Thursday, January 20, 2011
Complete DHS Daily Report for January 20, 2011
Daily Report
Top Stories
• According to NBC News, msnbc.com, and Associated Press, an explosion in a gas main in northeast Philadelphia, Pennsylvania spawned a three-alarm fire that left one person dead and five injured and prompted evacuation of several dozen residents January 18. (See item 4)
4. January 19, NBC; msnbc.com and Associated Press – (Pennsylvania) Gas explosion rocks Philadelphia neighborhood. An explosion in a gas main in northeast Philadelphia, Pennsylvania spawned a three-alarm fire that left one person dead and five injured and prompted evacuation of several dozen residents. Fire dispatchers said a gas and water main break was reported at 6900 Torresdale Avenue in the Tacony neighborhood at about 7:19 p.m. January 18, and an explosion occurred at about 8:30 p.m. Dozens of people were evacuated from nearby homes and businesses, according to NBC Philadelphia. The cause of the blast was not immediately known. Authorities said the fire was brought under control just before 11 p.m. The executive fire chief told the Philadelphia Inquirer that the explosion set fire to at least two homes and a PGW truck. A water main also reportedly broke. Four other PGW employees and a firefighter were taken to nearby Torresdale Hospital, where a hospital spokeswoman said four were in critical condition. At least one had been transferred to a burn center. A PGW spokesman told the Inquirer that the injured firefighter was in stable condition. Source: http://www.msnbc.msn.com/id/41146412/ns/us_news-life/
• The Spokane Spokesman-Review reports that an abandoned backpack found January 17 along the route of Spokane, Washington’s annual Martin Luther King Day march contained a bomb capable of inflicting “multiple casualties,” the FBI has confirmed. (See item 65)
65. January 18, Spokane Spokesman-Review – (Washington) Bomb found on Spokane parade route was lethal, FBI says. An abandoned backpack found January 17 along the route of Spokane, Washington’s annual Martin Luther King Day march contained a bomb capable of inflicting “multiple casualties,” the FBI has confirmed. The bureau’s terrorism task force is offering a $20,000 reward for information leading to the arrest and conviction of those responsible for planting the bomb. The FBI special agent in charge of the Spokane office would not discuss what specifically made the bomb so dangerous but said the investigation has become a top priority. “It definitely was, by all early analysis, a viable device that was very lethal and had the potential to inflict multiple casualties,” he said. “Clearly, the timing and placement of a device — secreted in a backpack — with the Martin Luther King parade is not coincidental. We are doing everything humanly possible to identify the individuals or individual who constructed and placed this device.” Two security sources told The Spokesman-Review they received a briefing suggesting the bomb was designed to detonate by a remote device, such as a keyless entry remote for a vehicle or a garage-door opener. The bomb apparently also had its own shrapnel that could have caused significant injuries to anyone near the blast. The bomb was discovered in a Swiss Army-brand backpack that was placed on a park bench at the northeast corner of North Washington Street and West Main Avenue. Two T-shirts were in the bag. One reads “Stevens County Relay For Life June 25th-26th 2010” and another shirt reads “Treasure Island Spring 2009.” The FBI is working with other federal agencies and virtually all local police agencies with the investigation as part of the Northwest Joint Terrorism Task Force. Source: http://seattletimes.nwsource.com/html/localnews/2013970542_paradebomb19.html
Details
Banking and Finance Sector
23. January 19, Glendale News-Press – (California) The heat is on the ‘Cooler Bandit’. FBI officials said a man who allegedly tried to rob Wells Fargo Bank on Brand Boulevard in Glendale, California, January 14 may be the so-called ‘‘Cooler Bandit.” The unidentified robber entered the bank on the 500 block of North Brand Boulevard at 10:15 a.m., approached a teller and passed a demand note, police said. When the teller had trouble reading the writing, she left the booth to talk with a supervisor, so the robber told her to “give me the money,” FBI officials said. At that point, the man abandoned his plans and fled on foot. No one was injured and no cash was stolen, police said. Witnesses described the man as possibly being in his teens. A FBI spokeswoman said the man’s description fits that of the “Cooler Bandit” because of the lunch pail that he carries to store cash from every robbery. The bandit is known to have allegedly robbed banks in Industry and Marina del Rey, she added. The robber has been described as a young black or Latino man with a slender build, she said. Source: http://www.glendalenewspress.com/news/tn-gnp-safetybriefs-20110119,0,4638054.story
24. January 18, eNews Park Forest – (Illinois) FBI says former Chicago hedge fund manager allegedly swindled more than $3.5 million from 48 victims in investment fraud scheme. A former Chicago, Illinois hedge fund manager was taken into federal custody January 18 after he turned himself in for allegedly engaging in an investment fraud scheme in which he swindled more than $3.5 million from approximately 48 victims who invested in funds he purported to operate. The defendant was charged with mail fraud in a criminal complaint filed in U.S. district court. The man obtained about $4.7 million from 48 high net worth investors since 2003 for purported managed futures trading accounts and a commodity pool investment. He provided about $1.1 million in investor redemptions, and allegedly lost roughly half of the total invested funds through trading, and misused most of the remaining funds for his own benefit. Most of the misappropriated funds were spent. Source: http://www.enewspf.com/latest-news/human-interest/21158-fbi-says-former-chicago-hedge-fund-manager-allegedly-swindled-more-than-35-million-from-48-victims-in-investment-fraud-scheme.html
25. January 17, Help Net Security – (International) Banking Trojan incorporates legitimate remote control software. An ESET researcher has recently received a sample of the Sheldor Trojan, which was found by Group-IB investigators while they were inspecting the systems of a major Russian company that fell prey to theft through unauthorized accounting transactions. This particular piece of malware incorporates the well-known TeamViewer remote control software, in order to allow the attacker to start a command shell on the compromised machine in order to control it, to toggle monitoring, to shut down Windows or to log off the user, and - if need be - to remove all traces of the bot. “The dropper installs a backdoor in %WINDIR% and runs as server in console mod,” the researcher explained. “One component of TeamViewer is modified in order to inject code into tv.dll, communicating through the administrative control panel.” In this case, the TeamViewer component was obviously use to circumvent additional authentication mechanism that some banks use. Source: http://www.net-security.org/malware_news.php?id=1591
26. January 17, Help Net Security – (International) Toolkit merging Zeus and SpyEye already on the market. When the alleged Zeus-SpyEye merger became news last October, a lot of people wondered what new capabilities we could expect of this new toolkit. According to a McAfee analyst, the latest version of the SpyEye toolkit has seemingly been offered on sale on the black market: New or improved capabilities include: ZeuS killing, cookies and session cleaning, brute force password breaking, Jabber notification, VNC module, auto-spreading, auto-update, unique stub generator for FUD and evasion, and a new screenshot system — all for $800. There is no proof the offer is true, since the source code is not available for testing. The McAfee analyst casts a doubt on the veracity of the offer by comparing the price with one that was asked by the SpyEye maker from a buyer last November and reached $4,000 for the complete package. Source: http://www.net-security.org/malware_news.php?id=1590
27. January 17, WMTV 15 Madison – (Wisconsin) Man robs Whitewater bank; claims to have bomb. Officers responded to a robbery January 14 at 7:26 p.m. at the Commercial Bank Westside Branch located in the Sentry Grocery Store at 1260 West Main Street in Whitewater, Wisconsin. The suspect robbed the bank of an undisclosed amount of money after he told the teller he had a bomb. The suspect was carrying a brown paper bag with a Sentry logo on it and a red computer type bag with black straps that contained two blue cylinders that the suspect proclaimed was a bomb. After robbing the teller, the suspect fled via the east entry/exit door. He is described as a male White or Hispanic, approximately 50 years old, 5 feet and 10 inches, 200 pounds, with a deep voice. He was wearing a blue fur lined ear flap hat, blue or black scarf, with a blue hoodie underneath, a tan Carhatt type coat, light colored blue jeans, and tan boots. At this point the robbery does not appear to match any other bank robberies in southeastern Wisconsin. Agents from the FBI are assisting Whitewater police in this investigation. Source: http://www.nbc15.com/home/headlines/CrimeTracker_15_Man_Robs_Whitewater_Bank_Claims_to_Have_Bomb_114044214.html
28. January 14, Oklahoma City Oklahoman – (Oklahoma) FDIC warns of fake e-mails. The Federal Deposit Insurance Corporation (FDIC) is warning consumers of a fraudulent e-mail that appears to be from the FDIC. The fake e-mail says the agency “in cooperation with the Department of Homeland Security, federal, state and local governments” has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” The e-mail also contains a link that the recipient is directed to use to verify identity and account information. However, the e-mail and link are bogus, the FDIC said. “It was not sent by the FDIC,” the agency said in a news release. “It is an attempt to obtain personal information from consumers. Financial institutions and consumers should not access the link provided within the body of the e-mail and should not under any circumstances provide any personal information through this media.” The FDIC said it is trying to identify the source of the e-mails, and advised consumers to report any similar attempts by sending information to alert@fdic.gov. Source: http://newsok.com/fdic-warns-of-fake-e-mails/article/3532188
Information Technology
56. January 19, Federal Bureau of Investigation – (International) Maryland man indicted for copyright infringement of commercial software programs. A federal grand jury indicted a Baltimore, Maryland man, age 30, January 18 for illegally reproducing and distributing over 100 copyrighted commercial software programs. “The illicit proceeds from counterfeiting are routinely used to support other criminal activities in the United States and around the world,” according to the Special Agent in Charge of Immigration and Customs Enforcement, Homeland Security Investigations in Baltimore. According to the one count indictment, from February 2004 to April 2008, the man infringed copyrights by reproducing and distributing over 100 copyrighted commercial software programs for which he received over $265,000. The copyrighted works are estimated to be worth millions of dollars. He allegedly advertised through his Internet Web site and sold infringing copyrighted commercial software at prices well below the suggested retail prices of legitimate, authorized copies of the software. The man used computers in Bel Air, Maryland, and other computers to contact and control his computer server. He is presently a fugitive and believed to be in Pakistan. Source: http://7thspace.com/headlines/370079/maryland_man_indicted_for_copyright_infringement_of_commercial_software_programs_.html
57. January 18, H Security – (International) Sybase plugs holes in application server. A security update to EAServer from the SAP company Sybase closes two vulnerabilities that could be remotely exploited. According to the manufacturer’s report, attackers could exploit a directory traversal vulnerability to read arbitrary files on the server. Sybase states it would also be possible to install unauthorized Web services on EAServer, making it possible to gain control of the server. Updates are available to correct the problem on the affected versions of EAServer: 5.x and 6.x, on all supported platforms. Registered Sybase users can apply the updates through Sybase EBF’s after logging in to the EBF Download Area of the Sybase Web site or by downloading full versions from the Sybase Product Download Cente. Other products, such as Sybase Appeon 6.x, Sybase Replication Server 15.x and Sybase WorkSpace 2.x, are also affected as these include EAServer. Source: http://www.h-online.com/security/news/item/Sybase-plugs-holes-in-Application-Server-1171090.html
58. January 17, eSecurity Planet – (International) Porn malware snares 2,500 victims. Trend Micro researchers report a Russian ransom worm that locks users out of their files has snared at least 2,500 victims. “The malware is identified by Trend Micro as Worm_Rixobot.A, which says it has been spreading in recent weeks using infected porn websites, instant messaging applications and even infected USB drives, hence its designation as a worm rather than a Trojan,” according to a writer for PCWorld. “After taking over a user’s PC, terminating a range of Windows and security programs and blocking access to websites, a splash screen demands that users pay the Russian ruble equivalent of $12 by texting a premium-rate SMS number in order to receive an unlock key,” he wrote. Source: http://www.esecurityplanet.com/headlines/article.php/3920911/article.htm
59. January 17, Gamasutra – (International) Hacker steals Frogster user data, threatens to shut down servers. An anonymous attacker claims to have stolen log-in data for 3.5 million Frogster accounts, threatening to release user information and shut down the game’s servers unless the publisher meets certain demands. In a now-deleted posting on Frogster’s message boards, captured by gaming blog Kotaku, a user with the handle Augustus87 demands the Berlin-based company stop closing forum threads, offer more transparency to customers, secure its game clients and user info, and cease its alleged spying of workers’ online activities. Augustus87 said if these demands are not met in 2 weeks, he will release information from a collection of 3.5 million accounts for Runes of Magic, Bounty Bay Online, TERA, and other free-to-play games from Frogster. He claims 500,000 of those accounts have been “hacked and verified” so far. Frogster said the data released so far comprises “outdated log-in data from 2007,” before its “comprehensive reset initiative.” The company has informed the German State Office of Criminal Investigation about the breach, and has formed a task force to determine how the incident occurred. Source: http://www.gamasutra.com/view/news/32484/Hacker_Steals_Frogster_User_Data_Threatens_To_Shut_Down_Servers.php
60. January 17, Softpedia – (International) Critical security update released for Tor. The Tor Project has released version 0.2.1.29 of its anonymization software to address several security issues including a critical vulnerability that can potentially result in arbitrary code execution. Identified as CVE-2011-0427, the critical flaw consists of a heap overflow bug which can be exploited remotely to crash the program and execute malicious code. Tor maintainers credit a researcher named “debuger” with reporting this issue that was also patched in the older 0.1.2.10-rc branch. This new security update comes after a similar heap overflow vulnerability (CVE-2010-1676) was addressed in version 0.2.1.28 a month ago. The new 0.2.1.29 version also resolves a flaw with the zlib data compression library that can result in a denial-of-service condition (DoS). The release contains four other major bug fixes to prevent severe stability problems, as well as six minor ones in various components. Source: http://news.softpedia.com/news/Critical-Security-Update-Released-for-Tor-178686.shtml
Communications Sector
61. January 18, WSYR 9 Syracuse – (New York) Time Warner Cable says Digital Phone outages now fixed: the real deal. Almost twelve hours after the first reports of intermittent outages with their Digital Phone system throughout New York state, Time Warner Cable reports that regular service is now restored. A company spokesperson made the announcement January 18. The spokesperson had no details available about what caused the problem, but said the company’s first priority is making sure it does not happen again. Staff are continuing to investigate the cause of the outages. Time Warner Cable confirmed an intermittent problem impacting their Digital Phone customers. Some were not able to make or receive calls. The problems began around January 18. Source: http://www.9wsyr.com/mostpopular/story/Time-Warner-Cable-says-Digital-Phone-outages-now/mi8ZKjmOQEmtE2VCTrJ2pw.cspx
62. January 17, Softpedia – (National) cPanel vulnerability abused to misuse high profile domains. Spammers have exploited a cPanel vulnerability at a hosting company in order to abuse high profile domains belonging to educational, financial, and public institutions. The compromises began in April 2010 at Hostmonster, an Utah-based hosting company owned by Bluehost, and lasted until earlier this month. Bluehost co-founder told Krebs on Security that an attacker exploited the vulnerability to create rogue subdomains on dozens of domain names hosted by the company. The subdomains pointed to pages used in black hat search engine optimization (BHSEO) campaigns to poison search results. This method involves creating pages filled with keywords for a particular search topic, a technique referred to as keyword stuffing, on domains with a solid PageRank. According to Krebs on Security, the affected domains included accessbank.com, a financial institution in Nebraska; bankler.com, the U.S. Senate Whitewater Committee’s investigative tax accountant; ejercito.mil.do, the Army of the Dominican Republic; sacmetrofire.ca.gov, the Sacramento Metropolitan Fire District, and wi.edu, The Wright Institute. The spammer was able to create subdomains between April and July 2010, when the company addressed the security issue, but they remained online until recently. Cloud security vendor Zscaler recently warned about a wave of hijacked domains including .EDU and .GOV ones that were abused to promote online pirated software stores. Source: http://news.softpedia.com/news/cPanel-Vulnerability-Abused-to-Misuse-High-Profile-Domains-178497.shtml
No comments:
Post a Comment