Thursday, May 30, 2013
Complete DHS Daily Report for May 30, 2013
• The Attorney General’s Office announced two Mercer County gas stations are among six being sued by New Jersey for allegedly selling aviation fuel to unknowing drivers. – Times of Trenton
2. May 28, Times of Trenton – (New Jersey) Two Mercer County gas stations sued for selling aviation fuel instead of gasoline. The Attorney General’s Office announced two Mercer County gas stations are among six being sued by New Jersey for allegedly selling aviation fuel to unknowing drivers. The suit determined the stations were aware the 65,000 gallons of discounted fuel they purchased from Zephyr Oil, a Brooklyn-based fuel distributer, was aviation fuel and was sold as unleaded regular, plus, or premium fuel to consumers. Source: http://www.nj.com/mercer/index.ssf/2013/05/two_mercer_county_gas_stations.html
• A 45-car train carrying chemicals derailed and hit a garbage truck outside of Baltimore, Maryland triggering an explosion that damaged some industrial buildings, forced authorities to evacuate a 20-block area, and left 4 people injured. – USA Today
8. May 28, USA Today – (Maryland) Freight train derails, explodes near Baltimore. A 45-car train carrying chemicals derailed and hit a garbage truck outside of Baltimore. Fifteen cars derailed and two caught fire which triggered an explosion that damaged some industrial buildings, forced authorities to evacuate a 20-block area, and left 4 people injured. Source: http://www.usatoday.com/story/news/nation/2013/05/28/train-derails-in-maryland-explosion-reported/2366957/
• Wal-Mart Stores pleaded guilty to charges of six counts of violating the Clean Water Act in California and one count of violating a federal law related to pesticide disposal in Missouri, agreeing to pay nearly $82 million in fines. – New York Times
19. May 28, New York Times– (California; Missouri) Wal-Mart is fined $82 Million over mishandling of hazardous wastes. Wal-Mart Stores pleaded guilty May 28 to charges of six counts of violating the Clean Water Act in California and one count of violating a federal law related to pesticide disposal in Missouri, agreeing to pay nearly $82 million in fines. Source: http://www.nytimes.com/2013/05/29/business/wal-mart-is-fined-82-million-over-mishandling-of-hazardous-wastes.html?_r=0
• A hacker who identified with the Anonymous hacktivist label pleaded guilty to participating in several attacks in 2010 and 2011, including attacks against law enforcement computer systems and analysis company Stratfor. – IDG News Service See item 38 below in the Information Technology Sector
• The Anaheim, California police department reported a small explosion from an apparent dry ice bomb forced them to evacuate the Toontown area of Disneyland. – Los Angeles Times
45. May 28, Los Angeles Times – (California) Disneyland’s Toontown evacuated after explosion. The Anaheim Police Department reported a small explosion from an apparent dry ice bomb May 28 that forced them to evacuate the Toontown area of Disneyland for 2 hours and were investigating the event’s ties to a recent string of similar incidents. Source: http://www.latimes.com/news/local/la-me-0529-disney-explosion-20130529,0,4347205.story
Banking and Finance Sector
5. May 29, Santa Rosa Press Democrat – (California) Suspected ‘Hoodie Bandit’ arrested in Santa Rosa. Santa Rosa police arrested a man believed to be the “Hoodie Bandit” responsible for three robberies at bank counters inside grocery stores. Source: http://www.pressdemocrat.com/article/20130528/ARTICLES/130529538
6. May 28, Torrance Daily Breeze – (California) Make It Quick Bandit robs same San Pedro bank for the third time. A suspect known as the “Make It Quick Bandit” robbed the same U.S. Bank branch inside a Vons supermarket in San Pedro that he had previously robbed twice before, his eleventh robbery in total. Source: http://www.dailybreeze.com/news/ci_23339959/make-it-quick-bandit-robs-same-san-pedro
7. May 28, Reuters – (National) Former KPMG partner plead guilty to insider trading scheme. A former senior partner at accounting firm KPMG pleaded guilty to participating in insider trading with others that netted a total of $2.5 million. Source: http://www.reuters.com/article/2013/05/29/us-kpmg-trading-idUSBRE94S00720130529
Information Technology Sector
34. May 29, IDG News Service – (International) Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet. A vulnerability in Ruby on Rails that was patched in January has been seen being exploited by attackers to take over servers and create a botnet. Source: http://www.networkworld.com/news/2013/052913-hackers-exploit-ruby-on-rails-270216.html
35. May 29, Softpedia – (International) Secunia accidentally discloses image viewing application vulnerabilities. A researcher accidentally emailed information on vulnerabilities in ERDAS ER Viewer to a public vulnerability mailing list. The large image file viewer is used by various organizations, including some in the defense industry. Source: http://news.softpedia.com/news/Secunia-Accidentally-Discloses-Image-Viewing-Application-Vulnerabilities-356700.shtml
36. May 29, Softpedia – (International) Experts find code execution flaw in PS3, password reset bug in Sony Entertainment Network. Researchers at Vulnerability Lab revealed that several vulnerabilities in Sony’s Playstation 3 firmware were disclosed to Sony and recently fixed. They also found that the Sony Entertainment Network Web site’s password recovery function could be exploited to reset users’ passwords. Source: http://news.softpedia.com/news/Experts-Find-Code-Execution-Flaw-in-PS3-Password-Reset-Bug-in-Sony-Entertainment-Network-356623.shtml
37. May 29, Softpedia – (International) Expert reports two security issues to Dropbox, only one fixed. A researcher at Security Pulse found and disclosed two vulnerabilities in Dropbox. The first, an open redirect flaw, was addressed by Dropbox, while the second, a bug that allows attackers to unsubscribe users from the Dropbox for Business mailing list, was not regarded as a security issue by the company. Source: http://news.softpedia.com/news/Expert-Reports-Two-Security-Issues-to-Dropbox-Only-One-Fixed-Video-356762.shtml
38. May 29, IDG News Service – (International) Anonymous member pleads guilty to Stratfor hack. A hacker who identified with the Anonymous hacktivist label pleaded guilty to participating in several attacks in 2010 and 2011, including attacks against law enforcement computer systems and analysis company Stratfor. Source: http://www.computerworld.com/s/article/9239583/Anonymous_member_pleads_guilty_to_Stratfor_hack
39. May 28, The H – (International) DoS vulnerability in ModSecurity fixed. The developers of the ModSecurity firewall fixed a vulnerability that could be exploited to crash the firewall, among other fixes. Source: http://www.h-online.com/security/news/item/DoS-vulnerability-in-ModSecurity-fixed-Update-1872307.html
For another story, see item 4 below:
4. May 28, Defense News – (International) Chinese hackers breach top weapons designs. According to a report prepared by the Defense Science Board, Chinese hackers have gained access to the designs of many of the United States most sensitive advanced weapons systems. Source: http://www.defensenews.com/article/20130528/DEFREG02/305280015/Report-Chinese-Hackers-Breach-Top-Weapons-Designs
40. May 28, High Plains Public Radio– (Texas) Texas panhandle stations off air. Five radio stations, 89.5 Spearman-Perryton, 105.7 Amarillo, 91.5 Bushland, 94.9 Amarillo, and 91.3 Washburn, were offline May 28 due to severe weather. Source: http://hppr.org/post/texas-panhandle-stations-air
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.