Thursday, January 6, 2011
Complete DHS Daily Report for January 6, 2011
Daily Report
Top Stories
• Homeland Security Today reports that flu virus strains have begun to spread in Western Europe, the Middle East, and Southeast Asia. In the United States, the Centers for Disease Control and Prevention reported that flu activity is now rampant in New York, Alabama, Georgia, and Mississippi. (See item 39)
39. January 4, Homeland Security Today – (National) Myriad flu strains emerging worldwide. As confirmed cases of influenza in the United Kingdom over the last couple of weeks rose from 40 percent to 50 percent and at a level that qualifies as an epidemic, flu virus strains also have begun to spread elsewhere in Western Europe, the Middle East, and Southeast Asia. In the United States, the Centers for Disease Control and Prevention (CDC) reported that flu activity is now rampant in New York, Alabama, Georgia, and Mississippi. Moderate flu infections have been reported in Louisiana, Arizona, Florida, Illinois, Kentucky, and Nevada. ―The District of Columbia and 48 states from all ten surveillance regions have reported laboratory-confirmed influenza this season,‖ CDC stated, adding that ―while activity in other areas of the country is increasing, Region 4 in the Southeastern United States has accounted for 2,664 (54.8 percent) of all 4,864 reported influenza viruses this season, including 1,547 (78.9 percent) of the 1,961 influenza B viruses.‖ Disturbingly, CDC noted that ―high levels of resistance to the [antivirals] amantadine and rimantadine persist among 2009 influenza A H1N1 and A H3N2 viruses,‖ emphasizing that ―the adamantanes are not effective against influenza B viruses circulating globally.‖ Source: http://www.hstoday.us/briefings/daily-news-briefings/single-article/myriad-flu-strains-emerging-worldwide/130e079705c2f7f70accd6bff45633b5.html
• According to the Canadian Press, security has been increased at Coptic churches across Canada as they prepare to celebrate Christmas January 7, in the wake of a deadly terrorist attack in Alexandria, Egypt, January 1. Coptic Orthodox leaders in Canada have been contacted by the Royal Canadian Mounted Police due to concerns that extremists may target the Coptic diaspora abroad. (See item 62)
62. January 5, Canadian Press – (International) High alert for Coptic Christmas in Canada after terrorist attack in Egypt. Security has been increased at Coptic churches across Canada as they prepare to celebrate the birth of Christ this January 7, in the wake of a deadly terrorist attack in Alexandria, Egypt, January 1. Coptic Orthodox leaders in Canada have been contacted by the Royal Canadian Mounted Police (RCMP) due to concerns that extremists may target the Coptic diaspora abroad. The Head of the Canadian Coptic Association based in Montreal said the RCMP are taking every precaution to ensure no attacks are carried out as they celebrate the Orthodox Christmas. Officials said January 4 the attack in Egypt left at least 23 dead, and it sparked riots in Egypt and alarm across Europe and North America. Canada is believed to be home to the largest Coptic diaspora after the United States, with conservative estimates at nearly 250,000, mostly living in Eastern Canada. There are five Coptic Orthodox Churches in Montreal and more than 20 in the Greater Toronto Area. The Canadian Press reported last month on an al-Qaeda website, Shumukh al Islam, that has a list of more than 100 Copts living in Canada and others around the world. Source: http://www.winnipegfreepress.com/canada/breakingnews/high-alert-for-coptic-christmas-in-canada-after-terrorist-attack-in-egypt-112889484.html
Details
Banking and Finance Sector
16. January 5, Softpedia – (National) AOL customers targeted in new phishing attack. A new phishing attack is targeting AOL subscribers by claiming that they need to update their account billing information in order to avoid facing restrictions. The rogue emails have their header spoofed to appear as originating from ―AOL Member Billing Services‖ and bear a subject of ―Billing update on file must be performedz.‖ The body uses an AOL template which includes an AOL Member Services banner and the enclosed message reads: ―Our records indicate that your account hasn‘t been updated as a part of our regular account maintenance. Our new SSL servers check each account for activity and your information has been randomly chosen for verification. AOL Member Services strives to serve their customers with better and secure banking service. Notification: Failure to update your account information may result in account limitation at shopping on our portal.‖ A link called ―Update your information‖ is included and, if clicked, takes recipients to a phishing page which displays a form for inputting a wealth of information. This includes name, address, city, state, zip code, country, phone number, birth date, Social Security number, driver‘s license number, as well as credit card type, number, CVV2, PIN, expiration date, issuing bank, bank routing number, and bank check account. Information about the AOL account itself, such as screen name, password, security question, and answer are also required. Source: http://news.softpedia.com/news/AOL-Members-Targeted-in-New-Phishing-Attack-176351.shtml
17. January 4, Help Net Security – (International) The evolution of cyber criminal operations. There is a concerning evolutionary step cyber criminal operations are taking to more effectively diversify the distribution of their ill-gotten gains, according to Fortinet. The campaigns, which were seeded in a number of Asian and European countries, solicited local individuals who already have or had established relationships in the banking industry or were looking for work as ‗online sales administrators‘. To make these ―localized‖ campaigns even more effective, they incorporated regional-sounding domain names, such as cv-eur.com, asia-sitezen.com, and australia-resume.com. Upon closer scrutiny, Fortinet discovered all three domains were registered to the same Russian contact, and all contact addresses for worldwide recruitment used Google mail hosting. By using localized campaigns, criminals can obtain mule accounts internationally – each one falling under different banks and governing laws. Thus, if one is taken offline (due to increased enforcement activity), the others will remain online and business will be as usual. Cleverly engineered spam mail with malicious attachments/intentions can be much more damaging than non-effective spam by the masses. Source: http://www.net-security.org/secworld.php?id=10391 18. January 4, BankInfoSecurity.com – (National) The evolution of check fraud. Despite an overall, albeit gradual, decline in check use, check fraud continues to plague the financial industry. And banks and credit unions are challenged to curb these evolving crimes. According to the new Faces of Fraud Survey, check fraud is one of the top three fraud forms plaguing banking institutions, joining the likes of phishing and vishing, and payment card fraud. Sixty-three percent of survey respondents say they experienced check fraud in 2010. Yet only 34 percent of banks and credit unions say they are well equipped to fight these crimes. ―Check fraud is so prevalent because it‘s easy,‖ said the vice president of the Center for Regulatory Compliance within the Financial Policy and Regulatory Affairs division of the American Bankers Association. ―This is low-tech crime, and a lot of fraud prevention in this area is focused on training frontline tellers to ask questions. ... When human interaction is involved, the human analysis is your best line of defense.‖ Source: http://www.bankinfosecurity.com/articles.php?art_id=3231
19. January 3, KY 3 Springfield – (Missouri) Thieves come up with new, easier way to steal credit card data. City police say they have learned criminals can swipe information on a credit card account without ever touching or even seeing the card. The police chief call it electronic pickpocketing. By getting within two or three feet of a purse or wallet, thieves can use a credit card reading device to steal personal bank information. It is a device that any thief can buy on the Internet. Credit card companies tout the new payWave or pay pass systems as the latest and greatest way to get in and out quickly. You can charge something to your credit card without ever swiping it by just holding it near a pay-out machine. ―It can scan your card through your wallet, through your purse, and capture your credit card, your expiration date and your name, and that‘s all they need to use it,‖ said the Osage Beach Police chief. The machines are handy as long as it is a legitimate business capturing your card. Sometimes it is not. Source: http://articles.ky3.com/2011-01-03/credit-card_26357721
20. January 3, Associated Press – (International) French trial for 8 suspects in terror finance ring. Eight men went on trial on January 3 in Paris for their alleged roles in an armed gang accused of using explosives and the threat of violence to finance Islamic terror operations. Prosecutors say the gang set up a restaurant and a cybercafe to try and hide their criminal activities — an ―elaborate strategy to promote and finance the cause‖ of terror, the indictment alleges. The trial, set to continue until Januay 28, takes place five years after the suspects‘ arrest in an anti-terror sweep. It is common in France for investigators to work on cases for years before they go to trial. Some of the suspects have acknowledged being members of a criminal gang, but all have denied that their goal was to finance terrorism, Le Figaro newspaper reported. The alleged ringleader has already spent time in prison from 2000-2004 for trafficking phony passports to radical groups. All of the men — a French-Algerian, four Tunisians, an Algerian, and two French citizens — are charged with ―criminal association in relation with a terrorist enterprise,‖ and some are also accused of terror financing and illegal possession of weapons. The gang is accused of using explosives to blast a hole in the wall of a warehouse of a money transport company in Beauvais, north of Paris, in 2005 — but the hole was not big enough for them to get inside, and they left empty-handed. After the suspects were rounded up, police discovered weapons and explosives in a storage space in the Paris suburbs. Some of the men are also accused in the theft of official French identity documents in northern France. Source: http://www.npr.org/templates/story/story.php?storyId=132630629
For another story, see item 57 below in Information Technology
Information Technology
50. January 5, Computerworld – (International) Microsoft, Googler tussle over bug timeline. Microsoft and a Google security engineer are sparring over a bug the researcher reported to Microsoft in July 2010. A vulnerability researcher who works on Google‘s security team, publicly released a new ―fuzzing‖ tool January 1 called ―cross_fuzz‖ that he had used to find more than 100 bugs in 5 major browsers. He said he released cross_fuzzer and the crash dump because Chinese hackers were already investigating the vulnerability, and because Microsoft had not responded for months to his bug report. He first contacted Microsoft in July 2010, when he told the company‘s security team he had found ―multiple crashes and GDI [graphics device interface] corruptions,‖ and provided Microsoft with two early versions of cross_fuzz for them to use to verify the problems. He stated he had no contact with Microsoft between August 5 and December 20, when he told them he would release the fuzzer in early January 2011. When Microsoft asked that he delay its release, he declined. Microsoft chastised the Google security engineer January 3. ―Working with software vendors to address potential vulnerabilities in their products before details are made public reduces the overall risk to customers,‖ said a spokesman for the Microsoft Security Research Center. Source: http://www.computerworld.com/s/article/9203339/Microsoft_Googler_tussle_over_bug_timeline
51. January 5, H Security – (International) Microsoft warns of thumbnail hole in Windows. In a security advisory, Microsoft warns of a new, previously unknown security hole in Windows which can be exploited to inject and execute arbitrary code. Sample code that demonstrates how to go about an exploit is already in circulation. In December 2010, two people gave a presentation entitled ―A Story about How Hackers‘ Heart Broken by 0-day‖ at the ―Power of Community‖ security conference. Their presentation documents describe a security hole in Windows that is connected to the display of thumbnails and can reportedly be exploited locally via Explorer as well as remotely via WebDAV. Displaying a file with a specially crafted thumbnail is all that is required for a successful attack. The vulnerability is exploited by setting a negative number of colour indexes in the colour table (biClrUsed). According to Microsoft‘s security advisory, all versions of Windows except Windows 7 and Server 2008 R2 are vulnerable. Microsoft say that they are currently not aware of any attacks which try to exploit the reported vulnerability. However, this could soon change, as a Metasploit module for creating suitable malicious files was released almost simultaneously with Microsoft‘s advisory. Source: http://www.h-online.com/security/news/item/Microsoft-warns-of-thumbnail-hole-in-Windows-1163562.html
52. January 5, H Security – (International) Floating point DoS attack. A bug in the way the PHP scripting language converts certain numbers may cause it to tie up all system resources. For example, on 32-bit systems, converting the string ―2.2250738585072011e-308‖ into a floating point number using the function zend_strtod results in an infinite loop and consequent full utilisation of CPU resources. PHP 5.2 and 5.3 are affected, but apparently only on Intel CPUs which use x87 instructions to process floating point numbers. The x87 design has long been known to contains a bug which triggers just this problemPDF when computing approximations to 64-bit floating point numbers. By default, 64-bit systems instead use the SSE instruction set extension, under which the error does not occur. Processing the numbers 0.22250738585072011e-307, 22.250738585072011e-309 and 22250738585072011e-324 also triggers an infinite loop. It may also be possible to remotely disable some server systems merely by sending this value as a parameter in a GET request. The PHP development team has fixed this in the forthcoming version 5.3.5. A patch for version 5.2.16 is available from the repository. Source: http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html
53. January 5, Europol – (International) The hidden risks of social media. Europol‘s new Internet facilitated organized crime (iOCTA) report examines how European Union citizens are risking their personal identities, privacy, and computer data through the use of social media tools which are increasingly a target for cybercriminal activity. In recent years the transition of the world wide web from a collection of websites to a platform for linked services such as social networking sites and real–time communication tools (‗Web 2.0‘), has provided the technical means for the expansion of social engineering. Cybercriminals exploit the trust of users — who consider themselves to be in a ‗safe‘ network of people they know — by injecting malicious software into posted items and sharing links to websites that are bogus and designed to extract personal information. The majority of organizations have come to accept the use of social networking sites in the workplace. But under the right circumstances, access to social media at work has the potential to infect corporate networks with spyware and other means to harvest large amounts of personal, corporate, and financial data for profit. Source: http://www.europol.europa.eu/index.asp?page=news&news=pr110105.htm
54. January 4, Darkreading – (International) New stealth rootkit steals Windows 7, Server 2008 user privileges ‘on the fly’. A European researcher has created a rootkit that can evade detection in Windows 7 and Windows Server 2008 machines and reset user passwords. The rootkit was initially a project meant for training purposes. But its designer, a security expert for Deloitte in Hungary who works on penetration testing and forensic cases, says he eventually discovered he could perform new types of attacks with the rootkit, which he plans to deliver to antivirus firms as well as to the International Council of E-Commerce Consultants (EC-Council) for its certified hacker training program. He demonstrated the rootkit for the first time at the recent Hacker Halted conferences in Miami, Florida, and Cairo, Egypt. One particularly powerful module of the rootkit is based on the concept of a cached data attack. The cached data attack has to do with how the operating system caches data in physical memory. It lets an attacker clear and reset passwords in memory without being detected by the operating system. Source: http://www.darkreading.com/authentication/167901072/security/vulnerabilities/229000060/new-stealth-rootkit-steals-windows-7-server-2008-user-privileges-on-the-fly.html
55. January 4, Federal Computer Week – (International) Microsoft issues IE advisory, warns on FTP flaw. Microsoft‘s security team announced late December 2010 that it is investigating two proof-of-concept flaws in Microsoft‘s Web-related software. One of the flaws offers a possible avenue for remote code execution attacks via Internet Explorer (IE). The other flaw could enable denial-of-service attacks by exploiting a vulnerability in Internet Information Services FTP 7.5, which runs as a part of Windows 7 and Windows Server 2008 R2. The IE proof-of-concept flaw potentially affects all versions of Microsoft‘s Web browser. It supposedly works by bypassing protections normally enabled by Microsoft‘s address space layout randomization (ASLR) and data execution prevention (DEP) technologies. Microsoft described the problem in a blog post in December 2010, suggesting that users could deploy Microsoft‘s Enhanced Mitigation Experience Toolkit (EMET) as a workaround. Source: http://fcw.com/articles/2011/01/04/ecg-microsoft-investigating-ie-and-ftp-security-flaws.aspx
56. January 4, Federal Computer Week – (International) Exploit for critical vulnerability in Microsoft Office appears in the wild. An exploit has been discovered in the wild that can successfully attack a critical vulnerability in the way Microsoft Office handles Rich Text Format data, allowing remote execution of code on a victim computer. Microsoft released a patch for the vulnerability, known as CVE-2010-3333, in November 2010, and no widespread outbreaks of exploits have yet been reported. The public availability of an exploit lowers the bar for attackers, however, and increases the urgency for seeing that affected software is patched. Source: http://fcw.com/articles/2011/01/04/ms-office-rtf-exploit.aspx
57. January 3, Pittsburgh Post-Gazette – (International) Slots-theft case expands. A Swissvale, Pennsylvania, man who was to stand trial January 3 on charges of swindling the Meadows Racetrack & Casino in Pittsburgh out of nearly $430,000 instead was arrested by federal authorities for ―global prosecution‖ involving the theft of up to $1.4 million from slot machines. The man was charged with computer intrusion, conspiracy, and other federal offenses in what was allegedly a Las Vegas, Nevada-based, worldwide scheme to target a particular slot machine. ―From Las Vegas to Monaco, every casino that has these types of machines could be affected,‖ said the Washington County District Attorney. Authorities said the men were aware of a software glitch in a high-limit slot machine and entered a specific set of keystrokes to expose the weakness and cause the machine to generate false double jackpots. Source: http://www.post-gazette.com/pg/11003/1115306-100.stm
Communications Sector
58. January 5, KNBC 4 Los Angeles – (California) Long wait for phone repair. In late December, AT&T was saying it only had ―pockets‖ of service outages because of the rains. Now after questioning by NBCLA, the phone giant admits it has outages in every part of Southern California, but the company will not tell us exactly how many customers are without service. They are admitting that there is now a 17-day wait to get a repairman to your house. A spokesperson for AT&T told NBCLA that because of the rain they are working around the clock to restore service to customers. To deal with this current repair nightmare, AT&T brought in over 1,000 technicians from outside Southern California, just to fix the phones in the LA area. Verizon also told NBCLA that it is experiencing ―higher than normal‖ outages of landline service in the LA area. Verizon said it too has brought in technicians from out of state get a handle on the volume of service calls, and said its customers are experiencing about a week wait to get repairs. Source: http://www.nbclosangeles.com/news/local-beat/Long-Wait-for-Phone-Repair-112909049.html
59. January 5, Honolulu Star Advertiser – (Hawaii) Phones still down for 1,100. There an estimated 1,100 Hawaiian Telcom land-line customers currently without phone service since December and through the holidays. A Hawaiian Telcom spokeswoman said trouble calls rose following the December 10-11 heavy rain and again December 19, following another bout of heavy rainfall. The company reported about 2,200 current trouble tickets, with problems ranging from static to outages. It includes multiple calls from the same customers and non-rain-related issues. The company was unable to provide the number of customers with rain-related problems since the flood of calls began. The company‘s repair crews have been working overtime and holidays, and neighbor island crews were brought in to help. Some repairs require cutting sections of cable damaged by short circuits due to water infiltration, then painstakingly splicing in hundreds of lines on both ends. Small pockets of isolated problems affecting one or a few customers have occurred across the island. Equipment failure occurred in some areas caused by prolonged loss of power and water infiltration, the spokeswoman said. In the Punahou and Aina Haina areas, a concentration of customers were hit, 140 and 70, respectively, she said. In the Punahou area, construction crews from other companies damaged Hawaiian Telcom cables, causing small holes or cuts, without notifying the phone company. Source: http://www.staradvertiser.com/news/hawaiinews/20110105_Phones_still_down_for_1100.html
No comments:
Post a Comment