Monday, January 24, 2011

Complete DHS Daily Report for January 24, 2011

Daily Report

Top Stories

• Heavy smoke underneath a train in Boston, Massachusetts, resulted in 40 firefighters having to use small ladders to evacuate about 300 people, according to New England Cable News. (See item 25)

25. January 20, New England Cable News – (Massachusetts) Nearly 300 evacuated after smoke on Orange Line. An Orange Line Massachusetts Bay Transportation Authority (MBTA) train had progressed just 200 feet from the North Station platform in Boston, Massachusetts, when billowing smoke led the driver to bring the 6-car T to a halt just before 11 a.m. January 21. About 40 firefighters ran down into the tunnel to get what firefighters now say was about 300 people off the train. Boston fire said in a tweet that rescuers were using small ladders to get to people. They were all safely brought back to the platform, including a blind man who needed careful attention. Both Boston Fire and the MBTA said nobody was injured, but news reporters did see one man being put into an ambulance in the middle of the rescue. Although some passengers said they saw fire underneath the train, firefighters said there was never any flame to their knowledge. MBTA officials said a small hose that carries grease for the wheels came loose and the grease created the smoke. Source: http://www.necn.com/01/20/11/Nearly-300-evacuated-after-smoke-on-Oran/landing_newengland.html?blockID=394907&feedID=4206

• United Press International reports a Florida man was charged with impersonating a federal agent after deputies found 30 counterfeit badges in his apartment for agencies ranging from the FBI to the Federal Aviation Administration. (See item 46)

46. January 20, United Press International – (Florida) Florida man posing as FBI agent arrested. A Florida man was charged with impersonating a federal agent after deputies found law enforcement badges and weapons in his Weston, Florida apartment. Authorities said the 48-year-old told the apartment manager he was an FBI agent after the manager noticed he was wearing a gun when she went to investigate a water leak in the apartment, the South Florida Sun-Sentinel reported January 19. The manager became suspicious and called sheriff’s deputies, the newspaper said. Prosecutors said he identified himself to deputies as an FBI agent and was carrying a Glock handgun and counterfeit FBI credentials bearing his name and photograph. In the apartment, deputies found two fake FBI badges, and 28 other counterfeit federal badges from agencies including the U.S. Secret Service, U.S. Marshals Service, Drug Enforcement Administration, and the Federal Aviation Administration, authorities said. He was arrested and booked at the Broward County jail and released after posting bond. If convicted, he could face as long as 3 years in prison on each count of impersonation, and 6 months on each count of possession of federal agency badges and credentials. Source: http://www.upi.com/Top_News/US/2011/01/20/Florida-man-posing-as-FBI-agent-arrested/UPI-56361295551401/

Details

Banking and Finance Sector

14. January 21, Fox 5 Atlanta – (Georgia) Armored car guard shot at Wells Fargo Bank. The FBI said an armored car guard was shot at a bank in Stone Mountain, Georgia, January 21. The shooting happened at the Wells Fargo Bank on Redan Road. DeKalb police said the guard was restocking an ATM when an unknown black male approached him and shot the guard several times. The suspect then grabbed a money bag and jumped into a white SUV. The guard was transported to Grady Hospital with non life-threatening injuries. Dekalb police said the guard’s bulletproof vest may have saved his life. DeKalb police also said they had a robbery at a nearby Radio Shack a short time later. They said the suspects were also in a white van. The suspects were quickly apprehended. Police said they may be connected to the armored car robbery and are being questioned. Source: http://www.myfoxatlanta.com/dpp/news/local_news/Armored-Car-Guard-Shot-at-Bank-20110121-am-sd

15. January 21, Sierra Madre Patch – (California) EVG scam hits nearly 500 with losses totalling more than $172,000. Though the number of Sierra Madre, California residents reporting fraudulent credit card charges from the shuttered EVG Quality Gas station on Baldwin Avenue is beginning to decrease, police said they are still receiving reports at a rate of about three to five per day. As of January 20, the total number of victims to file claims with the department has risen to 497, the police chief told the Patch. The total dollar amount lost in the credit and debit card “skimming” scam has now reached $172,437. The number of reports filed in the case have started to taper off, however, with complaints coming in at a slower pace than in the weeks following the initial announcement by police that residents should check their bank statements and report suspicious charges. The week of January 9, the local police department turned over control of the property on which the abandoned EVG station sits to the property owner. The release of the property follows a completed investigation of the premises by Sierra Madre Police and the U. S. Secret Service, who joined the investigation earlier in January.

Source: http://sierramadre.patch.com/articles/evg-scam-hits-nearly-500-with-losses-totalling-more-than-172000

16. January 21, WSB 750AM Atlanta; Associated Press – (Georgia) FBI: Bank robber wanted TARP money back. Federal authorities are seeking a man they say robbed three banks in Atlanta, Georgia. An FBI Special agent told WSB Radio that the man said during one of the robberies, “I just want my TARP money back,’’ apparently referring to taxpayer-funded federal bailout of some financial institutions. During another robbery, he apologized to customers, saying he just wanted the bank’s money. The FBI Special Agent said the man robbed a bank in Atlanta September 30, another bank in Atlanta November 30, and a bank in Chamblee December 3. He got money from tellers during the first two robberies but left the last one empty-handed. The FBI said the man threatened to shoot people during the second robbery. The FBI describes the suspect as a black man between 35 and 45 years old. His height is between 6-feet and 6-feet 4-inches, and he weights between 220 and 250 pounds. Source: http://wsbradio.com/localnews/2011/01/fbi-bank-robber-wanted-tarp-mo.html

17. January 20, H Security – (International) Online banking trojan developing fast. Trojan construction kit Carberp, which first emerged in the autumn, appears to be undergoing rapid development, according to reports from sources that include security services provider Seculert. An F-Secure analyst is already calling it the rising star of the banking trojan world. Where the first versions of Carberp were very simple in their construction, newer versions are equipped with a more impressive list of features. It now runs on all versions of Windows, including Windows 7, where, according to TrustDefender, it is able to do its work without requiring administrator privileges. The latest version encrypts stolen data prior to transfer using a random key, which the client registers with the control server. These functions have been added to Carberp over a period of just a few months. Source: http://www.h-online.com/security/news/item/Online-banking-trojan-developing-fast-1172452.html

18. January 20, Help Net Security – (International) Zeus malware now targets online payment providers. The Zeus malware continues to evolve, diversifying away from its target bank sites and their customers, and over to sites with user credentials that allow assets that have a financial value. Money Bookers is an online payment provider allowing users to make online payments without submitting personal information each time. Twenty-six different Zeus configurations targeting Money Bookers have been found. This number does not fall short of some of the highly targeted banks and brands in the world. Another target is Web Money. This is another online payment solution that claims to have more than 12 million active users. Web Money is targeted by 13 different Zeus configurations, with the last one released January 16. As with all the other online payment providers, Zeus steals log-in information and other sensitive information of Web Money users. Source: http://www.net-security.org/malware_news.php?id=1600

19. January 20, KGET 17 Bakersfield – (California) Crisp and Cole arrested in huge federal mortgage fraud case. After years of investigation, federal agents January 2arrested two male suspects and at least nine others alleged to have been part of a realestate empire that, prosecutors said, systematically cheated banks and mortgage companies out of tens of millions of dollars. One suspect and his wife were arrested their home in San Diego, California. The second male suspect also was arrested January 20 somewhere near his Ventura County home. A major case related announcement, including details on the allegations, was expected to be made Januar21. Source: http://www.kget.com/news/local/story/Crisp-and-Cole-arrested-in-huge-federal-mortgage/83JN9CRS_kWp8HZZbQhhUA.cspx

20. January 19, Softpedia – (International) Brazilian phishing scam targets MasterCareward program. Security researchers warn of a new phishing attack that targets Brazilian credit card owners by spoofing e-mails from MasterCard’s Surpreenda (surprise) program. The new campaign was spotted by spam analysts from Commtouch, who notes that unlike classic phishing schemes where users are threateinto exposing their sensitive information, this attack tries to lure them with rewards. order to achieve this they spoof communications related to MasterCard Surpreenda, advantage program that lets credit card owners earn reward points when making purchases. These points can then be spent in “pay one, take two” promotions, where second product can be sent as a gift to someone. The rogue e-mails purport to come from surpreenda@redecard(dot)com.br and bear a title of “Participate in the MasterCard Surprise Promotion - RedeCard” [translated]. It is likely the phishers hijacked a legit e-mail advertising the program and only changed the destination of tlink inside. Source: http://news.softpedia.com/news/Brazilian-Phishing-Scam-Targets-MasterCaSurprise-Program-179345.shtml

Information Technology

48. January 20, Help Net Security – (International) Fake Facebook password change notification leads to malware. An e-mail purportedly sent by Facebook has been hitting inboxes around the world. An attached .zip file that supposedly contains a new password actually contains a backdoor that downloads a MS Word document and opens it. According to Avira, the document contains a few words in Russian and is written in Cyrillic. While users are preoccupied looking at the document and figuring out what it means, a fake AV solution misappropriating the name of Microsoft’s Security Essentials solution is downloaded, installed on the system, and starts showing false warnings about the computer being infected. Source: http://www.net-security.org/malware_news.php?id=1599

49. January 20, The Register – (International) Chinese Trojan blocks cloud-based security defenses. A Trojan has been released that is specifically designed to disable cloud-based anti-virus security defenses. The Bohu blocks connections from infected Windows devices and cloud anti-virus services. Bohu — which was spotted by anti-virus researchers working for Microsoft in China — is hardwired to block access to cloud-based net services from Kingsoft, Qihoo, and Rising. All three firms are based in China. The malware poses as a video codec. If installed, Bohu applies a filter that blocks traffic between the infected machines and service provider. The malware also includes routines to hide its presence on infected machines. Source: http://www.theregister.co.uk/2011/01/20/chinese_cloud_busting_trojan/

50. January 20, H Security – (International) Hacking with USB keyboard emulators. Modified USB devices can pose as keyboards and immediately pass keystrokes to a victim’s system. Depending on the operating system, just a few emulated keystrokes can be enough to sabotage or infect a system –- mouse emulation is also possible. In contrast to USB flash drives, when a keyboard is connected the operating system will not usually display a window requesting permission to use the device. A user may not even be aware a modified USB device posing as a human interface device (HID) has been connected to the system. Under Windows, a pop-up window is briefly displayed, but under Linux, only a glance at the logs will reveal this has occurred. Until recently, hackers were using micro-controller boards with USB support, such as the Teensy USB Development Board, for such attacks. At a recent Black Hat Conference, however, security specialists presented a talk on how to hack PCs without the aid of specialist hardware. By applying a simple modification to the USB stack on an Android mobile, they were able to make it pose as a keyboard when connected to a computer. Source: http://www.h-online.com/security/news/item/Hacking-with-USB-keyboard-emulators-1172612.html

51. January 20, Computerworld – (International) Trapster hack may have exposed millions of iPhone, Android passwords. Millions of e-mail addresses and passwords may have been stolen from Trapster, an online service that warns iPhone, Android, and BlackBerry owners of police speed traps, the company announced January 19. California-based Trapster has begun alerting its registered users and has published a short FAQ on the breach. “If you’ve registered your account with Trapster, then it’s best to assume that your e-mail address and password were included among the compromised data,” the FAQ stated. Trapster downplayed the threat, saying it was unsure the addresses and passwords were actually harvested. “While we know that we experienced a security incident, it is not clear that the hackers successfully captured any e-mail addresses or passwords, and we have nothing to suggest that this information has been used,” Trapster said. Source: http://www.computerworld.com/s/article/9205660/Trapster_hack_may_have_exposed_millions_of_iPhone_Android_passwords

52. January 19, Government Computer News – (International) PDF vulnerability found in Blackberry Attachment Service. Research In Motion has issued a security alert acknowledging a vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. The vulnerability is rated 9.3 (out of 10) on the Common Vulnerability Scoring System (CVSS). That is considered “high” in the National Vulnerability Database severity ratings. The advisory is intended for BlackBerry Enterprise Server (BES) administrators, who are the recommended persons to apply the RIM-supplied fix. The vulnerability affects BES Exchange, IMB Lotus Domino and Novell GroupWise versions 4.1.6, 4.1.7, 5.0.0 and 5.0.1. BES Exchange and IMB Lotus Domino versions 5.0.2 and the Exchange-only 5.0.2 are also affected. Source: http://gcn.com/articles/2011/01/19/vulnerability-in-blackberry-attachment-service.aspx

53. January 19, The Register – (International) Bot attacks Linux and Mac but can’t lock down its booty. Researchers from Symantec have detected a Trojan that targets Windows, Mac, and Linux computers and contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines. Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private. The bot can force its host to take instructions through Internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim’s Facebook account, among other things. Now, Symantec researchers have uncovered weaknesses in the bot’s peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim’s hard drive. That means the gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses. Source: http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/

For another story, see item 55 below in the Communications Sector

Communications Sector

54. January 20, Huntington News.Net – (West Virginia) Comcast Internet outages concern Huntington City Council. Internet disruptions January 19 and 20 have three Huntington City Council members in West Virginia complaining about the Comcast service. On January 20, the Internet was working, but went off shortly after 11 a.m. Due to the outage, Huntington City Hall was without e-mail service. The council chairman said, “I had several business owners that rely on Comcast Internet and cannot get Frontier DSL. The Internet connection has been going randomly up and down unpredictable, if you will.” Source: http://www.huntingtonnews.net/987

55. January 20, Mobiledia – (Washington) Source of Windows Phone 7 glitch discovered. Microsoft has pinpointed an unnamed third-party software developer as the source of a recent bug in its Windows Phone 7 smartphone operating system, which racked up “phantom data” charges on the phone bills of some of its users. “We have determined that a third-party solution commonly accessed from Windows Phones is configured in a manner that potentially causes larger than expected data downloads,” a Microsoft spokesperson said. “We are in contact with the third-party to assist them in making the necessary fixes, and are also pursuing potential workarounds to address the configuration issue in case those are needed.” The original “phantom data” glitch was discovered when Windows Phone 7 users were hit with higher-than-usual data charges, resulting from phones transmitting and downloading data without users’ knowledge. The flaw caused some users to run over bandwidth caps on network usage, as much as 50-gigabytes per day in some extreme situations. Source: http://www.mobiledia.com/news/80363.html

56. January 20, The Register – (National) WikiLeaky phone scam targets unwary in U.S. A new voicemail phishing scam uses the threat of non-existent fines for visiting WikiLeaks to pry money out of panicked marks. Prospective marks are robo-dialed by an automated system that states their computer and IP address “had been noted as having visited the Wikileaks site, and that there were grave consequences for this, including a $250,000 or $25,000 fine, perhaps imprisonment.” Potentially panicked victims are given a number to phone to discuss payment options. The scam, which involves the use of spoofed phone numbers, takes advantages of VoIP systems to minimize the cost of calls to crooks, who are probably using stolen access to corporate PBX systems. Source: http://www.theregister.co.uk/2011/01/20/wikileak_vishing_scam/

For another story, see item 51 above in Information Technology

Friday, January 21, 2011

Complete DHS Daily Report for January 21, 2011

Daily Report

Top Stories

• Nine schools in the Woodland Hills area of Los Angeles, California, were locked down for hours after a school police officer was shot near a campus January 19, according to the Associated Press. (See item 36)

36. January 20, Associated Press – (National) 9 LA schools reopen with extra security after police officer’s shooting; suspect sought. Nine schools in the Woodland Hills area of the west San Fernando Valley in Los Angeles, California, that were locked down for hours after a school police officer was shot near a campus January 19, reopened January 20 under heavy security, a district official said. School district police and city officers patrolled at El Camino Real High School and other campuses in the area. Crisis counselors also were on hand, but normal classes were held. “We feel that our students are safe and secure,” but the extra security presence may comfort anxious pupils, a spokesman for the Los Angeles Unified School District said. The shooting happened January 19 on a street just outside El Camino Real. Some 9,000 students were held in classrooms for hours at area middle, elementary, and high schools as police searched for the suspect. Some were finally allowed to leave long after dark. A school police officer was struck in the chest by a bullet when he confronted a man breaking into cars, but his body armor stopped the round, authorities said. More than 350 police officers, sheriff’s deputies and California Highway Patrol officers scoured 7 square miles around the school. Three schools in the “hot zone” — the immediate area near the shooting — kept students in classrooms for hours without access to food or bathrooms, the spokesman said. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-la-school-officer-shot,0,2787380.story

• KGO 7 San Francisco reports police arrested a woman for storing five pipe bombs, including at least one with glass shards, in a storage locker in Pacheco, California. (See item 50)

