Wednesday, July 25, 2012
Daily Report
Top Stories
• Insufficient oxygen supply caused some F-22
fighter pilots to get dizzy and disoriented when flying the plane, the Pentagon
said July 24. The announcement signaled restrictions that limited F-22 flights
for about a year would gradually be lifted. – Reuters
11.
July 24, Reuters – (National) Pentagon
concludes oxygen supply behind F-22 breathing problems. Insufficient oxygen
supply caused some F-22 fighter pilots to get dizzy and disoriented when flying
the plane, the Pentagon said July 24, signaling at the conclusion of a U.S. Air
Force study that restrictions placed on F-22 flights would gradually be lifted.
A Pentagon spokesman said an Air Force analysis concluded symptoms of oxygen
deprivation among some pilots of the F-22, built by Lockheed Martin Corp., were
caused by problems with the oxygen supply delivered to pilots, not oxygen
contamination. To fix those problems, the Air Force will replace a valve in
flight suits that restricted breathing at high altitude and increased the
oxygen supply to pilots by removing an air filter. The Air Force stopped flying
the F-22 completely for 5 months in 2011. It resumed flights in September, but
restrictions remained on some high-altitude and long-haul flights. Concern
about the aircraft flared again in 2012 after two F-22 pilots told reporters
they stopped flying the jet due to safety concerns. The Pentagon spokesman said
the Air Force would also complete other steps designed to make the planes
safer, including installation of a back-up oxygen system. He said altitude
restrictions for F-22s could be lifted as early as the fall after a revamped
high-altitude garment is tested and other improvements and studies completed.
He said the Pentagon would send a squadron of F-22s to a U.S. air base in
Japan, after which officials would recommend resuming most long-haul flights by
the fighter. Source: http://www.reuters.com/article/2012/07/24/us-usa-planes-oxygen-idUSBRE86N19520120724
• Skimmers could use a new, difficult-to-spot
technology that uses a wafer-thin card reading device inserted directly into
the card acceptance slot, according to two recent reports by the European ATM
Security Team. – Krebs on Security See item 13
below in the Banking and Finance Sector
• Miami-Dade County, Florida’s three main
water and sewer treatment plants and 7,700 miles of pipelines are so outdated
it would take an initial installment of more than $1.1 billion just to replace
the “most deteriorated vulnerable sections” of the system, a new study found. –
Miami Herald
27.
July 24, Miami Herald – (Florida) Repair
bill over $1 billion to fix crumbling sewage system, Miami-Dade report says. Miami-Dade
County, Florida’s three main water and sewer treatment plants and 7,700 miles
of pipelines are so outdated it would take an initial installment of more than
$1.1 billion just to replace the “most deteriorated vulnerable sections” of the
system, a 5-month internal study by the water & sewer department showed.
According to the Miami Herald July 24, the study found that so much corrosion
has occurred that initial repairs could take 3 to 8 years. Miami is the 10th
largest utility in the nation. The release of the report comes 5 months after a
commissioner demanded it and 2 months after federal regulators swarmed Miami
demanding repairs and upgrades. Authorities from the U.S. Environmental
Protection Agency, the Department of Justice, and the Florida Department of
Environmental Protection are expected to spend up to 4 months discussing how to
fix and pay for a system its director said is “being held together by chewing
gum.” The study shows the majority of the initial fixes — about $736 million
worth of immediate work — is needed for the sewer lines. The aging system is in
such disrepair it has ruptured at least 65 times over the past 2 years,
spilling more than 47 million gallons of untreated human waste into waterways
and streets. Without being specific, the report says some grants should be
available but concedes much of the work will likely be paid for through revenue
bonds and rate hikes. Source: http://www.miamiherald.com/2012/07/24/2909494/repair-bill-over-1-billion-to.html
• At least 60 people were hospitalized after
they were sickened after eating at a Denver homeless shelter July 22. Officials
were trying to pinpoint the source of the outbreak. – Food Safety News
55.
July 23, Food Safety News – (Colorado)
60 hospitalized in Denver after eating charity dinner. At least 60
people were hospitalized after eating at a Denver homeless shelter July 22.
