Daily Report
Top Stories
· Superior Crude
Gathering Inc., agreed October 29 to pay $1.6 million in penalties to settle
alleged violations of the Clean Water Act stemming from a 92,400 gallon crude
oil spill from tanks at the company’s oil storage facility in Ingleside, Texas,
into an unnamed lake and wetlands in 2010. – U.S. Environmental Protection
Agency
1.
October 29, U.S. Environmental Protection Agency –
(Texas) Texas company to pay $1.6M for oil spill violations. The U.S.
Environmental Protection Agency and the U.S. Department of Justice reached a
settlement with Texas-based Superior Crude Gathering Inc., (Superior Crude)
October 29 for alleged violations of the Clean Water Act stemming from a 92,400
gallon crude oil spill from tanks at the company’s oil storage facility in
Ingleside into an unnamed lake and wetlands in 2010. Superior Crude will pay a
$1.6 million civil penalty. Source: http://yosemite.epa.gov/OPA/ADMPRESS.NSF/d0cf6618525a9efb85257359003fb69d/0bcc7b168f89d77f85257d8000674455
· Developers
warned that Drupal Web sites that were not patched within 7 hours of the
disclosure of a critical SQL injection vulnerability October 15 should be
considered compromised and advised admins to restore their sites. – The
Register See item 24
below in the Information Technology
Sector
· The Industrial
Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory
warning about an ongoing attack campaign targeting human machine interface
(HMI) products used in industrial control systems. – Securityweek See item 28 below in the Information
Technology Sector
· The Chickamauga
Lock was shut down and traffic on the Tennessee River stalled near Chattanooga,
Tennessee, after the U.S. Army Corps of Engineers discovered an upper gate
anchorage issue during a routine inspection October 27. – WBIR 10 Knoxville
35.
October 28, WBIR 10 Knoxville – (Tennessee)
Chickamauga Lock closed for repairs. The Chickamauga Lock was shut down
and traffic on the Tennessee River stalled near Chattanooga after the U.S. Army
Corps of Engineers discovered an upper gate anchorage issue during a routine
inspection October 27 that requires immediate repair. The closure is expected
to last approximately 3 weeks. Source: http://www.wbir.com/story/news/local/2014/10/28/chickaumaga-lock-closed-for-repairs/18064139/
Financial Services Sector
3. October
29, Reuters – (Illinois; Indiana) Twenty-nine charged in Chicago
with ‘cracking cards’ bank fraud scheme. Prosecutors filed federal and
State charges against 29 people in the Chicago area and in Hammond, Illinois,
for allegedly running a bank fraud scheme that recruited individuals to hand
over debit cards and then cash fraudulent checks to the accounts, causing bank
losses of more than $1.7 million. Source: https://news.yahoo.com/twenty-nine-charged-chicago-cracking-cards-bank-fraud-181808332.html
4. October
29, IDG News Service – (International) Cybercriminals create
platform for automating rogue credit card charges. Researchers with
IntelCrawler reported that a Web-based application known as Voxis Platform that
automates purchases from stolen payment card data has been sold on underweb
markets since August. The application purports to use 32 different payment
gateways and other methods to mimic normal card use and avoid detection.
Source: http://www.networkworld.com/article/2840753/cybercriminals-create-platform-for-automating-rogue-credit-card-charges.html
For another story, see item 33 below
from the Commercial Facilities Sector
33. October
30, Softpedia – (International) Mobile payment app contender
CurrentC sees testers’ details stolen. Merchant Customer Exchange (MCX)
notified adopters of CurrentC, a mobile payment app currently hosted in a trial
phase, of an intrusion that revealed the email addresses of those with accounts
for the testing program. The company reported that it is investigating and
believes the intrusion was a result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml
Information Technology Sector
24. October 30, The Register – (International) Drupalocalypse! Devs say it’s best to
assume your CMS is owned. The developers of the Drupal content management
system (CMS) warned that Drupal Web sites that were not patched within 7 hours
of the disclosure of a critical SQL injection vulnerability October 15 should
be considered compromised due to the simplicity of the vulnerability and how
quickly it was leveraged by attackers. The developers advised affected admins
to restore their sites from backup since applying the patch would only close
the vulnerability to future use, not remove any malware already in place.
