Friday, July 29, 2011

Complete DHS Daily Report for July 29, 2011

Daily Report

Top Stories

• A new survey of global oil and gas IT executives found only half of the respondents have put in place a strategy to address information security threats, according to Infosecurity. (See item 3)

3. July 27, Infosecurity – (International) Half of oil and gas companies have no information security strategy in place. Only half of oil and gas companies have put in place a strategy to address information security threats, according to a survey of oil and gas IT executives by IDC Energy Insights. The survey of global IT executives also found oil and gas companies still lag behind other industries in formulating, approving, and executing information security policies, as well as getting buy-in from senior management. Of the top three information security threats perceived by oil and gas companies, the greatest is state or industrial espionage, followed by employee error or accidental loss of sensitive information, and vulnerabilities owing to insecure code, the survey noted. In addition, 55 percent of survey respondents indicated an expected increase in their information security budget over the next 12 months. Only 10 percent of the respondents said they are using regulatory compliance as a requirement to justify budgets. In fact, almost 25 percent of respondents said the regulatory environment was a barrier to ensuring information security. Source:\

• A massive water main break in the Bronx in New York City closed major transportation routes, damaged 12 blocks of businesses and homes, and knocked out gas service to hundreds, WABC 7 New York reports. (See item 26)

26. July 28, WABC 7 New York – (New York) Bronx residents clean up after water main break. It could be days before life returns to normal at homes and businesses in the Bronx in New York City after a massive water main break. It happened on Jerome Avenue and East 177th street in Mount Hope July 27. The streets were dry late the morning of July 28, but big problems remained. There were ongoing bus disruptions, and 500 mom-and-pop shops and residential gas customers were waiting on Con Edison to hook service back up. Officials said all utility lines, including phone service, were affected in some way. And there's a 6-foot deep crater in the middle of the street and 12 blocks of water damage to repair after the geyser-like break turned one of the Bronx's busiest streets into a bubbling river. The break in the 108-year-old main sent tens of thousands of gallons of water gushing along Jerome Avenue. It took crews nearly 3 hours to shut it off because that main supplies water to the entire city. The entrance to the Cross Bronx Expressway had to be shut down, and No. 4 subway service was stopped in its tracks for hours. A day later, Jerome Avenue remained closed, littered with soggy debris dragged from flooded basements. People spent the day cleaning up and adding up their losses. But the biggest problem, aside from all the water damage, is that Con Ed has to go door to door to restore gas service to those 500 homes and businesses. And still, no one knows what exactly caused the century-old main to break. "We need to investigate this," a New York City Department of Environmental Protection representative said. "Age in and of itself is not a reason why a main of this size and strength would break." Service on the BX32 and BX36 bus lines remained detoured. Source:


Banking and Finance Sector

14. July 28, Assoicated Press – (New York) Man disguised as armored truck guard steals $15K from Queens check-cashing business. The New York City Police Department said a man dressed as an armored truck guard walked out of a check-cashing business with $15,000 in cash the week of July 18. Police said the suspect walked into Lorenzo's Enterprises in Queens, said he was there for a pickup and was handed the cash. They said he was wearing a GARDA Armored Courier uniform. The Daily News reported that workers at the check-cashing place did not suspect anything until an actual guard showed up hours later from the same armored truck company. The suspect remained at large as of July 27. Source:

15. July 27, New York Post – (New York) LI geezer bank bandit caught on tape. A hefty, gun-toting man who is believed to be responsible for a string of at least six bank robberies in New York since May is being hunted by Long Island cops, and the FBI. The squat, silver-haired bandit last struck July 26 at a Chase branch in Northport around 5:35 p.m. Armed with a black automatic gun, he approached a teller at bank at 721 Fort Salonga Road and demanded cash. The teller handed over the money and the subject fled on foot southbound through the parking lot. He is described as a white male in his 60s, 5 feet, 5 inches tall, and weighing 250 lbs. "We think he either has help, or parks a get-away car nearby," said the commanding officer of Nassau County's homicide and major crimes division. Cops believe the man is responsible for a similar bank robbery July 6 in Newburgh, New York, police said. Source:

16. July 27, San Diego Union-Tribune – (California) Alleged ID thief stole $200,000 in debit-card scam. An alleged identity thief was charged July 27 with looting more than $200,000 from customer accounts at a Rancho Penasquitos, California bank by using an electronic device to steal debit card information. The suspect is accused of stealing from about 950 customers at the Chase Bank branch on Black Mountain Road, but authorities said that number may go up if more victims come forward. He was arraigned before a San Diego Superior Court judge on 45 counts of identity theft, grand theft, burglary, making fake ID cards, and a special allegation that losses exceeded $200,000, the prosecutor said. She said charges related to about 900 more victims would be added against the man, a legal U.S. resident from Romania. He has a felony conviction for trying to break into an ATM in Los Angeles County in 2008, she said. Bank investigators discovered a man was installing a card-skimming device on the door of the bank’s ATM lobby every Saturday after closing time. He would remove it before the bank reopened on Mondays, a district attorney’s investigator said. This occurred for 6 weeks in a row. Hidden cameras the man is accused of installing showed customers typing their identification numbers on the ATM keypads. Agents believe he transferred the account information onto fake debit cards to withdraw $300, $500, even $1,000 at a time at other ATMs. The bank notified the Secret Service of the scam July 22. Agents, with San Diego police and the regional fraud task force, were watching the bank July 23 when the suspect returned to retrieve his device, and he was arrested. Source:

17. July 25, U.S. Department of Justice – (New York) Four charged with running a credit history repair scheme. The U.S. Attorney for the Southern District of New York and the U.S. Secret Service New York Field Office announced July 25 the unsealing of an indictment charging four people in connection with a fraudulent credit repair scheme. As part of the scheme, the defendants falsely reported to credit bureaus inflated credit histories for thousands of individuals, enabling those individuals to get millions of dollars in loans from financial institutions, and other lenders. From 2007 through 2009, through Highway Furniture Inc. and, later, New York Funding Group Inc., the four defendants engaged in a scheme to falsely and fraudulently improve credit histories and scores of thousands of people who purportedly were customers of the two firms. The individuals had never actually been customers of Highway Furniture, and New York Funding. As part of the scheme, in exchange for thousands of dollars in fees, the defendants provided credit bureaus with fictitious data showing their firms had extended credit to the purported customers, and that the loans had been or were being repaid. The defendants falsely and fraudulently improved credit histories and scores of some of the purported customers by deleting accurate, but negative, credit information maintained by credit bureaus. As a result, the purported customers obtained millions of dollars of loans from banks, and other lenders. Each defendant is charged with one count of conspiracy to commit bank fraud, and one count of conspiracy to cause damage to a protected computer. Source:

Information Technology Sector

37. July 28, Softpedia – (International) LiveJournal targeted in massive DDoS attack. LiveJournal experienced downtime during the past several days because of a massive distributed denial-of-service attack that overwhelmed the company's servers. The outages began July 26, but the company did not release a statement until July 27 when it confirmed it was the target of an attack. LiveJournal is one of the oldest blogging platforms, dating back to 1999, and has over 30 million registered accounts. LiveJournal appeared to be available as of July 28, but since the current attack is on-going, the service might experience more outages. Source:

38. July 28, Help Net Security – (International) Oracle Enterprise Manager Grid Control multiple vulnerabilities. Oracle reported its Enterprise Manager Grid Control has multiple problems. A remote issue in Security Framework can be exploited over the "HTTP" protocol. The "User Model" sub component is affected. A remote issue in EMCTL can be exploited over the "HTTP" protocol. A remote issue in CMDB Metadata & Instance APIs can be exploited over the "Oracle NET" protocol. A remote vulnerability in Database Control can be exploited over the "HTTP" protocol. Oracle Enterprise Manager Grid Control version,,,,,,, and are affected. Source:

39. July 28, Softpedia – (International) Fake IRS emails distribute new file infector variant. Security researchers from Trend Micro warn a wave of fake Internal Revenue Service e-mails direct recipients to a new variant of the LICAT file infecting virus. LICAT is a piece of malware associated with the zeus banking trojan that first appeared in October 2010. Malware analysts believe LICAT is intended as a distribution and update mechanism for zeus. The virus appends its rogue code to legitimate EXE, DLL, and HTML files. Each time one of the infected files is executed, a list of URLs is generated according to a predefined algorithm similar to the one used by Conficker. The zeus trojan normally updates itself from a list of predefined command and control servers. Losing control of these domain names usually means losing control of the entire botnet. LICAT adds a redundancy mechanism. It tries to access all of the generated URLs and downloads a new zeus version if it finds one. If they lose control of their C&C domains, the attackers can register a domain they know LICAT will generate in advance and upload their new version there, at which point all they need to do is wait. The rogue e-mails detected by Trend Micro purport to come from "Payment IRS(dot)gov" and bear a subject of "Internal Revenue Service United States Department of the Treasury." Source:

40. July 27, IDG News Service – (International) Beware of 'wrong transaction' hotel spam. A new spam campaign began to appear in recent days, and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number, and the victim is supposed to fill out an attached form to process the refund. The "refund" form is actually a malicious trojan that installs fake antivirus software on the victim's computer, according to the director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages July 27. The messages appear to be coming from the same botnet of infected computers that recently sent out similar messages warning victims their credit card payments were overdue. Those messages led to the fake antivirus downloads too, the researcher wrote in his blog post. As of late July 27, only 19 out of 43 antivirus products used by the VirusTotal Web site detected this latest trojan program. Source:

41. July 25, CNET News – (International) Street View cars grabbed locations of phones, PCs. Google's Street View cars collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world, a practice that raises novel privacy concerns, CNET confirmed. The cars were supposed to collect the locations of Wi-Fi access points. However, Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks, and then made the data publicly available through until several weeks ago. The French data protection authority, known as the Commission Nationale de l'Informatique et des Libertes, recently contacted CNET and said its investigation confirmed Street View cars collected these unique hardware IDs. Source:

Communications Sector

42. July 27, Winfield Daily Courier – (Kansas) Telephone service interrupted. Southern Kansas Telephone (SKT) customers in Cowley County and other towns in southeast Kansas have services back after one of SKT’s fiber optic lines was accidentally cut July 27. According to SKT's customer care director, at about 7:55 a.m. July 27, a construction company working near Belle Plaine was boring under a highway when they accidentally cut a fiber optic line that provides telephone, high-speed Internet, and cable television service to SKT customers in Belle Plaine and other communities in southeast Kansas, including Dexter, Burden, and Cedar Vale. SKT repair crews arrived onsite shortly after the cut to begin work on repairing the damaged fiber optic cable. Source:

43. July 27, Tallahassee Democrat – (Florida) Cable repairs have been completed. A cut cable north of Tallahassee, Florida, interrupted Comcast's television, Internet, and communications service to about 6,000 customers in that area, the company said July 27. Comcast's general manager said the line was a 78-count fiber optic cable that relays signals to customers along Thomasville Road and up to Bradfordville. Repair of the cable began within an hour of the reported outage hour. The above-ground cable was accidentally cut early July 27 by crews that were clearing tree limbs from the lines. Comcast finished the fiber optic cable repair at 3:20 p.m. Source:|newswell|text|FRONTPAGE|s

No comments: