Thursday, April 11, 2013
Complete DHS Daily Report for April 11, 2013
• Exxon Mobil was ordered to pay New Hampshire $236 million after a jury found them liable for negligence in adding an additive to their gasoline that contaminated groundwater. – Associated Press
3. April 9, Associated Press – (New Hampshire) Exxon Mobil to pay $236M in NH pollution case. Exxon Mobil was ordered to pay New Hampshire $236 million after a jury found them liable for negligence in adding an additive to their gasoline that contaminated groundwater. Experts believe the estimated number of contaminated wells could exceed 5,000. Source: http://news.msn.com/us/exxon-mobil-to-pay-dollar236m-in-nh-pollution-case
• A spring storm continued moving east, bringing snow, high winds, and travel disruptions across the West and Midwest. – Associated Press
12. April 10, Associated Press – (National) Spring storm delivers snow, winds; delays travel. A spring storm that brought snow and high winds caused travel disruptions in the West and Midwest April 9. Wyoming officials closed portions of two Interstates, government and school functions were postponed in Kansas, South Dakota, and Minnesota, and flights into Chicago were delayed by an average of 4 hours. Source: http://www.cbsnews.com/8301-201_162-57578597/spring-storm-delivers-snow-winds-delays-travel-from-wyoming-to-chicago/
• A man entered the Parks Medical Centers building in Detroit and opened fire before the building erupted in flames. Two individuals were found dead in the building’s debris. – Associated Press
26. April 10, Associated Press – (Michigan) Two dead after shooting, blaze at Detroit medical facility. A man entered the Parks Medical Centers building in Detroit April 9 and opened fire, sending patients and staff running out the door before the building erupted in flames. Authorities found the remains of two bodies among the debris and are investigating the incident. Source: http://usnews.nbcnews.com/_news/2013/04/10/17682861-two-dead-after-shooting-blaze-at-detroit-medical-facility
• Fourteen people were injured April 9 before police arrested a suspect after he went on a stabbing spree at Lone Star Community College System’s Cy-Fair campus in Cypress. – ABC News
31. April 9, ABC News – (Texas) Texas college stabbing spree suspect planned attack, police say. Fourteen people were injured April 9 before police arrested a suspect after he went on a stabbing spree at Lone Star Community College System’s Cy-Fair campus in Cypress. Authorities are still investigating the incident. Source: http://abcnews.go.com/US/14-people-stabbed-lone-star-community-college-texas/story?id=18915596#.UWVzjZPvtKB
Banking and Finance Sector
8. April 9, Chicago Sun-Times – (Illinois) Suspect charged in latest ‘Mummy Bandit’ bank heist. The FBI charged a man with bank robbery who may be the “Mummy Bandit” suspected of robbing five banks in the Chicago area. Source: http://www.suntimes.com/news/crime/19379677-418/suspect-charged-in-latest-mummy-bandit-bank-heist.html
9. April 9, Federal Bureau of Investigation – (Pennsylvania; New Jersey) New Jersey man added to multi-million-dollar mortgage fraud case. A New Jersey man was charged April 9 for his alleged involvement in a $20 million mortgage fraud scheme involving more than 100 properties in Philadelphia, making him the fifth person charged. Source: http://www.fbi.gov/philadelphia/press-releases/2013/new-jersey-man-added-to-multi-million-dollar-mortgage-fraud-case
10. April 9, New York Times – (National) KPMG cancels audits over insider trading inquiry. Accounting firm KPMG fired an auditor that admitted that he had given nonpublic information to a third party for use in stock trading, prompting KPMG to cancel audit reports on Herbalife and Skechers from recent fiscal years. Source: http://dealbook.nytimes.com/2013/04/09/kpmg-said-to-resign-as-herbalifes-auditor-over-investigation/
11. April 9, Great Neck Patch – (New York) Great Neck Plaza mortgage co. accused of fraud. The federal government filed suit against Golden First Mortgage Corp. of Great Neck Plaza for allegedly being reckless in issuing loans and for falsifying Housing and Urban Development compliance information, leading to $12 million in losses. Source: http://greatneck.patch.com/articles/suit-alleges-practice-of-fraudulent-loan-certification-resulting-in-at-least-12-million-in-losses-on-fha-insured-loans
Information Technology Sector
37. April 10, The H – (International) Social Media Widget for WordPres a source of spam. Researchers at Securi discovered that WordPress Social Media Widget version 4.0 had malicious code added to it that injects spam advertisements into Web sites and recommended that over 900,000 users disable or remove the widget. Source: http://www.h-online.com/security/news/item/Social-Media-Widget-for-WordPress-a-source-of-spam-1838405.html
38. April 9, IDG News Service – (International) Glitch hits Apple’s iMessage, Facetime. Apple’s Facetime and iMessage services experienced disruptions for several hours April 9. Source: http://www.networkworld.com/news/2013/040913-glitch-hits-apple39s-imessage-268563.html
39. April 9, CNET News – (International) Vudu resets users’ passwords after hard drives lost in office burglary. Video service Vudu reset user passwords after April 9 following a March 24 break-in at the company’s offices in which thieves made off with hard drives containing sensitive customer information. Source: http://news.cnet.com/8301-1009_3-57578766-83/vudu-resets-user-passwords-after-hard-drives-lost-in-office-burglary/
40. April 9, CSO Online – (International) CAMP for Chrome catches 99% of malware, Google says. Google researchers presented a paper at the Network and Distributed System Security Symposium showing how their content-agnostic malware prediction system (CAMP) uses client- and server-side techniques to block almost all malware. Source: http://www.networkworld.com/news/2013/040913-camp-for-chrome-catches-99-268529.html
41. April 9, V3.co.uk – (International) Adobe posts fixes for ColdFusion, Flash and Shockwave. Adobe released patches closing several vulnerabilities in its Flash, ColdFusion, and Shockwave products. Source: http://www.v3.co.uk/v3-uk/news/2260334/adobe-posts-fixes-for-coldfusion-flash-and-shockwave
42. April 9, Threatpost – (International) Pwn2Own IE vulnerabilities missing from Microsoft Patch Tuesday updates. The patches released for Microsoft’s Internet Explorer (IE) browser in an April 9 Patch Tuesday update did not include fixes for vulnerabilities discovered during the February Pwn2Own competition. Source: http://threatpost.com/en_us/blogs/pwn2own-ie-vulnerabilities-missing-microsoft-patch-tuesday-updates-040913
43. April 9, TechWorld – (International) SQL injection flaws easy to find and exploit, Veracode report finds. Veracode’s latest State of Software Security report revealed a number of findings on software security, including that only 13 percent of submitted Web applications passed a generic list of security problems. Source: http://www.networkworld.com/news/2013/040913-sql-injection-flaws-easy-to-268539.html
44. April 9, PC Magazine; Ars Technica – (International) LulzSec hackers plead guilty to hacks on Nintendo, Sony, more. Three members of the LulzSec hacking group that attacked media, government, and security firms pleaded guilty to computer security charges in the U.K. Source: http://www.pcmag.com/article2/0,2817,2417574,00.asp
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.