vulnerabilities was a critical SQL injection hole in the site’s
selling area that gave potential attackers unauthorized read and write access
to one of the company’s databases. The hole was discovered by a security
researcher, who confidentially reported the security issue to eBay. The
researcher said that the company responded quite quickly and closed the hole
after 20 days. The other hole was a cross-site scripting (XSS) vulnerability
that enabled attackers to inject JavaScript code into the eBay server for
execution via a specific URL. The vulnerability could have been exploited to
steal other eBay users’ access credentials. The company told The Register
November 22 that the hole had been fixed. Source: http://www.h-online.com/security/news/item/eBay-closes-critical-security-holes-1756422.html
24. November
23, Threatpost – (International) Symantec warns of new malware targeting SQL
databases. Symantec is warning of a new bit of malware that appears to be
modifying corporate databases, particularly in the Middle East, though its
showing up elsewhere in the world too. W32.Narilam, first discovered November
15, follows a similar pattern of other worms by copying itself onto infected
machines, adding registry keys and propagating through removable drives and
network shares. “What is unusual about this threat is the fact that it has the
functionality to update a Microsoft SQL database if it is accessible by OLEDB.
The worm specifically targets SQL databases with three distinct names: alim,
maliran, and shahd,” wrote a Symantec security researcher. Once Narilam finds
the targeted databases, it looks for financial terms such as “BankCheck,”
“A_sellers” and “buyername” and Persian terms like “Pasandaz” (“Savings”) and
“Vamghest” (“Instant Loans”). The malware also deletes tables with the
following names: A_Sellers, person and Kalamast. “The malware does not have any
functionality to steal information from the infected system and appears to be
programmed specifically to damage the data held within the targeted database,”
the researcher wrote. The overall infection rate is low at the moment, but
those whose networks are not properly protected could see business disrupted,
he said. Source: http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-sql-databases-112312
25. November
23, Softpedia – (International) Numerous .eu domains registered to host
BlackHole exploit kit. Security researchers from Sophos reveal that a number
of malicious .eu domains have been registered by cybercriminals and set up to
host the infamous BlackHole exploit kit. In order to avoid security filtering,
cybercrooks have registered several domains, which they use to infect the
computers of unsuspecting internauts. After closely analyzing the domains,
experts have noticed that they all resolve to the IP address of a server
located in the Czech Republic. The server hosts over 100 domains utilized as
exploit sites and gateways for adult Web sites. The cybercriminals seem to have
a clever method of keeping their operations online. This month they registered
domains such as nrxpxq.eu, vjtjpy.eu, xzjvhs.eu, or xipuww.eu, while a few
months ago they registered domains hosted on the .in Top Level Domain (TLD).
Each of the domains is active only for a short period of time and all their
names appear to follow this pattern of 6 random characters. One connection
between the domains appears to be Finland. The .in domains were all registered
by someone apparently from Finland and the .eu registrant’s language was set to
Finnish. Source: http://news.softpedia.com/news/Numerous-eu-Domains-Registered-to-Host-BlackHole-Exploit-Kit-309360.shtml
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.