Tuesday, May 24, 2011

Complete DHS Daily Report for May 24, 2011

Daily Report

Top Stories

• According to msnbc.com, a massive tornado tore through Joplin, Missouri, May 22, killing at least 90 people and injuring more than 1,150, destroying more than 2,000 structures, and sparking numerous gas fires. (See items 50, 33)

50. May 23, msnbc.com and Associated Press – (Missouri) ‘Cut the city in half’: Death toll rises to 90 in Missouri tornado. A massive tornado — the deadliest single U.S. tornado since 1953 — tore through Joplin, Missouri, May 22, killing at least 90 people. The 6-mile path included a hospital and high school destroyed, cars crushed, and a forest of splintered tree trunks where neighborhoods once stood. Authorities warned the death toll could climb as search and rescue workers continued their efforts. Their task was made more miserable as a new thunderstorm with strong winds and heavy rain pelted part of the city with quarter-sized hail May 23. The fire chief said 25 to 30 percent of the city was damaged. More than 1,150 people were treated at local hospitals, the Joplin Globe reported. About 20,000 homes and businesses were without power the morning of May 23. Many bodies were found along “restaurant row,” on the main commercial street, the Newton County coroner said. Residents were given about 20 minutes notice when 25 warning sirens sounded around 6 p.m. local time, the Jasper County emergency management director said. However, Missouri’s governor said many people likely were unable to get to shelter in time. “The bottom line was the storm was so loud you probably couldn’t hear the sirens going off.” Staff at St. John’s Regional Medical Center moved patients into hallways before the storm struck the 9-story building, blowing out hundreds of windows and leaving the facility useless. At least four people at the hospital were killed, a doctor said. A series of gas leaks caused fires around the city overnight, and the governor said some were still burning early May 23. Officers from Joplin and neighboring towns and counties manned virtually every major intersection May 23. Details about fatalities and injuries were difficult to obtain even for emergency management officials, because the tornado knocked out power, landline phones, and some cellphone towers, according to the assistant emergency management director in Newton County. Source: http://www.msnbc.msn.com/id/43132174/ns/weather/?GT1=43001

33. May 23, Springfield News-Leader – (Missouri) St. John’s Medical Center takes a direct hit in Joplin. St. John’s Regional Medical Center in Joplin, Missouri started a full evacuation after the hospital was directly hit by a tornado May 22, said a spokeswoman for St. John’s Health System. “We are not sure of the safety of the building,” she said. St. John’s officials also asked people stay away from the area. Damage to the building is extensive, as hundreds of windows were blown out and its roof was taken off, the spokeswoman said. About 100 patients from Joplin will be accommodated in St. John’s facilities in Springfield and surrounding areas. A doctor at St. John’s said at least 4 people at the hospital were killed. Some St. John’s patients were taken to Freeman Health System in Joplin, while others will be flown to Springfield, and a hospital in Arkansas. The Joplin Globe reported late May 22 that emergency personnel were evacuating people near the medical center because of dangers posed by a broken gas main. The St. John’s spokeswoman said St. John’s hospital in Springfield was deploying ambulances and helicopters to Joplin late May 22. CoxHealth dispatched five EMS crews to Joplin. Other agencies, big and small, also responded. A Nixa fire lieutenant said the state activated the Missouri Fire Mutual Aid System, which allows fire crews to assist in disaster areas. Source: http://www.emsworld.com/article/article.jsp?id=17137&siteSection=1

• CNN reports heavy rain caused a 200-foot slide, saturating the underpinnings of a levee holding back the Mississippi River in Natchez, Mississippi, and threatening thousands of homes and 1 million acres of land. (See item 62)

62. May 21, CNN – (Mississippi) Floodwaters threaten to breach levee. People along the Mississippi Delta are still watching and waiting on water levels, which got another boost by rain, causing flood waters to crest at more than 60 feet in Natchez, Mississippi, CNN reported May 21. The waters have engulfed a lake and are threatening a crucial levee. They have caused what officials said is a 200-foot “slide,” where the sheer pressure from the weight of the water has saturated the underpinnings of the levee and shifted the earth underneath. The erosion has caused water to seep out, and has made the levee dangerous. The U.S. Army Corps of Engineers frantically tried to fill gaps with gravel in backhoes, tractors, and shovels. It is not technically a breach, but a breach could happen because of the erosion. Crews are working around the clock to shore up the levee. A member of the Mississippi Levee Board said the stakes are enormous. “Well if this levee would fails you know, we would have all this water on the riverside that would inundate the land side, the protected side of the levee. It would be well over a million acres flooded,” he said. “You’d have multiple towns underwater. You’d have thousands of homes underwater. You’d have people displaced from their homes for a long period of time.” Source: http://www.wdam.com/story/14691782/floodwaters-threaten-to-breach-levee