Source: http://www.theregister.co.uk/2014/10/30/drupal_sites_considered_hosed_if_sqli_hole_unclosed/
25. October 30, Threatpost – (International) Popular Science website infected,
serving malware. Researchers from Websense Security Lab discovered and
reported that the Web site of Popular Science magazine was compromised and
injected with a malicious iFrame that redirects users to a site hosting the RIG
Exploit Kit. Source: http://threatpost.com/popular-science-website-infected-serving-malware/109089
26. October 30, Securityweek – (International) “AirHopper” malware uses radio signals
to steal data from isolated computers. Researchers at the Ben Gurion
University created a proof-of-concept malware dubbed AirHopper that was used to
demonstrate a data exfiltration attack against air gapped systems using radio
signals produced by the target system’s graphics card. The attack requires
adding the malware to the target system and installing malicious code onto a
nearby mobile device in order to set up the channel for transmitting the data
sent from the target system. Source: http://www.securityweek.com/airhopper-malware-uses-radio-signals-steal-data-isolated-computers
27. October 29, Softpedia – (International) Gmail drafts used to exfiltrate data
and send malicious instructions. Shape Security researchers identified and
reported a new variant of the IcoScript remote access trojan (RAT) that uses
draft Gmail email messages to communicate with its operator and receive
instructions in order to avoid detection. The researchers stated that the
malware strain appears limited to use in targeted attacks. Source: http://news.softpedia.com/news/Gmail-Drafts-Used-to-Exfiltrate-Data-and-Send-Malicious-Instructions-463495.shtml
28. October 29, Securityweek – (International) ICS-CERT warns of ongoing attack
campaign targeting industrial control systems. The Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory warning
about an ongoing attack campaign targeting human machine interface (HMI)
products used in industrial control systems including GE Cimplicity,
Advantech/Broadwin WebAccess, and Siemens WinCC products. The campaign uses a
variant of the BlackEnergy malware and shares the same command and control
infrastructure as the Sandworm campaign team. Source: http://www.securityweek.com/ics-cert-warns-ongoing-attack-campaign-targeting-industrial-control-systems
29. October 29, Securityweek – (International) Microsoft releases Fix It tool to
disable SSL 3.0 in IE to muzzle Poodle attack. Microsoft released a Fix It
tool that allows users to disable SSL 3.0 in all supported versions of Internet
Explorer, closing the vulnerability used in the POODLE attack. The company also
announced that it will disable SSL 3.0 and fallback to SSL 3.0 by default in
its products in the months ahead. Source: http://www.securityweek.com/microsoft-releases-fix-it-tool-disable-ssl-30-ie-muzzle-poodle-attack
For another story, see item 33 below
from the Commercial Facilities Sector
33.
October 30, Softpedia –
(International) Mobile payment app contender CurrentC sees testers’ details
stolen. Merchant Customer Exchange (MCX) notified adopters of CurrentC, a
mobile payment app currently hosted in a trial phase, of an intrusion that
revealed the email addresses of those with accounts for the testing program.
The company reported that it is investigating and believes the intrusion was a
result of a third-party vulnerability. Source: http://news.softpedia.com/news/Mobile-Payment-App-Contender-CurrentC-Sees-Testers-Details-Stolen-463568.shtml
Communications Sector
30.
October 29, Detroit News – (Michigan) Auburn
Hill man charged in cut to land line wire. An Auburn Hills man was indicted
October 28 on charges related to cutting a fiber optic wire belonging to
AT&T and Comcast and disrupting phone service to as many as 600 residents,
preventing them from calling emergency services. Source: http://www.detroitnews.com/story/news/local/oakland-county/2014/10/29/auburn-hill-man-charged-cut-land-line-wire/18104543/