Friday, August 9, 2013
Complete DHS Daily Report for August 9, 2013
• A New York man pleaded guilty to his role in a $200 million international credit card fraud operation involving at least 22 individuals in three States. – Newark Star-Ledger See item 6 below in the Banking and Finance Sector
• Power feed failures August 7 caused an outage at the Bissell Point Wastewater Treatment Plant in north St. Louis and led to 3.5 million gallons of untreated wastewater discharging into the Mississippi River. – KMOW 4 St. Louis
25. August 7, KMOW 4 St. Louis – (Missouri) Gallons of sewage flows into Mississippi River after plant power outage. Power feed failures August 7 caused an outage at the Bissell Point Wastewater Treatment Plant in north St. Louis and led to 3.5 million gallons of untreated wastewater discharging into the Mississippi River. Source: http://www.kmov.com/news/local/Power-Outage-Causes-Discharge-Into-Mississippi-River---218775511.html
• Evacuations were ordered for several communities after a wildfire broke out August 7 in the mountains near Banning, California, and burned over 6,000 acres. – Associated Press
26. August 8, Associated Press – (California) 3 hurt in S. California wildfire; some can’t evacuate. Evacuations were ordered for several communities after a wildfire broke out August 7 in the mountains near Banning and burned over 6,000 acres. Three people were injured and about a dozen structures were damaged or destroyed. Source: http://news.msn.com/us/3-hurt-in-s-california-wildfire-some-cant-evacuate
• Cisco issued an advisory after a serious vulnerability in its TelePresence system caused by default credentials in the system that could be used by an attacker to gain complete control of the Web server on which the system is running. – Threatpost See item 36 below in the Information Technology Sector
Banking and Finance Sector
5. August 8, The Register – (International) ‘Hand of Thief’ banking trojan reaches for Linux – for only $2K. A banking trojan called “Hand of Thief” targeting Linux users was found for sale for $2,000 in underweb forums, according to a researchers from RSA. The trojan includes form-grabbers for several browsers, routines to block access to security updates and measures, and virtual machine detection to avoid analysis Source: http://www.theregister.co.uk/2013/08/08/linux_banking_trojan/
6. August 7, Newark Star-Ledger – (International) More defendants plead guilty in massive, $200M credit card fraud. A New York man pleaded guilty to his role in a $200 million credit card fraud operation involving at least 22 individuals. Defendants charged thus far include individuals in New York, New Jersey, and Pennsylvania, and are accused of wiring millions of dollars to Pakistan, India, China, and the United Arab Emirates. Source: http://www.nj.com/news/index.ssf/2013/08/four_more_defendants_plead_guilty_in.html
7. August 7, Tampa Tribune – (Florida; New York) Sarasota sheriff: New York pair jailed in credit card fraud scheme. Two individuals from New York were arrested in Sarasota County, Florida, and accused of using fraudulent credit cards to make purchases. Police found them in possession of more than 50 credit cards, around $3,000 of gift cards, a card cloning machine, and a thumb drive with stolen card information on it. Source: http://tbo.com/news/crime/sarasota-sheriff-new-york-pair-jailed-in-credit-card-fraud-scheme-20130807/
8. August 7, Panama City News Herald – (Florida) Coastal Community Bank officials charged with fraud by feds. Three executives at the failed Coastal Community Investments holding company were charged with defrauding the Federal Deposit Insurance Corporation (FDIC) of $4 million after the company took out a $3 million dollar loan, then used fraudulent information to take out a second loan through an FDIC program to pay the first but also failed to repay the second loan. Source: http://www.newsherald.com/news/crime-public-safety/coastal-community-bank-officials-charged-with-fraud-by-feds-1.183250?page=0
Information Technology Sector
35. August 8, The Register – (International) HP plugs password-leaking printer flaw. HP released patches for several models of LaserJet Pro printers that closes a vulnerability caused by hardcoded URLs in the printers’ firmware which could allow an attacker to extract plaintext user passwords. Source: http://www.theregister.co.uk/2013/08/08/hp_plug_password_leaking_printer_vuln/
36. August 8, Help Net Security – (International) Chrome not the only browser that stores plain-text passwords. Google responded to a software developer’s post that discussed how the Chrome browser displays saved passwords by stating that if an attacker compromises a user’s operating system account then there would be insufficient means to prevent them from accessing passwords. Several security researchers debated whether the saved passwords systems represent a security threat, while one noted that Firefox also stores passwords in a similar manner. Source: https://www.net-security.org/secworld.php?id=15376
37. August 7, Threatpost – (International) Remotely exploitable bug affects wide range of Cisco telepresence systems. Cisco issued an advisory after a serious vulnerability in its TelePresence system caused by default credentials in the system that could be used by an attacker to gain complete control of the Web server on which the system is running. Workarounds were listed for use until a patch can be issued. Source: https://threatpost.com/remotely-exploitable-bug-affects-wide-range-of-cisco-telepresence-systems/101910
38. August 7, Softpedia – (International) Malware developers migrate ZeuS P2P protocol to new port range. Researchers at Damballa found that the developers of the GameOver peer-to-peer (P2P) version of the ZeuS malware have begun migrating the P2P protocol to a new port range. Source: http://news.softpedia.com/news/Malware-Developers-Migrate-ZeuS-P2P-Protocol-to-New-Port-Range-373868.shtml
39. August 7, The Register – (International) Malicious snoopware targeting India found at tiny Midwest ISP. ThreatConnect researchers traced a malware-based cyberespionage campaign targeting India to a small internet service provider (ISP) in Kansas City, Missouri. The researchers found booby-trapped .PDF files and Flash video files used in the campaign, as well as a .ZIP file of malware on the ISP’s systems. Source: http://www.theregister.co.uk/2013/08/07/india_cyberespionage/
40. August 7, Softpedia – (International) Reveton malware uses fake AV to help crooks make a profit. ThreatTrack Security researchers identified a variant of the Reveton ransomware that uses a fake antivirus program called Live Security Professional to lure users into pay the cybercriminals behind it. The ransomware is distributed using the Sweet Orange exploit kit. Source: http://news.softpedia.com/news/Reveton-Malware-Uses-Fake-AV-to-Help-Crooks-Make-a-Profit-373736.shtml
For another story, see item 5 above in the Banking and Finance Sector
41. August 7, Palm Beach Post – (Florida) Comcast resolves loss of service, power outage blamed. Comcast customers throughout several Florida counties reported high definition channel outages since August 4 while Comcast reported service had been restored to customers after an August 6 power outage caused some to lose cable service for 5 hours. Source: http://www.palmbeachpost.com/news/business/comcast-outage-resolved-being-blamed-on-power-even/nZHBn/
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.