Monday, February 25, 2013
Complete DHS Daily Report for February 25, 2013
• A major snowstorm affecting the Midwest caused multiple business and school closures as well as cancelled flights as some residents and travelers braced for up to 14 inches of snow. – FoxNews.com
8. February 22, FoxNews.com – (National) Major snow storm creates dangerous commute, canceled flights in Midwest. A major snowstorm with heavy winds travelling through the Midwest caused the cancellation of hundreds of flights and created commuting woes for travelers. Numerous businesses and schools were closed as some areas saw more than 14 inches of snow. Source: http://www.foxnews.com/weather/2013/02/22/major-snow-storm-promises-messy-dangerous-commute-in-midwest/
• Las Vegas Boulevard was closed for most of February 21 after a drive-by shooting resulted in a fiery crash, killing three individuals, and leaving several others injured. – Associated Press
11. February 22, Associated Press – (Nevada) Las Vegas Strip shooting: Police search for gunman, SUV. Police are searching for a black SUV involved in a drive-by shooting which triggered a fiery crash that killed three and injured at least six others. Las Vegas Boulevard remained closed for most of the day, leading to severe traffic. Source: http://www.huffingtonpost.com/2013/02/22/las-vegas-strip-shooting-_n_2739522.html
• An FBI report was released aimed to deter employee misbehavior by citing the misconduct, lewd behavior, and misuse of government property of more than 1,000 employees over the course of 12 years. – CNN
26. February 22, CNN – (National) FBI battling ‘rash of sexting’ among its employees. A report produced by the FBI goes on to cite over 1,000 employees for misconduct, lewd behavior, and inappropriate use of technology over the course of 2 years. The bureau hopes the report will deter misbehavior in the future. Source: http://www.cnn.com/2013/02/21/us/fbi-misbehavior/index.html?hpt=hp_c1
• The Federal Communications Commission released guidelines for wireless signal booster sales and use by more than two million consumers in an effort to address interference with wireless carriers and decreasing bandwidth from unlicensed devices. – Ars Technica See item 36 below in the Information Technology Sector
Banking and Finance Sector
3. February 22, Marlboro-Colts Neck Patch – (New Jersey) Colts Neck stock trader pleads guilty to $28 million securities fraud. A New Jersey stock trader was indicted for securities fraud. The stock broker who created fake loan agreements with corporations faces up to 25 years in prison. Source: http://marlboro-coltsneck.patch.com/articles/colts-neck-stock-trader-indicted-on-charges-of-28-million-securities-fraud
4. February 22, Associated Press – (Vermont) Dead Vt. College official target in $440,000 theft. A former active president of a Vermont college, accused of taking over $400,000 to pay down mortgages and add to his personal banking account, was found dead with injuries in keeping with a self-inflicted gunshot wound. Source: http://www.fox11online.com/dpp/news/national/Dead-Vt-college-official-target-in-440000-theft_96498353
5. February 21, Reuters – (New York) U.S. charges adviser in fraud tied to microcaps, NY horse firm. Authorities brought up criminal and civil fraud charges against a 73-year old investment adviser after he invested $120 million of client funds in private or illiquid companies for more than $3.35 million in fees and kickbacks. Source: http://articles.chicagotribune.com/2013-02-21/business/sns-rt-us-usa-crime-fraud-tagliaferribre91k191-20130221_1_criminal-charges-million-of-client-assets-client-money
6. February 21, Houston Business Journal – (Texas) Former Houston execs get 10 years for securities fraud. A fraudulent securities scheme which drew $30 million from investors, sold unregistered securities falsely claimed to be backed by life insurance policies and death benefits. Two executives of the company engaged in the scheme received 10 years in prison for their role. Source: http://www.bizjournals.com/houston/news/2013/02/21/former-houston-execs-get-10-years-for.html
Information Technology Sector
30. February 22, H Security – (International) Certified online banking trojan in the wild. An employee with Eset discovered trojans that could allow online banking access to spyware by successfully passing superficial tests. The flawed certificate and signature validations in question were produced by two companies that no longer exist. Source: http://www.h-online.com/security/news/item/Certified-online-banking-trojan-in-the-wild-1808898.html
31. February 22, Help Net Security – (International) OAuth flaw allowed researcher full access to any Facebook account. A researcher discovered a flaw in Facebook’s OAuth system that allows a hacker to access a user’s accounts and permits them to do anything within there. Facebook has since patched the flaw, although the researcher claims several other flaws still exist. Source: http://www.net-security.org/secworld.php?id=14468&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
32. February 22, Softpedia – (Florida) Florida community-owned utility company JEA hit by DDOS attack. A Jacksonville-based utility company, JEA had their Web site hacked February 17 and notified customers that their information was safeguarded. An external firm is conducting an investigation to target the source of the attack. Source: http://news.softpedia.com/news/Florida-Community-Owned-Utility-Company-JEA-Hit-by-DDOS-Attack-331846.shtml
33. February 22, Threatpost – (International) Chrome 25 fixes nine high-risk vulnerabilities. Google patched nine high-risk vulnerabilities in its Chrome browser as well as 12 other flaws with their release of Chrome 25. Source: http://threatpost.com/en_us/blogs/chrome-25-fixes-nine-high-risk-vulnerabilities-022213
34. February 22, H Security – (National) NBC.com hacked and served up malware. NBC.com was the target of the malware scheme, where the hacker embedded iFrames into the pages and infected the site as well as computers of those visiting the site. NBC has since cleaned up the malware although reports show affiliated sites were also affected. Source: http://www.h-online.com/security/news/item/NBC-com-hacked-and-served-up-malware-1808273.html
35. February 22, Help Net Security – (International) Zendesk hack endangers Tumblr, Twitter, and Pinterest users. Zandesk announced their system was hacked the week of February 22 and client information was taken, but they immediately patched the vulnerability and shut off access to the hacker. The company notified three of their customers of the breach who in turn emailed their users as a precaution. Source: http://www.net-security.org/secworld.php?id=14467&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
36. February 21, Ars Technica – (National) FCC orders 2M people to power down cell phone signal boosters. The Federal Communications Commission enacted rules governing the sale and operation of devices used to improve cellular phone signals: wireless signal boosters. The devices can cause interference with wireless carrier networks, further complicating the need for more bandwidth without regulating these devices. Source: http://arstechnica.com/information-technology/2013/02/fcc-orders-2m-people-to-power-down-cell-phone-signal-boosters/
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.