Wednesday, May 1, 2013
Complete DHS Daily Report for May 1, 2013
• A man was charged with fraud and identity theft for allegedly using information from insiders with access to Alabama Department of Corrections systems to obtain inmates’ personal information and then file false tax returns in their names. – Softpedia See item 8 below in the Banking and Financial Sector
• Crude oil mixed with natural gas spewed across U.S. Route 219 in Bradford, Pennsylvania, April 27 after a valve on a pipeline broke, prompting authorities to close the highway for about 5 hours. – Associated Press
17. April 29, Associated Press – (Pennsylvania) Bradford, Pa., highway closed by spewing oil from pipeline. Crude oil mixed with natural gas spewed across U.S. Route 219 in Bradford April 27 after a valve on a pipeline broke, prompting authorities to close the highway for about 5 hours. Source: http://www.the-leader.com/news/x91992959/Bradford-Pa-highway-closed-by-spewing-oil-from-pipeline
• A former water official was convicted on 11 counts of lying about mixing carcinogen-tainted well water into the village of Crestwood, Illinois’s drinking supply from 1982 until 2008. – Associated Press
22. April 30, Associated Press – (Illinois) Tainted well water case ends in guilty verdict. A former suburban Chicago water official was convicted April 29 on 11 counts of lying about mixing carcinogen-tainted well water into the village of Crestwood’s drinking supply from 1982 until 2008 in order to cut costs. Source: http://www.businessweek.com/ap/2013-04-30/tainted-well-water-case-ends-in-guilty-verdict
• At least 8 people were injured and nearly 150 arrested in Virginia Beach after instances of violence and disorder as between 30,000 and 40,000 people congregated for College Beach Weekend 2013 beginning April 26, an event city officials knew little about beforehand. – Associated Press
39. April 30, Associated Press – (Virginia) Nearly 150 people arrested in violent VB weekend. At least 8 people were injured and nearly 150 arrested in Virginia Beach after instances of violence and disorder as between 30,000 and 40,000 people congregated for College Beach Weekend 2013 beginning April 26, an event city officials knew little about beforehand. Source: http://www.sfgate.com/news/crime/article/Nearly-150-people-arrested-in-violent-VB-weekend-4475606.php
Banking and Finance Sector
7. April 30, V3.co.uk – (International) Ramnit sleeping malware targets UK financial sector. A new variant of the Ramnit malware with advanced detection-evading characteristics was found attacking online banking customers in the U.K., according to Trusteer researchers. Source: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector
8. April 29, Softpedia – (Alabama) Alabama man charged on suspicion of using prisoner identities in fraud scheme. A man was charged with 34 counts of fraud and identity theft for allegedly using information from insiders with access to Alabama Department of Corrections systems to obtain inmates’ personal information and then file false tax returns in their names, fraudulently earning over $2.5 million between 2010 and 2012. Source: http://news.softpedia.com/news/Alabama-Man-Charged-on-Suspicion-of-Using-Prisoner-Identities-in-Fraud-Scheme-349198.shtml
9. April 29, St. Louis Post-Dispatch – (Missouri) FDIC sues former directors of failed Champion Bank. The Federal Deposit Insurance Corporation filed a $15.6 million suit against 10 executives and board members of the failed Champion Bank for allegedly investing recklessly in failing housing developments, leading to the bank’s failure. Source: http://www.stltoday.com/business/local/fdic-sues-former-directors-of-failed-champion-bank/article_92e5a10b-4713-539e-8689-1e4012b8ad28.html
10. April 29, U.S. Securities and Exchange Commission – (Connecticut) Level Global agrees to pay more than $21.5 million to settle SEC insider trading charges. Greenwich-based Level Global Investors LP agreed to pay the U.S. Securities and Exchange Commission more than $21.5 million to settle charges of insider trading. Source: http://www.sec.gov/news/press/2013/2013-76.htm
Information Technology Sector
34. April 30, Softpedia – (International) PDF vulnerability exploited in MiniDuke campaign, used in Zegost, PlugX attacks. Researchers at Trend Micro found that at least three advanced persistent threat (APT) campaigns are using the CVE-2013-0640 vulnerability in Adobe Reader to spread malware, though their payloads differ. Source: http://news.softpedia.com/news/PDF-Vulnerability-Exploited-in-MiniDuke-Campaign-Used-in-Zegost-PlugX-Attacks-349753.shtml
35. April 30, Softpedia – (International) Vulnerabilities in D-Link IP cameras can be used to capture video streams. Several vulnerabilities in D-Link IP cameras can be exploited to access video streams, execute arbitrary commands, bypass authentication, and other purposes, according to research from Core Security. Source: http://news.softpedia.com/news/Vulnerabilities-in-D-Link-IP-Cameras-Can-Be-Used-to-Capture-Video-Streams-349669.shtml
36. April 29, Threatpost – (International) Google mandates app updates come from Google Play. Google instituted a policy whereby apps available through its Google Play app store must issue updates via Google Play’s update mechanism in order to prevent malicious apps from sending updates to users after an approved app is downloaded. Source: http://threatpost.com/google-mandates-app-updates-come-from-google-play/
37. April 29, Computerworld – (International) Google pays record $31K bounty for Chrome bugs. Google paid a researcher from the University of Luxembourg $31,336 for uncovering three “high” rated vulnerabilities in Chrome via the company’s bug bounty program. Source: http://www.networkworld.com/news/2013/042913-google-pays-record-31k-bounty-269213.html
For an additional story see item 7 above in the Banking and Finance Sector
38. April 29, WBIR 10 Knoxville – (National) Phone outage impacts East TN businesses. Arkansas-based national Internet and telephone provider Windstream suffered an outage for more than 5 hours April 29, impacting multiple businesses throughout the country including long-distance and toll free call processing services. Source: http://www.wbir.com/news/article/272253/2/Windstream-outage-affecting-business-phone-lines-across-country
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.