Thursday, February 17, 2011

Complete DHS Daily Report for February 17, 2011

Daily Report

Top Stories

• According to USA Today, United Airlines canceled 15 flights February 15, after grounding its fleet of 96 Boeing 757s over safety issues. (See item 16)

16. February 16, USA Today – (National) United: Operations back to normal as 757 inspection continues. United Airlines said it canceled 15 flights late February 15, after grounding its fleet of 96 Boeing 757s over safety issues, but expected to resume normal operations February 16. The carrier voluntarily halted 757 takeoffs after it discovered it hadn’t completed safety checks on a critical equipment upgrade required by federal aviation regulators. As of the morning of February 16, United hadn’t completed inspecting all 757s, but expected to complete them “shortly,” a spokeswoman said United uses the planes mostly on long-range flights. The problem occurred on the 757’s air data computer, which measures air pressure and other atmospheric conditions to determine speed and altitude. On June 22, 2004, the Federal Aviation Administration (FAA) ordered the computers be replaced and that mechanics perform a check to ensure they were working properly. United hadn’t performed the required check after replacing the units. The airline said it was not aware of any problems or incidents caused by the computers. Each 757 has two of the computers so they can check each other’s accuracy, as well as a standby system in case of emergency, according to Boeing documentation. The FAA issued an emergency order requiring the computers be replaced because of a flaw that could cause pilots to erroneously believe they were flying too fast or too slow. The agency was unaware of the issue until it was notified February 15 by United, an FAA spokeswoman said. Although rare, erroneous speed readings have led to several fatal crashes, including two in 1996 on 757s, a USA TODAY report found. Source:

• Associated Press reports one U.S. Immigration and Customs Enforcement agent was killed and another injured when gunmen attacked their vehicle in the Mexican state of San Luis Potosi. (See item 36)

36. February 16, Associated Press – (International) Gunmen kill US agent, wound another, in Mexico. A U.S. Immigration and Customs Enforcement (ICE) agent on assignment to the ICE Attache in Mexico City, Mexico from his post in Laredo, Texas, died February 15 when gunmen attacked his blue Suburban vehicle in the northern state of San Luis Potosi. A second ICE agent was shot in the arm and leg and was in stable condition, according to statements from the Department of Homeland Security. The Homeland Security Secretary said the fatal attack on American law enforcement, the highest-profile attack since the 1985 torture and killing of a Drug Enforcement Administration agent, will not change the U.S. commitment to supporting Mexico in its crackdown on organized crime. The two agents were driving on a four-lane, federal highway between Mexico City and Monterrey when they were stopped at what may have appeared to be a military checkpoint, according to one Mexican official. Mexican military officers said they had no checkpoints in the area. After they stopped, someone opened fire on them, the official said. Police said a checkpoint was unlikely on such a high-speed stretch of highway and that the bullet-riddled Suburban was found off to one side of the road. The United States has increased equipment and training support for Mexico in recent years through its $1.4 billion Merida Initiative. Source:


Banking and Finance Sector

11. February 16, Pittsburgh Post-Gazette – (Pennsylvania) BNY Mellon employee accused of embezzling $452,000. A Bank of New York-Mellon employee in Pittsburgh, Pennsylvania, has been indicted for allegedly embezzling $452,037, according to court documents entered February 16. The 37-year-old woman, of Greenfield, Pennsylvania faces charges of theft by a bank employee and is the subject of an arrest warrant. The U.S. attorney’s office said an FBI investigation led to a federal grand jury charge for a string of thefts from April 2007 through August 2010. If convicted, the woman could face a maximum of 30 years in prison and a $1 million fine. Source:

12. February 15, – (National) Visa incents ‘Dynamic Authentication’. A move toward Europay, Mastercard and Visa (EMV) intergrated circuit cards can help merchants cut their security compliance costs, but only if they operate outside the United States, is the message from Visa Inc., which the week of February 7 announced the launch of the Visa Technology Innovation Program. It is designed to eliminate eligible international merchants from annual validations of compliance with the Payment Card Industry Data Security Standard. In the United States, where no official movement toward the EMV standard exists, other types of dynamic authentication are being encouraged by Visa. But they will not offer the same incentives (i.e. eliminating compliance validations) the Technology Innovation Program provides to qualifying EMV-compliant merchants in other parts of the world. “With the United States facing government price controls on debit and restrictive routing and exclusivity rules, it is not feasible or appropriate to drive the market toward major infrastructure investments, especially in an environment where financial institutions could lose billions in revenue as a result of the regulation,” Visa’s group executive for the Americas said in a statement issued by Visa. “With such a dramatic potential for revenue loss, financial institutions will likely curtail investments in future innovations.” Source:

13. February 15, Cookeville Times – (Tennessee) FBI investigates bank pipe bomb in Sparta. The FBI has taken over the investigation of a an incident in which a Sparta, Tennessee woman took a pipe bomb into a bank without realizing what she was carrying. The woman reported to police that she had found the pipe bomb at her home but did not know what it was and took it to work with her February 14 for examination by one of the police officers. US Bank on Highway 111 was evacuated after the woman showed the bomb to officers. The bomb squad detonated the bomb in a nearby grassy area and no one was injured. Area businesses were also evacuated and Tennessee Bomb and Arson was called as well as the FBI. Both northbound and southbound lanes of Highway 111 were shut down as a precaution. Source:

14. February 15, WMTW 8 Portland – (Maine) Security breach investigated at Day’s Jewelers. Customers of Day’s Jewelers in Portland, Maine were told to check their credit and debit card statements for unauthorized charges. The Maine State Police Computer Crimes Unit is investigating a security breach, involving hackers, company officials said. The breach affects customers who used credit and debit cards at stores in November and December 2010. The company said it could not release details about the breach because of the investigation, but in a statement, the president of Day’s Jeweler’s said, “We are working diligently with law enforcement as it investigates this criminal activity. The Maine Credit Union League helped bring the breach to the attention of authorities with the help of local credit unions. “They started putting two and two together and noticed most of those transactions that were fraudulent, those members had conducted a transaction at Day’s jewelry store,” said a Maine Credit Union League spokesman. Source:

15. February 14, KTLA 5 Los Angeles – (California) FBI: ‘Cooler Bandit’ wanted in 7 SoCal bank robberies. The FBI is asking for the public’s help catching a suspect suspected of robbing seven banks in Southern California since August 2009. The suspect has been dubbed the “Cooler Bandit” because he has been seen carrying a nylon-type lunch bag and water bottle during some of the robberies. The most recent robbery was on February 9 at a Bank of America in the 2400 block of West Florida Avenue in Hemet. Detectives said he has threatened to kill bank tellers if they did not hand over money. The “Cooler Bandit” is described as between 5’5” and 5’6” tall. He has a thin build, with black hair and brown eyes. He has worn sunglasses with orange lenses or clear glasses with black rims in some of the robberies. Source:,0,4282953.story

Information Technology

41. February 16, The Register – (International) Windows 0day could allow complete hijacking. Security researchers have warned of a new vulnerability afflicting older versions of Windows that could allow attackers to take complete control of machines running the operating systems. The flaw in “BrowserWriteErrorLogEntry()” function within the Windows mrxsmb(dot)sys driver “could be exploited by remote attackers or malicious users to cause a denial of service or take complete control of a vulnerable system,” researchers from French security firm Vupen warned. The warning came after proof-of-concept code was posted February 14 to the Full-disclosure mailing list. Attacks are triggered by sending vulnerable machines malformed Browser Election requests that cause a heap overflow in the mrxsmb(dot)sys driver. The term “Browser” in this context does not refer to an application for browsing Web sites, but rather, to networking technology used by older versions of Windows. The malformed Browser Election requests contain an “overly long Server Name string,” vulnerability tracking service Secunia said. Vupen, which rates the vulnerability as critical, has confirmed the bug in Windows Server 2003 SP2 and Windows XP SP3. Secunia rates it as moderately critical. Source:

42. February 15, – (International) ‘Reporter has stroke on TV’ turns into Facebook scam. During the Grammy Awards broadcast February 13, a Los Angeles, California television reporter appeared to be having a stroke during a live report. She slurred words and at times spoke gibberish, what physicians describe as classic stroke symptoms. Despite the fact she was fine, the video of her on-air meltdown has gone viral on YouTube, and has become a tool for at least one Facebook scam, according to security experts at Sophos software. Facebook users have started getting messages, which look like they are from friends, followed by a link. Users who click the link are redirected to a screen that indicates the video requires a “verified app” to be viewed. To get the app, users are prompted to click a button to download it. The scammers’ plan is to exploit interest in the video by tricking users into approving an application that will be able to access profiles and post messages onto the walls of Facebook accounts. Though users cannot see it, their own Facebook account is reaching out to all their friends, encouraging them to click on the link and view the same video. Source:

43. February 15, Help Net Security – (International) HBGary e-mails are a treasure trove for social engineers. The recent publication of the second batch of corporate e-mails exchanged between HBGary and HBGary federal executives and various contacts in U.S. intelligence, military, and law enforcement organizations is a godsend to individuals who aim to launch social engineering attacks against those people, a security expert said. The e-mails contain a variety of personal and business contact information of individuals who work for various U.S. intelligence agencies, the Air Force, and other high ranking government officials, and can also be used to extrapolate a likely web of social and business contacts between them and the business community. The topics of the e-mails themselves offer a great amount of useful knowledge about the organizations’ and the individuals’ needs and ways of thought — knowledge that can be deadly in the hands of an adept social engineer. Source:

For more stories, see items 47 and 48 below in the Communications Sector

Communications Sector

44. February 15, New York Magazine – (International) Iran tries internet censorship, execution as protesters demand democracy. After pro-democracy protests in Tehran, Iran, February 14, Iranian authorities have started blocking pro-opposition Web sites and electronic media, and greatly slowed broadband speed in major cities. Text-message and mobile-phone traffic was disrupted, and the word “bahman”, the current month in the Persian calendar, has been blocked. Authorities have tried to censorthe actual protests and reporting of the events, blocking the top two news sites and jamming satellite TV broadcasts and prohibiting photography. Conservative lawmakers have also called for the execution of two opposition leaders who asked for permission to demonstrate but were denied and did it anyway. Source:

45. February 15, MyBroadband – (International) Web Africa ADSL international connectivity problems. An outage on Web Africa’s SAT-3 link caused international connectivity downtime for subscribers. Internet Service Provider (ISP) Web Africa was experiencing an international bandwidth outage February 15 that was aggravated by routing problems which prevented failover of the SEACOM submarine fiber-optic cable that connects communication carriers in south and east Africa. Web Africa subscribers started reporting international connectivity problems February 15. Web Africa’s Web site confirmed the problems, assuring subscribers they were investigating the problem. According to Web Africa’s call center, they “can’t go into details”, but they said a portion of the SAT3 link from WebAfrica’s upstream providers were affected. The community coordinator for Web Africa, posted the following in the MyBroadband forums: “At this stage we are aware of a portion of our upstream provider’s section of SAT3 is currently down. Unfortunately I don’t have an ETA as yet. We do have SEACOM fail-over, however due to routing issues there are problems in switching this over.” Source:

46. February 15, Radio World – (National) FCC asks for money for direction-finding gear. The Federal Communications Commission (FCC) wants to equip its enforcement agents with better gear. In the budget submitted to Congress by the U.S. President, the FCC asked for $350,000 for portable direction-finding gear. It said that the current equipment used by the enforcement bureau’s field offices to identify and resolve interference, provide limited portable or semi-fixed capability for direction finding. Source:

47. February 15, Softpedia – (International) Hackers create WiFi content spoofing device. A pair of creative hackers have built a device capable of connecting to wireless networks and altering the Web content users access, as part of a project to demonstrate how news can be manipulated. The device mimics a pass-through power socket, making it hard to observe, and has already been tested in cafe shops in Berlin, Germany, where its creators are based. Inside the 12-centimeter long casing is a small circuit board with an Atheros chipset and an antenna. It runs a customized Linux distribution designed for embedded systems. When turned on, the device automatically searches for wireless networks and connects using passwords supplied in advance. A reverse SSH tunnel is established with a remote server, allowing attackers to control the device from a distance. The tunnel uses 2048-bit encryption and is routed over Tor nodes, making it virtually impossible to determine where the attacker is located. The device launches Address Resolution Protocol spoofing attacks to position itself as a gateway between the other wireless clients and the real router. This allows attackers to manipulate content passing through it. Combined with other techniques, especially on open wireless networks, the device can also be used to hijack users’ sessions, read e-mails, and perform other attacks. Source:

48. February 15, Help Net Security – (International) Two BBC sites serving malware via injected iFrame. A piece of malware detected by only 21 percent of the anti-virus solutions used by VirusTotal is currently being pushed onto unsuspecting visitors of the BBC 6 Music and BBC 1Xtra radio station Web sites. The visitor does not have to do anything except land on the Web site to become a victim of a drive-by download attack, since the Web sites have been injected with an iFrame that automatically loads the malicious code from a Web site parked on a co(dot)cc domain. According to Websense experts, the payload is delivered only the first time the user visits the site. “The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. A malicious binary is ultimately delivered to the end user,” they say, and add that the attack is part of a current mass-injection targeting vulnerable Web sites. Source:

Wednesday, February 16, 2011

Complete DHS Daily Report for February 16, 2011

Daily Report

Top Stories

• According to WCBD 2 Charleston, firefighters from three counties and about a dozen departments spent more than 18 hours battling a blaze after an explosion and fire at a fertilizer plant in Hartsville, South Carolina. (See item 3)

3. February 15, WCBD 2 Charleston and Associated Press – (South Carolina) Massive fire burns fertilizer plant in Hartsville. State officials planned to send a second team back to a burning fertilizer plant in Hartsville, South Carolina, the afternoon of February 15, to make a second check of smoke billowing from a fire. A South Carolina Department of Health and Environmental Control spokesman said the fire was still sending up a lot of smoke. Previous testing found no hazardous chemicals in the air. There have been no injuries reported from the fire that started the night of February 14 at the Agrium Rainbow plant. Firefighters from at least three counties and about a dozen departments worked February 15 to cool hot spots of the fire that began after an explosion just before 7 p.m. the night before. The Hartsville Rainbow Operations plant, also known as the Royster-Clark plant, is part of agricultural services conglomerate Agrium and manufactures Rainbow NPK fertilizer, according to the company’s Web site. About 50 people work at the plant, and 7 people were in the plant when the fire started. After the initial fire and explosions, flames quickly spread through surrounding woods, according to reports. The fire brigade from nearby Sonoco Products Co. was put on alert to protect its plant. As of 9:16 p.m., firefighters reported the Sonoco plant was shut down and evacuated with just the fire brigade on site, according to broadcast information. Hazardous materials and fumes from the fire were the prime concern facing city officials. In addition to Hartsville Fire Department personnel, units from Sonoco’s fire brigade, Darlington, Darlington County, Florence, West Florence, Windy Hill, Howe Springs, Lee County, and Alligator Rural fire departments were either fighting the fire or were standing by for additional response within the city. Source:

• The Asheville Citizen-Times reports that the North Carolina Forest Service and several other fire crews fought to contain a 400-acre wildfire that began inside Chimney Rock State Park. (See item 51)

51. February 15, Asheville Citizen-Times – (North Carolina) Wind-whipped fires break out in Asheville area, across Western North Carolina. A wildfire affecting Henderson, Polk and Rutherford counties in North Carolina, was affecting about 400 acres February 15, according to the Henderson County emergency service director. The North Carolina Forest Service (NCFS) called in a Type 2 Incident Management Team consisting of 40-50 members to manage the fire and they expected to utilize 200 to 300 firefighters to control the Judes Gap fire over the next week. “The main concern is the south and east sides of the fire,” a NCFS spokesman said. High winds February 14 caused the brush to jump containment lines and whipped up several fires across the region. The Judes Gap fire started about 3:30 p.m. February 12 inside Chimney Rock State Park in a remote area called the World’s Edge. NCFS and local fire crews from Henderson and Polk counties responded. The fire was originally estimated to be contained at about 300 acres but could spread to 400 or 500 acres. The NCFS spokesman was unsure when the fire would be contained, but said no structures were threatened. Source:|head


Banking and Finance Sector

9. February 14, The New New Internet – (International) New scam targets online sellers. The FBI’s cyber complaint center has released a report warning about a new scam targeting sellers on online marketplace Web sites. According to IC3, the ploy generates fake receipts through an executable file circulating on hacking forums recently, the center said. The generator asks the would-be victim to disclose information about item name, price, and the date the order was taken. As soon as the victim hits “Generate,” an HTML file is created in the program folder. The program makes what appears to be a legitimate marketplace receipt and a copy of the “Printable Order Summary,” similar to documents resulting from legitimate marketplace purchases. Details, such as “Total before tax” and “Sales tax,” make the receipt extra convincing. According to IC3, many sellers on these online markets will ask the buyer to send them a copy of the receipt in the event of missing orders or any other issues that may arise during or after the Web transaction. Source:

10. February 14, WNYW 5 New York – (New York) FBI: Holiday Bandit hits 6th New York City bank. The so-called “Holiday Bandit” struck another bank in New York City, New York, February 13, the FBI announced. The 35-year-old bandit walked into a Capital One branch in Borough Park at 9:43 a.m., gave a teller a note demanding money, and showed off a black handgun, the FBI said. He apparently was not happy with the amount of cash that teller gave him so he moved on to another teller and demanded more money, the FBI said. Then the robber — wearing a black hat, dark sunglasses, a maroon coat, and light blue jeans, brown shoes, and carrying a black messenger bag — took off on foot. He has now robbed at least six banks in New York, the FBI said. Three banks are in Queens, two in Brooklyn, and one on Staten Island. The FBI describes the “Holiday Bandit” as a white male, about 6 feet 5 inches, and approximately 200 pounds. Source:

11. February 14, Wicked Local Brookline – (Massachusetts; Rhode Island) Man wanted for Brookline bank robberies arrested in Rhode Island. A man wanted in connection with four bank robberies in Massachusetts, three in Brookline and one in South Attleboro, was arrested in Rhode Island February 14, following an investigation by law enforcement agencies in two states. The 36-year-old was arrested around 10:30 a.m., at a Providence, Rhode Island hotel after he allegedly robbed the Pawtucket Credit Union in Pawtucket, Rhode Island, according to a statement from the FBI’s Boston Field Office. At first he was charged on a warrant for the Massachusetts robberies; later the U.S. Attorney for Rhode Island charged him with the Pawtucket robbery. The suspect allegedly robbed three banks in Brookline: A Citizens Bank branch January 26, a Sovereign Bank branch February 4 and a Brookline Bank branch on February 7. He allegedly robbed a Citizens Bank in South Attleboro February 10. The arrest was the result of a joint investigation by the Brookline Police Department, the South Attleboro Police Department, the Seekonk Police Department, the Pawtucket Police Department, the Rhode Island State Police Violent Fugitive Task Force, U.S. Marshals Service, and the FBI Violent Crimes Task Force, the FBI said. Source:

12. February 11, KXAS 5 Dallas-Fort Worth – (Texas) FBI: Irving bank officer stole $2.7 million. The FBI arrested a former Irving, Texas banker February 10 and accused her of stealing $2.7 million over 2 years and using the money to buy two large houses in Ellis County and several vehicles. The woman, an officer with the Bank of New York Mellon, allegedly stole $2,719,674 by fraudulently making 40 wire transfers from her bank into her personal account from 2008 to 2010, according to a federal grand jury indictment. The suspect pleaded not guilty and was released on bond after surrendering her passport, court records show. Agents seized several vehicles they claimed the suspect bought with stolen funds, including a 2010 Buick Lucerne, a 2007 Dodge Ram 2500 quad pickup, a 2008 Dodge Durango sport utility vehicle, and a 2002 Freightliner diesel tractor. Prosecutors claim she also bought two homes in Palmer. Her attorney said she lives in one of the homes and family members live in the other. Source:

13. February 11, Federal Bureau of Investigation – (Illinois) Suburban man allegedly swindled $105 million from approximately 400 victims in investment fraud scheme. A suburban Chicago, Illinois man was charged with allegedly engaging in an investment fraud scheme, swindling more than $105 million from approximately 400 victims who invested in funds he purported to operate. Various U.S. Department of Justice officials announced the suspect was charged with eight counts of mail fraud in a criminal indictment filed February 10. The suspect allegedly misused money he raised from investors for his own benefit, and to make Ponzi-type payments to investors. The 51-year-old male, formerly of the U.S. Virgin Islands, currently resides in Barrington, Illinois, and will be arraigned at a later date in U.S. District Court. The indictment alleged the suspect was the principal officer and sole shareholder of Kenzie Financial Management, a U.S. Virgin Islands corporation; the sole manager and member of Kenzie Services, LLC, a corporation located in Charlestown, Nevis, West Indies; the president of Draseena Funds Group, Corp., an Illinois corporation; the manager of DN Management Company, LLC, a Nevada limited liability company, and the manager of Nerium Management Company, an Illinois corporation. According to the charges, through these corporate entities, the defendant controlled 12 investment funds collectively known as “the Kenzie Funds.” The suspect allegedly offered and sold to the public investments in the various Kenzie Funds in the form of membership interests and limited partnership interests. Source:

For another story, see item 39

Information Technology

38. February 15, Help Net Security – (International) Complex Trojans and next generation malware is on the way. While e-mail users may have noticed a significant drop in spam in recent months, cybercriminals are gaining ground with creative new phishing methods and making exploit kits more robust, reveals the Security Labs Report from M86 Security. Findings include: third-party phishing is on the rise; e-mail spam is declining, though far from dead; there have been some notable bot-net take-downs and has closed; and exploit kits with virus scanners are becoming increasingly popular while social network attacks are increasing. Source:

39. February 14, Darkreading – (International) New ‘boy in the browser’ attacks on the rise. A new but familiar type of attack on the rise is a spin-off of the proxy trojan, keylogger, and man-in-the-browser (MITB) attack. The “boy-in-the-browser” (BITB) attack — so named as a less sophisticated form of MITB — may be immature, but it is efficient, easy, and targeting users visiting their banks, retailers, and even Google. “It reroutes a [victim’s] traffic without them being aware ... It’s so effective because it’s quick to modify itself so antivirus can’t detect it. It’s great for a quick-hit attack,” said a senior security strategist with Imperva, which issued a security alert February 14 on this attack technique that its researchers spotted in the wild. BITB is basically a “dumbed-down” MITB where the attacker infects a user with its trojan, either via a drive-by download or by luring the user to click on an infected link on a site. The trojan reconfigures the victim’s “hosts” file and reroutes the victim’s traffic for a specific Web site — say, a bank or an online retailer — and to the attacker’s own server posing as that site. Then the BITB attacker can intercept or modify the transaction. “It’s difficult to detect,” the researcher said, because the victim sees the same URL he or she was requesting. Source:

40. February 14, Agence France-Presse – (International) Spanish police hold Nintendo ‘blackmailer’. Spanish police have arrested a hacker who allegedly stole data on some 4,000 Nintendo users and then tried to blackmail the Japanese videogame developer, they said February 14. Nintendo Spain said the week of February 6 that a hacker had stolen the personal data of some 4,000 customers in Spain, and then threatened to denounce the company for negligence to data protection authorities. Spanish police said in a statement February 14 that when Nintendo did not reply to his demands he leaked information on one of the users in an online forum and threatened to release the rest of the data. Police located the hacker, whose identity was not revealed, and arrested him in the southern province of Malaga, preventing the release of any further data. Source:

41. February 14, Softpedia – (International) Plextor’s website hacked. The U.S. Web site Plextor, a brand of optical disc drives, network storage solutions, portable hard disks, and other devices, has been defaced by a hacker February 13. The hacker, who calls himself “ViciOuS,” replaced the site’s homepage with a message in Turkish. The message appears to contain the words “disaster” and “revenge,” so the attack might be political in nature. The usual “greetz” posted by defacers were present and the hacker seems to be part of a team called “SaBoTaJ.” According to CdrInfo(dot)com, the Web site that spotted the hack, Plextor has been notified and the problem was fixed. Source:

42. February 14, Softpedia – (International) (dot)edu space filled with adult spam. Security researchers from GFI Software warned an increasingly large number of (dot)edu Web sites are being abused to push adult spam because of their poor security and lack of oversight. Searching for adult-oriented terms in the (dot)edu domain space reveals entire pages of results, most of which are on discussion boards. “Most of this seems to have kicked in since around the 4th or 5th of February, and there doesn’t seem to be much in the way of spam control or preventative measures going on right now so please be careful if looking around your university forums, official or otherwise,” a security researcher at GFI said. It is not only forums that have been abused. Among search results users can also find what appear to be compromised Web sites. Most of them are installations of popular content management solutions that have been left unpatched for a long time. The same security holes can be leveraged to create malicious doorway pages that are part of malware distribution and black hat SEO attacks. A similar trend has also been observed for governmental Web sites, which are being abused by spammers and other crybercriminals not just in the United States, but internationally as well. Source:

43. February 14, Softpedia – (International) Anonymous releases more HBGary emails and makes them searchable. Anonymous has taken issue with HBGary’s actions again and publicly released an additional 27,000 e-mails stolen during its hacking of the company’s network and servers. The week of February 6, members of the hacktivist group compromised systems belonging to HBGary and HBGary Federal, two separate, but related companies, after they threatened to expose Anonymous leaders. In response, Anonymous hacked into the company’s servers and stole tens of thousands of confidential e-mails which it subsequently released onto the Internet. The leaked e-mails belonged to the CEO, president, COO, and principal consultant. After the HBGary president went into the group’s online chat and spoke with the hackers, they decided against publishing 27,606 e-mails belonging to the company’s co-founder. However, the group changed its mind after the company published a statement saying it is working with law enforcement to find the criminals who broke into its systems and suggested that Anonymous falsified some of the released data. All of the e-mails were published on a special Web site which has a search feature. The site, which is over 9 GB in size, has already been mirrored several times, making it more resilient to take-down requests. Source:

44. February 14, Darkreading – (International) Long-patched vulnerabilities continue to dominate threat list. According to the new Security Labs Report from M86 Security, the top six most frequently observed vulnerabilities on the Web were all discovered at least 4 years ago, and have all been patched for at least 2 years. Most of the top 15 flaws detected by M86 Security were on Windows or Adobe applications, and most have been around for some time — MS Office Web Components active script execution, for example, has been known since 2002, yet it still ranks second on the most frequently detected list. “Despite the fact that these vulnerabilities were patched years ago, many of them are still targeted today,” the report said. “This is likely a result of their success rates, and it reinforces the importance of updating software applications, from browsers to PDF readers.” The report also lists the top 10 exploit kits, where Eleonore remains the most popular and Phoenix comes in at number 2. Source:

Communications Sector

45. February 14, Lexington Herald-Leader – (Kentucky) Test accidentally took down WLEX cable feed. WLEX, Lexington, Kentucky’s NBC affiliate, was temporarily off Insight Communications’ basic cable lineup for a few hours February 14. The outage happened as the cable operator was testing its ability to receive WLEX’s signal via fiber rather than over the air, an Insight spokesman said. Insight officials said they thought the outage was limited only to subscribers of its basic cable lineup of 22 channels and possibly just in certain geographic areas of Lexington. The signal was restored by 11 a.m. Source:

46. February 14, City of Morganton – (North Carolina) Sun outages could disrupt some cable channels. The general manager of Compas Cable TV, Phone & Internet said all customers will likely experience some brief disruptions on various satellite-delivered cable channels starting February 26 due to a naturally-occurring phenomenon known as “sun outages “As the sun moves north in early spring (and also as it moves to the south in early fall), it passes directly behind the stationary satellites from which we receive our programming, causing interference to the signals we receive,” he said. The interference can be so strong that it disrupts the signal traveling from the stationary satellites to Compas’ receivers. At the beginning of the 2-week cycle, the effects will be minimal, but will gradually worsen until peaking on the seventh day, March 5. “But after March 5, the effects will gradually weaken over the next week as the sun moves away from the satellites,” he said. The disruptions will likely occur for about 2 weeks from Feb. 26 to about March 12 and can last for about 20 to 30 minutes. Different channels will be affected at different times. “Unfortunately, there is nothing we can do to prevent sun outages from occurring,” the general manager said. Source: