Tuesday, August 7, 2012
Daily Report
Top Stories
• Federal transportation officials said two security
breaches occurred at Newark Liberty International Airport in New Jersey, August
5. One led to a 3-hour shutdown of a terminal security checkpoint as
authorities tried to find a passenger who was not fully screened before
boarding a flight. – WNYW 5 New York
13.
August 6, WNYW 5 New York – (New
Jersey) Security breaches at Newark Airport. Transportation Security
Administration (TSA) officials said United Airlines checkpoint operations at
Terminal C at Newark Liberty International Airport in New Jersey were shut down
August 5 after the TSA and local authorities tried to find a passenger that was
not fully screened. The Terminal C shutdown threw vacation plans and flight
connections into chaos. Law enforcement sources told WNYW 5 New York there was
not just one close call — there were two, and both involved potential bomb
making materials. The TSA said a woman who set off an alarm managed to get past
a screening point and onto a flight to Cleveland without being checked for what
caused the alarm. The TSA said it notified the Port Authority of New York and
New Jersey police (Port Authority) after the incident. The Port Authority said
every passenger had to be re-screened. United Airlines said after the 3-hour
shutdown, flights resumed and they were able to accommodate most passengers.
Source: http://www.myfoxny.com/story/19199785/security-breach-at-newark-airport
• Tens of thousands of fish have died in the Midwest as the
hot summer dries up rivers and causes water temperatures to spike to nearly 100
degrees. – Associated Press
21.
August 5, Associated Press –
(National) Thousands of fish die as Midwest streams heat up. Thousands
of fish have died in the Midwest as the hot, dry summer dries up rivers and
causes water temperatures to climb in some spots to nearly 100 degrees, the
Associated Press reported August 5. About 40,000 shovelnose sturgeon were
killed in Iowa the week of July 30 as water temperatures reached 97 degrees.
Nebraska fishery officials said they have seen thousands of dead sturgeon,
catfish, carp, and other species in the Lower Platte River, including the
endangered pallid sturgeon. And biologists in Illinois said the hot weather has
killed tens of thousands of large- and smallmouth bass and channel catfish, and
is threatening the population of the greater redhorse fish, a State-endangered
species. So many fish died in one Illinois lake that the carcasses clogged an
intake screen near a power plant, lowering water levels to the point that the
station had to shut down one of its generators. The fish are victims of one of
the driest and warmest summers in history. The federal U.S. Drought Monitor
shows nearly two-thirds of the lower 48 States are experiencing some form of
drought, and the Department of Agriculture has declared more than half of the
nation’s counties — nearly 1,600 in 32 States — as natural disaster areas. Iowa
Department of Natural Resource officials said the sturgeon found dead in the
Des Moines River were worth nearly $10 million, a high value based in part on
their highly sought eggs, which are used for caviar. Source: http://www.pekintimes.com/newsnow/x1253627187/Thousands-of-fish-die-as-Midwest-streams-heat-up
• Federal health officials reported an uptick in cases of a
new strain of swine flu in humans. – CNN
31.
August 4, CNN – (National) CDC:
Increase seen in new swine flu strain. Health officials reported an uptick
in cases of a new strain of swine flu in humans. The latest flu report
published August 3 by the Centers for Disease Control and Prevention (CDC)
stated 16 people have been infected with a new strain of an influenza A (H3N2)
swine flu virus in the past 3 weeks, including 12 the week of July 23. Among
those 12 newest cases, the CDC said 10 people were infected in Ohio; Indiana
and Hawaii have reported one case each as well. So far 29 people have been
infected with this new H3N2 strain. Nobody was hospitalized this year, and only
three of the 12 cases in 2011 required hospitalization. Nobody has died from
this new flu. Everyone diagnosed with the new strain in 2012 reported having
contact with pigs. Most of the cases from 2011 also reported contact with pigs
— often at county or State fairs. H3N2 flu viruses are common among pigs. They
are a subgroup of influenza A viruses and are known to adapt in humans. What
makes this new version of the H3N2 flu virus different is that it has picked up
a gene from the novel H1N1 flu virus that became a pandemic 3 years ago.
Source: http://edition.cnn.com/2012/08/03/health/swine-flu-cases/index.html
• A former U.S. Army veteran opened fire at a Sikh temple
in Oak Creek, Wisconsin, killing six members, and critically wounding two other
members and a police officer, before being killed by police. – Associated
Press
47.
August 6, Associated Press –
(Wisconsin) Officials: Suspect in Sikh temple shooting led white supremacist
bands. The man accused of opening fire at a Sikh temple in Oak Creek,
Wisconsin, was a less-than-honorably discharged U.S. Army veteran who may have
been a white supremacist, said officials August 6. The suspect was shot and
killed by police August 5 after police said he killed six members of the
temple’s congregation and seriously injured two others, as well as a police
officer. During his 6 years in the Army, he was stationed in Texas and North
Carolina in the psychological operations unit. Witnesses said the gunman fired
at people in the parking lot, then moved into the temple. The suspect shot the
first officer to respond eight or nine times at close range with a handgun. A
second officer exchanged fire with the gunman, ultimately bringing him down.
The injured congregants and police officer were in critical condition August 6.
Source: http://www.kktv.com/home/headlines/Police-dispatcher-Shooting-at-Sikh-temple-in--165064206.html
• Several wildfires raging throughout Oklahoma destroyed
dozens of homes and other buildings, and forced hundreds of evacuations August
5. – Associated Press
56. August
6, Associated Press – (Oklahoma) Oklahoma fires burn dozens of homes. Several
wildfires raging throughout parched Oklahoma prompted more evacuations August 5
as emergency workers sought to shelter those forced out by flames that destroyed
dozens of homes and threatened others in the drought-stricken region. One fire
near Luther, about 25 miles northeast of Oklahoma City, destroyed nearly five
dozen homes and other buildings before firefighters gained some control August
4. Authorities said several State roads remained closed August 5 because of
drifting smoke or nearby fires. A communications supervisor with the Oklahoma
State Highway Patrol said evacuations continued through August 6. The Luther
fire was one of at least 10 burning August 4 in Oklahoma. The fires include a
large one in Creek County that officials said claimed about 78 square miles,
and another about 35 miles to the west in Payne County. Emergency management
officials ordered residents of Mannford, in Creek County; Glencoe, in Payne
County; Drumright, in Lincoln County; Oak Grove, in Pawnee County; and Quinton,
in Pittsburg County, to leave their homes, according to an Oklahoma Department
of Emergency Management spokeswoman. Authorities suspect the fire near Luther may
have been intentionally set. The Oklahoma County sheriff’s department said it
was looking for someone in a black pickup truck seen throwing newspapers out a
window after setting them ablaze. A spokeswoman for the Red Cross reported
about 50 people sought refuge at a shelter. Source: http://www.claimsjournal.com/news/southcentral/2012/08/06/211406.htm
Details
Banking and Finance Sector
8. August
6, Reuters – (International) Standard Chartered left U.S. vulnerable to
terrorists. A rogue Standard Chartered Plc banking unit violated U.S.
anti-money laundering laws by scheming with Iran to hide more than $250 billion
of transactions, and may lose its license to operate in New York State, a State
banking regulator said August 6. The superintendent of the State’s department
of financial services said Standard Chartered Bank reaped hundreds of millions
of dollars of fees by scheming with Iran’s government despite U.S. economic
sanctions to hide roughly 60,000 transactions from 2001 to 2010. The
superintendent said the unit of the London-based bank was “apparently aided” by
its consultant Deloitte & Touche LLP, which hid details from regulators,
despite being under supervision by the Federal Reserve Bank of New York and
other regulators for other compliance failures. He also said that he was
investigating “apparently similar” schemes to conduct business with other
countries subject to U.S. sanctions, including Libya, Myanmar, and Sudan.
Source: http://www.reuters.com/article/2012/08/06/us-standardchartered-iran-idUSBRE8750VM20120806?feedType=RSS&feedName=topNews&rpc=71
9. August
6, Minneapolis Star Tribune – (Minnesota) Serial robber
strikes Mpls. bank — this time wearing rubber nose, sunglasses. Sporting a
fake rubber nose and sunglasses, a nattily dressed gunman robbed a Minneapolis
Guaranty Bank branch inside a Rainbow Foods store August 3 in what authorities
said was at least his fifth bank holdup in recent months. He pointed a
semiautomatic handgun at the teller, fled on foot with an undisclosed amount of
cash, and remained at large. July 20, also around lunchtime on a Friday, the
same man robbed a TCF Bank branch in a Cub Foods grocery store in Fridley. The
FBI also suspects the man in bank robberies at banks in grocery stores in
Plymouth, St. Louis Park, and Maple Grove. Four of the five have come on
Fridays. The suspect’s clothing selection has varied from bank to bank but has
been consistently dapper, said an FBI spokesman. Source: http://www.startribune.com/local/minneapolis/165125666.html
10. August
6, Detroit Free Press – (Michigan) Police: Five men have stolen
$500K in Detroit area by skimming ATMs. Authorities said five men have
stolen about $500,000 from banks and credit unions in metro Detroit by skimming
ATMs. The Oakland County Sheriff’s Office released photos of the men August 6
and asked for public assistance to identify them. The first case was reported
June 28, police said. The U.S. Secret Service is involved in the investigation,
and officials said financial institutions in Commerce Township, West
Bloomfield, Livonia, Ferndale, Westland, Novi, and Wixom suffered losses.
Source: http://www.freep.com/article/20120806/NEWS05/120806044/Police-500K-stolen-Detroit-area-via-ATM-skimming
11. August
4, Associated Press – (Oregon; National) U.S. Bank ATMs back online after 2-hour
power outage. U.S. Bancorp said service was restored at its 8,000 automatic
teller machines across the Nation following a 2-hour outage August 4. The
bank’s owner said a power failure in Oregon led to the ATM outages. A bank
spokesman said the problems were sporadic and power was restored in geographic
blocks over time. Not all of the bank’s 8,000 machines were down for the entire
2 hours. Source: http://www.google.com/hostednews/ap/article/ALeqM5jtdfloAMqwQPOZ4uubmYZsYvzSIQ?docId=fa86c68d64cc4aaba9b506fb344df5bc
12. August
3, Los Alamitos-Seal Beach Patch – (California) FBI: ‘Plain
Jane’ bandit arrested. The so-called “Plain Jane Bandit” was arrested in
Downey, California, August 2 in connection with eight bank heists in the
Southland area over the span of 3 weeks, including a holdup at Chase bank in
Cerritos. The suspect was taken into custody at her residence. In July, the FBI
began releasing numerous bank surveillance images to the media in an effort to
identify and locate the suspect. An FBI official said authorities were
ultimately able to arrest the woman after receiving multiple tips from the
public. Source: http://losalamitos.patch.com/articles/fbi-bank-robber-dubbed-plain-jane-bandit-arrested
Information Technology Sector
41. August
6, H Security – (International) NVIDIA closes hole in proprietary Unix
driver. NVIDIA fixed the vulnerability in its proprietary graphics driver
for Unix systems that was publicly disclosed by a Linux kernel and X.org
developer several days ago, H Security reported August 6. It noted that NVIDIA
apparently knew about the hole for a month. To close it, the company, released
driver version 304.32, along with other drivers, which was deployed via
NVIDIA’s knowledge base.
42. August
6, Softpedia – (International) Experts demonstrate security holes in Android
with exploitation framework. XYSEC Labs security experts developed the
Android Framework for Exploitation (AFE), an open source project meant to demonstrate
the existence of security holes in the popular mobile operating system.
According to the researchers, the framework can be easily used to create
malware and botnets, find vulnerabilities, use exploits, gain access to apps,
steal sensitive data, and execute arbitrary commands on infected devices.
Recently, a wave of spam messages received by Android users caused commotion in
the security community, with many professionals believing it was the first-ever
Android botnet. That assumption proved false, but with AFE the experts want to
demonstrate an Android botnet is possible. AFE’s botnet module includes options
that allow the malicious element to remain hidden, the capability of
re-launching itself in case of a crash, and an automatic startup feature on
device boot. Source: http://news.softpedia.com/news/Experts-Demonstrate-Security-Holes-in-Android-with-Exploitation-Framework-285047.shtml
43. August
4, Softpedia – (International) Filter bypass vulnerability found in
Kaspersky Password Manager. Vulnerability Lab security researchers
identified a medium severity software filter and validation vulnerability that
affects Kaspersky’s Password Manager 5.0.0.164 and older variants. According to
the experts, the flaw allows a local attacker to inject malicious code during
the exportation process of a database. If exploited successfully, the
vulnerability can be leveraged for: persistently manipulating the application,
phishing, the execution of malware, and stealing the victim’s passwords in
clear text. All these operations require only medium interaction on the user’s
side. The researchers also provide an example of an exploitation scenario where
the attacker sends the victim a fake login page with a specific code in the
URL’s parameters. This code calls an HTML or a JavaScript that responds to an
URL with a chmod 777 command to exchange the file when processing local
requests. The unsuspecting Kaspersky Password Manager customer saves the
malicious login page to the application via the AutoFill plugin. Later, when
the victim attempts to export the file in HTML format using the standard
template, the malicious script is executed and the content of the file is sent
back to the server owned by the attacker. For the time being, the issue remains
unaddressed. As a solution that should be implemented by the vendor, the
researchers recommend the use of XML special characters in item names in the
exportation of content as an HTML file. Source: http://news.softpedia.com/news/Filter-Bypass-Vulnerability-Found-in-Kaspersky-Password-Manager-284969.shtml
44. August
3, Threatpost – (International) Volume of malware targeting Java
CVE-2012-1723 flaw spikes. It has been nearly 2 months since Oracle patched
the CVE-2012-1723 Java vulnerability, a serious remote pre-authentication flaw
present in the Java Runtime Environment, Threatpost reported August 3. The
first malware samples xploiting this vulnerability started appearing at the
start of July, but they were intermittent. However, by the second week of July,
the number of attacks on CVE-2012-1723 began to increase dramatically.
Microsoft researchers compiled statistics that show the volume of malware
targeting the Java flaw increased around July 10, and, surged and decreased in
the interim, and it was still very high in early August. The vulnerability
itself is in a JRE sub-component called Hotspot. Attackers who are able to
exploit it will have the ability to execute arbitrary code on the target
machine. Source: http://threatpost.com/en_us/blogs/volume-malware-targeting-java-cve-2012-1723-flaw-spikes-080312
45. August
3, V3.co.uk – (International) Microsoft releases Attack Surface Analyzer
anti-malware tool. Microsoft’s Trustworthy Computing unit released the full
version of its Attack Surface Analyzer, a service that explains how new
applications impact Windows’ ability to repel malicious software. The tool is
available as a free download and works by analyzing any new application
installed on users’ PCs. Microsoft explained the checks the tool can perform
include the analysis of changed or newly added files, registry keys, services,
Microsoft ActiveX controls, listening ports, and other parameters that affect a
computer’s attack surface. As well as helping IT departments, the tool is also
designed to help application developers ensure their products do not affect
computers’ cyber defenses. Source: http://www.v3.co.uk/v3-uk/news/2196589/microsoft-releases-attack-surface-analyzer-antimalware-tool
For more stories, see items 46 below in
the Communications Sector
Communications Sector
46.
August 3, Infosecurity – (National) Text
spam bombards US cell phone users. More than two-thirds of cell phone
owners that use text messaging have received text spam, with 25 percent
receiving spam at least once a week, according to a survey by the Pew Research
Center, Infosecurity reported August 3. In addition, 68 percent of cell phone
users have received unwanted sales and marketing calls, with one-quarter receiving
calls a few times a week or more frequently, according to the survey of 1,954
cell phone owners in the United States. Smartphone users reported higher
incidents of text spam and unwanted sales calls. Source: http://www.infosecurity-magazine.com/view/27390/text-spam-bombards-us-cell-phone-users/
For
another story, see item 42 above in the Information Technology
Sector
No comments:
Post a Comment