Monday, July 8, 2013




Daily Report

Top Stories

  Chrysler announced several recalls affecting 840,000 vehicles for issues including faulty microcontroller components in head rests and improperly programmed side airbag software. – NBC News (See item 3)

3. July 4, NBC News – (International) Chrysler recalls 840,000 vehicles, mostly in US. Chrysler announced several recalls affecting 840,000 vehicles, mostly in the U.S., for issues including faulty microcontroller components in head rests and improperly programmed side airbag software. Source: http://www.nbc33tv.com/news/chrysler-recalls-840000-v

  An accidental detonation at a fireworks show in a large community park in Simi Valley, California, left 28 people with minor injuries July 4. – Associated Press (See item 25)

25. July 5, Associated Press – (California) 28 injured at Calif. fireworks show. An accidental detonation at a fireworks show in a large community park in Simi Valley left 28 people with minor injuries July 4. A bomb squad detonated the remainder of the fireworks as 20 people were transported to local hospitals and 8 people were treated at the park. Source: http://www.news9.com/story/22764383/14-injured-at-calif-fireworks-show

  A man was charged with setting nine wildfires in California that burned a total of 670. – Associated Press (See item 28)

28. July 4, Associated Press – (California) Arson charges tie man to 9 California wildfires. A man was charged July 3 with setting nine fires since September 2011 that burned a total of 670 acres in Riverside and San Bernardino counties. The Banning resident was arrested June 28 in connection with a wildfire near Mentone. Source: http://news.msn.com/crime-justice/arson-charges-tie-man-to-9-california-wildfires

  Researchers reported a vulnerability affecting 99 percent of Android devices that can allow an attacker to modify APK code without breaking legitimate apps’ cryptographic signatures. – V3.co.uk See item 38 below in the Information Technology Sector

Details

Banking and Finance Sector

5. July 4, United Press International; St. Louis Post-Dispatch – (Missouri) Funeral insurance company owner pleads guilty to fraud. The owner of the failed National Prearranged Services Inc. funeral service insurance company pleaded guilty to fraud charges for diverting $600 million in funds from policy holder reserves to personal and commercial expenses. The owner’s son also pleaded guilty to his part in the fraud. Source: http://www.upi.com/Top_News/US/2013/07/04/Funeral-insurance-company-owner-pleads-guilty-to-fraud/UPI-54451372950352/

6. July 3, Reuters – (National) SEC alleges insider trading in Onyx ahead of Amgen offer. The U.S. Securities and Exchange Commission filed a lawsuit and froze assets against traders who allegedly made suspicious trades ahead of Onyx’s rejection of a takeover bid to make $4.6 million in illicit gains. Source: http://www.cnbc.com/id/100864058

7. July 3, U.S. Securities and Exchange Commission – (International) SEC obtains freeze on proceeds from unlawful distribution of Biozoom securities. The U.S. Securities and Exchange Commission (SEC) charged eight Argentine citizens with unlawfully distributing millions of shares of Biozoom, Inc., yielding approximately $34 million. The SEC also froze assets in U.S. brokerage accounts belonging to the accused. Source: https://www.sec.gov/news/press/2013/2013-122.htm

Information Technology Sector

36. July 5, Softpedia – (International) Private Exploit Pack: New browser exploit kit advertised on hacker forums. A new browser exploit kits named Private Exploit Pack was found being advertised on hacker forums. The exploit pack works on Windows XP, 7, and 8, and contains exploits for Java, Internet Explorer, PDF, and Microsoft Data Access Components. Source: http://news.softpedia.com/news/New-Browser-Exploit-Pack-Private-Advertised-on-Hacker-Forums-366008.shtml

37. July 5, Softpedia – (International) Opera 12.16 replaces code signing certificate. Opera Software released version 12.16 of its Opera browser containing a new code signing certificate following a security breach where attackers were able to obtain an older certificate. Source: http://news.softpedia.com/news/Opera-12-16-Replaces-Code-Signing-Certificate-365932.shtml

38. July 4, V3.co.uk – (International) Android master key leaves 99 percent of Google smartphone and tablet users open to attack. Bluebox Security researchers reported a vulnerability in Android 1.6 and later that can allow an attacker to modify APK code without breaking legitimate apps’ cryptographic signatures, turning a legitimate app into a malicious one. Source: http://www.v3.co.uk/v3-uk/news/2279495/android-master-key-leaves-99-percent-of-google-smartphone-and-tablet-users-open-to-attack

39. July 4, Softpedia – (International) Customizable mobile number harvesting service found on underground market. Researchers at Webroot identified a mobile number harvesting service for sale on underweb markets that allows the user to customize the type of information they collect, which can then be utilized to drive SMS spam campaigns. Source: http://news.softpedia.com/news/Customizable-Mobile-Number-Harvesting-Service-Found-on-Underground-Market-365696.shtml

40. July 4, Help Net Security – (International) Trojanized Android app collects info, comments on NSA surveillance. A trojanized version of a legitimate music app was identified that on July 4 was triggered to display an image and run a service criticizing National Security Agency data collection programs. The app also attempts to send device information to a remote server upon restart. Source: https://www.net-security.org/malware_news.php?id=2535

41. July 4, Help Net Security – (International) Critical Cryptochat group chat bug fixed. The developers of the Cryptochat secure chat program advised users to update to the latest version that fixes a vulnerability in the program’s group chat function that could allow conversations to be cracked via brute for attacks. Source: https://www.net-security.org/secworld.php?id=15182

42. July 3, The H – (International) Apple releases security update for Mac OS X. Apple released a security update for four versions of its OS X operating system, closing three QuickTime flaws that could cause crashes or allow arbitrary code execution. Source: http://www.h-online.com/security/news/item/Apple-releases-security-update-for-Mac-OS-X-1910729.html

Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.