Thursday, May 30, 2013
Complete DHS Daily Report for May 30, 2013
Daily Report
Top Stories
• The Attorney General’s Office announced two
Mercer County gas stations are among six being sued by New Jersey for allegedly
selling aviation fuel to unknowing drivers. – Times of Trenton
2.
May 28, Times of Trenton – (New
Jersey) Two Mercer County gas stations sued for selling aviation fuel
instead of gasoline. The Attorney General’s Office announced two Mercer
County gas stations are among six being sued by New Jersey for allegedly
selling aviation fuel to unknowing drivers. The suit determined the stations
were aware the 65,000 gallons of discounted fuel they purchased from Zephyr
Oil, a Brooklyn-based fuel distributer, was aviation fuel and was sold as
unleaded regular, plus, or premium fuel to consumers. Source: http://www.nj.com/mercer/index.ssf/2013/05/two_mercer_county_gas_stations.html
• A 45-car train carrying chemicals derailed
and hit a garbage truck outside of Baltimore, Maryland triggering an explosion
that damaged some industrial buildings, forced authorities to evacuate a
20-block area, and left 4 people injured. – USA Today
8.
May 28, USA Today – (Maryland) Freight
train derails, explodes near Baltimore. A 45-car train carrying chemicals
derailed and hit a garbage truck outside of Baltimore. Fifteen cars derailed
and two caught fire which triggered an explosion that damaged some industrial
buildings, forced authorities to evacuate a 20-block area, and left 4 people
injured. Source: http://www.usatoday.com/story/news/nation/2013/05/28/train-derails-in-maryland-explosion-reported/2366957/
• Wal-Mart Stores pleaded guilty to charges of
six counts of violating the Clean Water Act in California and one count of
violating a federal law related to pesticide disposal in Missouri, agreeing to
pay nearly $82 million in fines. – New York Times
19.
May 28, New York Times– (California;
Missouri) Wal-Mart is fined $82 Million over mishandling of hazardous
wastes. Wal-Mart Stores pleaded guilty May 28 to charges of six counts of
violating the Clean Water Act in California and one count of violating a
federal law related to pesticide disposal in Missouri, agreeing to pay nearly
$82 million in fines. Source: http://www.nytimes.com/2013/05/29/business/wal-mart-is-fined-82-million-over-mishandling-of-hazardous-wastes.html?_r=0
• A hacker who identified with the Anonymous
hacktivist label pleaded guilty to participating in several attacks in 2010 and
2011, including attacks against law enforcement computer systems and analysis
company Stratfor. – IDG News Service See item 38 below in the Information Technology Sector
• The Anaheim, California police department
reported a small explosion from an apparent dry ice bomb forced them to evacuate
the Toontown area of Disneyland. – Los Angeles Times
45.
May 28, Los Angeles Times –
(California) Disneyland’s Toontown evacuated after explosion. The
Anaheim Police Department reported a small explosion from an apparent dry ice
bomb May 28 that forced them to evacuate the Toontown area of Disneyland for 2
hours and were investigating the event’s ties to a recent string of similar
incidents. Source: http://www.latimes.com/news/local/la-me-0529-disney-explosion-20130529,0,4347205.story
Details
Banking and Finance Sector
5. May 29,
Santa Rosa Press Democrat – (California) Suspected ‘Hoodie Bandit’
arrested in Santa Rosa. Santa Rosa police arrested a man believed to be the
“Hoodie Bandit” responsible for three robberies at bank counters inside grocery
stores. Source: http://www.pressdemocrat.com/article/20130528/ARTICLES/130529538
6. May 28,
Torrance Daily Breeze – (California) Make It Quick Bandit robs
same San Pedro bank for the third time. A suspect known as the “Make It
Quick Bandit” robbed the same U.S. Bank branch inside a Vons supermarket in San
Pedro that he had previously robbed twice before, his eleventh robbery in
total. Source: http://www.dailybreeze.com/news/ci_23339959/make-it-quick-bandit-robs-same-san-pedro
7. May 28,
Reuters – (National) Former KPMG partner plead guilty to insider
trading scheme. A former senior partner at accounting firm KPMG pleaded
guilty to participating in insider trading with others that netted a total of
$2.5 million. Source: http://www.reuters.com/article/2013/05/29/us-kpmg-trading-idUSBRE94S00720130529
Information Technology Sector
34. May 29,
IDG News Service – (International) Hackers exploit Ruby on Rails vulnerability
to compromise servers, create botnet. A vulnerability in Ruby on Rails that
was patched in January has been seen being exploited by attackers to take over
servers and create a botnet. Source: http://www.networkworld.com/news/2013/052913-hackers-exploit-ruby-on-rails-270216.html
35. May 29,
Softpedia – (International) Secunia accidentally discloses image viewing
application vulnerabilities. A researcher accidentally emailed information
on vulnerabilities in ERDAS ER Viewer to a public vulnerability mailing list.
The large image file viewer is used by various organizations, including some in
the defense industry. Source: http://news.softpedia.com/news/Secunia-Accidentally-Discloses-Image-Viewing-Application-Vulnerabilities-356700.shtml
36. May 29,
Softpedia – (International) Experts find code execution flaw in PS3,
password reset bug in Sony Entertainment Network. Researchers at
Vulnerability Lab revealed that several vulnerabilities in Sony’s Playstation 3
firmware were disclosed to Sony and recently fixed. They also found that the
Sony Entertainment Network Web site’s password recovery function could be
exploited to reset users’ passwords. Source: http://news.softpedia.com/news/Experts-Find-Code-Execution-Flaw-in-PS3-Password-Reset-Bug-in-Sony-Entertainment-Network-356623.shtml
37. May 29,
Softpedia – (International) Expert reports two security issues to
Dropbox, only one fixed. A researcher at Security Pulse found and disclosed
two vulnerabilities in Dropbox. The first, an open redirect flaw, was addressed
by Dropbox, while the second, a bug that allows attackers to unsubscribe users
from the Dropbox for Business mailing list, was not regarded as a security
issue by the company. Source: http://news.softpedia.com/news/Expert-Reports-Two-Security-Issues-to-Dropbox-Only-One-Fixed-Video-356762.shtml
38. May 29,
IDG News Service – (International) Anonymous member pleads guilty to Stratfor
hack. A hacker who identified with the Anonymous hacktivist label pleaded
guilty to participating in several attacks in 2010 and 2011, including attacks
against law enforcement computer systems and analysis company Stratfor. Source:
http://www.computerworld.com/s/article/9239583/Anonymous_member_pleads_guilty_to_Stratfor_hack
39. May 28,
The H – (International) DoS vulnerability in ModSecurity fixed. The
developers of the ModSecurity firewall fixed a vulnerability that could be
exploited to crash the firewall, among other fixes. Source: http://www.h-online.com/security/news/item/DoS-vulnerability-in-ModSecurity-fixed-Update-1872307.html
For another story, see
item 4 below:
4.
May 28, Defense News – (International)
Chinese hackers breach top weapons designs. According to a report
prepared by the Defense Science Board, Chinese hackers have gained access to
the designs of many of the United States most sensitive advanced weapons
systems. Source: http://www.defensenews.com/article/20130528/DEFREG02/305280015/Report-Chinese-Hackers-Breach-Top-Weapons-Designs
Communications Sector
40.
May 28, High Plains Public Radio–
(Texas) Texas panhandle stations off air. Five radio stations, 89.5
Spearman-Perryton, 105.7 Amarillo, 91.5 Bushland, 94.9 Amarillo, and 91.3
Washburn, were offline May 28 due to severe weather. Source: http://hppr.org/post/texas-panhandle-stations-air
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.