Complete DHS Daily Report for August 5, 2013
Daily Report
Top Stories
• A former trader at Goldman Sachs was found
liable in a U.S. Securities and Exchange Commission lawsuit for misleading
investors about subprime mortgage securities during the 2007 mortgage crisis,
making $1 billion in profits for his employer. – Associated Press See item 7 below in the Banking and Finance Sector
• Firefighters reached 45 percent containment
of the 16,200-acre Aspen Fire in Fresno County, California, August 1. – Modesto
Bee
25.
August 2, Modesto Bee – (California) Local
strike team heads to Aspen Fire. Firefighters reached 45 percent
containment of the 16,200-acre Aspen Fire in Fresno County August 1. Smoke from
the fire combined with smoke from wildfires in Oregon caused unhealthy air in
the Northern San Joaquin Valley as nearly 1,900 firefighters battled the blaze.
Source: http://www.modbee.com/2013/08/02/2841424/local-strike-team-heads-to-aspen.html
• Crews continued to battle the 72,000-acre
Colockum Tarps Fire in Kittitas County, Washington, August 1 and evacuations
were ordered for several other residences around the county while firefighters
worked to establish containment lines. – Wenatchee World
27.
August 1, Wenatchee World –
(Washington) Fire crews heading to Kittitas County to corral Colockum Tarps
fire. Crews continued to battle the 72,000-acre Colockum Tarps Fire in
Kittitas County August 1 and evacuations were ordered for several other residences
around the county while firefighters worked to establish containment lines.
Source: http://www.wenatcheeworld.com/news/2013/aug/01/fire-crews-heading-to-kittitas-county-to-corral-colockum-tarps-fire/
• The U.S. Department of Labor’s Occupational
Safety and Health Administration found several violations August 1 at an Army
weapons-testing pond in Aberdeen, Maryland, where 3 people have died in 2013. –
Associated Press (See item 29)
29. August
1, Associated Press – (Maryland) OSHA finds safety violations at Army pond. The
U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA)
found several violations August 1 at an Army weapons-testing pond in Aberdeen,
Maryland, where 3 people have died in 2013. OSHA began its investigation after
a civilian technician died while performing routine maintenance in the pond
January 30. Source: http://www.nbc12.com/story/22995117/osha-finds-safety-violations-at-army-pond
Details
Banking and Finance Sector
6. August
1, Associated Press – (New York) FBI: 2 arrested in NY in $100 million Ponzi
scheme. An investment fund manager and his brother-in-law were arrested and
charged with allegedly running a $100 million Ponzi scheme that used investors’
money for personal investments in a Long Island resort. Source: http://www.sfgate.com/news/crime/article/FBI-2-arrested-in-NY-in-100-million-Ponzi-scheme-4700418.php
7. August
1, Associated Press – (National) Ex-Goldman trader found liable in mortgage fraud. A
former trader at Goldman Sachs was found liable in a U.S. Securities and Exchange
Commission lawsuit for misleading investors about subprime mortgage securities
during the 2007 mortgage crisis, making $1 billion in profits for his employer.
Source: http://www.nbcnews.com/business/ex-goldman-trader-fabulous-fab-found-liable-mortgage-fraud-6C10820781
8. August
1, Baltimore Sun – (Maryland) Baltimore resident convicted in financial fraud
schemes. A Baltimore man was convicted of defrauding the Internal Revenue
Service and credit unions in a variety of schemes that included receiving $12
million in fraudulent tax credits and over $370,000 in fraudulent tax refunds.
Source: http://www.baltimoresun.com/news/maryland/crime/blog/bs-md-ci-tax-fraud-conviction-20130801,0,6358076.story
Information Technology Sector
34. August
2, CNET – (International) Comfoo cyberspy campaign still active. Dell
SecureWorks found in a report that the Comfoo cyberespionage campaign is still
actively targeting corporate and government systems worldwide, and found over
200 variants of the malware. Source: http://news.cnet.com/8301-1009_3-57596706-83/comfoo-cyberspy-campaign-still-active/
35. August
2, Softpedia – (International) Opscode wiki and ticketing systems hacked,
user data compromised. Opscode, developer of the Chef software
configuration management tool, warned customers that attackers gained access to
its wiki and ticketing user database, compromising usernames, emails, names,
and hashed passwords. Source: http://news.softpedia.com/news/Opscode-Wiki-and-Ticketing-Systems-Hacked-User-Data-Compromised-372668.shtml
36. August
2, Softpedia – (International) Flaws in UEFI implementation can be abused to
bypass Windows 8 Secure Boot. Three researchers presented two techniques at
the Black Hat 2013 conference that can bypass the Secure Boot system in Windows
8 by using a firmware vulnerability or vulnerabilities in common applications.
Source: http://news.softpedia.com/news/Flaws-in-UEFI-Implementation-Can-Be-Abused-to-Bypass-Windows-8-Secure-Boot-372798.shtml
37. August
2, Softpedia – (International) JavaScript attacks can be used to steal web
browser data, experts warn. A researcher presenting at the Black Hat 2013
conference demonstrated a method to gain access to a Web page’s source code by
exploiting browser and JavaScript flaws. Source: http://news.softpedia.com/news/JavaScript-Attacks-Can-Be-Used-to-Steal-Web-Browser-Data-Experts-Warn-372786.shtml
38. August
2, Help Net Security – (International) FBI announces cyberattack-reporting portal
for private sector companies. The FBI launched a pilot program for private
sector companies to report cyber threats called iGuardian. The program is
initially open to companies that are part of the InfraGuard network and may
eventually be opened to others. Source: https://www.net-security.org/secworld.php?id=15347
39. August
1, V3.co.uk – (International) Businesses warned to prepare for evolved
Andromeda botnet. Researchers at TrendMicro found that the authors of the
Andromeda botnet are about to release a major update to the botnet, including
bug fixes and new plugins. Source: http://www.v3.co.uk/v3-uk/news/2286354/businesses-warned-to-prepare-for-evolved-andromeda-botnet
For another story, see
item 3 below:
3. August
1, The Register – (International) Hackers induce ‘CATASTROPHIC
FAILURE’ in mock oil well. Researchers with Cimation demonstrated how to
exploit widely deployed supervisory control and data acquisition (SCADA)
systems to spoof data to the operator and remotely control equipment such as
pumps in oil pipelines. A programmable logic controller was remotely controlled
to send signals to devices on the simulated pipeline, allowing researchers the
ability to turn pumps on and off, causing the mock oil pipeline to rupture. Source:
http://www.theregister.co.uk/2013/08/01/scada_plc_vulnerability/
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.