Wednesday, September 26, 2012
Daily Report
Top Stories
• A corroded pipe that failed and triggered a
leak and massive fire at Chevron Corp.’s Richmond, California refinery had a
low silicon content that went undetected during tests and therefore was
unaddressed. – Associated Press
1.
September 24, Associated Press –
(California) Chevron: Failed pipe had unknown weakness. A corroded pipe
that failed and triggered a leak and massive fire at Chevron Corp.’s Richmond,
California refinery had a low silicon content that went undetected during the
company’s tests and therefore was unaddressed, the manager in charge of the
facility said September 24. The general manager of Chevron Richmond described
the chemical composition of the decades-old, 8-inch pipe section as a contributing
factor to the August 6 blaze that sent thousands of people to the hospital with
smoke-related complaints and knocked offline one of the nation’s largest
refineries. He told reporters during a news conference and residents at a
community meeting that the company now thinks the pipe was more susceptible to
thinning when exposed to high temperatures, a weakness not fully understood or
acted upon before the corroded conduit exploded. The manager said the section
that failed was part of a larger 200-foot-long pipe that was inspected in June
at 19 points. Source: http://ktar.com/23/1565975/Chevron-Failed-pipe-had-unknown-weakness
• Sunland Inc. of Portales, New Mexico, whose
peanut butter was linked to a multi-State Salmonella outbreak, recalled all of
the almond and peanut butter products it has manufactured since May. – Food
Safety News
22.
September 24, Food Safety News –
(National) Peanut butter recall expands beyond Trader Joe’s. Sunland
Inc. of Portales, New Mexico, whose peanut butter was linked to a multi-State
Salmonella outbreak, issued a massive recall of products September 24. The
company recalled all almond butter and peanut butter products manufactured
since May because they may be contaminated with Salmonella Bredeney, a rare strain
of Salmonella that has caused at least 29 illnesses in 18 States since June 11.
This large market withdrawal follows a more limited one initiated by Trader
Joe’s September 21, which included its Valencia Creamy Salted Peanut Butter.
All affected products bear a best-if-used-by date between May 1, 2013 and
September 24, 2013. Source: http://www.foodsafetynews.com/2012/09/peanut-butter-recall-expands-beyond-trader-joes/#.UGDD-ZH2q70
• Researchers from Security Explorations
claimed to identify a flaw that affects all Oracle Java SE versions and the
billions of devices on which the software is currently installed. – Softpedia
See
item 39 below in the Information Technology Sector
• A Romanian computer programmer claims to
have found a log on the Institute of Electrical and Electronics Engineers’s FTP
servers containing log-in information for almost 100,000 members. Membership
includes top people from fields such as nanotechnology, IT, telecommunications,
energy, and biomedical and healthcare. – Nextgov See item 41 below in the Information Technology Sector
Details
Banking and Finance Sector
8. September
25, Softpedia – (New Hampshire; International) JPMorgan Chase Bank servers
hacked, Tiffany employee details exposed. Computer servers owned by
JPMorgan Chase Bank were breached, and the financial institution alerted
high-end jewelry company Tiffany & Co because the affected machines
contained the personal details of some employees, Softpedia reported September
25. ―Chase told us that the affected servers, which contained certain
information provided in connection with a Tiffany employee travel expense
reimbursement system, contained information such as names, addresses, Social
Security numbers and banking information,‖ Tiffany’s chief privacy officer
wrote in a letter September 5 to the New Hampshire attorney general. The bank
told the company it had no reason to believe that the sensitive data has been
copied or misused by the attackers. The financial institution also shut down
the affected servers and upgraded its security systems to prevent such
incidents from occurring in the future. Tiffany also sent out letters to the
impacted individuals – there are ―approximately‖ three employees from New
Hampshire – advising them to be on the lookout for any suspicious transactions.
