Friday, August 9, 2013
Complete DHS Daily Report for August 9, 2013
Daily Report
Top Stories
• A New York man pleaded guilty to his role in
a $200 million international credit card fraud operation involving at least 22
individuals in three States. – Newark Star-Ledger See item 6 below in the Banking and Finance Sector
• Power feed failures August 7 caused an
outage at the Bissell Point Wastewater Treatment Plant in north St. Louis and
led to 3.5 million gallons of untreated wastewater discharging into the
Mississippi River. – KMOW 4 St. Louis
25. August
7, KMOW 4 St. Louis – (Missouri) Gallons of sewage flows into Mississippi River
after plant power outage. Power feed failures August 7 caused an outage at
the Bissell Point Wastewater Treatment Plant in north St. Louis and led to 3.5
million gallons of untreated wastewater discharging into the Mississippi River.
Source: http://www.kmov.com/news/local/Power-Outage-Causes-Discharge-Into-Mississippi-River---218775511.html
• Evacuations were ordered for several
communities after a wildfire broke out August 7 in the mountains near Banning,
California, and burned over 6,000 acres. – Associated Press
26.
August 8, Associated Press –
(California) 3 hurt in S. California wildfire; some can’t evacuate. Evacuations
were ordered for several communities after a wildfire broke out August 7 in the
mountains near Banning and burned over 6,000 acres. Three people were injured
and about a dozen structures were damaged or destroyed. Source: http://news.msn.com/us/3-hurt-in-s-california-wildfire-some-cant-evacuate
• Cisco issued an advisory after a serious
vulnerability in its TelePresence system caused by default credentials in the
system that could be used by an attacker to gain complete control of the Web
server on which the system is running. – Threatpost See item 36 below in the Information Technology Sector
Details
Banking and Finance Sector
5. August
8, The Register – (International) ‘Hand of Thief’ banking trojan reaches for
Linux – for only $2K. A banking trojan called “Hand of Thief” targeting
Linux users was found for sale for $2,000 in underweb forums, according to a
researchers from RSA. The trojan includes form-grabbers for several browsers,
routines to block access to security updates and measures, and virtual machine
detection to avoid analysis Source: http://www.theregister.co.uk/2013/08/08/linux_banking_trojan/
6. August
7, Newark Star-Ledger – (International) More defendants plead
guilty in massive, $200M credit card fraud. A New York man pleaded guilty
to his role in a $200 million credit card fraud operation involving at least 22
individuals. Defendants charged thus far include individuals in New York, New Jersey,
and Pennsylvania, and are accused of wiring millions of dollars to Pakistan,
India, China, and the United Arab Emirates. Source: http://www.nj.com/news/index.ssf/2013/08/four_more_defendants_plead_guilty_in.html
7. August
7, Tampa Tribune – (Florida; New York) Sarasota sheriff: New York pair jailed in
credit card fraud scheme. Two individuals from New York were arrested in
Sarasota County, Florida, and accused of using fraudulent credit cards to make
purchases. Police found them in possession of more than 50 credit cards, around
$3,000 of gift cards, a card cloning machine, and a thumb drive with stolen
card information on it. Source: http://tbo.com/news/crime/sarasota-sheriff-new-york-pair-jailed-in-credit-card-fraud-scheme-20130807/
8. August
7, Panama City News Herald – (Florida) Coastal Community Bank
officials charged with fraud by feds. Three executives at the failed
Coastal Community Investments holding company were charged with defrauding the
Federal Deposit Insurance Corporation (FDIC) of $4 million after the company
took out a $3 million dollar loan, then used fraudulent information to take out
a second loan through an FDIC program to pay the first but also failed to repay
the second loan. Source: http://www.newsherald.com/news/crime-public-safety/coastal-community-bank-officials-charged-with-fraud-by-feds-1.183250?page=0
Information Technology Sector
35. August
8, The Register – (International) HP plugs password-leaking printer flaw. HP
released patches for several models of LaserJet Pro printers that closes a
vulnerability caused by hardcoded URLs in the printers’ firmware which could
allow an attacker to extract plaintext user passwords. Source: http://www.theregister.co.uk/2013/08/08/hp_plug_password_leaking_printer_vuln/
36. August 8, Help Net Security – (International) Chrome
not the only browser that stores plain-text passwords. Google responded to
a software developer’s post that discussed how the Chrome browser displays
saved passwords by stating that if an attacker compromises a user’s operating
system account then there would be insufficient means to prevent them from
accessing passwords. Several security researchers debated whether the saved
passwords systems represent a security threat, while one noted that Firefox
also stores passwords in a similar manner. Source: https://www.net-security.org/secworld.php?id=15376
37. August 7, Threatpost – (International) Remotely
exploitable bug affects wide range of Cisco telepresence systems. Cisco
issued an advisory after a serious vulnerability in its TelePresence system
caused by default credentials in the system that could be used by an attacker
to gain complete control of the Web server on which the system is running.
Workarounds were listed for use until a patch can be issued. Source: https://threatpost.com/remotely-exploitable-bug-affects-wide-range-of-cisco-telepresence-systems/101910
38. August 7, Softpedia – (International) Malware
developers migrate ZeuS P2P protocol to new port range. Researchers at
Damballa found that the developers of the GameOver peer-to-peer (P2P) version
of the ZeuS malware have begun migrating the P2P protocol to a new port range.
Source: http://news.softpedia.com/news/Malware-Developers-Migrate-ZeuS-P2P-Protocol-to-New-Port-Range-373868.shtml
39. August 7, The Register – (International) Malicious
snoopware targeting India found at tiny Midwest ISP. ThreatConnect
researchers traced a malware-based cyberespionage campaign targeting India to a
small internet service provider (ISP) in Kansas City, Missouri. The researchers
found booby-trapped .PDF files and Flash video files used in the campaign, as
well as a .ZIP file of malware on the ISP’s systems. Source: http://www.theregister.co.uk/2013/08/07/india_cyberespionage/
40. August 7, Softpedia – (International) Reveton
malware uses fake AV to help crooks make a profit. ThreatTrack Security
researchers identified a variant of the Reveton ransomware that uses a fake
antivirus program called Live Security Professional to lure users into pay the
cybercriminals behind it. The ransomware is distributed using the Sweet Orange
exploit kit. Source: http://news.softpedia.com/news/Reveton-Malware-Uses-Fake-AV-to-Help-Crooks-Make-a-Profit-373736.shtml
For another story, see item 5 above in the Banking and Finance Sector
Communications Sector
41.
August 7, Palm Beach Post – (Florida) Comcast
resolves loss of service, power outage blamed. Comcast customers throughout
several Florida counties reported high definition channel outages since August
4 while Comcast reported service had been restored to customers after an August
6 power outage caused some to lose cable service for 5 hours. Source: http://www.palmbeachpost.com/news/business/comcast-outage-resolved-being-blamed-on-power-even/nZHBn/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.