Wednesday, March 27, 2013
Complete DHS Daily Report for March 27, 2013
Daily Report
Top Stories
• A severe storm knocked out power to 50,000
customers in central Florida, impeding traffic and taking down service at a
local radio station. – Orlando Sentinel
3.
March 25, Orlando Sentinel – (Florida)
Fierce storms knock out power, uproot trees across area. A storm
producing high winds gusts knocked out power to 50,000 customers in central
Florida, impeding traffic and taking down service at a local radio station.
Source: http://www.orlandosentinel.com/news/local/breakingnews/os-weather-orlando-20130323,0,1036094.story
• Close to 1,000 passengers at Reno-Tahoe
International Airport had to go through security a second time because two
passengers mistakenly entered a secure area. – Associated Press
21. March
25, Associated Press – (Nevada) Flights delayed after Reno airport security breach;
incident prompted by “innocent mistake.” Around 1,000 passengers at
Reno-Tahoe International Airport had to go through security a second time
because two passengers mistakenly entered a secure area. Flights were also
delayed for over an hour because of the security breach. Source: http://www.washingtonpost.com/lifestyle/travel/flights-delayed-after-reno-airport-security-breach-incident-prompted-by-innocent-mistake/2013/03/25/29b55a54-957b-11e2-95ca-dd43e7ffee9c_story.html
• Research published by Websense reports that
93 percent of Web browser users are vulnerable to common Java exploits because
they are not using a current version of Java. – Softpedia See item 34 below in the Information Technology Sector
• A March 25
underground natural gas leak led to the evacuation and relocation of a Phoenix
Holiday Inn‟s 140 guests and staff. – KTVK 3 Phoenix
45.
March 25, KTVK 3 Phoenix – (Arizona) Holiday
Inn gas leak in north Phoenix forces evacuation. A March 25 underground
natural gas leak led to the evacuation and relocation of a Phoenix Holiday
Inn‟s 140 guests and staff. Investigators discovered 100% saturation in parts
of the hotel and kept the hotel and roads closed for several hours to reduce
potential fires and explosions. Source: http://www.azfamily.com/news/local/Gas-leak-sparks-evacuation-at-Phoenix-hotel-199850321.html
Details
Banking and Finance Sector
12. March
25, Minneapolis Star Tribune – (Minnesota) Tax scam
allegedly run from Minnesota prison. The IRS and other authorities are
investigating a tax refund fraud scheme allegedly run by Minnesota prison
inmates and their not-incarcerated accomplices. The investigation involves
hundreds of falsified tax returns from between 2006 and 2012. Source: http://www.startribune.com/local/199958841.html
13. March
25, KHOU 11 Houston – (Texas) 9 arrested for identity theft, credit card fraud
after multi-agency raid. Authorities raided residences in Harris, Fort
Bend, and Waller counties and arrested nine Cuban nationals accused of running
an identity theft and credit card fraud ring. Hundreds of cards as well as
encoding equipment and personal information were seized during the raids.
Source: http://www.khou.com/news/crime/9-arrested-after-multi-agency-raid-for-identity-theft-credit-card-fraud--199934531.html
14. March
25, Sacramento Business Journal – (California) Ex-Sacramento
loan officer suspected of mortgage fraud. A former Sacramento loan officer
was indicted and accused of originating $5 million in loans for a mortgage
fraud scheme that involved straw buyers and led to the foreclosure of eight
houses. Source: http://www.bizjournals.com/sacramento/news/2013/03/25/ex-loan-officer-suspected-of-mortgage.html
15. March
25, Atlanta Journal Constitution – (Georgia; Colorado) „Clearinghouse
Bandit‟ believed to be in Atlanta area. The FBI stated that the suspect
known as the “Clearinghouse Bandit,” wanted for 13 bank robberies in Colorado,
may now be in the Atlanta area. Source: http://www.ajc.com/news/news/clearing-house-bandit-believed-to-be-in-atlanta-ar/nW38L/
16. March 21
Wall Street Journal – (International) Web money gets laundering rule. The U.S.
Department of the Treasury‟s Financial Crimes Enforcement Network announced
that it will apply money laundering regulations to virtual currencies such as
Bitcoin due to concern regarding their use in funding illicit activities.
Source: http://online.wsj.com/article/SB10001424127887324373204578374611351125202.html?mod=WSJ_Tech_LEFTTopNews
Information Technology Sector
34. March
26, Softpedia – (International) Websense: Over 93% of endpoints vulnerable to
latest Java exploit. Research from Websense found that 93 percent of Web
browser users are vulnerable to common Java exploits because they are not using
a current version of Java, making them easy targets for unsophisticated
attackers using Cool or other exploit kits. Source: http://news.softpedia.com/news/Websense-Over-93-of-Endpoints-Vulnerable-to-Latest-Java-Exploit-340306.shtml
35. March
26, Help Net Security – (International) Activists now targeted
with trojanized
backdoor
apps. Researchers from Kaspersky Lab identified a targeted attack on
Uyghur and Tibetan activists that sends a malicious backdoor Android app to
targets‟ mobile devices, the first use the researchers have seen of a targeted
attack against mobile devices. Source: http://www.net-security.org/malware_news.php?id=2446
36. March
25, Softpedia – (International) Grum spam botnet is slowly recovering after
takedown, experts warn. Spider Labs researchers found that the
cybercriminals behind the Grum botnet have begun reinstating command and
control (C&C) servers, and spotted a steady increase in spam sent by the
botnet. Source: http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-Takedown-Experts-Warn-340125.shtml
37. March
25, eWeek – (International) Slow Android phone patching prompts
vulnerability report. A researcher released details on four vulnerabilities
in Android on Samsung phones after having reported the vulnerabilities to
Samsung in January. Source: http://www.eweek.com/security/slow-android-phone-patching-prompts-vulnerability-report/
38. March
25, Threatpost – (International)Lime Pop emerges as the latest strain of
Android Enesoluty malware. Symantec identified a new variant of the
Android.Enesoluty data-stealing malware, spread through an app called Lime Pop.
The group behind Enesoluty has been active since summer 2012 and has registered
more than 100 domains to host the malicious apps. Source: http://threatpost.com/en_us/blogs/lime-pop-emerges-latest-strain-android-enesouty-malware-032513
39. March
25, The H – (International) MongoDB: Exploit on the net, Metasploit in
the making. An exploit for the MongoDB 2.2.3 database that can allow
attackers to inject and execute code was published by a researcher. Source: http://www.h-online.com/security/news/item/MongoDB-Exploit-on-the-net-Metasploit-in-the-making-Update-1829690.html
40. March
25, The H – (International) Weak keys in NetBSD. The developers of
the NetBSD Unix operating system released a kernel update to fix an issue where
systems would generate weak, easily-cracked cryptographic keys. Source: http://www.h-online.com/open/news/item/Weak-keys-in-NetBSD-1829336.html
41. March
24, Network World – (International) Hackers steal photos, turn wi-fi cameras into
remote surveillance device. Researchers from ERNW demonstrated various
methods to remotely steal photos, turn cameras on, and execute denial of
service (DoS) attacks against Wi-Fi-enabled Canon EOS-1D X cameras. Source: http://www.networkworld.com/community/node/82716
42. March
24, The Register – (International) T-Mobile patches Wi-Fi eavesdrop vuln. T-Mobile
patched a vulnerability in its Wi-Fi calling feature that left users
susceptible to man-in-the-middle attacks. Source: http://www.theregister.co.uk/2013/03/24/t_mobile_wi_fi_calling_bug/
Communications Sector
43.
March 21, Associated Press – (Oregon) Copper
thieves cut phone, net service in Oregon town. The theft of copper utility
cables from electrical poles left some 500 customers in Ruch without Internet
and phone services. Source: http://www.newstimes.com/news/crime/article/Copper-thieves-cut-phone-net-service-in-Ore-town-4373524.php
For
another story, see item 3 above in Top Stories
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.