Friday, October 31, 2014



Complete DHS Report for October 31, 2014

Daily Report

Top Stories

 · Superior Crude Gathering Inc., agreed October 29 to pay $1.6 million in penalties to settle alleged violations of the Clean Water Act stemming from a 92,400 gallon crude oil spill from tanks at the company’s oil storage facility in Ingleside, Texas, into an unnamed lake and wetlands in 2010. – U.S. Environmental Protection Agency

1. October 29, U.S. Environmental Protection Agency – (Texas) Texas company to pay $1.6M for oil spill violations. The U.S. Environmental Protection Agency and the U.S. Department of Justice reached a settlement with Texas-based Superior Crude Gathering Inc., (Superior Crude) October 29 for alleged violations of the Clean Water Act stemming from a 92,400 gallon crude oil spill from tanks at the company’s oil storage facility in Ingleside into an unnamed lake and wetlands in 2010. Superior Crude will pay a $1.6 million civil penalty. Source: http://yosemite.epa.gov/OPA/ADMPRESS.NSF/d0cf6618525a9efb85257359003fb69d/0bcc7b168f89d77f85257d8000674455

 · Developers warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised and advised admins to restore their sites. – The Register See item 24 below in the Information Technology Sector

 · The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning about an ongoing attack campaign targeting human machine interface (HMI) products used in industrial control systems. – Securityweek See item 28 below in the Information Technology Sector

 · The Chickamauga Lock was shut down and traffic on the Tennessee River stalled near Chattanooga, Tennessee, after the U.S. Army Corps of Engineers discovered an upper gate anchorage issue during a routine inspection October 27. – WBIR 10 Knoxville

35. October 28, WBIR 10 Knoxville – (Tennessee) Chickamauga Lock closed for repairs. The Chickamauga Lock was shut down and traffic on the Tennessee River stalled near Chattanooga after the U.S. Army Corps of Engineers discovered an upper gate anchorage issue during a routine inspection October 27 that requires immediate repair. The closure is expected to last approximately 3 weeks. Source: http://www.wbir.com/story/news/local/2014/10/28/chickaumaga-lock-closed-for-repairs/18064139/

Financial Services Sector

3. October 29, Reuters – (Illinois; Indiana) Twenty-nine charged in Chicago with ‘cracking cards’ bank fraud scheme. Prosecutors filed federal and State charges against 29 people in the Chicago area and in Hammond, Illinois, for allegedly running a bank fraud scheme that recruited individuals to hand over debit cards and then cash fraudulent checks to the accounts, causing bank losses of more than $1.7 million. Source: https://news.yahoo.com/twenty-nine-charged-chicago-cracking-cards-bank-fraud-181808332.html

4. October 29, IDG News Service – (International) Cybercriminals create platform for automating rogue credit card charges. Researchers with IntelCrawler reported that a Web-based application known as Voxis Platform that automates purchases from stolen payment card data has been sold on underweb markets since August. The application purports to use 32 different payment gateways and other methods to mimic normal card use and avoid detection. Source: http://www.networkworld.com/article/2840753/cybercriminals-create-platform-for-automating-rogue-credit-card-charges.html

For another story, see item 33 below from the Commercial Facilities Sector

33. October 30, Softpedia – (International) Mobile payment app contender CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

Information Technology Sector

24. October 30, The Register – (International) Drupalocalypse! Devs say it’s best to assume your CMS is owned. The developers of the Drupal content management system (CMS) warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised due to the simplicity of the vulnerability and how quickly it was leveraged by attackers. The developers advised affected admins to restore their sites from backup since applying the patch would only close the vulnerability to future use, not remove any malware already in place. Source: http://www.theregister.co.uk/2014/10/30/drupal_sites_considered_hosed_if_sqli_hole_unclosed/

25. October 30, Threatpost – (International) Popular Science website infected, serving malware. Researchers from Websense Security Lab discovered and reported that the Web site of Popular Science magazine was compromised and injected with a malicious iFrame that redirects users to a site hosting the RIG Exploit Kit. Source: http://threatpost.com/popular-science-website-infected-serving-malware/109089

26. October 30, Securityweek – (International) “AirHopper” malware uses radio signals to steal data from isolated computers. Researchers at the Ben Gurion University created a proof-of-concept malware dubbed AirHopper that was used to demonstrate a data exfiltration attack against air gapped systems using radio signals produced by the target system’s graphics card. The attack requires adding the malware to the target system and installing malicious code onto a nearby mobile device in order to set up the channel for transmitting the data sent from the target system. Source: http://www.securityweek.com/airhopper-malware-uses-radio-signals-steal-data-isolated-computers

27. October 29, Softpedia – (International) Gmail drafts used to exfiltrate data and send malicious instructions. Shape Security researchers identified and reported a new variant of the IcoScript remote access trojan (RAT) that uses draft Gmail email messages to communicate with its operator and receive instructions in order to avoid detection. The researchers stated that the malware strain appears limited to use in targeted attacks. Source: http://news.softpedia.com/news/Gmail-Drafts-Used-to-Exfiltrate-Data-and-Send-Malicious-Instructions-463495.shtml

28. October 29, Securityweek – (International) ICS-CERT warns of ongoing attack campaign targeting industrial control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning about an ongoing attack campaign targeting human machine interface (HMI) products used in industrial control systems including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC products. The campaign uses a variant of the BlackEnergy malware and shares the same command and control infrastructure as the Sandworm campaign team. Source: http://www.securityweek.com/ics-cert-warns-ongoing-attack-campaign-targeting-industrial-control-systems

29. October 29, Securityweek – (International) Microsoft releases Fix It tool to disable SSL 3.0 in IE to muzzle Poodle attack. Microsoft released a Fix It tool that allows users to disable SSL 3.0 in all supported versions of Internet Explorer, closing the vulnerability used in the POODLE attack. The company also announced that it will disable SSL 3.0 and fallback to SSL 3.0 by default in its products in the months ahead. Source: http://www.securityweek.com/microsoft-releases-fix-it-tool-disable-ssl-30-ie-muzzle-poodle-attack

For another story, see item 33 below from the Commercial Facilities Sector

33. October 30, Softpedia – (International) Mobile payment app contender CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a mobile payment app currently hosted in a trial phase, of an intrusion that revealed the email addresses of those with accounts for the testing program. The company reported that it is investigating and believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml

Communications Sector

30. October 29, Detroit News – (Michigan) Auburn Hill man charged in cut to land line wire. An Auburn Hills man was indicted October 28 on charges related to cutting a fiber optic wire belonging to AT&T and Comcast and disrupting phone service to as many as 600 residents, preventing them from calling emergency services. Source: http://www.detroitnews.com/story/news/local/oakland-county/2014/10/29/auburn-hill-man-charged-cut-land-line-wire/18104543/

No comments: