Thursday, February 14, 2013
   
Complete DHS Daily Report for February 14, 2013

Daily Report

Top Stories

• The contractor that operates the Y-12 facility in Oak Ridge was given unsatisfactory marks by the National Nuclear Security Administration for security, design, and building schedule issues. – Knoxville News Sentinel

7. February 11, Knoxville News Sentinel – (Tennessee) Security wasn’t the only problem; B&W Y-12 marked down for costly ($539M) UPF design failure, microwave woes. The contractor that operates the Y-12 facility in Oak Ridge was given unsatisfactory marks by the National Nuclear Security Administration for security, design, and building schedule issues.

Authorities believe the former Los Angeles Police officer that killed two individuals and wounded three others barricaded himself in a vacant cabin as he engaged police in a violent shootout that killed a sheriff’s deputy and injured another before the cabin went up in flames. – Associated Press

19. February 13, Associated Press – (California) AP source: Calif. driver’s license naming ex-LAPD cop found in burned cabin with body. Authorities believe the former Los Angeles Police (LAPD) officer that killed two individuals and wounded three others barricaded himself in a vacant cabin as he engaged police in a violent shootout that killed a sheriff’s deputy and injured another before the cabin went up in flames. Source: http://www.washingtonpost.com/national/ex-la-cop-believed-barricaded-in-scalif-cabin-miles-from-where-truck-found-2-officers-hurt/2013/02/12/2cdcf98c-7571-11e2-9889-60bfcbb02149_story.html?tid=pm_pop

• The U.S. President issued an Executive Order which aims to enable better protection of critical infrastructure information technology systems through sharing cybersecurity information among relevant government and private entities. – Wired.com See item 29 below in the Information Technology Sector

• A man was charged in the killing of two Japanese tourists using his vehicle, and for allegedly stabbing and injuring a dozen others. – Associated Press

32. February 13, Associated Press – (Guam) Police arrest man accused of mass stabbing in Guam. A man was charged in the killing of two Japanese tourists using his vehicle, and for allegedly stabbing and injuring a dozen others. Source: http://www.fortmilltimes.com/2013/02/12/2493421/3-dead-11-hurt-after-man-crashes.html

Details

Banking and Finance Sector

Nothing to report

Information Technology Sector

22. February 13, Softpedia – (International) Flash Player zero-day used to push “legal” surveillance malware. Researchers at Kaspersky have found the DaVinci surveillance tool using an Adobe Flash Player zero-day exploit to install spyware on computers owned by activists and political dissidents in several countries. Source: http://news.softpedia.com/news/Flash-Player-Zero-Day-Used-to-Push-Legal-Surveillance-Malware-329224.shtml

23. February 13, SC Magazine – (International) Flaws in Adobe Reader and Flash ‘exploited in the wild.’ Researchers from FireEye and Kaspersky reported new zero-day vulnerabilities being exploited in Adobe Reader and Adobe Flash. Source: http://www.scmagazineuk.com/flaws-in-adobe-reader-and-flash-exploited-in-the-wild/article/280166/

24. February 13, Softpedia – (International) Cybercriminals hide their malicious code by injecting it into JavaScript. Sophos researchers found a technique being used by cybercriminals to inject malware into JavaScript code hosted on legitimate Web sites. Source: http://news.softpedia.com/news/Cybercriminals-Hide-Their-Malicious-Code-by-Injecting-It-into-JavaScript-329197.shtml

25. February 13, Help Net Security – (International) Global malicious websites increase by 600%. A Websense Security Labs report detailed several findings regarding Web-based cyberattacks, including that legitimate hosting services hosted 85 percent of malicious sites. Source: http://www.net-security.org/malware_news.php?id=2411

26. February 13, Softpedia – (International) Ruby on Rails 3.2.12, 3.1.11, and 2.3.17 released to address security holes. New versions of Ruby on Rails were released to address a total of three vulnerabilities. Source: http://news.softpedia.com/news/Ruby-on-Rails-3-2-12-3-1-11-and-2-3-17-Released-to-Address-Security-Holes-329111.shtml

27. February 13, Softpedia – (International) Cryptome email, website and Twitter account hacked. Two hackers took credit for breaching the email, Web site, and Twitter account of Cryptome. The site and email were restored but the Twitter account remained under unauthorized control as of February 13. Source: http://news.softpedia.com/news/Cryptome-Email-Website-and-Twitter-Account-Hacked-329057.shtml

28. February 13, Help Net Security – (International) Flickr bug made users’ private photos public. A glitch allowed photos on Flickr marked “private” to be publicly seen for 20 days. Flickr later fixed the issue but the change in code to reset pictures caused issues for content owners. Source: http://www.net-security.org/secworld.php?id=14407

29. February 12, Wired.com – (National) Executive Order aims to facilitate sharing of information on threats. The U.S. President issued an Executive Order which aims to enable better protection of critical infrastructure information technology systems through sharing cybersecurity information among relevant government and private entities. Source: http://www.wired.com/threatlevel/2013/02/executive-order-cybersecurity/

30. February 12, Softpedia – (International) Four types of URLs used in 2013 BlackHole spam campaigns. Trend Micro researchers outline four kinds of URLs used in spam campaigns using the new version of the BlackHole exploit kit. Source: http://news.softpedia.com/news/Four-Types-of-URLs-Used-in-2013-BlackHole-Spam-Campaigns-328754.shtml

Communications Sector

31. February 12, Sun Sentinel – (Florida) Man sued after pirate radio broadcast interferes with airport tower. A Florida man without a license to broadcast was fined $20,000 for violating Federal Communication Commission regulations and interfering with air traffic control. Source: http://www.sun-sentinel.com/news/palm-beach/fl-pirate-radio-station-20130212,0,2106451.story



Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.