Friday, June 7, 2013
Complete DHS Daily Report for June 7, 2013
Daily Report
Top Stories
• Citadel botnet malware that have stolen more
than $500 million. – The Register See item 8
below in the Banking and Financial
Sector
• A Target employee who works at pharmacies in
San Leandro and Hayward, California, possibly exposed customers to Hepatitis A
via drugs. – Food Safety News
19.
June 6, Food Safety News –
(California) Hepatitis A outbreak sickens Target Pharmacist; Customers may
have been exposed. A Target employee who works at pharmacies in San Leandro
and Hayward possibly exposed customers to Hepatitis A via drugs prepared
between May 5 and May 24. Source: http://www.foodsafetynews.com/2013/06/hepatitis-a-outbreak-sickens-target-pharmacist-customers-may-have-been-exposed/
• Testimony to Congress stated that at least
eight foreign-sponsored organizations have hacked into Veterans Affairs
computer networks and that attacks are continuing. – Associated Press
25. June 4,
Associated Press – (National) Department of Veterans Affairs hacking includes at
least eight organizations, official says. A former U.S. Department of
Veterans Affairs computer security chief told Congress June 4 that at least
eight foreign-sponsored organizations have hacked into Veterans Affairs
computer networks and that attacks are continuing. The entire database contains
personally identifiable information on roughly 20 million veterans that could
be used in identity theft or other purposes. Source: http://www.huffingtonpost.com/2013/06/04/department-veterans-affairs-hacking_n_3385623.html
• Six individuals were killed and 13 were
injured in a four-story building collapse in Philadelphia. – Associated
Press
42.
June 6, Associated Press –
(Pennsylvania) 6 confirmed dead, 13 injured in Philadelphia building
collapse in Center City. Six individuals were killed and 13 were injured in
a four-story building collapse in downtown Philadelphia June 5. Source: http://www.nj.com/south/index.ssf/2013/06/one_dead_and_13_injured_in_phi.html
Details
Banking and Finance Sector
8. June 6,
The Register – (International) Microsoft and FBI storm ramparts of Citadel
botnets. Microsoft and the FBI have disabled around 1,000 of the estimated
1,400 botnets created by the Citadel botnet malware that have stolen more than
$500 million. Microsoft also filed suit against the alleged controller of the
botnet, and the FBI is working with law enforcement in various countries to
identify the botmaster and 81 bot herders. Source: http://www.theregister.co.uk/2013/06/06/microsoft_feds_breach_citadel_botnets/
9. June 5,
Pittsburgh Post-Gazette – (Pennsylvania) Adams man pleads guilty
to bank fraud, money laundering. An Adams man pleaded guilty to bank fraud
and money laundering totaling $1.8 million based on a fraudulent plan to buy
two loan closing companies. Source: http://www.post-gazette.com/stories/local/neighborhoods-north/adams-man-pleads-guilty-to-bank-fraud-money-laundering-690431/
10. June 5,
Associated Press – (National) CFTC sues US Bank over Peregrine Financial fraud. The
U.S. Commodity Futures Trading Commission filed suit against U.S. Bank National
Association for allegedly handling accounts for Peregrine Financial in an
improper manner. The CEO of Peregrine Financial used those accounts in a $215
million fraud scheme. Source: http://www.businessweek.com/ap/2013-06-05/cftc-sues-us-bank-over-peregrine-financial-fraud
Information Technology Sector
33. June 6,
Softpedia – (International) Expert finds XSS flaws on Intel, HP, Sony,
Fujifilm and other websites. A researcher identified cross-site scripting
(XSS) vulnerabilities on the Web sites of several major companies in the
information technology and entertainment industries. Source: http://news.softpedia.com/news/Expert-Finds-XSS-Flaws-on-Intel-HP-Sony-Fujifilm-and-Other-Websites-358937.shtml
34. June 6,
Threatpost – (International) ISC patches known BIND 9 DOS vulnerabilities.
Internet Systems Consortium (ISC) published a security update for their
BIND 9 domain system protocol software that addresses a remotely exploitable
denial of service (DOS) vulnerability. Source: http://threatpost.com/isc-patches-known-bind-9-dos-vulnerability/
35. June 6,
Softpedia – (International) 64% of data breaches caused by human and
system errors, study finds. Symantec and the Ponemon Institute released
their 2013 Cost of Data Breach Study that finds that 64 per cent of data
breaches were due to human and system errors, among other findings. Source: http://news.softpedia.com/news/64-of-Data-Breaches-Caused-by-Human-and-System-Errors-Study-Finds-358711.shtml
36. June 5,
IDG News Service – (International) Malware increasingly uses peer-to-peer
communications, researchers say. Security firm Damballa reported that
malware’s use of peer-to-peer (P2P) communications increased fivefold over the
past year. Source: http://www.computerworld.com/s/article/9239834/Malware_increasingly_uses_peer_to_peer_communications_researchers_say
37. June 5,
SC Magazine – (International) One month after recent Java update, 7 percent
of users patched. Researchers at Websense found that one month after an
April Java update, only seven percent of users had upgraded to the latest
version, leaving the rest vulnerable to known exploits. Source: http://www.scmagazine.com/one-month-after-recent-java-update-7-percent-of-users-patched/article/296431/
For additional stories,
see items 8 above in the Banking and
Finance Sector, and 25 and 27 below:
25. June 4,
Associated Press – (National) Department of Veterans Affairs hacking includes at
least eight organizations, official says. A former U.S. Department of
Veterans Affairs computer security chief told Congress June 4 that at least
eight foreign-sponsored organizations have hacked into Veterans Affairs
computer networks and that attacks are continuing. The entire database contains
personally identifiable information on roughly 20 million veterans that could
be used in identity theft or other purposes. Source: http://www.huffingtonpost.com/2013/06/04/department-veterans-affairs-hacking_n_3385623.html
27. June
5, Softpedia – (Massachusetts) Malware identified on University
of Massachusetts Amherst computers. The University of Massachusetts Amherst
notified 1,670 patients from their Center of Language, Speech and Hearing after
a malicious program was found on a workstation April 5. The malware may have
compromised patient health information including Social Security numbers and
insurance information. Source: http://news.softpedia.com/news/Malware-Identified-on-University-of-Massachusetts-Amherst-Computers-358678.shtml
Communications Sector
38.
June 5, Blue Ridge Muse – (Virginia) The
data, web and TV service outage at Citizens continues. Floyd County
residents and customers of Citizens Telephone Cooperative lost Internet and
television services in an outage which has lasted more than 24 hours with no
reported time for service restoration. Source: http://www.blueridgemuse.com/node/18443
39.
June 3, KWWL 7 Waterloo – (Iowa) New
backup CenturyLink fiber network in Dubuque to prevent outages. Dubuque
residents were reassured June 5 that telecommunications services from
CenturyLink would be more reliable after 68 miles of backup fiber optic network
was installed and would serve as a redundant network. CenturyLink invested $2.3
million in the efforts following a June 2012 outage which affected emergency
services, phone, and Internet services for thousands of its customers for 4
hours. Source: http://www.kwwl.com/story/22512838/2013/06/05/new-backup-centurylink-fiber-network-in-dubuque-to-prevent-outages
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment