Daily Report
Top Stories
• Washington Suburban Sanitary Commission
officials implemented mandatory water restrictions for Prince George’s County,
Maryland, and feared the area would have no water service for several days,
affecting 200,000 business and residents. – Associated Press
21. July 17,
Associated Press – (Maryland) Pipe repair shuts off water for 200,000 people
near DC. Mandatory water restrictions for Prince George’s County businesses
and
residents began July 16 to permit urgent repairs to a failing water main.
Washington Suburban Sanitary Commission officials feared the area would have no
water service for several days but have since reported they would be able to
divert water to keep pipes flowing for 200,000 business and residents including
an Air Force base and hotels, restaurants, and a convention center and resort
at the National Harbor. Source: http://news.msn.com/us/pipe-repair-shuts-off-water-for-200000-people-near-dc
26. July 18, KTLA 5 Los
Angeles –
(California) Mountain Fire grows to 22,800 acres; 15% contained. Firefighters
reached 15 percent containment of California’s Mountain Fire July 18 after
burning through 22,800 acres and prompting the evacuation of nearly 6,000
people in several communities and counties near Idyllwild. Source: http://ktla.com/2013/07/18/wildfire-forces-evacuation-near-idyllwild/#axzz2ZP8jBK83
• The University of Virginia is in the process
of notifying 18,700 students whose Social Security numbers were printed onto
address labels of health insurance brochures and mailed out. – Charlottesville
Daily Progress
28. July 18, Charlottesville
Daily Progress –
(Virginia) 18,000 Social Security numbers printed on outside of U.Va.
student mailings. The University of Virginia is in the process of notifying
18,700 students whose Social Security numbers were printed onto address labels
of health insurance brochures that were mailed out. The brochures were sent
through a third-party mail vendor. Source: http://www.timesdispatch.com/news/latest-news/social-security-numbers-printed-on-outside-of-u-va-student/article_aca180fc-ef38-11e2-b5f7-0019bb30f31a.html
• Researchers identified a critical
vulnerability in Java 7 Update 25 and previous versions that can be exploited
with a known attack method. – Softpedia See item 38 below in the Information Technology Sector
Details
Banking and Finance Sector
6. July 17,
San Luis Obispo Tribune – (California) ‘Central Coast Bandit’
blamed for four local bank robberies. A bank robber dubbed the “Central
Coast Bandit” was suspected in four robberies in San Luis Obispo County, most
recently at a Golden 1 Federal Credit Union branch in Paso Robles July 17.
Source: http://www.sanluisobispo.com/2013/07/17/2586973/fbi-names-local-bank-robber-the.html
8. July 17,
Chicago Sun-Times – (Illinois) Elmhurst man pleads guilty to stealing files from
Federal Reserve Bank. A former employee of the Federal Reserve Bank of
Chicago pleaded guilty to stealing confidential files on the bank’s access and
monitoring of credit exposure on his last day of work with the bank. Source: http://chicago.cbslocal.com/2013/07/17/elmhurst-man-pleads-guilty-to-stealing-files-from-federal-reserve-bank/
9. July 17,
Santa Rosa Press Democrat – (California) Napa financial adviser
indicted in fraud case. A former Napa financial adviser was indicted for
allegedly forging more than $1.8 million in checks from the accounts of a deceased
client. Source: http://www.pressdemocrat.com/article/20130717/ARTICLES/130719564
For
another story, see item 25 below:
25. July 17, New York Times – (New York) Prosecutors
say five ran a credit card fraud ring. Authorities charged a couple after
discovering one of the pair worked for South Shore Physicians on Staten Island
and used her access to elderly patients’ records to steal their financial
information. Her fiancé, along with three other accomplices, used the stolen
financial information to obtain credit cards and the couple used the money on a
spending spree that totaled nearly $700,000. Source: http://www.nytimes.com/2013/07/18/nyregion/prosecutors-say-five-ran-a-credit-card-fraud-ring.html?_r=0
Information Technology Sector
38. July 18,
Softpedia – (International) Experts find sandbox bypass vulnerability in
Java 7 Update 25. Researchers at Security Explorations identified a
critical vulnerability in Java 7 Update 25 and previous versions that can be
exploited with a known attack method. Details and a proof-of-concept were