Source: http://news.softpedia.com/news/JPMorgan-Chase-Bank-Server-Hacked-Tiffany-Employee-Details-Exposed-294557.shtml
9. September
25, Softpedia – (International) Bank of America website reveals details of
random users, experts find. While logging in to Bank of America’s (BoA) Web
site to access the Automated Clearing House (ACH) system, experts from Private
Internet Access noticed they were actually viewing the bank account details of
some other random customer, Softpedia reported September 25. After they entered
the transfer interface, they were presented with the name, bank account,
balance, email address, and other details of an individual who had nothing to
do with the company. Apparently, the account is restored to normal after the
user logs out and logs back in again, and the security hole could not be
reproduced after this first occurrence. However, some users reported that they
also encountered the problem in the past, which meant that it was not an
isolated incident. Private Internet Access representatives made screenshots and
sent out a detailed notification to BoA. Source: http://news.softpedia.com/news/Bank-of-America-Website-Reveals-Details-of-Random-Users-Experts-Find-294534.shtml
10. September
25, Philadelphia Inquirer – (National) Discover to pay $214 million
to settle charges of deceptive marketing. More than 3.5 million people who
used Discover credit cards over the last 5 years will share about $200 million
in restitution for marketing practices that federal regulators said were unfair
and deceptive, the Consumer Financial Protection Bureau and the Federal Deposit
Insurance Corporation announced September 24. The compensation will go to
customers charged for add-on products such as ―Payment Protection‖ or ―Wallet
Protection.‖ Regulators said telemarketers for the Delaware bank followed
misleading scripts and often sped through fee disclosures, leading customers to
believe that the bank was touting benefits that came free with their cards.
Discover also agreed to pay $14 million in penalties to settle the case. About
4.7 million customers were billed for the services between December 2007 and
August 2011, the period covered by the case. Source: http://www.philly.com/philly/business/20120925_Discover_to_pay__214_million_to_settle_charges_of_deceptive_marketing.html
11. September
25, Wall Street Journal – (International) Treasury targets Sinaloa
operative and his associates. The U.S. Department of the Treasury said
September 25 that it placed Kingpin Act sanctions on an associate of the head
of the Sinaloa Cartel, and four of his collaborators. The man is the head of a
narcotics distribution and money laundering organization based in Guadalajara
and Mexico City, Mexico, Treasury said. The man was arrested in March 2011 as
part of a sweep by law enforcement in Mexico and Ecuador that netted several
members of his organization. More members of the network were arrested in July
2011. The United States is seeking his and his associates’ extradition to face
charges in a May 2011 indictment that alleges drug-trafficking and money
laundering offenses. The indictment arose out of a U.S. Drug Enforcement
Administration probe that linked his organization to the movement of cocaine by
the ton in Ecuador and Mexico, and the laundering of millions of U.S. and
Canadian dollars through the international financial system. Source: http://blogs.wsj.com/corruption-currents/2012/09/25/treasury-targets-sinaloa-operative-and-his-associates/
12. September
24, KPRC 2 Houston – (Texas) Police: Bank robber sprays employees with chemicals. A
man sprayed bank employees with a chemical believed to be pepper spray during
an armed robbery in Shenandoah, Texas, September 24, police said. Shenandoah
police said a man walked into a Citibank branch, pulled a small-framed
semi-automatic rifle from his backpack, and walked up to a teller. The man
demanded cash and sprayed the teller. There was one customer in the bank at the
time of the robbery who was also sprayed. Police said the robber then went from
office to office and sprayed other employees. Some workers were able to close
their doors and avoid the substance. The man went back to the teller he
attacked and then demanded cash. The people who were sprayed with the chemicals
were treated at the scene. Hazardous materials crews cleared the air inside.
Source: http://www.click2houston.com/news/Police-Bank-robber-sprays-employees-with-chemicals/-/1735978/16719986/-/hk8to4/-/index.html
13. September
24, Help Net Security – (International) Stolen card data on sale
on professional-looking e-shop. A researcher from Webroot recently
uncovered a seemingly well-established Web site for selling stolen card data,
so much so that the crook behind the scheme has set up a professional-looking
e-shop. The shop is advertised on a number of carding forums, and the crook can
be contacted only via ICQ. The page is well designed and features a shop whose
functionality does not seem to differ much from any other legitimate one. The
e-shop also has a helpful search engine so customers can find exactly what they
need. ―The service is currently offering 9,132 stolen credit cards for sale,
and has already managed to sell 3,292 credit cards to prospective
cybercriminals,‖ the researcher said, noting that the going rate for a sample
stolen credit card depends on whether the card is debit or credit. The former
go for $16, and the latter for $30 per item, but there are also discounts to be
had for bulk purchases. Rather than exploiting the stolen card numbers,
services like the e-shop forward the risk on to those who purchase the numbers
and then attempt to exploit them. Source: http://www.net-security.org/secworld.php?id=13652
For
another story, see item 46 below in the Communications
Sector
Information Technology Sector
37. September
25, Softpedia – (International) DHL: Most common word used in spear phishing
attacks in 2012 H1. In a new report, FireEye identified a trend in the
words being utilized in the names of malicious files sent in spam campaigns. In
the second half of 2011, the most common word used in such cybercriminal
campaigns was ―label.‖ In the first half of 2012, ―label‖ dropped to the 6th
position. Currently, the most commonly utilized words in spear phishing attacks
are ―dhl‖ and ―notification.‖ Each of these words appears in almost a quarter
(23.42 percent and 23.37 percent, respectively) of all the malicious
attachments that land in users’ inboxes. Other words that stand out are
―delivery,‖ ―express,‖ ―2012,‖ ―shipment,‖ ―ups,‖ ―international,‖ ―parcel,‖ ―post,‖
―confirmation,‖ ―alert,‖ ―usps,‖ ―report,‖ ―jan2012,‖ ―april,‖
―idnotification,‖ ―ticket,‖ and ―shipping.‖ This shows that most of the
malicious files that come via spam emails are somehow related to shipping.
While this may not seem new, the figures from the report reveal that names
related to this topic have grown from 19.20 percent to 26.35 percent. Source: http://news.softpedia.com/news/DHL-Most-Common-Word-Used-in-Spear-Phishing-Attacks-in-2012-H1-294570.shtml
38. September
25, The H – (International) Apple fixes security vulnerabilities with
Apple TV 5.1 update. Apple released Update 5.1 for its 2nd and 3rd
generation iOS-based Apple TV devices, adding several new features and closing
a number of important security holes. According to Apple, Apple TV 5.1
addresses 21 problems, some of which could be exploited by a remote attacker
to, for example, cause a denial-of-service (DoS), determine which networks a
device previously accessed, or even execute arbitrary code on the device. These
include vulnerabilities in the LibXML library used by Apple TV, memory
corruption problems in JavaScriptCore and the LibPNG library, a stack buffer
overflow in ICU locale ID handling, an integer overflow, a double free bug in
ImageIO’s handling of JPEG images, and a buffer overflow in the LibTIFF
library. For an attack to be successful, a victim must connect to a malicious
Wi-Fi network, or open a specially crafted movie or image file. Source: http://www.h-online.com/security/news/item/Apple-fixes-security-vulnerabilities-with-Apple-TV-5-1-update-1716561.html
39. September
25, Softpedia – (International) One billion users affected by Java security
sandbox bypass vulnerability, experts say. Researchers from Security
Explorations claimed to identify a flaw that affects all Oracle Java SE
versions and the billions of devices on which the software is currently
installed. This bug, codenamed issue 50, was identified just before the start
of Oracle’s JavaOne 2012 conference. ―The impact of this issue is critical — we
were able to successfully exploit it and achieve a complete Java security
sandbox bypass in the environment of Java SE 5, 6 and 7,‖ the CEO of Security
Explorations said. He said the vulnerability can be leveraged by an attacker to
―violate a fundamental security constraint‖ of Java Virtual Machines. The
researchers confirmed Java SE 5 — Update 22, Java SE 6 — Update 35, and Java SE
7 Update 7 running on fully patched Windows 7 32-bit operating systems are
susceptible to the attack. The affected Web browsers are Safari 5.1.7, Opera
12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer
9.0.8112.16421. The company provided Oracle with a complete technical
description of the flaw, along with source and binary codes, and a
proof-of-concept that demonstrates the complete security sandbox bypass in Java
SE 5, 6, and 7. Source: http://news.softpedia.com/news/One-Billion-Users-Affected-by-Java-Security-Sandbox-Bypass-Vulnerability-Experts-Say-294629.shtml
40. September
25, The Register – (International) A single Web link will wipe Samsung Android
smartphones. A hacker demonstrated how a simple Web page can reset various
Samsung phones back to the state they left the factory — enabling a click,
bump, or text to take out a victim’s mobile device entirely. The flaw lies in
Samsung’s dialing software, triggered by the tel protocol in a URL. It is not
applicable to all the company’s Android handsets, but those that are vulnerable
can have their PIN changed or be wiped completely just by visiting a Web page
or snapping a bad QR code, or even bumping up against the wrong wireless NFC
tag. Source: http://www.theregister.co.uk/2012/09/25/samsung_flaw/
41. September
25, Nextgov – (International) IEEE data breach has global reach. A
Romanian computer programmer currently affiliated with the Computer Science
department at the University of Copenhagen, Denmark, claims to have found a log
on
the Institute of
Electrical and Electronics Engineers’s (IEEE) FTP servers containing the log-in
information for almost 100,000 of its members. IEEE is one of the world’s
preeminent professional organizations in such fields as nanotechnology, IT,
telecommunications, energy, as well as biomedical and healthcare, and it is a
global standards-making organization. According to the programmer, September
18, he first discovered a log with usernames and passwords in plaintext,
publicly available via IEEE’s FTP server for at least a month. He informed them
of his find September 24, and evidently the organization is addressing the issue.
