Wednesday, March 27, 2013
Complete DHS Daily Report for March 27, 2013
• A severe storm knocked out power to 50,000 customers in central Florida, impeding traffic and taking down service at a local radio station. – Orlando Sentinel
3. March 25, Orlando Sentinel – (Florida) Fierce storms knock out power, uproot trees across area. A storm producing high winds gusts knocked out power to 50,000 customers in central Florida, impeding traffic and taking down service at a local radio station. Source: http://www.orlandosentinel.com/news/local/breakingnews/os-weather-orlando-20130323,0,1036094.story
• Close to 1,000 passengers at Reno-Tahoe International Airport had to go through security a second time because two passengers mistakenly entered a secure area. – Associated Press
21. March 25, Associated Press – (Nevada) Flights delayed after Reno airport security breach; incident prompted by “innocent mistake.” Around 1,000 passengers at Reno-Tahoe International Airport had to go through security a second time because two passengers mistakenly entered a secure area. Flights were also delayed for over an hour because of the security breach. Source: http://www.washingtonpost.com/lifestyle/travel/flights-delayed-after-reno-airport-security-breach-incident-prompted-by-innocent-mistake/2013/03/25/29b55a54-957b-11e2-95ca-dd43e7ffee9c_story.html
• Research published by Websense reports that 93 percent of Web browser users are vulnerable to common Java exploits because they are not using a current version of Java. – Softpedia See item 34 below in the Information Technology Sector
• A March 25 underground natural gas leak led to the evacuation and relocation of a Phoenix Holiday Inn‟s 140 guests and staff. – KTVK 3 Phoenix
45. March 25, KTVK 3 Phoenix – (Arizona) Holiday Inn gas leak in north Phoenix forces evacuation. A March 25 underground natural gas leak led to the evacuation and relocation of a Phoenix Holiday Inn‟s 140 guests and staff. Investigators discovered 100% saturation in parts of the hotel and kept the hotel and roads closed for several hours to reduce potential fires and explosions. Source: http://www.azfamily.com/news/local/Gas-leak-sparks-evacuation-at-Phoenix-hotel-199850321.html
Banking and Finance Sector
12. March 25, Minneapolis Star Tribune – (Minnesota) Tax scam allegedly run from Minnesota prison. The IRS and other authorities are investigating a tax refund fraud scheme allegedly run by Minnesota prison inmates and their not-incarcerated accomplices. The investigation involves hundreds of falsified tax returns from between 2006 and 2012. Source: http://www.startribune.com/local/199958841.html
13. March 25, KHOU 11 Houston – (Texas) 9 arrested for identity theft, credit card fraud after multi-agency raid. Authorities raided residences in Harris, Fort Bend, and Waller counties and arrested nine Cuban nationals accused of running an identity theft and credit card fraud ring. Hundreds of cards as well as encoding equipment and personal information were seized during the raids. Source: http://www.khou.com/news/crime/9-arrested-after-multi-agency-raid-for-identity-theft-credit-card-fraud--199934531.html
14. March 25, Sacramento Business Journal – (California) Ex-Sacramento loan officer suspected of mortgage fraud. A former Sacramento loan officer was indicted and accused of originating $5 million in loans for a mortgage fraud scheme that involved straw buyers and led to the foreclosure of eight houses. Source: http://www.bizjournals.com/sacramento/news/2013/03/25/ex-loan-officer-suspected-of-mortgage.html
15. March 25, Atlanta Journal Constitution – (Georgia; Colorado) „Clearinghouse Bandit‟ believed to be in Atlanta area. The FBI stated that the suspect known as the “Clearinghouse Bandit,” wanted for 13 bank robberies in Colorado, may now be in the Atlanta area. Source: http://www.ajc.com/news/news/clearing-house-bandit-believed-to-be-in-atlanta-ar/nW38L/
