Tuesday, May 7, 2013
Complete DHS Daily Report for May 7, 2013
Daily Report
Top Stories
• BMW announced the recall of 42,000 model
year 2002-2003 3-Series vehicles due to an airbag issue that has prompted
recalls from several other manufacturers totaling 3.4 million recalled
vehicles. – Detroit News
7.
May 6, Detroit News – (National) BMW
joins massive airbag recall. BMW announced the recall of 42,000 model year
2002-2003 3-Series vehicles due to an airbag issue that has prompted recalls
from several other manufacturers totaling 3.4 million recalled vehicles.
Source: http://www.detroitnews.com/article/20130506/AUTO0104/305060385/1148/auto01/BMW-joins-massive-airbag-recal
• An Algerian man arrested in Thailand was
extradited to the U.S. to face charges for allegedly operating botnets composed
of machines infected with the SpyEye banking trojan and hijacking accounts at
more than 200 banks and financial services institutions. – Wired See item 9 below in the Banking and Finance Sector
• Authorities offered an award for individuals
involved in the April theft of 559 pounds of explosives that were stolen from a
U.S. Forest Service storage bunker near Red Lodge, Montana. – Billings
Gazette
30.
May 4, Billings Gazette – (Montana) $5,000
reward: Explosives stolen from Forest Service. Authorities are still
searching for individuals involved in the April theft of 559 pounds of
explosives that were stolen from a U.S. Forest Service storage bunker near Red
Lodge. The federal Bureau of Alcohol, Tobacco, Firearms and Explosives is
offering a $5,000 reward for information leading up to the arrest of those
responsible. Source: http://elkodaily.com/news/reward-explosives-stolen-from-forest-service/article_d1193c2c-b446-11e2-9fd5-0019bb2963f4.html
• An
attack on the U.S. Department of Labor’s Web site the week of April 30 utilized
a previously unknown exploit for the Internet Explorer (IE) 8 browser, and was
found to also have been used in other watering hole attacks on aerospace,
defense, and non-profit organization Web sites. – Help Net Security
See item 36 below in the Information Technology Sector
Details
Banking and Finance Sector
9. May 3,
Wired.com – (International) Alleged ‘SpyEye’ botmaster ends up in
America, handcuffs. An Algerian man arrested in Thailand was extradited to
the U.S. to face charges for allegedly operating botnets composed of machines
infected with the SpyEye banking trojan and hijacking accounts at more than 200
banks and financial services institutions. Source: http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/
10. May 2,
Reuters – (National) US SEC warns investors of oil and gas scams. The
U.S. Securities and Exchange Commission issued a warning to investors over the
increasing number of fraud schemes involving oil and gas ventures. Source: http://www.energytribune.com/76458/us-sec-warns-investors-of-oil-and-gas-scams#sthash.abGhzfJI.dpbs
Information Technology Sector
36. May 6,
Help Net Security – (International) IE8 0-day used in watering hole attacks. An
attack on the U.S. Department of Labor’s Web site the week of April 30 utilized
a previously unknown exploit for the Internet Explorer (IE) 8 browser, and was
found to also have been used in other watering hole attacks on aerospace,
defense, and non-profit organization Web sites. Source: http://www.net-security.org/secworld.php?id=14867
37. May 6, Softpedia – (International) Experts
identify 9 full sandbox bypass exploits affecting IBM Java. Researchers at
Security Explorations discovered five new and four improperly addressed
exploits for IBM’s Java sandbox, allowing a complete bypass of the sandbox.
Source: http://news.softpedia.com/news/Experts-Identify-9-Full-Sandbox-Bypass-Issues-Affecting-IBM-Java-351038.shtml
38. May 6, Softpedia – (International) Critical
security updates released for IP.Board 3.2.x, 3.3.x and 3.4.x. Invision
Power Services released updates for three IP.Board versions and advised users
to apply the patches to close a critical security vulnerability that could
allow unauthorized access to administrator accounts. Source: http://news.softpedia.com/news/Critical-Security-Updates-Released-for-IP-Board-3-2-x-3-3-x-and-3-4-x-351041.shtml
For another story, see item 9 above in the Banking and Finance Sector
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.