Thursday, August 9, 2012

Daily Report

Top Stories

 • The Federal Aviation Administration said it would bar airports nationwide from using a traffic-reversing operation that led to a close call July 31 involving three commuter flights at Ronald Reagan Washington National Airport. – Associated Press

16. August 7, Associated Press – (National) FAA suspends operation that led to near-collision. The Associated Press reported August 7 that the Federal Aviation Administration (FAA) stated it will bar airports nationwide from using a traffic-reversing operation that led to a close call July 31 at Ronald Reagan Washington National Airport in Arlington, Virginia. No commercial airports will be able to use the maneuver, in which controllers direct some planes to take off and land from the opposite of the usual direction, until a standardized procedure can be put in place, aviation officials said. The FAA expects to have new procedures in place within a month, said the FAA chief operating officer. In the meantime, airports can only use the maneuver — known as ―opposite-direction operations‖ — in emergencies. The FAA made the change after the incident involving three U.S. Airways commuter flights that got too close to one another. At the time of the incident, air traffic controllers had been changing the direction planes were landing and taking off at the airport because of bad weather developing to the airport’s south. The miscommunication occurred between a regional air traffic control center in Virginia that guides planes into area airports and controllers in the tower at Reagan. Another major issue raised by the incident is that managers at the regional control center were also performing administrative tasks, even when traffic was heavy or complex and required their undivided attention. The FAA chief operating officer said the FAA will ensure that in the future, managers are not multitasking while handling complicated air traffic. In addition to creating new procedures, the FAA also said it is working with the National Air Traffic Controllers Association to determine what additional training, including more radar training, is necessary to ensure planes do not come too close to one another. Source:

 • Federal safety regulators sought up to $162.4 million in fines against American Airlines and its affiliates for alleged violations of U.S. safety standards going back several years. – Associated Press

17. August 7, Associated Press – (Texas) Federal safety regulators may seek up to $162 million in fines from American Airlines, AMR. Federal safety regulators sought up to $162.4 million in fines against American Airlines and its affiliates for alleged violations of U.S. safety standards going back several years, the Associated Press reported August 7. Many of the investigations had not been disclosed until the Federal Aviation Administration (FAA) filed documents describing them to the federal court handling the bankruptcy case of American and parent AMR Corp. The court documents underscore the scope and depth of FAA’s concern about the maintenance program at American, the nation’s third-largest airline. They are being revealed just as American seeks to fix labor and financial problems and turn itself around after losing more than $10 billion since 2001. American said August 7 that it has been working with federal officials for several years to improve training and oversight in its maintenance operations. Source:

 • A southeastern Montana wildfire destroyed a Montana Highway Patrol communications tower and knocked out transmissions between dispatchers and troopers in nine counties. – Associated Press

34. August 7, Associated Press – (Montana) Southeastern Montana fire burns Highway Patrol communications tower. A southeastern Montana wildfire destroyed a Montana Highway Patrol communications tower and knocked out transmissions between dispatchers and troopers in nine counties, but officials said August 7, they were able to restore those links without any loss of response time. The tower burned August 6 in the 270-square-mile Rosebud complex of fires on and near the Northern Cheyenne Indian Reservation. The tower was the main voice communications hub between highway patrol dispatchers in Helena and troopers in western Big Horn, Rosebud, Garfield, Treasure, Custer, Prairie, Powder River, McCone, and Carter counties, a spokesman said. With the tower destroyed, the voice transmissions had to be rerouted through local law enforcement agencies. Data transmissions could still be sent to and from headquarters through troopers’ laptops, the spokesman said. Transmissions are expected to go through local agencies until the weekend of August 18, when the highway patrol plans to temporarily move communications equipment into a NorthWestern Energy building near the burned tower. Source:

 • A security breach at the Hoover Dam near Las Vegas, stalled traffic for hours after a pickup truck blew through a security checkpoint and sparked a SWAT team standoff August 7. – KSNV 3 Las Vegas

47. August 8, KSNV 3 Las Vegas – (Nevada) Man surrenders after standoff with SWAT at Hoover Dam. A security breach at the Hoover Dam near Las Vegas, stalled traffic for hours after a pickup truck blew through a security checkpoint and sparked a SWAT team standoff August 7. Police raised a barrier to trap the driver after he barreled through the checkpoint. According to police, the man then barricaded himself inside the truck until he surrendered about 90 minutes later. Source:


Banking and Finance Sector

11. August 8, Softpedia – (International) Shylock trojan injects attacker’s phone number into bank websites. Symantec experts identified a new version of the Shylock trojan that comes with a cleverly designed configuration file used to inject a piece of JavaScript that contains the cybercriminal’s phone number into the contact Web page of a banking site, Softpedia reported August 8. If the victim calls the bank, she will have a conversation with the attacker, instead of the financial institution’s representatives. There are two plausible scenarios for this type of attack: the crooks want to harvest sensitive data via phone, or they want to prevent the victim from reporting fraudulent activity. A message injected into the banking site reads like a typical contact message with the injected phone number included in the text. Currently, the main targets of Shylock are users from the United Kingdom, the United States, and Canada. Source:

12. August 8, The H – (International) ZeuS trojan increasingly targets German mTANs. Kaspersky Lab discovered new versions of the Zeus trojan apps for Android and BlackBerry devices that are mainly going after mobile transaction authentication numbers (mTAN) for online banking, The H reported August 8. The attacks primarily target users in Germany, Spain, and Italy where the mTAN system is commonly used by banks to improve security. Smartphones are infected via a Windows PC that is infected with the Zeus trojan. Upon opening an online banking Web site, the trojan may, for example, inject an alert saying that new certificates must be installed on the smartphone for security reasons. Bogus certificates or security updates are then offered as downloads or, in some cases, are sent directly to the user’s registered mobile number via an SMS message. The trojan app then secretly forwards the SMS messages that contain the mTANs to another number. Source:

13. August 7, Los Angeles Times – (California) Man pleads guilty in stock scam linked to Notre Dame hero ‘Rudy’. A Long Beach, California man admitted to his role August 7 in orchestrating a ―pump-and-dump stock scheme‖ around a sports drink company built around the name of a famous University of Notre Dame football player. The man pleaded guilty to one count of conspiring to commit securities fraud. The plea deal requires him to pay full restitution to the more than 250 victims of the scheme, which prosecutors alleged generated a profit of more than $5 million. Money-laundering transactions also netted more than $1 million. Federal prosecutors allege that he and others traded on the name of the football player, the sports drink’s namesake, to pump up the value of the drink company before dumping about 600 million shares of RUNU stock on the market. He fled the country during the investigation into the company but was arrested in January in Johannesburg, South Africa, by special agents with U.S. Immigration and Customs Enforcement’s Homeland Security Investigations, and South Africa’s Police Services. Source:

Information Technology Sector

35. August 8, The H – (International) New Burp Proxy cracks Android SSL. The new version of Burp Proxy is designed to improve the analysis of encrypted SSL connections on Android phones. Developers and security researchers use Burp Proxy to examine the Web traffic on PCs, and also on smartphones. To analyze Web traffic, the Burp server is entered as a proxy for HTTP and HTTPS connections on the device, and a self-signed CA certificate is installed. This CA certificate allows Burp Proxy to generate on-the-fly certificates to imitate an HTTPS server and act as a man-in-the-middle. However, the problem on Android phones was these devices initially retrieved the target server’s address via DNS and then used the Proxy to access it directly using CONNECT. As Burp did not know the server name for which to generate a certificate, it used the server’s IP address as a common name, causing error messages or even aborted connections on the smartphone. The new version 1.4.12 initially establishes an SSL connection to the target server and then tries to imitate the server’s certificate. Source:

36. August 8, SecurityWeek – (International) Amazon and Apple change policies after journalist is attacked. After a journalist for Wired had his digital accounts breached by hackers, and his coverage on the topic exposed how their customer service and user experience policies can be exploited for malicious gain, Apple and Amazon adopted new policies for account access. Because of that coverage, Amazon said in a statement that they ―can confirm that the exploit has been closed as of [August 6].‖ As such, Amazon customers can no longer use the phone to alter credit card or other account details. While not offering an official statement, Apple also changed their policies. As of August 7, Apple will no longer allow Apple ID password requests made via phone. Source:

37. August 8, The H – (International) Buffer overflows in KOffice and Calligra reported. A buffer overflow vulnerability that affects both the KOffice and Calligra office suites was disclosed by a researcher from Accuvant Labs. The vulnerability, which allows an attacker to execute arbitrary code by exploiting an error in the read() function of the ODF renderer, was revealed as part of his presentation on near field communication hacking at the recent Black Hat conference. The vulnerability is exploited by tricking a user into opening a malicious ODF file that then causes a heap-based buffer overflow and leads to the attacker’s code being executed. Since KOffice runs on the Nokia N9 smartphone, the researcher demonstrated how a maliciously crafted ODF file sent over NFC can be used to execute arbitrary code on the target phone. The vulnerability is rated ―Highly Critical‖ by Secunia and, to date, has not been fixed in either KOffice or Calligra. Source:

38. August 8, Infosecurity – (International) One-quarter of websites examined by testing service were malicious. One-quarter of the 30,156 Web sites tested in the second quarter by Zscaler’s Zulu service, which tests the security of Web sites, were malicious, according to Zscaler’s second quarter 2012 State of the Web report. A senior security researcher for Zscaler ThreatLabZ cautioned that users of Zulu send suspicious Web sites to be tested, so the results are likely to be skewed from the general Web site population. ―Keep in mind that the service is meant to be receiving suspicious websites and reporting results on those sites,‖ he said. Source:

39. August 7, The H – (International) Google forced to temporarily deactivate copy protection for Android apps. Google was forced to temporarily deactivate a security feature in Android 4.1 (Jelly Bean) intended to make it harder to pirate paid-for applications. The feature resulted in some purchased apps no longer working after devices on which they were installed on were restarted, requiring the user to reconfigure or reinstall them. According to a bug report on Google Code, affected apps include several live wallpapers and applications with widgets or access to Google’s account system. Android 4.1 introduced improved copy protection in the form of a feature called App Encryption. Paid-for apps are encrypted using a device-specific key prior to installation, with the result that the application package file downloaded by a device (which can only be accessed on rooted devices) will not run on other Android devices. Source:

40. August 7, Threatpost – (International) OpFake, FakeInst Android malware variants continue to resist detection. Android devices have remained a constant target of attacks over the second quarter of 2012 thanks in part to new variants from the FakeInst and OpFake families of malware. According to the latest version of the F-Secure Mobile Threat Report, the firm found 5,033 malicious Android application packages (APKs), a 64 percent increase over the 3,063 the firm identified in the first quarter of 2012. The report says that out of the 5,000-plus APKs analyzed, 19 new families of malware and 21 new variants of previously known families were found. Source:

41. August 7, – (International) Cyber crooks use of ‘Police Virus’ ransomware on the rise. Cyber criminals are now using the infamous ―Police Virus‖ malware as fully functioning ransomware, according to a report from security firm PandaLabs. The Police Virus is a common technique used by criminals to infect computers by masquerading as law enforcement agencies demanding money for fictional crimes. Scams have been detected across the globe demanding money for copyright infringement, missed court dates, and even parking tickets. PandaLabs warned that it detected the evolution of the scam from standard scareware to ransomware in its latest quarterly threat report, which analyzed incidents from April through June 2012. The firm went on to warn that the campaigns are continuing to evolve at a rapid pace, with criminals creating increasingly effective ways to hold users data to ransom and demand payment for its safe return. Source:

For more stories, see items 11 and 12 above in the Banking and Finance Sector
Communications Sector

42. August 7, Bangor Daily News – (Maine) Crews battling Maine fire making ‘excellent progress’. A wildfire that firefighters have been battling since August 4 atop Big Spencer Mountain in Maine almost doubled in size August 6, threatening important communications equipment used by emergency personnel, and federal and state park and forestry officials. Officials hoped to have it under control soon. As of August 6, a dozen firefighters and two Maine forest rangers had ―made excellent progress‖ and successfully protected two radio repeater towers near the 2 acres of fire-damaged ground, a Maine Forest Service lieutenant said. The fire was reported August 4 and possibly started at or near the construction site of a new radio tower. The radio repeaters are used by a private firm and several State and local agencies, including the Maine Forest Service, the Maine Department of Conservation, and the Penobscot County Sheriff’s Department. Their loss would have left gaps in the agencies’ radio coverage. Source:

For more stories, see items 12 above in the Banking and Finance Sector and 35, 37, 39, and 40 above in the Information Technology Sector