16. March 21 Wall Street Journal – (International) Web money gets laundering rule. The U.S. Department of the Treasury‟s Financial Crimes Enforcement Network announced that it will apply money laundering regulations to virtual currencies such as Bitcoin due to concern regarding their use in funding illicit activities. Source: http://online.wsj.com/article/SB10001424127887324373204578374611351125202.html?mod=WSJ_Tech_LEFTTopNews
Information Technology Sector
34. March 26, Softpedia – (International) Websense: Over 93% of endpoints vulnerable to latest Java exploit. Research from Websense found that 93 percent of Web browser users are vulnerable to common Java exploits because they are not using a current version of Java, making them easy targets for unsophisticated attackers using Cool or other exploit kits. Source: http://news.softpedia.com/news/Websense-Over-93-of-Endpoints-Vulnerable-to-Latest-Java-Exploit-340306.shtml
35. March 26, Help Net Security – (International) Activists now targeted with trojanized
backdoor apps. Researchers from Kaspersky Lab identified a targeted attack on Uyghur and Tibetan activists that sends a malicious backdoor Android app to targets‟ mobile devices, the first use the researchers have seen of a targeted attack against mobile devices. Source: http://www.net-security.org/malware_news.php?id=2446
36. March 25, Softpedia – (International) Grum spam botnet is slowly recovering after takedown, experts warn. Spider Labs researchers found that the cybercriminals behind the Grum botnet have begun reinstating command and control (C&C) servers, and spotted a steady increase in spam sent by the botnet. Source: http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-Takedown-Experts-Warn-340125.shtml
37. March 25, eWeek – (International) Slow Android phone patching prompts vulnerability report. A researcher released details on four vulnerabilities in Android on Samsung phones after having reported the vulnerabilities to Samsung in January. Source: http://www.eweek.com/security/slow-android-phone-patching-prompts-vulnerability-report/
38. March 25, Threatpost – (International)Lime Pop emerges as the latest strain of Android Enesoluty malware. Symantec identified a new variant of the Android.Enesoluty data-stealing malware, spread through an app called Lime Pop. The group behind Enesoluty has been active since summer 2012 and has registered more than 100 domains to host the malicious apps. Source: http://threatpost.com/en_us/blogs/lime-pop-emerges-latest-strain-android-enesouty-malware-032513
39. March 25, The H – (International) MongoDB: Exploit on the net, Metasploit in the making. An exploit for the MongoDB 2.2.3 database that can allow attackers to inject and execute code was published by a researcher. Source: http://www.h-online.com/security/news/item/MongoDB-Exploit-on-the-net-Metasploit-in-the-making-Update-1829690.html
40. March 25, The H – (International) Weak keys in NetBSD. The developers of the NetBSD Unix operating system released a kernel update to fix an issue where systems would generate weak, easily-cracked cryptographic keys. Source: http://www.h-online.com/open/news/item/Weak-keys-in-NetBSD-1829336.html
41. March 24, Network World – (International) Hackers steal photos, turn wi-fi cameras into remote surveillance device. Researchers from ERNW demonstrated various methods to remotely steal photos, turn cameras on, and execute denial of service (DoS) attacks against Wi-Fi-enabled Canon EOS-1D X cameras. Source: http://www.networkworld.com/community/node/82716
42. March 24, The Register – (International) T-Mobile patches Wi-Fi eavesdrop vuln. T-Mobile patched a vulnerability in its Wi-Fi calling feature that left users susceptible to man-in-the-middle attacks. Source: http://www.theregister.co.uk/2013/03/24/t_mobile_wi_fi_calling_bug/
43. March 21, Associated Press – (Oregon) Copper thieves cut phone, net service in Oregon town. The theft of copper utility cables from electrical poles left some 500 customers in Ruch without Internet and phone services. Source: http://www.newstimes.com/news/crime/article/Copper-thieves-cut-phone-net-service-in-Ore-town-4373524.php
For another story, see item 3 above in Top Stories
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.