50. January 19, KGO 7 San Francisco – (California) Woman jailed after pipe bombs found in storage. Police are still trying to figure out why a 40-year-old Concord, California woman had five pipe bombs in a rented storage locker in Pacheco, California. She is being held in the Contra Costa County jail in Martinez, on $500,000 bail. She is charged with possession of an explosive device for the four bombs found inside a backpack inside a locker she rented at Affordable Storage on North 1st Avenue. A fifth bomb was found outside the backpack. “They varied in sizes from 4 or 5 inches to 8 inches. Inside one of the pipe bombs, we are checking to see if they were in more, we found glass shards. Specifically, when it explodes it was meant to hurt someone when those shards come out of the pipe bomb,” a commander with the Contra Costa Narcotic Enforcement Team said. Two others arrested at the storage facility have been released and are not believed to be connected to the explosives. A small amount of methamphetamine was also located at the storage unit. The commander said his agents are trying to determine the purpose of the explosives, and that the suspect is not cooperating with investigators. Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=7907676

Details

Banking and Finance Sector

13. January 20, New York Times – (International) Theft of E.U. emission permits estimated at $37.7 million. European Union (EU) regulators said January 20 that the value of greenhouse gas emission permits stolen in online attacks over recent days was about 28 million euros, and that employees of companies connected to the system might have played a role in the thefts. The European Commission shut down its Emissions Trading System, its main tool to control greenhouse gas emissions, January 19 to stop the spate of thefts, valued at the equivalent of $37.7 million. The commission, the E.U.’s executive arm, initially put most of the blame on computer hackers and on poor computer security. An E.U. official said some companies that regularly use the system admitted their employees could be “implicated” in the thefts. The thefts were carried out at electronic registries in Austria, Greece, the Czech Republic, Poland, and Estonia, according to the commission. The commission said spot trading at all E.U. registries, which track ownership of allowances, would be suspended until at least January 26. Source: http://www.nytimes.com/2011/01/21/business/global/21carbon.html

14. January 20, IDG News Service – (International) Fraudster’s money mules in short supply, says Cisco. A new security report from Cisco Systems estimated the amount of stolen online bank account data far exceeds the number of people fraudsters can get to transfer stolen funds, who are known as “money mules.” A mule is someone who either knowingly helps or is tricked into moving money from a victim’s bank account through their own account and then onto a third party, usually located in another country. Money is transferred from the victim’s account to the mule’s account, and the mule is then instructed to quickly withdraw the money and do a wire transfer or an ACH (Automated Clearing House) transfer. The ACH system is used by financial institutions for exchanging details of direct deposits, checks, and cash transfers made by businesses and individuals. Despite increasing awareness of the schemes, often advertised as “work-at-home” jobs with generous salaries, many people still get caught up in the frauds. Cisco said in its 2010 Annual Security Report that the ratio of stolen account credentials — which can be acquired through phishing or hacking — to available mule capacity could be as high as 10,000 to 1. Source: http://www.computerworld.com/s/article/9205625/Fraudster_s_money_mules_in_short_supply_says_Cisco_

15. January 19, Internet Crime Complaint Center – (National) E-mails containing malware sent to businesses concerning their online job postings. Recent FBI analysis revealed cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment Web site and allowed the attacker to obtain the online banking credentials of the person authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine, and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses. Source: http://www.ic3.gov/media/2011/110119.aspx

16. January 19, Asbury Park Press – (New Jersey) Highlands man charged in bomb threat at Rumson bank. A Highlands, New Jersey man threatened to blow up a borough bank as he was leaving it January 18, prompting a lockdown and a call for the New Jersey State Police Bomb Squad, officials said. The 63-year-old suspect — from Portland Road — shouted “I will blow this (expletive) bank up” as he and another man left the Bank of America branch on West River Road around 4:20 p.m., according to Monmouth County’s administrative assistant prosecutor. Rumson police arrived on scene after a bank employee alerted them to the threat and found the men in a car in the parking lot. Both men were detained, and the suspect was later charged with third-degree making terrorist threats and causing false public alarm, the assistant prosecutor said. The second man has not been charged with any offenses. Source: http://www.app.com/article/20110119/NEWS/110119108/Highlands-man-charged-in-bomb-threat-at-Rumson-bank

17. January 18, WJW 8 Cleveland – (Ohio) 8 arrested in identity theft ring ran from federal prison. Eight individuals from the Cleveland, Ohio, area have plead guilty to their roles in an identity-theft ring ran by a man locked up in a federal prison. According to officials with the office of the U.S. Attorney, Northern District of Ohio, a 34-year-old suspect, who resides in Atlanta, Georgia, was sentenced to 14 additional years in prison January 18 for running the identity theft ring out of Fort Dix Federal Correctional Institution. He ran the scheme from August 2009 to April 2010. Federal prosecutors said the suspect was able to get personal information communicated to him while in the prison, including names, addresses, and Social Security numbers of credit card holders at various department stores. He would then contact the stores and add additional users to the accounts or open new accounts in the person’s name. Prosecutors said the suspect then communicated with his co-conspirators, all eight of whom lived in the Cleveland area, and the cards were used to purchase $254,000 in merchandise. Source: http://www.fox8.com/news/wjw-news-eight-cleveland-arrests-identity-thefts,0,7030183.story

18. January 18, KTRK 13 Houston – (National) Four suspected in sophisticated ID theft ring. Police are searching for four suspects accused of operating a massive identity theft ring. They said it is a far reaching investigation, with victims across the United States. Police said the suspects are still at large. So far, they have identified at least 28 victims from Houston, Richmond, and Cypress, Texas, and even as far away as California. Police said surveillance video shows a male suspect purchasing gift cards more than 1 year ago. Investigators said he orchestrated the ID theft, along with his girlfriend, her brother, and her daughter. Detectives said they lived in two homes in Pearland, Texas, where police reportedly found $30,000 in cash last July. Detectives said the suspects had an accomplice, likely a cashier at another business who skimmed legitimate credit card data from unsuspecting customers. The suspects would then allegedly transfer that information to the magnetic strips on the back of blank cards and then emboss the cards with their own names and bogus numbers. The credit cards were then used to purchase gift cards, repeatedly. Police said the cards were either used by the suspects or sold. The male suspect was arrested in July, but bonded out and has since disappeared. Police believe he and the other three suspects are still somewhere in the Houston, Texas, area. Source: http://abclocal.go.com/ktrk/story?section=news/local&id=7905020

For another story, see item 41 below in Information Technology

Information Technology

41. January 20, IDG News Service – (International) Soundminer Trojan horse steals Android phone data. Researchers have developed a low-profile Trojan horse program for Google’s Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software. The malware, called Soundminer, monitors phone calls and records when a person, for example, says their credit card number or enters one on the phone’s keypad, according to the study. Using various analysis techniques, Soundminer trims the extraneous recorded information down to the most essential, such as the credit card number itself, and sends just that small bit of information back to the attacker over the network, the researchers said. The study was done by researchers from the City University of Hong Kong and Indiana University. Source: http://www.computerworld.com/s/article/9205627/Soundminer_Trojan_horse_steals_Android_phone_data

42. January 19, Computerworld – (International) Researcher releases attack code for just-patched Windows bug. Attack code for a Windows vulnerability that Microsoft patched the week of January 9 was released by a researcher one day after the company fixed the flaw. The bug, which Microsoft rated “critical” — its highest threat ranking — was first reported more than 9 months earlier when its discoverer used it in a one-two punch against Internet Explorer 8 (IE8) that won him $10,000 in a hacking challenge. The researcher used the vulnerability to sidestep one of Windows 7’s most important anti-exploit defenses, ASLR (address space layout randomization). “I used this to get rid of ASLR, and another vulnerability to bypass DEP,” he said. DEP, or data execution prevention, is another protection technology Microsoft relies on to make it difficult for attackers to execute their malicious code on Windows. He posted one version of the exploit he used at Pwn2Own on his own Web site January 12. That was the day after Microsoft patched the vulnerability in Microsoft Data Access Components (MDAC), a set of components that lets Windows access databases such as Microsoft’s own SQL Server. The flaw is in the MDAC ActiveX control that allows users to access databases from within IE. Source: http://www.computerworld.com/s/article/9205522/Researcher_releases_attack_code_for_just_patched_Windows_bug

