Friday, February 8, 2013
Complete DHS Daily Report for February 8, 2013
• U.S. regulators have delayed several oil drilling companies from continuing work on rigs from the Gulf of Mexico to Brazil after defective bolts were found. Repairs could last for more than 3 weeks. – Bloomberg News
2. February 6, Bloomberg News – (International) U.S. halts drilling on Gulf wells with flawed bolts. U.S. regulators have delayed Chevron Corp., Dutch Shell Plc, and Transocean Ltd, from continuing work on rigs from the Gulf of Mexico to Brazil due to defective bolts. Repairs could last for more than 3 weeks before work can begin again to connect drilling tubes to safety gear and the seafloor. Source: http://www.businessweek.com/news/2013-02-06/u-dot-s-dot-halts-drilling-on-gulf-wells-with-flawed-ge-bolts
• Lakes Michigan and Huron are at their lowest levels ever; each has declined 17 inches since early January 2012. – Associated Press
14. February 6, Associated Press – (Michigan) 2 Great Lakes hit lowest water level on record. Water levels of all five Great Lakes have been recorded well below average but Lakes Michigan and Huron are at their lowest levels ever; each has declined 17 inches since early January 2012. The lower levels have led to heavy economic losses. Source: http://www.usatoday.com/story/weather/2013/02/06/lake-michigan-lake-huron-record-low-levels-drought/1896603/
• A California Statewide search was initiated for a former Los Angeles police officer after he made threats to wage a war on police and is suspected of killing three individuals, one being an officer, and also wounding two others, including an officer. – Reuters
23. February 7, Reuters – (California) Manhunt launched for ex-L.A. cop wanted in shootings. A California Statewide search was initiated for a former Los Angeles police officer after he made threats to wage a war on police and is suspected of killing three individuals, one being an officer, and also wounding two others, including an officer. Source: http://news.yahoo.com/manhunt-ex-l-cop-wanted-multiple-shootings-152436447.html
• Researchers have demonstrated a way for attackers to control building systems used by manufacturers, hospitals, and other industries. Attackers could also potentially use the vulnerability to gain access to corporate networks. – Dark Reading
See item 27 below in the Information Technology Sector
Banking and Finance Sector
5. February 6, YNN – (New York) Investment brokers found guilty of mail, wire fraud and filing false tax returns. Two investment brokers operating in Albany were found guilty of mail and wire fraud, and of filing false tax returns when they stole $8 million in investor funds and then attempted to conceal the fraud in their records. Source: http://hudsonvalley.ynn.com/content/top_stories/636771/investment-brokers-found-guilty-of-mail--wire-fraud-and-filing-false-tax-returns/
Information Technology Sector
24. February 7, The H – (International) PostgreSQL updates to close denial-of-service hole. The developers of PostgreSQL released updates to several versions of their products to address a misdeclared function that could allow a SQL command to crash PostgreSQL, among other issues. Source: http://www.h-online.com/security/news/item/PostgreSQL-updates-to-close-denial-of-service-hole-1799938.html
25. February 7, Softpedia – (International) DefenseCode publishes list of routers impacted by Broadcom UPnP vulnerability. DefenseCode published a list of router manufacturers and models that are vulnerable to a recently identified universal plug and play (UPnP) vulnerability. Source: http://news.softpedia.com/news/DefenseCode-Publishes-List-of-Routers-Impacted-by-Broadcom-UPnP-Vulnerability-327631.shtml
26. February 7, Help Net Security – (International) Whitehole exploit kit in the spotlight. A new exploit kit dubbed Whitehole has been seen for sale and in ‘test-release’ mode, and found to use five Java Runtime Environment vulnerabilities along with security evasion methods. Source: http://www.net-security.org/malware_news.php?id=2405
27. February 6, Dark Reading – (International) Researchers demo building control system hack. Researchers have demonstrated a way for attackers to control building systems that use the Tridium Niagara Framework used by manufacturers, hospitals, and other industries. Attackers could also potentially use the vulnerability to gain access to corporate networks. Source: http://www.darkreading.com/security/vulnerabilities/240147983/researchers-demo-building-control-system-hack.html
28. February 6, IDG News Service – (International) Microsoft, Symantec take down Bamital click-fraud botnet. Symantec and Microsoft cooperated to take down the Bamital botnet that has been used for click fraud and identity theft. Source: http://www.csoonline.com/article/728402/microsoft-symantec-take-down-bamital-click-fraud-botnet
29. February 6, IDG News Service – (International) Barracuda moves to shutter backdoor access to its network gear. Barracuda Networks issued an update to close a vulnerability in its network security appliances that allowed unauthorized access through remote support backdoors. Source: http://www.computerworld.com/s/article/9236574/Barracuda_moves_to_shutter_backdoor_access_to_its_network_gear
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.