Thursday, February 24, 2011
Complete DHS Daily Report for February 24, 2011
Daily Report
Top Stories
• Reuters reports that Ford Motor Co., facing government pressure after 77 injuries, announced plans to recall nearly 150,000 F-150 pickup trucks to fix air bags that could deploy without warning, a fraction of the vehicles the government contends should be called back and repaired. (See item 13)
13. February 23, Reuters – (National) Ford to recall F-150 pickups over air bags. Under government pressure, Ford Motor Co. said February 23 it will recall nearly 150,000 F-150 pickup trucks to fix air bags that could deploy without warning, a fraction of the vehicles the government contends should be called back and repaired. The recall covers trucks from the 2005-2006 model years in the United States and Canada for what Ford calls a “relatively low risk” of the air bag deploying inadvertently. The government, however, has urged the company to recall 1.3 million F-150s from the 2004-2006 model years, citing 77 injuries from air bags deploying accidentally. The recall is being closely watched because Ford’s F-Series pickup truck is the best-selling vehicle in America. The National Highway Traffic Safety Administration (NHTSA) has been investigating the air bag issues for more than a year. In May 2010, Ford told the government that the problems did not “present an unreasonable risk to vehicle safety” because there was a low rate of alleged injuries and the air bag warning lamp provided an “obvious warning” to drivers. Ford told NHTSA in May that some drivers reported injuries that included burns from contact with the air bag, bruises, neck and back pain, and minor cuts. “Two customers reported broken or chipped teeth and two reported fractures of the extremities (elbow or arm),” wrote the director of Ford’s automotive safety office. The NHTSA’s acting director of defect investigations, wrote in a memo November 24, 2010 that the agency knew of 238 cases in which the air bags deployed inadvertently and noted that Ford made production changes to the trucks in 2006 and 2007 to fix the air bag wiring and other issues. The memo said that Ford did not believe the issue “warrants any corrective action” because the number of reports and incidents were low, owners received “adequate warning” from the air bag warning light and the “resulting injuries are minor in nature.” The government said Ford should conduct a recall “to remedy this defective condition.” Source: http://www.msnbc.msn.com/id/41733165/ns/business-autos/
• According to the Associated Press, the U.S. State Department said officials are processing thousands of dual U.S.-Libyan nationals, private U.S. citizens, and nonessential embassy staffers for a ferry trip out of Libya where hundreds have died in protests. (See item 32)
32. February 23, Associated Press – (International) Evacuation effort for Americans begins. The U.S. State Department said officials are processing U.S. citizens for a ferry trip out of Libya. The government arranged the trip to evacuate Americans from Libya to the Mediterranean island of Malta. The State Department believes there are several thousand dual U.S.-Libyan nationals, and about 600 private U.S. citizens in Libya. Officials have been trying to get 35 nonessential embassy staff members and family members of embassy personnel out of the country. The U.S. President’s administration has not yet outlined any steps to take against the Libyan regime for its violent crackdown on protesters that has seen hundreds of people killed. Source: http://www.kspr.com/sns-ap-us-libyaupdate,0,1397849.story
Details
Banking and Finance Sector
14. February 23, Associated Press – (National) ‘Burly Bandit’ gets 10 years. A bank-robbing bus driver who hit banks in six northeastern states is going to prison for 10 years. A judge in Bangor, Maine, also ordered the 48-year-old to pay $81,059 in restitution to the banks he hit during a 3-month spree last summer. Nicknamed the “Burly Bandit” by the FBI, the convict — a driver for Greyhound — pleaded guilty to 11 counts of robbery for the heists at banks and credit unions, which started April 9, 2010 in Buffalo, New York, continued in Vermont, Massachusetts, New Hampshire and Rhode Island, and ended with a July 13 job at Bangor Savings Bank in Orono, Maine. He was arrested the day after that heist following tips from people who recognized him from surveillance photos. Source: http://www.wcsh6.com/news/local/story.aspx?storyid=149041&catid=2
15. February 23, Associated Press – (Arizona) Former loan officer charged in federal fraud case. A former Phoenix, Arizona, loan officer charged in a $40 million mortgage fraud scheme is facing additional charges. The U.S. Attorney’s Office said the 42-year-old was arrested by the FBI February 18. The suspect was being charged with bankruptcy fraud after prosecutors alleged she changed her name in May 2010. Prosecutors said the suspect tried to hide assets and income from bankruptcy court by filing them under her previous name. The suspect’s other trial, related to her alleged role in a nearly $40 million mortgage fraud scheme is set to begin in August. Source: http://www.kswt.com/Global/story.asp?S=14081488
16. February 22, Federal Information & News Dispatch, Inc. – (Massachusetts) Man accused of $4M fake life settlement fraud. A Massachusetts man, also living in Florida, was charged February 17 in federal court with mail and wire fraud in connection with a 6-year scheme involving purported investments in “life settlements,” in which it is he defrauded about 20 victims of approximately $4 million. The 67-year-old suspect, of Winthrop, and Jupiter, Florida, was indicted on 5 counts of wire fraud and 13 counts of mail fraud. The indictment alleged that from 2002-2008, the suspect engaged in a scheme to defraud investors by misrepresenting to people how those funds would be used, invested and repaid. He instead diverted the funds for his own personal and business purposes. Source: http://insurancenewsnet.com/article.aspx?id=248845
17. February 19, Reuters – (Colorado) Tied-up teller arrested in Colorado bank robbery. A Colorado bank teller who claimed he was robbed at knifepoint and tied up inside a bank vault was arrested February 19 along with his alleged accomplice after police said the crime was an inside job. The 22-year-old male was taken into custody after detectives determined “something was just not right” with his harrowing story, a spokesman with the Longmont, Colorado police department told Reuters. “This bank is inside an open, busy Wal-Mart,” the spokesman said. “A bank robber is not going to take the time to go to all that work.” He said police and FBI agents responded February 18 to reports of an armed robbery at the Academy Bank in Longmont. A bank employee said she discovered the teller bound with duct tape inside the bank vault when she reported for work, according to the police report. The teller told police “an Asian or Hispanic man with a chubby face” wearing an Army jacket and wielding a knife robbed him shortly after the bank opened, the spokesman said. Bank surveillance cameras captured images of a man matching the teller’s description fleeing the bank with an undisclosed amount of cash. Investigators identified the robber as a 22-year-old male, and from there the scheme unraveled, police said. On February 19, police searched the teller’s home and found “money and other evidence related to the crime,” the spokesman said. The robber and teller were arrested and charged with aggravated robbery and conspiracy to commit a theft of over $20,000. The teller also faces a false reporting charge. Source: http://www.reuters.com/article/2011/02/19/us-bank-robbery-idUSTRE71I3S220110219
For another story, see item 43 below in the Information Technology Sector
Information Technology
39. February 23, Help Net Security – (International) 41% of organizations not aware of security risks. Forty-one percent of organizations are not well aware of or protected against IT security risks, according to McAfee. Another 40 percent are not completely confident they can accurately deploy countermeasure products thus leaving them at risk. The McAfee report found that to address these concerns, nearly half of all companies plan to spend an average of 21 percent more in 2011 on risk and compliance solutions. Overall, the survey indicated strong growth for risk and compliance products in 2011 with the majority of decision-making executives demanding integrated and automated solutions rather than point products. Source: http://www.net-security.org/secworld.php?id=10653
40. February 23, Softpedia – (International) Phishing on the rise again after holiday decline. German antivirus vendor Avira warnedt the number of phishing attacks is again on the rise after a significant decline in December 2010. “While the numbers for Phishing in December were almost all red, showing a dramatic drop for the (dot)org (-151 percent), (dot)com(-76 percent), and (dot)net(-24 percent) domains, we now have seen the exact opposite development in January 2011,” according to Avira. “Phishing was definitely on the rise and even if the malware URLs still show mostly as red numbers, some of them have also increased,” an Avira data security expert said. PayPal remains the most phished brand, having been targeted in almost 37 percent of attacks in January, an increase of 53 percent since December. eBay, was also among the favorite phishing targets, with attacks against the Web site almost doubling since December and accounting for 27 percent of the total. Source: http://news.softpedia.com/news/Phishing-on-the-Rise-Again-After-Holiday-Decline-185762.shtml
41. February 22, The Register – (International) Facebook users subjected to more clickjacking. Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving. The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise shocking videos about such things as the real ingredients of Coca Cola. Instead, they are forced into registering their approval of the videos using Facebook’s “Like” button. Clickjacking is a term that was coined in 2008. It describes attacks that allow malicious Web site publishers, or their users, to control the links visitors click on. They are typically pulled off by superimposing an invisible iframe over a button or link. Virtually every browser is vulnerable, although many come with safeguards that can make exploitation harder. Source: http://www.theregister.co.uk/2011/02/22/facebook_clickjacking_attacks/
42. February 22, Softpedia – (International) US spam levels begin to recover. U.S. spam levels began recovering in January, which pushed the country back into the list of top 20 spam sources after 2 months of absence. According to data from security vendor Kaspersky Lab, the overall amount of spam slightly increased in January by 0.5 percentage points and averaged 77.6 percent of all e-mail traffic. Meanwhile, e-mail phishing levels remained low. This type of rogue traffic comprised 0.03 percent of all e-mails sent in January, a decrease of 0.1 percent compared to December. The percentage of e-mail messages carrying malicious attachments remained significant at 2.75 percent, representing an increase of 1 percent over the last month of 2010. Source: http://news.softpedia.com/news/Spam-Recovers-in-USA-185593.shtml
43. February 21, The Register – (International) Flash drives dangerously hard to purge of sensitive data. In research that has important findings for banks, businesses, and security experts, scientists have found computer files stored on solid state drives are sometimes impossible to delete using traditional disk-erasure techniques. Even when the next-generation storage devices show files have been deleted, as much as 75 percent of the data contained in them may still reside on the flash-based drives, according to the research, which was presented the week of February 21 at the Usenix FAST 11 conference in California. In some cases, the SSDs, or sold-state drives, incorrectly indicate the files have been “securely erased” even though duplicate files remain in secondary locations. The difficulty of reliably wiping SSDs stems from their radically different internal design. Traditional ATA and SCSI hard drives employ magnetizing materials to write contents to a physical location that’s known as the LBA, or logical block address. SSDs, by contrast, use computer chips to store data digitally and employ an FTL, or flash translation layer, to manage the contents. When data is modified, the FTL frequently writes new files to a different location and updates its map to reflect the change. In the process, left-over data from the old file, which the authors refer to as digital remnants, remain. Source: http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/
For another story, see item 44 below in the Communications Sector
Communications Sector
44. February 23, Help Net Security – (International) Spyware compromises 150,000+ Symbian devices. A new variant of spyware “Spy(dot)Felxispy” on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Center of China. According to NetQin Mobile, there are more than a dozen variants of the spyware since it first was spotted, and the latest has affected more than 150,000 devices. Symbian is an open source system and software platform designed for smartphones and maintained by Nokia. Once installed, the spyware turns on the conference call feature without users’ awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation. NetQin Cloud Security Center detects the spyware can remotely turn on the speaker on the phone to monitor sounds around users without the users’ awareness. It is also capable of synchronizing the messages the user received and delivered to the monitoring phone. Source: http://www.net-security.org/malware_news.php?id=1640
45. February 22, KXTV 10 Sacramento – (California) State Capitol vigil foe claims union web attack. A Conservative radio talk show host who announced plans on his Web site to infiltrate a union solidarity vigil at the California capitol said his site had been shut down by a union cyberattack. “It was a massive denial-of-service attack that crashed the server,” said the host, 55, who had posted plans on his site to disrupt a candlelight vigil on the west steps of the capitol February 22. He said the computer attack began February 21. The site was still down early February 22, although the talk show host said February 22 it would be restored shortly. The vigil was organized by a number of labor groups to express solidarity for union supporters in Wisconsin fighting a Republican-led effort to strip collective bargaining rights. The Web site, cached by Google before it went down, encouraged anti-union activists to wear Service Employees International Union (SEIU) t-shirts concealing anti-union protest signs that would be brought out during the vigil: We will approach the cameras to make good pictures ... signs under our shirts that say things like “screw the taxpayer!” and “you OWE me!” to be pulled out for the camera (timing is important because the signs will be taken away from us). In a brief conversation with News10, the talk show host said he was never serious about the infiltration plan, and simply posted it on his Web site to bait his opponents. Source: http://www.news10.net/news/article.aspx?storyid=124287&provider=top&catid=188
No comments:
Post a Comment