Details

Banking and Finance Sector

12. May 21, Federal Bureau of Investigation – (Idaho) Idaho man charged in $20 million investment fraud scheme. The U.S. attorney’s office May 18 charged a 42-year-old Idaho Falls, Idaho man with one count of wire fraud, and one count of money laundering. The 2-count information alleges that from 2002 through December 2008, the man owned and operated Trigon Group LLC in Idaho Falls, and that he solicited clients to invest money in Trigon. The information alleges the man used investor funds for his own use and caused investors to lose in excess of $20 million. He is also alleged to have committed money laundering by using investor money to make a personal purchase of $110,550 from a jewelry store. Source: http://7thspace.com/headlines/383388/idaho_man_charged_in_20_million_investment_fraud_scheme__.html

13. May 21, CNN – (International) Small blast rattles Northern Ireland’s Londonderry. Masked men, allegedly shouting they were members of the Irish Republican Army, abandoned a small bomb and fled a commercial area in Londonderry, Northern Ireland, the mayor said May 21. The mayor said the bomb was carried into the office of the Santander bank on Shipquay Street May 21 by the men who immediately fled the scene. The bomb, which exploded an hour later, did not cause injuries or substantial damage, he said. Northern Ireland, historically plagued by sectarian violence between Catholics and Unionist Protestants, has seen a resurgence of violence recently. Source: http://articles.cnn.com/2011-05-21/world/n.ireland.bomb_1_ira-splinter-group-irish-republican-army-ireland-republicans?_s=PM:WORLD

14. May 20, FBI – (California) Ezri Namvar: Los Angeles businessman convicted on federal fraud charges for stealing $21 million. A prominent Los Angeles, California businessman and real estate developer, was found guilty May 19 of four wire fraud charges for stealing about $21 million from four clients who allowed his company to hold their money in safekeeping before it was reinvested in real estate. The jury also convicted a second defendant on the four wire fraud charges. The evidence presented at trial showed that four victims entered into agreements to have about $25 million deposited with the businessman’s company, Namco Financial Exchange Corp., which held itself out as a qualified intermediary for real estate transactions. However, instead of holding the money as promised, the men used the victims’ money for a variety of unauthorized and undisclosed purposes, including paying off creditors and investors of the businessman’s investment company, Namco Capital Group, Inc. During the course of the fraudulent scheme, only about $4 million was returned to or used on behalf of the victims. Source: http://www.loansafe.org/ezri-namvar-fraud

15. May 20, KETV 7 Omaha – (Nebraska; International) Hackers steal local credit card info. Sheriff’s deputies in Sarpy County, Nebraska, are investigating an identity theft case involving hackers who went after personal data using customers credit and debit cards. Investigators said May 19 they are dealing with more than 50 victims from across the Omaha metro area, all targeted in the last few days or weeks. Investigators blame a breach of security through a credit card processor. Sarpy County sheriff’s deputies said they and bank officials tracked suspicious purchases, using Omaha credit and debit cards, to several different states including California, Texas, Indiana, New York, and Michigan. The card numbers were stolen through several Omaha businesses, one of which was LaMar’s Donuts near 168th and Harrison streets. The customers of at least three local banks have been affected including the Bank of the West. Deputies said they believe the hackers responsible live in Eastern Europe. Source: http://www.ketv.com/r/27959394/detail.html

