Friday, July 27, 2012
Daily Report
Top Stories
• Three widely deployed point-of-sale
terminals have vulnerabilities that could allow attackers to steal credit card
data and PIN numbers, according to a pair of security researchers. – IDG
News Service
See
item 11 below in the Banking and Finance Sector
• Health officials expanded testing to
thousands of patients of a former medical technician at Exeter Hospital in New
Hampshire, who is accused of spreading Hepatitis C to at least 30 patients.
Officials now believe the traveling technician worked in hospitals in 8 states.
– New Hampshire Union Leader
29.
July 26, New Hampshire Union Leader –
(National) Hepatitis C probe now in 8 states. Health officials confirmed
July 25 that the former medical technician at Exeter Hospital in Exeter, New
Hampshire who was accused of spreading hepatitis C also worked in Pennsylvania,
bringing to the total number of States where he was employed to at least eight.
The announcement came as Exeter Hospital lowered the number of patients to be
tested at public clinics at Exeter High School from 6,000 to 3,400. New
Hampshire health officials announced July 24 they were expanding testing to
those who were admitted to the ICU and who underwent inpatient surgeries
between April 1, 2011, and May 25, 2012, after learning the former employee had
access to those units. The technician was accused of infecting 30 Exeter
Hospital patients in its cardiac catheterization lab by shooting up the
powerful painkiller Fentanyl and then returning tainted syringes to be used on
other patients. Before arriving at Exeter, the technician worked in hospitals
around the country as a traveling medical technician who filled temporary jobs.
In addition to Pennsylvania and New Hampshire, the technician was also being
investigated for work at hospitals in Arizona, Georgia, Kansas, Maryland,
Michigan, and New York. Source: http://www.unionleader.com/article/20120726/NEWS12/707269913
• A major portion of Oakland, California’s
troubled police radio system failed shortly after the U.S. President’s visit
July 23, leaving many of the 100 officers assigned to handle presidential
security unable to communicate as protesters roamed the streets. – San
Francisco Chronicle
29.
July 26, New Hampshire Union Leader –
(National) Hepatitis C probe now in 8 states. Health officials confirmed
July 25 that the former medical technician at Exeter Hospital in Exeter, New
Hampshire who was accused of spreading hepatitis C also worked in Pennsylvania,
bringing to the total number of States where he was employed to at least eight.
The announcement came as Exeter Hospital lowered the number of patients to be
tested at public clinics at Exeter High School from 6,000 to 3,400. New
Hampshire health officials announced July 24 they were expanding testing to
those who were admitted to the ICU and who underwent inpatient surgeries
between April 1, 2011, and May 25, 2012, after learning the former employee had
access to those units. The technician was accused of infecting 30 Exeter
Hospital patients in its cardiac catheterization lab by shooting up the
powerful painkiller Fentanyl and then returning tainted syringes to be used on
other patients. Before arriving at Exeter, the technician worked in hospitals
around the country as a traveling medical technician who filled temporary jobs.
In addition to Pennsylvania and New Hampshire, the technician was also being
investigated for work at hospitals in Arizona, Georgia, Kansas, Maryland,
Michigan, and New York. Source: http://www.unionleader.com/article/20120726/NEWS12/707269913
• Firefighters in three Nebraska counties
battled expanding wildfires that threatened crops, cattle, and a major
recreational river July 25. – Reuters
53.
July 26, Reuters – (Arkansas;
Nebraska) Nebraska wildfires rage as dry heat scorches central U.S. Firefighters
in three Nebraska counties battled expanding wildfires July 25, and the entire
town of Ola, Arkansas was evacuated because of an approaching fire, as the
central part of the United States suffered through another day of stifling
heat. Large fires were raging in Nebraska, where 72,400 acres had been consumed
in the drought-stricken north central region of the State by July 25,
authorities said. Weeks of 100-plus degree temperatures have destroyed many
dryland crops across Nebraska leaving areas more susceptible to wildfires, and
made conditions for firefighters nearly unbearable. A portion of the Niobrara
River was declared off limits for public use and a part of Nebraska Highway 12
was closed, but reopened July 25. The Ainsworth area Chamber of Commerce
pleaded for help July 25, citing the loss of grazing land for cattle and the
loss of structures. Donations will be used to buy feed and hay for cattle,
fencing supplies and other ranching needs, it said on its Web site. Source: http://www.propertycasualty360.com/2012/07/26/nebraska-wildfires-rage-as-dry-heat-scorches-centr?t=es-specialty
Details
Banking and Finance Sector
11. July 26,
IDG News Service – (International) Payment terminal flaws shown at Black Hat. Three
widely deployed payment terminals have vulnerabilities that could allow
attackers to steal credit card data and PIN numbers, according to a pair of
security researchers from penetration testing firm MWR InfoSecurity, IDG News
Service reported July 26. The vulnerabilities were demonstrated at the Black
Hat USA 2012 security conference. The researchers focused on three particular
models of terminals, also known as point-of-sale (POS) terminals. Two are
popular in England but also used in the United States, while the third is
widely deployed in America. The researchers declined to name the exact device
models or the firms that manufacture them because they wanted to give vendors
time to address the issues. Two devices had vulnerabilities in their payment
applications that can give attackers control over various components of the
devices, and can be exploited using specially crafted EMV (Chip-and-PIN) cards.
The third device, which is popular in the United States, is a more
sophisticated device utilizing a touchscreen, a smart card reader, a SIM card
to communicate over mobile networks, support for contactless payments, an USB
port, and Ethernet port, and an administration interface that can be accessed
locally and remotely. The communication between terminals and a remote
administration server is not encrypted, which means attackers can interfere
with it using techniques like ARP or DNS spoofing to force the payment terminals
to communicate with a rogue server. Source: http://www.computerworld.com/s/article/9229678/Payment_terminal_flaws_shown_at_Black_Hat
12. July 25,
Associated Press – (National) Ohio grand jury reindicts in Navy charity scam. An
Ohio grand jury reindicted a former fugitive accused of running a $100 million
scam collecting donations for U.S. Navy veterans, the Associated Press reported
July 25. The State attorney general said the 24-count indictment against the
man reflects new information since two previous indictments in 2010. Charges
filed by the Cleveland grand jury included identity fraud and complicity to
money laundering. Authorities said it was unclear what the man’s true identity
is. They said he goes by a full name and has also signed court documents as Mr.
X. They said he defrauded donors in 41 States of up to $100 million through a
bogus Florida-based charity. Some of the money has been found. The man was
arrested in Portland, Oregon, in May and pleaded not guilty. Source: http://www.google.com/hostednews/ap/article/ALeqM5iQA9UacvTYlRMpYomiIT1By9mUWQ?docId=2c5bd2c98434426e8ed0c720c586d8f1
Information Technology Sector
39. July 26,
H Security – (International) IBM closes holes in mail filters and
WebSphere MQ. IBM patched two security flaws in the mail filters of Lotus
Protector for Mail Security and Proventia Network Mail Security that affect all
versions of these products. A cross-site scripting vulnerability allows an
attacker to inject JavaScript code into the browser of an administrator with an
active session on the system. The other vulnerability allows administrators to
gain access to files on a server that they should not have access to. Both
vulnerabilities were patched for versions 2.5.x, 2.8.x, and later of the
affected products. Users with older versions of the software must upgrade to
version 2.5.x before they can install the patch. IBM also patched a flaw in
version 7.1 of its WebSphere MQ communication platform. The vulnerability
allows users to access the queue manager even if they are not allowed to do so.
This problem is fixed in Fix Pack 7.1.0.1 for WebSphere MQ. Source: http://www.h-online.com/security/news/item/IBM-closes-holes-in-mail-filters-and-WebSphere-MQ-1653340.html
40. July 26,
H Security – (International) Password leak at meetOne. A data leak at
the meetOne dating site allowed anyone to access private data, including the
plaintext passwords, email addresses, and real names of the site’s
approximately 900,000 members. To obtain the data, an attacker simply needed to
increment a URL parameter. After they were informed by the H’s associates at
heise Security, the operators closed the hole. Source: http://www.h-online.com/security/news/item/Password-leak-at-meetOne-1652783.html
41. July 26,
V3.co.uk – (International) Madi Trojan may be targeting UK firms. Securlert,
one of the two firms that helped discover the Madi trojan, warned infections
were spreading far wider than initially estimated: “Looking deeper into the
Mahdi victims’ IP addresses, we did find a few dozen IP addresses which seem to
be from non-Middle Eastern countries, such as the US and UK,” the firm warned.
The news followed a warning from Kaspersky Lab that a new more dangerous form
of Madi emerged, with improved espionage powers that lets its authors monitor
conversations, such as those on instant messaging system Jabber, or European
social network VKontakte. Securlert also reported discovering a possible link to
the Flame malware, reportedly finding an identifier prefix labeled “Flame”
being used by Madi’s command and control (C&C) server. Source: http://www.v3.co.uk/v3-uk/news/2194475/madi-trojan-may-be-targeting-uk-firms
42. July 26,
H Security – (International) Oracle’s file converter holes endanger many
server services. Some of the holes Oracle closed the week of July 16 affect
more than just Oracle software, because Oracle’s Outside In library is used in
many other products to convert files of different formats. As well as
Microsoft’s Exchange Server and SharePoint, products from Cisco, HP, IBM,
Novell, Symantec, McAfee, and others are affected. More precisely, it is not a
single hole, but 14 holes in the parsing of certain types of tile. The affected
file formats are .VSD, .WSD, .JP2, .DOC, .SXD, .LWP, .PCX, .SXI, .DPT, .PDF,
.SAM, .ODG, and .CDR. A program that opens a specially crafted file with the
Oracle libraries is fundamentally compromised. A range of server services are
affected, including antivirus scanners like McAfee GroupShield, but also
specific desktop applications that need to handle different file types, such as
the Guidance EnCase Forensic toolkit. One of the U.S. Computer Emergency
Readiness Team (US-CERT) advisories lists a number of companies and products
that use the Oracle libraries and are also vulnerable. It is still unclear
whether all products that use Outside In are vulnerable. Microsoft has a
dedicated advisory published on the vulnerability. It is also unknown whether,
or when, the various manufacturers will have patches for their products ready
for customers. Source: http://www.h-online.com/security/news/item/Oracle-s-file-converter-holes-endanger-many-server-services-1653568.html
43. July 26,
Help Net Security – (International) Crisis OS X Trojan is an effective spy tool. The
Crisis/Morcut OS X malware recently discovered via samples submitted to
VirusTotal was more than a backdoor trojan, Sophos researchers said after
analyzing it. Its ultimate goal is to spy on the user, and it does so by
monitoring mouse coordinates, instant messenger applications, the built-in
webcam and microphone, clipboard contents, pressed keys, calendar data and
alerts, address book contents, URLs visited by the user, and more — in short,
it is a very thorough spying tool. The trojan also persists after reboots, and
contacts remote servers for instructions, likely for the exfiltration of the
collected information. The trojan was known to affect the 10.6 and 10.7
versions of OS X, but it is still unknown whether the newly released OS X
Mountain Lion is susceptible, too. The malware was yet to be spotted in the
wild, and the signatures for detecting it are already incorporated in most Mac
antivirus solutions. Source: http://www.net-security.org/malware_news.php?id=2200&utm
44. July 25,
H Security – (International) Safari 6 addresses numerous security
vulnerabilities. Apple published version 6.0 of its Safari Web browser for
OS X 10.7 Lion July 25, closing numerous security holes. According to the
company, the major update addresses more than 120 vulnerabilities found in the
previous 5.x branch. Among the holes closed were problems in the handling of
feed:// URLs that could have led to cross-site scripting (XSS) attacks or
users’ files being sent to a remote server. A bug in the autocomplete system
used by Safari, which may have resulted in passwords being automatically
inserted even when a site specifies that it should not be, was fixed, as was an
XSS issue caused by opening maliciously crafted files on certain pages. Source:
http://www.h-online.com/security/news/item/Safari-6-addresses-numerous-security-vulnerabilities-1652411.html
45. July 25,
Ars Technica – (International) Android, Nokia smartphone security toppled by
Near Field Communication hack. A new technology being added to smartphones
running the Google Android and Linux-based MeeGo operating systems makes it
trivial for hackers to electronically hijack handsets that are in close
proximity, a researcher appearing at the Black Hat security conference said. By
exploiting multiple security weakness in the industry standard known as Near
Field Communication (NFC), the smartphone hacker can take control of handsets
made by Samsung and Nokia. The attack works by putting the phone a few
centimeters away from a quarter-sized chip, or touching it to another
NFC-enabled phone. Code on the attacker-controlled chip or handset is beamed to
the target phone over the air, then opens malicious files or Web pages that
exploit known vulnerabilities in a document reader or browser, or in some cases
in the operating system itself. Source: http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/
For more stories, see item 11 above in
the Banking and Finance Sector
Communications Sector
46.
July 25, WTAP 15 Parkersburg – (West
Virginia; Ohio) WTAP transmitter off air periodically this week. Work by
WTAP 15 Parkersburg, West Virginia, on its main tower the week of July 23,
getting its new CBS station ready to go on the air caused its stations in West
Virginia and Ohio to go off the air periodically throughout the week. The work
did not affect CAS or Suddenlink Cable customers or satellite viewers. Source: http://www.wtap.com/news/headlines/WTAP--163704636.html?ref=636
For
more stories, see items 11 above in the Banking and Finance Sector, item
34 above in Top Stories and 39, 40, 41, 43,
and 45 above in the Information Technology Sector