Thursday, August 16, 2012


Daily Report

Top Stories

 • A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a live pipe bomb that police said could have caused significant damage. – Pittsburgh Post-Gazette

3. August 15, Pittsburgh Post-Gazette – (Pennsylvania) Pipe bomb discovered on natural gas pipeline. A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a pipe bomb August 13. The device was detonated by the Allegheny County bomb squad. ―One of our contractor’s employees found a small pipe device on a right-of-way‖ where a pipeline is being constructed near Rural Valley Road in Buffalo, said the director of corporate communications for National Fuel Supply Corp. Police characterized the device as a ―live pipe bomb‖ that could have caused a catastrophe. The spokeswoman said police later scoured the pipeline route with bomb-sniffing dogs but could find no other devices. Source: http://shale.sites.post-gazette.com/index.php/news/archives/24744

 • West Nile virus is spreading faster than it has in years, federal health officials stated, noting that as of August 14, the mosquito-borne disease was responsible for 693 illnesses and 28 deaths in 32 states. – USA Today

30. August 15, USA Today – (National) West Nile virus spreads faster. West Nile virus is spreading faster than it has in years, health officials stated, and the pace of the mosquito-borne disease is getting worse, USA Today reported August 15. States are reporting more cases than usual, said a specialist in mosquito-borne diseases with the Centers for Disease Control and Prevention (CDC) in Fort Collins, Colorado. Texas is getting the worst of it. Sixteen people have died of West Nile virus this summer in Texas. That is out of 381 cases of the illness. Nationwide there have been at least 693 cases and 28 deaths, according to the CDC and State numbers released August 14. That is up from 390 cases and 8 deaths the week of August 6. Thirty-two states have had cases of West Nile, the CDC said. Louisiana has had six deaths in 68 cases, Oklahoma one death in 55 cases, and Mississippi one death in 59 cases. In Arizona, there has been one death in seven cases. California had 23 cases, one of which was fatal, and South Dakota had one fatality in 37 cases. Source: http://www.usatoday.com/news/health/story/2012-08-14/west-nile-virus-mosquito/57057540/1?csp=34news

 • A gunman who shot a security guard August 15 at the Family Research Council office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. – NBC News

53. August 15, NBC News – (Washington, D.C.) Security guard shot at conservative group’s D.C. office. A gunman who shot a security guard August 15 at the Family Research Council (FRC) office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. When challenged by the security guard, the gunman shot the guard in the arm. He was then detained by other guards, and district police and the FBI responded. He was taken into custody by FBI agents. The FBI will have jurisdiction if the incident turns out to be a hate crime. One law enforcement official told NBC News it was fairly clear the FRC was the man’s target. Officials said the suspect came from Herndon, Virginia. The FBI said the security guard was in the hospital and was ―doing OK.‖ Federal officials said the suspect was carrying a backpack with materials related to Chick-fil-A restaurants. The FRC’s presidentl sent an email to members in July in support of comments by the restaurant chain’s president on same-sex marriage. Two federal officials said the suspect appeared mentally disturbed. Source: http://usnews.nbcnews.com/_news/2012/08/15/13298020-security-guard-shot-at-conservative-groups-dc-office?lite

 • A recent seismic hazard assessment found greater earthquake potential for the central Washington area where many dams are located. – NPR

62. August 14, NPR – (Washington; Oregon) Earthquake study raises risk potential around central Wash. dams. A recent seismic hazard assessment found greater earthquake potential for the central Washington area than previously thought. Estimates for how strongly the ground could shake from a local earthquake has tripled or quadrupled since the building of hydropower dams in the area. The study took 4 years to produce and was commissioned by three Washington public utility districts, covering their six large hydropower dams. A consulting seismologist said the risk comes primarily from crumpling of the earth’s crust rbetween the Oregon-Washington border, Yakima, Ellensburg, and Wenatchee. Seismic retrofits could cost ratepayers across the region hundreds of millions of dollars. The Mid-Columbia dam owners and their federal regulator are taking an approach that has very little tolerance for risk and are prepared to spend money to protect against an event that may only happen once every 10,000 years. The new information about earthquake potential in central Washington has prompted the U.S. Department of Energy to launch its own seismic risk update for the Hanford site and its sensitive nuclear facilities. Separately, the Eugene Water & Electric Board ordered a similar comprehensive seismic reevaluation of its hydropower dams on the McKenzie River in the Oregon Cascade foothills. Source: http://www.npr.org/templates/story/story.php?storyId=158761474

Details

Banking and Finance Sector

13. August 15, Help Net Security – (International) Malware-laden emails target hedge fund managers. A highly targeted spam campaign aimed at hedge and private equity fund managers has recently been spotted by Barracuda Labs researchers, Help Net Security reported August 15. The email looks like it has been forwarded a few times, and supposedly has a document with details about NSYE carried interest fees attached to it. Recipients who do not notice that the file in question is an executable and run it are faced with a PDF that contains the information: ―SEC Release Adopts New Rule 13h-1 and Form 13H; Large Trader Reporting.‖ The PDF comes bundled with a keylogger, which secretly installs itself on the victim’s machine and begins recording keystrokes and sending them to a remote server via FTP. The researchers have managed to follow the traffic to the server, and to peek inside it. They discovered that all the files containing the keystrokes are neatly deposited in a folder and, according to the number of existing folders, the attackers have managed to compromise at least 20 computers so far. Source: http://www.net-security.org/malware_news.php?id=2222

14. August 14, Akron Beacon Journal – (Ohio) FBI seeks robber of five area banks. The FBI is circulating video images of a man police believe robbed five Akron, Ohio-area banks since July 2. The robberies all occurred at banks inside grocery stores, and most happened on a Friday between 4 and 6 p.m. The man either has shown a weapon in his waistband or has indicated he has a weapon, according to a news release from a special agent in charge of the FBI’s Cleveland Division. The robberies took place July 2 at U.S. Bank inside Fishers Food in Plain Township; July 20 at U.S. Bank inside Giant Eagle in Cuyahoga Falls; July 27 at Huntington Bank inside Giant Eagle in Youngstown; August 3 at Huntington Bank inside Giant Eagle in North Canton; and August 10 at Huntington Bank inside Giant Eagle in Canton. A reward is being offered for information leading to the man’s arrest. Source: http://www.ohio.com/news/local-news/fbi-seeks-robber-of-five-area-banks-1.327155

15. August 14, New York Times – (International; New York) Standard Chartered settles Iran inquiry for $340 million. Standard Chartered, the British bank, has agreed to pay New York’s top banking regulator $340 million to settle claims it laundered hundreds of billions of dollars in tainted money for Iran and lied to regulators, the New York Times reported August 14. The agreement is a victory for the New York Superintendent of Financial Services and his 10-month old agency, which took on the bank alone in charging it schemed for nearly a decade with Iran to hide from regulators 60,000 transactions worth $250 billion. Some federal authorities worry the deal has the potential to undercut a sweeping settlement between the bank and federal regulators, including the Federal Reserve and the Treasury Department. They are also investigating Standard Chartered, a 150-year-old bank based in London with operations across the globe. As part of the settlement, the bank will install a monitor for at least 2 years to vet money-laundering controls and put in permanent officials who will audit internal procedures. Source: http://www.nytimes.com/2012/08/15/business/standard-chartered-settles-with-new-york-for-340-million.html?pagewanted=1&_r=2

Information Technology Sector

44. August 15, Help Net Security – (International) Sirefef infections explode due to new infection technique. The Sirefef/Zaccess family of trojans — designed to download other malware, disable a machine’s security features, and often make lasting changes to a computer — is usually distributed to unsuspecting victims via email spam campaigns. However, its peddlers changed their strategy recently, and began bundling the malware with codecs, game installers, and crack/keygen applications, Trend Micro warned. ―During the last weeks of July, we received reports from customers that their services.exe files were being patched by an unknown malware,‖ the researchers shared. The patched file was a component of the Sirefef/Zaccess malware family, and was used to run the malware’s other malicious components upon reboot. The infection with this new variant was traced back to the execution of K-Lite Codec Pack.exe, more than likely downloaded by the users from the Internet to play movies downloaded via peer-to-peer applications. To preserve the illusion the offered codec is legitimate and to increase the likelihood of it being used, the file names are often modified to include the titles of popular movies. According to Trend Micro numbers, Sirefef/Zaccess infections increased in July, going from 1,000 infected computers on the 1st of the month to more than 11,000 on the 27th. The majority of infected computers are located in the United States. Source: http://www.net-security.org/malware_news.php?id=2223

45. August 15, Computerworld – (International) Security vendor exposes vulnerabilities in DDoS rootkit. In what it says is an attempt to turn the tables on malicious hackers, security vendor Prolexic released details August 14 of vulnerabilities it discovered in a toolkit family used by hackers to launch distributed denial-of-service (DDoS) attacks against corporate networks. The disclosure is designed to give IT security staff information they can use to mitigate attacks launched using the DDoS toolkit, according to Prolexic. The company’s vulnerability report specifically details flaws in the command and control (C&C) component of the Dirt Jumper DDoS toolkit associated with recent DDoS attacks. The flaws allow ―counter-attackers to obtain access to the Command and Control (C&C) database backend, and potentially server-side files,‖ the company noted in a statement. Such counterattacks can result in a total compromise of the toolkit’s attack capabilities, Prolexic said. ―With this information, it is possible to access the C&C server and stop the attack,‖ Prolexic’s CEO said in statement. Source: http://www.computerworld.com/s/article/9230288/Security_vendor_exposes_vulnerabilities_in_DDoS_rootkit

46. August 15, The H – (International) Java SE 7 Update 6 hands OS X support to Oracle. A Java Runtime Environment for Mac OS X and a free, but not open source, Linux ARM v6/v7 JDK are the highlights of Oracle’s release of Java SE 7 Update 6. The process of moving the responsibility for keeping Java on Mac OS X up to date from Apple to Oracle was completed with this release. The new release brings a Java Runtime Environment (JRE) to the Apple platform supported by Java’s owners, Oracle. The Mac OS X JRE will also support automatic updating and will in future be updated at the same time as the Windows version of Java. As well as the JRE, Java SE 7 Update 6 also has final versions of JavaFX 2.2 rich client platform and JavaFX Scene Builder for Mac OS X. Earlier in 2012, an estimated half a million users of Mac OS X found themselves infected with Flashback, malware that infiltrates systems using a vulnerability in Java already patched on other platforms. Apple’s slow updating of Java was a cause for concern for some time, but the Flashback incident brought it to the fore. After taking action to halt Flashback, Apple worked with Oracle to move support for Java to Oracle, which already maintains the Java software for Windows, Linux, and some Unix systems. Source: http://www.h-online.com/security/news/item/Java-SE-7-Update-6-hands-OS-X-support-to-Oracle-1667714.html

47. August 14, Computerworld – (International) Kaspersky pleads for crypto help to probe Gauss malware. August 14, Kaspersky Lab appealed for help from expert cryptographers to help it break the encryption of a still-mysterious payload delivered by the Gauss cyber-surveillance malware. While Kaspersky discovered the payload is delivered via USB flash drives — to close the ―air gap‖ between the Internet and PCs not connected to the Web — it has been stymied in its attempts to decrypt the module, which is encrypted with an RC4 key. Kaspersky noted the decryption key for the payload is generated dynamically by the victimized PC. ―[That] prevents anyone except the designated target(s) from extracting the contents of the sections,‖ Kaspersky said. ―The resource section [of the encrypted payload] is big enough to contain a Stuxnet-like SCADA-targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.‖ Source: http://www.computerworld.com/s/article/9230272/Kaspersky_pleads_for_crypto_help_to...

48. August 14, Infosecurity – (International) Groupon email scam gives victims more than they bargained for. Commtouch detected a series of recent attacks that contain emails promising great Groupon ―deals,‖ but deliver malware instead. The attacks rely on malware attached to the emails that purportedly come from ―friends‖ who want to share great deals, explained the director of product marketing at Commtouch. The scams are also using LinkedIn ―friends.‖ The Commtouch director explained these attacks are different from the blended attacks, which mix email and Web links to spread malware, since they use attached malware rather than links to drive-by malware. Source: http://www.infosecurity-magazine.com/view/27588/

49. August 14, Threatpost – (International) Adobe patches critical Flash bug, releases massive Reader update. Adobe issued a fix for a critical Flash vulnerability that attackers already are taking advantage of with targeted attacks. The flaw can allow attackers to get complete control of vulnerable machines, and Adobe said it is aware of attacks targeting Flash on Internet Explorer. The CVE-2012-1535 vulnerability in Flash, when exploited, either will crash the app or it could allow the attacker to run arbitrary code on the machine. Adobe officials are urging users to patch their systems now, especially given the fact there are attacks targeting the Flash vulnerability. ―There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows,‖ Adobe said in its advisory. Google also released a new version of Chrome August 14, which includes the updated Flash Player. In addition to the patch for Flash, Adobe also released a huge update for Reader and Acrobat August 14. The update includes fixes for Reader and Acrobat X on Windows and Mac OS X and patches a slew of vulnerabilities, including numerous memory corruption vulnerabilities, stack overflows, buffer overflows, and heap overflows, all of which could allow remote code execution, Adobe said. Source: http://threatpost.com/en_us/blogs/adobe-patches-critical-flash-bug-releases-massive-reader-update-081412

Communications Sector

50. August 15, Watertown Daily Times – (New York) Phone problems plague Wanakena. Verizon customers in Wanakena, New York, have suffered with the problem of nonworking phones for years, routinely registering complaints with the State Public Service Commission. Customers have grown tired of the recurring issue, especially since Wanakena is in a part of the Adirondacks that does not have cellphone coverage, the Watertown Daily Times reported August 15. ―I have been without a phone 15 times in the last two months,‖ said the Adirondack Park Agency commissioner. The outage is often spotty and intermittent. It might last 10 minutes or a day. One person’s phone may be out while a neighbor’s is working. Reception is often crackly even when the phones are working. Verizon is aware of the community’s concerns, a company spokesman said. ―The root cause of the service interruptions is multiple lightning strikes along the cable route from Star Lake to Wanakena. The length of the route between the two communities increases the likelihood of lightning strikes, especially during the summer season,‖ he said. Source: http://www.watertowndailytimes.com/article/20120815/NEWS05/708159894/-1/NEWS






Thursday, August 16, 2012


Daily Report

Top Stories

 • A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a live pipe bomb that police said could have caused significant damage. – Pittsburgh Post-Gazette

3. August 15, Pittsburgh Post-Gazette – (Pennsylvania) Pipe bomb discovered on natural gas pipeline. A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a pipe bomb August 13. The device was detonated by the Allegheny County bomb squad. ―One of our contractor’s employees found a small pipe device on a right-of-way‖ where a pipeline is being constructed near Rural Valley Road in Buffalo, said the director of corporate communications for National Fuel Supply Corp. Police characterized the device as a ―live pipe bomb‖ that could have caused a catastrophe. The spokeswoman said police later scoured the pipeline route with bomb-sniffing dogs but could find no other devices. Source: http://shale.sites.post-gazette.com/index.php/news/archives/24744

 • West Nile virus is spreading faster than it has in years, federal health officials stated, noting that as of August 14, the mosquito-borne disease was responsible for 693 illnesses and 28 deaths in 32 states. – USA Today

30. August 15, USA Today – (National) West Nile virus spreads faster. West Nile virus is spreading faster than it has in years, health officials stated, and the pace of the mosquito-borne disease is getting worse, USA Today reported August 15. States are reporting more cases than usual, said a specialist in mosquito-borne diseases with the Centers for Disease Control and Prevention (CDC) in Fort Collins, Colorado. Texas is getting the worst of it. Sixteen people have died of West Nile virus this summer in Texas. That is out of 381 cases of the illness. Nationwide there have been at least 693 cases and 28 deaths, according to the CDC and State numbers released August 14. That is up from 390 cases and 8 deaths the week of August 6. Thirty-two states have had cases of West Nile, the CDC said. Louisiana has had six deaths in 68 cases, Oklahoma one death in 55 cases, and Mississippi one death in 59 cases. In Arizona, there has been one death in seven cases. California had 23 cases, one of which was fatal, and South Dakota had one fatality in 37 cases. Source: http://www.usatoday.com/news/health/story/2012-08-14/west-nile-virus-mosquito/57057540/1?csp=34news

 • A gunman who shot a security guard August 15 at the Family Research Council office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. – NBC News

53. August 15, NBC News – (Washington, D.C.) Security guard shot at conservative group’s D.C. office. A gunman who shot a security guard August 15 at the Family Research Council (FRC) office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. When challenged by the security guard, the gunman shot the guard in the arm. He was then detained by other guards, and district police and the FBI responded. He was taken into custody by FBI agents. The FBI will have jurisdiction if the incident turns out to be a hate crime. One law enforcement official told NBC News it was fairly clear the FRC was the man’s target. Officials said the suspect came from Herndon, Virginia. The FBI said the security guard was in the hospital and was ―doing OK.‖ Federal officials said the suspect was carrying a backpack with materials related to Chick-fil-A restaurants. The FRC’s presidentl sent an email to members in July in support of comments by the restaurant chain’s president on same-sex marriage. Two federal officials said the suspect appeared mentally disturbed. Source: http://usnews.nbcnews.com/_news/2012/08/15/13298020-security-guard-shot-at-conservative-groups-dc-office?lite

 • A recent seismic hazard assessment found greater earthquake potential for the central Washington area where many dams are located. – NPR

62. August 14, NPR – (Washington; Oregon) Earthquake study raises risk potential around central Wash. dams. A recent seismic hazard assessment found greater earthquake potential for the central Washington area than previously thought. Estimates for how strongly the ground could shake from a local earthquake has tripled or quadrupled since the building of hydropower dams in the area. The study took 4 years to produce and was commissioned by three Washington public utility districts, covering their six large hydropower dams. A consulting seismologist said the risk comes primarily from crumpling of the earth’s crust rbetween the Oregon-Washington border, Yakima, Ellensburg, and Wenatchee. Seismic retrofits could cost ratepayers across the region hundreds of millions of dollars. The Mid-Columbia dam owners and their federal regulator are taking an approach that has very little tolerance for risk and are prepared to spend money to protect against an event that may only happen once every 10,000 years. The new information about earthquake potential in central Washington has prompted the U.S. Department of Energy to launch its own seismic risk update for the Hanford site and its sensitive nuclear facilities. Separately, the Eugene Water & Electric Board ordered a similar comprehensive seismic reevaluation of its hydropower dams on the McKenzie River in the Oregon Cascade foothills. Source: http://www.npr.org/templates/story/story.php?storyId=158761474

Details

Banking and Finance Sector

13. August 15, Help Net Security – (International) Malware-laden emails target hedge fund managers. A highly targeted spam campaign aimed at hedge and private equity fund managers has recently been spotted by Barracuda Labs researchers, Help Net Security reported August 15. The email looks like it has been forwarded a few times, and supposedly has a document with details about NSYE carried interest fees attached to it. Recipients who do not notice that the file in question is an executable and run it are faced with a PDF that contains the information: ―SEC Release Adopts New Rule 13h-1 and Form 13H; Large Trader Reporting.‖ The PDF comes bundled with a keylogger, which secretly installs itself on the victim’s machine and begins recording keystrokes and sending them to a remote server via FTP. The researchers have managed to follow the traffic to the server, and to peek inside it. They discovered that all the files containing the keystrokes are neatly deposited in a folder and, according to the number of existing folders, the attackers have managed to compromise at least 20 computers so far. Source: http://www.net-security.org/malware_news.php?id=2222

14. August 14, Akron Beacon Journal – (Ohio) FBI seeks robber of five area banks. The FBI is circulating video images of a man police believe robbed five Akron, Ohio-area banks since July 2. The robberies all occurred at banks inside grocery stores, and most happened on a Friday between 4 and 6 p.m. The man either has shown a weapon in his waistband or has indicated he has a weapon, according to a news release from a special agent in charge of the FBI’s Cleveland Division. The robberies took place July 2 at U.S. Bank inside Fishers Food in Plain Township; July 20 at U.S. Bank inside Giant Eagle in Cuyahoga Falls; July 27 at Huntington Bank inside Giant Eagle in Youngstown; August 3 at Huntington Bank inside Giant Eagle in North Canton; and August 10 at Huntington Bank inside Giant Eagle in Canton. A reward is being offered for information leading to the man’s arrest. Source: http://www.ohio.com/news/local-news/fbi-seeks-robber-of-five-area-banks-1.327155

15. August 14, New York Times – (International; New York) Standard Chartered settles Iran inquiry for $340 million. Standard Chartered, the British bank, has agreed to pay New York’s top banking regulator $340 million to settle claims it laundered hundreds of billions of dollars in tainted money for Iran and lied to regulators, the New York Times reported August 14. The agreement is a victory for the New York Superintendent of Financial Services and his 10-month old agency, which took on the bank alone in charging it schemed for nearly a decade with Iran to hide from regulators 60,000 transactions worth $250 billion. Some federal authorities worry the deal has the potential to undercut a sweeping settlement between the bank and federal regulators, including the Federal Reserve and the Treasury Department. They are also investigating Standard Chartered, a 150-year-old bank based in London with operations across the globe. As part of the settlement, the bank will install a monitor for at least 2 years to vet money-laundering controls and put in permanent officials who will audit internal procedures. Source: http://www.nytimes.com/2012/08/15/business/standard-chartered-settles-with-new-york-for-340-million.html?pagewanted=1&_r=2

Information Technology Sector

44. August 15, Help Net Security – (International) Sirefef infections explode due to new infection technique. The Sirefef/Zaccess family of trojans — designed to download other malware, disable a machine’s security features, and often make lasting changes to a computer — is usually distributed to unsuspecting victims via email spam campaigns. However, its peddlers changed their strategy recently, and began bundling the malware with codecs, game installers, and crack/keygen applications, Trend Micro warned. ―During the last weeks of July, we received reports from customers that their services.exe files were being patched by an unknown malware,‖ the researchers shared. The patched file was a component of the Sirefef/Zaccess malware family, and was used to run the malware’s other malicious components upon reboot. The infection with this new variant was traced back to the execution of K-Lite Codec Pack.exe, more than likely downloaded by the users from the Internet to play movies downloaded via peer-to-peer applications. To preserve the illusion the offered codec is legitimate and to increase the likelihood of it being used, the file names are often modified to include the titles of popular movies. According to Trend Micro numbers, Sirefef/Zaccess infections increased in July, going from 1,000 infected computers on the 1st of the month to more than 11,000 on the 27th. The majority of infected computers are located in the United States. Source: http://www.net-security.org/malware_news.php?id=2223

45. August 15, Computerworld – (International) Security vendor exposes vulnerabilities in DDoS rootkit. In what it says is an attempt to turn the tables on malicious hackers, security vendor Prolexic released details August 14 of vulnerabilities it discovered in a toolkit family used by hackers to launch distributed denial-of-service (DDoS) attacks against corporate networks. The disclosure is designed to give IT security staff information they can use to mitigate attacks launched using the DDoS toolkit, according to Prolexic. The company’s vulnerability report specifically details flaws in the command and control (C&C) component of the Dirt Jumper DDoS toolkit associated with recent DDoS attacks. The flaws allow ―counter-attackers to obtain access to the Command and Control (C&C) database backend, and potentially server-side files,‖ the company noted in a statement. Such counterattacks can result in a total compromise of the toolkit’s attack capabilities, Prolexic said. ―With this information, it is possible to access the C&C server and stop the attack,‖ Prolexic’s CEO said in statement. Source: http://www.computerworld.com/s/article/9230288/Security_vendor_exposes_vulnerabilities_in_DDoS_rootkit

46. August 15, The H – (International) Java SE 7 Update 6 hands OS X support to Oracle. A Java Runtime Environment for Mac OS X and a free, but not open source, Linux ARM v6/v7 JDK are the highlights of Oracle’s release of Java SE 7 Update 6. The process of moving the responsibility for keeping Java on Mac OS X up to date from Apple to Oracle was completed with this release. The new release brings a Java Runtime Environment (JRE) to the Apple platform supported by Java’s owners, Oracle. The Mac OS X JRE will also support automatic updating and will in future be updated at the same time as the Windows version of Java. As well as the JRE, Java SE 7 Update 6 also has final versions of JavaFX 2.2 rich client platform and JavaFX Scene Builder for Mac OS X. Earlier in 2012, an estimated half a million users of Mac OS X found themselves infected with Flashback, malware that infiltrates systems using a vulnerability in Java already patched on other platforms. Apple’s slow updating of Java was a cause for concern for some time, but the Flashback incident brought it to the fore. After taking action to halt Flashback, Apple worked with Oracle to move support for Java to Oracle, which already maintains the Java software for Windows, Linux, and some Unix systems. Source: http://www.h-online.com/security/news/item/Java-SE-7-Update-6-hands-OS-X-support-to-Oracle-1667714.html

47. August 14, Computerworld – (International) Kaspersky pleads for crypto help to probe Gauss malware. August 14, Kaspersky Lab appealed for help from expert cryptographers to help it break the encryption of a still-mysterious payload delivered by the Gauss cyber-surveillance malware. While Kaspersky discovered the payload is delivered via USB flash drives — to close the ―air gap‖ between the Internet and PCs not connected to the Web — it has been stymied in its attempts to decrypt the module, which is encrypted with an RC4 key. Kaspersky noted the decryption key for the payload is generated dynamically by the victimized PC. ―[That] prevents anyone except the designated target(s) from extracting the contents of the sections,‖ Kaspersky said. ―The resource section [of the encrypted payload] is big enough to contain a Stuxnet-like SCADA-targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.‖ Source: http://www.computerworld.com/s/article/9230272/Kaspersky_pleads_for_crypto_help_to...

48. August 14, Infosecurity – (International) Groupon email scam gives victims more than they bargained for. Commtouch detected a series of recent attacks that contain emails promising great Groupon ―deals,‖ but deliver malware instead. The attacks rely on malware attached to the emails that purportedly come from ―friends‖ who want to share great deals, explained the director of product marketing at Commtouch. The scams are also using LinkedIn ―friends.‖ The Commtouch director explained these attacks are different from the blended attacks, which mix email and Web links to spread malware, since they use attached malware rather than links to drive-by malware. Source: http://www.infosecurity-magazine.com/view/27588/

49. August 14, Threatpost – (International) Adobe patches critical Flash bug, releases massive Reader update. Adobe issued a fix for a critical Flash vulnerability that attackers already are taking advantage of with targeted attacks. The flaw can allow attackers to get complete control of vulnerable machines, and Adobe said it is aware of attacks targeting Flash on Internet Explorer. The CVE-2012-1535 vulnerability in Flash, when exploited, either will crash the app or it could allow the attacker to run arbitrary code on the machine. Adobe officials are urging users to patch their systems now, especially given the fact there are attacks targeting the Flash vulnerability. ―There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows,‖ Adobe said in its advisory. Google also released a new version of Chrome August 14, which includes the updated Flash Player. In addition to the patch for Flash, Adobe also released a huge update for Reader and Acrobat August 14. The update includes fixes for Reader and Acrobat X on Windows and Mac OS X and patches a slew of vulnerabilities, including numerous memory corruption vulnerabilities, stack overflows, buffer overflows, and heap overflows, all of which could allow remote code execution, Adobe said. Source: http://threatpost.com/en_us/blogs/adobe-patches-critical-flash-bug-releases-massive-reader-update-081412

Communications Sector

50. August 15, Watertown Daily Times – (New York) Phone problems plague Wanakena. Verizon customers in Wanakena, New York, have suffered with the problem of nonworking phones for years, routinely registering complaints with the State Public Service Commission. Customers have grown tired of the recurring issue, especially since Wanakena is in a part of the Adirondacks that does not have cellphone coverage, the Watertown Daily Times reported August 15. ―I have been without a phone 15 times in the last two months,‖ said the Adirondack Park Agency commissioner. The outage is often spotty and intermittent. It might last 10 minutes or a day. One person’s phone may be out while a neighbor’s is working. Reception is often crackly even when the phones are working. Verizon is aware of the community’s concerns, a company spokesman said. ―The root cause of the service interruptions is multiple lightning strikes along the cable route from Star Lake to Wanakena. The length of the route between the two communities increases the likelihood of lightning strikes, especially during the summer season,‖ he said. Source: http://www.watertowndailytimes.com/article/20120815/NEWS05/708159894/-1/NEWS






Thursday, August 16, 2012


Daily Report

Top Stories

 • A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a live pipe bomb that police said could have caused significant damage. – Pittsburgh Post-Gazette

3. August 15, Pittsburgh Post-Gazette – (Pennsylvania) Pipe bomb discovered on natural gas pipeline. A contractor working on a natural gas pipeline in Washington County, Pennsylvania, unearthed a pipe bomb August 13. The device was detonated by the Allegheny County bomb squad. ―One of our contractor’s employees found a small pipe device on a right-of-way‖ where a pipeline is being constructed near Rural Valley Road in Buffalo, said the director of corporate communications for National Fuel Supply Corp. Police characterized the device as a ―live pipe bomb‖ that could have caused a catastrophe. The spokeswoman said police later scoured the pipeline route with bomb-sniffing dogs but could find no other devices. Source: http://shale.sites.post-gazette.com/index.php/news/archives/24744

 • West Nile virus is spreading faster than it has in years, federal health officials stated, noting that as of August 14, the mosquito-borne disease was responsible for 693 illnesses and 28 deaths in 32 states. – USA Today

30. August 15, USA Today – (National) West Nile virus spreads faster. West Nile virus is spreading faster than it has in years, health officials stated, and the pace of the mosquito-borne disease is getting worse, USA Today reported August 15. States are reporting more cases than usual, said a specialist in mosquito-borne diseases with the Centers for Disease Control and Prevention (CDC) in Fort Collins, Colorado. Texas is getting the worst of it. Sixteen people have died of West Nile virus this summer in Texas. That is out of 381 cases of the illness. Nationwide there have been at least 693 cases and 28 deaths, according to the CDC and State numbers released August 14. That is up from 390 cases and 8 deaths the week of August 6. Thirty-two states have had cases of West Nile, the CDC said. Louisiana has had six deaths in 68 cases, Oklahoma one death in 55 cases, and Mississippi one death in 59 cases. In Arizona, there has been one death in seven cases. California had 23 cases, one of which was fatal, and South Dakota had one fatality in 37 cases. Source: http://www.usatoday.com/news/health/story/2012-08-14/west-nile-virus-mosquito/57057540/1?csp=34news

 • A gunman who shot a security guard August 15 at the Family Research Council office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. – NBC News

53. August 15, NBC News – (Washington, D.C.) Security guard shot at conservative group’s D.C. office. A gunman who shot a security guard August 15 at the Family Research Council (FRC) office in Washington, D.C., carried a handgun and several additional rounds of ammunition, federal investigators said. When challenged by the security guard, the gunman shot the guard in the arm. He was then detained by other guards, and district police and the FBI responded. He was taken into custody by FBI agents. The FBI will have jurisdiction if the incident turns out to be a hate crime. One law enforcement official told NBC News it was fairly clear the FRC was the man’s target. Officials said the suspect came from Herndon, Virginia. The FBI said the security guard was in the hospital and was ―doing OK.‖ Federal officials said the suspect was carrying a backpack with materials related to Chick-fil-A restaurants. The FRC’s presidentl sent an email to members in July in support of comments by the restaurant chain’s president on same-sex marriage. Two federal officials said the suspect appeared mentally disturbed. Source: http://usnews.nbcnews.com/_news/2012/08/15/13298020-security-guard-shot-at-conservative-groups-dc-office?lite

 • A recent seismic hazard assessment found greater earthquake potential for the central Washington area where many dams are located. – NPR

62. August 14, NPR – (Washington; Oregon) Earthquake study raises risk potential around central Wash. dams. A recent seismic hazard assessment found greater earthquake potential for the central Washington area than previously thought. Estimates for how strongly the ground could shake from a local earthquake has tripled or quadrupled since the building of hydropower dams in the area. The study took 4 years to produce and was commissioned by three Washington public utility districts, covering their six large hydropower dams. A consulting seismologist said the risk comes primarily from crumpling of the earth’s crust rbetween the Oregon-Washington border, Yakima, Ellensburg, and Wenatchee. Seismic retrofits could cost ratepayers across the region hundreds of millions of dollars. The Mid-Columbia dam owners and their federal regulator are taking an approach that has very little tolerance for risk and are prepared to spend money to protect against an event that may only happen once every 10,000 years. The new information about earthquake potential in central Washington has prompted the U.S. Department of Energy to launch its own seismic risk update for the Hanford site and its sensitive nuclear facilities. Separately, the Eugene Water & Electric Board ordered a similar comprehensive seismic reevaluation of its hydropower dams on the McKenzie River in the Oregon Cascade foothills. Source: http://www.npr.org/templates/story/story.php?storyId=158761474

Details

Banking and Finance Sector

13. August 15, Help Net Security – (International) Malware-laden emails target hedge fund managers. A highly targeted spam campaign aimed at hedge and private equity fund managers has recently been spotted by Barracuda Labs researchers, Help Net Security reported August 15. The email looks like it has been forwarded a few times, and supposedly has a document with details about NSYE carried interest fees attached to it. Recipients who do not notice that the file in question is an executable and run it are faced with a PDF that contains the information: ―SEC Release Adopts New Rule 13h-1 and Form 13H; Large Trader Reporting.‖ The PDF comes bundled with a keylogger, which secretly installs itself on the victim’s machine and begins recording keystrokes and sending them to a remote server via FTP. The researchers have managed to follow the traffic to the server, and to peek inside it. They discovered that all the files containing the keystrokes are neatly deposited in a folder and, according to the number of existing folders, the attackers have managed to compromise at least 20 computers so far. Source: http://www.net-security.org/malware_news.php?id=2222

14. August 14, Akron Beacon Journal – (Ohio) FBI seeks robber of five area banks. The FBI is circulating video images of a man police believe robbed five Akron, Ohio-area banks since July 2. The robberies all occurred at banks inside grocery stores, and most happened on a Friday between 4 and 6 p.m. The man either has shown a weapon in his waistband or has indicated he has a weapon, according to a news release from a special agent in charge of the FBI’s Cleveland Division. The robberies took place July 2 at U.S. Bank inside Fishers Food in Plain Township; July 20 at U.S. Bank inside Giant Eagle in Cuyahoga Falls; July 27 at Huntington Bank inside Giant Eagle in Youngstown; August 3 at Huntington Bank inside Giant Eagle in North Canton; and August 10 at Huntington Bank inside Giant Eagle in Canton. A reward is being offered for information leading to the man’s arrest. Source: http://www.ohio.com/news/local-news/fbi-seeks-robber-of-five-area-banks-1.327155

15. August 14, New York Times – (International; New York) Standard Chartered settles Iran inquiry for $340 million. Standard Chartered, the British bank, has agreed to pay New York’s top banking regulator $340 million to settle claims it laundered hundreds of billions of dollars in tainted money for Iran and lied to regulators, the New York Times reported August 14. The agreement is a victory for the New York Superintendent of Financial Services and his 10-month old agency, which took on the bank alone in charging it schemed for nearly a decade with Iran to hide from regulators 60,000 transactions worth $250 billion. Some federal authorities worry the deal has the potential to undercut a sweeping settlement between the bank and federal regulators, including the Federal Reserve and the Treasury Department. They are also investigating Standard Chartered, a 150-year-old bank based in London with operations across the globe. As part of the settlement, the bank will install a monitor for at least 2 years to vet money-laundering controls and put in permanent officials who will audit internal procedures. Source: http://www.nytimes.com/2012/08/15/business/standard-chartered-settles-with-new-york-for-340-million.html?pagewanted=1&_r=2

Information Technology Sector

44. August 15, Help Net Security – (International) Sirefef infections explode due to new infection technique. The Sirefef/Zaccess family of trojans — designed to download other malware, disable a machine’s security features, and often make lasting changes to a computer — is usually distributed to unsuspecting victims via email spam campaigns. However, its peddlers changed their strategy recently, and began bundling the malware with codecs, game installers, and crack/keygen applications, Trend Micro warned. ―During the last weeks of July, we received reports from customers that their services.exe files were being patched by an unknown malware,‖ the researchers shared. The patched file was a component of the Sirefef/Zaccess malware family, and was used to run the malware’s other malicious components upon reboot. The infection with this new variant was traced back to the execution of K-Lite Codec Pack.exe, more than likely downloaded by the users from the Internet to play movies downloaded via peer-to-peer applications. To preserve the illusion the offered codec is legitimate and to increase the likelihood of it being used, the file names are often modified to include the titles of popular movies. According to Trend Micro numbers, Sirefef/Zaccess infections increased in July, going from 1,000 infected computers on the 1st of the month to more than 11,000 on the 27th. The majority of infected computers are located in the United States. Source: http://www.net-security.org/malware_news.php?id=2223

45. August 15, Computerworld – (International) Security vendor exposes vulnerabilities in DDoS rootkit. In what it says is an attempt to turn the tables on malicious hackers, security vendor Prolexic released details August 14 of vulnerabilities it discovered in a toolkit family used by hackers to launch distributed denial-of-service (DDoS) attacks against corporate networks. The disclosure is designed to give IT security staff information they can use to mitigate attacks launched using the DDoS toolkit, according to Prolexic. The company’s vulnerability report specifically details flaws in the command and control (C&C) component of the Dirt Jumper DDoS toolkit associated with recent DDoS attacks. The flaws allow ―counter-attackers to obtain access to the Command and Control (C&C) database backend, and potentially server-side files,‖ the company noted in a statement. Such counterattacks can result in a total compromise of the toolkit’s attack capabilities, Prolexic said. ―With this information, it is possible to access the C&C server and stop the attack,‖ Prolexic’s CEO said in statement. Source: http://www.computerworld.com/s/article/9230288/Security_vendor_exposes_vulnerabilities_in_DDoS_rootkit

46. August 15, The H – (International) Java SE 7 Update 6 hands OS X support to Oracle. A Java Runtime Environment for Mac OS X and a free, but not open source, Linux ARM v6/v7 JDK are the highlights of Oracle’s release of Java SE 7 Update 6. The process of moving the responsibility for keeping Java on Mac OS X up to date from Apple to Oracle was completed with this release. The new release brings a Java Runtime Environment (JRE) to the Apple platform supported by Java’s owners, Oracle. The Mac OS X JRE will also support automatic updating and will in future be updated at the same time as the Windows version of Java. As well as the JRE, Java SE 7 Update 6 also has final versions of JavaFX 2.2 rich client platform and JavaFX Scene Builder for Mac OS X. Earlier in 2012, an estimated half a million users of Mac OS X found themselves infected with Flashback, malware that infiltrates systems using a vulnerability in Java already patched on other platforms. Apple’s slow updating of Java was a cause for concern for some time, but the Flashback incident brought it to the fore. After taking action to halt Flashback, Apple worked with Oracle to move support for Java to Oracle, which already maintains the Java software for Windows, Linux, and some Unix systems. Source: http://www.h-online.com/security/news/item/Java-SE-7-Update-6-hands-OS-X-support-to-Oracle-1667714.html

47. August 14, Computerworld – (International) Kaspersky pleads for crypto help to probe Gauss malware. August 14, Kaspersky Lab appealed for help from expert cryptographers to help it break the encryption of a still-mysterious payload delivered by the Gauss cyber-surveillance malware. While Kaspersky discovered the payload is delivered via USB flash drives — to close the ―air gap‖ between the Internet and PCs not connected to the Web — it has been stymied in its attempts to decrypt the module, which is encrypted with an RC4 key. Kaspersky noted the decryption key for the payload is generated dynamically by the victimized PC. ―[That] prevents anyone except the designated target(s) from extracting the contents of the sections,‖ Kaspersky said. ―The resource section [of the encrypted payload] is big enough to contain a Stuxnet-like SCADA-targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.‖ Source: http://www.computerworld.com/s/article/9230272/Kaspersky_pleads_for_crypto_help_to...

48. August 14, Infosecurity – (International) Groupon email scam gives victims more than they bargained for. Commtouch detected a series of recent attacks that contain emails promising great Groupon ―deals,‖ but deliver malware instead. The attacks rely on malware attached to the emails that purportedly come from ―friends‖ who want to share great deals, explained the director of product marketing at Commtouch. The scams are also using LinkedIn ―friends.‖ The Commtouch director explained these attacks are different from the blended attacks, which mix email and Web links to spread malware, since they use attached malware rather than links to drive-by malware. Source: http://www.infosecurity-magazine.com/view/27588/

49. August 14, Threatpost – (International) Adobe patches critical Flash bug, releases massive Reader update. Adobe issued a fix for a critical Flash vulnerability that attackers already are taking advantage of with targeted attacks. The flaw can allow attackers to get complete control of vulnerable machines, and Adobe said it is aware of attacks targeting Flash on Internet Explorer. The CVE-2012-1535 vulnerability in Flash, when exploited, either will crash the app or it could allow the attacker to run arbitrary code on the machine. Adobe officials are urging users to patch their systems now, especially given the fact there are attacks targeting the Flash vulnerability. ―There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows,‖ Adobe said in its advisory. Google also released a new version of Chrome August 14, which includes the updated Flash Player. In addition to the patch for Flash, Adobe also released a huge update for Reader and Acrobat August 14. The update includes fixes for Reader and Acrobat X on Windows and Mac OS X and patches a slew of vulnerabilities, including numerous memory corruption vulnerabilities, stack overflows, buffer overflows, and heap overflows, all of which could allow remote code execution, Adobe said. Source: http://threatpost.com/en_us/blogs/adobe-patches-critical-flash-bug-releases-massive-reader-update-081412

Communications Sector

50. August 15, Watertown Daily Times – (New York) Phone problems plague Wanakena. Verizon customers in Wanakena, New York, have suffered with the problem of nonworking phones for years, routinely registering complaints with the State Public Service Commission. Customers have grown tired of the recurring issue, especially since Wanakena is in a part of the Adirondacks that does not have cellphone coverage, the Watertown Daily Times reported August 15. ―I have been without a phone 15 times in the last two months,‖ said the Adirondack Park Agency commissioner. The outage is often spotty and intermittent. It might last 10 minutes or a day. One person’s phone may be out while a neighbor’s is working. Reception is often crackly even when the phones are working. Verizon is aware of the community’s concerns, a company spokesman said. ―The root cause of the service interruptions is multiple lightning strikes along the cable route from Star Lake to Wanakena. The length of the route between the two communities increases the likelihood of lightning strikes, especially during the summer season,‖ he said. Source: http://www.watertowndailytimes.com/article/20120815/NEWS05/708159894/-1/NEWS