Wednesday, November 7, 2012
Daily Report
Top Stories
• The Port Authority Transit Hub (PATH) train resumed limited
service November 6 under the Hudson River from Jersey City to Midtown
Manhattan, the Port Authority of New York and New Jersey announced. A fleet of
350 buses was also expected to begin arriving in New Jersey November 5 to help
ease the commute. – Wall Street Journal
8. November
5, Wall Street Journal – (New Jersey; New York) PATH service to
return as NJ Transit gets bus aid. The Port Authority Transit Hub (PATH)
train resumed limited service November 6 under the Hudson River from Jersey
City to Midtown Manhattan, the Port Authority of New York and New Jersey
announced. All service was halted on the cross-river rapid-transit service
ahead of Hurricane Sandy. The storm surge inundated stations and filled tunnels
with what the New York governor estimated was 5 miles of water, knocking out
all train service for the week after the storm. PATH trains operated on a
limited schedule between Journal Square in Jersey City, New Jersey, and 33rd
Street in Manhattan, New York. Service remained suspended on the PATH lines
that connect Newark Penn Station and Hoboken through Jersey City to the World
Trade Center and Lower Manhattan. Separately, a fleet of 350 buses owned by the
U.S. Department of Transportation was expected to begin arriving in New Jersey November
5 to help ease the crippled commute after Sandy heavily damaged NJ Transit.
Operational rail lines experienced heavy crowds during the morning commute November
5, with NJ Transit suspending the North Jersey Coast Line because of overcrowding
at the Woodbridge station.
• The total raw sewage discharge from a break in Virginia
approached 15 million gallons November 5, and repairs will take about a month.
A spokesperson said samples show record highs in the amount of E. coli
bacteria. – Suffolk News-Herald
17. November
5, Suffolk News-Herald – (Virginia) Sewage release
‘catastrophic’. The total raw sewage discharge from a break near Wilroy
Road and Shingle Creek in Virginia approached 15 million gallons November 5 as
crews scrambled to bypass the damaged portion of concrete pipe. The discharge
continued at a rate of about 1,000 gallons per minute, which was needed to
reduce the pressure at the point of repair, according to a Hampton Roads
Sanitation District spokeswoman. A contractor working at the site hopes to
install a bypass of the pipe November 9 and stop the discharge. Complete
repairs will take about a month. The chairman of the Nansemond River Preservation
Alliance’s water quality committee said samples taken after the leak began to
show record highs in the amount of E. coli bacteria, nearly 10 times higher
than the previous recorded highs in that location from 1985. Source: http://www.suffolknewsherald.com/2012/11/05/sewage-release-catastrophic/
• About 25 children were hospitalized after a carbon monoxide leak
at a Chicago elementary school, Fire Media Affairs reported November 5. – Chicago
Sun-Times
22. November
5, Chicago Sun-Times – (Illinois) Carbon monoxide leak sends 25 students to
hospitals. About 25 children were hospitalized in good condition after a carbon
monoxide leak at a Chicago elementary school November 5. The children suffered
from nausea, vomiting, and headaches. Initially, 14 children were hospitalized.
A Level 1 HAZMAT was called for the leak at Harold Washington Elementary
School, according to Fire Media Affairs. Firefighters ventilated the third
floor of the building with fans and evaluated the students before sending them
to hospitals. The leak may have been due to a faulty boiler. Source: http://chicago.cbslocal.com/2012/11/05/carbon-monoxide-leak-sends-25-students-to-hospitals/
• As of November 4, more than 182,000 individuals in Connecticut,
New York, and New Jersey registered for assistance, and the Federal Emergency
Management Agency (FEMA) approved more than $158 million for individuals to
assist with housing and other disaster related needs. – Examiner.com
43. November
5, Examiner.com – (National) 182,000 file for assistance with FEMA from NY, NJ,
CT; $158 million approved. As of November 4, more than 182,000 individuals
in Connecticut, New York, and New Jersey registered for assistance, and the
Federal Emergency Management Agency (FEMA) approved more than $158 million for
individuals to assist with housing and other disaster-related needs. Disaster Recovery
Centers opened in the hardest hit areas. The U.S. Small Business Administration
began opening Business Recovery Centers in impacted areas of New Jersey and New
York. These Centers provide one-on-one help to business owners seeking disaster
assistance for losses caused by Hurricane Sandy. Businesses and nonprofit organizations
may be eligible to borrow up to $2 million to repair or replace damaged or
destroyed real estate, machinery and equipment, inventory, and other business
assets. To date, the President declared that major disasters exist in Connecticut,
New York, and New Jersey, and emergency declarations were made in 11 States and
the District of Columbia. Federal and State personnel are on the ground to conduct
joint preliminary damage assessments in several States. These assessments are designed
to give the governor of each State a better picture of damages, and to determine
