Tuesday, October 4, 2011

Complete DHS Daily Report for October 4, 2011

Daily Report

Top Stories

• Workers mixing chemicals sparked a massive blaze October 3 at a plant south of Dallas, Texas, that led to thousands of people being evacuated from homes and schools. – Associated Press (See item 5)

5. October 3, Associated Press – (Texas) Texas plant fire sparked as chemicals were mixed. A fire official said a massive blaze at a plant south of Dallas, Texas, was sparked as workers mixed chemicals. A fire chief said he is not sure what chemicals were involved in the fire that broke out before 11 a.m. October 3 at a Magnablend, Inc., facility in Waxahachie. No serious injuries were reported. The chief said the fire should be brought under control by late afternoon October 3, and that about 1,000 evacuated residents should be allowed to return to their homes. The blaze sent massive plumes of black smoke and bright orange flames into the sky, forcing schoolchildren and residents to evacuate or take cover indoors to avoid possible exposure to dangerous gases. A Magnablend spokesman said 25 to 30 employees who were inside a 100,000-square-foot warehouse at the plant evacuated safely when the fire broke out before 11 a.m. He said the company manufactures about 200 products, including some that are hazardous when ignited. The Texas Commission on Environmental Quality and U.S. Environmental Protection Agency were setting equipment to monitor air quality in the area. Ellis County emergency management officials issued a mandatory evacuation order for an apartment complex, an elementary school, and a junior college. Sheriff’s officials urged residents not to drive toward the area of the fire. A Waxahachie Independent School District spokeswoman said Wedgeworth Elementary School students were safely bused to another school’s gymnasium by 12:25 p.m. Navarro College cancelled all classes for its 2,500 or so students. Magnablend makes, blends, and packages chemicals. Much of its business revolves around energy production, including chemicals used to stimulate oil and gas wells, and hydraulic fracturing. The company employs about 250 people, and has operations in four states. Source: http://www.msnbc.msn.com/id/44759380/ns/us_news-life/#.Tonw93KHNGo

• A huge fire in downtown San Antonio destroyed a historic building housing two restaurants, and severely damaged a building containing several city offices, forcing the relocation of at least 300 city employees. – KSAT 12 San Antonio (See item 45)

45. October 3, KSAT 12 San Antonio – (Texas) Historic building gutted by fire to be demolished. City officials said the historic Wolfson building on East Commerce Street and North Main Avenue in downtown San Antonio will be demolished after a fire destroyed it October 1, according to KSAT 12 San Antonio, October 3. The emergency demolition will tie up the streets around Main Plaza for at least a week. As a result of the fire, West Commerce Street from Soledad to South Flores streets, and Main Street from Houston to West Commerce streets will be closed while the cleanup continues. The massive four-alarm fire also damaged the bottom seven floors of the Riverview Towers, a 21-story office building that contains several city offices. At least 300 city employees will have to temporarily relocate for work. Employees were asked to call their supervisors or the city hotline for more information. The fire chief said there were no injuries. No cause or damage cost has been determined. The charred Wolfson building opened in 1880, a conservation society official said. It was one of just two remaining structures surrounding Main Plaza from that period. The building served as a commercial operation since the 1880s. It housed the Bell’s Furniture Store, and more recently two restaurants and an upstairs ballroom for special events. Source: http://www.ksat.com/news/29369261/detail.html


Banking and Finance Sector

15. October 2, Cybercast News Service – (California) FBI seeks public’s help IDing ‘Mr. Magoo Bandit’. FBI agents asked for the public’s help October 2 in identifying and arresting a bald-headed bank robber believed responsible for 6 local holdups. The “Mr. Magoo Bandit” struck in San Diego September 7 at a U.S. Bank branch at 3201 University Avenue, and, by releasing video of him, FBI agents hope someone will recognize him. He is also wanted for bank robberies in Camarillo, South San Francisco, and Novato. The most recent holdup was at a Chase branch in Camarillo September 27. He wears prescription glasses and typically uses demand notes. No weapon has been used so far. The robber is white, believed to be in his 40s,and weighs about 200 pounds. Source: http://www.760kfmb.com/story/15597540/fbi-seeks-publics-help-in-iding-mr-magoo-bandit

16. October 2, Miami Herald – (Florida) Fire official, 2 others from Broward convicted of $7M mortgage fraud. A federal jury October 2 found a Miami assistant fire chief guilty on three counts of conspiracy to commit wire and mail fraud in a mortgage scheme that cost lenders $7 million. The 44-year-old and her co-defendants were charged in February 2010 in a multi-million-dollar mortgage-fraud scheme involving condos in Aventura, Florida. A licensed mortgage broker, the woman was the department’s first black female firefighter. She went on paid administrative leave after the indictment. It accused the woman and her co-defendants of using straw buyers, submitting false mortgage-application paperwork to lenders, and profiting from money made on the deals. She had been earning $184,336 a year to oversee the fire department’s payroll, and entered the deferred retirement option program in September 2010, with a $166,687 pension. According to the U.S. sttorney’s office, she netted about $317,000 “in fraud proceeds in less than a month’’ from phony deals involving the Hidden Bay Condominium Complex at 3370 NE 190th Street. As the conspiracy progressed about $11 million in fraudulent loans were issued, resulting in a loss to lenders of about $7 million, a press release said. All three defendants were taken into custody after the verdict. They face up to 20 years in prison on each count. Source: http://www.sun-sentinel.com/news/local/florida/mh-miami-fire-official-fraud-20111002,0,5218699.story

17. October 2, Houston Chronicle – (Texas) Man accused of stealing ATM with forklift. A 40-year-old wore a ski mask as he apparently worked alone October 2 to unbolt an ATM from Bank of America at 18505 Champion Forest in Spring, Texas, the Harris County Precinct 4 constable assistant chief said. He said the suspect then used a stolen forklift to load the machine into a stolen U-Haul. A witness called authorities, who arrived seconds after the man pulled away. He was arrested less than a mile from the bank. The suspect’s criminal history already included two jail stints for felony theft, and criminal mischief charges. He now faces charges for felony theft of over $200,000, and criminal mischief. Each charge could result in jail time of between 5 and 99 years in prison, police said. Because the targeted bank property is insured by the Federal Deposit Insurance Corporation, the incident may result in federal charges, police said. Source: http://www.chron.com/news/houston-texas/article/Man-caught-after-stealing-ATM-with-forklift-2199315.php

18. September 30, Associated Press – (National) FTC: Debit card scheme defrauded merchants. The Federal Trade Commission (FTC) said September 30 it is paying $350,000 in refunds to 100 small U.S. merchants defrauded in a debit and credit card scheme. The scheme involved several firms that falsely promised they would save small businesses money in credit and debit card processing fees by offering lower rates than those of other card-processing services. However, the firms failed to disclose fees and concealed pages of fine print until after the merchants had signed contracts for their services, the FTC said. The FTC identified the firms that perpetrated the scheme as Merchant Processing Inc., Direct Merchant Processing Inc., Vequity Financial Group Inc., and PPI Services Inc. The agency reached settlements with two defendants that banned them from marketing card processing goods or services for sale or lease. Merchants due to receive refunds were to get between $100 and more than $25,000, depending on how much the merchant paid, the FTC said. Source: http://www.forbes.com/feeds/ap/2011/09/30/business-us-debit-card-fraud_8710414.html

19. September 30, Reuters – (National) SEC finds failures at credit raters. U.S. Securities and Exchange Commission (SEC) staff found “apparent failures” at each of the 10 credit rating agencies they examined, including Standard & Poor’s, Moody’s, and Fitch, the agency said September 30 in its first annual report on credit raters. The SEC sent letters outlining concerns to each ratings firm and demanded a remediation plan with 30 days, an agency official said in a conference call with reporters. SEC staff said concerns include failures to follow ratings methodologies, failures in making timely and accurate disclosures, and failures to manage conflicts of interest. The report was required by last year’s Dodd-Frank financial oversight law. The staff report did not single out by name any credit-rating agency for questionable actions, but it did describe specific problems it found. Two of the three largest firms, for example, did not have specific policies in place to manage conflicts of interest when rating an offering from an issuer who is also a large shareholder of the firm. One of the large firms, the report said, did not have effective procedures in place to prevent leaks of ratings before they are published, the report said. One of the three firms also failed to follow its methodology in rating certain asset-backed securities, was slow to discover, disclose and fix the errors, and may have let business interests influence its mistakes, the report said. It said the SEC has not determined that any of the findings constituted a “material regulatory deficiency”, but said it might do so in the future. Source: http://www.reuters.com/article/2011/09/30/us-sec-raters-idUSTRE78S50920110930?feedType=RSS&feedName=topNews

For another story, see item 41 below in the Information Technology Sector

Information Technology Sector

38. October 3, The Register – (International) Crazy square barcodes can point your phone to malware. Russian VXers have begun using QR codes as a launchpad for mobile malware. A recently identified malicious Quick Response code on a Russian Web site links through a series of redirections to a site punting a trojan version of the Jimm mobile ICQ client. Android users who follow the links and install the application will be infected with malware that sends text messages to premium-rate SMS numbers, net security firm Kaspersky warned. Source: http://www.theregister.co.uk/2011/10/03/qr_code_mobile_malware_risk/

39. October 3, Help Net Security – (International) Symantec IM Manager multiple vulnerabilities. Multiple vulnerabilities have been reported in Symantec IM Manager, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, according to Secunia. Input passed to the “refreshRateSetting” parameter in IMManager/Admin/IMAdminSystemDashboard.asp, “nav” and “menuitem” parameters in IMManager/Admin/IMAdminTOC_simple.asp, and “action” parameter in IMManager/Admin/IMAdminEdituser.asp is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a browser session in context of an affected site. Also, an input validation error exists within the Administrator Console. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in version 8.4.17 and prior. Source: http://www.net-security.org/secworld.php?id=11716

40. October 3, Help Net Security – (International) iPhone 5 spam emails lead to malware. Apple expects to unveil the next iteration of its popular iPhone during a press event scheduled for October 4. As the excitement regarding the release of the new iPhone slowly reaches its peak, malware peddlers are taking advantage of the hype. E-mails containing an offer to preview the new device were hitting inboxes October 3, and were luring users into clicking on the link, which takes them to a Windows executable. The file — iphone5(dot)gif(dot)exe — is hosted on a compromised server. Once downloaded and executed, the file shows to the user a bogus “iPhone5” image while installing an IRC bot in the background, which connect to a remote server. “Infected machines can be centrally controlled via this server and are exposed to things such as credit card theft,” according to F-Secure. Source: http://www.net-security.org/malware_news.php?id=1861

41. October 2, H Security – (International) Chrome updates to repair Microsoft false alarm damage. A new version of Google Chrome is now available; the latest stable release has the version number 14.0.835.187 and the latest beta version, 15.0.874.58. The update stops Microsoft Security Essentials (MSE) virus scanner from incorrectly classifying the browser as part of the banking trojan PWS:Win32/Zbot (Zeus). A bad patch for Microsoft Security Essentials, Microsoft Forefront, and Microsoft Defender meant the scanners were identifying chrome.exe as malware and proposing to delete the browser. Microsoft released an unscheduled signature update September 30 to halt the false detection. The Chrome update should assist those who have been affected by MSE’s incorrect detection and deletion by repairing the installed versions of Chrome. Source: http://www.h-online.com/security/news/item/Chrome-updates-to-repair-Microsoft-false-alarm-damage-1353162.html

42. October 1, Softpedia – (International) Mobile malware masqueraded as Opera Mini. Cybercriminals are taking advantage of the fact that Opera Mini is one of the most popular mobile browsers and creating a fake Web site which stores a piece of malware that looks like a genuine installation file. Trend Micro discovered the site that resembles the official Opera page and that was specially made to be accessed from mobile devices. The content of the page is in Russian so that is the most likely origin of the hackers. The visitor is immediately alerted that “Your version of Opera Mini browser is out of date, further work may not be correct and lead to enexpected errors and crashes! You need to urgently upgrade Opera Mini to version 6.1!” The java file that is downloaded was detected as being J2ME_FAKEBROWS.A. Upon execution, the virus checks if the mobile device uses specific message service centers and if a match is found, it starts sending simple text messages to a phone number encoded in the data.res file. The string “424626 357 OX” is sent to specified premium numbers using the SMS service of the machine. Devices that support MIDlets are the ones vulnerable in front of this piece of malware. Source: http://news.softpedia.com/news/Mobile-Malware-Masqueraded-as-Opera-Mini-224863.shtml

Communications Sector

43. October 3, Winter Haven News Chief – (Florida) Eloise man, 35, accused of stealing wire. An Eloise, Florida man has been accused of climbing telephone poles in Bartow, Florida, to steal wire to sell as scrap. The 35-year-old cut the wire from atop poles in the area near Cox Road according to his arrest reports. The theft caused about $13,000 in damage, and interrupted telephone service. He was booked September 29 into Polk County Jail on theft, criminal mischief, and dealing in stolen property. His arrest reports said he gave the stolen wire to another man to sell to a recycler and they then shared the profits. Online jail records show the accomplice was booked September 28 on charges of theft, and defrauding a second-hand metal dealer. Source: http://www.newschief.com/article/20111003/NEWS/110035001/1003/NEWS?Title=Eloise-man-35-accused-of-stealing-wire

For more stories, see items 38, 40, and 42 above in the Information Technology Sector

No comments: