Monday, July 16, 2012
Daily Report
Top Stories
• Two Dallas men were indicted July 12 in
connection with a $485 million investment fraud scheme that swindled money from
more than 7,700 investors throughout the country. – Federal Bureau of
Investigation See
item 14 below in the Banking and Finance Sector
• An international commuter tunnel connecting
Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb
threat was phoned in on the Canadian side. – Associated Press; CBS News
17.
July 13, Associated Press; CBS News –
(Michigan; International) Detroit-Windsor Tunnel reopens after bomb threat. An
international commuter tunnel connecting Detroit to Windsor, Ontario, was
closed for nearly 4 hours July 12 after a bomb threat was phoned in on the
Canadian side. No explosives were found, CBS News reported July 13. The Detroit
Windsor Tunnel, a busy border crossing beneath the Detroit River, was shut down
after a duty free shop employee on the tunnel’s Canadian plaza reported
receiving a call about a bomb threat. The tunnel was closed and traffic on both
sides of the river was directed to the nearby Ambassador Bridge, which spans
the river, the tunnel’s executive vice president said. Homeland Security, U.S.
Customs and Border Protection, Detroit police, and other agencies flooded the
plaza and entrance on the tunnel’s U.S. side. The bomb threat also resulted in
heightened security along the Ambassador Bridge, west of downtown Detroit. The
82-year-old tunnel stretches about 1 mile across the Detroit River, which is
one of North America’s busiest trade crossings. Cars and buses make up most of
the traffic. About 4.5 million cars crossed in 2011. After the call came in,
officials at the tunnel followed protocol that is established between the
tunnel operators and local emergency services officials in consultation with
U.S. Customs and Border Protection, tunnel officials said. Source: http://www.cbsnews.com/8301-505245_162-57471753/detroit-windsor-tunnel-reopens-after-bomb-threat/
• A severe drought spreading across the
Midwest has resulted in some of the worst conditions in decades, leaving more
than 1,000 counties in 26 States designated as natural disaster areas,
authorities said. – CNN
25.
July 13, CNN – (National) Drought
stretches across America, threatens crops. A severe drought is spreading
across the Midwest, resulting in some of the worst conditions in decades and
leaving more than 1,000 counties designated as natural disaster areas,
authorities said, CNN reported July 13. Farmers in the region are suffering,
with pastures for livestock and fields of crops becoming increasingly parched
during June, according to the National Climatic Data Center. Many areas in the
southern Midwest are reporting the poorest conditions for June since 1988. As
of July 10, about 61 percent of the contiguous United States (excluding Alaska,
Hawaii, and Puerto Rico) was experiencing drought, the highest percentage in
the 12-year record of the U.S. Drought Monitor. Unusually high temperatures and
little rainfall have led to “widespread deterioration and expansion of dryness
and drought” in the Midwest, northwestern Ohio Valley, and southern Great
Plains, the drought monitor said. That has left 1,016 counties in 26 States
termed as natural disaster areas, the U.S. Department of Agriculture said the
week of July 9. A county is generally qualified as a natural disaster area if
it has suffered severe drought for 8 consecutive weeks. The past 12 months have
been the warmest the United States has experienced since records began in 1895,
the climatic data center said. Source: http://www.cnn.com/2012/07/13/us/midwest-drought/index.html?hpt=hp_t1
• Thousands of patients of two Denver-area
practices were advised to get tested July 12 after a licensed dentist and
practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or
hepatitis C over a period of 11 years. – KUSA 9 Denver
30.
July 13, KUSA 9 Denver – (Colorado) Denver
area oral surgeon may have exposed patients to HIV. Patients of two Denver
area practices were advised to get tested July 12 after a licensed dentist and
practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or
hepatitis C. The Colorado Department of Public Health and Environment has sent
out more than 8,000 letters to patients and former patients of an oral surgeon
in Highlands Ranch and Denver. However, the department believes there are more
patients that have been impacted. An investigation began after a report of
unsafe injection practices. During the investigation, the health department determined
syringes and needles used to inject medications through patients’ IV lines were
saved and reused. The health department advised anyone who was a patient of the
oral surgeon in Highlands Ranch and Denver to be tested if they received
intravenous medications including sedation from September 1999 through June
2011. Officials said patients may be at risk if they were seen by the surgeon
at the following locations: September 1999 to June 2011 - Stein Oral and Facial
Surgery, 8671 S. Quebec St., #230, Highlands Ranch, CO 80130; August 2010 to
June 2011 at Stein Oral and Facial Surgery (New Image Dental Implant Center),
3737 E.1st Ave., Suite B, Denver, CO 80206. Source: http://www.9news.com/news/local/article/277306/222/Denver-area-dentist-may-have-exposed-patients-to-HIV
Details
Banking and Finance Sector
10. July 13,
Softpedia – (International) FBI arrests 3 more individuals accused of
carding crimes. As a continuation of an operation where authorities
apprehended 24 individuals suspected of being involved in payment card
information trafficking in June, the FBI announced the arrests of three more
suspects, bringing the number of defendants to 27, Softpedia reported July 13.
One known as HellsAngel was arrested July 11 in Mumbai, India. Another that
went by the username Swat Runs Train, and another called xTGxKAKAROT, were
taken into custody in Canada and Colorado, respectively. Swat Runs Train was
suspected of selling complete credit card details, including names, addresses,
Social Security numbers, birth dates, and bank account information. The one
known as HellsAngel was also believed to have offered the same type of data. He
also sold remote desktop protocol (RDP) access data that could be utilized to
breach computers. xTGxKAKAROT possessed around 170,000 credential sets,
comprised of usernames and passwords, which could be used to access online
accounts. He also made money by selling electronic devices he obtained as a result
of his carding activities. Source: http://news.softpedia.com/news/FBI-Arrests-3-More-Individuals-Accused-of-Carding-Crimes-281157.shtml
11. July 13,
Softpedia – (California; Washington) Rapper ‘Guerilla Black’ arrested for
buying and using stolen payment card details. A rap artist known as
Guerilla Black was detained at his home in Los Angeles on suspicion of
purchasing and using at least 27,257 stolen credit card numbers obtained by
hackers from 2 restaurants from the Seattle area, Softpedia reported July 13.
The two hackers were previously arrested and indicted. While the total losses
were not yet known, the amount may be large, especially since only 137 of the
cards were used to make purchases worth $150,000. The rapper was charged with
accessing a protected computer without authorization to further fraud, access
device fraud, bank fraud, aggravated identity theft, and conspiracy to commit
access device fraud and to commit bank fraud. He was also accused of conspiracy
to access protected computers to further fraud. Source: http://news.softpedia.com/news/Rapper-Guerilla-Black-Arrested-for-Buying-and-Using-Stolen-Payment-Card-Details-281192.shtml
12. July 12,
WLS 7 Chicago – (Illinois) ‘Wicker Park Bandit’ pleads guilty to bank
robberies. The man authorities call ‘The Wicker Park Bandit’ pleaded guilty
to three bank robberies July 12 in Chicago. The man was arrested in February.
At the time, the FBI said he was a suspect in as many as 10 bank robberies in
and around Chicago’s Wicker Park neighborhood. Source: http://abclocal.go.com/wls/story?section=news/local&id=8734402
13. July 12,
Bloomberg News – (Virginia) Bank of Commonwealth ex-CEO, officials charged
with fraud. The former chief executive officer (CEO) of Norfolk, Virginia’s
Bank of the Commonwealth was among six people indicted for an alleged fraud
conspiracy involving a coverup of the bank’s financial condition from 2008 to
2011, Bloomberg News reported July 12. The former CEO who ran the bank for more
than 3 decades was charged in a 25-count indictment. Three other former bank
executives and two borrowers were also charged. The executives concealed
shortfalls by overdrawing demand-deposit accounts to make loan payments and
extending new loans or additional principal on existing loans to cover payment
deficiencies, the indictment charged. Prosecutors are seeking $71 million in
criminal forfeiture. From 2008 until it closed in 2011, the bank lost almost
$115 million. The bank’s failure will cost the United States, through the
Federal Deposit Insurance Corporation, more than $260 million. Source: http://www.businessweek.com/news/2012-07-12/bank-of-commonwealth-ex-ceo-officials-charged-with-fraud
14. July 12,
Federal Bureau of Investigation – (National) Dallas men
indicted in $485M investment fraud scheme. Two Dallas men were indicted
July 12 in connection with a $485 million investment fraud scheme that involved
investors throughout the country. The two men were charged with one count of
conspiracy to commit mail fraud, and 10 counts of mail fraud. According to the
indictment, the men, on behalf of Provident Royalties LLC, conspired with
others to defraud investors in an oil and gas scheme that involved more than
$485 million and 7,700 investors. Specifically, beginning in approximately
September 2006, the two men and other individuals made materially false
representations and failed to disclose material facts to their investors to
induce them into providing payments to Provident. These included false
representations that the funds invested would only be used for the project the
funds were raised for, that one of Provident’s founders had previously been
charged with securities fraud violations by the State of Michigan, and that
funds from later investors were used to pay earlier ones. Source: http://www.loansafe.org/dallas-men-indicted-in-485m-investment-fraud-scheme
15. July 12,
Associated Press – (New Mexico) Auditor says New Mexico Finance Authority issued
fake audit for 2011. The New Mexico Finance Authority (NMFA), which makes
billions of dollars in loans for public projects, faked its annual audit that
was sent to creditors and investors for 2011, the State auditor said July 12.
The State Auditor said he discovered the fake audit after the NMFA failed to
submit its annual review as required by law. He said a fraudulent audit report
had been produced for investors and creditors, but the firm that supposedly
created that document confirmed it was not their work. The CEO of the NMFA
called the matter “deeply concerning” but insisted it would have no effect on
NMFA’s ability to meet its financial obligations. He blamed the authority’s
former controller, who left in June, and said the NMFA took steps to rectify
the issues as quickly as possible. He said that the NMFA alerted ratings
agencies, investors, public officials, and law enforcement authorities. Source:
http://www.therepublic.com/view/story/ff2882b265e14c1b8f18109fbd54f746/NM--Faked-Audit
16. July 12,
IDG News Service – (International) Artema Hybrid point-of-sale devices can be
hacked remotely, researchers say. Artema Hybrid, a point-of-sale terminal
manufactured by VeriFone Systems, is vulnerable to attacks that could allow
cyber criminals to steal payment card data and PIN numbers or alter
transactions, said security researchers from security research firm Security
Research Labs (SRLabs). The software running on the device — commonly referred
to as the firmware — contains buffer overflow vulnerabilities in the network
stack — the set of libraries that handle network communications, the founder
and chief scientist of SRLabs, said July 12. An attacker could exploit these
vulnerabilities to execute arbitrary code on the device. Source: http://www.csoonline.com/article/710833/artema-hybrid-point-of-sale-devices-can-be-hacked-remotely-researchers-say
Information Technology Sector
39. July 13,
H Security – (International) Yahoo! confirms data breach. Yahoo!
confirmed approximately 450,000 e-mail addresses and passwords from its log-in
system were leaked on the Internet. The breach was publicized after a security
expert posted about it on Twitter and was initially believed only to concern
the Yahoo! Voice service. According to Yahoo!, an “old file” from the Yahoo!
Contributor Network content sharing platform was compromised and is the source
of the log-in data. The company said only around 5 percent of the leaked
450,000 e-mail address and password combinations have valid passwords. Yahoo!
stated it is working on fixing the vulnerability and will change the passwords
of affected users as well as notify other companies whose user accounts were
affected by the breach. In addition to the 140,000 Yahoo! e-mail addresses,
there were over 100,000 Gmail addresses and many from Hotmail and other
services. Source: http://www.h-online.com/security/news/item/Yahoo-confirms-data-breach-1640148.html
40. July 13,
H Security – (International) Symantec Endpoint Protection causing crashes.
A signature update to Symantec’s Endpoint Protection software led to
crashes of Windows XP. The problems with Endpoint Protection, a security
package mainly used in the corporate environment, became noticeable by the
frequent complaints from users and administrators to the company’s support team
and in Symantec’s forums. According to an information page, although Symantec
reproduced the problem, it is yet to identify the underlying cause. It has now,
though, produced updated signatures to work around the problem. Source: http://www.h-online.com/security/news/item/Symantec-Endpoint-Protection-causing-crashes-1641046.html
41. July 13,
V3.co.uk – (International) Nvidia Developer Zone stung by password
pilfering hackers. Nvidia suspended its developer forum following a
suspected data breach that may have compromised user passwords. The service was
taken offline July 12, with Nvidia posting a statement saying it is
investigating the matter. The company indicated the attack targeted user password
information. Nvidia warned users about potential phishing scams using the
information, urging forum members to remain wary of suspicious e-mails. Source:
http://www.v3.co.uk/v3-uk/news/2191413/nvidia-developer-zone-stung-by-password-pilfering-hackers
42. July 13,
V3.co.uk – (International) Cisco warns users of TelePresence security
holes. Cisco advised customers to update their TelePresence system software
and appliances following the release of a series of security fixes. The company
issued four software updates designed to address vulnerabilities in various
components of the videoconferencing platform. According to Cisco’s advisories,
the vulnerable components include the TelePresence Manager, Recording Server,
Multipoint Switch, and the TelePresence Immersive Endpoint System. If targeted,
the components could be exploited for remote code execution operations. Source:
http://www.v3.co.uk/v3-uk/news/2191356/cisco-warns-users-of-telepresence-security-holes
43. July 12,
IDG News Service – (International) Oracle to release 88 security fixes. Oracle
will deliver 88 security fixes July 17 for a wide range of its products,
according to a pre-release announcement posted to its Web site July 12. A
number of the bugs affect more than one product, and customers are advised to
apply the patches as soon as possible, Oracle said. Four fixes are for Oracle’s
database. Three of the database vulnerabilities involved can be exploited by an
attacker over a network without the need for log-in credentials, according to the
notice. Oracle is also set to release 22 patches for its Fusion Middleware
family, 8 of which can be remotely exploited without a username or password,
Oracle said. The company uses the Common Vulnerability Scoring System (CVSS) to
rank the seriousness of its patches. One of the fixes, for the Fusion
Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale.
Another 25 fixes cover weaknesses in Oracle’s Sun product family, including the
GlassFish application server and Solaris OS. The patch batch will also deliver
six fixes for the MySQL database. None of the weaknesses involved can be
exploited remotely without credentials, Oracle said. Other patches in the
release include ones for Hyperion, Enterprise Manager Grid Control, E-Business
Suite, Siebel CRM, PeopleSoft, and Oracle Industry Applications. Source: http://www.computerworld.com/s/article/9229081/Oracle_to_release_88_security_fixes
44. July 12,
Threatpost – (International) AndroidForums.com hacked, user credentials
stolen. An online forum for Android fans and developers was compromised and
user account details stolen, according to a notice posted online July 10.
Phandroid.com, which operates Androidforums.com, told users that hackers
breached a back end database that powers Androidforums.com, an online bulletin
board for Android users and developers. The data contained in that database
includes androidforums usernames, email addresses, hashed passwords, the IP
addresses members registered with, and forum group memberships, among other
data. Phandroid.com believes the attack was aimed at gathering e-mail addresses
for spam runs. Source: http://threatpost.com/en_us/blogs/androidforumscom-hacked-user-credentials-stolen-071212
45. July 12,
ZDNet – (International) Microsoft patches Windows Live identity theft
flaw. Two security researchers recently discovered a serious vulnerability
in Microsoft’s Windows Live service. The cross-site scripting (XSS) flaw means
an attacker could impersonate a Windows Live user by gaining full control of
the victim’s cookies. Combined with social engineering, this technique could be
used to steal a victim’s Windows Live identity. Source: http://www.zdnet.com/microsoft-patches-windows-live-identity-theft-flaw-7000000832/
For more stories, see items 10 and 11 above in
the Banking and Finance Sector
Communications Sector
See
items 39, and 45 above in the Information
Technogy Sector
No comments:
Post a Comment