Friday, October 12, 2012
Daily Report
Top Stories
• More people than previously thought received
possibly tainted steroid injections and 14,000 patients could be at risk of
contracting meningitis, health authorities said October 11. – Reuters
31.
October 11, Reuters – (National) CDC
says 14,000 people at meningitis risk amid call for criminal probe. Health
authorities said October 11 that more people than previously thought received
possibly tainted steroid injections and that some 14,000 patients could be at
risk of contracting meningitis. The Centers for Disease Control and Prevention
(CDC) said the number of people at risk, which is 1,000 higher than earlier
estimated, was revised after consulting with health authorities. Fourteen
patients have died from meningitis and 170 people have been infected, the CDC
said in its latest update October 11. The number of infections rose by 33 since
October 10, the CDC added. Florida reported a second death from meningitis and
Indiana reported its first death from the outbreak. Meningitis cases have been
confirmed in 11 States. State and federal officials are now investigating the
New England Compounding Center, which distributed thousands of vials of a
contaminated steroid. Five new cases were reported in Tennessee, which remained
the hardest-hit State with 49 cases, the CDC said. October 11, Michigan totaled
39 cases, Virginia reached 30, and Indiana‘s count grew to 21 cases, according
to the CDC. Source: http://www.reuters.com/article/2012/10/11/us-usa-health-meningitis-idUSBRE8970TQ20121011
• The outbreak of West Nile disease in the
United States moved closer to becoming the second worst on record October 10,
with federal health authorities reporting 4,249 total cases of the virus-caused
illness and 168 deaths. – Reuters
36. October
10, Reuters – (National) West Nile outbreak closer to being second worst in
U.S. The outbreak of West Nile disease in the United States moved a step
closer October 10 to becoming the second worst on record with federal health
authorities reporting 280 cases of the virus-caused illness since October 8.
There have now been 4,249 cases of West Nile recorded in 2012, according to the
Centers for Disease Control and Prevention (CDC), 20 cases fewer than in 2006,
the second-largest outbreak on record. The number of deaths rose by five to 168
since October 1, the CDC said. The pace of new cases of the disease has slowed
since the summer of 2011. More than 70 percent of the cases have been reported
in 8 States: Texas, Mississippi, Michigan, South Dakota, Louisiana, Oklahoma,
Illinois, and California. Texas has been the hardest hit, recording close to 40
percent of the cases in the country, according to the CDC. Source: http://articles.chicagotribune.com/2012-10-10/lifestyle/sns-rt-us-usa-health-westnilebre89a03a-20121010_1_neuroinvasive-form-west-nile-outbreaks
• A hacking attack on a Florida college
compromised sensitive financial data of about 279,000 students and employees,
and resulted in at least 50 cases of identity theft. – IDG News Service
39.
October 10, IDG News Service –
(Florida) Hackers steal thousands of student records from computers at Florida
college. An information breach at a Florida college has compromised
information of about 279,000 students and employees, the Florida Department of
Education said October 10. In a statement October 8, Northwest Florida State
College in Niceville said a breach of computer systems had compromised the
personal data of 3,200 current and retired college employees. It was breached
between May 21 to September 24 by outsiders, and the personal information of
employees that was compromised included name, birth date, employee direct
deposit bank routing and account number information, and Social Security
number, the college said. By October 10, the college said the incident involved
more than 3,000 employee records, about 76,000 Northwest College student records
containing personal identification information, and another 200,000 records
with names. At least 50 employees were hit by identity thefts as a result of
the breach, the college president said in a memo to employees. Hackers accessed
one folder with multiple files on the main server, and pieced together the
information required for the identity theft by working between files, although
no one file had a complete set of personal data on individuals, he said. ―We
speculate this was a professional, coordinated attack by one or more hackers,‖
the president added. Source: http://www.computerworld.com/s/article/9232276/Hackers_steal_thousands_of_student_records_from_computers_at_Florida_college
• Minneapolis is changing how it handles 9-1-1
calls weeks after the worst workplace shooting in Minnesota‘s history claimed
seven lives. – WCCO 4 Minneapolis
49.
October 10, WCCO 4 Minneapolis –
(Minnesota) After workplace shooting, Mpls. changes 911 procedures. The
city of Minneapolis is making a change with how it deals with 9-1-1 calls. It
comes almost 2 weeks after Minnesota‘s worst workplace shooting, WCCO 4
Minneapolis reported October 10. At least four people called 9-1-1 from the
scene of Accent Signage and never got through to a dispatcher. In all, seven
people died in that attack September 27, including the gunman. The day of the
attack, there were six 9-1-1 operators working alongside seven dispatchers.
