Friday, October 22, 2010

Complete DHS Daily Report for October 22, 2010

Daily Report

Top Stories

• Food Safety News reports that a San Antonio, Texas company was ordered to stop processing food and recall all products shipped since January, after it was linked to chopped celery contaminated with Listeria monocytogenes that appears to be responsible for five deaths. (See item 28)

28. October 21, Food Safety News – (Texas) Texas closes produce plant linked to five deaths. Deadly chopped celery contaminated with Listeria monocytogenes was traced back October 20 to Sangar Fresh Cut Produce in San Antonio, Texas, and the company was ordered to stop processing food and recall all products shipped since January. The order came from the Texas Department of State Health Services (DSHS). Five deaths in Texas appear to be associated with chopped celery contaminated with Listeria. The order to shutdown Sanger was issued after laboratory tests of chopped celery from the plant indicated the presence of Listeria monocytogenes. The recalled products — primarily cut fresh produce in sealed packages — were distributed to restaurants and institutional entities, such as hospitals and schools. The products were not sold in grocery stores. The testing was done as part of a DSHS investigation into 10 listeriosis cases, including five deaths, reported to the department over an 8-month period. Six of the 10 cases have been linked to chopped celery from the Sangar plant. The illnesses occurred in Bexar, Travis and Hidalgo counties. Source: http://www.foodsafetynews.com/2010/10/texas-closes-produce-plant-associated-with-five-deaths/

• According to the Philadelphia Inquirer, two affiliated Philadelphia companies lost a computer flash drive containing the names, addresses, and personal health information of 280,000 people. (See item 38)

38. October 21, Philadelphia Inquirer – (Pennsylvania ) Medical-data breach said to be major. A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing. "We deeply regret this unfortunate incident," said the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The September 20 breach, which involved the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare.The security failure involves nearly two-thirds of the insurers' subscribers. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said the head of Patient Privacy Rights, an advocacy group. The companies said that as of October 20, there had been no reports of anyone trying to use the information stored on the drive. The company said that of the 280,000 people affected, only seven members' Social Security numbers were included on the flash drive, along with the last four Social Security numbers of an additional 801 clients. Source: http://www.philly.com/inquirer/business/20101021_Medical-data_breach_said_to_be_major.html?viewAll=y

Details

Banking and Finance Sector

17. October 21, Reuters Legal – (New York) New York courts impose new foreclosure rule. New York courts are the first in the United States to require lawyers handling foreclosures for banks and servicers to take steps to ensure the procedure is done properly, the state's top judge said October 20. Effective immediately, lawyers representing the plaintiffs in residential foreclosure actions must file signed affirmations that they took "reasonable" steps to verify the accuracy of the underlying documents. The chief judge of the New York State Court of Appeals said the rule is in response to "unprecedented revelations" by several mortgage lenders of problems in the foreclosure process, including in the notarization and so-called "robosigning" of documents. "There is a national crisis," the chief judge said in an interview. "Given the magnitude and consequences of this kind of systemic problem we're having, we think it behooves lawyers to talk to their clients and make sure the Is are dotted and the Ts are crossed." New York is the third-most populous U.S. state, and one of 23 states where court approval is needed to foreclose. The chief judge said nearly 80,000 foreclosure actions are pending in the state's courts. Source: http://www.reuters.com/article/idUSTRE69J3HP20101021

18. October 21, Columbus Dispatch – (Ohio) Woman linked to 7 bank jobs. The woman who authorities have dubbed "the church lady bandit" struck again October 20. Law-enforcement officials said she is now suspected of robbing seven banks. According to an FBI news release, the woman entered the U.S. Bank at the Ohio Union, on the Ohio State University campus, at 4:30 p.m. She told the teller she wanted to make a withdrawal and then passed her a note, indicating she had a gun and was robbing the bank, according to the FBI. Although no gun was seen, the teller gave the woman money from her drawer. The FBI has linked the same woman to six other area bank robberies since January 2006. She has hit banks in the Linden area and on the North Side, three on E. Dublin-Granville Road. The woman earned her church-lady moniker because she dressed up for one of her robberies, donning a "church hat." At the time, a witness said the robber looked like she "just came from church." Source: http://www.dispatch.com/live/content/local_news/stories/2010/10/21/woman-linked-to-7-bank-jobs.html?sid=101

19. October 21, Agence France-Presse – (International) Bomb threat halts trading at Philippine stock market. A bomb threat forced a halt to trading at the Philippine Stock Exchange October 21, but trading resumed after police cleared the building, officials said. Bomb disposal teams and sniffer dogs searched an office tower housing the exchange's trading floor in the financial district of Makati while hundreds of office workers filed out of the building. "We halted trading for security reasons. We implemented evacuation measures immediately for the safety of the employees and trading participants," the exchange president said in a statement. The official did not say where the threat came from nor how it was sent. Spokesmen for the exchange said they were checking who received the threat. After police called the alert off, the exchange sent an advisory saying that trading hours would be extended by about 1 hour to make up for the time that was lost due to the bomb threat. A spokesman for the president said the incident was a "concern" but that the government was happy that no bomb was found. Source: http://www.google.com/hostednews/afp/article/ALeqM5iFY3PEHlKQNSQWn1zfQeCNHOP_xw?docId=CNG.a748b69f22077ddd5d23e00c220bc69a.331

20. October 20, ComputerWeekly.com – (International) Barclays hit by insider computer fraud, says IT security chief. Barclays Bank apparently fell victim to an internal computer fraudster who helped an international gang trick young job seekers into opening bank accounts subsequently used to launder money to Canada, said a security expert at the bank. The head of solutions in Barclays Information Security Group discussed the insider fraud at the annual meeting of the English chapter of the Internet Society, held in London September 29. When subsequently approached by Computer Weekly for further information, the bank official claimed the insider fraud scenario was a hypothetical example. But he told the Internet Society meeting he considered the situation when preparing his talk: "I went back to an incident I was dealing with this year — end of last year, beginning of this year," he told delegates. "Somebody internally was working with an external person who was opening Barclays accounts... in Africa, in Europe and wherever we were doing business, frankly," the bank official told the meeting. "They were hiring young kids. They would put out an advertisement saying, 'New start-up company needs young professionals.' This young kid would come and they would say, 'Open a Barclays account, and my business is going to transfer you money'," said the bank official. He said it was "classic money laundering." Source: http://www.computerweekly.com/Articles/2010/10/20/243460/Barclays-hit-by-insider-computer-fraud-says-IT-security.htm

21. October 19, The Register – (International) Two Russians convicted as money mules. Two Russian men were convicted the week of October 11 for their roles as money mules who tried to siphon funds out of U.S. bank accounts and send it to ringleaders in Ukraine. The two suspects, who were living in Miami, were convicted of one count each of wire fraud and conspiracy to commit wire fraud by a federal jury in Oklahoma. The men set up bank accounts that received funds stolen from a Bank of America account belonging to Oklahoma City-based Powell Aircraft Title Services, according to court papers filed in April 2010. According to prosecutors, the company's bank account came under control of unknown individuals in Ukraine who used malware to make fraudulent wired transfers. At least $1.3 million was fraudulently diverted from bank accounts using the scheme, they said. A third man accused of recruiting the mules was acquitted in the trial. According to court papers, he directed both mules to open the accounts and personally drove them to various branches so they could make withdrawals and got a split of their proceeds. The two suspects face a maximum sentence of 20 years in federal prison and fines of $250,000. A sentencing hearing will be sent in about 90 days, prosecutors said. Source: http://www.theregister.co.uk/2010/10/19/money_mules_convicted/

Information Technology

52. October 21, Softpedia – (International) Zynga sued for leaking Facebook user IDs to advertisers. Only days have passed since news broke out that top Facebook applications shared users IDs (UIDs) with advertisers, and Zynga has already been sued over the practice. Zynga is the largest Facebook developer and is responsible for six of the top ten most used applications on the platform. ComputerAndVideoGames (CVG) reported that a lawsuit seeking class action status was filed in U.S. District Court in San Francisco. The lawsuit alleges that Zynga broke federal law, as well as Facebook's terms of service, by sharing personal data of 218 million users with its advertising partners. It asks for unspecified monetary relief and an injunction that would ban Zynga from engaging in similar actions in the future. According to The Register, Zynga representatives called the lawsuit without merit and stressed that they are preparing a strong defense. Source: http://news.softpedia.com/news/Zynga-Sued-for-Leaking-Facebook-User-IDs-to-Advertisers-162090.shtml

53. October 21, TechWorld – (International) Mac users warned of growing virus threat. Attacks on the Mac are now significant enough to warrant Apple users investing in an anti-virus product, security company Panda Security said. There are now 5,000 "strains" of malware that target the Mac, and the company said it is seeing 500 new Mac-specific samples appearing every month. In 2009, 34 vulnerabilities were detected in Apple's OS X, which had risen to 175 so far for 2010, with a 20-year total of 170,000 macros "viruses" affecting the platform. Such security threats relate only to Apple desktop and laptop computers .Security companies eying Apple users is nothing new, and every notable antivirus company now has a Mac product. Questions remain about the scale of the threat, however. Source: http://www.networkworld.com/news/2010/102110-mac-users-warned-of-growing.html

54. October 20, DarkReading – (International) What Adobe's new PDF sandbox really means for attackers. The expected Protected Mode sandboxing feature in the new Adobe Reader Version X is part of Adobe's security strategy of hardening its code against attacks, said Adobe's senior director of product security and privacy. Poisoned PDFs are one of the most popular vehicles for carrying malicious code, and security experts applauded Adobe for the new. But how much can the new sandbox deter attackers? The Protected Mode is aimed at stopping attackers from installing malware, recruiting bots, and conducting malicious activity on a Reader user's machine, Adobe's senior director said. An upcoming version of the feature will stop "read" calls from a PDF as well, so an attacker can not read or access file systems, he noted. Reader's sandbox does not, however, protect against phishing or social engineering-based lures. And like any software, a sandbox can be broken, said a security expert, who sees the sandbox as an "emergency," short-term solution. Another researcher predicted researchers will show attacks on the sandbox at Black Hat this year, but no exploits will be in the wild before that. Source: http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=227900423

55. October 20, Softpedia – (International) Halloween-themed spam already in circulation. Security companies warn that affiliate marketing spammers have already began exploiting Halloween to trick people with fake prizes, contests, and offers. "Halloween is drawing near, so the spammers are busy laying out bait in the form of Halloween jackpots, sweepstakes, gift cards, e-cards, personalized gifts, online contests, and even print products and costumes," a security researcher at Symantec warned. Searching for holiday-themed screensavers or wallpapers on the Internet during this period has a great chance of leading to malware. Some examples of Halloween spam e-mail subjects seen by Symantec so far include the following: "Halloween Series Campaign Vol1", "Halloween Treat Bags, Home Decorations, and More", "Open this! $1 Million Prize", "Halloween Special! Up to 85% off ink and toner", "Halloween E-card - no cost." Meanwhile, cloud-security provider Zscaler warned that spammers compromised legit Web sites, including some that belong to educational institutions, and used them in black hat SEO campaigns to drive traffic to the Web site of a Halloween costumes retailer. Source: http://news.softpedia.com/news/Halloween-Themed-Spam-Already-in-Circulation-162074.shtml

56. October 20, IDG News Service – (International) Click fraud incidents shoot up in Q3. More than 20 percent of clicks on pay-per-click (PPC) ads in the third quarter were unintended or malicious, resulting in wasted marketing money that drew Web site visitors with no interest on the product or service advertised and no intention to buy. At 22.3 percent, the incidence of click fraud increased more than 8 percentage points compared with 2009's third quarter, according to a Click Forensics study released October 20. Click Forensics blamed the third-quarter click-fraud rate increase on automated attacks launched using botnets, and on emerging ad sources that fraudsters are exploiting, such as mobile, social networks, and video. Source: http://www.computerworld.com/s/article/9192103/Click_fraud_incidents_shoot_up_in_Q3

57. October 20, IDG News Service – (International) IBM uses 'virtual doorman' to lock down cloud computing. IBM has developed a new rootkit-detection system designed to make it easier to detect malicious attacks on virtualized data centers. Called the IBM Virtual Protection System, the software operates outside of the virtual machine and can identify malicious software when it is installed in any of the virtual machines on the server. Because the system runs outside of the virtual machine's operating system, it can detect hard-to-identify problems such as rootkits. It also gives administrators a single security product to run across virtual machines, said a senior manager with IBM security research. IBM likens the system to a virtual doorman for the cloud, designed to keep the bad guys out of virtualized servers. Source: http://www.networkworld.com/news/2010/102010-ibm-uses-virtual-doorman-to.html

58. October 20, The H Security – (International) Hole in Linux kernel provides root rights. A flaw in the implementation of the Reliable Datagram Sockets protocol (RDS) in the Linux kernel can be exploited to gain root (also known as superuser) rights or permissions on a victim's system. Attackers can exploit the hole to get complete control remotely once they have broken into the system. The researcher who discovered the vulnerability has published an exploit for demonstration purposes; in a test conducted by The H's associates at heise Security on Ubuntu 10.04 (64-bit), it opened a root shell. Kernel versions 2.6.30 to 2.6.36-rc8 are said to be affected. Linux developers have already provided a patch in the Git repository, that solves the problem. Distributors will likely publish new kernel versions soon. The researcher said the problem occurred because kernel functions in the RDS protocol do not correctly check addresses given when data are copied from kernel memory and user memory. Source: http://www.h-online.com/security/news/item/Hole-in-Linux-kernel-provides-root-rights-1122180.html

Communications Sector

59. October 20, Greencastle Banner-Graphic – (Indiana) Communications outage now fixed. Frontier Communications customers in parts of Greencastle and Putnam County in Indiana experienced an outage October 20. A spokesperson for Frontier said the outage began after 8 a.m. and was fixed around 11 a.m. The affected customers included DePauw University and the Putnam County Hospital. Source: http://www.bannergraphic.com/story/1674090.html

60. October 20, Beckley Register-Herald – (West Virginia) Quinwood 911 tower is nofully operational. A gap in service was closed just 2 months ago with the constructiof a new communications tower near Quinwood in western Greenbrier County, WestVirginia. The tower is already making a positive difference in communications betwthe 911 center and emergency responders in that portion of the county, according to tdirector of the Greenbrier County Emergency Communications Center. Built on a 1-acre parcel donated to the county by MeadWestvaco, the Quinwood tower is one of seven in the county. In case of an electrical outage, the tower is also equipped with a propane-powered generator that can run its radio transmitters for several days. At 1,0square miles, Greenbrier is the state's second-largest county in size, another factor thcomplicates the effort to provide sufficient emergency communication towers. Construction of the Quinwood tower, including site preparation, infrastructure installation and purchase of electronic equipment, cost in excess of $313,000, according to the director. Source: http://www.tmcnet.com/usubmit/2010/10/20/5080686.htm

61. October 20, Radio Ink – (Massachusetts, Texas, Rhode Island) FCC fines school foroperating station on expired license. The Federal Communications Commission (FCC) has issued a $7,000 fine against Pittsfield Public School Committee for failingfile its license renewal application on time for noncommercial WTBR-FM/Pittsfield, Massachusetts, and for operating the station after the license expired. The notice of apparent liability was issued 3 years ago, and since then the school committee has argued that the fine should be reduced or canceled because it could not afford to pay,and because it has taken steps to develop policies and procedures to ensure that all future commission filings are timely filed — arguments the FCC rejected. Meanwhilthe FCC fined the licensee of KMXO-AM/Merkel,Texas $1,500 for failing to renew the station's license on time, and it canceled a $1,500 late-license-renewal fine againsO-N Radio Inc.'s WOON-AM/Woonsocket, Rhode Island, but admonished the licensfor not filing electronically and instead filing in paper format without demonstrating good cause. Source: http://www.radioink.com/Article.asp?id=1992811&spid=24698

62. October 20, KGW 8 Portland – (Oregon) Transformer fire evacuates KGW building. The KGW building in Portland, Oregon, was evacuated October 20 due to fire in the building's main transformer. Newsroom employees heard two loud explosions that shook the TV-station building just after 2:30 p.m. Power also briefly went out in the building and one newscast producer reported feeling an electrical shothrough her keyboard. The fire alarm sounded and employees evacuated the building.Five fire trucks and 30 firefighters responded to the alarm, and SW Jefferson was closed between 15th and 16th for about 30 minutes. Fire crews determined an electritransformer in the vault below the building was the source of the explosion. Crews usfire extinguishers rather than water to put out the fire because the transformer was carrying 13,000 volts of live power and spraying water on the fire could have created an electrical arc and endangered the firefighters holding the hose line. The fire extinguished quickly and employees returned to the building shortly before 3:3There was some residual smoke in the newsroom, but no one was injured. Source: http://www.kgw.com/news/local/Transformer-fire-evacuates-KGW-building-105387128.html