Department of Homeland Security Daily Open Source Infrastructure Report

Friday, December 5, 2008

Complete DHS Daily Report for December 5, 2008

Daily Report

Headlines

 The Jersey Journal reports that Kuehne Chemical in Kearny, New Jersey, has been cited and fined by the U.S. Occupational Safety and Health Administration for 33 worker safety and health violations, OSHA officials confirmed Tuesday. (See item 4)

4. December 3, Jersey Journal – (New Jersey) Kearny chemical firm fined for safety violations. Kuehne Chemical in Kearny has been cited and fined by the U.S. Occupational Safety and Health Administration (OSHA) for 33 worker safety and health violations, including lapses that could lead to a toxic chlorine release, an advocate group and OSHA officials confirmed Tuesday. On November 10 and 14, OSHA issued citations to Kuehne for violating federal standards and assessed total penalties of $48,650, said officials with the New Jersey Work Environment Council (WEC), an alliance of 70 labor and community organizations. WEC has characterized Kuehne, which sits across the Hackensack River from Jersey City, as “the nation’s most potentially hazardous chemical plant.” The OSHA violations include Kuehne’s failure to: secure one-ton containers of liquid chlorine on forklift trucks to prevent them from falling off; accurately map potentially hazardous processes involving chlorine; assess the potential of pipe erosion/corrosion, which could cause a chlorine leak; and evaluate potential health effects on employees due to control failure. Source: http://www.nj.com/hudson/index.ssf/2008/12/kearny_chemical_firm_fined_for.html

 According to Newsday, a virus attack crippled computer systems in Islip Town offices and at Long Island MacArthur Airport in New York for more than a week in November but did not compromise operations or security at the airport, officials said Monday. (See item 10)

10. December 2, Newsday – (New York) Virus hits Islip Town, MacArthur Airport computers. A virus attack crippled computer systems in Islip Town offices and at Long Island MacArthur Airport for more than a week but did not compromise operations or security at the airport, officials said Monday. The disruption, which began November 20 and affected e-mail, individual hard drives, and town-wide servers, should be resolved December 2, the town information management director said. The attack, which officials estimate cost the town more than $50,000, underscored the need to upgrade the town’s outdated technology, the Islip supervisor said. The computer systems “were someplace back in the late ‘70s when we came into office” in 2006, the supervisor said. “This year we’re furiously advancing our systems to bring us at least into the 1990s.” A new $270,000 operating system was in the testing phase when the virus hit, and its adoption may be delayed by the attack, the town information management director said. The Sality virus disabled virus protection software, then raced through the town’s systems, shutting down 50 servers and infecting computers at facilities including Town Hall, Brookwood Hall, and MacArthur Airport. Within a day, it disrupted such activities as tax collection, code enforcement, and the issuing of permits and licenses. MacArthur was up and running Monday, the director said. Islip has reported the attack to Suffolk police and the district attorney’s office, the Islip supervisor said, and the town’s technology staff has been installing new security measures. MacArthur Airport is managed by the town and operates on two networks: one shared with Islip and one that is independent. The virus struck both, but technology staff managed to disconnect the independent network before much damage was done, the Islip supervisor said. No server data were lost, he said, although some individual hard drives lost files. Source: http://www.newsday.com/news/local/suffolk/ny-limaca025949156dec02,0,1644211.story

Details

Banking and Finance Sector

6. December 4, Merced Sun-Star – (California) Feds arrest four on bank-fraud accusations. Federal agents descended upon a used auto dealer in Merced, California, early Wednesday, making arrests and serving a search warrant linked to a bank fraud investigation. A combined force of nearly a dozen FBI and Immigration and Custom Enforcement agents raided Auto Expo USA, said a FBI special agent. Agents arrested four suspects according to a five-page federal indictment. The suspects operated a scheme to enable customers to obtain financing, even if they did not qualify, by preparing false financial documents and forwarding them to Valley First Credit Union. Federal investigators believe the suspects entered fictitious information on loan applications, including the names of employers for whom the customers did not work. The men also inflated the earning amounts of customers, in addition to creating fictitious earnings statements to reflect payments of wages by businesses that never employed the customers. Once the loan application and supporting documents were completed, they were submitted to Valley First by either the suspects or the customers, the indictment said. Source: http://www.mercedsunstar.com/167/story/578067.html

7. December 3, Associated Press – (New Jersey) NJ man gets 12 years in bank fraud scheme. A New Jersey man has been sentenced to 12 years in federal prison for his role in a scheme involving millions of dollars in fraudulent home equity and business lines of credit. At a sentencing hearing on Wednesday a U.S. District Judge also ordered the defendant of Palisades Park to make restitution of nearly $10.5 million. That amount represents the verifiable losses sustained by banks in northern New Jersey that did business with the defendant between February 2004 and November 2005. The defendant, who was president of American Macro Growth (AMG) in Palisades Park, was indicted in June 2007 along with four AMG employees and eight clients of the company. He was a fugitive until May of 2008, when he was arrested in Queens, New York. Prosecutors say the defendant and his employees conspired to defraud at least 16 different lenders, partly by submitting falsified income tax returns on behalf of clients. The defendant pleaded guilty in July to conspiracy to commit bank fraud. Source: http://www.nj.com/newsflash/index.ssf?/base/news-35/1228342456120040.xml&storylist=jersey

Information Technology


21. December 4, VNUNet – (International) Sun and VMware issue vital updates. Users are being advised to update their software after Sun Microsystems and VMware posted software fixes Wednesday. The patch from Sun addresses security and stability problems in Java, fixing 18 flaws covering stability, data corruption, and security vulnerabilities. Sun did not provide details on the exact nature of the security flaws, but the U.S. Computer Emergency Response Team has advised users and administrators to install the Java update immediately. The VMware patch, meanwhile, addresses two security flaws in a number of the company’s virtualisation products. The fix applies to VMWare Workstation versions 5 and 6, VMWare Player versions 1 and 2, and VMWare Server version 1.0.9 and earlier, as well as the company’s ESX offering. The first of the two flaws addresses a problem which could allow an attacker to remotely cause a memory corruption issue. If exploited, the attacker could cause the target system to crash and gain the ability to write code to memory. The second addresses a previously patched flaw in the bzip2 library on ESX systems. If exploited, the vulnerability could be targeted by an attacker to crash the system while decompressing a specially-crafted archive file. Source: http://www.vnunet.com/vnunet/news/2231942/sun-vmware-issue-updates


22. December 4, VNUNet – (International) Secunia study finds 98 percent of PCs vulnerable. A survey of computer users has shown that almost every PC is running at least one unpatched application, according to vulnerability testing firm Secunia. Secunia gathered reports from over 20,000 computer users who had downloaded its Personal Software Inspector tool, and found that over 98 percent have at least one application running that is vulnerable to attack. The company warned that the results are even more worrying since the tool is likely to have been downloaded predominantly by more security aware computer users. “Has the world improved since the last look at the numbers? The short answer is no. Nearly every PC continues to run with several insecure programs. If anything, these numbers are worse than [11 months ago] when we generated them initially,” said Secunia. “The total number of PCs/users included in these numbers is 20,000, and 98.09 per cent have one or more insecure programs installed on their PC. Hence 98 out of 100 PCs that are connected to the internet have insecure programs installed.” Another shocking figure from the research is that nearly 50 percent of PCs have 11 or more unsecured programs running on their computers. Secunia warned that antivirus software is largely ineffective at protecting against such vulnerabilities. Source: http://www.vnunet.com/vnunet/news/2231922/secunia-study-finds-per-cent


23. December 4, DarkReading – (International) Popular home DSL routers at risk of CSRF attack. Researcher demonstrates ease of hacking home routers with insidious cross-site request forgery (CSRF) attack. A deadly attack typically associated with Websites can also be used on LAN/WAN devices, such as DSL routers, according to a researcher who this week demonstrated cross-site request forgery (CSRF) vulnerabilities in devices used for AT&T’s DSL service. A consultant and founder of security think-tank Hexagon Security Group discovered a CSRF vulnerability in the Motorola/Netopia 2210 DSL modem that, among other things, could let an attacker insert malware onto the victim’s computer or recruit it as a bot for a botnet. “CSRF is one of the only vulnerabilities that can be either completely innocuous or completely devastating,” he says. The vulnerability is not isolated to Motorola/Netopia DSL modems. It affects most DSL modems because they don’t require authentication to access their configuration menu, he says. “I can take over Motorola/Netopia DSL modems with one request, and I can do it from MySpace and other social networks,” he says. The attack uses HTTP POST and GET commands on the modems, he says. CSRF vulnerabilities are nothing new; they are pervasive on many Websites and in many devices. Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=DQEKHUYSQKAMSQSNDLPSKHSCJUNN2JVN?articleID=212201777


Communications Sector



Nothing to report

No comments: