Friday, February 17, 2012
• Citigroup agreed to pay $158.3 million to settle claims its mortgage unit fraudulently misled the government into insuring risky mortgage loans — more than one-third of which went into default — for more than 6 years. – Associated Press. See item 10) below in the Banking and Finance Sector.
• Twelve people in five states were infected with E. coli O26 in an outbreak linked to raw clover sprouts served at Jimmy John’s sandwich restaurants, the fifth-such outbreak linked to sprouts served at the eateries in the last 4 years. – Food Safety News (See item 15)
15. February 15, Food Safety News – (National) Outbreak linked to raw sprouts sickens 12. Twelve people in five states were infected with E. coli O26 in an outbreak linked to raw clover sprouts served at Jimmy John’s sandwich restaurants, the Centers for Disease Control and Prevention (CDC) said. Iowa reported five cases, Missouri three, Kansas two, while Arkansas and Wisconsin each reported one person infected with the outbreak strain, the CDC said in a report February 15. It said the onset of illnesses ranged from December 25, 2011 to January 15. Raw sprouts served on sandwiches at Jimmy John’s restaurants were associated with multiple food-borne illness outbreaks in recent years. In 2008, at least 19 E. coli O157:H7 cases were linked to alfalfa sprouts sold at Colorado Jimmy John’s restaurants. In 2009, 228 people became ill in Nebraska, Iowa, South Dakota, and Kansas after eating Salmonella-contaminated sprouts at several restaurants, including Jimmy John’s outlets. In late 2010, a 16-state Salmonella outbreak that struck 94 people was linked, in part, to alfalfa and spicy sprouts served at Jimmy John’s restaurants, while a separate outbreak of Salmonella a month later, which sickened 7 people in Oregon and Washington, was also tied to Jimmy John’s sandwiches. Following those outbreaks, the company announced it was switching from alfalfa sprouts to clover sprouts nationwide. The ill people ate at nine different Jimmy John’s locations in four states, the CDC reported. Source: http://www.foodsafetynews.com/2012/02/twelve-people-in-fives-states/
Banking and Finance Sector
10. February 15, Associated Press – (National) Citi to pay $158 million in mortgage settlement. Citigroup agreed to pay $158.3 million to settle claims its mortgage unit fraudulently misled the government into insuring risky mortgage loans for more than 6 years. The government said February 15 CitiMortgage certified 30,000 mortgages for insurance provided by the Federal Housing Administration and submitted many certifications that were “knowingly or recklessly false.” More than a third of those loans went into default, resulting in millions of dollars in losses for the government due to the insurance claims. As part of the civil fraud settlement, Citi accepted responsibility for failing to comply with government rules and submitting certifications that were fraudulent. The payments are in addition to the $2.2 billion Citigroup has to pay in connection with the $26 billion mortgage loan settlement announced the week of February 6 by the Justice Department and the nation’s top mortgage lenders. Since 2004, more than 30 percent of loans originated or underwritten by CitiMortgage went into default. CitiMortgage submitted certifications to the government that stated certain loans were eligible for federal mortgage insurance when they were not, according to the government. Source: http://www.nytimes.com/2012/02/16/business/citigroup-to-pay-158-million-in-mortgage-fraud-settlement.html
11. February 15, Orange County Register – (California) Man sought as ‘Snowboarder Bandit’ robs Anaheim bank. A man who robbed an Anaheim, California bank branch the week of February 13 is believed to be the “Snowboarder Bandit,” suspected of carrying out at least seven Orange County holdups, police announced February 15. Authorities have released surveillance photos of the man who walked into the Schools First Federal Credit Union branch about 2:50 p.m. February 13, handed a teller a note demanding cash, and left with an undisclosed amount of money. Officials believe the robber is the “Snowboarder Bandit,” who previously struck at bank branches in Irvine, Laguna Hills, Anaheim Hills, Ladera Ranch, and Corona del Mar. The bandit earned his name due to his “youthful appearance and the ski-type clothes” he has worn during the robberies, authorities said. Source: http://www.ocregister.com/news/bandit-340544-anaheim-snowboarder.html
28. February 16, H Security – (International) Flash Player update plugs exploited hole. Adobe released updates for Flash Player closing seven holes in the application. Six of the holes can be exploited to allow an attacker to infect a PC using crafted Web pages. The seventh is a cross site scripting hole that Adobe says is already being exploited in “active targeted attacks.” The attacks, which are only aimed at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe said the hole “could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website.” Flash Player version 220.127.116.11 and earlier on Windows, Macintosh, Linux, and Solaris, version 18.104.22.168 and earlier for Android 4.x, and version 22.214.171.124 and earlier for Android 3.x and 2.x, are all affected. Desktop Flash users should update to 126.96.36.199 by downloading it from Adobe’s site. Android 4.x users should update to 188.8.131.52 and Android 3.x and 2.x users should update to version 184.108.40.206 by browsing to the Android Market Place for an update. Google’s Chrome browser, which embeds the Flash Player, was updated to version 17.0.963.56 on Windows, Mac, Linux, and Chrome Frame. The Chrome update also addresses 13 high, medium, and low severity security issues. Source: http://www.h-online.com/security/news/item/Flash-Player-update-plugs-exploited-hole-1435494.html
29. February 15, Reuters – (International) Apple tweaks apps policy under lawmaker pressure. Under pressure from U.S. legislators, Apple Inc. moved February 15 to quell a swelling privacy controversy by saying it will begin to require iPhone and iPad applications to seek “explicit approval” in separate user prompts before accessing users’ address book data. Apple’s move came shortly after two members of the U.S. House Energy and Commerce committee requested the company to provide more information about its privacy policies. Recently, bloggers published findings that some of the most popular software applications in Apple’s App Store were able to lift private address book data without user consent. In a letter addressed to Apple’s chief executive, Democrats from California and North Carolina asked Apple February 15 to clarify its developer guidelines and the measures taken by the company to screen apps sold on its App Store. The letter came after Path, a startup that makes a social networking app, attracted widespread criticism the week of February 6 after a Singaporean developer found its iPhone app was uploading his contacts’ names and phone numbers onto Path’s servers. In the following days, other technology bloggers discovered that iPhone like Facebook, Twitter, Foursquare, and Foodspotting similarly uploaded user data — without permission, in some cases. Source: http://www.reuters.com/article/2012/02/15/apple-privacy-idUSL2E8DFEYJ20120215
30. February 15, H Security – (International) Java SE updates fix critical security holes. Oracle fixed 14 security holes in the Java Standard Edition (Java SE) with a critical patch update. The vulnerabilities allow attackers to use specially crafted Java WebStart applications or Web services to install malicious code on computers that run flawed versions of Java. Oracle said such flawed versions are particularly likely to exist on Windows computers because Windows users tend to have admin. privileges. The risk is smaller under operating systems such as Linux and Solaris, the company added. The holes, five of which are rated as maximum risk vulnerabilities, affect the JDK (Java Development Kit) and JRE (Java Runtime Environment) 7 Update 2, JDK and JRE 6 Update 30, JDK and JRE 5.0 Update 33, and SDK and JRE 1.4.2:35, and earlier releases of each. Versions older than JavaFX 2.0.2 are also affected. Oracle closed the holes in Java SE 7 Update 3, Java SE 6 Update 31, and JavaFX 2.0.3. The updates are available for Windows, Linux, and Solaris. Under Windows, the updates will be installed automatically via auto-update. Otherwise, the patches can be downloaded from the Java download page and installed manually. Source: http://www.h-online.com/security/news/item/Java-SE-updates-fix-critical-security-holes-1435043.html
For more stories, see items 32, and 34 below in the Communications Sector.
31. February 16, Agence France-Presse – (National) US regulators pull plug on LightSquared. U.S. telecom regulators pulled the plug on a plan to build a high-speed wireless broadband network, citing potential interference with GPS navigation devices. The Federal Communications Commission (FCC) said February 14 it was revoking permission for LightSquared to build a 4G-LTE network the company said would cover more than 90 percent of the United States by 2015. Explaining the decision, the FCC cited research done by the National Telecommunications and Information Administration (NTIA), the agency that coordinates spectrum use by the U.S. military and federal government. Source: http://www.google.com/hostednews/afp/article/ALeqM5ifoIo33OOW8IiWA0V5Q1DWggQq0Q?docId=CNG.d2dffb7bb5556b9a072d2459a2931d3f.331
32. February 16, North Country Now – (New York) Slic internet service interrupted for about 3 hours in Potsdam, Canton and other areas. Internet service for many Slic Network subscribers was interupted for several hours February 15 and February 16 throughout parts of St. Lawrence County, New York. St. Lawrence County offices, the Potsdam Village Police, and Clarkson University were among a number of businesses and organizations reporting an inability to access the Internet. Shortly before 5 p.m., February 15, a representative of Nicholville-based Slic Network Solutions confirmed they were having problems and indicated the problem involved a circuit outside their network. Time-Warner subscribers in Potsdam and Massena reported they did not have outages. Source: http://northcountrynow.com/news/internet-service-down-potsdam-canton-050102
33. February 15, Radio World – (Wisconsin) Copper theft silences WZRK (AM). Copper theft at an AM station in southeast Wisconsin has become so bad the facility has asked the Federal Communications Commission (FCC) for permission to go off the air while it installs a system to prevent future thefts. GS Radio, the owner of WZRK 1550 AM Lake Geneva, said that twice now, “thieves have stolen the copper ground radials surrounding the WZRK tower, outside the fenced area surrounding the transmitter shed, and the AM tower itself.” GS told the FCC the copper radials must be replaced again. It asked the commission for permission to stay off the air “for a few months” to accomplish that, as well as devise a security system. Source: http://www.rwonline.com/article/copper-theft-silences-wzrkam-/211859
34. February 14, ZDNet – (International) Nortel hacking attack went unnoticed for almost 10 years. According to a Wall Street Journal report, hackers who appeared to be working in China broke into Nortel’s computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee, e-mails, and other documents, ZDNet reported February 14. The report said the hackers used seven passwords stolen from top Nortel executives, including the company’s chief executive officer (CEO), and maintained a persistent presence by hiding spying software “so deeply within some employees’ computers that it took investigators years to realize the pervasiveness of the problem.” The initial breach occurred as far back as 2000 but Nortel did not discover the threat until 2004, when an employee noticed that a senior executive appeared to be downloading an unusual set of documents, according to the internal report. Source: http://www.zdnet.com/blog/security/nortel-hacking-attack-went-unnoticed-for-almost-10-years/10304
For another story, see item 29 above in the Information Technology Sector.