Thursday, August 9, 2012
Daily Report
Top Stories
• The Federal Aviation Administration said it
would bar airports nationwide from using a traffic-reversing operation that led
to a close call July 31 involving three commuter flights at Ronald Reagan
Washington National Airport. – Associated Press
16.
August 7, Associated Press –
(National) FAA suspends operation that led to near-collision. The
Associated Press reported August 7 that the Federal Aviation Administration
(FAA) stated it will bar airports nationwide from using a traffic-reversing
operation that led to a close call July 31 at Ronald Reagan Washington National
Airport in Arlington, Virginia. No commercial airports will be able to use the
maneuver, in which controllers direct some planes to take off and land from the
opposite of the usual direction, until a standardized procedure can be put in
place, aviation officials said. The FAA expects to have new procedures in place
within a month, said the FAA chief operating officer. In the meantime, airports
can only use the maneuver — known as ―opposite-direction operations‖ — in
emergencies. The FAA made the change after the incident involving three U.S.
Airways commuter flights that got too close to one another. At the time of the
incident, air traffic controllers had been changing the direction planes were
landing and taking off at the airport because of bad weather developing to the
airport’s south. The miscommunication occurred between a regional air traffic
control center in Virginia that guides planes into area airports and
controllers in the tower at Reagan. Another major issue raised by the incident
is that managers at the regional control center were also performing
administrative tasks, even when traffic was heavy or complex and required their
undivided attention. The FAA chief operating officer said the FAA will ensure
that in the future, managers are not multitasking while handling complicated
air traffic. In addition to creating new procedures, the FAA also said it is
working with the National Air Traffic Controllers Association to determine what
additional training, including more radar training, is necessary to ensure
planes do not come too close to one another. Source: http://www.sfgate.com/news/article/FAA-suspends-operation-that-led-to-near-collision-3768914.php
• Federal safety regulators sought up to
$162.4 million in fines against American Airlines and its affiliates for
alleged violations of U.S. safety standards going back several years. – Associated
Press
17.
August 7, Associated Press – (Texas) Federal
safety regulators may seek up to $162 million in fines from American Airlines,
AMR. Federal safety regulators sought up to $162.4 million in fines against
American Airlines and its affiliates for alleged violations of U.S. safety
standards going back several years, the Associated Press reported August 7.
Many of the investigations had not been disclosed until the Federal Aviation
Administration (FAA) filed documents describing them to the federal court
handling the bankruptcy case of American and parent AMR Corp. The court
documents underscore the scope and depth of FAA’s concern about the maintenance
program at American, the nation’s third-largest airline. They are being
revealed just as American seeks to fix labor and financial problems and turn
itself around after losing more than $10 billion since 2001. American said
August 7 that it has been working with federal officials for several years to
improve training and oversight in its maintenance operations. Source: http://www.washingtonpost.com/business/federal-safety-regulators-may-seek-up-to-162-million-in-fines-from-american-airlines-amr/2012/08/07/63335aa0-e0af-11e1-8d48-2b1243f34c85_story.html
• A southeastern Montana wildfire destroyed a
Montana Highway Patrol communications tower and knocked out transmissions
between dispatchers and troopers in nine counties. – Associated Press
34. August
7, Associated Press – (Montana) Southeastern Montana fire burns Highway Patrol
communications tower. A southeastern Montana wildfire destroyed a Montana
Highway Patrol communications tower and knocked out transmissions between
dispatchers and troopers in nine counties, but officials said August 7, they
were able to restore those links without any loss of response time. The tower
burned August 6 in the 270-square-mile Rosebud complex of fires on and near the
Northern Cheyenne Indian Reservation. The tower was the main voice
communications hub between highway patrol dispatchers in Helena and troopers in
western Big Horn, Rosebud, Garfield, Treasure, Custer, Prairie, Powder River,
McCone, and Carter counties, a spokesman said. With the tower destroyed, the
voice transmissions had to be rerouted through local law enforcement agencies.
Data transmissions could still be sent to and from headquarters through
troopers’ laptops, the spokesman said. Transmissions are expected to go through
local agencies until the weekend of August 18, when the highway patrol plans to
temporarily move communications equipment into a NorthWestern Energy building
near the burned tower. Source: http://missoulian.com/news/state-and-regional/wildfires/southeastern-montana-fire-burns-highway-patrol-communications-tower/article_88711bd8-e0f3-11e1-ac8c-001a4bcf887a.html
• A security breach at the Hoover Dam near Las
Vegas, stalled traffic for hours after a pickup truck blew through a security checkpoint
and sparked a SWAT team standoff August 7. – KSNV 3 Las Vegas
47.
August 8, KSNV 3 Las Vegas – (Nevada) Man
surrenders after standoff with SWAT at Hoover Dam. A security breach at the
Hoover Dam near Las Vegas, stalled traffic for hours after a pickup truck blew
through a security checkpoint and sparked a SWAT team standoff August 7. Police
raised a barrier to trap the driver after he barreled through the checkpoint.
According to police, the man then barricaded himself inside the truck until he
surrendered about 90 minutes later. Source: http://www.mynews3.com/content/news/local/story/Man-surrenders-after-standoff-with-SWAT-at-Hoover/iYn-2R5NkkOveJd_w24jEQ.cspx
Details
Banking and Finance Sector
11. August
8, Softpedia – (International) Shylock trojan injects attacker’s phone
number into bank websites. Symantec experts identified a new version of the
Shylock trojan that comes with a cleverly designed configuration file used to
inject a piece of JavaScript that contains the cybercriminal’s phone number
into the contact Web page of a banking site, Softpedia reported August 8. If
the victim calls the bank, she will have a conversation with the attacker,
instead of the financial institution’s representatives. There are two plausible
scenarios for this type of attack: the crooks want to harvest sensitive data via
phone, or they want to prevent the victim from reporting fraudulent activity. A
message injected into the banking site reads like a typical contact message
with the injected phone number included in the text. Currently, the main
targets of Shylock are users from the United Kingdom, the United States, and
Canada. Source: http://news.softpedia.com/news/Shylock-Trojan-Injects-Attacker-s-Phone-Numbers-into-Bank-Websites-285697.shtml
12. August
8, The H – (International) ZeuS trojan increasingly targets German
mTANs. Kaspersky Lab discovered new versions of the Zeus trojan apps for
Android and BlackBerry devices that are mainly going after mobile transaction
authentication numbers (mTAN) for online banking, The H reported August 8. The
attacks primarily target users in Germany, Spain, and Italy where the mTAN
system is commonly used by banks to improve security. Smartphones are infected
via a Windows PC that is infected with the Zeus trojan. Upon opening an online
banking Web site, the trojan may, for example, inject an alert saying that new
certificates must be installed on the smartphone for security reasons. Bogus
certificates or security updates are then offered as downloads or, in some
cases, are sent directly to the user’s registered mobile number via an SMS
message. The trojan app then secretly forwards the SMS messages that contain
the mTANs to another number. Source: http://www.h-online.com/security/news/item/ZeuS-trojan-increasingly-targets-German-mTANs-1663481.html
13. August
7, Los Angeles Times – (California) Man pleads guilty in stock scam linked to Notre
Dame hero ‘Rudy’. A Long Beach, California man admitted to his role August
7 in orchestrating a ―pump-and-dump stock scheme‖ around a sports drink company
built around the name of a famous University of Notre Dame football player. The
man pleaded guilty to one count of conspiring to commit securities fraud. The
plea deal requires him to pay full restitution to the more than 250 victims of
the scheme, which prosecutors alleged generated a profit of more than $5
million. Money-laundering transactions also netted more than $1 million.
Federal prosecutors allege that he and others traded on the name of the
football player, the sports drink’s namesake, to pump up the value of the drink
company before dumping about 600 million shares of RUNU stock on the market. He
fled the country during the investigation into the company but was arrested in
January in Johannesburg, South Africa, by special agents with U.S. Immigration
and Customs Enforcement’s Homeland Security Investigations, and South Africa’s
Police Services. Source: http://latimesblogs.latimes.com/lanow/2012/08/rudy-ruettiger-stock-scam.html
Information Technology Sector
35. August
8, The H – (International) New Burp Proxy cracks Android SSL. The
new version of Burp Proxy is designed to improve the analysis of encrypted SSL
connections on Android phones. Developers and security researchers use Burp
Proxy to examine the Web traffic on PCs, and also on smartphones. To analyze
Web traffic, the Burp server is entered as a proxy for HTTP and HTTPS
connections on the device, and a self-signed CA certificate is installed. This
CA certificate allows Burp Proxy to generate on-the-fly certificates to imitate
an HTTPS server and act as a man-in-the-middle. However, the problem on Android
phones was these devices initially retrieved the target server’s address via
DNS and then used the Proxy to access it directly using CONNECT. As Burp did
not know the server name for which to generate a certificate, it used the
server’s IP address as a common name, causing error messages or even aborted
connections on the smartphone. The new version 1.4.12 initially establishes an
SSL connection to the target server and then tries to imitate the server’s
certificate. Source: http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html
36. August
8, SecurityWeek – (International) Amazon and Apple change policies after
journalist is attacked. After a journalist for Wired had his digital
accounts breached by hackers, and his coverage on the topic exposed how their
customer service and user experience policies can be exploited for malicious
gain, Apple and Amazon adopted new policies for account access. Because of that
coverage, Amazon said in a statement that they ―can confirm that the exploit
has been closed as of [August 6].‖ As such, Amazon customers can no longer use
the phone to alter credit card or other account details. While not offering an
official statement, Apple also changed their policies. As of August 7, Apple
will no longer allow Apple ID password requests made via phone. Source: http://www.securityweek.com/amazon-and-apple-change-policies-after-journalist-attacked
37. August
8, The H – (International) Buffer overflows in KOffice and Calligra
reported. A buffer overflow vulnerability that affects both the KOffice and
Calligra office suites was disclosed by a researcher from Accuvant Labs. The
vulnerability, which allows an attacker to execute arbitrary code by exploiting
an error in the read() function of the ODF renderer, was revealed as part of
his presentation on near field communication hacking at the recent Black Hat
conference. The vulnerability is exploited by tricking a user into opening a
malicious ODF file that then causes a heap-based buffer overflow and leads to
the attacker’s code being executed. Since KOffice runs on the Nokia N9
smartphone, the researcher demonstrated how a maliciously crafted ODF file sent
over NFC can be used to execute arbitrary code on the target phone. The
vulnerability is rated ―Highly Critical‖ by Secunia and, to date, has not been
fixed in either KOffice or Calligra. Source: http://www.h-online.com/security/news/item/Buffer-overflows-in-KOffice-and-Calligra-reported-1662884.html
38. August
8, Infosecurity – (International) One-quarter of websites examined by testing
service were malicious. One-quarter of the 30,156 Web sites tested in the
second quarter by Zscaler’s Zulu service, which tests the security of Web
sites, were malicious, according to Zscaler’s second quarter 2012 State of the
Web report. A senior security researcher for Zscaler ThreatLabZ cautioned that
users of Zulu send suspicious Web sites to be tested, so the results are likely
to be skewed from the general Web site population. ―Keep in mind that the
service is meant to be receiving suspicious websites and reporting results on
those sites,‖ he said. Source: http://www.infosecurity-magazine.com/view/27471/
39. August
7, The H – (International) Google forced to temporarily deactivate copy
protection for Android apps. Google was forced to temporarily deactivate a
security feature in Android 4.1 (Jelly Bean) intended to make it harder to
pirate paid-for applications. The feature resulted in some purchased apps no
longer working after devices on which they were installed on were restarted,
requiring the user to reconfigure or reinstall them. According to a bug report
on Google Code, affected apps include several live wallpapers and applications
with widgets or access to Google’s account system. Android 4.1 introduced
improved copy protection in the form of a feature called App Encryption.
Paid-for apps are encrypted using a device-specific key prior to installation,
with the result that the application package file downloaded by a device (which
can only be accessed on rooted devices) will not run on other Android devices.
Source: http://www.h-online.com/security/news/item/Google-forced-to-temporarily-deactivate-copy-protection-for-Android-apps-1661755.html
40. August
7, Threatpost – (International) OpFake, FakeInst Android malware variants
continue to resist detection. Android devices have remained a constant
target of attacks over the second quarter of 2012 thanks in part to new
variants from the FakeInst and OpFake families of malware. According to the
latest version of the F-Secure Mobile Threat Report, the firm found 5,033
malicious Android application packages (APKs), a 64 percent increase over the
3,063 the firm identified in the first quarter of 2012. The report says that
out of the 5,000-plus APKs analyzed, 19 new families of malware and 21 new
variants of previously known families were found. Source: http://threatpost.com/en_us/blogs/opfake-fakeinst-android-malware-variants-continue-resist-detection-080712
41. August
7, V3.co.uk – (International) Cyber crooks use of ‘Police Virus’ ransomware
on the rise. Cyber criminals are now using the infamous ―Police Virus‖
malware as fully functioning ransomware, according to a report from security
firm PandaLabs. The Police Virus is a common technique used by criminals to
infect computers by masquerading as law enforcement agencies demanding money
for fictional crimes. Scams have been detected across the globe demanding money
for copyright infringement, missed court dates, and even parking tickets.
PandaLabs warned that it detected the evolution of the scam from standard
scareware to ransomware in its latest quarterly threat report, which analyzed
incidents from April through June 2012. The firm went on to warn that the
campaigns are continuing to evolve at a rapid pace, with criminals creating
increasingly effective ways to hold users data to ransom and demand payment for
its safe return. Source: http://www.v3.co.uk/v3-uk/news/2197262/cyber-crooks-use-of-police-virus-ransomware-on-the-rise
For more stories, see items 11 and 12 above in the Banking and Finance Sector
Communications Sector
42.
August 7, Bangor Daily News – (Maine) Crews
battling Maine fire making ‘excellent progress’. A wildfire that
firefighters have been battling since August 4 atop Big Spencer Mountain in
Maine almost doubled in size August 6, threatening important communications
equipment used by emergency personnel, and federal and state park and forestry
officials. Officials hoped to have it under control soon. As of August 6, a
dozen firefighters and two Maine forest rangers had ―made excellent progress‖
and successfully protected two radio repeater towers near the 2 acres of
fire-damaged ground, a Maine Forest Service lieutenant said. The fire was
reported August 4 and possibly started at or near the construction site of a
new radio tower. The radio repeaters are used by a private firm and several
State and local agencies, including the Maine Forest Service, the Maine
Department of Conservation, and the Penobscot County Sheriff’s Department. Their
loss would have left gaps in the agencies’ radio coverage. Source: http://www.firehouse.com/news/10756218/crews-battling-maine-fire-making-excellent-progress
For
more stories, see items 12 above in the Banking and Finance Sector and 35, 37, 39, and 40 above in the Information Technology
Sector