Thursday, February 14, 2013
Complete DHS Daily Report for February 14, 2013
• The contractor that operates the Y-12 facility in Oak Ridge was given unsatisfactory marks by the National Nuclear Security Administration for security, design, and building schedule issues. – Knoxville News Sentinel
7. February 11, Knoxville News Sentinel – (Tennessee) Security wasn’t the only problem; B&W Y-12 marked down for costly ($539M) UPF design failure, microwave woes. The contractor that operates the Y-12 facility in Oak Ridge was given unsatisfactory marks by the National Nuclear Security Administration for security, design, and building schedule issues.
• Authorities believe the former Los Angeles Police officer that killed two individuals and wounded three others barricaded himself in a vacant cabin as he engaged police in a violent shootout that killed a sheriff’s deputy and injured another before the cabin went up in flames. – Associated Press
19. February 13, Associated Press – (California) AP source: Calif. driver’s license naming ex-LAPD cop found in burned cabin with body. Authorities believe the former Los Angeles Police (LAPD) officer that killed two individuals and wounded three others barricaded himself in a vacant cabin as he engaged police in a violent shootout that killed a sheriff’s deputy and injured another before the cabin went up in flames. Source: http://www.washingtonpost.com/national/ex-la-cop-believed-barricaded-in-scalif-cabin-miles-from-where-truck-found-2-officers-hurt/2013/02/12/2cdcf98c-7571-11e2-9889-60bfcbb02149_story.html?tid=pm_pop
• The U.S. President issued an Executive Order which aims to enable better protection of critical infrastructure information technology systems through sharing cybersecurity information among relevant government and private entities. – Wired.com See item 29 below in the Information Technology Sector
• A man was charged in the killing of two Japanese tourists using his vehicle, and for allegedly stabbing and injuring a dozen others. – Associated Press
32. February 13, Associated Press – (Guam) Police arrest man accused of mass stabbing in Guam. A man was charged in the killing of two Japanese tourists using his vehicle, and for allegedly stabbing and injuring a dozen others. Source: http://www.fortmilltimes.com/2013/02/12/2493421/3-dead-11-hurt-after-man-crashes.html
Banking and Finance Sector
Nothing to report
Information Technology Sector
22. February 13, Softpedia – (International) Flash Player zero-day used to push “legal” surveillance malware. Researchers at Kaspersky have found the DaVinci surveillance tool using an Adobe Flash Player zero-day exploit to install spyware on computers owned by activists and political dissidents in several countries. Source: http://news.softpedia.com/news/Flash-Player-Zero-Day-Used-to-Push-Legal-Surveillance-Malware-329224.shtml
23. February 13, SC Magazine – (International) Flaws in Adobe Reader and Flash ‘exploited in the wild.’ Researchers from FireEye and Kaspersky reported new zero-day vulnerabilities being exploited in Adobe Reader and Adobe Flash. Source: http://www.scmagazineuk.com/flaws-in-adobe-reader-and-flash-exploited-in-the-wild/article/280166/
25. February 13, Help Net Security – (International) Global malicious websites increase by 600%. A Websense Security Labs report detailed several findings regarding Web-based cyberattacks, including that legitimate hosting services hosted 85 percent of malicious sites. Source: http://www.net-security.org/malware_news.php?id=2411
26. February 13, Softpedia – (International) Ruby on Rails 3.2.12, 3.1.11, and 2.3.17 released to address security holes. New versions of Ruby on Rails were released to address a total of three vulnerabilities. Source: http://news.softpedia.com/news/Ruby-on-Rails-3-2-12-3-1-11-and-2-3-17-Released-to-Address-Security-Holes-329111.shtml
27. February 13, Softpedia – (International) Cryptome email, website and Twitter account hacked. Two hackers took credit for breaching the email, Web site, and Twitter account of Cryptome. The site and email were restored but the Twitter account remained under unauthorized control as of February 13. Source: http://news.softpedia.com/news/Cryptome-Email-Website-and-Twitter-Account-Hacked-329057.shtml
28. February 13, Help Net Security – (International) Flickr bug made users’ private photos public. A glitch allowed photos on Flickr marked “private” to be publicly seen for 20 days. Flickr later fixed the issue but the change in code to reset pictures caused issues for content owners. Source: http://www.net-security.org/secworld.php?id=14407
29. February 12, Wired.com – (National) Executive Order aims to facilitate sharing of information on threats. The U.S. President issued an Executive Order which aims to enable better protection of critical infrastructure information technology systems through sharing cybersecurity information among relevant government and private entities. Source: http://www.wired.com/threatlevel/2013/02/executive-order-cybersecurity/
30. February 12, Softpedia – (International) Four types of URLs used in 2013 BlackHole spam campaigns. Trend Micro researchers outline four kinds of URLs used in spam campaigns using the new version of the BlackHole exploit kit. Source: http://news.softpedia.com/news/Four-Types-of-URLs-Used-in-2013-BlackHole-Spam-Campaigns-328754.shtml
31. February 12, Sun Sentinel – (Florida) Man sued after pirate radio broadcast interferes with airport tower. A Florida man without a license to broadcast was fined $20,000 for violating Federal Communication Commission regulations and interfering with air traffic control. Source: http://www.sun-sentinel.com/news/palm-beach/fl-pirate-radio-station-20130212,0,2106451.story
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.