Wednesday, August 7, 2013
Complete DHS Daily Report for August 7, 2013
Daily Report
Top Stories
• Authorities arrested two individuals and
charged them in connection with stealing lead-acid batteries from 16 separate
South Carolina utility transmission units between May 4 and July 25. – WBTW
13 Florence
2.
August 5, WBTW 13 Florence – (South
Carolina) Florence pair charged with stealing batteries from 16 substations.
Authorities arrested two individuals and charged them in connection with
stealing lead-acid batteries from 16 separate South Carolina utility
transmission units between May 4 and July 25. Officials are continuing to
investigate and believe additional arrests are likely. Source: http://www.wbtw.com/story/23048109/pair-charged-with-stealing-metal-from-electrical-substations-in-florence-county
• An increase of 44 cases in Texas over the
weekend of August 3 brought the number of confirmed illnesses from recent
Cyclospora outbreaks to 469. – Food Safety News
16.
August 5, Food Safety News –
(National) New Texas illnesses bring Cyclospora count to 469. According
to the Texas Department of State Health Services an increase of 44 cases in
Texas over the weekend of August 3 brought the number of confirmed illnesses
from recent Cyclospora outbreaks to 469. Source: http://www.foodsafetynews.com/2013/08/new-texas-illnesses-bring-cyclospora-case-count-to-469/
• A gunman was shot and arrested after he shot
through a wall into a monthly meeting of Ross Township in Pennsylvania, killing
3 people and injuring 2 others August 5. – Associated Press
25.
August 6, Associated Press – (Pennsylvania)
3 shot dead at Pa. township meeting. A disgruntled gunman was shot and
arrested after he shot through a wall into a monthly meeting of Ross Township
in Pennsylvania, killing 3 people and injuring 2 others August 5. Two people
subdued the gunman after he went his car to get another weapon to continue
firing. Source: http://news.msn.com/crime-justice/3-shot-dead-at-pa-township-meeting
• A gang fight inside a restaurant in Salinas,
California, August 5 spilled outside where a man began shooting, killing 3
people and injuring 4 others. – Associated Press
41.
August 5, Associated Press –
(California) Man, 21, arrested in California taco shop shooting that leaves
3 dead, 4 others injured. A gang fight inside a Taco’s Choice restaurant in
Salinas August 5 spilled outside the restaurant where a man began shooting,
killing three people and injuring four others. The suspected shooter was
arrested August 5. Source: http://www.therepublic.com/view/story/27c65aba330d401ebf58d59f2749972c/CA--Taco-Restaurant-Shootings
Details
Banking and Finance Sector
5. August 6, The Register – (International) Revealed:
Cyberthug tool that BREAKS HSBC’s anti-Trojan tech. Group-IB spotted an
exploit that bypasses part of Trusteer’s Rapport anti-trojan system on underweb
forums. Trusteer stated that the vulnerability only affects one layer of
security and that a patch is being distributed to users. Source: http://www.theregister.co.uk/2013/08/06/trusteer_pushes_updates_after_cybercrook_brew_up_browser_lockdown_exploit/
6. August 5, Fort Lauderdale Sun Sentinel –
(Florida) Boca mortgage broker pleads guilty to fraud. A Boca Raton
mortgage broker pleaded guilty to conspiracy after he diverted loan payments he
agreed to service for Fannie Mae and Freddie Mac through his company, Coastal
States Mortgage Corporation, defrauding the lenders of more than $28 million.
Source: http://www.sun-sentinel.com/fl-mortgage-broker-guilty-20130805,0,4001167.story
Information Technology Sector
32. August
6, Softpedia – (International) Experts identify OAuth bypass vulnerability
in Microsoft’s social network Yammer. A Vulnerability Lab researcher
identified an OAuth bypass vulnerability in Microsoft’s enterprise social
network Yammer that could be used to hijack user accounts. The vulnerability
was reported to Microsoft and patched July 2013. Source: http://news.softpedia.com/news/Experts-Identify-OAuth-Bypass-Vulnerability-in-Microsoft-s-Social-Network-Yammer-Video-373394.shtml
33. August
6, The Register – (International) Windows Phones BLAB passwords to hackers,
thanks to weak crypto. Microsoft warned users to take precautions after it
was found that the encryption Windows Phones use to transmit domain credentials
is cryptographically weak, allowing rogue hotspots to intercept and decrypt the
information. Microsoft advised IT departments to distribute a special root
certificate that allows the phones to confirm that they are connecting to a
genuine access point before transmission. Source: http://www.theregister.co.uk/2013/08/06/microsoft_win_phone_wifi_vuln/
34. August
6, Softpedia – (International) OpenX.org hacked, backdoor injected into
download files. Download files hosted on OpenX.org were found to be
infected with a backdoor that could allow attackers to inject and execute
arbitrary code on affected servers. OpenX representatives reported that they
have removed the compromised files. Source: http://news.softpedia.com/news/OpenX-org-Hacked-Backdoor-Injected-into-Download-Files-373580.shtml
35. August
6, V3.co.uk – (International) Criminals hosting child pornography on 227
business websites. Researchers at the Internet Watch Foundation found that
227 small and medium-sized businesses’ Web sites were hijacked to store child
pornography, possibly the first step in a ransomware or blackmail campaign.
Source: http://www.v3.co.uk/v3-uk/news/2287093/criminals-hosting-child-pornography-on-227-business-websites
36. August
6, Softpedia – (International) DNS servers of 3 Dutch hosting firms
hijacked, thousands of sites serve malware. Researchers at Fox-IT found
that three Dutch Web hosts were compromised, with the servers of Digitalus and
Virtual Dynamix configured to serve malware. Source: http://news.softpedia.com/news/DNS-Servers-of-3-Dutch-Hosting-Firms-Hijacked-Thousands-of-Sites-Serve-Malware-373308.shtml
37. August
5, IDG News Service – (International) Botnet-powered distributed file storage
system uses JavaScript. A researcher from FusionX presenting at the DEF CON
21 conference demonstrated a botnet-like system called HiveMind which uses a
piece of JavaScript code loaded into users’ browsers to build a distributed
file storage system. Source: https://www.computerworld.com/s/article/9241364/Botnet_powered_distributed_file_storage_system_uses_JavaScript
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.