Wednesday, July 17, 2013

Daily Report

Top Stories
  A Broadrock Renewables-owned energy plant in Rhode Island was padlocked after an apparent gas line explosion caused a fire July 16. – Associated Press (See item 1)

1.               July 16, Associated Press – (Rhode Island) Johnston padlocks energy plant at landfill after explosion, fire; mayor says public in danger. A Broadrock Renewables-owned energy plant at the Central Landfill in Johnston, Rhode Island, was padlocked after an apparent gas line explosion caused a fire July 16. The company utilizes methane gas from the landfill to create energy. Source: http://www.dailyjournal.net/view/story/6675684b4c2c4ddfbbe98632da80323a/RI--Johnston-Fire/

  A security researcher reported critical vulnerabilities in several ASUS routers that can allow remote unauthorized access to critical system files. – The H See item 27 below in the Information Technology Sector

  Two security researchers found a method to compromise Verizon signal-boosting femtocell devices and use them to eavesdrop on smartphone calls, text messages, and data. – Reuters See item 32 below in the Information Technology Sector

  A fire chief from Pullman, Washington, reported that a July 14 fire at an apartment complex under construction caused significant damage and was suspicious. – KCPQ 13 Seattle

39. July 14, KCPQ 13 Seattle – (Washington) Suspicious fire ravages Pullman apartment complex. The Pullman fire chief reported that a July 14 fire at The Grove, an apartment complex under construction, was suspicious. The fire, which damaged four apartment buildings, damaged nearby cars, and exploded gas, diesel, and propane tanks, was located near functional but empty water hydrants. Source: http://q13fox.com/2013/07/14/suspicious-fire-ravages-pullman-apartment-complex/
Details

Banking and Finance Sector
5. July 15, Arkansas Business – (Arkansas) Feds seize nearly $18M from estate of former One Bank CEO. The Internal Revenue Service seized $17.85 million from the estate of the former One Bank & Trust of Little Rock CEO after alleging that the money was tied to the late executive’s money laundering and bank fraud. Source: http://www.arkansasbusiness.com/article/93554/feds-seize-nearly-18m-from-estate-of-former-one-bank-ceo-layton-stuart

Information Technology Sector
27. July 16, The H – (International) Critical vulnerabilities in numerous ASUS routers. A security researcher reported critical vulnerabilities in several ASUS routers that can allow remote unauthorized access to critical system files if the AiCloud media server is activated. Source: http://www.h-online.com/security/news/item/Critical-vulnerabilities-in-numerous-ASUS-routers-1918469.html

28. July 16, IDG News Service – (International) Malware campaign strikes Asian, European governments. Trend Micro detected a targeted malware attack against representatives of European and Asian governments that steals login credentials. The attack appears as an email attachment and exploits previously unpatched Microsoft Office vulnerabilities. Source: https://www.computerworld.com/s/article/9240809/Malware_campaign_strikes_Asian_European_governments
29. July 16, Softpedia – (International) MSI.com hacked, abused to distribute malware. The Web site of Micro-Star International (MSI) was hacked and used by attackers to redirect visitors to a domain hosting an exploit kit. Source: http://news.softpedia.com/news/MSI-com-Hacked-Abused-to-Distribute-Malware-368389.shtml

30. July 16, Threatpost – (International) Amazon 1Button browser add-on leaks data in plain text. A security researcher found that the Amazon 1Button browser extension reports all URLs visited by a user to Alexa in plain text, including encrypted HTTPS sessions. Source: https://threatpost.com/amazon-1button-browser-add-on-leaks-data-in-plain-text/101303
31. July 15, Softpedia – (International) EXPIRO file infectors used to steal information from US companies. New variants of the PE_EXPIRO malware were spotted in the wild by Trend Micro researchers, with 70 percent of infections detected in the U.S. Source: http://news.softpedia.com/news/EXPIRO-File-Infectors-Used-to-Steal-Information-from-US-Companies-368172.shtml

32. July 15, Reuters – (International) Researchers hack Verizon device, turn it into mobile spy station. Two security researchers found and demonstrated a method to compromise Verizon signal-boosting femtocell devices and use them to eavesdrop on smartphone calls, text messages, and data. Source: http://www.reuters.com/article/2013/07/15/us-verizon-hacking-idUSBRE96E06X20130715

Communications Sector

33. July 15, Computerworld – (National) Sprint outage affects customers in some parts of U.S. for several hours. Sprint experienced voice communications network outages in various regions throughout the United States for several hours July 15 after software maintenance affected switch operations and caused the outages. Source: http://www.computerworld.com/s/article/9240802/Sprint_outage_affects_customers_in_some_parts_of_U.S._for_several_hours_
 
34. July 15, Aberdeen News – (South Dakota) CenturyLink long-distance phone service unavailable in S.D. Damage to a fiber-optical cable July 15 believed to be caused by flooding in Minnesota rendered a number of CenturyLink customers unable to place or receive long-distance calls. A timeline for service repairs was unknown due to flooding damage to a railroad and gas line which were both ahead in priority for repairs. Source: http://www.aberdeennews.com/news/aan-centurylink-long-distance-phone- service-unavailable-in-sd-20130715,0,4851204.story- service-unavailable-in-sd-20130715,0,4851204.story
 
35. July 16, KMA 960 AM Shenandoah – (Iowa) Windstream outage resolved. Windstream Communications expected a July 15 phone and Internet outage in parts of Page and Taylor counties in Iowa, caused by a cut cable, to be completely resolved by July 16. Source: http://kmaland.com/00472_Windstream_outage_resolved_093450.asp

For another story, see item 32 above in the Information Technology Sector
 

Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

 

Contact Information

 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

 

Removal from Distribution List:     Send mail to support@govdelivery.com.

 

 

Contact DHS

 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

 

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

 

Department of Homeland Security Disclaimer

 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.