Department of Homeland Security Daily Open Source Infrastructure Report

Friday, February 27, 2009

Complete DHS Daily Report for February 27, 2009

Daily Report

Headlines

 The Boston Globe reports that the Massachusetts Department of Public Utilities, reacting to concerns raised after three gas explosions in recent months, announced Wednesday it would review the 12 explosions that have occurred in the state during the past five years. (See item 2)


2. February 25, Boston Globe – (Massachusetts) State regulators to probe gas explosions. Reacting to concerns raised after three gas explosions in recent months, the state Department of Public Utilities announced on February 25 that it would review all the explosions that have occurred in the state during the past five years. The department’s review is intended “to make sure that there isn’t some sort of pattern that we should be concerned about,” said, a spokesman for the state’s Executive Office of Energy and Environmental Affairs, which oversees the DPU. He stressed the department has no reason to believe right now that there is a pattern. But the decision comes as authorities investigate three explosions that have killed two people and seriously injured another person over the last three months. (A fourth explosion that officials suspected was caused by gas killed a man this week in Manchester, New Hampshire.) The incidents should serve as “warning flags” for officials to seriously look at the state’s gas infrastructure, as the roughly 20,000 miles of pipeline are aging and in need of repair a director of analysis at the MIT Energy Initiative, told the Globe last week after an explosion killed a woman and her dog in Somerset. The state has seen a total of 12 gas explosions over the past five years, beginning with an explosion in Sudbury January 13, 2004. Source: http://www.boston.com/news/local/breaking_news/2009/02/state_regulator.html


 According to Computerworld, the U.S. Federal Communications Commission may fine 600 operators for failing to properly file annual reports proving that they protect customer data. (See item 32)


See Communications Sector below for details.


Details

Banking and Finance Sector


9. February 25, Reuters – (Connecticut) U.S. money managers accused of $550 mln fraud. Two money managers who oversaw investments for Carnegie Mellon University and other institutions were arrested on February 25 on charges of running an estimated $550 million, decade-long swindle. The managing general partners of broker-dealer WG Trading Co., with main offices in Greenwich, Connecticut, were charged by U.S. prosecutors with conspiracy, securities fraud and wire fraud. The pair is accused of using client money as “their personal piggy-bank” to fund lavish lifestyles, according to the U.S. Securities and Exchange Commission. The SEC and the Commodity Futures Trading Commission brought civil charges against the men and their companies, which also include WG Trading Investors LP and investment adviser Westridge Capital Management Inc in Santa Barbara, California. The SEC obtained a court-imposed asset freeze against the men and their affiliated entities. Source: http://www.reuters.com/article/companyNewsAndPR/idUSN2548564220090225


10. February 25, Reuters – (National) FDIC says U.S. bank deposits robust, to raise premiums. U.S. banking regulators are not pursuing nationalization of troubled institutions struggling to shed toxic assets from their balance sheets, the head of the chairman of the Federal Deposit Insurance Corp (FDIC) said on February 25. “Nationalization means different things for different people but nationalization is not the route we’re pursuing now,” the FDIC chairman told reporters after speaking to a group of bankers in New York. The chairman and other U.S. regulators are crafting a rescue package to help banks regain their footing by injecting capital, enticing private investors to buy bad assets and aiding millions of borrowers who have lost, or facing losing, their homes. The FDIC is slated to release industry earnings and other financial data for the fourth quarter soon. Many expect bleak financial results, but the one bright spot could be a growth in deposits, indicating consumer confidence. “It’s been a tough quarter,” the chairman told the bankers. She, however, told them some good news. “Deposit growth was robust,” the chairman said. “Insured deposits are stable. Source: http://www.cnbc.com/id/29399207


Information Technology


29. February 26, Apple Insider – (International) New phishing scam targets MobileMe users. In another attempt to con MobileMe users into providing their credit card information, a scammer has sent out spam spoofed to appear to come from Apple, which directs users to a fake site designed to look like Apple’s. Users who follow the email link and enter their information on the poorly formatted, fake Apple Web page will be sorry. While sent with a spoofed sender address of noreply@me.com, the spam’s headers indicate that it actually appears to originate from gamma.oxyhosts.com, a server operated by a Web hosting outfit from the United Kingdom. The email contains formatting errors that should immediately tip off users, and directs to a sketchy URL: http.apple-billing.me.uk. The email’s headers that indicate it was sent using Outlook Express, but those are only visible when the user examines the phony email’s raw headers. Of course, Apple itself has also sent out official MobileMe notices containing the same formatting error. Apple also does not sign or encrypt its official emails to users, a step that might help in thwarting the regular phishing attempts that target MobileMe users. While Apple pioneered certificate based security in iChat messaging for its MobileMe users, it has been a laggard in making it easy for users to sign and encrypt their MobileMe email using certificates issued by Apple, despite support in Mail and most other modern email clients to handle this. The significant difference in the real message from Apple over the phony spam is that Apple’s official email cites the account’s User Name, the ending digits of their credit card number, and directs the user to navigate to MobileMe themselves to correct their information within the online account section, rather than providing a link to follow. Doing so would result in the user initiating a MobileMe Web session secured via SSL before they are ever prompted to enter their private account information. There is no SSL security on the fake site users are directed to by the spam. The fraud site is hosted by me.uk, a domain not affiliated with Apple, but which might sound reasonably correct to many users. The domain appears to be registered to “Nike Jegart, co 9 Vista Estrella South, Lamy, NM 87540.” Source: http://www.appleinsider.com/articles/09/02/26/new_phishing_scam_targets_mobileme_users.html


30. February 25, DarkReading – (International) Report: More than 500,000 Web sites hit by new form of SQL injection in ‘08. A new flavor of an old-school Web attack was responsible for compromising more than 500,000 Web sites last year. An automated form of SQL injection using botnets emerged as the popular method of hacking Web sites, according to a newly released report from the Web Hacking Incidents Database (WHID), an annual report by Breach Security and overseen by the Web Application Security Consortium (WASC). The report also found that attackers increasingly are targeting a Web site’s customers rather than the sensitive information in the site’s database. “It used to be that mostly e-commerce sites were targeted, but now it’s potentially any site, especially those with a large customer base,” says the director of application security research for Breach Security. “The attackers say, ‘You’re going to become a malware-launching point for us.’” The so-called Mass SQL Injection Bot attacks basically automate the infection process; the Nihaorr1 and Asprox botnets both deployed this method last year, according to the report. “In the past, they had to do some manual reconnaissance with SQL injection to send the initial queries,” the director says. The automated approach sent one request with a script that automated all of those recon steps, using bots to perform the attacks. “While the initial attack vector was SQL Injection, the overall attack more closely resembles a Cross-Site Scripting methodology as the end goal of the attack was to have malicious JavaScript execute within victims’ browsers,” the WHID reports says. “The JavaScript calls up remote malicious code that attempts to exploit various known browser flaws to install Trojans and Keyloggers in order to steal login credentials to other web applications.” Source: http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=SOIH2N3YE2BCQQSNDLOSKH0CJUNN2JVN?articleID=214600046


31. February 25, Washington Post – (International) Adobe issues security update for Flash Player. Adobe Systems Inc. has shipped an update for its ubiquitous Flash player that fixes at least five security flaws. A few of the flaws are critical, meaning users could have malicious software installed on their system merely by visiting a Web page that features a booby-trapped Flash movie. Individuals will need to apply two different versions of this patch: One is designed for Internet Explorer, and another updates the Flash player in Firefox, Opera and Safari. This can be accomplished by visiting the Web site twice, once with IE, and then again with Firefox or whichever other browser they are using. The patch plugs security holes in Flash player 10.0.12.36 and earlier. Updates are available for Flash versions made for Windows, Mac OS X, and Linux. Source: http://voices.washingtonpost.com/securityfix/2009/02/adobe_issues_security_update_f.html?hpid=sec-tech


Communications Sector

32. February 25, Computerworld – (National) FCC threatens 600 operators with fines over data protection rules. The U.S. Federal Communications Commission (FCC) may fine 600 operators for failing to properly file annual reports proving that they protect customer data. Telephone companies and voice-over-IP providers are required to submit to the FCC annual certifications proving that they have taken reasonable measures to protect against pretexting, or the practice of pretending to be a person or a law enforcement agent in order to obtain telephone records. Operators must also show the FCC that they have kept records of all instances when they disclosed customer information to a third party and report on customer complaints they have received regarding unauthorized release of their information. The FCC found that last year, 600 operators either did not file reports to the agency at all or they filed noncompliant reports. The FCC proposed a fine of $20,000 for operators that did not file at all and $10,000 for those that filed noncompliant reports. The carriers will be allowed to argue against the fine or demonstrate reasons to reduce the penalty due to an inability to pay it, the FCC said. In a statement, the FCC’s acting chairman said that the annual filings are essential for the agency to ensure that operators are complying with the privacy regulations. He also said he hopes the fines will help ensure compliance in the future. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9128663&taxonomyId=17&intsrc=kc_top

Department of Homeland Security Daily Open Source Infrastructure Report

Thursday, February 26, 2009

Complete DHS Daily Report for February 26, 2009

Daily Report

Headlines

 The Alton Telegraph reports that an explosion destroyed a building Tuesday night at Hanley Industries in Alton, Illinois. Hanley Industries manufactures explosive devices for the military equipment and aircraft markets. (See item 12)


12. February 24, Alton Telegraph – (Illinois) Explosion reported at Hanley Industries. An explosion rocked the Alton, Illinois area Tuesday night and destroyed a building at Hanley Industries. The blast was reported about 9:40 p.m. and numerous area residents reported feeling their houses shake and windows rattle. The Fosterburg Fire Protection District responded to the blast, which was reportedly caused by some black powder that ignited inside a small outbuilding. The explosion also caused a small grass fire in a nearby wooded area. Godfrey Fire Protection District also responded. A captain with the Fosterburg Fire Protection District said there were no injuries. He said the building that was destroyed was designed for incidents such as this and to cause the least amount of damage. Hanley Industries manufactures explosive devices for the military equipment and aircraft markets. The company’s Web site says it produces high-quality explosive components for field and aerospace equipment, artillery and bomb fuses, initiators and priming elements. It also makes miniature electrically initiated detonators, explosive bolts for space launch vehicles, stab primers and electric primers for naval guns. Source: http://www.thetelegraph.com/news/hanley_23928___article.html/fire_industries.html See also: http://www.chicagotribune.com/news/chi-ap-il-altonexplosion,0,6442269.story


 According to Government Executive, a report released on Monday by the Energy Department Inspector General concluded that the department could not accurately account for the quantities and locations of nuclear material at 15 out of 40, or 37 percent, of facilities reviewed. (See item 32)


32. February 24, Government Executive – (National) IG: Energy cannot account for nuclear materials at 15 locations. A number of institutions with licenses to hold nuclear material reported to the Energy Department in 2004 that the amount of material they held was less than agency records indicated. But rather than investigating the discrepancies, Energy officials wrote off significant quantities of nuclear material from the department’s inventory records. That is just one of the findings of a report released on February 23 by the Energy Department Inspector General that concluded “the department cannot properly account for and effectively manage its nuclear materials maintained by domestic licensees and may be unable to detect lost or stolen material.” Auditors found that Energy could not accurately account for the quantities and locations of nuclear material at 15 out of 40, or 37 percent, of facilities reviewed. The materials written off included 20,580 grams of enriched uranium, 45 grams of plutonium, 5,001 kilograms of normal uranium and 189,139 kilograms of depleted uranium. “Considering the potential health risks associated with these materials and the potential for misuse should they fall into the wrong hands, the quantities written off were significant,” the report stated. Auditors also found that waste processing facilities could not locate or explain the whereabouts of significant quantities of uranium and other nuclear material that Energy Department records showed they held. More than 100 academic and commercial institutions and government agencies lease nuclear materials that are owned by Energy. The department, along with the Nuclear Regulatory Commission, is supposed to track these materials through the centralized accounting system known as the Nuclear Materials Management and Safeguards System, or NMMSS. Source: http://www.govexec.com/dailyfed/0209/02309kp1.htm


Details

Banking and Finance Sector


13. February 25, ZDNet Asia – (International) Phishers ride on financial crisis theme. Phishing attacks have doubled during the months of January and February, with phishers riding on the downturn in the economy to pose as financial institutions, said Symantec. According to the antivirus company’s latest MessageLabs Intelligence Report, the recession theme has seen a revival in the past month, where spam is concerned. “At a time when concerned consumers may not be surprised to hear from their banks, phishing attacks have risen to one in 190 e-mail messages, from one in 396 in January 2009,” said the report. “Recession spam” messages have also surfaced, carrying text strings such as “money is tight, times are hard.” February saw the reappearance of search engine redirects referencing the financial crisis, for the first time in over a year, said Symantec. Overall, however, spam declined by 1.3 percent to 73.3 percent of all e-mail messages in February. The report added this includes a spike in levels hitting 79.5 percent at the start of the month, due in part to Valentine’s Day-themed spam. Symantec said the vast majority of such spam originated from the Cutwail (Pandex) botnet, which pushed out an estimated 7 billion Valentine’s Day-themed messages each day. Source: http://www.zdnetasia.com/news/security/0,39044215,62051534,00.htm


14. February 25, The Register – (International) Banking app vuln surfaces 18 months after discovery. In the course of penetration testing a client’s Web site, the CTO of security consulting firm Netragard says he discovered that CAMAS, the marketing name for Cambium’s content management system, was riddled with vulnerabilities that made its customers’ Web sites susceptible to breaches that could reveal administrator passwords and other sensitive data. It is no small deal since a significant percentage of Cambium’s clients are banks, credit unions, and health care providers. What was unprecedented was the amount of time it took to publish the CTO’s findings: Almost 18 months from the time of discovery. During most of that time, he says CAMAS customers who did not take special precautions — including Cambium Group itself, according to this Google cache — were vulnerable to attacks known as SQL injections. “I have no doubt what so ever that the vulnerability shown in the cached link above is the exact same one that we alerted Cambium’s president of in August of 2007,” the CTO wrote in an email to The Register. “Cambium’s president may have fixed the vulnerability in our customer’s instance of their Cambium Group Content Management System, but he certainly did not fix the rest of his customers according to Google.” The time line of the advisory shows that Cambium was notified in full detail on August 24, 2007. And yet, a review by The Register earlier this month identified 24 Cambium-driven Web sites that returned verbose error messages when a single additional character was added to the Web sites’ URL. The errors were returned by the sites’ SQL database and were the result of the same vulnerability, the CTO said. Source: http://www.theregister.co.uk/2009/02/25/cambium_group_advisory/


15. February 24, Reuters – (National) U.S. regulators brace for jump in bank failures. The rate of U.S. bank failures is expected to increase more than four-fold this year as federal regulators get fresh resources to handle insolvent banks, and as the U.S. Presidential Administration takes a more aggressive approach toward some banks’ dismal prospects. Bank analysts and industry insiders say a continued deterioration in credit conditions will be the driving force behind a big upswing in the number of failures, but policy decisions will also push the numbers up. “I think people were surprised there weren’t more last year, and I think that has to do more with the capabilities of the (Federal Deposit Insurance Corp) than the quality of the banks,” said the chairman of law firm Pepper Hamilton’s financial services practice group. The FDIC seized 25 banks last year. In just the first seven weeks of 2009, 14 banks failed and the FDIC is on pace to close more than 100 in 2009. The agency is on a hiring spree and wants to triple its line of credit with the Treasury Department, better equipping it to close weak banks and find buyers for their assets. “The FDIC has clearly stated that we expect an increase in our resolution activity as we work through this economic cycle,” said a FDIC spokesman. “The prudent planning efforts by the FDIC over the last year and a half reflect this — including additional hiring, contractor engagements and budget increases.” Source: http://uk.reuters.com/article/ousiv/idUKTRE51N5NA20090224


Information Technology


36. February 25, VNUNet.com – (International) Phishers launch multi-platform IM attack. Users of Internet chat services have been hit by a major phishing attack aimed at stealing account log-in details, security researchers have warned. The unsolicited instant messages urge users to click on a TinyURL link to watch a video, but the link takes them to a site called ViddyHo which asks them to fill in user names and passwords. The phishers can then use these details to hack into user accounts and send more malicious links. Much of the focus around this attack has been on risks to Gmail account holders, in response to the Google Mail outage on February 24. However, phishers are also targeting users of instant messaging systems from Yahoo, Microsoft and MySpace. “This is, of course, a classic attempt to phish credentials from the unwary,” wrote the Sophos senior technology consultant in a blog posting. “The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet.” Users are also more likely to fall for this attack because the link comes from a trusted source, according to a solutions architect at security vendor Trend Micro. Source: http://www.vnunet.com/vnunet/news/2237230/multi-platform-im-phishing


37. February 25, BBC News – (International) Experts sound scam threat warning. Experts are warning of an increase in the number of fake anti-virus Web sites. Hackers are tricking people with a false warning, saying that the computer is infected with a Trojan and getting users to buy a fake anti-virus product. A number of sites were closed last year when authorities in the United States took action to stop sellers of “scareware.” But despite the closures, the number of sites continues to grow, with one expert saying it was “the biggest threat facing computer users today.” The chairman of the Independent Trade Association of Computer Specialists, which represents independent computer retail and repair shops across Britain, said hackers were playing on people’s fear. “At my repair shop in Lincoln alone, we’ve had more than 300 users in the past six months come in with a computer infected with fake anti-virus software.” “This week, we’ve seen fake AVG anti-virus that was so good, one of my engineers was convinced that it was the real thing,” said the chairman. Hackers have been employing more sophisticated tricks to dupe users into buying their fake software. In early February 2009, hackers put fake parking tickets on cars with a URL directing them to “view pictures with information about your parking preferences” that in reality downloaded a Trojan that then prompted the user to install fake anti-virus software. Source: http://news.bbc.co.uk/2/hi/technology/7907635.stm


38. February 25, Daily Tech – (International) eWeek ads infect users thanks to Adobe flaw. Adobe has over the last several years claimed many of the top security vulnerabilities due to its rich format which gives hackers many easy routes to take over computers. eWeeK, a leading computer and security news site, became the latest victim of an Adobe exploit earlier this month. Other sites owned by Ziff Davis Media, which owns eWeek, were also affected. The Ziff Davis sites hosted an ad, which while looking legitimate redirected users through a series of iFrames to a pornographic Web site. And that was not the end of the shenanigans, either. The site then tried to download an Adobe PDF containing a known exploit, ‘bloodhound.exploit.213.’ A patch had been previously released for the exploit, which affects Adobe Acrobat and Reader versions 8.12 and earlier, but many users still have yet to receive it. Once the exploit gains access to the system, it installs a file named “winratit.exe” in the user’s temporary files folder and two other files, according to security researchers at Websense. The files are activated when users are browsing the Internet and they try to get users to buy fake antivirus software by redirecting them to phony sites. Websense describes the fake software, “The name of the rogue AV application is Anti-Virus-1. If the user chooses to register the rogue AV, a connection is made to hxxp://[removed]-site.info/, which has been set up to collect payment details.” The offending ads have been removed from the system. Source: http://www.dailytech.com/EWeek+Ads+Infect+Users+Thanks+to+Adobe+Flaw/article14407.htm


39. February 23, SC Magazine – (International) Microsoft says password stealers pose biggest threat. The top two threat families on Microsoft’s detection and removal list this month are online game password stealers (PWS). These threats are now predominantly occurring in the United States, a shift from last June, 2008, when they mostly were detected in China. In one week, Microsoft’s free Malicious Software Removal Tool (MSRT) cleaned more than 980,000 machines from the Taterf worm, the top threat family this month, a spokesman in Microsoft’s Malware Response Center wrote in a blog post February 19. The worm steals gaming credentials either through keylogging or by injecting itself into game clients and reading memory. The MSRT, released on the second Tuesday of each month, checks computers running Windows Vista, XP, 2000 and Windows Server 2003 for infections by prevalent malware and helps remove infections. The second most detected and removed malware family this month is Frethog, another PWS, which MSRT cleaned off 316,971 machines in one week. A threat researcher with anti-malware firm Trend Micro told SCMagazineUS.com that the motivation behind these threats is financial. Many online games have in-game currency or “game gold.” Portals to convert these various game currencies into real world cash have been available for some time. Stolen game login credentials are similar to stolen banking passwords, since game currency can be turned into real cash, the threat researcher said. Source: http://www.scmagazineus.com/Microsoft-says-password-stealers-pose-biggest-threat/article/127681/

Communications Sector

Nothing to report.

Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, February 25, 2009

Complete DHS Daily Report for February 25, 2009

Daily Report

Headlines

 According to the Virginian-Pilot, the State of Virginia for 30 years has wrongly allowed Dominion Virginia Power to discharge hot wastewater into Lake Anna from its nuclear power plant near Richmond, a circuit court judge ruled on February 20. (See item 5)


5. February 24, Virginian-Pilot – (Virginia) Judge: Nuclear plant’s wastewater discharge was wrong. The state for 30 years has wrongly allowed Dominion Virginia Power to discharge hot wastewater into Lake Anna from its nuclear power plant near Richmond, a judge ruled on February 20. Environmentalists hailed the decision by a Richmond circuit court judge. They said it should lead to first-ever regulations of atomic wastewater and cool parts of Lake Anna, a central Virginia landmark known to eclipse 100 degrees on summer days. “This is huge,” said a science director for the Blue Ridge Environmental Defense League. “We and lakeside residents have long believed that Dominion is guilty of thermal pollution.” Such pollution, he said, threatens human health, property values and aquatic life. The court ruling also could complicate a billion-dollar proposal from Dominion to expand its North Anna nuclear power plant by building a third reactor on Lake Anna in Louisa County. While Dominion has recommended an air-cooling system for the new reactor, the project still would influence lake levels and temperatures, said the president of Friends of Lake Anna, a conservation group. The judge turned this interpretation on its ear. The judge instructed the State Water Control Board to draft a new discharge permit for the nuclear station so that the lake never exceeds 89.6 degrees, said a Richmond attorney representing the environmentalists. Source: http://hamptonroads.com/2009/02/judge-nuclear-plants-wastewater-discharge-was-wrong


 USA Today reports that more than 100 levees in 16 states flunked maintenance inspections in the last two years and are so neglected that they could fail to stem a major flood, records from the U.S. Army Corps of Engineers show. (See item 33)


33. February 24, USA Today – (National) Army Corps cracks down on flunking levees. More than 100 levees in 16 states flunked maintenance inspections in the last two years and are so neglected that they could fail to stem a major flood, records from the U.S. Army Corps of Engineers show. The 114 levees received “unacceptable” maintenance ratings in Corps inspections, meaning their deficiencies are so severe that it can be “reasonably foreseen” that they will not perform properly in a major flood, according to the records, which were requested by USA Today. As a result, the Corps is advising state and local levee authorities that the levees no longer qualify for federal rehabilitation aid if damaged by floodwaters. People who rely on the levees should “be aware that there is reason for concern,” says the head of the Corps’ levee safety program. Source: http://www.usatoday.com/news/nation/2009-02-23-levees_N.htm


