Monday, October 4, 2010

Complete DHS Daily Report for October 4, 2010

Daily Report

Top Stories

•Bloomberg reports that an explosion occurred September 30 at a nitrogen fertilizer plant near CVR Energy Inc’s Coffeyville, Kansas oil refinery. (See item 4)

4. October 1, Bloomberg – (Kansas) CVR’s Kansas nitrogen fertilizer plant has explosion; refinery unaffected. CVR Energy Inc. had an explosion late September 30 at a nitrogen fertilizer plant near its Coffeyville, Kansas refinery, a spokesman for the company said. “No one was injured and the refinery is business as usual,” he said in a telephone interview October 1. “The nitrogen fertilizer plant is in recovery mode now.” The explosion occurred at about 6:30 p.m. at the fertilizer plant, which is adjacent to the 120,000- barrel-per-day refinery, he said. Non-essential refinery personnel were evacuated for less than 1 hour. The blast happened at the urea ammonium nitrate production facility, a captain with the Coffeyville fire department said. “Although the incident was heard through the area surrounding the plant, no impact was recorded beyond the fence line,” he said. The explosion is under investigation. Source: http://www.bloomberg.com/news/2010-10-01/cvr-s-nitrogen-fertilizer-plant-in-kentucky-reports-explosion-yesterday.html

•According to the Cincinnati Enquirer, the FBI and the U.S. Postal Service are investigating threatening letters sent to at least two KinderCare facilities in Ohio, including one saying that “everyone at Kinder Care should die in a 9/11-styleattack.” (See item 35)

35. October 1, Cincinnati Enquirer – (Ohio) Daycare threats under investigation in Ohio. Two federal agencies — the FBI and the U.S. Postal Service — are investigating threatening letters that have been sent to at least two KinderCare facilities in Ohio. A spokesman for the Cincinnati office of the FBI confirmed an investigation October 1, but divulged no specifics about the alleged threats, including which daycares are involved or the total number. “We don’t see an imminent threat as a result of the letters,” the spokesman said. Various media reports place it at three — two in Butler County and one in Montgomery County near Dayton. On September 10, Fairfield Township police said security was heightened at the Morris Road KinderCare facility after it received a threatening letter written by a person who “felt that everyone at Kinder Care should die in a 9/11-style attack.” On September 30, KinderCare Learning Center at 1250 Elliott Dr. in Middletown told at least two media outlets it received a similar letter. Middletown police said October 1 they had no information about such an incident. Source: http://news.cincinnati.com/article/20101001/NEWS010701/310010005/Daycares-get-terror-threats

Details

Banking and Finance Sector

14. October 1, Associated Press – (New Jersey) Online hackers steal $600K from city of Brigantine’s bank account. Computer hackers managed to steal $600,000 from a New Jersey shore town’s bank account. Officials said $200,000 of the town of Brigatine’s money still has not been recovered. TD Bank notified Brigantine September 28 that multiple wire transfers had taken place from its account. Police said someone was able to get a user name and password. Authorities said a virus or a fake Web page set up to mimic the bank’s real one might have been used to carry out the thefts. State police and the FBI are assisting the investigation. The bank said it was able to reverse about $400,000 of the fraudulent transfers. Source: http://www.nj.com/news/index.ssf/2010/10/online_hackers_steal_600k_from.html

15. October 1, IDG News Service – (International) Zeus botnet thriving despite arrests in the U.S., U.K. The Zeus botnet remains a robust network that is difficult to destroy despite an international sting operation that saw dozens arrested the week of September 27 for allegedly stealing money from online bank accounts. While it is encouraging to see law enforcement investigate, Zeus is still a problem, said a co-founder of the Shadowserver Foundation, an organization that tracks botnets. The arrests appear to not have had a significant technical impact on the Zeus botnet. As of October 1, at least 170 C&Cs for Zeus are still online, according to statistics compiled by the administrator of Zeus Tracker. On October 1, the Zeus tracker shows that the Russian registrar Reg.ru sold 10 domain names that are now being used for Zeus-related activity. Seven of those domain names are redirecting to one domain that recently hosted Zeus files. The most recent domain name sold through Reg.ru was added to Zeus Tracker September 29. That server temporarily hosted two kinds of Zeus files that have since been removed. It is possible that the owner of that domain discovered the infection and then removed the offending files. Source: http://www.computerworld.com/s/article/9189123/Zeus_botnet_thriving_despite_arrests_in_the_U.S._U.K.

16. September 30, Los Angeles Times – (California) L.A. money manager indicted on 23 charges in alleged Ponzi scheme. A federal grand jury has indicted the former owner of a Sherman Oaks, California company on 23 felony charges related to a $228-million Ponzi scheme that victimized investors across the United States, said a spokesman for the U.S. attorney’s office in Los Angeles. He was arrested September 13 outside a hotel where he was staying in Cannes, France on a warrant obtained by federal prosecutors. The suspect is being held in French custody awaiting extradition proceedings. The Securities and Exchange Commission shut down his company, Diversified Lending Group, in March 2009 and filed civil charges accusing him of operating a massive Ponzi scheme since 2004. The suspect is accused of raising $228 million that he said he would invest in rental properties, but instead he diverted more than $50 million to himself , friends, and family. None of the money was used to buy rental properties, an FBI agent said in an affidavit. Source: http://latimesblogs.latimes.com/money_co/2010/09/la-money-manager-friedman-indicted-on-23-charges-in-alleged-ponzi-scheme.html

17. September 30, Atlanta Journal-Constitution – (Georgia) FBI: Wig-Wearing Bandits, minus the hairpieces, strike Chase Bank. The so-called Wig-Wearing Bandits were back in the Atlanta, Georgia area again September 30 but minus the long, black scraggly hairpieces, the FBI said. The Chase Bank on 1250 Tech Drive in Norcross was robbed. The robbers — two men who went inside the bank and a third behind the wheel of a get-away car — were not wearing the shoulder-length black wigs this time, but federal agents said that was the only difference in the September 30 robbery from eight other robberies since late July. The get-away car was reported stolen from DeKalb County September 29. Wells Fargo said it will give a reward of up to $25,000 for information that leads to the arrest and conviction of the robbers. The FBI believes the men are connected to a string of take-over robberies in metro Atlanta. In each incident, they were carrying guns. Source: http://www.ajc.com/news/gwinnett/fbi-wig-wearing-bandits-648841.html

18. September 30, San Antonio Express-News – (Texas) Hackers blamed in BexarMet theft. A breach of security while an employee was online at the Bexar Metropolitan Water District allowed hackers to steal $25,000 from one of the utility’s Bank of America accounts, according to the private investigation that concluded the week of September 27. According to BexarMet staff and board members, malware was inadvertently downloaded onto a new computer at the utility while an unidentified employee in the accounting department was on the Internet. The money was transferred to an account at SunTrust Bank in Florida. A second transfer was attempted, for $20,820 to a JPMorgan Chase Bank account in Florida, but raised suspicion at Bank of America and was stopped. The SunTrust Bank account was frozen, and BexarMet is determining whether any money can be recovered, or if the funds were transferred again, possibly to an account in the Netherlands. BexarMet learned of the stolen money August 18. “Based upon the available information recovered, Denim Group believes this incident concluded after the attack and is not ongoing,” said a partner in the computer security firm. Source: http://www.mysanantonio.com/news/local_news/Hackers_blamed_in_BexarMet_theft_104051989.html?c=y&page=1#storytop

19. September 30, V3.co.uk – (International) Organizations struggling with PCI compliance. Security experts have used the September 30 Payment Card Industry Data Security Standards (PCI DSS) compliance deadline to warn against complacency in the industry. However, an international senior vice president at endpoint security firm Lumension suggested that the standard had left even the largest merchants confused. “PCI compliance might have been around for some time, but merchants are still struggling to get their heads around the requirements,” he said. “Version 2.0 is just around the corner, meaning that merchants need to be concerned about their ability to prove compliance with v1.2, and with the steps they must take to get to the next stage of compliance. All too often, organizations fall into the compliance trap and focus all their efforts on meeting the requirements of a new deadline without thinking about the bigger picture,” he said. “Taking a myopic view of regulatory compliance creates a situation where merchants are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets.” Source: http://www.v3.co.uk/v3/news/2270762/organisations-struggle-pci

20. September 28, BBC News – (National) US banks and regulators ‘fail’ to cut money laundering. One of the United States’ top fraud investigators is warning that America’s policing of money laundering is wide open to abuse. He said that billions of dollars are slipping through the U.S. banking system. In testimony ahead of a Congressional hearing on terrorist financing September 28, he said that only international action can stop the laundering. The U.S. Committee on Financial Services is taking evidence on “trends in terrorism financing.” The fraud investigator said the “powerful tools” to stop the laundering of drug and terrorist money “are not being used as vigorously and consistently as they could be” and that only the United States “possesses the resources and tools to protect the global financial system.” He also criticized Wall Street’ s due diligence. Another expert witness in his pre-hearing testimony said the problem was U.S. banks rely heavily on the accuracy of transactional information given to them by foreign banks. But very often U.S. banks have to take that information on trust, he said. Source: http://www.bbc.co.uk/news/business-11426166

For more stories, see items 43 and 49 below in the Information Technology and Communications sectors respectively

Information Technology

42. October 1, Softpedia – (International) Adobe to ship critical security updates for Reader next Tuesday. Adobe announced October 5 as a definitive release date for its upcoming Adobe Reader and Acrobat quarterly security updates, which will address two zero-day vulnerabilities. On September 8, Adobe confirmed that a critical arbitrary code execution exists in the latest versions of Adobe Reader and Acrobat, after discovering it in the wild. Identified as CVE-2010-2883, the flaw was exploited in active attacks that infected users with malware by tricking them into opening maliciously crafted PDF documents. “The updates [expected on Tuesday] will address critical security issues in the products, including CVE-2010-2883 referenced in Security Advisory APSA10-02 and CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22,” the company said in a prenotification posted on the Adobe Product Security Incident Response Team blog. Source: http://news.softpedia.com/news/Adobe-to-Ship-Critical-Security-Updates-for-Reader-Next-Tuesday-159022.shtml

43. October 1, PC Advisor UK – (International) Trojans made up 55% of all malware in Q3. More than half (55 percent) of all new malware identified in Q3 of this year were Trojan viruses, said PandaLabs. The research arm of Panda Security said most of these were banker trojans designed to trick Web users into navigating to fake financial sites so cybercriminals can steal log-in details and passwords. The use of e-mail in distributing malware, once the most favored method, has declined. Instead, cybercriminals are resorting to social-media-related infections, including clickjacking attacks on social networks such as Facebook, and poisoned search results. Panda also said 95 percent of all e-mail received during Q3 was spam, and 50 percent of this was sent from just 10 countries, which included India, Brazil, and Russia. For the first time, the United Kingdom has fallen out of the list of the world’s biggest spam-producing countries. The security firm also said over the past 3 months it has seen a number of attacks on Google Android phones, which could be the beginning of a wave of threats targeting smartphones. Source: http://www.networkworld.com/news/2010/100110-trojans-made-up-55-of.html?hpg1=bn

44. September 30, Agence France-Presse – (International) Stuxnet ‘cyber superweapon’ moves to China. The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported the week of September 27. “This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer at antivirus service provider Rising International Software told the Global Times. “Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added. Another unnamed expert at Rising International said the attacks had so far infected more than 6 million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported. “So far we don’t see any severe damage done by the virus,” an analyst with the China Information Technology Security Evaluation Center was quoted in the Global Times. The week of September 20, the director of the National Cybersecurity and Communications Integration Center told reporters in Washington D.C that the country was analyzing the computer worm but did not know who was behind it or its purpose. Source: http://www.google.com/hostednews/afp/article/ALeqM5iFRHUmI2w6HaAFZq-wUNre813wcA?docId=CNG.f6fba55ad8f5e329c0c25bad9aa7b8d3.651

Communications Sector

45. October 1, Eugene Register-Guard – (Oregon) Truck hits cables, causes Comcast outage. Comcast employees worked into the darkness September 30 to repair as many as five fiber-optic cables damaged after a Eugene, Oregon dump truck with its bed raised pulled out of the St. Thomas Episcopal Church parking lot at 1465 Coburg Road around 2 p.m., resulting in the disruption of telephone, cable television and Internet service to residences and businesses. The truck’s raised bed severed some overhead cables. Customers in the Coburg Road, Ferry Street Bridge and University of Oregon areas were affected, the Comcast vice president for external affairs said. The exact number of customers affected was not immediately known, she said. The disruption kept some viewers from watching the lone televised debate between gubernatorial candidates. Some customers had service restored by 8 p.m., but others were without it at 8:30 p.m. Source: http://www.registerguard.com/csp/cms/sites/web/updates/25354897-55/truck-cables-comcast-customers-coburg.csp

46. October 1, Lincoln Courier – (Illinois) Hardware glitch bugs Frontier. Land-line phone service, cell phone service and even technical support line service for 911 was disrupted September 30 throughout numerous counties in central and northwestern Illinois after a hardware equipment failure. The general manager for Frontier Communications’ eastern Illinois region reported that while the problem appeared to be a cut fiber optic cable, further investigation showed that there had been a hardware failure in the company’s McLean County office. He said that while a backup system should have taken over after the hardware failure, it failed to do so. He added that further testing would be done, and more plans would be put in place for the backup system to avoid future problems. Source: http://www.lincolncourier.com/highlight/x1616319779/Hardware-glitch-bugs-Frontier

47. October 1, Associated Press – (South Carolina) Prison chief eyes new cell phone intercept system. South Carolina’s prison director still wants a system to jam all cell phone signals in prison, but said September 30 he is testing a less intrusive technology to block signals from phones illegally smuggled to inmates. He spoke at a workshop in Washington D.C. hosted by the Federal Communications Commission (FCC) “We wouldn’t be here if we weren’t admitting that we needed some help, because the phones are going to make it in anyway, and we can’t find them all,” he said. For years, the prison director has been pushing regulators for permission to use a radio frequency technology that nullifies phone signals before they can reach a cell tower. He and other prison directors nationwide complain that smuggled cell phones allow inmates to organize criminal activity outside of prison. He has asked the FCC to let him test jamming on a pilot basis, submitting a petition signed by 30 states. Source: http://abcnews.go.com/Technology/wireStory?id=11774171

48. September 30, Softpedia – (International) Increase in VoIP attacks prompts expert to build specialized blacklist. Overwhelmed by the number of attacks against PBX systems at the managed service provider where he works, a security engineer has launched a project to gather and and list offending Internet Protocol (IP) addresses involved in VoIP abuse. “Throughout the course of the day, I got tired of seeing VoIP-based brute force attempts that I decided to out companies who sit around and choose to do nothing about the attacks coming from their networks,” the initiator of the VoIP Abuse Project said. “In an effort to make other companies who have PBX servers online aware of the attackers, I will be posting the information of address and companies [from] which these attacks are coming from,” he said. The term PBX stands for private branch exchange and refers to the multi-line telephone systems used in business environments. Attackers hack into such systems to make long-distance calls to foreign countries or launch over-the-phone phishing attacks known as vishing. According to him, the most common type of attack he sees is brute forcing and comes from systems that have already been compromised. Source: http://news.softpedia.com/news/Increase-in-VoIP-Attacks-Prompts-Expert-to-Build-Public-Blacklist-158870.shtml

49. September 30, Softpedia – (International) Vodafone Web sites riddled with XSS and SQL injection vulnerabilities. Nine different Vodafone Web sites are vulnerable to cross-site scripting (XSS) vulnerabilities, while the U.K. one is affected by a more dangerous SQL injection flaw. XSS weaknesses were found on Vodafone.com, Vodafone.com.au, Vodafone.de, Vodafone.es, Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.ro, Vodafone.com.tr and Vodafone.in by a Romanian security enthusiast, who goes by the nickname of d3v1l. D3v1l, who’s track record includes XSS flaws found in numerous high profile Web sites like PayPal, Visa, US Bank, VeriSign, Mashable, Twitter, Tweetmeme or Symantec, has published details of the Vodafone vulnerabilities on his blog. Cross-site scripting attacks can be of multiple types, with “persistent” ones being most dangerous, because they result in permanent changes made to pages. The XSS bugs on the Vodafone Web sites are of the “reflected” kind, which means that attackers can only exploit them by tricking users into visiting specially crafted URLs. Nevertheless, they can still be leveraged to enhance phishing and other attacks. Back in November 2009, malware pushers distributed a banking trojan to Vodafone UK customers, as an account balance checking tool. Source: http://news.softpedia.com/news/Vodafone-Websites-Riddled-with-XSS-and-SQL-Injection-Vulnerabilities-158692.shtml

Monday, October 4, 2010

Complete DHS Daily Report for October 4, 2010

Daily Report

Top Stories

•Bloomberg reports that an explosion occurred September 30 at a nitrogen fertilizer plant near CVR Energy Inc’s Coffeyville, Kansas oil refinery. (See item 4)

4. October 1, Bloomberg – (Kansas) CVR’s Kansas nitrogen fertilizer plant has explosion; refinery unaffected. CVR Energy Inc. had an explosion late September 30 at a nitrogen fertilizer plant near its Coffeyville, Kansas refinery, a spokesman for the company said. “No one was injured and the refinery is business as usual,” he said in a telephone interview October 1. “The nitrogen fertilizer plant is in recovery mode now.” The explosion occurred at about 6:30 p.m. at the fertilizer plant, which is adjacent to the 120,000- barrel-per-day refinery, he said. Non-essential refinery personnel were evacuated for less than 1 hour. The blast happened at the urea ammonium nitrate production facility, a captain with the Coffeyville fire department said. “Although the incident was heard through the area surrounding the plant, no impact was recorded beyond the fence line,” he said. The explosion is under investigation. Source: http://www.bloomberg.com/news/2010-10-01/cvr-s-nitrogen-fertilizer-plant-in-kentucky-reports-explosion-yesterday.html

•According to the Cincinnati Enquirer, the FBI and the U.S. Postal Service are investigating threatening letters sent to at least two KinderCare facilities in Ohio, including one saying that “everyone at Kinder Care should die in a 9/11-styleattack.” (See item 35)

35. October 1, Cincinnati Enquirer – (Ohio) Daycare threats under investigation in Ohio. Two federal agencies — the FBI and the U.S. Postal Service — are investigating threatening letters that have been sent to at least two KinderCare facilities in Ohio. A spokesman for the Cincinnati office of the FBI confirmed an investigation October 1, but divulged no specifics about the alleged threats, including which daycares are involved or the total number. “We don’t see an imminent threat as a result of the letters,” the spokesman said. Various media reports place it at three — two in Butler County and one in Montgomery County near Dayton. On September 10, Fairfield Township police said security was heightened at the Morris Road KinderCare facility after it received a threatening letter written by a person who “felt that everyone at Kinder Care should die in a 9/11-style attack.” On September 30, KinderCare Learning Center at 1250 Elliott Dr. in Middletown told at least two media outlets it received a similar letter. Middletown police said October 1 they had no information about such an incident. Source: http://news.cincinnati.com/article/20101001/NEWS010701/310010005/Daycares-get-terror-threats

Details

Banking and Finance Sector

14. October 1, Associated Press – (New Jersey) Online hackers steal $600K from city of Brigantine’s bank account. Computer hackers managed to steal $600,000 from a New Jersey shore town’s bank account. Officials said $200,000 of the town of Brigatine’s money still has not been recovered. TD Bank notified Brigantine September 28 that multiple wire transfers had taken place from its account. Police said someone was able to get a user name and password. Authorities said a virus or a fake Web page set up to mimic the bank’s real one might have been used to carry out the thefts. State police and the FBI are assisting the investigation. The bank said it was able to reverse about $400,000 of the fraudulent transfers. Source: http://www.nj.com/news/index.ssf/2010/10/online_hackers_steal_600k_from.html

15. October 1, IDG News Service – (International) Zeus botnet thriving despite arrests in the U.S., U.K. The Zeus botnet remains a robust network that is difficult to destroy despite an international sting operation that saw dozens arrested the week of September 27 for allegedly stealing money from online bank accounts. While it is encouraging to see law enforcement investigate, Zeus is still a problem, said a co-founder of the Shadowserver Foundation, an organization that tracks botnets. The arrests appear to not have had a significant technical impact on the Zeus botnet. As of October 1, at least 170 C&Cs for Zeus are still online, according to statistics compiled by the administrator of Zeus Tracker. On October 1, the Zeus tracker shows that the Russian registrar Reg.ru sold 10 domain names that are now being used for Zeus-related activity. Seven of those domain names are redirecting to one domain that recently hosted Zeus files. The most recent domain name sold through Reg.ru was added to Zeus Tracker September 29. That server temporarily hosted two kinds of Zeus files that have since been removed. It is possible that the owner of that domain discovered the infection and then removed the offending files. Source: http://www.computerworld.com/s/article/9189123/Zeus_botnet_thriving_despite_arrests_in_the_U.S._U.K.

16. September 30, Los Angeles Times – (California) L.A. money manager indicted on 23 charges in alleged Ponzi scheme. A federal grand jury has indicted the former owner of a Sherman Oaks, California company on 23 felony charges related to a $228-million Ponzi scheme that victimized investors across the United States, said a spokesman for the U.S. attorney’s office in Los Angeles. He was arrested September 13 outside a hotel where he was staying in Cannes, France on a warrant obtained by federal prosecutors. The suspect is being held in French custody awaiting extradition proceedings. The Securities and Exchange Commission shut down his company, Diversified Lending Group, in March 2009 and filed civil charges accusing him of operating a massive Ponzi scheme since 2004. The suspect is accused of raising $228 million that he said he would invest in rental properties, but instead he diverted more than $50 million to himself , friends, and family. None of the money was used to buy rental properties, an FBI agent said in an affidavit. Source: http://latimesblogs.latimes.com/money_co/2010/09/la-money-manager-friedman-indicted-on-23-charges-in-alleged-ponzi-scheme.html

17. September 30, Atlanta Journal-Constitution – (Georgia) FBI: Wig-Wearing Bandits, minus the hairpieces, strike Chase Bank. The so-called Wig-Wearing Bandits were back in the Atlanta, Georgia area again September 30 but minus the long, black scraggly hairpieces, the FBI said. The Chase Bank on 1250 Tech Drive in Norcross was robbed. The robbers — two men who went inside the bank and a third behind the wheel of a get-away car — were not wearing the shoulder-length black wigs this time, but federal agents said that was the only difference in the September 30 robbery from eight other robberies since late July. The get-away car was reported stolen from DeKalb County September 29. Wells Fargo said it will give a reward of up to $25,000 for information that leads to the arrest and conviction of the robbers. The FBI believes the men are connected to a string of take-over robberies in metro Atlanta. In each incident, they were carrying guns. Source: http://www.ajc.com/news/gwinnett/fbi-wig-wearing-bandits-648841.html

18. September 30, San Antonio Express-News – (Texas) Hackers blamed in BexarMet theft. A breach of security while an employee was online at the Bexar Metropolitan Water District allowed hackers to steal $25,000 from one of the utility’s Bank of America accounts, according to the private investigation that concluded the week of September 27. According to BexarMet staff and board members, malware was inadvertently downloaded onto a new computer at the utility while an unidentified employee in the accounting department was on the Internet. The money was transferred to an account at SunTrust Bank in Florida. A second transfer was attempted, for $20,820 to a JPMorgan Chase Bank account in Florida, but raised suspicion at Bank of America and was stopped. The SunTrust Bank account was frozen, and BexarMet is determining whether any money can be recovered, or if the funds were transferred again, possibly to an account in the Netherlands. BexarMet learned of the stolen money August 18. “Based upon the available information recovered, Denim Group believes this incident concluded after the attack and is not ongoing,” said a partner in the computer security firm. Source: http://www.mysanantonio.com/news/local_news/Hackers_blamed_in_BexarMet_theft_104051989.html?c=y&page=1#storytop

19. September 30, V3.co.uk – (International) Organizations struggling with PCI compliance. Security experts have used the September 30 Payment Card Industry Data Security Standards (PCI DSS) compliance deadline to warn against complacency in the industry. However, an international senior vice president at endpoint security firm Lumension suggested that the standard had left even the largest merchants confused. “PCI compliance might have been around for some time, but merchants are still struggling to get their heads around the requirements,” he said. “Version 2.0 is just around the corner, meaning that merchants need to be concerned about their ability to prove compliance with v1.2, and with the steps they must take to get to the next stage of compliance. All too often, organizations fall into the compliance trap and focus all their efforts on meeting the requirements of a new deadline without thinking about the bigger picture,” he said. “Taking a myopic view of regulatory compliance creates a situation where merchants are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets.” Source: http://www.v3.co.uk/v3/news/2270762/organisations-struggle-pci

20. September 28, BBC News – (National) US banks and regulators ‘fail’ to cut money laundering. One of the United States’ top fraud investigators is warning that America’s policing of money laundering is wide open to abuse. He said that billions of dollars are slipping through the U.S. banking system. In testimony ahead of a Congressional hearing on terrorist financing September 28, he said that only international action can stop the laundering. The U.S. Committee on Financial Services is taking evidence on “trends in terrorism financing.” The fraud investigator said the “powerful tools” to stop the laundering of drug and terrorist money “are not being used as vigorously and consistently as they could be” and that only the United States “possesses the resources and tools to protect the global financial system.” He also criticized Wall Street’ s due diligence. Another expert witness in his pre-hearing testimony said the problem was U.S. banks rely heavily on the accuracy of transactional information given to them by foreign banks. But very often U.S. banks have to take that information on trust, he said. Source: http://www.bbc.co.uk/news/business-11426166

For more stories, see items 43 and 49 below in the Information Technology and Communications sectors respectively

Information Technology

42. October 1, Softpedia – (International) Adobe to ship critical security updates for Reader next Tuesday. Adobe announced October 5 as a definitive release date for its upcoming Adobe Reader and Acrobat quarterly security updates, which will address two zero-day vulnerabilities. On September 8, Adobe confirmed that a critical arbitrary code execution exists in the latest versions of Adobe Reader and Acrobat, after discovering it in the wild. Identified as CVE-2010-2883, the flaw was exploited in active attacks that infected users with malware by tricking them into opening maliciously crafted PDF documents. “The updates [expected on Tuesday] will address critical security issues in the products, including CVE-2010-2883 referenced in Security Advisory APSA10-02 and CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22,” the company said in a prenotification posted on the Adobe Product Security Incident Response Team blog. Source: http://news.softpedia.com/news/Adobe-to-Ship-Critical-Security-Updates-for-Reader-Next-Tuesday-159022.shtml

43. October 1, PC Advisor UK – (International) Trojans made up 55% of all malware in Q3. More than half (55 percent) of all new malware identified in Q3 of this year were Trojan viruses, said PandaLabs. The research arm of Panda Security said most of these were banker trojans designed to trick Web users into navigating to fake financial sites so cybercriminals can steal log-in details and passwords. The use of e-mail in distributing malware, once the most favored method, has declined. Instead, cybercriminals are resorting to social-media-related infections, including clickjacking attacks on social networks such as Facebook, and poisoned search results. Panda also said 95 percent of all e-mail received during Q3 was spam, and 50 percent of this was sent from just 10 countries, which included India, Brazil, and Russia. For the first time, the United Kingdom has fallen out of the list of the world’s biggest spam-producing countries. The security firm also said over the past 3 months it has seen a number of attacks on Google Android phones, which could be the beginning of a wave of threats targeting smartphones. Source: http://www.networkworld.com/news/2010/100110-trojans-made-up-55-of.html?hpg1=bn

44. September 30, Agence France-Presse – (International) Stuxnet ‘cyber superweapon’ moves to China. The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported the week of September 27. “This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer at antivirus service provider Rising International Software told the Global Times. “Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added. Another unnamed expert at Rising International said the attacks had so far infected more than 6 million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported. “So far we don’t see any severe damage done by the virus,” an analyst with the China Information Technology Security Evaluation Center was quoted in the Global Times. The week of September 20, the director of the National Cybersecurity and Communications Integration Center told reporters in Washington D.C that the country was analyzing the computer worm but did not know who was behind it or its purpose. Source: http://www.google.com/hostednews/afp/article/ALeqM5iFRHUmI2w6HaAFZq-wUNre813wcA?docId=CNG.f6fba55ad8f5e329c0c25bad9aa7b8d3.651

Communications Sector

45. October 1, Eugene Register-Guard – (Oregon) Truck hits cables, causes Comcast outage. Comcast employees worked into the darkness September 30 to repair as many as five fiber-optic cables damaged after a Eugene, Oregon dump truck with its bed raised pulled out of the St. Thomas Episcopal Church parking lot at 1465 Coburg Road around 2 p.m., resulting in the disruption of telephone, cable television and Internet service to residences and businesses. The truck’s raised bed severed some overhead cables. Customers in the Coburg Road, Ferry Street Bridge and University of Oregon areas were affected, the Comcast vice president for external affairs said. The exact number of customers affected was not immediately known, she said. The disruption kept some viewers from watching the lone televised debate between gubernatorial candidates. Some customers had service restored by 8 p.m., but others were without it at 8:30 p.m. Source: http://www.registerguard.com/csp/cms/sites/web/updates/25354897-55/truck-cables-comcast-customers-coburg.csp

46. October 1, Lincoln Courier – (Illinois) Hardware glitch bugs Frontier. Land-line phone service, cell phone service and even technical support line service for 911 was disrupted September 30 throughout numerous counties in central and northwestern Illinois after a hardware equipment failure. The general manager for Frontier Communications’ eastern Illinois region reported that while the problem appeared to be a cut fiber optic cable, further investigation showed that there had been a hardware failure in the company’s McLean County office. He said that while a backup system should have taken over after the hardware failure, it failed to do so. He added that further testing would be done, and more plans would be put in place for the backup system to avoid future problems. Source: http://www.lincolncourier.com/highlight/x1616319779/Hardware-glitch-bugs-Frontier

47. October 1, Associated Press – (South Carolina) Prison chief eyes new cell phone intercept system. South Carolina’s prison director still wants a system to jam all cell phone signals in prison, but said September 30 he is testing a less intrusive technology to block signals from phones illegally smuggled to inmates. He spoke at a workshop in Washington D.C. hosted by the Federal Communications Commission (FCC) “We wouldn’t be here if we weren’t admitting that we needed some help, because the phones are going to make it in anyway, and we can’t find them all,” he said. For years, the prison director has been pushing regulators for permission to use a radio frequency technology that nullifies phone signals before they can reach a cell tower. He and other prison directors nationwide complain that smuggled cell phones allow inmates to organize criminal activity outside of prison. He has asked the FCC to let him test jamming on a pilot basis, submitting a petition signed by 30 states. Source: http://abcnews.go.com/Technology/wireStory?id=11774171

48. September 30, Softpedia – (International) Increase in VoIP attacks prompts expert to build specialized blacklist. Overwhelmed by the number of attacks against PBX systems at the managed service provider where he works, a security engineer has launched a project to gather and and list offending Internet Protocol (IP) addresses involved in VoIP abuse. “Throughout the course of the day, I got tired of seeing VoIP-based brute force attempts that I decided to out companies who sit around and choose to do nothing about the attacks coming from their networks,” the initiator of the VoIP Abuse Project said. “In an effort to make other companies who have PBX servers online aware of the attackers, I will be posting the information of address and companies [from] which these attacks are coming from,” he said. The term PBX stands for private branch exchange and refers to the multi-line telephone systems used in business environments. Attackers hack into such systems to make long-distance calls to foreign countries or launch over-the-phone phishing attacks known as vishing. According to him, the most common type of attack he sees is brute forcing and comes from systems that have already been compromised. Source: http://news.softpedia.com/news/Increase-in-VoIP-Attacks-Prompts-Expert-to-Build-Public-Blacklist-158870.shtml

49. September 30, Softpedia – (International) Vodafone Web sites riddled with XSS and SQL injection vulnerabilities. Nine different Vodafone Web sites are vulnerable to cross-site scripting (XSS) vulnerabilities, while the U.K. one is affected by a more dangerous SQL injection flaw. XSS weaknesses were found on Vodafone.com, Vodafone.com.au, Vodafone.de, Vodafone.es, Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.ro, Vodafone.com.tr and Vodafone.in by a Romanian security enthusiast, who goes by the nickname of d3v1l. D3v1l, who’s track record includes XSS flaws found in numerous high profile Web sites like PayPal, Visa, US Bank, VeriSign, Mashable, Twitter, Tweetmeme or Symantec, has published details of the Vodafone vulnerabilities on his blog. Cross-site scripting attacks can be of multiple types, with “persistent” ones being most dangerous, because they result in permanent changes made to pages. The XSS bugs on the Vodafone Web sites are of the “reflected” kind, which means that attackers can only exploit them by tricking users into visiting specially crafted URLs. Nevertheless, they can still be leveraged to enhance phishing and other attacks. Back in November 2009, malware pushers distributed a banking trojan to Vodafone UK customers, as an account balance checking tool. Source: http://news.softpedia.com/news/Vodafone-Websites-Riddled-with-XSS-and-SQL-Injection-Vulnerabilities-158692.shtml