September 27, there were 65 calls from 4 p.m. to 5 p.m. — 16 were related to
the shooting. In the police report, two Accent employees said they called 9-1-1
and it just kept ringing. Police arrived on scene 5 minutes after the first
call to 9-1-1. The average response time to a call is more than 8 minutes. Now
instead of a continued ring, if a call cannot be answered in 10 seconds, the
caller will hear a recorded message urging the caller to stay on the line if it
is safe to do so. Source: http://minnesota.cbslocal.com/2012/10/10/after-workplace-shooting-mpls-changes-911-procedures/
• Water level gauges installed on levees in
New Orleans failed and did not provide accurate readings during Hurricane
Isaac, officials said. – KVUE 8 New Orleans
69.
October 10, WVUE 8 New Orleans –
(Louisiana) Corps admits water level gauges failed during Isaac. As a
Category 1, Hurricane Isaac beat up on New Orleans for longer than many
expected. For the U.S. Army Corps of Engineers, Isaac provided a limited test
of the multi-billion dollar investment in flood protection since Hurricane
Katrina flooded the city 7 years ago. While the storm surge from Isaac did not
match the new protection, the Corps admitted there were problems with sensors
placed along the 17th Street Canal and other outfall canals ―There were four of
the inside gauges that would come and go, and then a couple of them went out
completely when we got to our maximum canal level,‖ the Corp‘s 17th Street Canal
captain said of the six gauges. The outages were intermittent and often lasted
just a minute, he added. The water level in the 17th Street Canal should remain
at 6.5 feet or lower, according to the Corps. At one point during Isaac, there
was a flawed reading of 8 feet. The Corps said sensor problems never put the
community at risk. The canal captain added their investigation indicated some
gauges were positioned too low. But he said raising them too high could also
cause problems with their stability during a storm. He said the Corps is also
looking at getting some additional gauges with a different type of technology.
Source: http://www.fox8live.com/story/19788819/corps-admits-water-level-gauges
Details
Banking and Finance Sector
8. October
11, Softpedia – (National) Regions Bank website attacked by hackers. Hackers
have once again kept their promise and launched a distributed denial-of-service
(DDOS) attack against the Web site of Regions Financial Corp. October 10, they
took aim at the site owned by SunTrust and October 11, they seemed to focus on
the Regions Bank Web site. Regions representatives told Fox News that the
organization was aware of the threats, and claimed they were ―taking every
measure‖ to protect the company and customers. The site appeared to be
experiencing some performance issues, but it seemed to be accessible from the
United States. On the other hand, it was not accessible from a Romania IP,
which might mean that certain IP address ranges were restricted in order to
mitigate the attack. The hackers claimed that during the weekend of October 13
they will plan the next attacks. Source: http://news.softpedia.com/news/Regions-Bank-Website-Attacked-by-Izz-ad-Din-al-Qassam-Hackers-298767.shtml
9. October
11, Associated Press – (Florida) Feds in south Florida arrest 40 in ID theft-tax
crackdown. Federal authorities in south Florida said they arrested 40
people in separate cases involving thousands of stolen identities used to
commit tax fraud, the Associated Press reported October 11. A U.S. attorney
said Miami has the highest identity theft rate in the nation at about 324
complaints for every 100,000 residents. Tthe city‘s rate of false income tax
returns based on stolen identities is 46 times the national average. The 40
arrests announced October 10 were the latest under a new federal strike force
in south Florida that includes the FBI, Internal Revenue Service, Secret
Service, and others. The U.S. attorney said so far in 2012, 79 people were
charged in cases involving nearly $40 million in fraudulent tax returns filed
using stolen identities. Source: http://www.news-press.com/article/20121011/NEWS01/310110034/Feds-South-Florida-arrest-40-ID-theft-tax-crackdown?odyssey=tab|topnews|text|Home
10. October
11, WHNS 21 Greenville – (National) Feds make 2nd arrest in
councilman’s Ponzi scheme. Federal agents arrested a second man October 9
in connection with a Ponzi scheme that bilked investors out of $60 million.
