Friday, August 2, 2013



Daily Report

Top Stories
 · Ford Motor Co. agreed to a $17.4 million settlement with the National Highway Traffic Safety Administration for delaying the recall on 421,000 Escape vehicles that had gas pedals which could become stuck. – CNN

5. August 1, CNN – (National) Ford to pay $17.4 million fine for delaying recall. Ford Motor Co. agreed to a $17.4 million settlement with the National Highway Traffic Safety Administration for delaying the recall on 421,000 Escape vehicles that had gas pedals which could become stuck. Source: http://money.cnn.com/2013/08/01/autos/ford-nhtsa-recall-fine/

· According to the U.S. Centers for Disease Control and Prevention at least 378 people in 16 States were sickened in a noted uptick in cyclospora infections between early June and early July. – Food Safety News

14. August 1, Food Safety News – (National) Cyclospora: 378 sickened from salad mix, no source named. According to the U.S. Centers for Disease Control and Prevention at least 378 people in 16 States were sickened in a noted uptick in cyclospora infections between early June and early July. Cyclospora has sickened at least 221 people in Iowa and Nebraska, where the illnesses were found to be part of the same outbreak linked to nationally-distributed bagged salad mix. Source: http://www.foodsafetynews.com/2013/08/cyclospora-378-sickened-from-salad-mix-no-source-named/

 · The U.S. Food and Drug Administration warned diabetes patients about the recall of 62 million strips used to test blood sugar levels and made by Nova Diabetes Care after the strips were contaminated with a chemical used in the manufacturing process, which interferes with readings. – Associated Press

20. July 31, Associated Press – (International) 62 million diabetes test strips recalled. The U.S. Food and Drug Administration warned diabetes patients about the recall of 62 million strips used to test blood sugar levels and made by Nova Diabetes Care, after the strips were contaminated with a chemical used in the manufacturing process, which interferes with readings. Source: http://news.msn.com/us/62-million-diabetes-test-strips-recalled

 · Firefighters reached 25 percent containment of Washington’s Colockum Tarps Fire July 31 after it burned through 70,000 acres. – Yakima Herald-Republic (See item 23)

23. August 1, Yakima Herald-Republic – (Washington) Colockum Tarps Fire at 70,000 acres, some evacuees return. Firefighters reached 25 percent containment of Washington’s Colockum Tarps Fire July 31 after burning through 70,000 acres. Some Kittitas County residents were allowed to return home after being evacuated, but several parks and canyons remained closed. Source: http://www.yakimaherald.com/news/fires/allfires/1370837-8/some-residents-allowed-back-home-during-colockum-tarps
Details

Banking and Finance Sector
6. July 31, U.S. Attorney’s Office, Central District of California – (California) Eight linked to fraudulent mortgage brokerage in Ventura County that generated millions in sales arrested in federal case. Federal and Ventura County authorities arrested eight individuals July 31 for allegedly running a mortgage fraud scheme through New Concepts Home Loans that cost lenders more than $11 million. Source: http://www.fbi.gov/losangeles/press-releases/2013/eight-linked-to-fraudulent-mortgage-brokerage-in-ventura-county-that-generated-millions-in-sales-arrested-in-federal-case

Information Technology Sector
31. August 1, The Register – (International) Gmail, Outlook.com, and e-voting ‘pwned’ on stage in crypto-dodge attack. Researchers demonstrated a man-in-the-middle attack at the Black Hat 2013 conference which can allow unauthorized access to email by preventing logout requests. The attack could also be used against certain electronic voting systems. Source: http://www.theregister.co.uk/2013/08/01/gmail_hotmail_hijacking/

32. August 1, V3.co.uk – (International) Google Code developer site targeted by hackers. A researcher at Zscaler identified a scheme where hackers targeted the Google Code developer site in order to host malware, part of a reported trend in attacks. Source: http://www.v3.co.uk/v3-uk/news/2286303/google-code-developer-site-targeted-by-hackers

33. August 1, Help Net Security – (International) Malware attacks via malicious iPhone chargers. Researchers at the Black Hat 2013 conference built an iPhone charger that can infect devices connected to it and demonstrated how their attack bypassed Apple security features. Source: https://www.net-security.org/malware_news.php?id=2548

34. August 1, V3.co.uk – (International) Crooks using Android master key to sneak trojans onto smartphones and tablet devices. Researchers at Dr. Web identified a trojan exploiting the Android ‘master key’ vulnerability to infect devices. A similar campaign was identified in July. Source: http://www.v3.co.uk/v3-uk/news/2286263/crooks-using-android-master-key-to-sneak-trojans-onto-smartphones-and-tablets-devices

35. August 1, IDG News Service – (International) Researchers bypass home and office security systems. Researchers at Bishop Fox demonstrated at the Black Hat 2013 conference several methods to defeat and bypass common building security devices such as door and window sensors, keypad alarms, and thermal sensors. Source: https://www.computerworld.com/s/article/9241278/Researchers_bypass_home_and_office_security_systems

36. July 31, The Register – (International) Malicious JavaScript flips ad network into rentable botnet. A presentation by researchers from WhiteHat Security at the Black Hat 2013 conference demonstrated a technique to use iframes in Web advertisements to call a JavaScript file that increases requests to a Web site to perform distributed denial of service (DDoS) attacks without being easily traced. Source: http://www.theregister.co.uk/2013/07/31/whitehat_security_ad_networks_botnet/

37. July 31, Sophos – (International) ZeroAccess malware revisited – new version yet more devious. Researchers at SophosLabs found and analyzed an update to the ZeroAccess malware that adds new techniques to ensure its persistence on infected systems. Source: http://nakedsecurity.sophos.com/2013/07/31/zeroaccess-malware-revisited-new-version-yet-more-devious/

38. July 31, IDG News Service – (International) Vulnerabilities in D-Link network video recorders enable remote spying, researcher says. Researchers at Qualys found remotely exploitable vulnerabilities in two models of D-Link network video controllers that can enable access to surveillance camera feeds and other data. It was unclear whether a firmware update issued in July closed the vulnerability. Source: http://www.pcworld.com/article/2045643/vulnerabilities-in-dlink-network-video-recorders-enable-remote-spying-researcher-says.html

Communications Sector
39. July 31, Quay County Sun– (New Mexico)Wireless service restored in Quay County. Verizon Wireless reported a hardware issue was the cause of a 12 hour telephone service outage July 25 in Quay County, New Mexico. Source: http://www.qcsunonline.com/2013/07/31/wireless-service-outage-affects-quay-county-i-40/

40. July 31, KOLD 13 Tucson– (Arizona) Service restored to Comcast customers. A cut in a line in New Mexico is the cause of a July 31 four hour service outage for Comcast customers. The exact location and nature of the cut is being investigated. Source: http://www.tucsonnewsnow.com/story/22979965/service-restored-to-comcast-customers

 Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

 

Contact Information

 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

 

Removal from Distribution List:     Send mail to support@govdelivery.com.

 

 

Contact DHS

 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

 

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

 

Department of Homeland Security Disclaimer

 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.