Have a safe and pleasant celebration on New Year’s Eve
Monday, December 31, 2012
Daily Report
Top Stories
• A Norfolk Southern tanker carrying 33,000
gallons of propane derailed in Bridgeville December 26, prompting authorities
to evacuate nearby homes and residences and close nearby roads as a precaution.
– Sussex County Post
2.
December 27, Sussex County Post –
(Delaware) Emergency ends with propane tanker removal. A Norfolk
Southern tanker carrying 33,000 gallons of propane derailed in Bridgeville
December 26, prompting authorities to evacuate nearby homes and residences and
close nearby roads as a precaution. Source: http://delaware.newszap.com/southerndelaware/118755-70/emrgency-ends-with-propane-tanker-removal
• Two people were injured at a hazardous waste
treatment and storage facility in Cincinnati when a flash fire caused by
shredding an industrial filter containing sodium chlorate sparked an explosion.
– WCPO 5 Cincinnati
3.
December 28, WCPO 5 Cincinnati –
(Ohio) 2 injured in chemical explosion at Cincinnati industrial waste
facility. Two people were injured at a hazardous waste treatment and
storage facility in Cincinnati when a flash fire caused by shredding an
industrial filter containing sodium chlorate sparked an explosion. Source: http://www.newsnet5.com/dpp/news/state/2-injured-in-chemical-explosion-at-cincinnati-industrial-waste-facility
• Around 36,000 individuals who worked at or
gained access to Army commands stationed at the former Fort Monmouth in New
Jersey had their personal information compromised by computer hackers, the Army
confirmed. – Asbury Park Press
17.
December 28, Asbury Park Press – (New
Jersey; National) Hackers take data of Monmouth workers, visitors. Around
36,000 individuals who worked at or gained access to Army commands stationed at
the former Fort Monmouth in New Jersey had their personal information
compromised by computer hackers, the Army confirmed. The breach discovered
December 6 included Social Security numbers, salaries, home addresses, and
places of birth along with dates. Source: http://www.militarytimes.com/news/2012/12/gannett-army-monmouth-hackers-gain-data-employees-visitors-122812/
• Three officers were shot by a man in custody
before he was shot and killed by police in a New Jersey police station December
28. – Associated Press
19.
December 28, Associated Press – (New
Jersey) 3 officers hurt in shooting at NJ police station. Three officers
were shot by a man in custody before he was shot and killed by police in a New
Jersey police station December 28. Source: http://www.charlotteobserver.com/2012/12/28/3750787/3-officers-hurt-in-shooting-at.html
Details
Banking and Finance Sector
5. December 28, BankInfoSecurity – (National) Wholesaler’s
POS network hacked again. Wholesale restaurant supplier Restaurant Depot
notified officials in several States after a point of sale (POS) breach exposed
an unknown number of customers’ debit and credit card numbers. Source: http://www.bankinfosecurity.com/wholesalers-pos-network-hacked-again-a-5392
6. December 27, BankInfoSecurity – (International)
DDoS: Citi takes post-holiday hit. Citigroup reported Web site
interruptions December 26 after a hacktivist group announced a third week of
distributed denial of service (DDoS) attacks. Source: http://www.bankinfosecurity.com/ddos-citi-takes-post-holiday-hit-a-5384
Information Technology Sector
21. December
28, Softpedia – (International) Flaw in Facebook allowed attackers to record
video of user and post it on the timeline. Researchers from XYSEC Labs
identified a cross site request forgery (CSRF) vulnerability in Facebook that
could allow an attacker to record video from the victim’s webcam or other
source and then post it to the victim’s timeline. Source: http://news.softpedia.com/news/Flaw-in-Facebook-Allowed-Attackers-to-Record-Video-of-User-and-Post-It-on-the-Timeline-Video-317462.shtml
22. December
28, Softpedia – (International) New Android trojan capable of launching DDoS
attacks, sending SMSs. Researchers from Doctor Web identified a new Android
trojan dubbed “Android.DDoS.1.origin” that can execute malicious tasks such as
using the infected device for distributed denial of service (DDoS) attacks and
sending out SMS messages. Source: http://news.softpedia.com/news/New-Android-Trojan-Capable-of-Launching-DDOS-Attacks-Sending-SMSs-317524.shtml
23. December
28, Softpedia – (International) Security update released for IP.Board 3.4,
3.3, 3.2, and 3.1 to address critical issue. A security update was released
by Invision Power Services (IPS) for versions 3.4, 3.3, 3.2, and 3.1 of the
software after a critical security vulnerability was identified. IPS
recommended that users apply the update immediately. Source: http://news.softpedia.com/news/Security-Update-Released-for-IP-Board-3-4-3-3-3-2-and-3-1-to-Address-Critical-Issue-317539.shtml
24. December
28, Softpedia – (International) XSS and cookie handling vulnerabilities
identified on HTC website. A researcher uncovered three cross-site
scripting (XSS) vulnerabilities as well as a cookie handling flaw on HTC’s Web
site, which was addressed by the company after they were notified. Source: http://news.softpedia.com/news/XSS-and-Cookie-Handling-Vulnerabilities-Identified-on-HTC-Website-317621.shtml
25. December
28, Softpedia – (International) Cybercriminals are using digitally signed QQ
component as an infection catalyst. FireEye researchers found in an attack
analysis that cybercriminals used the QQLive.exe file as a means to load a
malicious .dll file since the legitimate QQ messenger service installer is
signed with a certificate from Tencent Technology. Source: http://news.softpedia.com/news/Cybercriminals-Are-Using-Digitally-Signed-QQ-Component-as-an-Infection-Catalyst-317646.shtml
26. December
27, Threatpost – (International) WordPress W3 Total Cache misconfiguration
leaves some blogs vulnerable. A vulnerability was found in the W3 Total
Cache plugin for WordPress which could allow anyone to browse and download the
database cache keys and extract sensitive information from them, including
passwords, if a directory listing is left enabled. Source: http://threatpost.com/en_us/blogs/misconfiguration-flaw-wordpress-leaves-some-blogs-vulnerable-122712
Communications Sector
27.
December 28, Ft. Lauderdale Sun-Sentinel –
(Florida) Keyless car entry blocked by pirate radio station broadcasted from
Hollywood bank roof. For several months, numerous individuals were unable
to access their keyless car entry systems when their cars were parked near the
Hollywood, Florida police station, due to an illegal pirate radio station being
broadcast from the rooftop of a Hollywood bank that was blocking signals.
Authorities found and confiscated the equipment but are still searching for the
person who set up the illegal station. Source: http://www.huffingtonpost.com/2012/12/27/keyless-entry-blocked_n_2372306.html
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.