Complete DHS Daily Report for November 13, 2013
Daily Report
Top Stories
• A 90-car train carrying 2.7 million gallons
of crude oil derailed, exploded, and caused a fire near Aliceville, Alabama. – Los
Angeles Times
17.
November 9, Los Angeles Times–
(Alabama) Train in Alabama oil spill was carrying 2.7 million gallons of
crude. A 90-car train carrying 2.7 million gallons of crude oil derailed,
exploded, and caused a fire November 7 near Aliceville, Alabama, spilling the
oil into a surrounding wetland while firefighters continued battling the blaze
that burned through November 9. The accident is under investigation while crews
continue to remove the train cars from the marsh. Source: http://www.latimes.com/nation/nationnow/la-na-nn-train-crash-alabama-oil-20131109,0,780637.story
• Researchers identified a new zero-day
vulnerability in Microsoft Internet Explorer 7, 8, and 9 and observed a
sophisticated exploit utilizing the vulnerability being used in a watering hole
attack. – Dark Reading See item 39
below in the Information Technology
Sector
• A security researcher found unsecured remote
management software running on 30,000 computers, leaving industrial processes
and confidential information open to the Internet. – Wired.com See item 40 below in the Information Technology Sector
• A fire at a shopping center in Canton,
Texas, destroyed about 20 buildings and prompted the evacuation of nearby
homes. – KTVT 11 Fort Worth
45. November
9, KTVT 11 Fort Worth – (Texas) Fire guts Canton shopping
center. A fire at The Mountain at Old Mill Marketplace shopping center in
Canton, Texas, November 9 destroyed about 20 buildings and prompted the
evacuation of nearby homes while firefighters worked to put out flames. Source:
http://dfw.cbslocal.com/2013/11/09/fire-guts-canton-shopping-center/
Details
Financial Services Sector
7. November
12, IDG News Service – (International) Banking malware infections rise to highest
level since 2002. Trend Micro released a report for the third quarter of
2013 which found that over 200,000 new banking malware infections were observed
between July and September, the highest rate in 11 years. The report stated
that ZeuS (also known as Zbot) malware was the most common type of malware, and
that the U.S. was the most affected country, among other findings. Source: http://www.networkworld.com/news/2013/111213-banking-malware-infections-rise-to-275838.html
8. November
9, Reuters – (National) U.S. seeks $864 million from Bank of America after
fraud verdict. Federal prosecutors will seek $864 million in penalties from
Bank of America after it was ruled that the bank is liable for fraud in the
sale of defective mortgages by its Countrywide unit. The government will also
seek penalties against a former Countrywide executive who was also found liable
in the fraud. Source: http://www.reuters.com/article/2013/11/09/bankofamerica-hustle-idINDEE9A804P20131109
9. November
8, KATC 3 Lafayette – (Louisiana; Georgia) Jury finds Ga. men guilty of bank fraud
scheme. Three Atlanta men were found guilty November 8 for a check fraud
scheme in Lafayette, Louisiana, that used stolen commercial checks to create
fraudulent checks and then use others to cash them. Police found 43 stolen
checks totaling $155,223 as well as paper and equipment used to create the fake
checks. Source: http://www.katc.com/news/jury-finds-ga-men-guilty-of-bank-fraud-scheme/
10. November
7, U.S. Department of Labor – (Georgia) Garda Cash Logistics
cited by U.S. Department of Labor’s OSHA for failure-to-abate and serious
violations; more than $55,000 in fines proposed. The Occupational Safety
and Health Administration cited armored car service Garda Cash Logistics with
three failure-to-abate and one serious violation at their Norcross facility.
Proposed fines totaled $55,400 Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=25059
For
another story, see item 40 below in the Information
Technology Sector
Information Technology Sector
37. November
12, The Register – (International) Stale Blackhole leads to dried-up spam,claim
badhat-probers. Trend Micro researchers found that with the Blackhole
exploitkit no longer being updated, cybercriminals have turned to other methods
for infecting users, with the Upatre exploit kit being a popular replacement
and often used to spreadthe Cryptolocker ransomware. Source: http://www.theregister.co.uk/2013/11/12/cryptolocker_rise_blackhole_demise
38. November
12, Softpedia – (International) Reflected and stored XSS flaws found in DLink
2760N routers. A security researcher found and disclosed several stored and
reflected cross-site scripting (XSS) vulnerabilities in the Web user interface
for D-Lin2760N routers. Source: http://news.softpedia.com/news/Reflected-and-Stored-XSS-Flaws-Found-in-DLink-2760N-Routers-399244.shtml
39. November
12, Dark Reading – (International) New IE vulnerability found in the wild;
sophisticated Web exploit follows. FireEye researchers identified a new
zero-day vulnerability in Microsoft Internet Explorer 7, 8, and 9 that uses a
memory access vulnerability to execute code on computers that access a
malicious Web site. A sophisticated exploit using the vulnerability was
observed in the wild in a watering holattack on an undisclosed Web site known
to bring in visitors interested in national and international security issues.
Source: http://www.darkreading.com/vulnerability/new-ie-vulnerability-found-in-the-wild-s/240163814
40. November
8, Wired.com – (International) Power plants and other vital systems are
totally exposed on the Internet. A security researcher used a tool to run a
scan of the iPv4 address space except for government agencies and universities
and found unsecured remote management software running on 30,000 computers,
leaving industrial processes and confidential information open to the Internet
due to a lack of any security measures. Open virtual network computing systems
were found in uses such as factory automation, hydroelectric power plants,
agricultural automation, pharmacies, cash registers, and several others.
Source: http://www.wired.com/threatlevel/2013/11/internet-exposed
/
Communications Sector
41.
November 11, Seattle Times –
(Washington) Crews find cut in communication line to San Juan Islands. CenturyLink
discovered a break in a two-mile-long underwater cable was what caused 9-1-1,
landline, and cellphone service interruptions to San Juan, Orcas, and Lopez
islands November 5 and resulted in the San Juan County Council declaring a
state of emergency. Landline and 9-1-1 service was restored, while full
cellphone service continued to be intermittent Source: http://blogs.seattletimes.com/today/2013/11/crews-find-cut-in-communication-line-to-san-juan-islands/