Wednesday, August 15, 2012
Daily Report
Top Stories
• Officials said contamination was found on
the outside of a trailer used to transport fuel at a nuclear plant in
Pennsylvania. – Wilkes-Barre Citizens’ Voice
8.
August 14, Wilkes-Barre Citizens’ Voice –
(Pennsylvania) Radioactive contamination found inside PPL plant’s trailer. Radioactive
contamination was unexpectedly found the week of August 6 on the outside of a
trailer used to transport fuel at PPL’s nuclear power plant in Salem Township,
Pennsylvania, the U.S. Nuclear Regulatory Commission (NRC) reported August 13.
The 32-tire trailer is used to move spent nuclear fuel rods in 100-ton containers
from the plant to long-term storage sites. The contaminant cesium, found in the
grease of the trailer, is a byproduct of the nuclear fuel burning process that
can seep out of leaky containers holding fuel rods. Because of PPL Susquehanna
Nuclear Power Plant’s ―good history‖ in preventing leaks and the fact that it
sometimes loans the trailer out to other plants, the contaminant is thought to
have come from another plant, an NRC spokesman said. The contamination levels
were very low and not dangerous, said a spokesman for the plant, but still
above those deemed acceptable to be in a public space by the Department of
Transportation. The trailer was most recently leased to a Michigan nuclear
plant in 2011 and returned in June. Source: http://citizensvoice.com/news/radioactive-contamination-found-inside-ppl-plant-s-trailer-1.1358209
• The founder of a bankrupt Iowa-based
brokerage was indicted by a federal grand jury on 31 counts of making false
statements to regulators in connection with a $200 million fraud scheme that
could impact 24,000 customers. – Associated Press See item 11 below in the Banking and Finance Sector
• The Citadel trojan was responsible for an
attack targeting VPN-using employees at a major international airport,
according to security researchers. – Infosecurity (See item 16)
16. August
14, Infosecurity – (National) Citadel trojan targeting major international
airport hub. The Citadel trojan is best known for its recent delivery of
the Reveton ransomware. Now, Trusteer discovered a Citadel-based
man-in-the-browser attack aimed against VPN-using employees at a major international
airport, Infosecurity reported August 14. The airport was notified and the
VPN-based remote access by employees disabled. The fact that remote access has
now been disabled for a week indicates the airport authorities are taking the
matter very seriously. The attack combines form grabbing and screen capture ―to
steal the victim’s username, password, and the one-time passcode generated by a
strong authentication product,‖ according to Trusteer. This strong
authentication provides either dual-channel (a PIN delivered by SMS or separate
mobile device) or single channel methods, selectable by the user. It is the
latter option that is attacked. It combines the user’s static password with a
system-generated 10 digit CAPTCHA to produce a one-time password for the
session. A Trusteer director of product marketing indicated the motivation
could be any one of the primary criminal motivations: hacktivism (there are
many environmental activists opposed to airports in general); fraud (via access
to the payroll); drug trafficking (by finding loopholes in the airport’s
physical security); or, terrorism. Source: http://www.infosecurity-magazine.com/view/27580/
• Two days after shots from a pellet gun were
fired into a Morton Grove, Illinois mosque, an Islamic school in the Chicago
area reported it was the target of an acid bomb August 12. – WMAQ 5 Chicago
37.
August 13, WMAQ 5 Chicago – (Illinois)
Acid bomb thrown at Lombard Islamic school. Two days after shots from a
pellet gun were fired into a Morton Grove, Illinois mosque, an Islamic school
in the Chicago area reported it was the target of an acid bomb August 12. ―This
is not an isolated incident,‖ said a spokesman for the Council of Islamic
Organizations of Greater Chicago (CIOGC) in a statement. ―A few days ago
another CIOGC member institution, the Muslim Education Center was also attacked.‖
Worshipers at the College Preparatory School of America heard a loud bang the
night of August 12 during evening Ramadan prayers. They went outside to find an
empty soda bottle that had been thrown at the window of the school. It was
―filled with acid and other unspecified materials,‖ said the Council on
American-Islamic Relations, which has called on the FBI to investigate. They
are also calling on authorities to increase security during the final days of
Ramadan, which ends August 19. Source: http://www.nbcchicago.com/news/local/Bomb-Thrown-at-Lombard-Islamic-School-166042736.html
• More than 60 wildfires, including 16 new
large fires were burning in five western states, destroying scores of homes and
other buildings, and leading to evacuations of hundreds of people. – CNN
56. August
14, CNN – (West) Wildfires blaze through Western states. A wildfire
in central Washington State scorched 26,500 acres and destroyed at least 60
homes, officials said August 14. The fire raging near Cle Elum is one of
several devastating Western states the week of August 13. Colorado was affected
earlier in the summer. Now, new wildfires are burning in California, Oregon,
Nevada, Washington, and Idaho. In all, 62 fires, including 16 new large fires,
were burning as of August 14, the U.S. Forest Service reported. They destroyed
dozens of homes and threaten many more. Washington’s Taylor Bridge Fire began
as a brush fire August 13. By August 14, it grew to 16,500 acres, or 41 square
miles. Authorities already evacuated more than 400 people near the Taylor
Bridge Fire, according to the incident commander. In Idaho, a blaze killed a
firefighter, and two other firefighters were injured in Oregon and California.
More than 750 firefighters and support personnel were working in Oregon and
Nevada to corral the 418,235-acre Holloway Fire, the largest of the Western
wildfires ignited by a lightning strike August 5. An injured firefighter was
rushed by helicopter to a hospital and was treated and released. In California,
a pair of fires north of San Francisco in Lake County burned 7,000 acres and
were 30 percent contained as of August 14, according to the California
Department of Forestry and Fire Protection. Two buildings were destroyed and
one was damaged, KGO 7 San Francisco reported. An additional 480 homes were
threatened, and a firefighter was injured while battling the flames, said a
representative of the State’s forestry and fire department. Source: http://www.cnn.com/2012/08/14/us/western-wildfires/index.html
Details
Banking and Finance Sector
11. August
14, Associated P case. The founder of a bress – (Iowa) Brokerage
CEO indicted in $200 million fraud ankrupt Iowa-based brokerage was
indicted by a federal grand jury August 13 on 31 counts of making false
statements to regulators in connection with a $200 million fraud scheme. The
Peregrine Financial Group Inc. CEO was arrested in July while hospitalized in
Iowa City, Iowa, after a failed suicide attempt outside Peregrine’s office in
Cedar Falls. Authorities said he left a detailed suicide note in which he
confessed to a 20-year scheme to commit fraud and embezzle customer funds.
Regulators said his company cannot account for more than $200 million in customer
funds that it was supposed to be holding. Peregrine has filed for bankruptcy
and is liquidating its assets, meaning more than 24,000 customers who used the
company to invest in commodities ranging from corn to gold do not have access
to their funds. The indictment alleges that he submitted false financial
documents for his company to the U.S. Commodity Futures Trading Commission that
overstated the value of Peregrine’s customer money, which was supposed to be
held separate from other funds, by ―at least tens of millions of dollars.‖ The
31 counts represent the number of such documents that Peregrine submitted
between January 2010 and May 2012. Source: http://www.omaha.com/article/20120814/NEWS/708149956/1016
12. August
13, Bloomberg News – (National) California man gets 27 years in prison in $50
million fraud. A California man was sentenced to 27 years in prison for his
role in a $50 million bank fraud that operated in six States and involved 500
victims worldwide, federal prosecutors in Minnesota said August 13. Another
person, of New York, was sentenced to more than 22 years behind bars, a
Minnesota U.S. attorney said in a statement. ―Crooked bank insiders bartered
the personal financial information of their patrons,‖ the attorney said. U.S.
juries convicted the men in February of participating in a ring that bought and
sold stolen bank customer data, which they used to open bank and credit card
accounts and apply for loans between 2006 and 2011, according to court papers.
Among the victims of the scheme were JP Morgan Chase & Co., Wells Fargo
& Co., and American Express Co. One of the men was convicted of identity
theft, bank fraud, and conspiracy. The other was found guilty of those and
other counts including mail fraud and money laundering. Nine other people were
charged in the case. Six pleaded guilty and three remain fugitives, prosecutors
said. The plot operated in California, New York, Texas, Minnesota,
Massachusetts, and Arizona. Source: http://www.businessweek.com/news/2012-08-13/california-man-gets-27-years-in-prison-in-50-million-fraud
13. August
12, Gannett News Services – (Michigan) Scammers hit ATMs in county. For
weeks, at least five men have placed skimming devices on ATMs in Livingston,
Wayne, and Oakland counties in Michigan to steal more than $500,000 from the
bank accounts of hundreds of unsuspecting customers, authorities said, Gannett
News Services reported August 12. Police warn that others may have been
victimized and not realize it yet. To pull off the scam, the men attach a
device to ATMs that captures data off bank cards when they are inserted into
the machines, said the Oakland County Sheriff’s Department substation commander
in Commerce Township. The device is hard to detect and has a tiny camera that
captures people punching in PINs, he said. Officials believe the skimmers have
carried out crimes since at least June 28 at dozens of banks. The Secret
Service and 16 police agencies are working together on the case. Source: http://www.livingstondaily.com/article/20120812/NEWS01/208120328/Scammers-hit-ATMs-county
14. August
12, Associated Press – (Alaska; International) Suspect in $4.3 million Alaska bank
heist still in custody in Mexico. A federal prosecutor said a former
Anchorage, Alaska bank employee accused of stealing $4.3 million from the vault
of the establishment remains in custody in Mexico, Associated Press reported
August 12. According to the Anchorage Daily News, the money also remains in the
custody of Mexican authorities. Authorities said the suspect was a Key Bank
vault manager until he disappeared after the July 2011 theft. An assistant U.S.
attorney said Key Bank and federal prosecutors are still working to get the
cash and suspect back to Alaska. Source: http://newsminer.com/view/full_story/19784919/article-Suspect-in--4-3-million-Alaska-bank-heist-still-in-custody-in-Mexico?instance=home_news_window_left_bullets
Information Technology Sector
44. August
14, Softpedia – (International) Multiple Web vulnerabilities identified in
SonicWALL email security. Researchers from Vulnerability Lab identified
security holes in SonicWALL Email Security 7.3.5.6379. The company was notified
of the existence of the flaw in May, but since it failed to respond within the
90-day period, the security firm decided to publicly reveal the problem. The
first vulnerability is a persistent input validation — estimated as being high
risk — which allows a remote attacker (or a local attacker with low privileges)
to inject malicious code into the software. The bug can be leveraged for
session hijacking, phishing, and ―stable persistent module context manipulation.‖
The Compliance and Virus protection procedures module is affected, the
vulnerability being triggered when unsanitized inputs are loaded. Many
client-side cross-site scripting (XSS) flaws were also detected in the
application. According to the researchers, they can be leveraged by a remote
attacker to manipulate appliance requests on the client side. Catalogued as
being low risk, the vulnerabilities can be exploited with medium user
interaction. ―Successful exploitation results in session hijacking, account
steal, client side phishing requests or manipulated context execution on client
side requests,‖ reads an advisory published by the experts. ―The
vulnerabilities are located on the `from`- & `row` page listing values.‖
Source: http://news.softpedia.com/news/Multiple-Web-Vulnerabilities-Identified-in-SonicWALL-Email-Security-Video-286435.shtml
45. August
14, The H – (International) BackTrack 5 R3 adds tools for Arduino and
Teensy attacks. The third release of version 5 of the BackTrack Linux
security distribution fixes several bugs discovered since the R2 release in
March and adds more than 60 new tools. Several of the new tools were released
as part of presentations at the recent Black Hat and DEFCON conferences. The
distribution also added a completely new category of software for ―physical
exploitation.‖ This category includes libraries and an IDE for the Arduino and
the Kautilya toolkit that provides payloads for the Teensy USB development
board. BackTrack can be run as a live CD for added security and flexibility or
can be permanently installed on a system. The distribution is developed with
security researchers and penetration testers in mind and offers one of the most
comprehensive collections of Linux-based security software. Source: http://www.h-online.com/security/news/item/BackTrack-5-R3-adds-tools-for-Arduino-and-Teensy-attacks-1666994.html
46. August
14, The H – (International) Magento shops attacked through Zend
vulnerability. A critical vulnerability in the Zend Framework can be
exploited by remote attackers to access arbitrary files from online shops using
the eBay-owned Magento eCommerce platform. This is because the Zend XML-RPC
component used by Magento is vulnerable to XML eXternal Entity injection
attacks; exploiting the hole can allow an attacker to read private information
such as database configuration and customer data including complete order
histories. While the problem has already been publicly known for nearly 2
months, many shop owners have yet to update or patch their software. The
Magento developers fixed the problem in version 1.7.0.2 of the open source
Community Edition and in version 1.12.0.2 of the Enterprise Edition of their
software. Patches are provided for older versions of the Community Edition,
while workarounds are offered for Enterprise Edition versions prior to 1.8.0.0.
Zend closed the hole in versions 1.11.12 and 1.12.0 of the Framework; the fifth
beta for 2.0.0 also fixes the problem. Source: http://www.h-online.com/security/news/item/Magento-shops-attacked-through-Zend-vulnerability-1667008.html
47. August
14, The H – (International) Oracle releases unscheduled fix for critical
vulnerability. At the recent Black Hat conference in Las Vegas, a security
expert revealed a zero day exploit in Oracle’s database server. Oracle plugged
this vulnerability with an unscheduled patch. Server versions 10.2.0.3,
10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 are all affected, though
the July 2012 patch update contained a fix for the latter two. The bug enables
attackers to obtain the privileges of the SYSDBA user. To do so, they require a
user name, password, CREATE TABLE and CREATE PROCEDURE privileges, and EXECUTE
privileges for the DBMS_STATS package. The Oracle Text package also must be
installed, which is typically the case. Oracle advised users to install the
patch as soon as possible, with exploits for the vulnerability already publicly
available. According to Oracle, the bug may also be present in older versions
that are no longer supported; the company will not be releasing a fix for these
versions. Oracle describes the bug, cataloged as CVE-2012-3132, only in general
terms. A little more detail can be found in a blog posting by a researcher from
Team Shatter. He said normal database users should not possess the required
privileges, but developers generally do. Source: http://www.h-online.com/security/news/item/Oracle-releases-unscheduled-fix-for-critical-vulnerability-1666898.html
48. August
14, IDG News Service – (International) Microsoft patches critical security holes in
Windows, Office, IE. Microsoft fixed 26 vulnerabilities in its software
products, including several considered critical, the company said August 14 in
its monthly security patch report. The security holes, described in five
critical and four important bulletins, affect multiple products, including
Windows, Internet Explorer, Exchange, SQL Server, and Office. In the worst-case
scenarios, exploits could give attackers control of affected systems. Source: http://www.computerworld.com/s/article/9230281/Microsoft_patches_critical_security_holes_in_Windows_Office_IE
49. August
13, Government Computer News – (International) Typical Web
app is attacked 274 times a year, study finds. A typical Web site
application experiences an average of 274 attacks, on an average of 120 days,
each year, with some getting as many as 2,766, according to the latest Imperva
Web Application Attack Report. Imperva based its finding on observation and
analysis of traffic going to 50 Web apps between December 2011 and May 2012,
and although the security company did not specify which apps it studied, past
studies found government sites vulnerable to the kinds of attacks Imperva
found. Source: http://gcn.com/articles/2012/08/13/web-app-attacks-battle-days-imperva-study.aspx
50. August
13, Help Net Security – (International) Bogus ‘MS Cyber-Crime
Department’ warnings lead to phishing. Emails purportedly sent by the
Microsoft Cyber-Crime Department warning all Internet users their email account
may be deleted from the ―world email server has been hitting inboxes around the
world. The phishers used the official logo of the Microsoft Digital Crimes Unit
to lend the email an aura of legitimacy. Following the embedded email will take
the victims to a page where they are asked to supply their email address,
username, and password. The inputted information is sent directly to the
phishers. Source: http://www.net-security.org/secworld.php?id=13418
For another story, see item 16 above in Top Stories
Communications Sector
51.
August 14, Door County Daily News –
(Wisconsin) Kewaunee County phone outage resolved. The Kewaunee County,
Wisconsin Sheriff’s Department said a phone outage that affected several
prefixes in the county August 13 was resolved early August 14. The sheriff said
residential land lines with the prefixes 837, 845, and 863 were out of service
August 13. During the outage, 9-1-1 service was available by cell phone use in
the affected areas until repairs were made. Source: http://www.doorcountydailynews.com/news/details.cfm?clientid=28&id=42566
52.
August 13, Arizona Daily Sun –
(Arizona) Lightning knocks out cable TV Sunday night. Thousands of
Flagstaff, Arizona residents lost cable when lightning struck a utility pole in
Kingman the evening of August 12. The lightning caused a fire and damaged lines
attached to that pole including those associated with Suddenlink
Communications, a spokesperson for the cable television services company said.
It took nearly 6 hours for services to be restored, although Suddenlink crews
were not allowed to repair the damaged lines until being cleared by emergency
officials late August 12. Source: http://azdailysun.com/news/local/lightning-knocks-out-cable-tv-sunday-night/article_82a1eb5c-e598-11e1-b0c9-001a4bcf887a.html
For
more stories, see items 44 and 50 above in the Information Technology Sector