Tuesday, March 26, 2013
Complete DHS Daily Report for March 26, 2013
Daily Report
Top Stories
• Several streets were closed and buildings
evacuated in downtown Louisville when an electrical fire caused at least four
underground explosions. – Louisville Courier-Journal
12.
March 23, Louisville Courier-Journal –
(Kentucky) Underground fire causes downtown explosions, leave crater in
Seventh Street. Several blocks and streets were evacuated and closed for a
number of hours in downtown Louisville when an electrical fire caused at least
four underground explosions. The city's police headquarters was also evacuated.
Source: http://www.courier-journal.com/article/20130323/NEWS01/303230045/Underground-explosions-close-several-blocks-downtown-Louisville
• The cause of a diesel fuel spill near
Willard Bay State Park remains under investigation after emergency crews
removed more than 21,000 gallons of contaminant. – Associated Press
16.
March 24, Associated Press – (Utah) Chevron
fuel spill in Utah much worse than thought. The cause of a diesel fuel
spill near Willard Bay State Park remains under investigation as estimates were
revised from 6,000 gallons of spilled fuel to possibly 27,000 gallons. As of
March 22, emergency crews have removed more than 21,000 gallons and estimate up
to 6,500 gallons may remain. Source: http://www.sfgate.com/news/texas/article/Chevron-fuel-spill-in-Utah-much-worse-than-thought-4380552.php
• Forty four individuals were indicted in a
health care fraud scheme for allegedly helping bribe physicians and medical
professionals in exchange for prescriptions for patients. – Softpedia
19.
March 25, Softpedia – (National) US
authorities indict 44 for role in healthcare fraud scheme. Forty four
individuals were indicted in a health care fraud scheme for allegedly helping
bribe physicians and medical professionals in exchange for prescriptions for
patients with private insurance, Medicaid, and Medicare. Pharmacies along with
healthcare agency owners were aiding by facilitating the submissions to fake
claims to the insurers. Source: http://news.softpedia.com/news/US-Authorities-Indict-44-People-for-Role-in-Healthcare-Fraud-Scheme-339887.shtml
• AhnLab stated that the malware that spread
through South Korean banking and communications Web sites was distributed via
compromised patch management systems. – The Register See item 26 below in the Information Technology Sector
Details
Banking and Finance Sector
5. March
23, Softpedia – (International) Three UK men jailed for stealing millions of
euros worth of carbon credits. Authorities in the United Kingdom sentenced
three members of a hacking ring that compromised the Web sites of several
financial institutions and illegally transferred about $10 million worth of
carbon credits. Source: http://news.softpedia.com/news/Three-UK-Men-Jailed-for-Stealing-Millions-of-Euros-Worth-of-Carbon-Credits-339777.shtml
6. March
23, WABC 7 New York City – (New York) 4 arrested in alleged debit
card scheme. Four individuals were arrested in New York City for allegedly
stealing more than $300,000 using fraudulent debit cards. Source: http://abclocal.go.com/wabc/story?section=news/local/new_york&id=9038333
7. March
23, Jersey Journal – (New Jersey) Former Kearny councilman charged in $13M
mortgage fraud scam. The FBI arrested and charged a former Kearney councilman
for involvement in an alleged mortgage fraud scheme that used straw buyers to
obtain $13 million. Source: http://www.nj.com/jjournal-news/index.ssf/2013/03/former_kearny_councilman_charg.html
8. March
22, SC Magazine – (International) VSkimmer trojan steals card data on
point-of-sale systems. A new trojan called VSkimmer is capable of infecting
Windows systems and stealing financial information from any point of sale (PoS)
devices attached to infected systems. VSkimmer appears to be similar to the
Dexter PoS malware and to spread via USB devices. Source: http://www.scmagazine.com/vskimmer-trojan-steals-card-data-on-point-of-sale-systems/article/285725/
9. March
22, WAFF 48 Huntsville – (Alabama; Tennessee) 'Ball Cap Bandit'
goes before judge. The suspect known as the "Ball Cap Bandit" was
arrested and held on suspicion of involvement in at least eight bank robberies
in Tennessee and northern Alabama. Source: http://www.waff.com/story/21768363/ball-cap-bandit-goes-before-judge
Information Technology Sector
26. March
25, The Register – (International) South Korea data-wipe malware spread by patching
system. South Korean antivirus firm AhnLab stated that the malware that
spread through banking and communications Web sites in that country was
distributed via compromised patch management systems and delivered to targets
as if it were a legitimate software update. Source: http://www.theregister.co.uk/2013/03/25/sk_data_wiping_malware_latest/
27. March
25, Threatpost – (International) XSS flaw in WordPress plugin allows injection
of malicious code. A vulnerability in the WP Banners Lite plugin for WordPress
can allow attackers to inject malicious HTML or Javascript on vulnerable Web
sites. Source: http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513
28. March
25, Infosecurity – (International) Phishers can disguise links with Javascript. A
researcher disclosed a Javascript method that can be used to show a different
URL when a user hovers over a link in a phishing email, disguising the
malicious link's destination to appear legitimate. Source: http://www.infosecurity-magazine.com/view/31430/phishers-can-disguise-their-links-with-javascript
29. March
22, Threatpost – (International) Command and control used in Sanny APT attacks
shut down. Security firm FireEye and South Korean authorities shut down a compromised
message board that was hosting a command and control channel for the Sanny
malware campaign. Source: http://threatpost.com/en_us/blogs/command-and-control-used-sanny-apt-attacks-shut-down-032213
30. March
22, Threatpost – (International) Apple takes tool offline after new security
hole surfaces. Apple took down its iForgot password reset tool after a
vulnerability was discovered that could allow unauthorized access to user
accounts. Source: http://threatpost.com/en_us/blogs/apple-takes-tool-offline-after-new-security-hole-surfaces-032213
31. March
22, Symantec – (International) New Tidserv variant downloads 50 MB Chromium
embedded framework. A new variant of the Tidserv malware was observed to
utilize the legitimate Chromium Embedded Framework (CEF), downloading the
framework onto infected systems. Source: http://www.symantec.com/connect/blogs/new-tidserv-variant-downloads-50-mb-chromium-embedded-framework
Communications Sector
32. March
23, Allentown Morning Call– (Pennsylvania) Police: Men stole $10,000
worth of Verizon utility line. Two men were charged in Montgomery County
with theft, receiving stolen property, and conspiracy for a December 2012 theft
of $10,000 worth of copper utility cable after they were spotted by a Verizon
utility worker. Source: http://www.mcall.com/news/local/police/mc-m-franconia-cable-theft-20130323,0,3160740.story
33. March
22, TV News Check– (Arizona) KPHO goes dark during March Madness. KPHO
Phoenix, a CBS affiliate, suffered a transmitter failure which caused the TV
station to be off the air for more than 24 hours. Source: http://www.tvnewscheck.com/article/66359/kpho-goes-dark-during-march-madness
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.