Less than an hour after eating a turkey dinner served at the Denver Rescue
Mission, dozens of meal recipients began to vomit and became dehydrated from
fluid loss. Emergency responders were called to Denver Rescue Mission’s
Lawrence Street Shelter — where the meal was served — and to the Samaritan
House across the street where some people who had eaten the meal were staying.
A total of 54 people from the Lawrence Street Shelter and 6 from the Samaritan
House were taken to the hospital, said a Denver Rescue Mission representative.
Many of those who ate the meal were not staying at either shelter, meaning
other homeless individuals in the Denver area may also be sick. The exact
source of the food poisoning remained unclear, said health officials. While
turkey was the main course, mashed potatoes and vegetables were also served and
have not been ruled out as possible contamination sources. Denver Rescue
Mission said it is possible the food that made people ill was given to the
shelter as a donation. Source: http://www.foodsafetynews.com/2012/07/60-hospitalized-in-denver-after-eating-charity-dinner/
Details
Banking and Finance Sector
12. July 24,
Techworld.com – (International) Japanese Finance Ministry uncovers major
trojan attack. Japan’s Finance Ministry uncovered evidence of a major
trojan cyber-attack on its computer systems that lay undetected for almost 2
years, Techworld.com reported July 24. Ministry officials admitted that the unspecified
trojan, which was not detected by the organization’s security systems, was
probably free to steal confidential data from January 2010 to November 2011,
after which the attack suddenly stopped. A total of 123 computers inside the
Ministry were infected out of around 2,000 so far checked, which prompted the
organization to change hard disks on the affected machines. The latest attack
bears the hallmark of a large number that have afflicted Japanese government
departments in the last year, seemingly only discovered after the damage was
done. Source: http://www.computerworld.com/s/article/9229534/Japanese_Finance_Ministry_uncovers_major_Trojan_attack?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=Goog
13. July 24,
Krebs on Security – (International) ATM skimmers get wafer thin. Among the
latest and most difficult-to-spot skimmer innovations is a wafer-thin card
reading device that can be inserted directly into the ATM’s card acceptance
slot, Krebs on Security reported July 24. The new devices were discussed in two
recent reports from the European ATM Security Team (EAST). In both reports,
EAST said one unnamed country alerted them about these new kinds of devices.
They record data stored on the magnetic stripe on the back of the card as it is
slid into a compromised ATM. The insert skimmers require some secondary
component to record customers entering their PINs, such as a PIN pad overlay or
hidden camera. Source: http://krebsonsecurity.com/2012/07/atm-skimmers-get-wafer-thin/
14. July 23,
Reuters – (International) Ex-Anglo Irish finance director charged in
fraud probe. Two former top executives at Anglo Irish Bank were the first
to be charged July 23 in a long-running fraud investigation into the failed
lender synonymous with Ireland’s financial meltdown. The bank’s former finance
director was charged on 16 counts, chiefly over his role in loans allegedly
given to a group of 10 wealthy clients to buy shares in the bank. The former
managing director for Ireland faced the same charges. Ireland’s Office of the
Director of Corporate Enforcement and police have been investigating the
actions of the bank for more than 3 years, including the loans given to the
group, as well as whether deposits were used to mask large withdrawals. Anglo
Irish Bank, recently renamed the Irish Banking Resolution Corporation, is
slowly being wound down after years of reckless lending left the state with a
30 billion euro bill. Source: http://www.reuters.com/article/2012/07/23/us-angloirish-idUSBRE86M0TW20120723
15. July 23,
Supermarket News – (New York; Connecticut; New Jersey) Feds charge NYC store
owners in fraud scheme. Federal authorities brought tax fraud charges
against the owners of six gourmet food stores based in New York City, saying
the operators of Zeytuna, The Amish Market, and Zeytinia Markets failed to
report more than $56 million in gross receipts during the years 2004 through
2009, Supermarket News reported July 23. According to an indictment, two men
who together owned a 50 percent or greater stake in stores in New Jersey,
Connecticut, and New York diverted cash from the books of the stores to pay
business expenses, including payrolls, in cash. The owners also skimmed money
for their personal use, according to the indictment. Source: http://supermarketnews.com/retail-amp-financial/feds-charge-nyc-store-owners-fraud-scheme
16. July 23,
Accounting Today – (National) Audit confirmations helped unmask Peregrine fraud.
Electronic confirmation service Confirmation.com said its system helped
uncover a more than $200 million fraud perpetrated by Peregrine Financial
Group’s PFGBest unit, Accounting Today reported July 23. Peregrine’s Chief
Executive Officer (CEO) was charged earlier in July with lying to federal
regulators. In a note left behind in a failed suicide attempt, the CEO admitted
to using false bank statements to embezzle millions from customer accounts. He
had resisted using an electronic confirmation service to verify his firm’s
statements, but was ultimately forced to allow access under pressure from the
firm’s regulator, the National Futures Association, which wanted to use the
online system to verify accounts at his and other firms. The day after he allowed
the electronic confirmation system to be used at his firm, he was discovered
unconscious in his car. The founder and chief marketing officer of
Confirmation.com said in a statement the CEO “resisted using our service for
months, presumably because he knew that as soon as electronic confirmation went
into effect, he would be exposed.” Source: http://www.accountingtoday.com/news/audit-confirmations-peregrine-fraud-63382-1.html
For
another story, see item 46 below in the Information
Technology Sector
Information Technology Sector
40. July 24,
V3.co.uk – (International) Grum botnet briefly returns from the dead. The
creators of the Grum botnet managed to briefly bring the spam network back from
the dead before it was once again shut down. Security vendor FireEye reported
the attempt to get the botnet back online took place July 23. “Over the weekend
we found that the Ukrainian internet service provider (ISP) SteepHost removed
the null route on three [command and control servers] that were taken down last
week,” a FireEye researcher said. “We immediately noticed this change and
contacted SteepHost once again. After hours of negotiations, they eventually
shut down these CnCs once more.” Source: http://www.v3.co.uk/v3-uk/news/2193786/grum-botnet-briefly-returns-from-the-dead
41. July 24,
Technology Review – (International) The latest threat: A virus made just for you.
The Flashback computer virus gained notoriety earlier in 2012 as the first
malware to make headway against Apple’s relatively untouched operating system,
Mac OS X, infecting 600,000 victims’ machines at the peak of the outbreak.
However, computer scientists and security professionals were more worried about
another aspect of the malware. The authors of Flashback used a technique that
Hollywood often employs to prevent movie and music files from being copied —
they added functions that bound the virus to each infected system. The use of
that technique prevented security companies from running the virus in their
labs. New research shows that a refinement to the technique could make
automated analysis of malware nearly impossible. Source: http://www.technologyreview.com/news/428557/the-latest-threat-a-virus-made-just-for-you/
42. July 24,
New Hampshire Union Leader – (New Hampshire) Acid spill forces
evacuation of homes in Laconia. Approximately a dozen homes near ABC
Fabricators in the downtown area of Laconia, New Hampshire, were evacuated July
24 after an acid spill. About 250 gallons of nitric acid were believed to have
spilled at the factory. Since 1979, ABC Fabricators has been specializing in
the manufacture of electronic circuit boards, according to online information
about the company. Source: http://www.unionleader.com/article/20120724/NEWS07/707249917
43. July 23,
The Register – (International) Skype: Nearly half of adults don’t install
software updates. A new survey commissioned by Skype reveals that 40
percent of adults do not always update their software when prompted to do so,
and that 25 percent skip software updates because they think they offer no real
benefit. The survey was offered on Skype’s behalf to 350,000 individuals in the
United States, United Kingdom, and Germany by Internet pollster YouGov. A quarter
of the adults surveyed said they did not understand the benefits of software
updates or what they were supposed to do. About the same number said they did
not know how to check for updates, and another quarter said they would need to
be prompted to upgrade their software at least twice before they would do it.
The respondents gave various reasons for shying away from updates. Some said
they expected new versions of software would have “lots of bugs” or would crash
too often, while others said they thought the updates would slow down their
computers. More than a quarter of respondents said the process of updating
their software just takes too long. Forty-five percent of survey participants
said they did not upgrade their software because they worry about the security
of their computers. Source: http://www.theregister.co.uk/2012/07/23/skype_software_update_survey/
44. July 23,
Reuters – (International) Web-connected industrial controls stoke
security fears. Until several days ago, anyone who researched the security
of industrial control systems could have accessed the Web site of a Kansas
agricultural concern and turned off all its windmills. The owner left the
system connected to the open Internet without any password protections, despite
warnings from Canadian manufacturer Endurance Wind Power. A cyber researcher
found the vulnerability along with thousands of other exposed industrial
controls, many of them in critical facilities. The research that found the
lapse came from one of two new studies on the security of industrial controls
that were provided to Reuters in advance of their public release at the Black
Hat security conference being held the week of July 23 in Las Vegas. The
research buttress concerns that critical national infrastructure in the West is
more vulnerable to hacking attacks now than 2 years ago, despite its status as
a top cybersecurity priority for the White House, and other parts of the
federal government. Source: http://www.reuters.com/article/2012/07/23/us-blackhat-industrialcontrols-idUSBRE86M14R20120723
45. July 23,
Forbes – (International) Eight million email addresses and passwords
spilled from gaming site Gamigo months after hacker breach. Four months
after the gaming site Gamigo warned users about a hacker intrusion that accessed
some portions of its users’ credentials, more than 8 million usernames, emails,
and encrypted passwords from the site were published on the Web, according to
the data breach alert service PwnedList. The half-gigabyte collection of stolen
user data was posted to the password-cracking forum Inside Pro earlier in July,
where it remained online until the week of July 16. Though the passwords were
not initially posted in a readable form, they may still be compromised. Source:
http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/
46. July 23,
ZDNet – (International) Hacker on Apple’s iOS in-app purchase fix:
‘Game is over’. During the week of July 9 a Russian developer hacked Apple’s
In-App Purchase program for all devices running iOS 3.0 or later, allowing
iPhone, iPad, and iPod touch users to circumvent the payment process and
essentially steal in-app content. Apple confirmed the workaround and the week
of July 16 announced a temporary fix and that it would patch the holes with the
release of iOS 6. July 23, the developer declared Apple’s solution indeed stops
his hack. In the meantime, he said the “service will still remain operational
until iOS 6 comes out.” Furthermore, the researcher was still working on the
Mac in-app purchase hack he disclosed the week of July 16. Source: http://www.zdnet.com/hacker-on-apples-ios-in-app-purchase-fix-game-is-over-7000001409/
47. July 23,
Dark Reading – (International) Using chip malfunction to leak private keys. Many
financial institutions and other security-conscious organizations rely on RSA
authentication to not only authenticate users are who they say they are, but
also the other way around — to assure users they are interacting with their
vendor’s Web site rather than a spoof. Fundamental to this encrypted method of
assurance is that the RSA private key held by the secured organization always
remains a secret. The week of July 23 at the Black Hat security conference, a
researcher from University of Michigan will show how small electrical
malfunctions in server processor chips can make it possible for attackers to
secretly glean the contents of an entire private key. Source: http://www.darkreading.com/identity-and-access-management/167901114/security/news/240004213/
For more stories, see items 12, 13, and 16 above in
the Banking and Finance Sector
Communications Sector
48.
July 23, Jefferson Post – (North Carolina)
SkyLine corrects Internet service outages. Internet outages plagued much
of Ashe and Alleghany counties in North Carolina July 19, according to
information released by local Internet service provider SkyLine Membership
Corporation. Service was restored to those areas impacted by the outage later
that day, with only limited intermittent Internet issues remaining in parts of
Ashe and Alleghany counties, read a press release issued July 20, by a SkyLine
public relations administrator. According to SkyLine, network equipments issues
were to blame for the service interruptions and outages, which created a
“cascading instability in other parts of the network,” which disrupted
Internet, TV, and some voice services across the five-county SkyLine/SkyBest
service area, though the public relations administrator said the majority of
the company’s customers were not impacted. Source: http://www.jeffersonpost.com/view/full_story/19540360/article-SkyLine-corrects-Internet-service-outages
For
another story, see item 46 above in the Information Technology
Sector
No comments:
Post a Comment