43. January 19, Computerworld – (International) Oracle patching fewer database flaws as it adds more products. Oracle Corp.’s ability to address vulnerabilities in its core database technologies may be hampered by the vast number of products the company now must manage, security experts say. For example, the list of Oracle’s quarterly security updates released January 18 includes only six patches for security flaws in the company’s flagship database products. The other 60 patches released fix bugs in Oracle’s Fusion middleware technologies, its supply chain and CRM software, and products gained from its acquisition of Sun Microsystems early in 2010. The small number of database patches does not necessarily mean Oracle technology is becoming more secure, the director of security at Application Security Inc.’s Team Shatter vulnerability assessment group said. Rather, it likely shows the company does not have the capacity to fix the full list of Oracle database flaws reported to it in a timely fashion, said the director, whose team of researchers discovered three of the six database flaws addressed in an update released the week of January 16. “The number of database fixes from Oracle has really gone down,” he said. “But that’s not because of a lack of vulnerabilities. They have apparently reassigned their priorities and are choosing not to fix all the database vulnerabilities that are reported to them. It appears that they are losing some of the DBMS focus and are getting spread too thin on other stuff.” Source: http://www.computerworld.com/s/article/9205560/Oracle_patching_fewer_database_flaws_as_it_adds_more_products

44. January 19, IDG News Service – (International) Obama, Ballmer urge China to step up IP enforcement. The U.S. President and the CEO of Microsoft pressed the President of China January 19 to step up enforcement of intellectual property rights in his country. In a move that indicates China’s decade of efforts to crack down on software piracy has failed in the eyes of foreign businesses, Microsoft’s CEO met with the U.S. President and the Chinese leader at the White House in Washington, D.C. to push the issue. “So we were just in a meeting with business leaders, and [the CEO] of Microsoft pointed out that their estimate is that only 1 customer in every 10 of their products is actually paying for it in China,” the U.S. President told a press conference. The U.S. President said the Chinese President had agreed to take action. Under pressure from foreign business leaders over the past 10 years, China periodically arrests the manufacturers and sellers of counterfeit DVDs and CDs. Some discs, often sold on street corners or in public markets, are Microsoft operating systems sold at fractions of the market price. Source: http://www.computerworld.com/s/article/9205599/Obama_Ballmer_urge_China_to_step_up_IP_enforcement

Communications Sector

45. January 19, San Bernardino Press-Enterprise – (California) AT&T and Verizon work on rain damage. At least 500 residents in Riverside County, California, are still without telephone, Internet, or television service a month after persistent rainstorms ravaged the inland region. AT&T and Verizon are still in the thick of repairing underground cable and telephone lines damaged by flooding during December’s severe storms. As of 2 weeks ago, about 4,500 customers still had problems with AT&T service in Riverside County after the precipitation. Statewide, the telecommunications company reported having 70,000 “trouble tickets” pending at that time from customers reporting outages and issues related to the rain. Verizon, which serves San Bernardino County, would not say how many of its customers were affected by flooding to its underground cables. As of January 19, the number of affected AT&T customers within Riverside County who were still reporting problems with their wired phone service, Internet, and television had dropped to 500. Statewide, the number had dropped to 21,000. Source: http://www.pe.com/localnews/stories/PE_News_Local_D_cable20.12494aa.html

46. January 19, NetworkWorld – (International) At Black Hat, fake GSM base station trick targets iPhones. While his Black Hat DC Conference demonstration was not flawless, a University of Luxembourg student January 19 showed it is possible to trick iPhone users into joining a fake GSM network. The student showed how to cobble together a laptop using open-source software OpenBTS and other low-cost gear to create a fake GSM transmitter base station to locate iPhones in order to send their owners a message. A number of iPhone users in the room expressed surprise they had gotten a message asking them to join the network. The student, who is researching vulnerabilities in cellular networks, said that with the right equipment, the range for the rogue GSM station he built can be 35 kilometers. The student’s attack would allow him to take advantage of iPhones lured into his rogue base station to “enable and disable auto-answer on the iPhone” he said, or with an attack payload to record the audio on the iPhone, store it in RAM and then transmit the data that was sniffed. The student said he does not want to encourage data theft, but he does want to get carriers and vendors to improve security in the wireless networks. He noted technology such as femtocells could be used to replace the OpenBTS software, which would only amplify the types of attacks he is investigating. Source: http://www.computerworld.com/s/article/9205559/At_Black_Hat_fake_GSM_base_station_trick_targets_iPhones