Tuesday, June 14, 2011

Complete DHS Daily Report for June 14, 2011

Daily Report

Top Stories

• According to Reuters, health officials in Ohio said 8 people were sickened in the state as a result of a growing salmonella outbreak that federal officials said has now spread to 15 states.

29. June 13, Reuters – (Ohio; National) Salmonella outbreak linked to Ohio sickens 39 nationwide. Health officials in Ohio said June 9 that eight people had been sickened in the state as a result of a growing salmonella outbreak that federal officials say has now spread to 15 states. The Ohio Department of Health and the Ohio Department of Agriculture said the outbreak appeared to be linked to Mt. Healthy Hatchery, which supplies chicks and ducklings to an unnamed nationwide agricultural feedstore. The two businesses have been working with state and federal investigators looking into the outbreak, Ohio officials said. In addition to the eight cases in Ohio, the U.S. Center for Disease Control and Prevention said 31 people have become ill with salmonella as a result of this outbreak in Georgia, Indiana, Kentucky, Michigan, Maryland, Minnesota, North Carolina, New York, Ohio, Pennsylvania, Tennessee, and Virginia. Source: http://www.mnn.com/food/healthy-eating/stories/salmonella-outbreak-linked-to-ohio-sickens-39-nationwide

• IDG News Service reports Siemens has fixed bugs in its Simatic S7 industrial computer systems, used to control machines on factory floors, power stations, and chemical plants. See item 51 below in the Information Technology Sector.

Details

Banking and Finance Sector

16. June 13, V3.co.uk – (International) IMF suffers major sophisticated data breach. The International Monetary Fund (IMF) has become the latest well-known organization to suffer a major breach of its IT systems, in what some reports have suggested was a spear phishing attack orchestrated by a foreign government. The IMF, which oversees the global financial system and was instrumental in the economic bailout of countries such as Greece, Ireland, and Portugal, said it had suffered “an incident,” but maintained that its fund is “fully functional.” Reports suggested the IMF was forced to cut its network connection to the IT systems of the World Bank, located nearby, after finding that a compromised desktop had been used to access confidential files. Security experts warned that the security of the world’s critical infrastructures is at risk unless large organizations better prepare themselves for such sophisticated attacks. The IMF breach comes as hacking attacks on major businesses and governmental organizations are snowballing, with Chinese perpetrators often suspected. Source: http://www.v3.co.uk/v3-uk/news/2078440/imf-suffers-major-sophisticated-breach

17. June 13, HedgeCo.Net – (International) Houston hedge fund manager convicted for fraud. A Houston, Texas-based hedge fund manager was convicted the weekend of June 11 and 12 by a federal jury for his role in a $100-million hedge fund fraud scheme with more than 800 victims across the United States and Canada. “The verdict found [the man] guilty of a $100 million fraud and stealing the life savings of elderly retirees and hundreds of others who have seen everything they worked years for disappear,” said a U.S. attorney. On September 7, 2010, a federal grand jury returned an 18-count indictment against the man and two other principals of hedge fund A&O Resource Management Ltd. and various related entities that acquired and marketed life settlements to investors. The man was convicted on all counts, he faces up to 20 years for each count. Source: http://www.hedgeco.net/news/06/2011/huston-hedge-fund-manager-convicted-for-fraud.html

18. June 11, Chicago Tribune – (Illinois) 2 charged in 2010 bomb-threat bank heist try. Two 21-year-old Orland Park, Illinois men have been charged in a bomb threat and attempted bank robbery in 2010 in the southwest suburb, police announced June 11. The attempted robbery took place August 20, 2010 when someone made a bomb threat to the Chase Bank at 15100 LaGrange Road, police said in a news release. Officers were told a suitcase was placed next to the building and bank personnel had been told it contained instructions to follow. Officers cleared the bank and surrounding area because of the bomb threat, and called in the Cook County Bomb Squad. Police found a note in the suitcase that told the Chase Bank manager to put $4 million into the suitcase and deliver it to Union Station. If the money was not delivered, the note said, “several bombs surrounding the bank and in the suitcase would be triggered,” according to the police release. Source: http://www.chicagotribune.com/news/local/breaking/chibrknews-2-charged-in-2010-bombthreat-bank-heist-try-20110611,0,6291541.story

19. June 10, KPTV 12 Portland – (Oregon) Police: ‘Beastie Boys Bandit’ strikes again. A man known as the “Beastie Boys Bandit” has struck again in Portland, Oregon, police said June 10. Portland officers said the man tried to rob a Wells Fargo bank on Southwest Macadam Avenue June 9. Investigators said he did not get away with any cash. Police believe the man is the same person responsible for a string of robberies in March. Investigators said the thief wears a wig, fake mustache, and dark-colored suit similar to an outfit in the Beasties Boys’ “Sabotage” music video. Source: http://www.kptv.com/news/28198468/detail.html

20. June 10, Reuters – (Colorado) Elderly woman uses AIDS threat to rob Colorado bank: police. An elderly woman robbed a Colorado bank by passing a note saying she would infect a teller with AIDS if the clerk did not hand over money, police said June 10. A spokesman for the Longmont, Colorado police department said detectives are searching for a pale woman between the ages of 55 and 75 with a “boney build.” He said a woman, who was wearing a train conductor’s cap and a gray sweatshirt, walked into a Wells Fargo bank inside a Safeway grocery store June 9 and handed a note to a teller. “She indicated she had AIDS and would give it to a teller if she didn’t cooperate,” he said. The woman coughed frequently into a blue bandana during the robbery, and fled with an undisclosed amount of cash, he said. No weapon was displayed during the robbery, and no one was injured, police said. Source: http://www.reuters.com/article/2011/06/10/us-aids-robbery-idUSTRE7596WT20110610

Information Technology Sector

47. June 13, IDG News Service – (International) PlayBook OS updated after Adobe Flash security issue. A new version of the BlackBerry Tablet OS will soon be available to all BlackBerry PlayBook tablet users, to address a security issue raised by Adobe about its Flash Player, Research In Motion said June 12. The new version of the operating system, version 1.0.5.2342, will contain an updated version of the Flash Player, RIM said in a blog post. Adobe issued an update the week of June 6 for its Flash Player to deal with a cross-site scripting vulnerability. The problem could be exploited to perform actions on behalf of a BlackBerry PlayBook tablet user on any Web site or Web mail provider if the user visits a malicious Web site that loads Adobe Flash content, RIM said on a support page. The PlayBook’s operating system is built from the ground up to run Adobe Flash. Source: http://www.computerworld.com/s/article/9217557/PlayBook_OS_updated_after_Adobe_Flash_security_issue

48. June 13, Softpedia – (International) Epic Games forum hack prompts password resets. Epic Games has reset passwords across its entire forum after hackers got access to the underlying database. An announcement of the hack posted on the forum the week of June 6 includes a message from the Epic Games CEO that reads: “Our Epic Games web sites and forums were recently hacked. We’re working on getting them back up and running, and expect everything to be restored in a few days. The hackers likely obtained the email addresses and encrypted passwords of forum users. Plain text passwords weren’t revealed, but short or common passwords could be obtained by brute-force attack. Therefore, we are resetting all passwords. If you have an account on the Epic Games forums, you can request to receive your new password by email to the address we have on file for you.” It appeared the forum was reset to a previous state and everyone will have to repost anything posted since June 6. Accounts registered during this period also must be recreated. Unreal Developer Network was not compromised, and none of the site store sensitive financial or customer data. Epic Games is best known for creating the Unreal game engine. Source: http://news.softpedia.com/news/Epic-Games-Forum-Hack-Prompts-Password-Resets-205782.shtml

49. June 11, Softpedia – (International) LulzSec leaks over 26k new emails and passwords. LulzSec leaked over 26,000 e-mail addresses and plain text passwords stolen from the database of an adult Web site. After dumping the data online, the group encouraged people to try the log-in credentials on Facebook and tell the victims’ family members how they signed up for the adult site. Word of the potential abuse quickly reached Facebook’s security team, which forced password resets for all accounts corresponding to those e-mail addresses. LulzSec noted here were a number of .gov and .mil e-mail addresses registered on the compromised site, as well as some 55 accounts belonging to admins of other adult portals. LulzSec also published the personal information (dox) of executive officers and other employees from vulnerability research company Endgame Systems and anti-DDoS solutions provider Prolexic Technologies. The dox included information about these individuals themselves, their spouses, children, and other family members, and their respective social media accounts. Source: http://news.softpedia.com/news/LulzSec-Leaks-Over-26K-New-Emails-and-Passwords-205548.shtml

50. June 11, Softpedia – (International) CO.TV free domain provider abused in Google News BHSEO campaign. Security researchers from cloud security provider Zscaler have come across a Google News black hat SEO campaign that uses numerous co(dot)tv rogue domains. The targeted keywords are related to an actor’s departure from a popular television series. The news generated noticeable attention online the week of June 6, and was apparently popular enough for cyber crooks to try and exploit. Experts note search results poisoning has moved away from the traditional Web search and towards complementary services such as image search or news search. This switch has also been influenced by the fact Google has gotten better at preventing the rogue links from appearing at the top of its search results. However, Google has not paid the same attention to the other types of searches it offers. Black hat SEO attacks involve the creation of keyword-riddled pages on compromised domains and leveraging their Google rank to push the links at the top of the results for particular topics. Source: http://news.softpedia.com/news/CO-TV-Free-Domain-Provider-Abused-in-Google-News-BHSEO-Campaign-205566.shtml

51. June 10, IDG News Service – (International) Siemens fixes industrial flaws found by hacker. Siemens has fixed bugs in its Simatic S7 industrial computer systems, used to control machines on factory floors, power stations, and chemical plants. The patches, released June 10, mark Siemens’ first response to a high-profile computer security incident since the Stuxnet worm, which was discovered a year ago circulating on computer networks in Iran. Siemens fixed a pair of flaws in the S7-1200 controller, acknowledging that one could be leveraged to take control of the system using what’s known as a replay attack. A second flaw, in a Web server that ships with the device, could give attackers a way to crash the system. However, the attacker would have to first find a way onto the victim’s network before launching these attacks. Siemens had been scrambling to fix the bugs since they were discovered earlier this year by a researcher with security vendor NSS Labs. Source: http://www.computerworld.com/s/article/9217547/Siemens_fixes_industrial_flaws_found_by_hacker

52. June 9, threatpost – (International) Hackers pinch obfuscation technique from DEFCON presentation. The week of June 6, a Kaspersky Lab researcher blogged about a new code obfuscation technique she discovered while analyzing a Polish e-commerce Web site that had been compromised. The technique was first demonstrated at the DEFCON 16 security conference in 2008. While analyzing some of the PHP scripts running on the site to try to discover how the attackers were inserting malicious links into the site’s Web pages, the researcher discovered a new technique the attackers used to hide their work: using a mix of non-printing characters, particularly, spaces and tabs to “write” the name of a malicious URL that was then inserted, as a link, into the e-commerce sites HTML pages. “The function splits this whitespace mix into 8-digit pieces, and then it changes all TAB chars into ‘1’ and all spaces into ‘0’,” she wrote. That leaves the hacker with binary code, which is later transformed into decimal values and printed as the final URL using ASCII characters. Source: http://threatpost.com/en_us/blogs/hackers-pinch-obfuscation-technique-defcon-presentation-060911

For another story, see item 16 above in the Banking and Finance Sector

Communications Sector

See item 47 above in the Information Technology Sector

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)