Thursday, February 14, 2013
Complete DHS Daily Report for February 14, 2013
Daily Report
Top Stories
• The contractor that operates the Y-12 facility in Oak Ridge was
given unsatisfactory marks by the National Nuclear Security Administration for
security, design, and building schedule issues. – Knoxville News Sentinel
7. February 11, Knoxville News Sentinel –
(Tennessee) Security wasn’t the only problem;
B&W Y-12 marked down for costly ($539M) UPF design failure, microwave woes.
The contractor that operates the Y-12 facility in Oak Ridge was given
unsatisfactory marks by the National Nuclear Security Administration for security,
design, and building schedule issues.
• Authorities believe the
former Los Angeles Police officer that killed two individuals and wounded three
others barricaded himself in a vacant cabin as he engaged police in a violent shootout
that killed a sheriff’s deputy and injured another before the cabin went up in flames.
– Associated Press
19. February
13, Associated Press – (California) AP source: Calif. driver’s license naming
ex-LAPD cop found in burned cabin with body. Authorities believe the former
Los Angeles Police (LAPD) officer that killed two individuals and wounded three
others barricaded himself in a vacant cabin as he engaged police in a violent shootout
that killed a sheriff’s deputy and injured another before the cabin went up in flames.
Source: http://www.washingtonpost.com/national/ex-la-cop-believed-barricaded-in-scalif-cabin-miles-from-where-truck-found-2-officers-hurt/2013/02/12/2cdcf98c-7571-11e2-9889-60bfcbb02149_story.html?tid=pm_pop
• The U.S. President issued an Executive Order which aims to
enable better protection of critical infrastructure information technology
systems through sharing cybersecurity information among relevant government and
private entities. – Wired.com See item 29 below in
the Information Technology Sector
• A man was charged in the killing of two Japanese tourists using
his vehicle, and for allegedly stabbing and injuring a dozen others. – Associated
Press
32. February
13, Associated Press – (Guam) Police arrest man accused of mass
stabbing in Guam. A man was charged in the killing of two Japanese tourists
using his vehicle, and for allegedly stabbing and injuring a dozen others.
Source: http://www.fortmilltimes.com/2013/02/12/2493421/3-dead-11-hurt-after-man-crashes.html
Details
Banking and Finance Sector
Nothing to report
Information Technology Sector
22. February 13, Softpedia – (International) Flash Player
zero-day used to push “legal” surveillance malware. Researchers at
Kaspersky have found the DaVinci surveillance tool using an Adobe Flash Player
zero-day exploit to install spyware on computers owned by activists and
political dissidents in several countries. Source: http://news.softpedia.com/news/Flash-Player-Zero-Day-Used-to-Push-Legal-Surveillance-Malware-329224.shtml
23. February 13, SC Magazine – (International) Flaws in Adobe
Reader and Flash ‘exploited in the wild.’ Researchers from FireEye and
Kaspersky reported new zero-day vulnerabilities being exploited in Adobe Reader
and Adobe Flash. Source: http://www.scmagazineuk.com/flaws-in-adobe-reader-and-flash-exploited-in-the-wild/article/280166/
24. February 13, Softpedia – (International) Cybercriminals
hide their malicious code by injecting it into JavaScript. Sophos
researchers found a technique being used by cybercriminals to inject malware
into JavaScript code hosted on legitimate Web sites. Source: http://news.softpedia.com/news/Cybercriminals-Hide-Their-Malicious-Code-by-Injecting-It-into-JavaScript-329197.shtml
25.
February 13, Help Net Security –
(International) Global malicious websites increase by 600%. A Websense
Security Labs report detailed several findings regarding Web-based
cyberattacks, including that legitimate hosting services hosted 85 percent of
malicious sites. Source: http://www.net-security.org/malware_news.php?id=2411
26.
February 13, Softpedia –
(International) Ruby on Rails 3.2.12, 3.1.11, and 2.3.17 released to address
security holes. New versions of Ruby on Rails were released to address a
total of three vulnerabilities. Source: http://news.softpedia.com/news/Ruby-on-Rails-3-2-12-3-1-11-and-2-3-17-Released-to-Address-Security-Holes-329111.shtml
27.
February 13, Softpedia –
(International) Cryptome email, website and Twitter account hacked. Two
hackers took credit for breaching the email, Web site, and Twitter account of
Cryptome. The site and email were restored but the Twitter account remained
under unauthorized control as of February 13. Source: http://news.softpedia.com/news/Cryptome-Email-Website-and-Twitter-Account-Hacked-329057.shtml
28.
February 13, Help Net Security –
(International) Flickr bug made users’ private photos public. A glitch
allowed photos on Flickr marked “private” to be publicly seen for 20 days.
Flickr later fixed the issue but the change in code to reset pictures caused
issues for content owners. Source: http://www.net-security.org/secworld.php?id=14407
29.
February 12, Wired.com – (National) Executive
Order aims to facilitate sharing of information on threats. The U.S. President
issued an Executive Order which aims to enable better protection of critical
infrastructure information technology systems through sharing cybersecurity
information among relevant government and private entities. Source: http://www.wired.com/threatlevel/2013/02/executive-order-cybersecurity/
30.
February 12, Softpedia –
(International) Four types of URLs used in 2013 BlackHole spam campaigns. Trend
Micro researchers outline four kinds of URLs used in spam campaigns using the
new version of the BlackHole exploit kit. Source: http://news.softpedia.com/news/Four-Types-of-URLs-Used-in-2013-BlackHole-Spam-Campaigns-328754.shtml
Communications Sector
31.
February 12, Sun Sentinel – (Florida) Man
sued after pirate radio broadcast interferes with airport tower. A Florida
man without a license to broadcast was fined $20,000 for violating Federal
Communication Commission regulations and interfering with air traffic control.
Source: http://www.sun-sentinel.com/news/palm-beach/fl-pirate-radio-station-20130212,0,2106451.story
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.