Tuesday, May 7, 2013   

Complete DHS Daily Report for May 7, 2013

Daily Report

Top Stories

 • BMW announced the recall of 42,000 model year 2002-2003 3-Series vehicles due to an airbag issue that has prompted recalls from several other manufacturers totaling 3.4 million recalled vehicles. – Detroit News

7. May 6, Detroit News – (National) BMW joins massive airbag recall. BMW announced the recall of 42,000 model year 2002-2003 3-Series vehicles due to an airbag issue that has prompted recalls from several other manufacturers totaling 3.4 million recalled vehicles. Source: http://www.detroitnews.com/article/20130506/AUTO0104/305060385/1148/auto01/BMW-joins-massive-airbag-recal

 • An Algerian man arrested in Thailand was extradited to the U.S. to face charges for allegedly operating botnets composed of machines infected with the SpyEye banking trojan and hijacking accounts at more than 200 banks and financial services institutions. – Wired See item 9 below in the Banking and Finance Sector

 • Authorities offered an award for individuals involved in the April theft of 559 pounds of explosives that were stolen from a U.S. Forest Service storage bunker near Red Lodge, Montana. – Billings Gazette

30. May 4, Billings Gazette – (Montana) $5,000 reward: Explosives stolen from Forest Service. Authorities are still searching for individuals involved in the April theft of 559 pounds of explosives that were stolen from a U.S. Forest Service storage bunker near Red Lodge. The federal Bureau of Alcohol, Tobacco, Firearms and Explosives is offering a $5,000 reward for information leading up to the arrest of those responsible. Source: http://elkodaily.com/news/reward-explosives-stolen-from-forest-service/article_d1193c2c-b446-11e2-9fd5-0019bb2963f4.html

 An attack on the U.S. Department of Labor’s Web site the week of April 30 utilized a previously unknown exploit for the Internet Explorer (IE) 8 browser, and was found to also have been used in other watering hole attacks on aerospace, defense, and non-profit organization Web sites. – Help Net Security See item 36 below in the Information Technology Sector

Details

Banking and Finance Sector

9. May 3, Wired.com – (International) Alleged ‘SpyEye’ botmaster ends up in America, handcuffs. An Algerian man arrested in Thailand was extradited to the U.S. to face charges for allegedly operating botnets composed of machines infected with the SpyEye banking trojan and hijacking accounts at more than 200 banks and financial services institutions. Source: http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/

10. May 2, Reuters – (National) US SEC warns investors of oil and gas scams. The U.S. Securities and Exchange Commission issued a warning to investors over the increasing number of fraud schemes involving oil and gas ventures. Source: http://www.energytribune.com/76458/us-sec-warns-investors-of-oil-and-gas-scams#sthash.abGhzfJI.dpbs

Information Technology Sector

36. May 6, Help Net Security – (International) IE8 0-day used in watering hole attacks. An attack on the U.S. Department of Labor’s Web site the week of April 30 utilized a previously unknown exploit for the Internet Explorer (IE) 8 browser, and was found to also have been used in other watering hole attacks on aerospace, defense, and non-profit organization Web sites. Source: http://www.net-security.org/secworld.php?id=14867

37. May 6, Softpedia – (International) Experts identify 9 full sandbox bypass exploits affecting IBM Java. Researchers at Security Explorations discovered five new and four improperly addressed exploits for IBM’s Java sandbox, allowing a complete bypass of the sandbox. Source: http://news.softpedia.com/news/Experts-Identify-9-Full-Sandbox-Bypass-Issues-Affecting-IBM-Java-351038.shtml

38. May 6, Softpedia – (International) Critical security updates released for IP.Board 3.2.x, 3.3.x and 3.4.x. Invision Power Services released updates for three IP.Board versions and advised users to apply the patches to close a critical security vulnerability that could allow unauthorized access to administrator accounts. Source: http://news.softpedia.com/news/Critical-Security-Updates-Released-for-IP-Board-3-2-x-3-3-x-and-3-4-x-351041.shtml

For another story, see item 9 above in the Banking and Finance Sector

Communications Sector 

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.