Daily Report
Top Stories
• Chrysler
announced several recalls affecting 840,000 vehicles for issues including
faulty microcontroller components in head rests and improperly programmed side
airbag software. – NBC News (See item 3)
3. July 4, NBC News – (International) Chrysler recalls
840,000 vehicles, mostly in US. Chrysler announced several recalls
affecting 840,000 vehicles, mostly in the U.S., for issues including faulty
microcontroller components in head rests and improperly programmed side airbag
software. Source: http://www.nbc33tv.com/news/chrysler-recalls-840000-v
• An
accidental detonation at a fireworks show in a large community park in Simi
Valley, California, left 28 people with minor injuries July 4. – Associated
Press (See item 25)
25. July 5, Associated Press – (California) 28 injured at Calif.
fireworks show. An accidental detonation at a fireworks show in a large community
park in Simi Valley left 28 people with minor injuries July 4. A bomb squad
detonated the remainder of the fireworks as 20 people were transported to local
hospitals and 8 people were treated at the park. Source: http://www.news9.com/story/22764383/14-injured-at-calif-fireworks-show
• A
man was charged with setting nine wildfires in California that burned a total
of 670. – Associated Press (See item 28)
28. July 4, Associated Press – (California) Arson charges tie
man to 9 California wildfires. A man was charged July 3 with setting nine
fires since September 2011 that burned a total of 670 acres in Riverside and
San Bernardino counties. The Banning resident was arrested June 28 in
connection with a wildfire near Mentone. Source: http://news.msn.com/crime-justice/arson-charges-tie-man-to-9-california-wildfires
• Researchers
reported a vulnerability affecting 99 percent of Android devices that can allow
an attacker to modify APK code without breaking legitimate apps’ cryptographic
signatures. – V3.co.uk See item 38 below in the Information Technology Sector
Details
Banking and Finance Sector
5. July 4, United Press International; St. Louis
Post-Dispatch – (Missouri) Funeral insurance company owner pleads
guilty to fraud. The owner of the failed National Prearranged Services Inc.
funeral service insurance company pleaded guilty to fraud charges for diverting
$600 million in funds from policy holder reserves to personal and commercial
expenses. The owner’s son also pleaded guilty to his part in the fraud. Source:
http://www.upi.com/Top_News/US/2013/07/04/Funeral-insurance-company-owner-pleads-guilty-to-fraud/UPI-54451372950352/
6. July 3, Reuters – (National) SEC alleges insider
trading in Onyx ahead of Amgen offer. The U.S. Securities and Exchange
Commission filed a lawsuit and froze assets against traders who allegedly made
suspicious trades ahead of Onyx’s rejection of a takeover bid to make $4.6
million in illicit gains. Source: http://www.cnbc.com/id/100864058
7. July 3, U.S. Securities and Exchange Commission –
(International) SEC obtains freeze on proceeds from unlawful distribution of
Biozoom securities. The U.S. Securities and Exchange Commission (SEC)
charged eight Argentine citizens with unlawfully distributing millions of
shares of Biozoom, Inc., yielding approximately $34 million. The SEC also froze
assets in U.S. brokerage accounts belonging to the accused. Source: https://www.sec.gov/news/press/2013/2013-122.htm
Information Technology Sector
36. July 5,
Softpedia – (International) Private Exploit Pack: New browser exploit kit
advertised on hacker forums. A new browser exploit kits named Private
Exploit Pack was found being advertised on hacker forums. The exploit pack
works on Windows XP, 7, and 8, and contains exploits for Java, Internet
Explorer, PDF, and Microsoft Data Access Components. Source: http://news.softpedia.com/news/New-Browser-Exploit-Pack-Private-Advertised-on-Hacker-Forums-366008.shtml
37. July 5,
Softpedia – (International) Opera 12.16 replaces code signing certificate.
Opera Software released version 12.16 of its Opera browser containing a new
code signing certificate following a security breach where attackers were able
to obtain an older certificate. Source: http://news.softpedia.com/news/Opera-12-16-Replaces-Code-Signing-Certificate-365932.shtml
38. July 4,
V3.co.uk – (International) Android master key leaves 99 percent of
Google smartphone and tablet users open to attack. Bluebox Security
researchers reported a vulnerability in Android 1.6 and later that can allow an
attacker to modify APK code without breaking legitimate apps’ cryptographic
signatures, turning a legitimate app into a malicious one. Source: http://www.v3.co.uk/v3-uk/news/2279495/android-master-key-leaves-99-percent-of-google-smartphone-and-tablet-users-open-to-attack
39. July 4,
Softpedia – (International) Customizable mobile number harvesting service
found on underground market. Researchers at Webroot identified a mobile
number harvesting service for sale on underweb markets that allows the user to
customize the type of information they collect, which can then be utilized to
drive SMS spam campaigns. Source: http://news.softpedia.com/news/Customizable-Mobile-Number-Harvesting-Service-Found-on-Underground-Market-365696.shtml
40. July 4,
Help Net Security – (International) Trojanized Android app collects info,
comments on NSA surveillance. A trojanized version of a legitimate music
app was identified that on July 4 was triggered to display an image and run a
service criticizing National Security Agency data collection programs. The app
also attempts to send device information to a remote server upon restart.
Source: https://www.net-security.org/malware_news.php?id=2535
41. July 4,
Help Net Security – (International) Critical Cryptochat group chat bug fixed. The
developers of the Cryptochat secure chat program advised users to update to the
latest version that fixes a vulnerability in the program’s group chat function
that could allow conversations to be cracked via brute for attacks. Source: https://www.net-security.org/secworld.php?id=15182
42. July 3,
The H – (International) Apple releases security update for Mac OS X. Apple
released a security update for four versions of its OS X operating system,
closing three QuickTime flaws that could cause crashes or allow arbitrary code
execution. Source: http://www.h-online.com/security/news/item/Apple-releases-security-update-for-Mac-OS-X-1910729.html
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.