Thursday, June 14, 2012

Complete DHS Daily Report for June 14, 2012

Daily Report

Top Stories

• A severe rain storm left about 170,000 homes and businesses without power in the Houston area June 12. – Reuters

2. June 12, Reuters – (Texas) About 88,000 without power in Houston area after storm. A severe rain storm left about 88,000 homes and businesses without power in the Houston area June 12, according to utility Web sites. Houston-based CenterPoint Energy reported about 75,000 customers in the dark, mostly on the north side of the city, while Entergy Corp reported more than 13,000 outages, north and east of Houston. Earlier, the two companies had said nearly 170,000 homes and business were without power. A CenterPoint spokeswoman said the outages were being caused by high wind knocking tree limbs into power lines. No timetable for power restoration was available late June 12. Source: http://www.reuters.com/article/2012/06/13/us-utilities-storm-texas-idUSBRE85B1MT20120613

• A member of a Mexican drug cartel, his wife, and five associates were arrested in Texas and charged with using U.S.-bred quarter horses to launder millions of dollars in drug proceeds. – Los Angeles Times See item 11 below in the Banking and Finance Sector

• Global Payments Inc. said a breach that snared data from as many as 1.5 million credit and debit card accounts in North America also obtained many merchants’ banking and driver’s license numbers. – Associated Press See item 13 below in the Banking and Finance Sector

• A Buffalo, New York hospital was locked down and prospective patients were sent elsewhere for most of the day June 13 after the early morning shooting death of a woman. – Associated Press

34. June 13, Associated Press – (New York) Police seek Buffalo surgeon in shooting death of woman. The early morning shooting death of a woman June 13 triggered the search for a trauma surgeon and forced the lockdown of a Buffalo, New York hospital as police combed the grounds for the gunman. A person familiar with the investigation told the Associated Press that police are looking for a former U.S. Army medic in connection with the shooting death of the woman in a stairwell at the Erie County Medical Center. The suspect, licensed to practice medicine in New York since 2002, treats patients at the medical center and other major hospitals in the area. A commando team was called in to search a building on the hospital grounds. As of the afternoon of June 13, that search ended but police were still collecting evidence at the hospital. Police said the woman was shot several times inside a building that houses outpatient services and offices. Source: http://www.usatoday.com/news/nation/story/2012-06-13/buffalo-hospital-shooting/55571026/1

Details

Banking and Finance Sector

11. June 12, Los Angeles Times – (New Mexico; Oklahoma; Texas; International) Mexico cartel accused of laundering money at U.S. racetracks. The unlikely marriage of a violent Mexican drug cartel and U.S. quarter horses has apparently ended with the arrest of one of the top suspected members of the Zetas gang. The cartel member, his wife, and five associates were charged June 12 in Austin, Texas, with using horses to launder millions of dollars in drug proceeds. They were taken into U.S. custody after scores of FBI agents raided stables and ranches near Ruidoso, New Mexico, and Lexington, Oklahoma. Working on a tip from more than 2 years ago, law enforcement officials learned the Zetas were allegedly laundering up to $1 million a month in the high circles of American-bred quarter horses. An additional 11 suspects were being sought. The two-State takedown marked the first known time a cartel has allegedly used such a tactic. The indictment alleges when drug-smuggling profits returned to the Zetas in Mexico in “bulk cash shipments,” they were delivered to “plaza bosses for counting and distribution.” To launder the profits, the cartel turned to “investments in racing quarter horses purchased via bulk currency payments, wire transfers, structured deposits, and bulk currency deposits.” The cartel member and his wife allegedly handled things on the U.S. side, creating several corporations — Tremor Enterprises, 66 Land, and Zule Farms — to facilitate moving the money. Those arrested June 12 and those who remain at large, face up to 20 years in prison, as well as fines and other damages of $20 million and more. Source: http://www.latimes.com/news/nationworld/nation/la-na-cartel-horses-20120613,0,2069688.story

12. June 12, Long Island Business News – (New York) Bethpage Federal Credit Union details data breach. Bethpage Federal Credit Union June 12 said personal information of 86,000 consumer VISA debit card accounts had been exposed on the Internet. The company said an employee May 3 posted data on a file transfer protocol site the employee believed to be secure. However, Bethpage Federal later found the data could be accessed through search engines. It removed the data June 3 once it became aware of the breach and sent e-mails June 11 informing those affected. Data posted on the site for consumer VISA debit cards included names, addresses, birth dates, and card expiration dates, as well as checking and savings account numbers. It did not include Social Security numbers, personal identification numbers, or CVV codes. The credit union said the breach came as it transitioned from VISA to MasterCard debit cards. It said it has accelerated the transition and plans to replace the VISA cards within several weeks. New cards had already been issued to 25 percent of the 86,000 members, leaving about 64,500 yet to be replaced. Source: http://libn.com/2012/06/12/bethpage-federal-credit-union-details-data-breach/

13. June 12, Associated Press – (National; International) Payment processor finds more trouble from breach. A major payment processor suspects the fallout from a recent security breach may be worse than it initially believed. Global Payments Inc. raised the red flag June 12, more than 2 months after it first reported computer hackers may have stolen data from as many as 1.5 million credit and debit card accounts in North America. At that point, the company had concluded the crooks had not taken anyone’s name, address, or Social Security numbers. However, after its investigators dug deeper into the intrusion, Global Payments discovered the bandits also may have pried into computers storing the personal information of various merchants applying to have their sales processed. Besides names, addresses, and Social Security numbers, Global Payments also stores drivers’ license numbers and banking account numbers of merchants, according to regulatory filings. The company said it still does not believe any personal information was taken from the up to 1.5 million card accounts cited in its original report of the theft. The data taken from the cards is believed to be mostly account numbers, expiration dates, and security codes. Other key details remain murky because Global Payments still has not identified the merchants and banks entangled in the mess, nor estimated how many people may now be vulnerable to identify theft. Global Payments said it believes “this incident is contained.” The company expects to have a better handle on how much the hacking will cost by July 26. So far, Global Payments said there have been no fraudulent charges tied to the breach. Source: http://www.businessweek.com/ap/2012-06/D9VBVDFO0.htm

14. June 12, Federal Bureau of Investigation – (New York; International) Advertising company owner pleads guilty to participating in $19.75M accounting fraud scheme. A U.S. attorney in New York announced the former president of the U.S.-division of an international outdoor advertising company pleaded guilty June 12 in connection with his participation in a 5-year, $19.75 million accounting fraud scheme designed to make it appear the company was meeting certain performance targets so he could receive higher salary increases and bonuses. “[The defendant] and his co-conspirator engaged in accounting sleight-of-hand for the sole purpose of self-enrichment, in violation of the securities laws, and his fiduciary and ethical duties to his company and its shareholders,” the U.S. attorney said. From 2004 until 2009, the defendant, together with the company’s finance director, directed the firm’s controller to make fictitious accounting entries to give the appearance the company was meeting monthly performance targets. These false entries resulted in the preparation of financial statements that reflected artificially inflated monthly income amounts. The fake entries resulted in a total overstatement of the company’s income by approximately $19.75 million. As a result, the president was paid about $1.1 million in salaries and bonuses. He also misused tens of thousands of dollars of company funds to pay expenses and fees unrelated to the company’s legitimate business. Source: http://www.loansafe.org/advertising-company-owner-pleads-guilty-to-participating-in-19-75m-accounting-fraud-scheme

Information Technology Sector

43. June 13, H Security – (International) Intel CPUs affected by VM privilege escalation exploit. A security vulnerability in the visualization software built into Intel’s hardware allows an attacker to execute code in Ring 0 of the CPU. The problem affects 64-bit versions of Windows, Linux, FreeBSD, and the Xen hypervisor. The flaw appears to only affect Intel hardware — AMD and ARM CPUs are not affected. To close the security hole, users should apply updates from their operating system supplier. Source: http://www.h-online.com/security/news/item/Intel-CPUs-affected-by-VM-privilege-escalation-exploit-1616866.html

44. June 13, H Security – (International) Oracle update of Java closes critical holes. In the notes on the June 2012 Critical Patch Update for Java, Oracle recommends that Java SE users upgrade their JDK and JRE packages as soon as possible. The update fixes 14 vulnerabilities, 6 of which are classified as critical because they allow attacks over the network without authentication. Oracle provides little information about the bugs themselves. The six critical bugs appear to involve the Web Starting of applications and applets that are untrusted either because they were delivered without a certificate or because the certificate testing failed. One of the holes can also be exploited by accessing it through a Web service. Source: http://www.h-online.com/security/news/item/Oracle-update-of-Java-closes-critical-holes-1616681.html

45. June 13, Threatpost – (International) Microsoft warns of XML vulnerability being actively exploited. Microsoft warned of a vulnerability in its XML Core Services 3.0, 4.0, 5.0, and 6.0 that allows remote code to be executed if a victim is convinced to visit a malicious Web site using Internet Explorer. The actively exploited security hole affects all supported Windows releases and all supported editions of Office 2003 and 2007. The flaw was found by Google researchers and reported to Microsoft May 30. “Over the past 2 weeks, Microsoft has been responsive to the issue and has been working with us,” a Google security engineer said. “These attacks are being distributed both via malicious Web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable.” Source: http://threatpost.com/en_us/blogs/microsoft-warns-xml-vulnerability-being-actively-exploited-061312

46. June 13, H Security – (International) Critical holes closed in Microsoft’s June Patch Tuesday. Microsoft released 7 security bulletins fixing 27 security holes, 13 of them in Internet Explorer (IE). The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync, and Dynamics AX. A patch announced for Visual Basic for Applications has yet to be released. The most important updates are bundled in the cumulative IE patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. According to Microsoft’s chief security advisor in Germany, the IE patch also affects the Windows 8 Consumer Preview, and therefore Internet Explorer 10. Another urgent update is MS12-036, which concerns denial-of-service and remote code execution vulnerabilities in the Remote Desktop features built into all supported versions of Windows. The third critical update affects the .NET Framework (MS12-038). The remaining four updates are rated “important” by Microsoft and close code execution bugs in Lync and privilege escalation holes in Dynamics AX and Windows. Source: http://www.h-online.com/security/news/item/Critical-holes-closed-in-Microsoft-s-June-Patch-Tuesday-1616622.html

47. June 12, Threatpost – (International) Google fixes persistent XSS flaw in Gmail. A security researcher found a persistent cross-site scripting (XSS) vulnerability in Gmail, a serious bug the Google security team fixed. The vulnerability is one of three XSS flaws the researcher discovered recently and reported to Google. The persistent XSS in Gmail would have given an attacker the ability to run malicious scripts on a victim’s machine. The researcher discovered there was a way for an attacker to get access to several key pieces of information in the URLs that Gmail generates when it displays a message to a user. When a message is displayed directly, rather than as part of a user’s inbox, it contains both a static user ID and an identifier for the individual message. Those values should not be available to an attacker, but the researcher found he could get them through referrer leaks. Source: http://threatpost.com/en_us/blogs/google-fixes-persistent-xss-flaw-gmail-061212

48. June 12, Ars Technica – (International) Microsoft overhauls certificate management in response to Flame PKI hack. As part of its monthly “Patch Tuesday” security updates for June, Microsoft announced changes in how Windows manages certificates. These changes include a new automatic updater tool for Windows 7 and Windows Vista that will flag stolen or known forged certificates. This shift will have a huge impact on companies and software vendors who use Microsoft’s implementation of public key infrastructure as part of their authentication and software distribution — especially if they have not followed best practices for certificates in the past. According to a post on the Microsoft Security Response Center blog by a Microsoft Trustworthy Computing spokesperson, the new certificate update tool will rely on a “Disallowed Certificate Trust List” maintained by Microsoft. The tool will check the list daily, moving certificates found on the list to an “untrusted” store. Source: http://arstechnica.com/security/2012/06/microsoft-overhauls-certificate-management-in-response-to-flame-pki-hack/

For more stories, see items 12 and 13 above in the Banking and Finance Sector and 49 below in the Communications Sector

Communications Sector

49. June 12, KCRG 9 Cedar Rapids – (Iowa) Phone, Internet services restored in Dubuque. Landline phone and Internet service was restored to the Dubuque, Iowa area after a fiber line was severed June 12. The outage affected Internet and landline phone service to the Dubuque area, including 9-1-1 service for the city. According to CenturyLink, the damage happened south of Dubuque and was caused by an excavator. Since 9-1-1 service was impacted by the outage, emergency calls were routed to the Iowa State Patrol post in Cedar Falls for a period of time. Service was restored in about 4.5 hours. Source: http://www.kcrg.com/news/local/Landline-Phone-Service-Outage-Reported-in-Dubuque-Affecting-911-Service-158589405.html?m=y&smobile=y

For another story, see item 47 above in the Information Technology Sector