16. May 20, Melrose Free Press – (Massachusetts) Melrose bank heist is serial robber’s fifth, says FBI. Eastern Bank in Melrose, Massachusetts, was the target of a bank robbery May 19 by a man suspected of robbing four other banks across the North Shore, making this the robber’s fifth bank heist since April, according to an FBI spokesman. The suspect reportedly got away with an undisclosed amount of money from the Melrose bank. The suspect, described as a white man between 25-30 years old, walked into the bank at 441 Main Street and handed a note to the teller, which threatened harm if the teller did not comply with the man’s demands to hand over money, the Boston FBI said. The robber then exited the bank on foot, heading in an unknown direction. He was described by witnesses as between 5 feet, 7 inches and 5 feet 10 inches tall, and weighing between 150-170 pounds. The man’s hair is brown, and he was observed to be unshaven during the Melrose robbery. An FBI spokesman said the suspect has worn a goatee during past robberies, and has a distinctive tattoo on the right side of his neck with cursive lettering. An FBI spokesman said the robber did not show a weapon during any of the five robberies, and in each case, passed a note to the teller demanding money. Source: http://www.wickedlocal.com/melrose/breaking/x1495154184/FBI-Serial-robber-hits-Eastern-Bank-in-Melrose#axzz1NC8paD34

17. May 19, WBTV 3 Charlotte – (North Carolina) Bank robber threatens teller with bomb. A man was arrested May 19 after authorities said he robbed a bank in Alexander County, North Carolina, and officials said he also confessed to robbing a credit union in Lenoir earlier the week of May 15. The Alexander County sheriff said the Taylorsville Savings Bank in Bethlehem was robbed around 9 a.m. The 42-year-old Hickory man passed a note to the teller indicating he had a bomb and that she should hand over cash in a bag, the sheriff said. The teller then gave the suspect an undisclosed amount of cash. No one inside the bank was hurt. The Alexander County Sheriff’s Office immediately dispatched a description of the man and the car he was driving to other law enforcement agencies. Within minutes, a police officer in Hickory spotted the vehicle on Highway 127 and followed the car before pulling it over. The Lenoir Police Department released a statement May 19 that said the man also confessed to robbing the State Employees Credit Union in Lenoir May 17. In that robbery, he told the teller there was a pipe bomb in the bathroom. Officials later checked the building and were unable to find a bomb. Source: http://hickory.wbtv.com/news/crime/bank-robber-threatens-teller-bomb/62819

18. May 18, Joplin Globe – (Oklahoma) Miami bank employee charged with embezzling. A Miami, Oklahoma bank employee, who reported she was robbed at gunpoint while servicing an automated teller machine earlier in 2011, was charged in federal court with embezzling bank funds. The 51-year-old woman was charged May 19 in U.S. district court in Tulsa, Oklahoma, with willfully misapplying $119,855 belonging to First National Bank & Trust Co. between January 1, 2010, and February 25, 2011. The woman, a longtime employee of the bank, claimed to have been robbed by two men who put a gun to her head while she was restocking one of the bank’s ATMs on Steve Owens Boulevard in Miami. The U.S. attorney’s office for the Northern District of Oklahoma said the week of May 15 that report proved to be false. The FBI had said in March that the employee who reported the theft was under investigation for allegedly having stolen more than $50,000. The U.S. attorney’s office said that investigation led to the charge against the former employee. Source: http://www.joplinglobe.com/local/x377184536/Miami-bank-employee-charged-with-embezzling

For another story, see item 47 below in Information Technology

Information Technology

44. May 23, H Security – (International) Another DoS fix for Apache HTTP server. The update of the Apache HTTP Server (httpd) to version 2.2.18 earlier in May to close a denial of service (DoS) problem appears to have exposed a related DoS vulnerability. The developers released httpd 2.2.19 to fix this new problem that has been rated as moderately critical; however, as with the previous DoS vulnerability, it requires that mod_autoindex is enabled in the Web server. It appears the updated Apache Portable Runtime (APR) 1.4.4 –- undled with the server to correct the denial of service vulnerability –- could cause httpd workers to enter a 100 percent CPU utilizing hung state when calling apr_fnmatch. An update to APR, version 1.4.5, which resolves the issue has been released by the APR developers and is bundled with Apache HTTP Server 2.2.19. Users can upgrade to httpd 2.2.19 or, if running httpd 2.2.17 or earlier, work around the denial of service problem by using the “IgnoreClient” option of the “IndexOptions”. The problem was first noted and tracked on Debian mailing lists. Source: http://www.h-online.com/security/news/item/Another-DoS-fix-for-Apache-HTTP-server-1247712.html

