Friday, July 27, 2012 


Daily Report

Top Stories

 • Three widely deployed point-of-sale terminals have vulnerabilities that could allow attackers to steal credit card data and PIN numbers, according to a pair of security researchers. – IDG News Service See item 11 below in the Banking and Finance Sector

 • Health officials expanded testing to thousands of patients of a former medical technician at Exeter Hospital in New Hampshire, who is accused of spreading Hepatitis C to at least 30 patients. Officials now believe the traveling technician worked in hospitals in 8 states. – New Hampshire Union Leader

29. July 26, New Hampshire Union Leader – (National) Hepatitis C probe now in 8 states. Health officials confirmed July 25 that the former medical technician at Exeter Hospital in Exeter, New Hampshire who was accused of spreading hepatitis C also worked in Pennsylvania, bringing to the total number of States where he was employed to at least eight. The announcement came as Exeter Hospital lowered the number of patients to be tested at public clinics at Exeter High School from 6,000 to 3,400. New Hampshire health officials announced July 24 they were expanding testing to those who were admitted to the ICU and who underwent inpatient surgeries between April 1, 2011, and May 25, 2012, after learning the former employee had access to those units. The technician was accused of infecting 30 Exeter Hospital patients in its cardiac catheterization lab by shooting up the powerful painkiller Fentanyl and then returning tainted syringes to be used on other patients. Before arriving at Exeter, the technician worked in hospitals around the country as a traveling medical technician who filled temporary jobs. In addition to Pennsylvania and New Hampshire, the technician was also being investigated for work at hospitals in Arizona, Georgia, Kansas, Maryland, Michigan, and New York. Source: http://www.unionleader.com/article/20120726/NEWS12/707269913

 • A major portion of Oakland, California’s troubled police radio system failed shortly after the U.S. President’s visit July 23, leaving many of the 100 officers assigned to handle presidential security unable to communicate as protesters roamed the streets. – San Francisco Chronicle

29. July 26, New Hampshire Union Leader – (National) Hepatitis C probe now in 8 states. Health officials confirmed July 25 that the former medical technician at Exeter Hospital in Exeter, New Hampshire who was accused of spreading hepatitis C also worked in Pennsylvania, bringing to the total number of States where he was employed to at least eight. The announcement came as Exeter Hospital lowered the number of patients to be tested at public clinics at Exeter High School from 6,000 to 3,400. New Hampshire health officials announced July 24 they were expanding testing to those who were admitted to the ICU and who underwent inpatient surgeries between April 1, 2011, and May 25, 2012, after learning the former employee had access to those units. The technician was accused of infecting 30 Exeter Hospital patients in its cardiac catheterization lab by shooting up the powerful painkiller Fentanyl and then returning tainted syringes to be used on other patients. Before arriving at Exeter, the technician worked in hospitals around the country as a traveling medical technician who filled temporary jobs. In addition to Pennsylvania and New Hampshire, the technician was also being investigated for work at hospitals in Arizona, Georgia, Kansas, Maryland, Michigan, and New York. Source: http://www.unionleader.com/article/20120726/NEWS12/707269913

 • Firefighters in three Nebraska counties battled expanding wildfires that threatened crops, cattle, and a major recreational river July 25. – Reuters

53. July 26, Reuters – (Arkansas; Nebraska) Nebraska wildfires rage as dry heat scorches central U.S. Firefighters in three Nebraska counties battled expanding wildfires July 25, and the entire town of Ola, Arkansas was evacuated because of an approaching fire, as the central part of the United States suffered through another day of stifling heat. Large fires were raging in Nebraska, where 72,400 acres had been consumed in the drought-stricken north central region of the State by July 25, authorities said. Weeks of 100-plus degree temperatures have destroyed many dryland crops across Nebraska leaving areas more susceptible to wildfires, and made conditions for firefighters nearly unbearable. A portion of the Niobrara River was declared off limits for public use and a part of Nebraska Highway 12 was closed, but reopened July 25. The Ainsworth area Chamber of Commerce pleaded for help July 25, citing the loss of grazing land for cattle and the loss of structures. Donations will be used to buy feed and hay for cattle, fencing supplies and other ranching needs, it said on its Web site. Source: http://www.propertycasualty360.com/2012/07/26/nebraska-wildfires-rage-as-dry-heat-scorches-centr?t=es-specialty

Details

Banking and Finance Sector

11. July 26, IDG News Service – (International) Payment terminal flaws shown at Black Hat. Three widely deployed payment terminals have vulnerabilities that could allow attackers to steal credit card data and PIN numbers, according to a pair of security researchers from penetration testing firm MWR InfoSecurity, IDG News Service reported July 26. The vulnerabilities were demonstrated at the Black Hat USA 2012 security conference. The researchers focused on three particular models of terminals, also known as point-of-sale (POS) terminals. Two are popular in England but also used in the United States, while the third is widely deployed in America. The researchers declined to name the exact device models or the firms that manufacture them because they wanted to give vendors time to address the issues. Two devices had vulnerabilities in their payment applications that can give attackers control over various components of the devices, and can be exploited using specially crafted EMV (Chip-and-PIN) cards. The third device, which is popular in the United States, is a more sophisticated device utilizing a touchscreen, a smart card reader, a SIM card to communicate over mobile networks, support for contactless payments, an USB port, and Ethernet port, and an administration interface that can be accessed locally and remotely. The communication between terminals and a remote administration server is not encrypted, which means attackers can interfere with it using techniques like ARP or DNS spoofing to force the payment terminals to communicate with a rogue server. Source: http://www.computerworld.com/s/article/9229678/Payment_terminal_flaws_shown_at_Black_Hat

12. July 25, Associated Press – (National) Ohio grand jury reindicts in Navy charity scam. An Ohio grand jury reindicted a former fugitive accused of running a $100 million scam collecting donations for U.S. Navy veterans, the Associated Press reported July 25. The State attorney general said the 24-count indictment against the man reflects new information since two previous indictments in 2010. Charges filed by the Cleveland grand jury included identity fraud and complicity to money laundering. Authorities said it was unclear what the man’s true identity is. They said he goes by a full name and has also signed court documents as Mr. X. They said he defrauded donors in 41 States of up to $100 million through a bogus Florida-based charity. Some of the money has been found. The man was arrested in Portland, Oregon, in May and pleaded not guilty. Source: http://www.google.com/hostednews/ap/article/ALeqM5iQA9UacvTYlRMpYomiIT1By9mUWQ?docId=2c5bd2c98434426e8ed0c720c586d8f1

Information Technology Sector

39. July 26, H Security – (International) IBM closes holes in mail filters and WebSphere MQ. IBM patched two security flaws in the mail filters of Lotus Protector for Mail Security and Proventia Network Mail Security that affect all versions of these products. A cross-site scripting vulnerability allows an attacker to inject JavaScript code into the browser of an administrator with an active session on the system. The other vulnerability allows administrators to gain access to files on a server that they should not have access to. Both vulnerabilities were patched for versions 2.5.x, 2.8.x, and later of the affected products. Users with older versions of the software must upgrade to version 2.5.x before they can install the patch. IBM also patched a flaw in version 7.1 of its WebSphere MQ communication platform. The vulnerability allows users to access the queue manager even if they are not allowed to do so. This problem is fixed in Fix Pack 7.1.0.1 for WebSphere MQ. Source: http://www.h-online.com/security/news/item/IBM-closes-holes-in-mail-filters-and-WebSphere-MQ-1653340.html

40. July 26, H Security – (International) Password leak at meetOne. A data leak at the meetOne dating site allowed anyone to access private data, including the plaintext passwords, email addresses, and real names of the site’s approximately 900,000 members. To obtain the data, an attacker simply needed to increment a URL parameter. After they were informed by the H’s associates at heise Security, the operators closed the hole. Source: http://www.h-online.com/security/news/item/Password-leak-at-meetOne-1652783.html

41. July 26, V3.co.uk – (International) Madi Trojan may be targeting UK firms. Securlert, one of the two firms that helped discover the Madi trojan, warned infections were spreading far wider than initially estimated: “Looking deeper into the Mahdi victims’ IP addresses, we did find a few dozen IP addresses which seem to be from non-Middle Eastern countries, such as the US and UK,” the firm warned. The news followed a warning from Kaspersky Lab that a new more dangerous form of Madi emerged, with improved espionage powers that lets its authors monitor conversations, such as those on instant messaging system Jabber, or European social network VKontakte. Securlert also reported discovering a possible link to the Flame malware, reportedly finding an identifier prefix labeled “Flame” being used by Madi’s command and control (C&C) server. Source: http://www.v3.co.uk/v3-uk/news/2194475/madi-trojan-may-be-targeting-uk-firms

42. July 26, H Security – (International) Oracle’s file converter holes endanger many server services. Some of the holes Oracle closed the week of July 16 affect more than just Oracle software, because Oracle’s Outside In library is used in many other products to convert files of different formats. As well as Microsoft’s Exchange Server and SharePoint, products from Cisco, HP, IBM, Novell, Symantec, McAfee, and others are affected. More precisely, it is not a single hole, but 14 holes in the parsing of certain types of tile. The affected file formats are .VSD, .WSD, .JP2, .DOC, .SXD, .LWP, .PCX, .SXI, .DPT, .PDF, .SAM, .ODG, and .CDR. A program that opens a specially crafted file with the Oracle libraries is fundamentally compromised. A range of server services are affected, including antivirus scanners like McAfee GroupShield, but also specific desktop applications that need to handle different file types, such as the Guidance EnCase Forensic toolkit. One of the U.S. Computer Emergency Readiness Team (US-CERT) advisories lists a number of companies and products that use the Oracle libraries and are also vulnerable. It is still unclear whether all products that use Outside In are vulnerable. Microsoft has a dedicated advisory published on the vulnerability. It is also unknown whether, or when, the various manufacturers will have patches for their products ready for customers. Source: http://www.h-online.com/security/news/item/Oracle-s-file-converter-holes-endanger-many-server-services-1653568.html

43. July 26, Help Net Security – (International) Crisis OS X Trojan is an effective spy tool. The Crisis/Morcut OS X malware recently discovered via samples submitted to VirusTotal was more than a backdoor trojan, Sophos researchers said after analyzing it. Its ultimate goal is to spy on the user, and it does so by monitoring mouse coordinates, instant messenger applications, the built-in webcam and microphone, clipboard contents, pressed keys, calendar data and alerts, address book contents, URLs visited by the user, and more — in short, it is a very thorough spying tool. The trojan also persists after reboots, and contacts remote servers for instructions, likely for the exfiltration of the collected information. The trojan was known to affect the 10.6 and 10.7 versions of OS X, but it is still unknown whether the newly released OS X Mountain Lion is susceptible, too. The malware was yet to be spotted in the wild, and the signatures for detecting it are already incorporated in most Mac antivirus solutions. Source: http://www.net-security.org/malware_news.php?id=2200&utm

44. July 25, H Security – (International) Safari 6 addresses numerous security vulnerabilities. Apple published version 6.0 of its Safari Web browser for OS X 10.7 Lion July 25, closing numerous security holes. According to the company, the major update addresses more than 120 vulnerabilities found in the previous 5.x branch. Among the holes closed were problems in the handling of feed:// URLs that could have led to cross-site scripting (XSS) attacks or users’ files being sent to a remote server. A bug in the autocomplete system used by Safari, which may have resulted in passwords being automatically inserted even when a site specifies that it should not be, was fixed, as was an XSS issue caused by opening maliciously crafted files on certain pages. Source: http://www.h-online.com/security/news/item/Safari-6-addresses-numerous-security-vulnerabilities-1652411.html

45. July 25, Ars Technica – (International) Android, Nokia smartphone security toppled by Near Field Communication hack. A new technology being added to smartphones running the Google Android and Linux-based MeeGo operating systems makes it trivial for hackers to electronically hijack handsets that are in close proximity, a researcher appearing at the Black Hat security conference said. By exploiting multiple security weakness in the industry standard known as Near Field Communication (NFC), the smartphone hacker can take control of handsets made by Samsung and Nokia. The attack works by putting the phone a few centimeters away from a quarter-sized chip, or touching it to another NFC-enabled phone. Code on the attacker-controlled chip or handset is beamed to the target phone over the air, then opens malicious files or Web pages that exploit known vulnerabilities in a document reader or browser, or in some cases in the operating system itself. Source: http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/

For more stories, see item 11 above in the Banking and Finance Sector
Communications Sector 

46. July 25, WTAP 15 Parkersburg – (West Virginia; Ohio) WTAP transmitter off air periodically this week. Work by WTAP 15 Parkersburg, West Virginia, on its main tower the week of July 23, getting its new CBS station ready to go on the air caused its stations in West Virginia and Ohio to go off the air periodically throughout the week. The work did not affect CAS or Suddenlink Cable customers or satellite viewers. Source: http://www.wtap.com/news/headlines/WTAP--163704636.html?ref=636

For more stories, see items 11 above in the Banking and Finance Sector, item 34 above in Top Stories and 39, 40, 41, 43, and 45 above in the Information Technology Sector