Friday, October 5, 2012
Daily Report
Top Stories
• A blown fuse and a vehicle crash cut power
to the heart of Corvallis, Oregon, for most of October 3, shutting down many
schools and businesses, and creating big traffic problems. – Corvallis
Gazette-Times
3.
October 3, Corvallis Gazette-Times –
(Oregon) Power outage affects heart of city most of workday. A blown
fuse and a vehicle crash cut power to the heart of CorvalOregon, for most of
October 3, and affected schools, businesses, and traffic. Among most impacted
were businesses along Corvallis’ commercial district on Ninth Street,six
schools, and Oregon State University, about 11,500 Pacific Power customers in
aThe larger of two outages affected 10,864 customers in the core of the city
and to thsouth and west, a Pacific Power spokesperson reported. Power was fully
restored to customers after several hours. A separate power outage, affecting
780 residences in north Corvallis, was caused by a vehicle hitting a power
pole. Workers restored powto those customers a few hours later. About 20
buildings at Oregon State University were left without power. Source: http://www.gazettetimes.com/news/local/power-outage-affects-heart-of-cityfor-most-of-workday/article_eb833e58-0d8b-11e2-acfc-001a4bcf887a.html
• Health officials have traced an outbreak of
rare fungal meningitis that has sickened dozens and killed 4 people to a
Framingham, Massachusetts specialty pharmacy that distributes a steroid
injection commonly used to treat back pain. – NBC News
33.
October 4, NBC News – (National) Fungal
meningitis death toll may rise. Health officials have traced an outbreak of
rare fungal meningitis to a Framingham, Massachusetts specialty pharmacy that distributes
a steroid injection commonly used to treat back pain, NBC News reported October
4. The pharmacy, which shipped 2,000 vials of the possibly contaminated steroid
to one center in Tennessee alone, said it has recalled all of the product and
is cooperating with federal officials, said the Associated Press. Doctors
leading the investigation said they expect to find more cases, and if the
pharmacy shipped product to many States, it is possible many more people across
the country will become ill with the hard-to-treat infection. So far, 26 people
have been diagnosed with fungal meningitis in 5 States and 4 of them have died.
The Massachusetts health department said it was working with federal officials
and said the New England Compounding Center had surrendered its license to
operate. Source: http://vitals.nbcnews.com/_news/2012/10/04/14219550-fungal-meningitis-death-toll-may-rise?lite
• More than 3 weeks after attacks in Benghazi
killed the U.S. ambassador to Libya and three other Americans, sensitive
documents remained only loosely secured in the wreckage of the U.S. mission. – Washington
Post
38. October
3, Washington Post – (International) Sensitive documents left behind at U.S.
diplomatic post in Libya. More than 3 weeks after attacks in Benghazi
killed the U.S. ambassador to Libya and three other Americans, sensitive
documents remained only loosely secured in the wreckage of the U.S. mission,
offering visitors easy access to delicate information about American operations
in Libya, the Washington Post reported October 3. Sensitive documents were
among the items scattered across the floors of the looted compound when a
Washington Post reporter and an interpreter visited October 3. No
government-provided security forces are guarding the compound, and Libyan
investigators have visited just once, according to a member of the family who
owns the compound and who allowed the journalists to enter October 3. ―Securing
the site has obviously been a challenge,‖ a deputy spokesman at the State
Department said in response to questions about conditions at the Benghazi
compound. ―We had to evacuate all U.S. government personnel the night of the
attack. After the attack, we requested help securing the site, and we continue
to work with the Libyan government on this front.‖ Source: http://www.washingtonpost.com/world/middle_east/sensitive-documents-left-behind-at-american-mission-in-libya/2012/10/03/11911498-0d7e-11e2-bd1a-b868e65d57eb_story.html
• State dams’ officials said a lack of
resources and manpower has prevented timely upgrades to thousands of
high-hazard structures in urgent need of repairs. – Pew Center on the States
57.
October 4, Pew Center on the States –
(National) Dam inspectors fear the deluge. Extreme weather, shifting
demographics, and the passage of time are teaming up to erode the condition of
dams and increase the cost of their failure, often measured in millions of
dollars and significant numbers of lives lost, the Pew Center of the States
reported October 4. In 2011, States combined to employ just 422 full time
workers to oversee 87,679 structures, averaging out to more than 200 per
person. Of those dams, 11,388 were deemed ―high-hazard,‖ a category quantified
differently across States but associated with the likelihood that a failure
will lead to fatalities. ―They’re doing the best job they can. They just don’t
have the resources,‖ said the executive director of the Association of State
Dam Safety Officials. A 2009 study by the group estimated it would cost $16
billion to make the most urgent repairs over the next 12 years. When the Senate
reconvenes following the election, it will be asked to consider reviving the
2006 National Dam Safety Act, a measure tacked onto a larger bill that has
passed in the House. The $14 million yearly program, which expired in 2011,
helped States retain staff, educate dam owners, and buy essential equipment.
Since then, funding has trickled in from the Federal Emergency Management
Agency, but it has fallen short of plugging the gap. Source: http://www.pewstates.org/projects/stateline/headlines/dam-inspectors-fear-the-deluge-85899420764
Details
Banking and Finance Sector
13. October
2, U.S. Department of Justice – (New York; National) Residential
Mortgage-Backed Securities Working Group members announce first legal action. The
Residential Mortgage Backed Securities (RMBS) Working Group members October 2
announced their first legal action since the working group formation earlier
this year. In his role as a co-chair of the RMBS Working Group, the New York
attorney general filed a Martin Act lawsuit against J.P. Morgan Securities LLC
(formerly known as Bear Stearns & Co. Inc.), JP Morgan Chase Bank N.A., and
EMC Mortgage LLC (formerly known as EMC Mortgage Corporation) for making
fraudulent misrepresentations and omissions to promote the sale of RMBS to
investors. According to the lawsuit, the defendants deceived investors as to
the care with which they evaluated the quality of mortgage loans packaged into
residential mortgage-backed securities prior to Bear Stearns & Co’s
collapse in early 2008, incurring losses that have totaled about $22.5 billion.
The lawsuit is the first legal action from the RMBS Working Group, a
State-federal task force created by the U.S. President earlier this year to
investigate those responsible for misconduct contributing to the financial
crisis through the pooling and sale of RMBS. Source: http://www.justice.gov/opa/pr/2012/October/12-opa-1196.html
For another
story, see item 47 below in the Information Technology Sector
Information Technology Sector
45. October
4, The H – (International) New Oracle hacks revealed. At the
DerbyCon 2.0 conference, two security experts presented a range of attacks,
some of which were previously unknown, on Oracle databases and SQL servers;
they even released suitable tools to exploit them at the same time. In ―Hacking
the Oracle Client,‖ one of the researchers demonstrated that, although Oracle
saves the user name and password for a database connection in encrypted form in
the client’s main memory, this data remains in memory after the session ends,
and can easily be decrypted. A trojan, for example, could exploit this to
harvest plain-text passwords from the client, which was demonstrated by the
ocioralog meterpreter extension. The experts also demonstrated how Oracle
connections can be hijacked and exploited. Due to the unpatched TNS poisoning
security vulnerability, the experts’ approach works with any standard Oracle
database, unless special security measures for the TNS listener are in place.
The presented pytnsproxy TNS proxy, combined with a suitable Metasploit module
called tnspoison, allows unauthenticated attackers to sniff-out or modify the
connections to the database; arbitrary SQL commands can even be sent using the
TNS proxy. Source: http://www.h-online.com/security/news/item/New-Oracle-hacks-revealed-1723371.html
46. October
3, Threatpost – (International) Some Wordpress themes, thousands of sites
open to XSS vulnerability. A number of Wordpress themes being distributed
by the developer Parallelus are vulnerable to cross-site scripting (XSS)
attacks, reports said. Themes, bits of PHP, and HTML code that alter the look
and functionality of sites are usually installed via Wordpress’ dashboard tool
or by FTP. According to a Finnish product security professional and pentester,
the XSS vulnerabilities lie in the Unite, Salutation, Intersect, and Traject
themes. The themes cost around $30-$60 for a regular license on
Themeforest.net, a Wordpress theme marketplace. The security professional noted
that not all of the themes and templates associated with Parallelus are
vulnerable, but thousands of sites — personal and business — could be affected.
Source: http://threatpost.com/en_us/blogs/some-wordpress-themes-thousands-sites-open-xss-vulnerabilities-100312
47. October 3, Help Net Security – (International) Malicious
spam campaign targets QuickBooks users. Intuit-themed malicious spam
campaigns appear every few months, given that the company’s tax preparation,
accounting, financial management, and billing software and services are
extremely popular in the United States and Canada. The latest one, spotted by
GFI Software, tries to attract the users of Intuit’s QuickBooks — accounting
software marketed to small business owners — with an offer of free shipping
when ordering tax forms. For the recipients who click on them, the embedded
links lead not to the ordering form, but to a page that shows a ―Connecting to
server...‖ message and eventually redirects them to another page hosting the
Blackhole exploit kit. Source: http://www.net-security.org/malware_news.php?id=2282
48. October 2, V3.co.uk – (International) Blackhole
responsible for a third of drive-by download attacks. According to new
research, malware created using the Blackhole toolkit can be found on nearly
one third of all malicious Web links circulating in the wild. A team comprised
of researchers at Google, the International Computer Science Institute, and
several leading U.S. universities warned that so-called drive-by downloads are
becoming cyber criminals’ attack of choice. The team studied more than 77,000
malicious URLs identified using Google’s Safe Browsing — a tool Google uses to
identify sites carrying malicious payloads. They then attempted to analyze the
code these sites were dispensing, analyzing the malware being distributed and
the tools used to create it. Nearly half of all Web pages serving exploits were
based on two toolkits: Blackhole and Incognito. Source: http://www.v3.co.uk/v3-uk/the-frontline-blog/2214082/blackhole-responsible-for-a-third-of-driveby-download-attacks
For another story, see item 49 below in
the Communications Sector
Communications Sector
49. October 4,
Quincy Patriot-Ledger – (Massachusetts) Phone, internet service
restored in Braintree. Phone and Internet service in Braintree,
Massachusetts, was restored October 4 after a severed fiber in Quincy knocked
out service for hundreds of residents through most of October 3. A spokeswoman
for the Braintree Electric Light Department, said a ―major fiber cut‖ in Quincy
disrupted service for about 3,200 Internet customers and close to 2,000 phone
customers early October 3. Phone service was restored by the evening October 3,
but Internet service remained off-line for many residents until October 4. Source:
http://www.patriotledger.com/topstories/x383194682/Braintree-phones-back-on-Internet-still-out
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.