Monday, January 12, 2009
Complete DHS Daily Report for January 12, 2009
Daily Report
Headlines
Water Technology Online reports that the mayor of Tacoma, Washington, has declared a civil emergency for the city of about 200,000 due to the threat the rising Puyallup River poses to the city’s wastewater treatment plant. (See item 16)
16. January 8, Water Technology Online – (Washington) WA floods impacting treatment plants. The mayor of Tacoma, Washington, has declared a civil emergency for the city of about 200,000 due to the threat the rising Puyallup River poses to the city’s wastewater treatment plant, according to local reports. Tacoma, as well as most of northwestern Washington, has been inundated with floodwaters as snowmelt and rain swell rivers and caused mudslides and avalanches. The city of Spokane’s wastewater treatment plant was processing about 70 million gallons a day, more than the average flow, the operator in charge told KXLY 4. The water, which is accompanied by higher-than-usual levels of sand, is now being treated with an abbreviated treatment process to get the water in and out faster. “When they are full we don’t have any more storage capacity, then we have to process it, disinfect it and send it to the river,” the operator is quoted as saying. In Orting, residents were helping to pack sandbags around the city’s water treatment plant, the Associated Press reported on January 8. Source: http://www.watertechonline.com/news.asp?N_ID=71215
According to WebMD, Quest Diagnostics, a company that performs lab tests for patients nationwide, says some of the vitamin D tests it conducted in 2007 and part of 2008 yielded incorrect results. (See item 20)
20. January 8, WebMD – (National) Flawed results on some vitamin D tests. Quest Diagnostics, a company that performs lab tests for patients nationwide, says some of the vitamin D tests it conducted in 2007 and part of 2008 yielded incorrect results. Quest Diagnostics has already sent letters to the doctors of the patients with suspicious results on their vitamin D test, according to the medical director of the endocrinology lab at Quest Diagnostics Nichols Institute in San Juan Capistrano, California. The incorrect vitamin D tests tended to overestimate patients’ blood levels of vitamin D. The errors stemmed from problems with the test’s reagents and calibrators, and there were also “issues with some sites not following proper operating procedure.” Source: http://www.webmd.com/news/20090108/flawed-results-on-some-vitamin-d-tests
Details
Banking and Finance Sector
4. January 8, Bloomberg – (New York) Ponzi scheme targeted Catholics, priests, U.S. says. U.S. prosecutors and market regulators accused a Buffalo, New York-area investment adviser of operating a Ponzi scheme that targeted Catholics, including priests. The man was charged with mail fraud at federal court in Buffalo, a U.S. attorney said Thursday in a statement. He placed advertisements in Catholic newspapers across the country while raising at least $17 million since 2004, according to the statement. The marketing materials claimed “seniors and clergy are absolutely pleased” with the firm’s returns and lack of fees, the Securities and Exchange Commission (SEC) said in a civil lawsuit naming him and his firm, Gen-See Capital Corp. “Investors’ funds are not, however, invested in anything,” the SEC said. The man told clients their money was invested in “high quality” residential mortgages purchased at a discount, according to the SEC. Instead, funds were misappropriated to pay periodic returns, the regulator said. Payments in November were sent to at least 200 clients, including Catholic priests, religious orders, and cemetery funds, it said. The SEC said it is also seeking an emergency court order freezing the defendants’ assets. Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aELIfH1r.knc&refer=home
5. January 8, Wall Street Journal – (Pennsylvania) New Ponzi case pursued. The Commodity Futures Trading Commission (CFTC) and the Securities and Exchange Commission (SEC) brought civil charges against a Pennsylvania man accused of running a $50 million Ponzi scheme since at least February 1995. Authorities said in a complaint Thursday that the man of Broomall, Pennsylvania, turned himself in to authorities in December and signed a confession with the U.S. postal inspector after his alleged Ponzi scheme fell apart. No criminal charges have been filed at this point. According to the SEC, he obtained the $50 million from as many as 80 different investors through the sale of securities in the form of limited partnership interests in his firm, Joseph Forte LP. Authorities claim he told investors he would invest money in an account that trades in securities-futures contracts. The CFTC’s complaint, filed in a U.S. District Court in Philadelphia, accuses him of solicitation fraud, misappropriation of commodity-pool funds, sending customers false account statements, and failing to register as a commodity-pool operator. On Wednesday, a U.S. District judge issued an order freezing all of his assets. Source: http://online.wsj.com/article/SB123146543612166835.html?mod=googlenews_wsj
6. January 7, Guardium – (District of Columbia) Washington Metropolitan Area Transit Authority implements Guardium to safeguard customer data, automate PCI-DSS controls. Guardium, a database security company, announced on January 7 that the Washington Metropolitan Area Transit Authority (Metro) has implemented Guardium’s real-time database security and monitoring solution to help safeguard sensitive cardholder data in its heterogeneous, multi-tier database and application environment. With more than 9 million credit and debit card transactions yearly, Metro is classified as a top-tier Level 1 merchant by the Payment Card Industry Data Security Standard (PCI-DSS). The chief of Metro IT Security, Department of Information Technology, Washington Metropolitan Area Transit Authority said, “Guardium has helped us implement robust, hardened ‘security zones’ around our critical production databases, with a DBMS-independent architecture that doesn’t impact performance or require changes to our databases and applications.” Guardium is also helping Metro simplify enterprise security by automating and centralizing controls required for compliance. “We initially looked at native DBMS logging and auditing, but it’s impractical because of its high overhead, especially when you’re capturing every single SELECT (database read operation) in a high-volume environment like ours,” he said. “In addition, native auditing doesn’t enforce separation of duties or prevent unauthorized access by privileged insiders.” Source: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212701129&subSection=Attacks/breaches
Information Technology
25. January 9, Register – (International) HP hunts down ‘rare’ BladeSystem problem. A power supply failure in HP BladeSystem c7000 enclosures can cause the whole BladeSystem to fail, the firm has admitted. According to an HP advisory note: “HP has identified a potential, yet extremely rare issue with HP BladeSystem c7000 Enclosure 2250W Hot-Plug Power Supplies manufactured prior to March 20, 2008. “This issue is extremely rare; however, if it does occur, the power supply may fail and this may result in the unplanned shutdown of the enclosure, despite redundancy, and the enclosure may become inoperable.” So, the issue is extremely rare, says HP. But it applies to any HP BladeSystem c7000 Enclosure configured with an HP c7000 Power Supply, if the power supply was manufactured before March 20, 2008. Each enclosure can have up to a total of six supplies. Source: http://www.theregister.co.uk/2009/01/09/hp_bladesystem_problem/
26. January 9, DarkReading – (International) Slow and silent targeted attacks on the rise. The most determined cybercriminals do not necessarily work fast when they breach a network, and their infiltration is often silent and undetectable. But it is this brand of “low and slow” targeted attack that can also be the most deadly, security experts say. This is a methodical attack, where the attacker covers his tracks as he penetrates the network, sometimes ceasing the attack for days at a time to avoid raising suspicion. It is typically a nearly invisible hack that is not discovered until it is too late, after the bad guys have made off with valuable data and done serious damage. Security experts say IT and security managers need to be at the ready for these highly targeted attacks, which may be more common than once thought. No one knows for sure just how widespread these attacks are today, but some basic characteristics are present as to how they are executed. The attacker typically initially gains access through a Web application vulnerability, or via a successful spear-phishing attack on an employee. After he gets inside, he may wait a few days or so after this first stage of the attack. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=0NURT4VR50P3YQSNDLPSKHSCJUNN2JVN?articleID=212701434
27. January 8, CNET News – (International) Fake CNN site from phishing e-mail hides a Trojan. A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering “graphic” video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on January 8. When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs a “SSL stealer” Trojan that captures financial and other sensitive information, RSA said in a blog. The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said the vice president of product management and strategy at RSA. Source: http://news.cnet.com/8301-1009_3-10137863-83.html?tag=newsEditorsPicksArea.0
28. January 8, CNET News – (International) Latest problem import? Infected digital photo frames. Digital photo frames infected with computer viruses are the latest problem import from China. “Essentially, it’s a supply chain problem,” said the director of the Internet Storm Center at the SANS Institute. The culprit is believed to be poor quality-assurance testing procedures in which one of every 1,000 or so devices is plucked off an assembly line and tested on a computer that is infected with a virus, he said. Before Christmas, Samsung and Amazon issued alerts warning customers that some Photo Frame Driver CDs for Samsung’s SPF line of digital photo frames contained a virus in the frame manager software. Customer PCs running Windows XP are at risk of being infected by the virus, W32.Sality.AE, which drops a keylogger or backdoor onto the system. Element and Mercury brand frames sold at Circuit City and Wal-Mart, respectively, also were reported to be infected, according to the San Francisco Chronicle. “Anything that has flash storage or bootable storage is exposed to this kind of threat,” said the director of security research for McAfee Avert Labs. “It doesn’t mean you shouldn’t buy them. You should just realize before you plug it in that you might want to disable the Windows auto-boot functionality and run an antivirus scan on it, just to be safe.” Source: http://news.cnet.com/8301-1009_3-10137032-83.html?part=rss&tag=feed&subj=News-Security
Communications Sector
29. January 8, RCR Wireless News – (District of Columbia) DC cell phone jamming demo canceled. The District of Columbia cancelled Thursday’s scheduled cell phone jamming demonstration at a city jail. Cellular industry association CTIA Wednesday petitioned a federal appeals court to overturn the Federal Communication Commission’s (FCC) January 2 order permitting the District of Columbia Department of Corrections to host a demonstration using equipment supplied by CellAntenna Corp. The FCC told the court the cell phone jamming event had been cancelled by the District of Columbia Department of Corrections and was not rescheduled. Given the events, CTIA withdrew its appeals court petition. The District of Columbia Department of Corrections director requested permission for the jamming demonstration in a December 16 letter to the outgoing FCC chairman. He wrote that the proliferation of contraband cell phones has become a major security risk within corrections facilities around the country and that handsets are being used by prisoners to intimidate witnesses, coordinate escapes, and conduct criminal enterprises. Wireless providers appear worried that any policy changes could lead to a proliferation of cell phone jammers that citizens could use to halt annoying cell phone conversations at restaurants, movies, and other public venues. Federal law forbids citizens as well as state and local law enforcement from using cell phone jammers, while U.S. agencies are not bound by the prohibition. Source: http://www.rcrwireless.com/article/20090108/WIRELESS/901089987/1082/dc-cellphone-jamming-demo-canceled
No comments:
Post a Comment