Tuesday, May 28, 2013
Complete DHS Daily Report for May 28, 2013
• The Industrial Control Systems Cyber Emergency Response Team released an advisory concerning two industrial control devices because they contain hard-coded backdoors that permit remote access. – The Register
2. May 24, The Register – (International) Feds slam hacker-friendly backdoors in jalopy, grub factories. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released an advisory outlining a security vulnerability in Turck BL20 and BL67 Programmable Gateways because they contain hard-coded backdoors that permit remote access. The devices are used in various manufacturing, agricultural, and food processing applications. Source: http://www.theregister.co.uk/2013/05/24/turck_industrial_control_backdoor/
• An employee of a foundry in Penn Township, Pennsylvania, entered the facility armed with an assault rifle and handgun, ordered employees to leave, and then fled before later surrendering to police. – Pittsburgh Tribune-Review
4. May 23, Pittsburgh Tribune-Review – (Pennsylvania) Suspect surrenders in Penn Township foundry evacuation. An employee of the Perma-Cast Inc. foundry in Penn Township entered the facility armed with an assault rifle and handgun, ordered employees to leave, and then fled before later surrendering to police. Source: http://triblive.com/news/westmoreland/4071066-74/police-smith-business#axzz2UDfo9Lyv
• A section of a bridge on Interstate 5 in Mount Vernon, Washington, collapsed, sending cars and people into the water. – ABC News
10. May 23, ABC News – (Washington) I-5 Bridge collapse over Skagit River in Washington sends cars, people into water. A section of a bridge on Interstate 5 in Mount Vernon, Washington, collapsed, sending cars and people into the water. Three people were taken to local hospitals and authorities were investigating the cause of the collapse. Source: http://abcnews.go.com/US/bridge-collapse-skagit-river-washington-sends-cars-people/story?id=19246280#.UZ9UTLWkr44
• A fire which started in the basement of the 74-unit Hilltop Place Apartments in Allouez, Wisconsin, displacing 107 people. – Green Bay Press Gazette
32. May 24, Green Bay Press Gazette – (Wisconsin) Allouez apartment complex fire leaves dozens homeless. More than 21 fire crews responded to a May 23 fire which started in the basement of the 74-unit Hilltop Place Apartments in Allouez and burned for 8 hours before being extinguished. Authorities were still investigating the cause of the blaze which left 107 people displaced in a building valued at $2.3 million. Source: http://www.greenbaypressgazette.com/article/20130523/GPG0101/305230287/Allouez-apartment-complex-fire-leaves-dozens-homeless
Banking and Finance Sector
5. May 23, WCNC 22 Charlotte – (North Carolina) CMPD busts financial theft ring accused of stealing $300K. State and federal authorities arrested 10 suspects and identified one other in an alleged stolen checks and identity theft network that stole more than $300,000. Source: http://www.wcnc.com/news/crime/CMPD-busts-financial-theft-ring-accused-of-stealing-300K-208685671.html
6. May 23, Associated Press – (North Carolina) Charlotte man pleads guilty to securities fraud. A Charlotte man pleaded guilty to running an $8.9 million Ponzi scheme through his hedge fun Maiden Capital Opportunity Fund. Source: http://www.wral.com/charlotte-man-pleads-guilty-to-securities-fraud/12479069/
For another story, see item 29 below in the Information Technology Sector
Information Technology Sector
28. May 24, The Register – (International) Microsoft exposes green users’ privates in web quiz snafu. A Web design issue on Microsoft’s Greener IT Challenge Web site left the names and email addresses of users easily accessible after users completed the site’s quiz. Microsoft resolved the issue. Source: http://www.theregister.co.uk/2013/05/24/ms_greener_it_test_spam_snafu/
29. May 23, SC Magazine – (International) Event ticketing company hacked, at least tens of thousands affected. Online ticketing company Vendini was the victim of a server attack that exposed tens of thousands of users’ credit card information, names, addresses, and email addresses. Source: http://www.scmagazine.com/event-ticketing-company-hacked-at-least-tens-of-thousands-affected/article/294677/
30. May 22, KTTC Rochester – (Minnesota) Thieves likely targeting copper, steal fiber optic cable. Thieves that hit an Olmsted County cell tower cut through two spools of fiber optic cable, stole expensive rope, and caused an estimated $100,000 worth of damage between May 20 and May 21. Source: http://www.kttc.com/story/22394245/2013/05/22/thieves-likely-targeting-copper-steal-fiber-optic-cable
31. May 22, Portsmouth Herald – (Maine; New Hampshire; Vermont) USA Telephone customers’ service shut off suddenly. Telephone and internet services to approximately 2,400 businesses and Maine, New Hampshire, and Vermont residents were suddenly cut off after Fairpoint Communications cut services May 21 due to local provider USA Telephone owing the company money. Source: http://www.seacoastonline.com/apps/pbcs.dll/article?AID=/20130522/NEWS/130529868/-1/NEWSMAP
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.