Tuesday, July 3, 2012
Daily Report
Top Stories
• Millions of people in a number of States along the East
Coast and farther west went into a third day without power July 2 after a round
of summer storms that killed more than a dozen people, destroyed homes and
businesses, and wreaked havoc on area travel. – Associated Press
2. July 2,
Associated Press – (National) At least 22 dead after US storms cut power in
East. Millions of people in a swath of States along the East Coast and
farther west went into a third sweltering day without power July 2 after a
round of summer storms that killed more than a dozen people. The outages left
many to contend with stifling homes and spoiled foodas temperatures approached
or exceeded 100 degrees. Around 2 million customers from North Carolina to New
Jersey and as far west as Illinois were without power, that was down from the
more than 3 million homes and businesses that lost power shortly after the June
29 storm hit. Utility officials said the power would likely be out for several
more days. Since June 29, severe weather was blamed for at least 22 deaths,
most from trees falling on homes and cars. The power outages prompted concerns of
traffic problems as commuters took to roads with darkened stoplights. There
were more than 400 signal outages in Maryland July 2, including more than 330
in hard-hit Montgomery County outside the nation’s capital, according to the
State Highway Administration. There were 100 signal outages in northern
Virginia late July 1, and 65 roads were closed, although most were secondary
roads. Power crews from as far away as Florida and Oklahoma were headed to the
mid-Atlantic region to help get the power back on. Source: http://www.businessweek.com/ap/2012-07-02/at-least-22-dead-after-us-storms-cut-power-in-east
• A programming error
on a massive New York Stock Exchange trade by a broker-dealer June 29 was
caught before it caused a “disastrous” set of events at market close that could
have cost millions, the exchange said. – Reuters See item 14
below in the Banking and Finance Sector
• GlaxoSmithKline
was fined $3 billion in the largest fraud settlement in U.S. history for
failing to report safety data on some of its most popular prescription drugs. –
CNNMoney
40. July 2,
CNNMoney – (National) GlaxoSmithKline in $3 billion fraud settlement. GlaxoSmithKline
was fined $3 billion July 2 by the U.S. Department of Justice after failing to
report safety data on some of its most popular drugs. The payment is the
largest fraud settlement in U.S. history, and the largest payment ever by a
drug company. GlaxoSmithKline will plead guilty to two counts of introducing
misbranded drugs, Paxil and Wellbutrin, into interstate commerce. Specifically,
the government alleged the drugs were marketed as a treatment for conditions
for which they
had not been approved. It said Paxil, which treats depression and anxiety
disorders in adults, was marketed to children and adolescents, and Wellbutrin,
an antidepressant, was marketed as a weight-loss aid. A third count involved a
failure to report safety data about the drug Avandia, a diabetes drug, to the
Food and Drug Administration between 2001 and 2007. GlaxoSmithKline also
reached a 5-year compliance agreement with the Department of Health and Human
Services. Under terms of the deal, company executives could forfeit annual
bonuses if they or their subordinates engage in significant misconduct, and
sales agents are now being paid based on quality of service rather than sales
targets. Source: http://money.cnn.com/2012/07/02/news/companies/GlaxoSmithKline-settlement/index.htm?hpt=hp_t2
• Using only
$1,000 worth of equipment, a group of researchers from the University of Texas
at Austin hijacked a small drone, highlighting the vulnerabilities of
unencrypted GPS signals. – Discover Magazine
44. July 1, Discover Magazine
– (National) Unencrypted
GPS lets hackers take control of drones. Using only $1,000 worth of
equipment, a group of researchers from the University of Texas at Austin
hijacked a small drone, highlighting the vulnerabilities of unencrypted GPS
signals, Discover Magazine reported July 1. While the powerful military drones
used overseas use encrypted GPS signals, the ones in the United States rely on
signals from open civilian GPS, which makes them vulnerable to GPS “spoofing.”
The head of the university’s Radionavigation Laboratory and his team put on a
demonstration for representatives of the Federal Aviation Administration and
the DHS. To take control of the drone, the research group generated a fake GPS
signal to match the real one, and then used the fake signal to overwhelm the
real one, placing the drone under their control. The lead researcher predicts
there could be as many as 30,000 drones patrolling the skies by 2020 and
recommends investment in some resources in the authentication of civilian GPS
signals. Source: http://blogs.discovermagazine.com/80beats/2012/07/01/unencrypted-gps-lets-hackers-take-control-of-drones/
• U.S. critical
infrastructure firms saw an increase in the number of reported cybersecurity
incidents between 2009 and 2011, according to a new report from the U.S.
Industrial Control System Cyber Emergency Response Team. – Dark Reading See item 54
below in the Information Technology
Sector
• California
officials approved a plan that suggests major investments in the State’s aging
system of levees that protect water, freeways, homes, and farmland in the
Central Valley, an area ranked as of the nation’s highest flood risks. – Associated
Press
68. June 29, Associated Press
– (California) Calif.
approves flood plan for Central Valley. California officials approved a
plan June 29 that recommends major investments in the State’s aging system of
levees that protect people and farmland in the Central Valley, an area with one
of the highest flood risks in the nation. The plan, adopted by the Central
Valley Flood Protection Board, calls for as much as $17 billion in repairs and
new investments in the levees and other infrastructure, including $5 billion in
bond funds already approved by State voters. Officials and experts agree the
flood control system built along the Sacramento and San Joaquin rivers by
farmers and governments over the past 150 years is in disrepair. About 1
million Californians live in the floodplains, and the levees protect an estimated
$69 billion in assets, including the State’s water supply, major freeways,
agricultural land, and the valley’s remaining wetland and riparian habitat, yet
more than half of the region’s urban and rural levees do not meet standards.
Also, about half of the channels are believed to be inadequate to handle
projected flooding. The plan does not include specific projects but offers
recommendations concerning floodway and bypass expansion; improvements to
intake and gate structures; urban and rural levee repairs; fish passage
improvements; and ecosystem restoration. The plan also outlines new flood
protection requirements for cities and counties. The State will now require
urban communities that want to do new development to achieve 200-year flood
protection — double the federal standard — by 2025. Source: http://www.mercurynews.com/news/ci_20974166/calif-approves-flood-plan-central-valley
Details
Banking and Finance Sector
11. July 29,
Nextgov – (National; International) Buyer beware: Mobile payments might
not be protected. Some current financial rules may not be fully up to the
task of regulating the growing number of mobile payment systems, government
officials told a House subcommittee June 29. The associate general counsel for
the Federal Reserve Board of Governors warned members of the House Financial
Services Subcommittee on Financial Institutions and Consumer Credit that in the
broader regulatory scheme many mobile systems may not be covered, especially
those used by people or organizations that are not banks. Mobile payments
usually refer to making purchases, bill payments, charitable donations, or
payments to other persons using a mobile device, with the payment applied to a
phone bill, credit card, or withdrawn directly from a bank account. As mobile
payment options have multiplied, however, concerns have been raised over
ensuring the transactions are secure and private; and that consumers have
recourse if something goes wrong. Source: http://www.nextgov.com/mobile/2012/06/buyer-beware-mobile-payments-might-not-be-protected/56540/
12. July 2,
BankInfoSecurity – (National) Phisher convicted in massive scheme. An
Atlanta man was convicted for the role he played in a massive phishing and
fraud scheme that targeted Chase Bank, Bank of America, Branch Bank and Trust
Co., and payroll processor ADP June 27. The man was convicted of conspiracy to
commit wire fraud, identity theft, and conspiracy to gain unauthorized access
to protected computers, according to a statement issued by the New Jersey U.S.
Attorney’s Office. Authorities said the scheme defrauded the banks and ADP of
$1.5 million. Two other defendants in the case previously pleaded guilty, one
is in custody, and another is detained in Nigeria pending extradition. Two
others remain at large. The phishing attacks directed unsuspecting users to
spoofed or fake Web pages designed to mimic legitimate sites. Once on the
spoofed sites, consumers were conned into entering confidential personal and
financial information, including their names, dates of birth, Social Security
numbers, mothers’ maiden names, and online account usernames and passwords. The
convicted defendant and others used the stolen usernames and passwords to hack
and compromise accounts, as well as initiate unauthorized transactions and
withdrawals. Source: http://www.bankinfosecurity.com/phisher-convicted-in-massive-scheme-a-4911
13. June 29,
InformationWeek – (International) Banking trojan harvests newspaper readers’
credentials. Security firm ESET warned of financial malware trying to
harvest usernames and passwords from a major newspaper’s Web site, Information
Week reported June 29. ESET said it observed financial malware known variously
as Gataka and Tatanga being used in four recent attack campaigns. Targets
include banks in Germany and the Netherlands, as well as an attack “trying to
obtain accounts on a major U.S. newspaper’s Web site by performing brute-force
guesses of usernames and passwords,” a malware researcher at ESET said. In all
of the campaigns, ESET observed the malware connecting with between three and
10 different hacked Web pages, which served as proxies for the botnet’s
command-and-control server. The researcher estimated that the underlying botnet
contained “somewhere between 20,000 and 40,000 infected hosts,” with the vast
majority of compromised PCs located in Germany. The Gataka malware itself was
first detailed by S21sec in February 2011. The security firm dubbed the trojan
application, written in C++, as being “rather sophisticated” given its ability
to hide on infected systems. It does that in part by downloading encrypted
modules after it infects a system. According to S21sec, these modules or
plug-ins offer additional functionality and are decrypted in memory when
injected to the browser or other processes to avoid detection by antivirus
software. Source: http://www.informationweek.com/news/security/vulnerabilities/240003004
14. June 29,
Reuters – (National; International) NYSE catch saves broker from
disastrous blunder. A programming error on a massive New York Stock
Exchange (NYSE) trade by a broker-dealer June 29 nearly caused a “disastrous”
set of events at market close that could have cost millions but was caught by a
person overseeing end of day trading, the exchange said. A broker-dealer placed
an order at closing for 17 million shares of Monster Worldwide, which was
trading at $8.50 a share, with no offers in site, which seemed unusual given
the thin book for the stock. The Designated Market Manager, a NYSE monitor, saw
it, alerted the operations staff, the stock was halted, and the broker-dealer
was contacted. It turned out the broker-dealer did not want to buy Monster
Worldwide. Rather, it was looking to buy an unspecified amount of Monster
Beverage Corp. Had the 17 million share order gone through, the stock, which
had a share buy imbalance of 17,000, would have soared as the buy orders —
there were about 60 of them — would have continued to automatically execute
until there were no more offers. Source: http://www.reuters.com/article/2012/06/29/nyse-marketstructure-blunder-idUSL2E8HTJLC20120629
15. June 29,
Washington Post – (International) U.S. targets informal banks for alleged aid
to Taliban. The U.S. administration imposed sanctions on a pair of informal
money-exchange networks in Afghanistan and Pakistan June 29 in what officials
described as the first use of the tactic to attack the financial underpinnings
of Taliban militants who rely on the system to fund their insurgency. The
sanctions announced by the Treasury Department were coordinated with similar
measures adopted by the United Nations as part of a broad effort to slow the
flow of cash used by the Taliban to pay salaries and purchase weapons for
attacks in Afghanistan. The informal cash networks — commonly known as hawalas
— have long been used by Taliban commanders and other militants to move funds
back and forth across the Afghan-Pakistani border, according to administration
officials. The two hawalas were identified as the Haji Khairullah Haji Sattar
Money Exchange and the Roshan Money Exchange. Treasury Department documents
alleged that Afghan Taliban commanders maintained accounts in both networks and
regularly withdrew thousands of dollars to pay off Taliban-backed “shadow”
governors, buy weapons, and pay fighters’ salaries. Source: http://www.washingtonpost.com/world/national-security/us-targets-informal-banks-for-alleged-aid-to-taliban/2012/06/29/gJQAWAInBW_story.html
16. June 28,
U.S. Department of Justice – (Ohio; Indiana; Kentucky) Operators of
$8.9 million Ponzi scheme plead guilty to federal charges. The U.S.
Department of Justice announced June 28 that a man from Cincinnati and another
from Brookville, Indiana, each pleaded guilty to one count of conspiracy to
commit mail and wire fraud, one count of obstruction of justice, and one count
of income tax evasion for running an investment scheme, The scheme ensnared
about 72 investors in Ohio, Indiana, and Kentucky who lost $8,924,451.46.
According to court documents, the men claimed they were licensed through
CityFund or Dunhill to sell securities. They solicited investors between 2003
and March 2011 to invest in a “day trading” Ponzi scheme. They told investors
the strategy involved purchasing large blocks of stocks in overseas markets
with the investment liquidated to cash before the close of the trading day.
Investors were guaranteed profits of 10 to 15 percent and in some cases even 30
percent. Many victims rolled over their retirement accounts into the scheme
based on false promises of lucrative gains. All of the representations made by
the men were false. Neither of them was licensed to sell securities, nor were
the CityFund or Dunhill entities licensed broker firms. Most of the investors’
funds were never invested in anything. Rather, they spent most of the money on
themselves, paying for their exorbitant personal expenses and lifestyles.
Source: http://www.justice.gov/usao/ohs/news/06-28-12.html
Information Technology Sector
50. July 2,
Help Net Security – (International) Blackhole exploit kit got upgraded. Phoenix
and Blackhole are the most popular and widely used exploit kits because their
creators are always tinkering with them and pushing out updates and improved
attack capabilities. Blackhole’s authors recently added the still unpatched XML
Core Services vulnerability to the pack and also changed the JavaScript code
that initiates the exploitation sequence so it can dynamically generate new
domain domains, Help Net Security reported July 2. “If the location or URL for
the iframe, which actually contains the malicious code, changes or is taken
down, all of the compromised sites will have to be updated to point to this new
location,” Symantec researchers explained. “To deal with this, the Blackhole
JavaScript code on compromised sites now dynamically generates pseudo-random
domains based on the date and other information, and then creates an iframe
pointing to the generated domain.” Source: http://www.net-security.org/secworld.php?id=13189&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
51. July 2,
H Security – (International) VLC Media Player 2.0.2 adds Retina display
support. July 1, the VideoLAN project released the second point update to
version 2.0 of its VLC Media Player. According to its developers, the major
update to the open source media player software fixes “a lot of regressions” in
the 2.0.x branch, which was already downloaded more than 100 million times. The
update fixes an Ogg-related heap-based buffer overflow and a vulnerability
(CVE-2012-2396) that could be used to cause a denial-of-service condition when
opening a specially crafted MP4 file. Source: http://www.h-online.com/security/news/item/VLC-Media-Player-2-0-2-adds-Retina-display-support-1629967.html
52. July 2,
H Security – (International) Serious holes in Cisco WebEx player patched. Cisco
published an advisory concerning four buffer overflows in the Cisco WebEx
player and one buffer overflow in the Cisco Advanced Format player running on
Windows, Mac OS X, and Linux, H Security reported July 2. According to Cisco,
the vulnerabilities could allow an attacker to execute code on a system. The
players are used to play back WebEx meeting recordings and are automatically
installed when required by WebEx meetings. Exploiting the applications requires
the playback of a maliciously constructed recording file that can either be
delivered by e-mail or by getting the user to visit a malicious Web page; the
vulnerabilities are not exploitable within a WebEx meeting. Source: http://www.h-online.com/security/news/item/Serious-holes-in-Cisco-WebEx-player-patched-1629845.html
53. June 29,
Threatpost – (International) Mac OS X, Windows backdoors used in new APT
attacks. A new Mac OS X backdoor variant was recently detected. It targets
a Turkic ethnic group in central Asia, according to Kaspersky Lab. Researchers
intercepted an advanced persistent threat campaign earlier the week of June 25
that targeted Uyghur Mac users. Researchers appear to have traced the command
and control server to an IP address in China. Similar to Kaspersky’s discovery,
AlienVault Labs claims to have found another backdoor that affects Windows
users. Transmitted through e-mail, the attack also includes a zip file along
with a Winrar file. The file extracts a binary that goes on to copy itself but
not before dropping a DLL file on the system. After it is injected, the DLL
file appears to help initiate Gh0st RAT, a remote access tool. Source: http://threatpost.com/en_us/blogs/mac-os-x-windows-backdoors-used-new-apt-attacks-062912
54. June 29,
Dark Reading – (International) U.S. critical infrastructure cyberattack
reports jump dramatically. U.S. critical infrastructure companies saw a
dramatic increase in the number of reported cybersecurity incidents between
2009 and 2011, according to a new report from the U.S. Industrial Control
System Cyber Emergency Response Team (ICS-CERT). In 2009, ICS-CERT fielded nine
incident reports. In 2010, that number increased to 41. In 2011, it was 198. Of
those 198, 7 resulted in the deployment of onsite incident response teams from
ICS-CERT, and 21 of the other incidents involved remote analysis efforts by the
Advanced Analytics Lab. Incidents specific to the water sector, when added to
those that impacted multiple sectors, accounted for more than half of the
incidents due to a larger number of Internet-facing control system devices
reported by independent researchers, according to the report. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240003029/
For more stories, see items 11, 12 and 13 above in
the Banking and Finance Sector
and 55 below in the Communications Sector
Communications Sector
55. June 30,
Associated Press – (National) Storm knocks out servers for 3 websites. Netflix,
Instagram, and Pinterest were using Twitter and Facebook to update subscribers
after a June 29 Virginia storm caused server outages for hours. Netflix and Pinterest
restored service by June 30. Instagram engineers were working to restore service,
but no data was lost. The three Web sites are customers of Amazon Inc.’s Web
services division. An Amazon spokeswoman said in an e-mail that the storm cut
power to some of the company’s operations. Netflix, a video streaming service,
tweeted that subscribers should reconnect if they still experienced problems.
The online scrapbook service Pinterest said employees were working on remaining
issues that may affect performance. Source: http://www.wwlp.com/dpps/news/national/storm-knocks-out-servers-for-3-websites_4222995
For more stories, see items 11 above in
the Banking and Finance Sector
and 52 above in the Information Technology Sector