45. May 23, Help Net Security – (International) phpMyAdmin redirection weakness and script insertion vulnerability. A weakness and a vulnerability have been reported in phpMyAdmin that can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct spoofing attacks, according to Secunia. Input passed via the “url” parameter to url.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary Web site, for example, when a user clicks a specially crafted link to the affected script hosted on a trusted domain. This vulnerability is reported in version 3.4.0. 2. Also, input passed to the application when creating a database table name is not properly sanitized before being used on the “Tracking” page. This can be exploited to insert arbitrary HTML and script code that will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. This vulnerability is reported in version 3.4.0 and versions prior to 3.3.10.1. Source: http://www.net-security.org/secworld.php?id=11064

46. May 23, Softpedia – (International) Sony security breaches keep on popping up. A new Sony security breach has been reported, involving user information being leaked from the Web site of Sony BMG Greece. The incident was revealed the weekend of May 21 and 22 when someone publicly disclosed the stolen information of 8,385 users. However, the actual compromise occurred earlier in May. The database dump was publicly posted on pastebin.com and it contained usernames, e-mail addresses, passwords, and in some cases telephone numbers. “It appears someone used an automated SQL injection tool to find this flaw. It’s not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony Web site after Web site until a security flaw is found,” a security advisor at Sophos said. SQL injection vulnerabilities are very common, and Sony is not the only large company caught with such holes in its Web properties. Two other Sony compromises revealed the week of May 16 include the stealing of gift points worth $1,225 from 128 So-net Entertainment accounts, and the discovery of a phishing page hosted on Sony’s Thailand portal. Source: http://news.softpedia.com/news/Sony-Security-Breaches-Keep-on-Popping-Up-201675.shtml

47. May 20, threatpost – (International) New 64-bit rootkit being used to steal banking credentials. Security researchers have come across a new rootkit designed specifically to infect 64-bit Windows systems and steal users’ online banking credentials. It is believed to be the first piece of malware of its kind that is capable of compromising x64 systems. The new rootkit is being used by attackers in Brazil as part of drive-by download attacks and is then used to steal banking credentials after the infection. The malware has the ability to change some of the boot configurations of infected machines and then aims to redirect users to phishing sites. The new rootkit can infect machines running either 32-bit or 64-bit versions of Windows. The drive-by download is accomplished by using a malicious Java applet targeted at older versions of the Java Runtime Environment. The applet includes a number of files that each have different jobs to do once they are on an infected PC, including one that disables the Windows User Account Control mechanism. Source: http://threatpost.com/en_us/blogs/new-64-bit-rootkit-being-used-steal-banking-credentials-052011

48. May 19, Computerworld – (International) Mac App Store’s slow updates expose users to security risks. Apple’s Mac App Store puts users at risk because it is slow to update vulnerable software, a security researcher said May 18. The researcher noted the Opera browser had not been updated on the Mac App Store since March 1. Since May 18, however, Opera has released two updates to add features, fix crash bugs, and patch vulnerabilities. Opera updated to version 11.11 May 18, which closed a critical hole that could be exploited by attackers to infect a Mac with malicious code. “Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser,” the researcher said. When Apple launched the Mac App Store in January 2010, one of the online mart’s selling points was it would automatically notify customers when updates were available. The researcher’s argument is Apple failed to make good on the promise. “Mac users who have downloaded Opera through the App Store may find themselves using a copy of Opera that is now two versions old,” he said. Source: http://www.computerworld.com/s/article/9216860/Mac_App_Store_s_slow_updates_expose_users_to_security_risks

49. May 19, The Register – (International) Eureka! Google breakthrough makes SSL less painful. Google researchers said they have devised a way to significantly reduce the time it takes Web sites to establish encrypted connections with end-user browsers, a breakthrough that could make it less painful for many services to offer the security feature. Also, the technique known as False Start requires that only simple changes be made to a user’s browser, and appears to work with 99 percent of active sites that offer secure sockets layer (SSL) protection. “SSL False Start reduces the latency of a SSL handshake by 30%. That is a big number,” a Google software engineer wrote in a blog post published May 18. With the notable exceptions of Twitter, Facebook, and a handful of Google services, many Web sites send most traffic over unencrypted channels, making it easy for governments, administrators, and Wi-Fi hotspot providers to spy or even modify potentially sensitive communications while in transit. Source: http://www.theregister.co.uk/2011/05/19/google_ssl_breakthrough/

Communications Sector

See item 50 above in the Top Stories

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)