Monday, December 31, 2012
• A Norfolk Southern tanker carrying 33,000 gallons of propane derailed in Bridgeville December 26, prompting authorities to evacuate nearby homes and residences and close nearby roads as a precaution. – Sussex County Post
2. December 27, Sussex County Post – (Delaware) Emergency ends with propane tanker removal. A Norfolk Southern tanker carrying 33,000 gallons of propane derailed in Bridgeville December 26, prompting authorities to evacuate nearby homes and residences and close nearby roads as a precaution. Source: http://delaware.newszap.com/southerndelaware/118755-70/emrgency-ends-with-propane-tanker-removal
• Two people were injured at a hazardous waste treatment and storage facility in Cincinnati when a flash fire caused by shredding an industrial filter containing sodium chlorate sparked an explosion. – WCPO 5 Cincinnati
3. December 28, WCPO 5 Cincinnati – (Ohio) 2 injured in chemical explosion at Cincinnati industrial waste facility. Two people were injured at a hazardous waste treatment and storage facility in Cincinnati when a flash fire caused by shredding an industrial filter containing sodium chlorate sparked an explosion. Source: http://www.newsnet5.com/dpp/news/state/2-injured-in-chemical-explosion-at-cincinnati-industrial-waste-facility
• Around 36,000 individuals who worked at or gained access to Army commands stationed at the former Fort Monmouth in New Jersey had their personal information compromised by computer hackers, the Army confirmed. – Asbury Park Press
17. December 28, Asbury Park Press – (New Jersey; National) Hackers take data of Monmouth workers, visitors. Around 36,000 individuals who worked at or gained access to Army commands stationed at the former Fort Monmouth in New Jersey had their personal information compromised by computer hackers, the Army confirmed. The breach discovered December 6 included Social Security numbers, salaries, home addresses, and places of birth along with dates. Source: http://www.militarytimes.com/news/2012/12/gannett-army-monmouth-hackers-gain-data-employees-visitors-122812/
• Three officers were shot by a man in custody before he was shot and killed by police in a New Jersey police station December 28. – Associated Press
19. December 28, Associated Press – (New Jersey) 3 officers hurt in shooting at NJ police station. Three officers were shot by a man in custody before he was shot and killed by police in a New Jersey police station December 28. Source: http://www.charlotteobserver.com/2012/12/28/3750787/3-officers-hurt-in-shooting-at.html
Banking and Finance Sector
5. December 28, BankInfoSecurity – (National) Wholesaler’s POS network hacked again. Wholesale restaurant supplier Restaurant Depot notified officials in several States after a point of sale (POS) breach exposed an unknown number of customers’ debit and credit card numbers. Source: http://www.bankinfosecurity.com/wholesalers-pos-network-hacked-again-a-5392
6. December 27, BankInfoSecurity – (International) DDoS: Citi takes post-holiday hit. Citigroup reported Web site interruptions December 26 after a hacktivist group announced a third week of distributed denial of service (DDoS) attacks. Source: http://www.bankinfosecurity.com/ddos-citi-takes-post-holiday-hit-a-5384
Information Technology Sector
21. December 28, Softpedia – (International) Flaw in Facebook allowed attackers to record video of user and post it on the timeline. Researchers from XYSEC Labs identified a cross site request forgery (CSRF) vulnerability in Facebook that could allow an attacker to record video from the victim’s webcam or other source and then post it to the victim’s timeline. Source: http://news.softpedia.com/news/Flaw-in-Facebook-Allowed-Attackers-to-Record-Video-of-User-and-Post-It-on-the-Timeline-Video-317462.shtml
22. December 28, Softpedia – (International) New Android trojan capable of launching DDoS attacks, sending SMSs. Researchers from Doctor Web identified a new Android trojan dubbed “Android.DDoS.1.origin” that can execute malicious tasks such as using the infected device for distributed denial of service (DDoS) attacks and sending out SMS messages. Source: http://news.softpedia.com/news/New-Android-Trojan-Capable-of-Launching-DDOS-Attacks-Sending-SMSs-317524.shtml
23. December 28, Softpedia – (International) Security update released for IP.Board 3.4, 3.3, 3.2, and 3.1 to address critical issue. A security update was released by Invision Power Services (IPS) for versions 3.4, 3.3, 3.2, and 3.1 of the software after a critical security vulnerability was identified. IPS recommended that users apply the update immediately. Source: http://news.softpedia.com/news/Security-Update-Released-for-IP-Board-3-4-3-3-3-2-and-3-1-to-Address-Critical-Issue-317539.shtml
24. December 28, Softpedia – (International) XSS and cookie handling vulnerabilities identified on HTC website. A researcher uncovered three cross-site scripting (XSS) vulnerabilities as well as a cookie handling flaw on HTC’s Web site, which was addressed by the company after they were notified. Source: http://news.softpedia.com/news/XSS-and-Cookie-Handling-Vulnerabilities-Identified-on-HTC-Website-317621.shtml
25. December 28, Softpedia – (International) Cybercriminals are using digitally signed QQ component as an infection catalyst. FireEye researchers found in an attack analysis that cybercriminals used the QQLive.exe file as a means to load a malicious .dll file since the legitimate QQ messenger service installer is signed with a certificate from Tencent Technology. Source: http://news.softpedia.com/news/Cybercriminals-Are-Using-Digitally-Signed-QQ-Component-as-an-Infection-Catalyst-317646.shtml
26. December 27, Threatpost – (International) WordPress W3 Total Cache misconfiguration leaves some blogs vulnerable. A vulnerability was found in the W3 Total Cache plugin for WordPress which could allow anyone to browse and download the database cache keys and extract sensitive information from them, including passwords, if a directory listing is left enabled. Source: http://threatpost.com/en_us/blogs/misconfiguration-flaw-wordpress-leaves-some-blogs-vulnerable-122712
27. December 28, Ft. Lauderdale Sun-Sentinel – (Florida) Keyless car entry blocked by pirate radio station broadcasted from Hollywood bank roof. For several months, numerous individuals were unable to access their keyless car entry systems when their cars were parked near the Hollywood, Florida police station, due to an illegal pirate radio station being broadcast from the rooftop of a Hollywood bank that was blocking signals. Authorities found and confiscated the equipment but are still searching for the person who set up the illegal station. Source: http://www.huffingtonpost.com/2012/12/27/keyless-entry-blocked_n_2372306.html
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.