Friday, January 11, 2013
Complete DHS Daily Report for January 11, 2013
Daily Report
Top Stories
• The U.S. Department of Homeland Security
reported that the number of cyber attacks against nuclear, power, and water
infrastructure more than doubled in 2012, citing 198 cybersecurity incidents
across the energy, chemical, nuclear, and water sectors. – CNNMoney
2.
January 9, CNNMoney – (National) Hacker
hits on U.S. power and nuclear targets spiked in 2012. The U.S. Department
of Homeland Security reported that the number of cyber attacks against nuclear,
power, and water infrastructure more than doubled in 2012, citing 198
cybersecurity incidents across the energy, chemical, nuclear, and water
sectors. Source: http://money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks/
• The flu was reported in 41 States, and the
Centers of Disease Control and Prevention predicted the 2013 flu season to be
the worst flu season in a decade. – Wall Street Journal
21.
January 9, Wall Street Journal –
(National) Nasty flu season could lead to sickly growth. The flu was
reported in 41 States, and the Centers of Disease Control and Prevention
predicted the 2013 flu season to be the worst flu season in a decade. Source: http://blogs.wsj.com/economics/2013/01/09/nasty-flu-season-could-lead-to-sickly-growth/
• A researcher discovered and others confirmed
a zero-day exploit for Java that is already being used by the popular
Blackhole, Nuclear Pack, and Cool exploit kits. – Threatpost See item 30 below in the Information
Technology Sector
• Proof-of-concept exploit code and a
penetration testing module were released for several Ruby on Rails
vulnerabilities that could allow arbitrary code execution and the installation
of backdoors, presenting a major vulnerability for Web sites using versions
other than the most recently released. – Threatpost See item 31 below in the Information
Technology Sector
Details
Banking and Finance Sector
4. January 10, Associated Press – (Texas) West
Texas woman guilty in nearly $5.9M fraud. A woman was found guilty in
Midland in an almost $5.9 million investment fraud scheme that allowed
individuals to rent or lease the bank accounts of others to inflate their
apparent net worth. Source: http://www.galvestondailynews.com/news_ap/texas/article_81a5ba05-9f48-5f88-b152-ee947d3d875b.html
5. January 10, Banking Business Review –
(Virginia) SEC sues Bank of the Commonwealth former executives for
misrepresenting loan losses. The former CEO, chairman, and president of
Bank of the Commonwealth were charged by the U.S. Securities and Exchange
Commission for allegedly misrepresenting the failed Virginia bank’s loan
portfolio during the 2008 financial crisis. Source: http://www.banking-business-review.com/news/sec-sues-bank-of-the-commonwealth-former-executives-for-misrepresenting-loan-losses-100113
6. January 9, IDG News Service – (International) Botnets
for hire likely attacked U.S. banks. A recent campaign of distributed
denial of service (DDoS) attacks on U.S. banks appears to be using botnets for
hire, according to an analysis by security firm Incapsula. Source: http://www.computerworld.com/s/article/9235525/Botnets_for_hire_likely_attacked_U.S._banks?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)
7. January 9, Reuters – (National) SEC charges
KPMG auditors at failed Nebraska bank. The U.S. Securities and Exchange
Commission filed civil charges and is seeking to censure two auditors at
accounting firm KPMG over their alleged failure to adequately oversee and
investigate the records of the failed Nebraska-based TierOne Bank. Source: http://www.reuters.com/article/2013/01/09/us-sec-kpmg-idUSBRE9080U620130109
Information Technology Sector
30. January
10, Threatpost – (International) Nasty new Java zero day found; Exploit kits
already have it. A researcher discovered and others confirmed a zero-day
exploit for Java that is already being used by the popular Blackhole, Nuclear
Pack, and Cool exploit kits. Source: http://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
31. January
10, Threatpost – (International) Exploit code, Metasploit module out for Ruby
on Rails flaws. Proof-of-concept exploit code and a penetration testing
module were released for several Ruby on Rails vulnerabilities that could allow
arbitrary code execution and the installation of backdoors, presenting a major
vulnerability for Web sites using versions other than the most recently released.
Source: http://threatpost.com/en_us/blogs/exploit-code-metasploit-module-out-ruby-rails-flaws-011013
For another story, see item 6 above in the Banking and Finance Sector
Communications Sector
32.
January 10, USA Today – (National) FCC
blames phone companies for derecho 911 outages. The Federal Communications
Committee (FCC) released a report January 10 citing major phone companies for
the massive loss of 9-1-1 services during the June 2012 derecho storm in the
Midwest and Mid-Atlanic, and stating that their lack of backup resources and
delayed communications resulted in millions of people being unable to contact
9-1-1. Source: http://www.usatoday.com/story/money/2013/01/09/fcc-derecho-911-outage/1821695/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment