Friday, June 10, 2011

Complete DHS Daily Report for June 10, 2011

Daily Report

Top Stories

• The Birmingham News reports Talladega, Alabama officials continue to search for the cause of a 6-day water main leak that has hemorrhaged more than 2.8 million gallons of water per day, and forced the cancellation of surgeries at a hospital. (See item 26)

26. June 8, Birmingham News – (Alabama) Talladega searching for water leak that is losing 2.8 million gallons per day. Talladega, Alabama is losing enough water each day to fill more than four Olympic swimming pools, but authorities have no idea where the water is going. The consequences, though, are obvious as the crisis enters its sixth day. The local hospital has called a halt to surgeries, residents are asked to boil drinking water, and the city, which has declared a state of emergency, has invested tens of thousands of dollars in bottled water to hand out to a parched community. Water and sewer officials June 8 continued to search for the cause of the mysterious water main leak which has hemorrhaged more than 2.8 million gallons of water per day. By midday June 8, city officials had handed out at least 40 pallets of water, some donated by the emergency management agency, and others brought into the city by tractor trailer rigs: the price tag on just one of those loads was more than $20,000. Add in the amount of water lost, time spent trying to figure out the problem, and the eventual repairs, and the city manager said it will be nothing short of a major financial blow to the system. Source: http://blog.al.com/spotnews/2011/06/talladega_searching_for_water.html

• According to CNN, a lightning strike June 8 at military training camp sent 77 U.S. Air Force Reserve Officer Training Corps (ROTC) cadets to hospitals in the Hattiesburg, Mississippi, area, where they were all responsive and in stable condition. (See item 32)

32. June 8, CNN – (Mississippi) Lightning strike at Mississippi military base sends 77 to hospital. A lightning strike June 8 sent 77 U.S. Air Force Reserve Officer Training Corps (ROTC) cadets to hospitals in the Hattiesburg, Mississippi, area, where they were all responsive and in stable condition, according to a Camp Shelby spokeswoman. Two were transported by ambulance, and the remaining 75 were transported by Camp Shelby buses. All 77 were college students enrolled in the Air Force ROTC, which uses Camp Shelby as its summer training site. The base had been under a severe thunderstorm warning when the lightning strike occurred, and the facility had been receiving reports of bad weather all day, the spokeswoman said. She said she did not know what the cadets were doing when the accident occurred. CNN affiliate WDAM reported four of the cadets were close to the lightning when it struck around 2 p.m. The remaining personnel at Camp Shelby Joint Forces Training Center quickly responded to the situation to ensure that anyone injured received medical attention. Source: http://www.cnn.com/2011/US/06/08/mississippi.lightning/index.html?hpt=hp_t2

Details

Banking and Finance Sector

11. June 9, IDG News – (National) Citigroup breach exposed data on 210,000 customers. Citigroup admitted June 8 that an attack on its Web site allowed hackers to view customers’ names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders. Citigroup did not say how the Web site, Citi Account Online was compromised. The bank discovered the breach early in May. Other customer information, such as Social Security numbers, birthdates, card expiration dates, and the three-digit code on the back of the card, were not exposed, the company said. The affected customers are being contacted by Citigroup. Although hackers may have not gained complete information on cardholders, the contact nformation is enough for scammers to try and elicit more information through targeted attacks. Source: http://www.pcworld.com/businesscenter/article/229868/citigroup_breach_exposed_data_on_210000_customers.html

12. June 9, Quincy Patriot Ledger – (Massachusetts) Alleged bank robber is held on bail. A Quincy, Massachusetts man was ordered held on $40,000 cash bail June 8 after being charged with robbing a Weymouth bank. The man pleaded innocent to one count of armed robbery June 8 in Quincy District Court. He was arrested June 7 after detectives from Weymouth, Norwell, Hanover, Braintree, and Hingham and the FBI followed tips that led them to the Norwell trailer park where he was staying. The departments began working together after noticing similarities in a string of bank robberies in their towns and one in Rockland. So far, the suspect has only been charged with the May 19 robbery of a Bank of America branch in Weymouth, but police said he confessed to five other robberies after he was arrested. Source: http://www.patriotledger.com/news/x1166552948/Alleged-bank-robber-is-held-on-bail

13. June 8, Orange County Register – (California) Irvine real estate broker admits $4.3 million Ponzi scam. A veteran real estate broker and former Irvine, California Planning Commissioner defrauded 34 friends, relatives, and clients of $4.265 million with an elaborate Ponzi-style investing scheme starting in 2007. The 50-year-old Irvine family man cooperated with the FBI, confessed his crimes and agreed to plea guilty to felony interstate wire fraud, according to documents filed the week of June 6 in federal court in Santa Ana by the local U.S. attorney’s office. The man forged bank documents, used non-existent escrow companies, provided bogus status updates, and falsely reported significant profits, victims said. If they did not want to reinvest their money with him, he made up excuses for why he could not give it back. The FBI began investigating the man in late January. He is president of several business entities, including Irvine-based Sparks Realty & Investment Inc., and Nevada-based Wellington Grant Ltd. Source: http://www.ocregister.com/news/sparks-303684-irvine-choi.html

14. June 8, Minneapolis Star Tribune – (International) Brits arrest 3, say fraud ring bilked investors. British police said June 8 they have made three arrests in an investigation of an international investment fraud and money laundering conspiracy that allegedly used phony accounts at Wells Fargo, U.S. Bank, and several other financial institutions to defraud investors out of a “huge amount of money.” Wells Fargo & Co. first revealed the alleged conspiracy in a racketeering lawsuit it filed 15 months ago in Minneapolis, Minnesota. It said a group of unknown defendants were using Wells Fargo trademarks on phony documents that indicated they had large amounts of money in the bank. The bogus documents were allegedly used to assure prospective investors the defendants had the means to pursue certain business opportunities. Now police in London have arrested and charged two people with conspiracy to defraud about 1,800 people in a scheme that resembles the one described in Wells Fargo’s lawsuit. In addition to Wells Fargo, authorities said, the investigation has found links to nearly a dozen other banks and business entities in the Middle East, Thailand, England, and the United States. British police said evidence seized by his department implicates an American lawyer and a few other individuals in the United States. Correspondence indicates they may have violated money laundering laws, and that the scheme appears to have links with a number of large European organized crime networks. Source: http://www.startribune.com/business/123508999.html

15. June 8, KPHO 5 Phoenix – (Arizona; National) Lending Company security breach may be inside job. Investigators now believe the security breach at major Phoenix, Arizona mortgage company could be an inside job, KPHO 5 Phoenix reported June 8. A police report details how in May, officials at the Lending Company in north Phoenix contacted detectives. One of its managers had reported seeing a computer transferring customer’s personal information to an external source. The police report indicates an employee may be the culprit, but no arrests have been made. The company mailed letters to its customers, warning of the potential for identity theft. The Lending Company does business in 12 states, including Arizona. The company admitted its secure database was breached May 4, potentially putting at risk thousands of its customers. Source: http://www.kpho.com/news/28178043/detail.html

16. June 8, Norwich Bulletin – (National) Former Dime Bank officer pleads guilty to embezzlement. A former Dime Bank executive plead guilty June 7 in Connecticut to embezzling more than $1 million from his employers. He pleaded guilty to a single count of bank theft. The man, who served as the banks’ assistant vice president and technology officer, was responsible for overseeing the bank’s hardware and software systems, according to a press release from the U.S. Department of Justice. He admitted he created a fake company to issue false invoices to the bank in September 2001, according to court documents. The invoices purported to charge the bank for technology support services that the man knew had not been rendered. From September 2001 through November 2010, the man stole approximately $1,029,050 from his employer, officials said. Source: http://www.norwichbulletin.com/news/crime/x795261701/Former-Dime-Bank-officer-pleads-guilty-to-embezzlement#axzz1Okur1qzT

17. June 8, KTHV 11 Little Rock – (Arkansas) Kelly Harbert indicted for bank fraud, money laundering charges. A 45-year-old woman from Little Rock, Arkansas, was indicted June 8 by a federal grand jury for 17 counts of bank fraud, two counts of money laundering, and one count of aggravated identity theft. The woman served as the vice president and commercial loan officer and later as senior vice president for One Bank. The charges she faces claims she devised a scheme to defraud various financial institutions by acquiring funds under false pretenses. She then used proceeds from fraudulent loans and lines of credit, totaling over $555,000, for her own personal use. Using her position at One Bank, she allegedly approved unsecure loans and lines of credit in the names of another parent, without their knowledge or authorization. She also used her business relationship with other financial institutions in the Little Rock area to arrange for unsecured loans and lines of credits at the banks in the names of one parent or the other, and in the names of some of the bank clients. The money laundering counts come from the woman’s conversion of the bank proceeds by depositing and transferring amounts, in excess of $10,000, from one account to another. Source: http://www.todaysthv.com/news/crime/160498/370/Former-LR-banker-indicted-for-fraud-money-laundering-charges

Information Technology

39. June 9, Help Net Security – (International) Plankton Android trojan found in 10 apps on Android Market. Ten more applications have been pulled from Google’s official Android Market following a notification that they contained a new kind of Android malware. The malware was discovered by an assistant professor at the North Carolina State University and his team. The malicious code is “grafted” onto legitimate applications, and once the app is installed, it works as a background service whose goals is to gather information and transmit it to a remote server. The server takes the information in consideration and returns a URL from which the malware downloads a (dot)jar file that, once loaded, exploits Dalvik class loading capability to stay hidden by evading static analysis. According to the researchers, Plankton — as they named the malware — and the payloads it downloads do not provide root exploits. “Instead, they only support a number of basic bot-related commands that can be remotely invoked,” they said. Among those commands are those that collect browser history, bookmark and log information, and those that allow the installation and deinstallation of shortcuts. Source: http://www.net-security.org/malware_news.php?id=1745

40. June 9, Help Net Security – (International) French certification authority reveals its private key by mistake. Certigna, a major French certification authority whose certificates are trusted in popular browsers — Internet Explorer, Firefox, Safari, Opera — managed to make its private key accessible via browser for anyone who might be looking. “A visit to the site’s revocation list page — which is fully publicly accessible via a standard Web browser — allows anyone and everyone to download the private key and other supposedly secret files, potentially enabling the creation of their own valid Certigna-signed SSL certificates,” a researcher said. This private key can result in malicious pages seemingly possessing valid certificates signed by a trusted certification authority, reassuring potential victims that it is safe to give out their private or financial information or to download offered files. According to the researcher, Certigna has been alerted to the fact and has removed the files in question from the Web site. Source: http://www.net-security.org/secworld.php?id=11144

41. June 9, Softpedia – (International) Movable Type 0-day vulnerability used to hack into PBS, patches available. Six Apart, the company developing Movable Type, has released updates for the popular blogging platform to patch a zero-day vulnerability used by hackers to break into the PBS.org Web site 2 weeks ago. At the end of May, the group LulzSec hacked into the Web site of the Public Broadcasting Service (PBS) and posted fake news articles. In a post on its official blog, Six Apart admits working with PBS following the incident to determine how hackers managed to compromise the site that runs on Moveable Type. The company released mandatory security updates June 9 across all branches — 4.0, 5.0, and 5.1 — to address the security issues exploited by LulzSec. Users are strongly recommended to upgrade to Movable Type 5.11, 5.051, and 4.361, depending on what branch they use, the company stressed. Changes include the addition of a blacklist and whitelist for uploaded files. These were implemented as configuration directives called DeniedAssetFileExtensions and AssetFileExtensions. Source: http://news.softpedia.com/news/Movable-Type-0-Day-Vulnerability-Used-to-Hack-into-PBS-Patches-Available-205217.shtml

42. June 9, H Security – (International) Mozilla disables Firefox 5 WebGL’s cross domain textures. Mozilla disabled cross domain textures in Firefox 5’s WebGL implementation after a researcher demonstrated an ability to abuse the capability. A report released in May by Context Information Security on WebGL security included a proof of concept that used cross domain textures to reconstruct a displayed image without directly accessing the image. The Khronos Group, home to the WebGL standard, responded to the issue saying it was considering requiring opt-in to Cross Origin Resource Sharing or some other mechanism to prevent possible abuse. In advance of any decision being taken ratified by the Khronos Group, Mozilla decided to completely turn off cross domain texture support in the forthcoming Firefox 5. A documentation note explains what has been changed and suggests that if code was relying on cross domain textures, the textures should be moved to the same domain. Source: http://www.h-online.com/security/news/item/Mozilla-disables-Firefox-5-WebGL-s-cross-domain-textures-update-1257998.html

43. June 8, Softpedia – (International) Scareware spread from rogue SourceForge pages via PDF exploit. Security researchers from GFI Labs warn that scareware distributors are abusing SourceForge to host malicious pages that direct visitors to PDF exploits. The campaign is the work of people behind the FakeRean family of malicious applications that pose as fake security products and trick users to buy useless licenses. “This family also alters the infected system’s registry quite extensively and drops lots of component and shortcut files, among other things. What sets FakeRean apart from the usual rogues is its ability to hijack a file association for executable (.EXE) files, which allows it to reappear every time an application is run,” the GFI security researchers explained. It uses customizable SourceForge user pages feature to distribute scareware. The rogue pages are designed to look like adult sites and ask visitors to confirm that they are at least 18 years old by clicking a button. Doing so takes visitors to a site that attempts to exploit a vulnerability in older versions of Adobe Reader. If the attack is successful, a FakeRean variant is silently installed on the computer. The fake SourceForge project pages are filled with keywords corresponding to adult content. The domains’s good standing on Google helps push them up in search results. In addition to SourceForge, the gang behind this campaign is also abusing other public services, such as Twitter, Flickr, Yahoo!, Scribd, TED, Formspring, Posterous, and Box.net. Source: http://news.softpedia.com/news/Scareware-Spread-from-Rogue-SourceForge-Pages-via-PDF-Exploit-205042.shtml

44. June 8, CNET News – (International) Sony Pictures says 37,500 customer records exposed. Almost a week after hackers posted a trove of customer information stolen from various Sony businesses’ Web sites, Sony Pictures has more details on the attack. The company posted a statement June 8 saying personally identifying information of 37,500 customers was exposed in the breach. “We are continuing to investigate the details of this cyberattack; however, we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name,” the statement reads. Sony Pictures notes that it had not requested credit card information, Social Security numbers, or driver’s license numbers from those people. Source: http://news.cnet.com/8301-31021_3-20070063-260/sony-pictures-says-37500-customer-records-exposed/

45. June 7, Bloomberg – (International) Sony says it’s investigating two new possible attacks, suspends Website. Sony, targeted since April by hacker attacks that have compromised more than 100 million customer accounts, is investigating two new possible intrusions. The company suspended its Brazilian music entertainment Web site while it looks into a possible breach, it said June 7. Sony also is investigating a hacker group’s claim that it stole data related to the company’s game operation. Japan’s largest exporter of consumer electronics reported the new attacks 2 days after saying hackers had broken into its European unit’s Web site. No customer information was accessed during that intrusion, Sony said June 6. The possible attack on Sony’s Brazilian Web site may have altered some content, a spokesman for the Tokyo, Japan-based company said June 7. Source: http://www.bloomberg.com/news/2011-06-07/sony-says-brazil-music-website-suspended-after-suspected-attack-by-hackers.html

For more stories, see items 11 and 16 above in the Banking and Finance Sector

Communications Sector

See item 39 above in the Information Technology Sector

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)