Thursday, June 13, 2013
Complete DHS Daily Report for June 13, 2013
• Authorities shut down a 3-mile stretch of Interstate 80 in Winnemucca, Nevada, for 19 hours after a severe sandstorm caused a 27-car pileup. – Associated Press
12. June 11, Associated Press – (Nevada) Nevada sandstorm causes deadly 27-car pileup. Authorities shut down a 3 mile stretch of Interstate 80 in Winnemucca for 19 hours after a severe sandstorm June 10 caused a 27-car pileup and multiple accidents. One person was killed and 26 others were injured. Source: http://www.bakersfieldnow.com/news/national/Nevada-sandstorm-causes-deadly-27-car-pileup-211116051.html
• Walgreens reached a settlement with the U.S. Drug Enforcement Agency to pay $80 million in fines over allegations they allowed millions of controlled substances to reach the black market. – USA Today
18. June 11, USA Today – (National) Walgreens to pay $80 million for oxycodone violations. Walgreens reached a settlement with the U.S. Drug Enforcement Agency (DEA) to pay $80 million in fines to end a probe into allegations they allowed millions of controlled substances to reach the black market. The DEA also suspended the controlled substances licenses for Walgreens’ Jupiter, Florida distribution center until September 2014 and six of its Florida pharmacies until May 2014 in what is the largest civil penalty paid under the Controlled Substances Act in DEA history. Source: http://www.usatoday.com/story/news/nation/2013/06/11/walgreens-drug-oxycodone-license-80-million/2412451/
• Colorado’s Black Forest Fire prompted the evacuation of 2,300 homes, the evacuation of a prison, and threatened other structures. – Associated Press
19. June 12, Associated Press – (Colorado) Colo. Wildfire forces evacuation of 900 prisoners as precaution; 4 major fires burn statewide. Colorado’s Black Forest Fire prompted the evacuation of 2,300 homes and forced the evacuation of over 900 prisoners from the Colorado Territorial Correctional Facility June 12. Firefighters were working to contain a total of 4 wildfires burning in the State that have burned through several structures and continue to threaten thousands of homes. Source: http://www.washingtonpost.com/national/wildfire-near-colorado-springs-burns-homes-fire-near-royal-gorge-bridge-burns-3-structures/2013/06/11/e1d216fa-d2f6-11e2-b3a2-3bf5eb37b9d0_story.html
• Microsoft’s most recent Patch Thursday included updates that close 23 vulnerabilities, including a critical Internet Explorer vulnerability and an actively-exploited Office vulnerability. – IDG News Service See item 31 below in the Information Technology Sector
Banking and Finance Sector
5. June 11, Chicago Tribune – (National) CBOE hit for failure to police ‘naked short selling’. The Chicago Board Options Exchange agreed to pay $6 million in fines after the U.S. Securities and Exchange Commission charged the exchange with failing to properly supervise its markets. Source: http://www.suntimes.com/news/20678933-418/chicago-board-options-exchange-fined-6-million-in-short-sale-scheme.html
6. June 11, Associated Press – (Nevada) Ex-mortgage firm chief guilty in Vegas fraud case. The former president and CEO of U.S. Mortgage pleaded guilty to a fraud scheme where his company illegally withheld funds due to Wells Fargo Bank from home loans, costing the bank $8 million. Source: http://www.mynews3.com/content/news/story/Ex-mortgage-firm-chief-guilty-in-Vegas-fraud-case/iOrGLM-9y0e9AniqiBnKLg.cspx
Information Technology Sector
27. June 12, Softpedia – (International) Linux kernel local privilege escalation exploit modified to work on Android. A previously-reported Linux kernel privilege escalation vulnerability has been modified to work on the Android mobile operating system, according to Symantec researchers. Source: http://news.softpedia.com/news/Linux-Kernel-Local-Privilege-Escalation-Exploit-Modified-to-Work-on-Android-360453.shtml
28. June 12, The H – (International) June updates for Flash and Air close a critical hole. Adobe released a patch that closes a critical vulnerability in all versions of Flash Player and Adobe AIR that can be used to gain control of systems. Source: http://www.h-online.com/security/news/item/June-updates-for-Flash-and-Air-close-a-critical-hole-1886972.html
29. June 12, Softpedia – (International) DOS vulnerability affects WordPress 3.5.1. A security researcher identified a denial of service (DOS) vulnerability in WordPress 3.5.1 that may affect other versions as well. Source: http://news.softpedia.com/news/DOS-Vulnerability-Affects-WordPress-3-5-1-360358.shtml
30. June 12, Softpedia – (International) Gamarue malware downloads malicious components from SourceForge. Trend Micro researchers identified a variant of the Gamarue malware that downloads additional components from a SourceForge project after it infects a target. Source: http://news.softpedia.com/news/Gamarue-Malware-Downloads-Malicious-Components-from-SourceForge-360329.shtml
31. June 11, IDG News Service – (International) Microsoft patches critical IE vulnerabilities and actively exploited Office flaw. Microsoft’s most recent Patch Thursday release included updates that close 23 vulnerabilities in Internet Explorer (IE), Windows, and Office, including one rated “critical” in all versions of IE 6-10 and an actively-exploited Office vulnerability. Source: https://www.networkworld.com/news/2013/061113-microsoft-patches-critical-ie-vulnerabilities-270744.html
For another story, see item 24 below:
24. June 11, Associated Press – (National) Man linked to Anonymous pleads guilty to hacking. A hacker linked to the group Anonymous, pleaded guilty to intentionally hacking law enforcement Web sites in Utah, California, New York, and Missouri between September 2011 and February 2012, causing him to face prison time and nearly $230,000 in restitution. Source: http://www.pulse.me/ap/69055d05b05f4ae0a665cf768e3e19f4
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.