Monday, March
18, 2013
Complete DHS
Daily Report for March
18, 2013
Daily
Report
Top
Stories
• Boeing
announced steps to improve the safety of its 787 airliners, and found that
previous battery issues did not produce smoke, but rather a venting of hot
electrolyte due to a manufacturing fault. – The Register
6. March 15, The Register – (International) Boeing outlines fix for 787
batteries. Boeing announced steps to improve the safety of its787
airliners, and found that previous battery issues did not produce smoke, but
rather a venting of hot electrolyte due to a manufacturing fault, and did not
endanger the aircraft. Source: http://www.theregister.co.uk/2013/03/15/boeing_787_fix/
• Nineteen
people were arrested in three States and in Colombia and charged with
conspiring to launder tens of millions of dollars of narcotics money between
the U.S. and Colombia. – Associated Press See item 8 below in the Banking and Finance Sector
• A
study by Trend Micro using false industrial control system (ICS) ‘honeypots’
collected information on ICS attack techniques, and noticed differences in
attack types by country. – TechWeek Europe See item 28 below in the Information Technology Sector
• Setup
for a music festival was suspended after a row of video screens fell and
injured four, including two critically. – WPLG 10 Miami
43. March 14, WPLG 10 Miami – (Florida) Stage collapse at Ultra Music
Festival injures
4. Setup for a music festival was suspended after a row of
video screens fell and injured four, including two critically. It is unknown if
the festival, which begins March 15, will be impacted by the delay. Source: http://www.local10.com/news/Stage-collapse-at-Ultra-Music-Festival-injures-4/-/1717324/19324086/-/6tekej/-/index.html
Details
Banking
and Finance Sector
7. March 15, Philadelphia
Inquirer – (Pennsylvania) Serial
bandit pleads guilty in six bank heists. A man pleaded guilty to six bank
robberies in the Philadelphia region between 2009 and 2012. Source: http://www.philly.com/philly/news/pennsylvania/20130315_Serial_bandit_pleads_guilty_in_six_bank_heists.html
8. March 15, Associated
Press – (International) 19
charged in US in money laundering scheme. Nineteen people were arrested in
three States and in Colombia and charged with conspiring to launder tens of
millions of dollars of narcotics money between the U.S. and Colombia. Source: http://www.wsoctv.com/news/ap/crime/19-charged-in-us-in-money-laundering-scheme/nWsb7/
9. March 14, Associated
Press – (Kansas) Topeka man
admits writing thousands of bad checks. A business owner from Topeka
pleaded guilty to a check-kiting scheme that inflated his various bank account
balances by more than $600,000. Source: http://www.wibw.com/home/localnews/headlines/Topeka-Man-Admits-Writing-Thousands-Of-Bad-Checks--198381111.html
10. March 14, WFTX 4 Fort
Myers/Naples – (Florida) Cape Coral
realtor pleads guilty to bank fraud. A realtor pleaded guilty to committing
bank fraud after receiving investments and loans, including a more than $17
million loan that he defaulted on. Source: http://www.fox4now.com/news/local/198031821.html
Information
Technology Sector
27. March 15, Help Net
Security – (International) Seagate
blog compromised, leads to Blackhole and malware. Hard drive manufacturer
Seagate’s blog has been compromised and altered to redirect visitors to sites
hosting the Blackhole exploit kit. Source: http://www.net-security.org/malware_news.php?id=2440&
28. March 15, TechWeek Europe
– (International) China
hackers keenest on industrial control system attacks – Trend Micro. A
study by Trend Micro using false industrial control system (ICS) ‘honeypots’
collected information on ICS attack techniques, and noticed differences in
attack types by country. Source: http://www.techweekeurope.co.uk/news/china-hackers-industrial-systems-trend-110506
29. March 15, Softpedia – (International) It takes a company 243 days
to discover a sophisticated attack, study shows. A report by Mandiant
focusing on advanced persistent threats (APTs) outlined several findings,
including that there are on average 243 days between an attacker gaining access
and when the attack is uncovered. Source: http://news.softpedia.com/news/It-Takes-a-Company-243-Days-to-Discover-a-Sophisticated-Attack-Study-Shows-337342.shtml
30. March 15, The H – (International) Another crypto-attack on
SSL/TLS encryption. Researchers have developed an attack for use against
the SSL/TLS encryption algorithm used in secure internet connections. The
attack remains theoretical, but could form the basis for future attacks.
Source: http://www.h-online.com/security/news/item/Another-crypto-attack-on-SSL-TLS-encryption-1823227.html
31. March 15, V3.co.uk – (International) Android users hit by
evolved NotCompatible malware attack. A new version of the NotCompatible
malware for Android has been found by researchers, peaking at around 20,000
detections a day. Source: http://www.v3.co.uk/v3-uk/news/2255154/android-users-hit-by-evolved-notcampatible-malware-attack
32. March 15, The H – (International) Puppet updates close
security holes. Puppet Labs released updates for their open source and
enterprise editions that close several security vulnerabilities. Source: http://www.h-online.com/security/news/item/Puppet-updates-close-security-holes-1823672.html
33. March 15, Threatpost – (International) Apple fixes OS X flaw that
allowed Java apps to run with plugin disabled. Apple released several
security updates for its OS X operating system, as well as a new version of its
malware removal tool. Source: http://threatpost.com/en_us/blogs/apple-fixes-os-x-flaw-allowed-java-apps-run-plugin-disabled-031513
34. March 14, The Register – (International) Downed US vuln catalog
infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion
software allowed the National Vulnerability Database and other National
Institute for Standards and Technology (NIST) Web sites to be infected with
malware, prompting NIST to take them offline. Source: http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/
35. March 14, The H – (International) AVG anti-virus software
mistakes Windows system file for a trojan. AVG anti-virus incorrectly
identified a Windows system file as a trojan for part of the day March 14,
causing users to be unable to boot their computers. Source: http://www.h-online.com/security/news/item/AVG-anti-virus-software-mistakes-Windows-system-file-for-a-trojan-1823171.html
36. March 14, IDG News
Service – (California) Former
Tribune staffer accused of conspiring in Anonymous hack. A former Web
producer for the Tribune Company was indicted for allegedly aiding hackers from
the Anonymous collective in gaining access to a Tribune server. Source: http://www.computerworld.com/s/article/9237616/Former_Tribune_staffer_accused_of_conspiring_in_Anonymous_hack
37. March 14, Softpedia – (International) 9,776 vulnerabilities
identified in 2012, Secunia study finds. Secunia’s 2013 Vulnerability
Review was released, detailing findings on security vulnerabilities in 2012. Source:
http://news.softpedia.com/news/9-776-Vulnerabilities-Identified-in-2012-Secunia-Study-Finds-337212.shtml
Communications
Sector
38. March 14, WTAQ 1360 AM Green Bay – (Wisconsin) Internet out of service for
main in Rhinelander, Lake Tomahawk, and Merrill areas. A fiber optic line
was cut March 14, interrupting internet, voice mail, data circuits, and basic
telephone services to around 8,000 customers for more than 3 hours. Source: http://wtaq.com/news/articles/2013/mar/14/internet-out-of-service-for-many-in-rhinelander-lake-tomahawk-and-merrill-areas-thursday/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.