Among the users whose information was exposed are researchers at NASA,
Stanford, IBM, Google, Apple, Oracle, and Samsung. IEEE’s membership of over
340,000 is roughly half American (49.8 percent as of 2011). About 8 percent of
IEEE’s membership consists of government employees, including the military.
Most members work in the private sector and academia. Source: http://www.nextgov.com/cybersecurity/cybersecurity-report/2012/09/ieee-data-breach-has-global-implications/58344/
42. September
24, Infosecurity – (International) Most data breaches come from within. While
the data breach events that catch headlines are the work of hacking collectives
and professional malware writers, it turns out that the vast majority of
information compromises are caused by companies’ own unwitting employees.
According to new research from Forrester, only 25 percent of data breach cases
are the work of external attackers, and only 12 percent of them were
perpetrated by insiders with ill intent. That leaves 63 percent of the issues
caused by something more mundane, like losing or misplacing corporate assets,
the report found. Source: http://www.infosecurity-magazine.com/view/28404/most-data-breaches-come-from-within/
43. September
24, Ars Technica – (International) Secret Microsoft policy limited Hotmail
passwords to 16 characters. For years, Microsoft engineers quietly limited
Hotmail passwords to 16 characters, a revelation that surprised and concerned
some users who have long entered passcodes twice that long to access accounts.
The limitation is in stark contrast to those found on services such as Gmail,
which reportedly permits passwords as long as 200 characters or even Yahoo
Mail, which allows 32-character passwords. Source: http://arstechnica.com/security/2012/09/secret-microsoft-policy-limited-hotmail-passwords-to-16-characters/
44. September
24, PC Magazine – (International) New hacker collective emerges in response to
anti-Islamic film. A new, focused group of hackers from a number of Arab
countries is reportedly attacking Western Web sites in retaliation for an
anti-Islamic video. ―The hacking operations are of course a response to the
offense against the prophet, peace and blessing be upon him,‖ a member of the
self-proclaimed Arab Electronic Army, comprised of hackers from Morocco, Saudi
Arabia, Syria, and other countries, told Alarabiya.net recently. So far, the
Arab Electronic Army reportedly defaced a number of relatively low-profile Web
properties, many of them with Brazilian domain names, according to the
spokesman for the hacker collective. Source: http://www.pcmag.com/article2/0,2817,2410127,00.asp
45. September 24, Threatpost – (International) Tiny Evil
Maid CHKDSK utility can steal passwords. Stealthy malware that can sneak
onto machines during the boot process and remain undetected indefinitely is one
of the ultimate goals of security research. There have been many tools
developed over the years that aimed to accomplish this goal, with a
researcher’s Evil Maid attack being perhaps the most famous. Threatpost
reported September 24 that a developer in Canada recently produced a similar
tool that impersonates the CHKDSK utility and can grab a user’s password and
then exit without the user’s knowledge. The Evil Maid CHKDSK utility is
designed to load from a USB device and will present the user with a screen that
looks just like the actual CHKDSK screen, saying the tool is checking the
volume on the C: drive for errors. Source: http://threatpost.com/en_us/blogs/tiny-evil-maid-chkdsk-utility-can-steal-passwords-092412
For more stories, see items 8, 9 and 13, above
in the Banking and Finance Sector
and 46 below in the Communications Sector
Communications Sector
46.
September 24, WTVA 9 Tupelo –
(Mississippi) Phone service down in parts of Calhoun County. A phone
outage plaguing parts of Calhoun County, Mississippi will likely not be
resolved for several hours, according to the county’s 9-1-1 director. He said
someone accidentally cut a fiber optic line near the fire department in Derma
September 24. The damage to the line resulted in a loss of landline, ATM, and
cell phone coverage for Vardaman and Derma. It also affected the county’s 9-1-1
service. Source: http://www.wtva.com/news/local/story/Phone-service-down-in-parts-of-Calhoun-County/TWgdG5usu0OMp2UrUtMNFg.cspx
For
more stories, see items 40 and 41 above
in the Information Technology Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.