if a request for further federal support is needed. Source: http://www.examiner.com/article/182-000-file-for-assistance-with-fema-fromny-nj-ct-158-million-approved
Details
Banking and Finance Sector
6. November
6, Pittsburgh Tribune-Review – (Pennsylvania) Latrobe bank
loses $182K in check scheme. Commercial National Financial Corp.’s earnings
in the third quarter were hurt by one-time items, including a counterfeit
foreign check scheme by ―local parties‖ that cost the Latrobe, Pennsylvania
bank $182,000, the Pittsburgh Tribune-Review reported November 6. The parent of
Commercial Bank & Trust of Pennsylvania said in its earning statement that
‖a series of counterfeit non-U.S./foreign check deposits was recorded‖ in the
July-September quarter. The bank paid an additional $5,000 in legal fees
related to the fraud. ―Full recovery on this wire fraud recognition and all
associated legal costs is being aggressively pursued by corporate legal counsel
against the local parties responsible for this incident,‖ the bank's CEO said
in the statement. Source: http://triblive.com/business/headlines/2899375-74/bank-commercial-quarterlegal-national-check-fraud-alex-cents-costs#axzz2BSITiDUI
7. November
6, Associated Press – (Ohio) Ohio man pleads guilty in credit union scheme. A
developer pleaded guilty in Akron, Ohio, to bank fraud and other charges and
will forfeit nearly $17 million for his part in a fraud scheme that led to the
2010 collapse of a northeast Ohio credit union, the Associated Press reported
November 6. Federal officials said the man pleaded guilty November 5 to
conspiracy to commit bank fraud and bank bribery, money laundering, bank fraud,
bribery, and making false statements of financial institutions. Authorities
said the man conspired to submit false loan documents to St. Paul Croatian
Federal Credit Union in Eastlake and to pay bribes and kickbacks to get loans
for companies he controlled. Authorities said the crimes occurred from December
2003 through March 2010. Source: http://www.sfgate.com/news/crime/article/Ohio-man-pleads-guilty-in-creditunion-scheme-4011994.php
For
another story, see item 28 below in the Information
Technology Sector
Information Technology Sector
27. November
6, Ars Technica – (New Jersey) E-voting chaos: NJ voters sent to official’s personal
Hotmail address. Security experts warned that New Jersey's plan for email based
voting was a recipe for problems, and anecdotal evidence became apparent November
6 that the system did not work as well as organizers hoped. The problems were
first spotted by Buzzfeed, which noted that a number of voters have tweeted
about having their emails to county voting officials bounce. Essex County is in
the suburbs of New York and has nearly 800,000 residents. As one of the largest
counties in the State, it struggled to keep up with the demand for email
ballots. Aware of the problems with the official email system, the Essex County
clerk suggested that displaced voters could email a request for a ballot to his
personal email address, according to a post on the Facebook page of the town of
West Orange. However, a security researcher noted that the clerk's Hotmail
address has his mother's maiden name as a "password recovery" question.
This means that anyone who can figure out the clerk's mother's maiden name could
seize control of his Hotmail account and intercept voters' official ballot
requests. Morris County also experienced problems November 6. The county's
election Web site instructs voters to send ballot requests to a government
address. However, when users sent email to that address, they received a
delivery failure notification from the County's mail server in reply. Source: http://arstechnica.com/tech-policy/2012/11/e-voting-chaos-nj-voters-sent-toofficials-personal-hotmail-address/
28. November
6, Krebs on Security – (Missouri) Cyberheists ‘a helluva wake-up call’ to small biz.
A $180,000 robbery took the building security and maintenance system installer
Primary Systems Inc. by complete surprise. More than two-dozen people helped to
steal funds from the company’s coffers in an overnight heist in May, but none of
the perpetrators were ever caught on video. Rather, a single virus-laden email
that an employee clicked on let the attackers open a digital backdoor, exposing
security weaknesses that persist between many banks and their corporate
customers. The St. Louis-based firm first learned that things were not quite
right May 30, when the company’s payroll manager logged into her account at the
local bank and discovered that an oversized payroll batch for approximately
$180,000 had been sent through May 29. The money was pushed out of Primary
Systems’ bank accounts in amounts between $5,000 and $9,000 to 26 individuals
throughout the United States who had no prior interaction with the firm, and
who had been added to the firm’s payroll that very same day. The 26 were ―money
mules,‖ willing or unwitting participants who are hired through work-at-home
job schemes to help cyber thieves move money abroad. Most of the mules hired in
this attack were instructed to send the company’s funds to recipients in
Ukraine. Source: http://krebsonsecurity.com/2012/11/cyberheists-a-helluva-wake-up-call-tosmall-biz/
29. November
6, The H – (International) Sophos fixes critical security vulnerability.
A security expert revealed critical security vulnerabilities in Sophos
antivirus software. This includes the publication of a proof-of-concept for a
root exploit for Sophos 8.0.6 for Mac OS X, which utilizes a stack buffer
overflow when searching through PDF files. The vulnerability is also likely to
affect Linux and Windows versions. The security expert published a full
analysis on the SecLists.org security mailing list newsletter. A module for the
Metasploit penetration testing software is now also available. According to
information from Sophos, the security deficits listed have been fixed since
November 5 and the antivirus company is not aware of any of the vulnerabilities
having been exploited in the wild. The complete list of bugs identified by the
security expert will, it said, be fixed by November 28 at the latest. The
security expert's paper on security deficits in Sophos software is particularly
critical of the product's approach to address space layout randomization
(ASLR). The paper also describes the ability to use PDF file encryption to
trigger a stack buffer overflow, allowing an attacker to use a crafted URL or
email to execute malicious code on an affected computer. Source: http://www.h-online.com/security/news/item/Sophos-fixes-critical-securityvulnerability-1744777.html
30. November
6, The H – (International) Android 4.2 warns against malicious apps and premium
rate texts. The upcoming Android 4.2 release will introduce new security features
which, until now, Google has been quiet about. In an interview with Computerworld,
the VP of Android Engineering at Google detailed two new security features in
the latest version of the mobile operating system — a reputation service for applications
and a system to protect users from being ripped off by expensive premium rate
texts. Version 4.2 of Android includes what is essentially cloud-based
antivirus software, which warns against known malicious files on request. If
the "Verify apps" options is selected, prior to installing an app
from a source other than the official Play Store (a process known as
"sideloading"), Android will check a signature of the APK installation
file with a Google server. Source: http://www.h-online.com/security/news/item/Android-4-2-warns-againstmalicious-apps-and-premium-rate-texts-1744110.html
31. November
6, Infosecurity – (International) New Gh0st-related malware discovered. A new
type of malware, backdoor.ADDNEW, was recently identified, Infosecurity reported
November 5. It is based on the Russian DaRK DDoSer malware and has a link with
the Gh0st RAT trojan. Gh0st RAT is the trojan linked to Gh0stNet, a cyber espionage
network largely reporting to command and control servers in China. In the past,
recruitment to the Gh0stNet has mainly been achieved by targeted emails
carrying a malicious attachment that drops a trojan that can download the Gh0st
RAT, which then allows its controllers to gain complete real-time control of
infected Windows computers. Source: http://www.infosecurity-magazine.com/view/29166/new-gh0strelatedmalware-discovered/
32. November
6, Softpedia – (International) US voters targeted with malware hidden in fake
election documents, YouTube videos. As U.S. citizens prepared to elect
their president, cybercriminals have intensified their malicious campaigns in
an effort to take advantage of the hype that surrounds the event. Security
experts from GFI Labs discovered a myriad of schemes. For example, individuals
who might be forced to vote via email or fax because of the damages caused by
Hurricane Sandy might come across an executable file which hides a piece of
malware. Researchers also discovered files which contain an executable that
actually opens an election-related document when it is executed. However, in
the background, a malicious element is unleashed. Finally, some YouTube videos
were found to advertise links that lead to malicious movie players and download
managers. Source: http://news.softpedia.com/news/US-Voters-Targeted-with-Malware-Hidden-in-Fake-Election-Documents-YouTube-Videos-304887.shtml
33. November
6, Help Net Security – (International) Most Android malware are SMS trojans. Android
versions 2.3.6, or "Gingerbread," and 4.0.4, or "Ice Cream Sandwich,"
were the most popular Android targets among cybercriminals during the third
quarter of 2012, according to Kaspersky Lab. The rapid growth in the number of new
mobile malicious programs for Android continued in the third quarter, prompting
the specialists at Kaspersky Lab to identify the platform versions most
frequently targeted by cybercriminals. Android 2.3.6 Gingerbread accounted for
28 percent of all blocked attempts to install malware, while the second most
commonly attacked version was the new 4.0.4 Ice Cream Sandwich, which accounted
for 22 percent of attempts. "Although Gingerbread was released back in
September 2011, due to the segmentation of the Android device market it still
remains one of the most popular versions, which, in turn, attracts increased
interest from cybercriminals," a senior malware analyst at Kaspersky Lab
said. "The popularity of the most recent version of the Android OS – Ice Cream
Sandwich - among virus writers can be explained by the fact that the devices running
the latest versions of the OS are more suitable for online activities. Unfortunately,
users actively surfing the web often end up on malicious sites," he added.
More than half of all malware detected on users smartphones turned out to be SMS
trojans, that is, malicious programs that steal money from victims' mobile accounts
by sending SMS messages to premium rate numbers. Source: http://www.net-security.org/malware_news.php?id=2312
34. November
6, The H – (International) Plone releases fixes for 24 vulnerabilities. After
an alert the week of October 29 that Zope and the Plone CMS were vulnerable to
24 security holes that could have led to privilege escalation and code
injection, the developers now released a hotfix for Plone that closes them. The
hotfix was tested with Plone 4.2, Plone 4.1, Plone 4, Plone 3, Plone 2.5, and
Plone 2.1. The list of flaws was extensive: issues include the ability for
anonymous users to execute arbitrary Python in the admin interface, crafting of
URLs which can log users out, an ability to escape the Python sandbox,
cross-site scripting (XSS) issues, permissions bypasses, denial-ofservice through
unsanitized inputs or by requesting large collections, anonymous manipulation
of content item titles, unauthorized downloading of BLOB content, password
timing attacks, and more. According to a Plone security team member, some of
the vulnerabilities affect only Plone 3 or Plone 4, others are in Zope or other
libraries. Although many of the issues are relatively minor, there are some
serious issues within the 24 vulnerabilities. The developers did not break down
the vulnerabilities publicly by which version or location is affected, but
ensured that applying the hotfix to any vulnerable version of Plone removes the
risk. Many of the issues were found by the Plone Security Team who were
conducting an audit of the code, although some were reported by users. Source: http://www.h-online.com/security/news/item/Plone-releases-fixes-for-24-vulnerabilities-1744808.html
35. November
6, The H – (International) Users take their time over Java and Flash updates.
Of the computers studied by Kaspersky in the third quarter of 2012, 35 percent
suffered from a Java vulnerability and 19 percent from a vulnerability in an Adobe
product. Comparing Kaspersky's quarterly security reports from 2010-2012 shows
that the Oracle and Adobe update agents are not good enough at getting their users
to carry out updates. Since 2010, Java and Flash Player have been at the top of
the Kaspersky list. Microsoft, in contrast, has gradually dropped out of the
top 10, suggesting that its patch routines are working. Kaspersky's top 10 for
the third quarter of 2012 is filled by Oracle Java, Adobe Flash Player, Reader,
and Shockwave, Apple's QuickTime and iTunes, and Nullsoft's Winamp. Thirty-five
percent of the computers studied by Kaspersky were affected by vulnerabilities
in Java, with just under 19 percent vulnerable to infection through the Adobe
Flash Player. Source: http://www.h-online.com/security/news/item/Users-take-their-time-over-Javaand-Flash-updates-1744574.html
36. November
5, The H – (International) Avira incompatible with Windows 8 and Windows
Server 2012. In a new knowledge base post on its site, security company Avira
is now warning customers that its products are currently incompatible with Windows
8 and Windows Server 2012. Upgrading from Windows 7 to Windows 8 with existing
Avira products installed will result in a blue error screen. Apparently, the problem
will only be fixed by the company in the first quarter of 2013. Avira said "significant
changes to the operating system platform" of Windows 8 and Windows Server
2012 are the reason for the incompatibility. On systems already upgraded to the
latest version of Windows, Avira software can only be uninstalled manually. In
order to do so, systems may need to be booted in safe mode. Source: http://www.h-online.com/security/news/item/Avira-incompatible-with-Windows-8-and-Windows-Server-2012-1743293.html
37. November
5, Infosecurity – (International) Apple releases update for iOS addressing iPhone,
iPad critical flaws. Apple released a new iOS, version 6.0.2, that
addresses a several vulnerabilities in the system affecting iPhone 3GS and
later, the iPod touch fourth generation and later, and the iPad 2 and later
devices. The update addresses a vulnerability that allows maliciously crafted
or compromised iOS applications to determine addresses in the kernel. An
information disclosure issue existed in the handling of APIs related to kernel
extensions, Apple said. "Responses containing an OSBundleMachOHeaders key
may have included kernel addresses, which may aid in bypassing address space
layout randomization protection," the company noted. "This issue was
addressed by unsliding the addresses before returning them." Source: http://www.infosecurity-magazine.com/view/29136/apple-releases-update-forios-addressing-iphone-ipad-critical-flaws/
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.