Investigators said Atlantic Bullion and Coin, a company run by a former
Anderson County, South Carolina councilman, duped more than 900 investors
across 25 States into thinking they were buying silver and making big profits.
They said the councilman never bought any precious metals and was paying
investors‘ lofty dividends with other investors‘ money. He pleaded guilty in
July to two counts of mail fraud as part of a plea deal. October 9, FBI agents
arrested another man in connection with the same scheme. He was charged with
conspiracy to commit mail fraud. According to an indictment, the man worked
with the councilman to defraud investors of nearly $3.5 million. An attorney
has taken possession of the assets of Atlantic Bullion and Coin. He will
liquidate the assets and distribute the proceeds to the victims of the scheme.
Source: http://www.foxcarolina.com/story/19789355/feds-arrest-another-arrest-in-ex-councilmans-ponzi-scheme
11. October
10, Fox News – (National) SunTrust the latest victim in cyber attack saga. SunTrust
seemed to be the latest bank targeted with a denial of service attack October
10 in a chain of cyber attacks that hit Capital One October 9 and other major
Wall Street institutions in September. The hacking group in a blogpost October
8 said it would target Capital One October 9, regional bank SunTrust October
10, and Regions Financial October 11. A handful of users reported on Twitter
and SiteDown.co they were having issues accessing SunTrust‘s e-banking Web
site. That is different from some of the earlier attacks where customers could
not access the main customer Web site altogether. When attempting to log on,
some customers complained of receiving one of two error messages: ―Server Unavailable‖
or ―Server is too busy‖. ―We have seen increased traffic today and have
experienced some intermittent service availability,‖ a SunTrust spokesperson
said. October 9, SunTrust said that it was ―aware of the threat‖ and was
working to mitigate any disruption to clients should an attack occur. The group
threatened to pursue more cyber attacks the week of October 15 and has long
said it will not stop until a video mocking the Islam religion first posted to
YouTube is removed from the Internet. Source: http://www.foxbusiness.com/technology/2012/10/10/suntrust-may-be-latest-victim-in-cyber-attack-saga/
For
another story, see item 39 above in Top
Stories
Information Technology Sector
51. October
11, IDG News Service – (International) Firefox 16 removed from installer page after
vulnerability found. Mozilla temporarily removed Firefox 16 from the
current installer page after it found a security vulnerability in the new
version of its browser, it said October 10. The vulnerability could allow a
malicious site to potentially determine which Web Sites users have visited and
have access to the uniform resource locator (URL) or URL parameters, the
director of security assurance at Mozilla said. Mozilla does not however have
any information that the vulnerability is currently being ―exploited in the
wild,‖ he added. It is working on a fix and planned to ship updates October 11.
Source: http://www.computerworld.com/s/article/9232278/Firefox_16_removed_from_installer_page_after_vulnerability_found
52. October
11, Softpedia – (International) Facebook develops ‘extensive system’ to fix
phone number leakage issue. A security researcher recently demonstrated
that he could collect a large number of usernames and phone numbers from
Facebook customers by leveraging a privacy flaw. Initially Facebook
representatives said there was nothing they could do about it, highlighting the
fact that ―it‘s a feature, not a bug.‖ However, after the media picked up on
the researcher‘s findings, Facebook ―developed an extensive system‖ to prevent
the misuse of the search functionality. The expert confirmed a mitigation
mechanism was established — the accounts of users who try to look up a wide
range of phone numbers are suspended for 24 hours. Source: http://news.softpedia.com/news/Facebook-Develops-Extensive-System-to-Fix-Phone-Number-Leakage-Issue-298583.shtml
53. October
10, IDG News Service – (International) A better reason to avoid Huawei routers: Code
from the ‘90s. A security researcher has a more compelling reason to avoid
routers from Huawei Technologies than fears about their ownership. While the
company blasted for its opaque relationship with China‘s government in a U.S.
intelligence report released October 8, a bigger worry for some is what is
inside its routers. ―The code quality is pretty much from the ‗90s,‖ said the
researcher, who analyzed the software inside Huawei‘s home and enterprise
routers, and runs Recurity Labs, a security consultancy. He will speak October
11 at the Hack in the Box security conference and discuss the vulnerabilities
he and a fellow researcher disclosed earlier in 2012 along with an overview of
Huawei‘s security. When the researcher began looking at Huawei‘s routers, the
firm did not have a prominent product security team, he said. However, since he
and his colleague detailed vulnerabilities in the firmware of Huawei‘s AR18
series routers, which are meant for homes, and its AR29 series routers,
intended for small enterprises, at the Defcon conference in July, ―they seem to
be trying to ramp up product security in a visible way right now,‖ he said.
Source: http://www.computerworld.com/s/article/9232229/A_better_reason_to_avoid_Huawei_routers_Code_from_the_90s
54. October
10, Softpedia – (International) Experts warn users to beware of ‘Apple ID
Cancelled’ phishing scam. Cybercriminals are once again out to acquire
Apple customers‘ IDs with the aid of a malicious spam campaign that is designed
to lure users to a phishing Web site. The emails, entitled ―Apple ID
Cancelled,‖ inform the recipient that ―Your Apple ID has been temporarily
suspended! Somebody else just tried to sign in into your Apple account from
another IP address. Please re-confirm your identity today or your account will
be suspended due to concerns we have for the safety and integrity of the Apple
Community. Please click here to Activate your Apple ID [link].‖ Websense
experts reveal that users who click on the link are taken to a page that
replicates the legitimate My Apple ID site with a log-in form. However,
customers who provide their credentials and select the ―Sign In‖ button are not
actually logging in to Apple‘s services, but instead are providing their
credentials to cyber criminals. Source: http://news.softpedia.com/news/Experts-Warn-Users-to-Beware-of-Apple-ID-Cancelled-Phishing-Scam-298468.shtml
55. October
10, Threatpost – (International) Deluge of election-related spam, threats
begins. In the wake of the presidential debate the week of October 1, a wave
of malicious, election-tinged spam began to hit Internet users. According to a
Websense researcher, the spam email messages that look as if they are trying to
gauge users‘ interest in the candidates are leading to sites hosting the
BlackHole Exploit kit code. The post claims attackers are using thousands of
emails containing malicious .pdf, .jar, and .exe files to dupe users into
compromising their systems. The post shows a fake email allegedly sent by ―CNN
Breaking News,‖ yet the links lead to a site hosting obfuscated BlackHole
exploit kit 2.0 code. Source: http://threatpost.com/en_us/blogs/deluge-election-related-spam-threats-begins-101012
For more stories, see items 8 and 11 above in the Banking
and Finance Sector, 39 above in the Top Stories and 57 below in the Communications Sector
Communications Sector
56. October
11, Jackson Hole News & Guide – (Wyoming) After three silent
days, KHOL returns to the air. A power outage on Rendezvous Mountain in
Wyoming, blew out a piece of KHOL 89.1 FM Jackson‘s transmitter over the
weekend of October 6, putting the community radio station off the air for 3
days. The damaged piece of equipment had to be sent back to its manufacturer,
repaired, and returned to Jackson, the station president said. The power went out
October 7 on the tower the station uses to transmit its signal. The power came
back on October 8, but the station still did not get its signal back. A piece
of the transmitter, called an exciter, had blown out. The station summoned its
engineer to check the equipment, and the part was shipped for repairs and then
sent back. By October 10, the signal was back up. Source: http://www.jhnewsandguide.com/article.php?art_id=9114
57. October
11, Purdue Exponent – (Indiana) Damaged wires are cause of problems with AT&T
services. Any problems experienced with West Lafayette, Indiana‘s AT&T
phone services since October 5, should be alleviated by the end of the week of
October 8, according to a city official. The West Lafayette public works
director and engineer said the issues with AT&T landline, Internet, and
cellphone services began after fiber optic and telephone wires were cut during
a construction project October 5. The general manager of Frontier
Communications in Lafayette said 1,500-4,300 pairs of wire have been restored
already, and 2,700 pairs were still out of service. Additionally, 1,100
customers‘ landlines were still being affected by the damage. Cellphone
service, however, was restored October 6. Source: http://www.purdueexponent.org/campus/article_0cd8e030-6912-52f9-a03c-7d4b37c36ef7.html
58. October 10, Sacramento Bee – (California) Software
problem knocks Clear Channel-owned stations off air. The technical problem
that knocked several California Clear Channel-owned stations from the radio airwaves
October 10 was traced to a software problem, a local spokesman for the media
company said. Engineers at Clear Channel responded and got the stations back on
the air as quickly as possible. The disruption lasted roughly 2 hours. Source: http://www.sacbee.com/2012/10/10/4898933/clear-channel-stations.html
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.