Details

Banking and Finance Sector

8. February 24, Quincy Patriot Ledger – (Massachusetts) ‘Phishing’ scam targets South Coastal Bank patrons. An apparent telephone scam attempts to obtain South Coastal Bank customers’ account information. Several Rockland residents, including a bank employee, received the calls, the bank reported on February 23. The recorded message claimed to be from South Coastal Bank. The message said their ATM card had been deactivated and asked them to enter their account information to reactivate the card. The president and CEO of Rockland-based bank said the organization does not know of any customers who gave out their account information. The bank never asks customers for confidential information over the phone, he said. Source: http://www.patriotledger.com/business/x1739334314/-Phishing-scam-targets-South-Coastal-Bank-patrons


9. February 23, Bloomberg – (National) U.S. pledges new capital for banks as stress tests to begin. U.S. financial regulators pledged to inject additional funds into the nation’s major banks to prevent their collapse and will this week begin examinations to determine if they have enough capital. “The government will ensure that banks have the capital and liquidity they need to provide the credit necessary to restore economic growth,” the Treasury and other regulators said in a joint statement in Washington on February 23. “The U.S. government stands firmly behind the banking system during this period of financial strain.” Banks that need additional funds after the so-called stress tests that cannot raise the money from private investors will be able to tap additional taxpayer money, the regulators said. Government funds would be in the form of “mandatory convertible preferred shares” that would be exchanged into common equity “only as needed.” Stakes that the Treasury has already bought in lenders, such as Citigroup Inc. and Bank of America Corp., will also be eligible to be changed to convertible preferred shares. The new funds are designed to provide a “temporary” buffer for firms against increased losses during the crisis. Supervisors will start the stress tests on February 25 to assess whether banks have enough capital to withstand “a more challenging economic environment.” Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=anQdy0Qb32lc&refer=home


10. February 23, WBNG 12 Binghamton – (New York) Text message scam can wipe out money in minutes. BCT Federal Credit Union in Binghamton opened this morning to some worried customers. The customers received text messages on their cell phones, asking for personal banking information. One individual received two messages saying her debit card had been deactivated and she needed to call a number to reactivate it. “I looked in the phone book actually for the GHS phone number because I knew the phone number they had on here probably wasn’t right and told them I didn’t have an account with them and I got this text message...and they told me it was a scam,” said the woman. BCT said those who provided their personal information instantly had their bank accounts wiped out. A representative of the credit union guesses about 100 peoples’ accounts were wiped out. Individuals who received the message said they had received texts claiming they are GHS, BCT and Empower Federal Credit Unions. These institutions said they would never send anyone a text message asking for personal information. Source: http://www.wbng.com/news/local/40121632.html


11. February 23, Shelby Star – (North Carolina) Scam targets area texters. A suspicious text message has been sent to Shelby-area cell phone customers claiming that their account has been closed and instructing them to call a phone number. One individual says he received the text message from “jim@foundationmortgage.com,” and called the phone number. When he did, a recording, allegedly from Fleet Bank, alerted him that there was suspicious activity to his bank account. But this individual did not have an account at Fleet Bank and when the recording instructed him that they needed his credit card number, he hung up. In December 2008, the Star reported a similar scam popped up in West Virginia. Vague messages implore the recipient to reactivate their bankcard. Account information required, of course. At that time, police said they had yet to hear reports of it occurring in Cleveland County. The Cleveland County Sheriff’s Office said this scam mirrors several scams that are targeting locals. A captain with the sheriff’s office said residents should never give out their credit card information, personal information or bank account information to unknown people. Source: http://www.shelbystar.com/news/greene_37201___article.html/message_information.html


12. February 23, SearchFinancialSecurity.com – (National) Credit unions confirm new processor credit card breach. A payment processor is in the process of identifying the extent of damage caused by a malicious program discovered in its systems exposing credit and debit card numbers. MasterCard and Visa are issuing information to banks and credit unions about credit and debit card accounts that were exposed in the data security breach of a second payment processor in less than two months. The Pennsylvania Credit Union Association and the Tuscaloosa, Alabama VA Federal Credit Union posted messages on their Web sites explaining that a breach investigation is ongoing. Both Visa and MasterCard are declining to name the processor while a forensics team investigates the breach. Investigators are also trying to find a link between the latest breach and the recently announced Heartland Payment Systems breach, a credit union official said under condition of anonymity. Visa began releasing information to banks and credit unions about affected accounts on February 9. A vulnerability left potentially thousands of credit and debit card numbers exposed for a period between February 2008 through January 2009, according to an alert issued by the Tuscaloosa VA Federal Credit Union. “We have not been notified that any of our cardholders have fraudulent activity due to this compromise,” the message stated. “While it has been confirmed that malicious software was placed on the processor’s platform, there is no forensic evidence that accounts were viewed or taken by the hackers.” Credit union officials said it appears the breach is not as serious as the Heartland breach. Source: http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1348856,00.html


Information Technology


29. February 24, IDG News Service – (International) Attackers targeting unpatched vulnerability in Excel 2007. Microsoft’s Excel spreadsheet program has a 0-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. A 0-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a Web site that tracks software flaws. Other versions of Excel may also be affected, it said. The program’s vulnerability can be exploited if a user opens a maliciously-crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls “Trojan.Mdropper.AC.” That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of “limited and targeted attacks” and that it would release more information on February 24. Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure. Source: http://www.networkworld.com/news/2009/022409-attackers-targeting-unpatched-vulnerability-in.html


30. February 23, ComputerWeekly – (National) U.S. publishes National Cybersecurity Strategy critical security controls. The U.S. has published a draft list of critical security controls to protect key national information systems from cyber attack. The move is the first step towards creating a comprehensive U.S. national cyber security strategy as recommended by a special advisory commission. The Center for Strategic and International Studies (CSIS), a Washington-based think tank, set up the commission in August 2007 after a series of cyber attacks on critical information systems. The CSIS Commission on Cybersecurity is tasked with advising the U.S. President’s government on how to protect federal information systems and critical infrastructure from attack. The draft controls, known as the Consensus Audit Guidelines, are based on input from 10 federal agencies, Mitre Corporation, Sans Institute, and two penetration testing and forensics firms. The Consensus Audit Guidelines (CAG) project was started in 2008 after data losses by leading U.S. defense industry firms. The goal was to draw up a risk-based standard to counter all known types of cyber attack. “This is the best example of risk-based security I have ever seen,” said the director of research at the Sans Institute. Source: http://www.computerweekly.com/Articles/2009/02/23/234969/us-publishes-national-cybersecurity-strategy-critical-security.htm


31. February 23, Computerworld – (International) Adobe flaw has been used in attacks since early January. A dangerous and unpatched vulnerability in Adobe Systems Inc.’s PDF-reading software has been around a lot longer than previously realized. The Adobe Reader flaw, which was first reported recently, has caused concern because the bug is easy to exploit and Adobe is not expected to patch it for several weeks. A vulnerability researcher at intrusion-prevention vendor Sourcefire Inc. posted a patch for the flaw on February 22. But the unsupported patch applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees that it will actually work. Security researchers at Symantec Corp. told Adobe about the flaw, which also affects the vendor’s Acrobat software, on February 12. But on February 23, Sourcefire said an analysis of its malware database showed that attackers have been exploiting the flaw for more than six weeks. Sourcefire has found samples of exploit code dating back to January 9, said the company’s senior director of vulnerability research. To date, the flaw has been used in small-scale attacks targeted against specific individuals, according to security researchers. Symantec, for example, said it has tracked only 100 attacks thus far. But that number has been increasing since exploit code for the flaw, which affects both Windows and Macintosh users, was made public. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=18&articleId=9128479&intsrc=hm_topic

Communications Sector

Nothing to report.