Complete DHS Daily Report for November 22, 2013
Daily Report
Top Stories
• Cabot Corporation agreed to spend over $84
million on state-of-the-art technology to control harmful air pollution at
facilities in Texas and Louisiana and to resolve multiple violations of the
Clean Air Act. – U.S. Environmental Protection Agency
3.
November 19, U.S. Environmental Protection Agency
– (Texas; Louisiana) Cabot Corporation agrees to spend over $84
million to control harmful air pollution at Texas, Louisiana facilities. In
a settlement with the U.S. Department of Justice and the U.S. Environmental
Protection Agency, Cabot Corporation of Boston will pay a $975,000 civil
penalty and an estimated $84 million on state-of-the-art technology to control
harmful air pollution to resolve alleged violations of the New Source Review
provisions of the Clean Air Act at three carbon black facilities in Louisiana
and Texas between 2003 and 2009. Source: http://yosemite.epa.gov/opa/admpress.nsf/
• A survey of mining companies found that 41 percent
reported increased external threats, including cyberattacks, and found that
sensors and safety systems increasingly linked to the Internet provide new
external pathways for attackers to gain access to systems. – IDG News
Service
4. November
20, IDG News Service – (International) Mining companies caught flat-footed by
cyberattacks. A survey of 39 mining companies conducted by Ernst & Young
found that 41 percent reported increased external threats, including
cybercriminals’ attempts to steal information and disrupt operations, and found
that sensors and safety systems increasingly linked to the Internet provide new
external pathways for attackers to gain access to systems Source: http://www.networkworld.com/news/2013/112113-mining-companies-caught-flat-footed-by-276200.html
• The National Highway Traffic Safety
Administration announced that beginning in November 2016 all new tour buses and
intercity buses will require seat belts. – Associated Press
8.
November 21, Associated Press –
(National) Seat belts to be required on large buses by 2016. The
National Highway Traffic Safety Administration announced November 20 that
beginning in November 2016 all new tour buses and intercity buses must be
equipped by manufacturers with three-point lap-shoulder seat belts. Source: http://abclocal.go.com/wabc/story?section=news/national_world&id=9334315
• New analysis found that an earlier version
of the Stuxnet industrial control systems malware could potentially have
conducted much more physically destructive attacks. – Dark Reading See item 35 below in the Information Technology Sector
Details
Financial Services Sector
5. November 21, KGW 8 Portland – (Oregon;
California) 3 arrested in Portland for $150K in fake cards. Three
suspects were arrested in Portland November 19 and charged with allegedly
making around $150,000 in purchases using fraudulent credit cards in Oregon and
California. Source: http://www.kgw.com/news/local/Trio-arrested-in-Portland-for-150K-in-fake-credit-card-purchases--232762261.html
6. November 20, Softpedia– (International) i2Ninja
financial malware uses I2P to maintain secure communications. Researchers
at Trusteer discovered a piece of financial malware dubbed i2Ninja that uses the
Invisible Internet Project (I2P) networking layer to hide and secure its
communications with its command and control servers. The malware is capable of
stealing information from most browsers and FTP clients, injecting HTML code,
stealing information from popular poker clients, scheduling tasks, and allowing
users to search for specific files on a compromised system. Source: http://news.softpedia.com/news/i2Ninja-Financial-Malware-Uses-I2P-to-Maintain-Secure-Communications-402144.shtml
7. November 20, KSDK 5 St. Louis – (Missouri) Police:
Debit card skimming likely linked to gas pumps. Police from several
jurisdictions around Lake St. Louis are investigating reports of around 300
instances of credit card fraud believed to be related to skimming devices placed
inside gas station pumps. Source: http://www.ksdk.com/story/news/crime/2013/11/20/debit-card-skimming-gas-station-pumps/3659457/
For another story,
see item 34 below in the Information Technology Sector
Information Technology Sector
32. November
21, Softpedia – (International) Apache Tomcat servers targeted by
self-replicating malware. Symantec researchers identified a self-replicating
worm that acts as a Java Servelet and infects Apache Tomcat servers, and
appears to be intended for use in distributed denial of service (DDoS) attacks.
Command and control servers were identified in Taiwan and Luxembourg. Source: http://news.softpedia.com/news/Apache-Tomcat-Servers-Targeted-by-Self-Replicating-Malware-402549.shtml
33. November
21, Help Net Security – (International) SAP trojan based
partially on Carberp code. Microsoft researchers analyzed the Gamker trojan
targeting SAP enterprise software and found that at least part of its source
code is based on that of the Carberp banking trojan. Source: http://www.net-security.org/malware_news.php?id=2632
34. November
21, Help Net Security – (International) A look at security
effectiveness by industry. A BitSight analysis of security ratings at more
than 70 Fortune 200 companies between October 2012 and September 2013 looked at
the energy, retail, technology, and financial sectors and found that the
financial industry rated highest of the four in cybersecurity, while the
technology industry had the lowest security scores, among other findings.
Source: http://www.net-security.org/secworld.php?id=15991
35. November
20, Dark Reading – (International) Stuxnet’s earlier version much more powerful
and dangerous, new analysis finds. A researcher at The Langner Group
analyzed the Stuxnet industrial control systems malware and discovered that an
earlier version of Stuxnet existed dating back to 2005, and that the earlier
version could potentially have conducted much more physically destructive
attacks. Source: http://www.darkreading.com/attacks-breaches/stuxnets-earlier-version-much-more-power/240164120
36. November
20, SC Magazine – (International) Bugs hit global payment company PayPal. Researchers
with Vulnerability Lab reported finding several vulnerabilities in PayPal’s
software that could be used by cybercriminals to hijack customers’ accounts and
perform other actions. The vulnerabilities were submitted to PayPal’s bug
bounty program. Source: http://www.scmagazineuk.com/bugs-hit-global-payment-company-paypal/article/321828/
For another story, see
item 6 in the Financial Services Sector
Communications Sector
37.
November 20, Radio World – (Texas) Encino
Broadcasting faces $18,000 fine. Encino Broadcasting, the owner of three
Texas radio stations, received an $18,000 proposed fine from the Federal
Communications Commission for being late in filing for a license renewal.
Paperwork filed in August is currently under review as any operations after
August 1 are unauthorized. Source: http://www.radioworld.com/article/encino-broadcasting-faces--fine/222401