Wednesday, January 19, 2011
Complete DHS Daily Report for January 19, 2011
Daily Report
Top Stories
• Framingham MetroWest Daily News reports a chemical explosion January 17 at the Spectrum Microwave building in Marlborough, Massachusetts, sent about 20 employees to the hospital. (See item 13)
13. January 18, Framingham MetroWest Daily News – (Massachusetts) Marlborough chemical explosion sends 20 to hospital. A chemical explosion January 17 at the Spectrum Microwave building in Marlborough, Massachusetts, sent about 20 employees to the hospital. The fire department said it appears a plastic drum with a 20- to 30-gallon capacity apparently ruptured under pressure, causing the explosion at 400 Nickerson Road. The explosion shot the chemicals around the laboratory, but the fire chief said he believes the incident was contained to the lab. The pressure from the explosion knocked over other drums in the lab, but none of them appear to have leaked, he said. There was no fire. There were some employees in the laboratory, but none were injured by the drums. About 50 people were nearby. Six people were taken to Marlborough Hospital and 12 people were taken to Worcester hospitals as a precaution. Patriot Ambulance assisted with the process, sending five of its ambulances to the building. Firefighters evacuated the building after the 7 a.m. incident and took employees next door to 200 Nickerson Road. The building was expected to reopen January 18. Spectrum’s products are used in the aerospace, defense, and communications industries. Source: http://www.metrowestdailynews.com/news/police_and_fire/x1390757884/Marlborough-chemical-explosion-sends-20-to-hosptial
• A former New York commodities trader is facing charges he made repeated death threats against 47 employees of the U.S. Commodities Futures Trading Commission, according to the Associated Press. (See item 48)
48. January 14, Associated Press – (New York; National) Feds: NY man threatened US regulators. A former New York commodities trader is facing charges he made repeated death threats against federal regulators. The suspect from Long Beach, New York is accused of threatening 47 employees of the U.S. Commodities Futures Trading Commission (CFTC) and other agencies. Prosecutors said he also posted a $100,000 reward on his Web site seeking personal information about several government officials. A criminal complaint said the threats followed a CFTC civil enforcement lawsuit filed against the man. The complaint alleged the suspect has been the subject of various disciplinary proceedings. The suspect was arrested January 13 and ordered held without bail during an initial court appearance January 14 in federal court in Central Islip, New York. Source: http://www.wcax.com/Global/story.asp?S=13846164
Details
Banking and Finance Sector
14. January 18, Infosecurity – (International) Ex-banker gives WikiLeaks data on 2,000 private Swiss bank accounts. A Swiss banker handed over two discs of data to WikiLeaks, which could contain evidence of tax evasion and criminal activity committed by prominent people, BBC reports said. The banker will go on trial for breaking bank secrecy laws. In a statement, the bank told the BBC: “Evidently disgruntled and frustrated about unfulfilled career aspirations, the banker exhibited behavior that was detrimental and unacceptable for the bank, which led to termination of the employment relationship.” Authorities in the United States are reportedly urging government agencies to set up programs to identify disgruntled employees who might leak sensitive information. The move comes after whistle-blowing Web site WikiLeaks published thousands of leaked diplomatic cables. Twitter was recently issued with a subpoena by the government to release the personal details of people connected to WikiLeaks. The bank account data is expected to appear on WikiLeaks. Source: http://www.infosecurity-us.com/view/15245/exbanker-gives-wikileaks-data-on-2000-private-swiss-bank-accounts/
15. January 16, Middle East Media Research Institute – (International) Jihadi cleric Anwar al-Awlaki to jihadists living in the West: Obtain money by any means possible, especially from the U.S. government and its citizens. In a new fatwa issued in the lead article of the fourth issue of Inspire magazine, which was published January 16, a Yemeni-American jihadi cleric encourages jihadists living in the West to assist the financing of jihadi activities through any means possible, including theft, embezzlement, and seizure of property. The U.S. government, and U.S. citizens are singled out as prime targets for these acts. Following are the main points and excerpts from the article: In an attempt to deal with the cash-shortage jihadist groups are facing, the cleric gives religious justification to any actions used by jihadists to obtain money. In the article, titled “The Ruling on Dispossessing the Disbelievers’ Wealth in Dar Al-Harb,” the cleric deals with the issue by ruling that Western countries are considered dar al-harb [the territory of war], countries on which the rules of war apply. Since this is the case, the cleric says Muslims living in the West are not bound by any laws or contracts that prohibit them to harm their countries of residence: “It is the consensus of our scholars that the property of the disbelievers in dar al-harb is halal [permissible] for the Muslims and is a legitimate target for the mujahidin.” Source: http://www.memritv.org/report/en/4921.htm
16. January 15, WSMV 4 Nashville – (Tennessee) Suspected bank robber arrested in Smyrna. Police in Smyrna, Tennessee, and the FBI said they have arrested a man they believe may be linked the three holdups at the Ascend Credit Union, at 2:05 p.m. January 15. Police said the suspect was arrested, without incident, at a North Lamar Road home just outside the Smyrna city limits. The suspect is currently being charged under federal indictment for one count of armed robbery at the Ascend Federal Credit Union on Nissan Boulevard in Smyrna. Investigators said the suspect is linked to three robberies at the bank: one in January and two in December. Source: http://www.wsmv.com/news/26506606/detail.html
17. January 14, Pasadena Star-News – (California) Man suspected of leaving explosive device near Arcadia bank in custody. A 23-year-old man was in custody January 14 after he entered Foothills Middle School in Arcadia, California. He was asked to leave by school officials and then left what appeared to be a “homemade explosive device” near a Foothill Boulevard bank, school district and police officials said. The 23-year-old suspect was booked on suspicion of possession of an explosive device, an Arcadia police spokesman said. The Bank of America, the McDonald’s, and a strip mall parking lot on Foothill Avenue were among the areas evacuated for a few hours until the Los Angeles County Sheriff’s Department Bomb Squad successfully detonated the device in the early afternoon. Traffic was also blocked with police cars between First and Second Avenues during this time. Source: http://www.pasadenastarnews.com/news/ci_17097888
18. January 14, Greeley Tribune – (Colorado) Greeley couple arrested, accused of four bank robberies. A woman arrested for her involvement in six northern Colorado robberies in the past month that netted more than $11,000, told police she and her boyfriend “deserved” the money because they had a tough life. The 20-year-old female suspect and her 22-year-old boyfriend both told police they also spent much of their stolen money on heroin. In appearances in Weld District Court January 15, the male’s bond was set at $400,000 and the female suspect’s at $210,000. The Weld District Attorney has until 3:30 p.m. January 19 to formally charge them. According to court affidavits, the female suspect told investigators that no one was hurt in the robberies, because the gun was not loaded and her boyfriend “was only stealing from the government or the FDIC.” The couple was arrested January 13 after a bank teller at the Credit Union of Colorado placed the money in the robber’s bag, along with an electronic device that enabled police to track the stolen cash. Source: http://www.greeleytribune.com/article/20110114/NEWS/701149993/1005
Information Technology
54. January 18, BBC News – (International) Facebook U-turns on phone and address data sharing. Facebook appears to have decided to allow external Web sites to see users’ addresses and mobile phone numbers. Security experts said such a system would be ripe for exploitation from rogue app developers. The feature has been put on “temporary hold,” the social networking firm said in its developers blog. It said it needed to find a more robust way to make sure users know what information they are handing over. “Over the weekend [January 15 and 16], we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and are making changes to help ensure you only share this information when you intend to do so,” the firm said. The updates would be launched “in the next few weeks,” it added and the feature will be suspended in the meantime. Source: http://www.bbc.co.uk/news/technology-12214628
55. January 18, IDG News Service – (International) Third-party apps remains security weak point. Microsoft is still burdened with a bad reputation among users for security, although figures show its products are more secure than most on a person’s computer, according to new data from the Danish security vendor Secunia. The number of vulnerabilities in software commonly found on PCs shot up by 71 percent between 2009 and 2010, mostly due to problems in third-party applications rather than in the Windows OS or Microsoft apps, said a research analyst director for Secunia. The company released its annual vulnerability report January 18. For its report, Secunia used data from its Personal Software Inspector application, which analyzes PCs to see if the installed programs have the latest patches. Source: http://www.computerworld.com/s/article/9205399/Third_party_apps_remains_security_weak_point
56. January 18, Help Net Security – (International) ICQ’s critical flaw allows attackers to serve malicious software update. ICQ — the popular instant messaging application — has a gaping security hole that can allow attackers to execute malicious code on the targeted system, a researcher said. The flaw affects the application’s automatic update mechanism, and affects all versions of ICQ 7 for Windows up to the latest one. The problem is the application does not verify the identity of the update server or the origin of updates through digital signatures or similar means. “By impersonating the update server (think DNS spoofing), an attacker can act as an update server of its own and deliver arbitrary files that are executed on the next launch of the ICQ client,” explained the researcher in a BugTraq post. “Since ICQ is automatically launched right after booting Windows by default and it checks for updates on every start, it can be attacked very reliably.” He even developed (and published) a PoC ICQ update builder and shared step-by-step instructions on how to run a HTTP server to serve the malicious updates. Since there is no way to switch off the automatic updating mechanism, the researcher advises users to stop using the application until a fix is issued. Source: http://www.net-security.org/malware_news.php?id=1594
57. January 18, Help Net Security – (International) Multiple vulnerabilities in Cisco IOS. Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS, according to Secunia. Vulnerabilities include: an error when processing certain IRC traffic can be exploited to cause a device reload by accessing an IRC channel within 36 hours of a reload; an error in the CME (Communication Manager Express) component when handling a SNR number change menu from an extension mobility phone can be exploited to crash the device; a memory leak when processing UDP SIP REGISTER packets can be exploited to exhaust memory resources via a specially crafted SIP packet; an error in the PKI implementation does not clear the public key cache for the peers when the certificate map is changed (this can be exploited to reconnect and bypass the certificate ban); and a memory fragmentation error in the CME (Communication Manager Express) component when handling SIP TRUNK traffic can be exploited to exhaust memory resources via specially crafted SIP packets. As a solution, users are asked to update to Cisco IOS version 15.0(1)XA5. Source: http://www.net-security.org/secworld.php?id=10457
58. January 18, Help Net Security – (International) Vulnerabilities in the Boonana Trojan increase the danger. First spotted almost 3 months ago, the Boonana Trojan stood out because of its capability to infect computers running Windows, and machines running Mac OS X. The Trojan nestled itself in the system, and allowed outside access to all files on it. It also seems it has vulnerabilities that can be exploited by other attackers to collect information about the system or — according to a Symantec researcher — even be used to create a completely functional parallel botnet or takeover of the existing one. The Boonana bots are designed to take part of a P2P network and to communicate with each other via a custom-designed communication protocol. Apart from making the identification of infected hosts on a particular IP range almost trivial, the P2P protocol also contains an information-disclosure vulnerability that can be used to detect which operating system the computer is running. According to Symantec, in December 2010, 84 percent of infected systems were running Windows, and 16 percent were running a version of OS X. Source: http://www.net-security.org/malware_news.php?id=1592
59. January 14, H Security – (International) SCADA exploit - the dragon awakes. The recent publication of an exploit for KingView, a software package for visualizing industrial process control systems, appears to be having an effect. Threatpost reports that the Chinese vendor Wellintech and Chinese CERT (CN-CERT) have now reacted. The exploit can be used to remotely gain control of a system. In an e-mail to Threatpost, CN-CERT admits it was caught napping when initially notified of the vulnerability by the developer and US-CERT. It was not until November that a further e-mail from US-CERT alerted it to the presence of the vulnerability and led it to rediscover the earlier e-mails sent in September. In November, CN-CERT informed the vendor Wellintech, which is reported to have released a patch December 15 — without, however, informing CN-CERT of the fact and apparently without updating the version available to download from its Web site. A general bug report has now found its way into CN-CERT’s database and the vendor has released a patched library. The man who discovered the KingView vulnerabilities, complains on his blog that neither the vendor nor CN-CERT have provided any details of the vulnerability, thereby leaving customers in the dark over the risks it presents. CN-CERT is now planning to review its procedures to ensure it does not miss such e-mails in future and to ensure better contact with vendors while problems are being resolved. Source: http://www.h-online.com/security/news/item/SCADA-exploit-the-dragon-awakes-1169689.html
60. January 14, IDG News Service – (International) Oracle plans to release 66 patches on Tuesday. Oracle is planning to release 66 security patches January 18 that affect hundreds of products, according to a notice on its Web site. A number of the patches are for vulnerabilities that meet the most serious risk level under the Common Vulnerability Scoring System, Oracle said. Products affected include Oracle Audit Vault, JRockit, Solaris, and WebLogic Server. Six of the patches fix vulnerabilities in Oracle’s flagship database. Two of the bugs can be exploited remotely without a user name or password. Sixteen patches target Oracle middleware products. Twelve of those vulnerabilities allow for remote exploitation without authentication, Oracle said. Other fixes are aimed at Oracle’s Enterprise Manager, PeopleSoft, JD Edwards, Glassfish,and OpenOffice. Oracle is also set to release patches for Java SE and Java for Business in February. Source: http://www.computerworld.com/s/article/9205121/Oracle_plans_to_release_66_patches_on_Tuesday
61. January 13, Forbes – (International) Web security cams are a voyeur’s delight: Is your IP cam password protected? Web security cameras can be insecure, a researcher from Ars Technica found. The researcher took a spin around the Web checking out live feeds from cameras focused on a number of commercial locations. He was even able to tap into police cameras monitoring an intersection in Texas. In most instances, these cameras were not meant to be offering live video for public consumption. Within the surveillance community, many are turning from closed-circuit/analog cameras to Internet protocol (IP) cameras. While IP cameras are cheaper to install, they can also be easy to locate and to hack into if they are not properly protected. “Finding IP cameras with Google is surprisingly easy,” the researcher noted. “Though the information the search engine provides on the cameras themselves is typically little more than an IP address and a camera name or model number, Google still provides those who know how to ask with extensive lists of IP cameras and Web-enabled surveillance systems throughout the world.” Source: http://blogs.forbes.com/kashmirhill/2011/01/13/web-security-cams-are-a-voyeurs-delight-is-your-ip-cam-password-protected/?boxes=Homepagechannels
For another story, see item 63 below in the Communications Sector
Communications Sector
62. January 18, Daytona Beach News-Journal – (Florida) Vandals knock radio station off air. A Daytona Beach, Florida radio station on the air since 1947 was silenced for more than 20 hours after vandals broke into a transmitting tower and smashed expensive equipment, owners of WROD 1340 AM said. Daytona Beach police and the FBI are investigating. The vandalism was discovered at 5:30 p.m. January 16, said the owner and general manager of the station. He said vandals cut a lock at the gated tower at Beach and Wilder streets. They broke into a locked box. The intruders dropped a rock on a device called an antennae tuning unit. Police did not provide any information on the crime January 17. The owner said he was able to fix the damage and put the station back on the air at 2 p.m. January 17. Source: http://www.news-journalonline.com/news/local/east-volusia/2011/01/18/vandals-knock-radio-station-off-air.html
63. January 18, IDG News Service – (National) Criminal charges filed against AT&T iPad attackers. The U.S. Department of Justice (DOJ) will file criminal charges against the alleged attackers who copied personal information from the AT&T network of approximately 120,000 iPad users, the U.S. Attorney’s Office, District of New Jersey announced January 17. A suspect will be charged in U.S. District Court in New Jersey with one count of conspiracy to access a computer without authorization and one count of fraud. Another suspect will be charged with the same counts at the U.S. Western District Court of Arkansas. The second suspect made headlines last June when he discovered that AT&T’s Web site was disclosing the e-mail addresses and the unique ICC-ID numbers of multiple iPad owners. Claiming he wanted to help AT&T improve its security, he wrote a computer script to extract the data from AT&T and then went public with the information. AT&T said nobody from the hacking group contacted it about the flaw. The hacker was arrested January 18 at an Arkansas courthouse, where he had been facing drug possession charges. Those charges have now been dropped. Source: http://www.computerworld.com/s/article/9205403/Criminal_charges_filed_against_AT_T_iPad_attackers
64. January 13, Ada Evening News – (Oklahoma) 105.5 station temporarily off air. Radio station 105.5FM, known locally as “the X Factor” was temporarily off the air due to a significant malfunction at the top of its 300-foot tower located in Lula, Oklahoma. The general manager reported the problem was the result of an electrical malfunction which damaged much of the transmission line. If the 300-foot transmission line on the tower has to be replaced, the station could be off the air for up to 2 weeks. “We are doing everything possible to effect repairs as quickly as possible,” he said. “The delays are associated with finding qualified tower crews as there are fewer and fewer people who do this kind of work.” The radio station was purchased 2 years ago by the Chickasaw Nation and serves a 40-mile-radius area including Ada, Lula, Coalgate, McAlester, and south toward Durant. Source: http://adaeveningnews.com/local/x316465580/105-5-station-temporarily-off-air
No comments:
Post a Comment