Tuesday, January 25, 2011

Complete DHS Daily Report for January 25, 2011

Daily Report

Top Stories

• NBC News reports a bomb detonated by a suicide bomber ripped through the arrivals hall at Domodedovo airport in Moscow, Russia, January 24, killing 35 people and wounding 130. (See item 24)

24. January 24, msnbc.com; Reuters; NBC News; Associated Press – (International) Officials: 35 dead in Moscow bomb blast. An explosion ripped through the arrivals hall at Domodedovo airport in Moscow, Russia, January 24, killing 35 people and wounding about 130, officials said. An analyst told NBC News the blast was “almost certainly” the work of Islamist militants from Russia’s North Caucasus region. The state-run news agency RIA Novosti said preliminary reports suggest a bomb was detonated by a suicide bomber as people emerged from the international arrivals zone. The bomb was packed with metal objects to cause maximum damage, according to law enforcement authorities. Planes from London, Brussels, Greece, Ukraine and Egypt had landed in the 30 minutes before the attack, RIA Novosti reported. Russian investigators told the Associated Press that two British citizens were among the dead. The Russian Emergency Ministry said 51 people were hospitalized after the blast with 35 of those in serious condition, NBC News reported. International flights continued to arrive at Domodedovo after the blast at first, but were later diverted to Sheremetyevo airport, Interfax reported. Moscow police were checking the city’s subway and other places where large numbers of people gather to try to avert possible follow-on attacks, the news agency said. Interfax also said security had been stepped up at Sheremetyevo and Vnukovo airports. Domodedovo is generally regarded as Moscow’s most up-to-date airport, but its security procedures have been called into question. Source: http://www.msnbc.msn.com/id/41231668/ns/world_news-europe/?gt1=43001

• Four Detroit, Michigan, police officers were wounded and their assailant killed January 23, after a man walked into a precinct and began shooting indiscriminately, according to the New York Times. (See item 50)

50. January 23, New York Times – (Michigan) Four Detroit police injured in department shootout. Four police officers were slightly wounded and their assailant killed January 23, after a man walked into the 6th police precinct in Detroit, Michigan, and “began shooting indiscriminately,” a spokeswoman for the mayor said. She said the incident began about 4:30 p.m. when the man opened fire with a pistol-grip shotgun. The man was able to shoot four officers before one or more officers returned fire, killing him. The most seriously injured police officer was the precinct’s commander, who was hit in the lower back, she said. He underwent surgery at Sinai Grace Hospital January 23. “His condition is critical, but he is expected to pull through,” the spokeswoman said. Two other male officers were hospitalized but expected to be released January 24. A female officer was hit in the chest, but the bulletproof vest she was wearing prevented her from being injured. Police said it was unclear whether the gunman had previous contact with the precinct or was targeting any specific officers. The police station is one of the department’s eight district offices. Members of the public who enter the station do not pass through metal detectors or otherwise undergo a security screening. Source: http://www.nytimes.com/2011/01/24/us/24detroit.html?src=twrhp


Banking and Finance Sector

17. January 22, BankInfoSecurity.com – (National) 4 banks closed on Jan. 21. United Western Bank, Denver, Colorado, was the largest of four institutions closed by federal and state regulators January 21. The $2.05 billion bank was acquired by First-Citizens Bank & Trust Company, Raleigh, North Carolina, which assumes all deposits of United Western. The eight branches of United Western will reopen January 24 as branches of First-Citizens. These latest announcements of failed institutions raise the total to 7 so far in 2011. The latest failures: The Bank of Asheville, Asheville, North Carolina, was closed by the North Carolina Office of Commissioner of Banks, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. FDIC entered into an agreement with First Bank, Troy, North Carolina, to have it assume all deposits. The five branches of the Bank of Asheville will reopen as branches of First Bank. FDIC estimates the cost to the Depositors Insurance Fund (DIF) will be $56.2 million. The CommunitySouth Bank and Trust, Easley, South Carolina was closed by the South Carolina State Board of Financial Institutions, which appointed FDIC as receiver. FDIC entered into an agreement with CertusBank, National Association, Easley, South Carolina to have it assume all deposits. The six branches of CommunitySouth will reopen as branches of CertusBank. FDIC estimates the cost to the DIF will be $46.3 million. The Enterprise Banking Company, McDonough, Georgia was closed by the Georgia Department of Banking and Finance, which appointed FDIC as receiver. FDIC created the Deposit Insurance National Bank of McDonough to protect depositors. The new institution will remain open until January 28 to allow depositors access to their insured deposits and time to open accounts at other insured institutions. Source: http://www.bankinfosecurity.com/articles.php?art_id=3289

18. January 21, WAFF 48 Hunstville – (South Carolina) Florence bank robbery suspect caught in South Carolina. A suspect in the robbery of a Florence, Alabama bank was caught in South Carolina after leading authorities on a chase January 21. The Spartanburg County Sheriff Department caught the 26-year-old after he allegedly robbed the First Citizens Bank in Spartanburg. Officers said the suspect led them on a chase through two counties, but he later gave himself up. The suspect is connected to the January 7 Compass Bank robbery in Florence. His wife was arrested as she was leaving the scene of that robbery. An off-duty officer tackled her. FBI investigators believe the couple may be responsible for robberies in Alabama and Florida. Source: http://www.waff.com/Global/story.asp?S=13887088

19. January 20, KXXV 25 Waco – (Texas) ZZ Top bank bandit may have switched to George Bush mask. Sources said the FBI is investigating whether the serial bank robber known as the ZZ Top bandit is the man responsible for two holdups in Austin, Texas, in October and November of 2010. The Compass Bank at 4100 N. Lamar was robbed October 7, and then again November 12 by a man wearing a mask resembling the 43rd U.S. President which covered his entire head. If the suspect was indeed the ZZ Top bandit, it would signify a change in tactics and disguise for the man who has eluded authorities for 7 years. He is also known as the “Interstate Bandit” because many of the banks he has robbed are close to Interstate 35 or other highways, allowing him a quick escape. Source: http://www.kxxv.com/Global/story.asp?S=13879715

Information Technology

52. January 24, H Security – (International) VLC Media Player 1.1.6 fixes critical vulnerabilities. VideoLAN project developers have announced the release of version 1.1.6 of their VLC Media Player. The seventh release of the 1.1.x branch of VLC is a maintenance and security update that includes various bug fixes and improvements. VLC 1.1.6 addresses security issues in the Real demuxer, the subtitle decoder, and two previously reported critical heap corruption vulnerabilities; these are in the relatively rarely used CDG format decoder. Using VLC to play manipulated video in this format could cause heap corruption, which could in turn be exploited to inject and execute malicious code. Source: http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-6-fixes-critical-vulnerabilities-1175821.html

53. January 24, H Security – (International) Critical vulnerability in Opera web browser. French security services provider VUPEN has reported a critical security vulnerability in Opera which could allow crafted Web pages to infect Windows systems with malware. The problem is said to be caused by a bug in opera.dll when processing HTML files containing selected elements that have a large number of child elements. The bug was first reported by a security researcher in early January, but he only succeeded in exploiting it to crash the browser. VUPEN appears to have succeeded in developing an exploit to inject and execute code and has therefore classified the problem as critical. The bug has been confirmed in Opera 11.00 and earlier, and 10.63 and earlier for Windows 7 and XP SP3. Currently, there is no patch or update for the problem. Source: http://www.h-online.com/security/news/item/Critical-vulnerability-in-Opera-web-browser-1175689.html

54. January 24, Softpedia – (International) ‘Guy Kills Girlfriend’ scams spread virally on Facebook. Security researchers warn of several Facebook scams that lure users onto deceptive survey pages via fake news headlines about a man killing his girlfriend. The links take users to pages promoting rogue Facebook apps. In one case, the page promotes a fake news application and displays a message reading “She had forgotten to close her session on the world’s biggest social network. Her boyfriend came back home early and found this message in her inbox...” This is meant to peak the user’s interest and is followed by a “Click here to read the story” link. Doing so prompts a permission dialog from the rogue application asking for permission to post on their wall. The apps are the propagation mechanisms behind these scams and will spam the victim’s friends without their knowledge. Users who end up installing them are then asked to complete surveys, usually under the pretense of security verifications, in order to see the promised content. Source: http://news.softpedia.com/news/Guy-Kills-Girlfriend-Scams-Spread-Virally-on-Facebook-180115.shtml

55. January 21, H Security – (International) Twitter scareware wave. An apparently large number of links leading to scareware sites were spread via Twitter January 20. The page links were disguised using short URLs from goo.gl and advertised as “Cool”, “Very Nice,” or “Google’s search page has done it again” in varying tweets by different users. Clicking on the link transferred users to a Web site that pretended to find numerous viruses after performing a bogus scan on a Windows PC. According to the Internet Storm Center, one of the files offered to solve the alleged problem contained in the SecurityShieldFraud scareware. Once installed, the malware contacted other servers; no further functional details have become available yet. It remains unknown how many Windows users have fallen victim to the attack. Whether the attackers used hacked accounts or stolen access data to send out the links via Twitter, or exploited existing Twitter accounts on infected PCs, is yet unclear. All scareware sites discovered in connection with this attack have now been shut down. Source: http://www.h-online.com/security/news/item/Twitter-scareware-wave-1174562.html

56. January 21, Softpedia – (International) Twitter flooded with free iPhone survey scams. Security researchers warn that waves of spam messages offering free iPhones and iPads have been flooding Twitter recently and lead users to various online scams. According to the GFI Software researchers who analyzed the attacks, the spam messages appear to be sent from both fake and compromised accounts. At their peak, the spam messages were coming in at a rate of over 1,300 per hour and read “want to find out how to get a free iphone? [link]” or “I just won a free iphone and ipad! [link].” Some of the rogue links are displayed in full, while others are shortened via bit.ly. The links take users to pages inviting them to a trial program, which involves testing an iPhone and getting to keep it. In order to sign up for the alleged program, the site asks users to disclose their e-mail address and personal information. Source: http://news.softpedia.com/news/Twitter-Flooded-with-Free-iPhone-Survey-Scams-179756.shtml

Communications Sector

Nothing to report