Wednesday, May 25, 2011
Complete DHS Daily Report for May 25, 2011
Daily Report
Top Stories
• The FDA has advised parents, caregivers, and health care providers not to feed SimplyThick, a thickening product, to premature infants after use of the product was possibly linked to 2 deaths and 13 serious illnesses. (See item 38)
38. May 20, U.S. Food and Drug Administration – (National) FDA: Do not feed SimplyThick to premature infants. The U.S. Food and Drug Administration (FDA) is advising parents, caregivers, and health care providers not to feed SimplyThick, a thickening product, to premature infants. The product may cause necrotizing enterocolitis (NEC), a life-threatening condition. FDA first learned of adverse events possibly linked to the product May 13. To date, the agency is aware of 15 cases of NEC, including 2 deaths, involving premature infants who were fed SimplyThick for varying amounts of time. The product was mixed with mothers’ breast milk or infant formula products. Illnesses have been reported from at least four different medical centers. The illnesses involve premature infants who became sick over the past 6 months. SimplyThick was added to the feeding regimen of infants — who later developed NEC — to help with swallowing difficulties stemming from complications of premature birth. Parents and caregivers who have medical concerns or concerns or questions related to the use of the product should contact their health care provider. The product is sold in packets of individual servings and in 64-ounce dispenser bottles. It can be purchased from distributors and local pharmacies throughout the United States. Source: http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm256253.htm
• The Register reports LinkedIn will reduce the persistence of cookies it uses to identify users folllowing the discovery of security issues with the site that create a possible means for fraudsters to hijack profiles. See item 53 below in Information Technology
Details
Banking and Finance Sector
18. May 24, Arlington Heights Daily Herald – (Illinois) 4 indicted in Naperville 'skim' scam. Four men were accused in a federal indictment of conspiring to “skim” credit card information from unsuspecting customers at a Naperville, Illinois restaurant, authorities said May 23. The men each face felony charges of conspiracy to commit credit card fraud. Two also face charges of substantive credit card fraud, possession of access-device making equipment, and aggravated identity theft. A special grand jury indictment filed in May accuses the men of using a handheld ”skimming device” to obtain encoded information from the magnetic strips of credit cards. Authorities said the defendants then created counterfeit cards and used them to go shopping at retail stores in Lombard, Northlake, and Streamwood. In all, the alleged scheme resulted in losses of more than $213,000, authorities said. Source: http://www.dailyherald.com/article/20110524/news/705259985/
19. May 24, Lexington Herald-Leader – (National) Former Lexington employee pleads guilty in Big Brothers Big Sisters fraud. The former office manager for Big Brothers Big Sisters of the Bluegrass in Kentucky pleaded guilty May 23 to bank fraud for cashing $435,837 in checks on the organization's account, according to the U.S. attorney's office. The woman admitted she issued 142 fraudulent checks to other people from 2008 through October 2009. She would keep much of the cash, once in a while paying smaller amounts to those who cashed the checks at Central Bank, the plea agreement states. She would telephone Big Brothers' bookkeeper at Stivers and Co., an accounting firm hired by the agency, and authorize checks payable to third parties, according to the plea agreement. She would pick up the checks from Stivers and forge the signatures of Big Brothers board members who could sign checks. The convict would then give the checks to the third parties, who would cash them. The maximum penalty for the crime is 30 years in prison, a fine of up to $1 million, and up to 5 years of supervised release. Source: http://www.kentucky.com/2011/05/24/1750198/former-big-brothers-big-sisters.html
20. May 23, Reuters – (International) Gas tank attacks damage two Mexico banks; no injuries. Two small explosive devices went off before dawn May 23 at two banks in Mexico City, Mexico, shattering windows but leaving no injuries, the city's top prosecutor said. No arrests have been made, but the Mexico City Attorney General (AG) said authorities suspect youth gangs were behind the attack. "There were just material damages," he told Mexican television. The attack did not appear related to the country's drug war, in which cartels have set off car bombs as they resist a government crackdown. The explosive devices May 23 appeared to be using small butane tanks, the AG said. Images from Televisa network showed shattered glass on the floor and damaged furniture inside a BBVA Bancomer bank office on the city's west side. The other explosion was at a Santander Serfin branch, Reforma newspaper reported. A third device was left in another Santander Serfin branch but did not explode, Reforma reported. Source: http://www.reuters.com/article/2011/05/23/mexico-explosions-idUSN2315681720110523
21. May 23, Wall Street Journal – (International) Ohio couple pleads guilty to conspiring to finance Hezbollah. A married couple from Toledo, Ohio, pleaded guilty May 23 to charges related to a plan to send hundreds of thousands of dollars to Hezbollah. The couple met multiple times between August 2009 and June 2010 with a confidential source working on behalf of the Federal Bureau of Investigation, during which time they discussed ways to secretly send money to Hezbollah leaders in Lebanon, court documents said. The confidential source delivered $200,000 to the couple June 3, 2010, and told them he would return later in the day with more money, court documents said. Shortly thereafter, the couple was seen inside their home bundling a portion of the money in plastic wrap and duct tape to prepare it for concealment. The wife pleaded to one count of conspiracy, and the husband to a total of five counts that included conspiracy to provide support to a foreign terrorist organization, and conspiracy to violate money laundering law. Source: http://blogs.wsj.com/corruption-currents/2011/05/23/ohio-couple-pleads-guilty-to-conspiring-to-finance-hezbollah/
22. May 23, KWTV 9 Oklahoma City – (Oklahoma) Reward offered for Oklahoma City 'Pantyhose Posse'. According to the FBI, two unknown white or Hispanic men entered the MidFirst Bank located on S.W. 44th Street in Oklahoma City, Oklahoma, around 10:15 a.m. May 23 wearing black pantyhose over their heads. Investigators said one of the robbers vaulted the counter and verbally demanded hundred-dollar bills while holding a firearm. The other robber stood in the lobby area of the bank holding another firearm. The bank employees complied with the robbers' demand. The robbers gathered an undetermined amount of money and left the bank. Currently, law enforcement believes the so-called "Pantyhose Posse" is also responsible for two other Oklahoma City bank robberies. The first located at Bank of Oklahoma at 4324 S.E. 44th Street May 6, and Coppermark Bank at 6809 N. Meridian Avenue May 11. In addition to MidFirst's reward of $4,000 dollars, the Oklahoma Banker's Association is offering $2,000 in reward money, and Coppermark Bank also is offering $2,000. Source: http://www.news9.com/story/14700454/reward-offered-for-information-on-the-pantyhose-posse
23. May 21, Stockton Record – (California) Alleged bank robber who used fake bombs hears string of charges. A 58-year-old man accused of using phony bombs to threaten his victims in a string of bank robberies appeared in a Stockton, California courtroom May 21 to hear a judge read out the charges. Authorities said the man walked into the banks, each time placing on the counter a package, which he claimed to be an explosive. He then demanded money, officials said. The alleged bank robberies took place at Bank of the West branches in Lockeford, Ripon, and Lodi, and at the Farmers & Merchants Bank in Linden. Officials have said they also suspect the man of similar robberies in Amador and Stanislaus counties, but May 21 the charges filed against him stemmed only from alleged cases in San Joaquin County. The robberies happened between December 2010 and May 2011. San Joaquin County Sheriff's deputies arrested the man May 18 at his Stockton home on Acacia Avenue. He is charged with four counts of second-degree robbery, and four counts of making a false bomb threat, according to the criminal complaint filed with the San Joaquin County Superior Court. Source: http://www.recordnet.com/apps/pbcs.dll/article?AID=/20110521/A_NEWS09/105210311
For more stories, see items 56 and 57 below in Information Technology
Information Technology
52. May 24, IDG News Service – (International) Dimension Data finds vulnerabilities on Cisco devices. Large numbers of companies using Cisco network equipment are still vulnerable to a single security vulnerability flaw nearly 2 years after a patch was issued, an analysis of network scans by Dimension Data for its 2011 Network Barometer Report has found. Overall, Dimension's Technology Lifecycle Management assessment service discovered that an average of 73 percent of the 270 assessments it carried out on Cisco-dominated global companies had at least 1 known device security vulnerability that had yet to be patched. This held true for companies of all sizes and across all geographies. A single prominent vulnerability, Cisco PSIRT (Cisco Product Security Incident Response Team) 109444, was found on 66 percent of the networks reviewed, accounting for much of the security exposure it found. PSIRT 10944 has been rated by the industry Common Vulnerability Scoring System as being between 6.4 and 7.8 out of 10 in terms of severity (moderately critical), and capable of allowing an attacker to hit affected devices with a successful DDoS attack, Dimension Data said. Source: http://www.computerworld.com/s/article/9216988/Dimension_Data_finds_vulnerabilities_on_Cisco_devices
53. May 24, The Register – (International) LinkedIn slashes cookie lifespan after research exposes security flaws. LinkedIn said it would reduce the persistence of cookies it uses to identify users of the business-focused social networking site following the discovery of security issues with the site that create a possible means for fraudsters to hijack profiles. A security researcher discovered LinkedIn session cookies are transmitted over an unsecured HTTP connection even in cases where users follow the option of signing in over a secure (SSL) connection. These cookies remain active for up to a year. Hackers who captured these cookies could obtain unauthorized access to other users' accounts. The LEO_AUTH_TOKEN cookie grants access to an associated account irrespective of whether or not users are logged in at the time, the researcher warned. These cookies work for up to a year or until a user changes their password and logs in using this new password, generating a fresh authentication token. LinkedIn boasts more than 100 million registered users. In response to the research, LinkedIn reduced the persistence of the authentication cookie from 1 year to 3 months. Also, the business-focused social network is extending plans to support SSL across its site –- not just during logins. Source: http://www.theregister.co.uk/2011/05/24/linkedin_cookie_vuln/
54. May 24, The Register – (International) Exploited Hotmail bug stole email without warning. Microsoft has patched a bug in its Hotmail e-mail service that attackers were exploiting to silently steal confidential correspondences and user contacts from unsuspecting victims. The vulnerability was actively being exploited using e-mails that contained malicious scripts, a Trend Micro researcher said May 23. Successful attacks required only that a Hotmail user open the malicious e-mail or view it in a preview window. The commands embedded in the e-mails uploaded users' correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action. The scripts also had the capability of enabling e-mail forwarding on the targeted Hotmail account, allowing attackers to view e-mails sent to the victim in the future. Source: http://www.theregister.co.uk/2011/05/24/microsoft_hotmail_email_theft_attack/
55. May 24, Softpedia – (International) Hackers continue to exploit holes in Sony's Web properties. Hacking outfit LulzSec hacked into the Sony Music Online's Japanese Web site and leaked the database structure. The pastebin link does not lead to a full database dump, but to a listing of the tables and columns that can be found inside it. Instead of extracting and publishing the data themselves, the hackers made public two SQL injection vulnerabilities that can be exploited by anyone with a simple understanding. The LulzSec members also mentioned there are "two other databases hosted on this boxxy box" and encouraged people to go for them on their own. SQL injection vulnerabilities occur when user input is not properly sanitized. They can be exploited by attackers to access the underlying database with the credentials of the vulnerable Web site. A Romanian hacker known as d3v1l disclosed two other vulnerabilities in Sony Web properties. One is also an SQL injection located in the Sony Pictures Italia Web site, while the other is a cross-site scripting (XSS) flaw on Sony.com.
56. May 23, threatpost – (International) Black Hole exploit kit available for free. Several weeks after the source code for the Zeus crimeware kit turned up on the Web, the Black Hole exploit kit now appears to be available for download for free as well. Black Hole normally sells for $1,500 for an annual license, and is currently one of the more powerful attack toolkits on the market. The Black Hole exploit kit is somewhat newer and less well-known than attack toolkits such as Zeus and Eleonore, but it has been used by attackers for major Web-based attacks for the last few months. Researchers have found that thousands of URLs have been infected with Black Hole exploit code, which is then used to infect site visitors via drive-by downloads. Kits such as Black Hole and Zeus typically will sell for upwards of $1,000 for an annual license, and some of them also give buyers the option to add extra modules and exploits for additional fees. Source: http://threatpost.com/en_us/blogs/black-hole-exploit-kit-available-free-052311
57. May 23, Softpedia – (International) Qakbot increasingly prevalent this quarter. Security researchers from Symantec warn that Qakbot, a data stealing piece of malware, has registered an activity spike during April which continued into May. Qakbot dates back to 2009 and the main infection vector used by its creators are drive-by download attacks that exploit vulnerabilities in outdated software. The piece of malware is technically a worm because it has self-propagation mechanisms that involve copying itself to network shares and removable drives. Once running on a computer, the worm can download and execute additional files, steal and send data to its creators, and open a backdoor for them to control the system. The Symantec malware researchers who monitored Qakbot for the past few years, recorded a significant spike in the malware's activity in April. The worm's creators released new variants that were able to spread very quickly, peaking at almost 250,000 hits in the second half of April. This activity was significantly different than that of similar malware, suggesting a renewed interest. The researchers warn users, especially those in corporate environments where this worm thrives best, to be on the lookout for the Qakbot. It can steal keystrokes, digital certificates, POP3 account passwords, and FTP credentials, which are then used to infect Web pages with drive-by download code. It also targets online banking session tokens. Source: http://news.softpedia.com/news/Qakbot-Increasingly-Prevalent-this-Quarter-201792.shtml
58. May 23, The Register – (International) Researchers find irreparable flaw in popular CAPTCHAs. Computer scientists have developed software that easily defeats audio CAPTCHAs offered on account registration pages of a half-dozen popular Web sites by exploiting inherent weaknesses in the automated tests designed to prevent fraud. Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg, Authorize.net, and Microsoft's Live.com. The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain. In virtually all of the tests, Decaptcha was able to correctly solve the puzzle at least once in every 100 attempts, making the technique suitable for botmasters with large armies of compromised computers. The high success rate was largely the result of the ease in removing sound distortions known as background noise, intermediate noise, and constant noise inserted into the background to throw off speech-recognition programs. Most audio-based CAPTCHA systems are wide open to the attack. Source: http://www.theregister.co.uk/2011/05/23/microsoft_yahoo_captchas_busted/
Communications Sector
59. May 24, Waterbury Republican-American – (Connecticut) Texas men charged after trooper finds them on tower. Two men from Texas who got around a barbed-wire fence and climbed the communications tower at Mohawk State Forest in Cornwall, Connecticut were arrested May 23. State police said a 20-year-old man, of Spring Branch, and the 26-year-old man, of Fredericksburg, were in the tower when a state trooper spotted lights flickering from it while he was on routine patrol. The 20-year-old was charged with second-degree criminal trespass and delivery of alcohol to a minor. The 26-year-old was charged with possession of drug paraphernalia, possession of a controlled substance, possession of liquor and second-degree criminal trespass. They were both held overnight on $5,000 bond and arraigned May 23 in Bantam Superior Court. Police said there was no apparent damage to the communications tower. Source: http://www.rep-am.com/news/local/doc4ddba0f75b4cf660150141.txt
60. May 20, Nextgov – (National) LightSquared cell network knocks out first responders' GPS in tests. Initial tests of a controversial cellular broadband network planned by LightSquared showed the company's system knocked out global positioning system (GPS) receivers used by first responders. LightSquared of Reston, Virginia, tested its system last month at Holloman Air Force Base, New Mexico, with the participation of state police vehicles and county ambulances, both of which experienced outages from the company's cell tower, according to the director of the State of New Mexico E911 program. LightSquared operates in the 1525-1559 MHz and 1626.5-1660.5 MHz bands, and the Federal Communications Commission directed the tests to determine if the network interfered with GPS systems that operate in the nearby 1559-1610 MHz bands. The director of E911, in a May 11 letter to the director of the Air Force Global Positioning Directorate said the results of the April tests, "substantiate concerns that the LightSquared network will cause interference to GPS signals and jeopardize 911 and public safety nationwide." LightSquared, the GPS industry, and numerous federal agencies are conducting tests through June to determine the extent of interference from the company's system to GPS receivers. The Federal Aviation Administration said another test of the LightSquared system started May 23 in Las Vegas, Nevada and will continue through May 27. FAA warned of potential GPS outages within 300 miles of the LightSquared tower in Boulder City, Neveda, 25 miles southeast of Las Vegas. The U.S. defense and transportation departments have serious concerns about the impact LightSquared's network of 40,000 cell towers will have on GPS receivers. LightSquared maintains the interference is not caused by its system, but by sensitive GPS receivers that "see" into the frequency band the network uses. Source: http://www.nextgov.com/nextgov/ng_20110520_9569.php
No comments:
Post a Comment