submitted to Oracle. Source: http://news.softpedia.com/news/Experts-Find-Sandbox-Bypass-Vulnerability-in-Java-7-Update-25-369044.shtml
39. July 18,
Krebs on Security – (International) Botcoin: Bitcoin mining by botnet. Researchers
discovered a Bitcoin mining malware affiliate program that utilizes infected
computers to ‘mine’ Bitcoins via botnets. Source: https://krebsonsecurity.com/2013/07/botcoin-bitcoin-mining-by-botnet/
40. July 18,
IDG News Service – (International) Most enterprise networks riddled with
vulnerable Java installations. A report by Bit9 found that outdated Java
installations are currently deployed on most enterprise networks, posing a
major security risk. Source: https://www.computerworld.com/s/article/9240880/Most_enterprise_networks_riddled_with_vulnerable_Java_installations
41. July 18,
Softpedia – (International) Fake AV “Antivirus System” prevents victims
from booting in safe mode. A fake antivirus found by Webroot researchers
called Antivirus System injects itself into a device’s system shell, booting up
in safe mode to prevent removal. Source: http://news.softpedia.com/news/Fake-AV-Antivirus-System-Prevents-Victims-from-Booting-in-Safe-Mode-369124.shtml
42. July 18,
V3.co.uk – (International) Hackers knock Network Solutions websites
offline with DDoS attack. Network Solutions was the target of a distributed
denial of service (DDoS) attack July 15, affecting its own and an unknown
number of customers’ Web sites. Source: http://www.v3.co.uk/v3-uk/news/2283238/hackers-knock-network-solutions-websites-offline-with-ddos-attack
43. July 18,
Softpedia – (International) Android apps that exploit “master key” bug
found on Google Play. Bitdefender researchers identified two apps in the
Google Play store that exploit the Android “master key” exploit in a
non-malicious manner. Source: http://news.softpedia.com/news/Android-Apps-that-Exploit-Master-Key-Bug-Found-on-Google-Play-369091.shtml
44. July 18, Help Net Security – (International) Android
backup sends unencrypted Wi-Fi passwords to Google. A researcher found that
the Android “Back up my data” feature sends private information such as WiFi
passwords in plaintext to Google. Source: https://www.net-security.org/secworld.php?id=15245
45. July 18, Softpedia – (International) KakaoTalk
users warned of malicious applications. Trend Micro researchers found an
e-mail distributed trojanized version of the KakaoTalk instant messaging app
designed to collect contact information, text messages, and phone settings.
Source: http://news.softpedia.com/news/KakaoTalk-Users-Warned-of-Malicious-Applications-369281.shtml
46. July 17, eWeek – (International) Cyber-criminals
selling fraudulent identity ‘kitz’ on web black market. Dell Secureworks
researchers found cybercriminals selling various identity fraud packages called
“kitz” that contain an individual’s personal information and documents, including
full profiles called “fullz” made by using information leaked in data breaches.
Source: http://www.eweek.com/security/cyber-criminals-selling-fraudulent-identity-kitz-on-web-black-market/
47. July 17, CNET – (International) Google Glass
patch fixes vulnerability through QR code. Google closed a security
vulnerability in its Google Glass device that could allow an attacker to
compromise the device by using a QR code. Source: http://news.cnet.com/8301-1009_3-57594116-83/google-glass-patch-fixes-vulnerability-through-qr-code
48. July 17, Dark Reading – (International) DDoS average
packet-per-second and attack bandwidth rates rise. Prolexic Technologies
released their second quarter 2013 Quarterly Global DDoS attack report, which
found that distributed denial of service (DDoS) attacks increased in average
packet-per-second rate and average bandwidth by 1,655 percent and 925 percent,
respectively, compared to 2012 levels. Source: http://www.darkreading.com/attacks-breaches/ddos-average-packet-per-second-and-attac/240158434
For
another story, see item 25 above just
following the Banking and Finance Sector
Communications Sector
49.
July 18, San Joaquin County News –
(California) PG&E puts $5,000 bounty on copper wire thieves. Following
12 documented copper wire thefts in the Stockton area since June 28, AT&T
reported it would offer a $5,000 reward for information which may lead to the
arrest and conviction of those responsible for interrupting service to its
customers via the thefts. Source: http://www.recordnet.com/apps/pbcs.dll/article?AID=/20130718/A_NEWS/307180322/-1/A_NEWS02
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment