DHS Daily Open Source Infrastructure Report

Wednesday, February 2, 2011

Complete DHS Daily Report for February 2, 2011

Daily Report

Top Stories

• According to NBC New York, Security officials are warning the leaders of major Wall Street banks that al Qaeda terrorists in Yemen may be trying to plan attacks against those financial institutions or their leading executives. Intelligence officials stress the threats are general in nature and there is “no indication of a targeted assassination plot” against any Wall Street executive. (See item 16)

16. February 1, NBC New York – (International) Wall Street execs on new terror threat info. Security officials are warning the leaders of major Wall Street banks that al Qaeda terrorists in Yemen may be trying to plan attacks against those financial institutions or their leading executives. Intelligence officials stress the threats are general in nature and there is “no indication of a targeted assassination plot” against any Wall Street executive. But NBCNewYork.com has learned officials fear the names of some top banking executives have been discussed by terror operatives overseas. Intelligence analysts added they have a general but growing concern that operatives in Yemen may again try to send package bombs or biological or chemical agents through the mail to Wall Street bankers. In recent weeks, the FBI’s Joint Terrorism Task Force and NYPD officials have been briefing bank executives and their security departments on the nature of the threat information. Much of it gleaned from al Qaeda writings like ‘Inspire’ magazine that recently warned of attacks targeting financial institutions. The latest “Inspire” issue also made reference to trying to use Anthrax in an attack, officials said. NBC terror consultants also point to the web writings of an al Qaeda blogger who recently wrote, “Rush my Muslim brothers to targeting financial sites and the program sites of financial institutions, stock markets and money markets.” Banks like Goldman Sachs, Citibank, JP Morgan Chase, Barclays and others have received updated security briefings from the FBI’s JTTF, security officials told NBCNewYork. Source: http://www.nbcnewyork.com/news/local-beat/Exclusive-Wall-Street-Execs-On-New-Terror-Threat-Info-114985979.html

• USA Today reported that U.S. airlines have collectively canceled nearly a quarter of all the nation’s flights February 1, the result of a major winter storm affecting an area stretching from New Mexico to New England. On February 1 alone airlines have canceled 6,364 flights as of 1 p.m. ET, said the CEO of the flight-tracking site FlightAware.com. (See item 23)

24. January 31, Truckinginfo.com – (National) FMCSA proposes EOBR mandate for all interstate drivers. The Federal Motor Carrier Safety Administration is proposing that all interstate trucks and buses be equipped with electronic onboard recorders to track driver hours. The rule would apply to all carriers now required to maintain Records of Duty Status (aka logbooks), which amounts to 500,000 commercial carriers. The rule would not apply to short-haul interstate carriers that use timecards to document hours of service. The agency at the same time is proposing to relieve interstate carriers from certain supporting documents requirements for hours of service compliance. Motor carriers will be given 3 years from the effective date of the final rule to comply with these requirements. Under the proposal, violations of the EOBR requirement would face civil penalties of up to $11,000 for each offense. Noncompliance would also negatively impact a carrier’s safety fitness rating and Department of Transportation operating authority, the agency said. Source: http://www.truckinginfo.com/news/news-detail.asp?news_id=72842&news_category_id=3

Details

Banking and Finance Sector

17. February 1, SC Magazine UK – (International) Stock exchanges in the UK and US come under advanced and persistent attack. The British and United States stock exchanges have reportedly enlisted the help of the security services after finding out they were the victims of cyber attacks. According to media reports, the London Stock Exchange (LSE) is investigating a terrorist cyber attack on its headquarters last year, while US officials have traced an attack on one of its exchanges to Russia. A report from The Times said that it had been told by ‘well-placed intelligence sources’ that the London Stock Exchange was trying to find the source of the attack, while a cyber security expert is reported as saying that the threat is ‘advanced and persistent’. The Associated Press said that officials suspect the attacks were designed to spread panic among markets and destabilize western financial institutions. Source: http://www.scmagazineuk.com/stock-exchanges-in-the-uk-and-us-come-under-advanced-and-persistent-attack/article/195398/

18. January 31, Wall Street Journal – (International) Foreign banks evacuate staff from Egypt. A number of international banks with operations in Egypt have begun evacuating some foreign staff from the country, joining other firms that are beginning to ferry personnel out as the political turmoil continues. Citigroup Inc. said it evacuated some non-Egyptian employees from the country Sunday night, while Barclays PLC and HSBC Holdings Inc. also both said they had evacuated “a small number” of expatriates. Citigroup said it has about 600 employees in the country, the “vast majority” of whom are locals, a spokeswoman said Monday morning. Citi helped those foreign national employees who wanted to leave get out Sunday night, she said. Barlcays said it pulled fewer than 10 employees. HSBC said about 10 of its 2,100 employees are foreign-born and that it has relocated some of those to Dubai. J.P. Morgan Chase & Co. said it has about 10 employees in Cairo and that all are safe there. Branches of all banks in the country are closed Monday, at the recommendation of the Egyptian central bank. Source: http://blogs.wsj.com/dispatch/2011/01/31/foreign-banks-evacuate-staff-from-egypt/

19. January 31, Canton Repository – (Ohio) FBI links four area bank robberies to same man. FBI agents in Canton suspect a man who robbed the Chase Bank at 1207 W. State St. in Alliance January 28 robbed three other area banks. At 3:30 p.m. January 28, a man approached a Chase teller and demanded money. He was given undisclosed amount and ran west on State. The robber is described as a black man with a mustache, about 5-feet 7-inches to 5-feet-10-inches tall and weighing between 160 and 180 pounds. He appears to be in his 40s or 50s. Agents believe he is the same man who robbed the U.S. Bank branch in Giant Eagle at 3100 Cromer Ave. NW in Canton on December 4, Chase Bank on S. Arlington Road in Akron on January 3, and the Huntington National Bank branch at 4879 Portage St. NW in Jackson Township on January 12. The man who robbed the Alliance bank January 28 was wearing a gray shirt, blue jeans, a black floor length leather coat, and black baseball cap with embroidered lettering or a logo in the center. In the first three robberies, the man wore a black winter coat with a hood and toggle-type buttons and a Chicago White Sox baseball cap that had a white brim and lettering. Source: http://www.cantonrep.com/newsnow/x10542312/FBI-links-four-area-bank-robberies-to-same-man

20. January 31, Softpedia – (International) Phishers target Italian credit card provider CartaSi. Security researchers from German antivirus vendor Avira warn of several phishing scams targeting customers of CartaSi, an Italian credit card provider. There were a total of four attacks, all of them using different lures to trick users into clicking on the phishing URLs. According to a data security expert at Avira, the e-mails are being sent by botnets from around the world and bear fake headers to appear as coming from official-looking CartaSi addresses. Some of the messages use traditional tricks such as warning the recipients that they need to activate their accounts or re-confirm their information. Others inform potential victims that they qualify for a fidelity bonus. Recipients are asked to log into their accounts withing 48 hours before the offer expires. All phishing e-mails lead customers to spoofed CartaSi pages designed to steal their personal data or online banking credentials. The number of phishing attacks has increased since the beginning of 2011, particularly because of the tax season starting in several countries. The week of January 23 there was a huge wave of tax refund-themed e-mails that spoofed taxation authorities in the United Kingdom, the United States, and Australia. Source: http://news.softpedia.com/news/Phishers-Target-Italian-Credit-Card-Provider-CartaSi-181533.shtml

Information Technology

54. February 1, Help Net Security – (International) Vulnerabilities in Cisco WebEx conferencing applications. Core Security Technologies disclosed stack overflow vulnerabilities affecting the Cisco WebEx applications used to conduct Web-based video conferencing. They identified vulnerabilities that can compromise end-user machines and can cause the computers to crash. They discovered two separate vulnerabilities, each affecting a separate Cisco WebEx application. First, the research team manipulated a file created by the Cisco WebEx recorder (carrying the .WRF extension) and played by the WebEx player. A portion of the new file’s execution pointed to a user call instruction and allowed a hacker to execute other functions on the machine. Second, the research team made a slight change to the XML code within a file that governs polling functionality within Cisco WebEx Meeting Center. The resulting code, when published as a poll during a presentation, crashed the machine and ultimately affected other machines connected to the WebEx meeting, causing the other participants’ machines to crash. Source: http://www.net-security.org/secworld.php?id=10515

55. February 1, Softpedia – (International) Scammers spread account closure FUD on Facebook. Facebook users are warned that claims of accounts being closed en masse are scams that trick them into installing rogue apps and participating in surveys. According to antivirus vendor Sophos, the rogue messages sent from the accounts of people who fell for these scams informs users that unless users update, their accounts will be shut down. The message contains a link that takes users to a rogue app called “Update your Acc Urgent” which asks for permission to post on users’ walls. If the app is installed, users will unknowingly start spamming their friends and will be directed to a page asking them to verify their identity by filling out a survey. In the background, the page displays a fake message allegedly from Facebook’s founder and CEO, which announces the introduction of an “active account verification process” due to the overpopulation of the website. Source: http://news.softpedia.com/news/Scammers-Spread-Account-Closure-FUD-on-Facebook-181826.shtml

56. February 1, Softpedia – (International) PlentyOfFish resets user passwords following hack. Online dating website PlentyOfFish has reset user passwords after hackers managed to extract people’s registration information by exploiting vulnerabilities in the platform. According to an independent security journalist, the compromise was first reported by an Argentinian hacker who demonstrated a proof-a-concept to him. The hacker claims that he is not the only one to have obtained unauthorized access to the PlentyOfFish database and that the site’s database is being circulated in the hacking community. “Plentyoffish was hacked last week and we believe e-mails usernames and passwords were downloaded,” the founder of PlentyOfFish wrote in a blog post. “We have reset all users passwords and closed the security hole that allowed them to enter,” he stressed. The dating site, which is popular in Canada, the United Kingdom, and the United States, has over 145 million visitors a month and over 10 million registered users. In a later statement, the company noted that only 345 accounts had their password exposed, which would make it a relatively limited breach. Source: http://news.softpedia.com/news/Plentyoffish-Resets-User-Passwords-Following-Hack-181789.shtml

57. February 1, Softpedia – (International) VLC media player hit by new critical vulnerability. A new critical vulnerability has been identified in the popular VLC media player and can potentially be used by attackers to execute arbitrary code remotely. The vulnerability affects VLC 1.1.6, the latest stable version of the player, and is located in the MKV demuxer, the component used to parse Matroska or WebM video files. The flaw is the result of insufficient input validation and was reported by a member of VSR (Virtual Security Research). According to the advisory published by the VideoLAN Project, the VLC developers were first notified about the vulnerability January 26, which was too late to include a fix in VLC 1.1.6. The Matroska project contributed a patch to the VLC source code January 29, which consists of a single line that solves the input validation problem. Attackers can exploit the vulnerability by tricking users into opening a maliciously crafted .MKV or WebM files. This can also be done over the Web because of VLC’s ActiveX and Firefox plugins. The VLC ActiveX control is installed by default, but the VLC Netscape plugin needs to be manually selected during installation. Source: http://news.softpedia.com/news/VLC-Media-Player-Hit-by-New-Critical-Vulnerability-181754.shtml

58. February 1, Softpedia – (International) Fake failed package delivery notifications spread SpyEye. Security researchers warn of a SpyEye distribution campaign which generates failed delivery notifications that purport to originate from a package delivery service. According to Belgian e-mail security provider MX Lab the rogue e-mails bear a subject of “Post Express Service. Package is available for pickup! NR1535” and come from a spoofed address. The message contained within is consistent with traditional package delivery failure alerts that have been used by malware distributors before. The e-mails are signed by “Post Express Service,” but the only service with that name that we could identify is located in Serbia. Source: http://news.softpedia.com/news/Fake-Failed-Package-Delivery-Notifications-Spread-SpyEye-181733.shtml-

59. January 31, Reuters – (International) Intel discovers chip flaw in midst of major launch. Intel Corp. found a defect in its new Sandy Bridge chip, hurting its credibility during a major product launch and at a time when demand for microprocessors in PCs is being threatened. The company said January 31 it stopped shipments of the chip used in personal computers with its Sandy Bridge line of processors and has already started production of a new version. The Santa Clara, California, company said the defect was discovered after it shipped more than 100,000 of the chips to computer manufacturers getting ready to sell new PC models with the Sandy Bridge processor, which Intel touts as its biggest-ever leap in processing power. Had the problem gone undiscovered, about 5 percent of PCs using the new chipsets could have failed over a 3-year period, the vice president and director of PC Client Operations at Intel, said. Intel said its engineers zeroed in on the newest defect the week of January 23 after manufacturers stress-tested the chips with high voltage and temperatures. The flaw could have stopped computers from being able to communicate with their hard disk drives or DVD drives. Source: http://www.reuters.com/article/2011/01/31/us-intel-idUSTRE70U4DH20110131?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+reuters/technologyNews+(News+/+US+/+Technology)

60. January 31, Help Net Security – (International) New malware strains wreaking havoc on Facebook. PandaLabs announced the discovery of security exploits via popular social media sites Facebook and Twitter. In the last several days, two new malware strains have been wreaking havoc on Facebook users. The first, Asprox.N, is a trojan delivered via e-mail informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. Source: http://www.net-security.org/malware_news.php?id=1609

Communications Sector

61. January 31, Albany Times-Union – (New York) Thieves drive off with fiber-optic equipment. Equipment meant to be used to install fiber optics near the Northway wound up in the hands of thieves, State Police said. The state Department of Transportation contracted with Control Network Communications to do the installation, and the firm’s workers brought the equipment to the east side of the Northway just north of the Twin Bridges on January 27. Sometime between 10:17 and 10:51 a.m., the equipment was stolen. The stolen equipment includes a rig for splicing fiber optic cable, two 50-foot extension cords, a tube splitter, a socket set and a five-gallon gas can. State Police in Clifton Park are seeking help from motorists who may have seen the equipment being loaded into a vehicle and driven away. Source: http://www.timesunion.com/local/article/Thieves-steal-fiber-optic-equipment-988042.php

62. January 31, The News - Gazette – (Illinois) State fines AT&T for outage that hit Urbana. Commerce Commission has found AT&T at fault for a days-long interruption in its own service in November that affected an undetermined number of customers in Urbana. Director of AT&T regulatory, said the communications company will not appeal a $2,700 fine doled out by the ICC, which it learned of last week. The ICC sent the company a letter dated January 27, saying that AT&T was responsible because USIC Locating Services Inc., the subcontractor it hired to do the underground utilities location, had not properly marked the area on the University of Illinois Quadrangle being excavated. About 8:30 a.m. on November 18, Midwest Engineering and Testing Inc. of Champaign was digging for a core soil sample at the northwest corner of Noyes Lab on the UI Quad in Urbana, when an auger struck a duct system containing telecommunication cables owned and operated by AT&T. The hit resulted in interrupted phone, Internet and credit card service to many businesses and residences in Urbana – some for almost four days – and even caused some 911 phone lines at METCAD in east Urbana to have to be rerouted for several hours. It’s not clear if anyone tried to make calls to 911 and couldn’t get through. Employees there noticed the service interruption almost immediately and took steps to get back-up systems running within minutes. METCAD Deputy Director said the agency never received any complaints of lost calls. He expressed relief that the break happened at a time of day when calls for service are typically low. Source: http://www.news-gazette.com/news/politics-and-government/2011-01-31/state-fines-att-outage-hit-urbana.html

No comments:

Blog Archive

Links

About Me