Friday, May 3, 2013
Complete DHS Daily Report for May 3, 2013
• A stress test conducted on a Chevron pipeline that runs through Willard Bay State Park in Utah resulted in a failure. Operations were idled as authorities continue to investigate the pipeline that previously spilled fuel into the park and wetlands. – Salt Lake City Deseret News
1. May 1, Salt Lake City Deseret News – (Utah) Pipeline at Willard Bay fails pressurization test. A stress test conducted April 29 on Chevron’s pipeline that runs adjacent to Interstate 15 at Willard Bay State Park resulted in a failure between Bear River and Ogden. Operations were idled as authorities continue to investigate Chevron and the 760-mile pipeline that previously spilled fuel into the park and wetlands. Source: http://www.deseretnews.com/article/865579293/Pipeline-at-Willard-Bay-fails-pressurization-test.html
• A May 1 snow storm caused major highway travel disruptions and electricity outages throughout Colorado. – KCNC 4 Denver
12. May 1, KCNC 4 Denver – (Colorado; Wyoming) May Day storm causes major power outages, multiple accidents. A snow storm caused major travel disruptions on highways throughout Colorado, including Interstate 70, which had certain sections closed due to multiple accidents. The storm also caused power outages which affected close to 50,000 customers at different times. Source: http://denver.cbslocal.com/2013/05/01/may-day-storm-causes-major-power-outages-multiple-accidents/
• Police arrested a married couple in connection with the theft of a fuel tanker and 3,600 gallons of gas from the National Guard Armory in Colleton County, South Carolina. – WCSC 5 Charleston
21. May 2, WCSC 5 Charleston – (South Carolina) Couple accused of stealing fuel tanker, 3k gallons of gas from armory. Police have arrested a married couple in connection with the theft of a fuel tanker and 3,600 gallons of gas from the National Guard Armory in Colleton County. Authorities linked the two to the theft following a search of 2 homes after investigators determined they stole the military fuel tanker and returned it to the armory without its fuel. Source: http://www.live5news.com/story/22134468/duo-accused-of-stealing-3k-gallsons-of-fuel-from-national-guard-armory
• Unauthorized access to the National Inventory of Dams (NID) was given to a user in January, before being revoked, the U.S. Army Corps of Engineers said in a statement. – CSO Online
38. May 1, CSO Online – (International) Army Corps database on dams compromised. Unauthorized access to the National Inventory of Dams (NID) was given to a user in January, before being revoked, the U.S. Army Corps of Engineers said in a statement. The NID contains information on more than 8,000 U.S. dams. Source: http://www.networkworld.com/news/2013/050113-army-corps-database-on-dams-269330.html
Banking and Finance Sector
8. May 1, WITN 7 Washington – (North Carolina) Man convicted in insurance fraud scheme. The second of four individuals charged with running a $5.3 million insurance fraud scheme in Lenoir County was convicted May 1. Source: http://www.witn.com/news/crime/headlines/Man-Convicted-In-Insurance-Fraud-Scheme-205590881.html
Information Technology Sector
31. May 2, The H – (International) Security holes in McAfee’s ePolicy Orchestrator. A McAfee security advisory warned that earlier versions of the company’s ePolicy Orchestrator are vulnerable to remote code execution and file path traversal. Source: http://www.h-online.com/security/news/item/Security-holes-in-McAfee-s-ePolicy-Orchestrator-1854555.html
32. May 2, IDG News Service – (International) D-Link publishes beta patches for IP camera flaws. D-Link published beta patches to address vulnerabilities in its IP surveillance cameras that could allow attackers to intercept video streams. Final versions of the patches will be available within a month. Source: http://www.computerworld.com/s/article/9238846/D_Link_publishes_beta_patches_for_IP_camera_flaws
33. May 1, Softpedia – (International) Avatar rootkit uses Yahoo Groups for C&C communications. Researchers at ESET posted an analysis of the Avatar rootkit. Among its features, it is able to communicate with command and control (C&C) servers using Yahoo Groups if other channels are not working. Source: http://news.softpedia.com/news/Avatar-Rootkit-Uses-Yahoo-Groups-for-C-C-Communications-350145.shtml
34. May 1, Computerworld – (International) Printers, routers used as bots in DDoS attacks. A report from Prolexic warned that various Internet-connected devices such as printers and IP cameras are being used in distributed denial of service (DDoS) attacks. Source: http://www.computerworld.com/s/article/9238833/Printers_routers_used_as_bots_in_DDoS_attacks
35. May 1, Softpedia – (International) Bitdefender experts identify new TDL malware variants. Researchers at Bitdefender found new variants of the often-undetected TDL malware designed to infect computers’ master boot records. Source: http://news.softpedia.com/news/Bitdefender-Experts-Identify-New-TDL-Malware-Variants-350177.shtml
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.