Wednesday, February 2, 2011

Complete DHS Daily Report for February 2, 2011

Daily Report

Top Stories

• According to NBC New York, Security officials are warning the leaders of major Wall Street banks that al Qaeda terrorists in Yemen may be trying to plan attacks against those financial institutions or their leading executives. Intelligence officials stress the threats are general in nature and there is “no indication of a targeted assassination plot” against any Wall Street executive. (See item 16)

16. February 1, NBC New York – (International) Wall Street execs on new terror threat info. Security officials are warning the leaders of major Wall Street banks that al Qaeda terrorists in Yemen may be trying to plan attacks against those financial institutions or their leading executives. Intelligence officials stress the threats are general in nature and there is “no indication of a targeted assassination plot” against any Wall Street executive. But NBCNewYork.com has learned officials fear the names of some top banking executives have been discussed by terror operatives overseas. Intelligence analysts added they have a general but growing concern that operatives in Yemen may again try to send package bombs or biological or chemical agents through the mail to Wall Street bankers. In recent weeks, the FBI’s Joint Terrorism Task Force and NYPD officials have been briefing bank executives and their security departments on the nature of the threat information. Much of it gleaned from al Qaeda writings like ‘Inspire’ magazine that recently warned of attacks targeting financial institutions. The latest “Inspire” issue also made reference to trying to use Anthrax in an attack, officials said. NBC terror consultants also point to the web writings of an al Qaeda blogger who recently wrote, “Rush my Muslim brothers to targeting financial sites and the program sites of financial institutions, stock markets and money markets.” Banks like Goldman Sachs, Citibank, JP Morgan Chase, Barclays and others have received updated security briefings from the FBI’s JTTF, security officials told NBCNewYork. Source: http://www.nbcnewyork.com/news/local-beat/Exclusive-Wall-Street-Execs-On-New-Terror-Threat-Info-114985979.html

• USA Today reported that U.S. airlines have collectively canceled nearly a quarter of all the nation’s flights February 1, the result of a major winter storm affecting an area stretching from New Mexico to New England. On February 1 alone airlines have canceled 6,364 flights as of 1 p.m. ET, said the CEO of the flight-tracking site FlightAware.com. (See item 23)

24. January 31, Truckinginfo.com – (National) FMCSA proposes EOBR mandate for all interstate drivers. The Federal Motor Carrier Safety Administration is proposing that all interstate trucks and buses be equipped with electronic onboard recorders to track driver hours. The rule would apply to all carriers now required to maintain Records of Duty Status (aka logbooks), which amounts to 500,000 commercial carriers. The rule would not apply to short-haul interstate carriers that use timecards to document hours of service. The agency at the same time is proposing to relieve interstate carriers from certain supporting documents requirements for hours of service compliance. Motor carriers will be given 3 years from the effective date of the final rule to comply with these requirements. Under the proposal, violations of the EOBR requirement would face civil penalties of up to $11,000 for each offense. Noncompliance would also negatively impact a carrier’s safety fitness rating and Department of Transportation operating authority, the agency said. Source: http://www.truckinginfo.com/news/news-detail.asp?news_id=72842&news_category_id=3

Details

Banking and Finance Sector

16. February 1, NBC New York – (International) Wall Street execs on new terror threat info. Security officials are warning the leaders of major Wall Street banks that al Qaeda terrorists in Yemen may be trying to plan attacks against those financial institutions or their leading executives. Intelligence officials stress the threats are general in nature and there is “no indication of a targeted assassination plot” against any Wall Street executive. But NBCNewYork.com has learned officials fear the names of some top banking executives have been discussed by terror operatives overseas. Intelligence analysts added they have a general but growing concern that operatives in Yemen may again try to send package bombs or biological or chemical agents through the mail to Wall Street bankers. In recent weeks, the FBI’s Joint Terrorism Task Force and NYPD officials have been briefing bank executives and their security departments on the nature of the threat information. Much of it gleaned from al Qaeda writings like ‘Inspire’ magazine that recently warned of attacks targeting financial institutions. The latest “Inspire” issue also made reference to trying to use Anthrax in an attack, officials said. NBC terror consultants also point to the web writings of an al Qaeda blogger who recently wrote, “Rush my Muslim brothers to targeting financial sites and the program sites of financial institutions, stock markets and money markets.” Banks like Goldman Sachs, Citibank, JP Morgan Chase, Barclays and others have received updated security briefings from the FBI’s JTTF, security officials told NBCNewYork. Source: http://www.nbcnewyork.com/news/local-beat/Exclusive-Wall-Street-Execs-On-New-Terror-Threat-Info-114985979.html

17. February 1, SC Magazine UK – (International) Stock exchanges in the UK and US come under advanced and persistent attack. The British and United States stock exchanges have reportedly enlisted the help of the security services after finding out they were the victims of cyber attacks. According to media reports, the London Stock Exchange (LSE) is investigating a terrorist cyber attack on its headquarters last year, while US officials have traced an attack on one of its exchanges to Russia. A report from The Times said that it had been told by ‘well-placed intelligence sources’ that the London Stock Exchange was trying to find the source of the attack, while a cyber security expert is reported as saying that the threat is ‘advanced and persistent’. The Associated Press said that officials suspect the attacks were designed to spread panic among markets and destabilize western financial institutions. Source: http://www.scmagazineuk.com/stock-exchanges-in-the-uk-and-us-come-under-advanced-and-persistent-attack/article/195398/

18. January 31, Wall Street Journal – (International) Foreign banks evacuate staff from Egypt. A number of international banks with operations in Egypt have begun evacuating some foreign staff from the country, joining other firms that are beginning to ferry personnel out as the political turmoil continues. Citigroup Inc. said it evacuated some non-Egyptian employees from the country Sunday night, while Barclays PLC and HSBC Holdings Inc. also both said they had evacuated “a small number” of expatriates. Citigroup said it has about 600 employees in the country, the “vast majority” of whom are locals, a spokeswoman said Monday morning. Citi helped those foreign national employees who wanted to leave get out Sunday night, she said. Barlcays said it pulled fewer than 10 employees. HSBC said about 10 of its 2,100 employees are foreign-born and that it has relocated some of those to Dubai. J.P. Morgan Chase & Co. said it has about 10 employees in Cairo and that all are safe there. Branches of all banks in the country are closed Monday, at the recommendation of the Egyptian central bank. Source: http://blogs.wsj.com/dispatch/2011/01/31/foreign-banks-evacuate-staff-from-egypt/

19. January 31, Canton Repository – (Ohio) FBI links four area bank robberies to same man. FBI agents in Canton suspect a man who robbed the Chase Bank at 1207 W. State St. in Alliance January 28 robbed three other area banks. At 3:30 p.m. January 28, a man approached a Chase teller and demanded money. He was given undisclosed amount and ran west on State. The robber is described as a black man with a mustache, about 5-feet 7-inches to 5-feet-10-inches tall and weighing between 160 and 180 pounds. He appears to be in his 40s or 50s. Agents believe he is the same man who robbed the U.S. Bank branch in Giant Eagle at 3100 Cromer Ave. NW in Canton on December 4, Chase Bank on S. Arlington Road in Akron on January 3, and the Huntington National Bank branch at 4879 Portage St. NW in Jackson Township on January 12. The man who robbed the Alliance bank January 28 was wearing a gray shirt, blue jeans, a black floor length leather coat, and black baseball cap with embroidered lettering or a logo in the center. In the first three robberies, the man wore a black winter coat with a hood and toggle-type buttons and a Chicago White Sox baseball cap that had a white brim and lettering. Source: http://www.cantonrep.com/newsnow/x10542312/FBI-links-four-area-bank-robberies-to-same-man

20. January 31, Softpedia – (International) Phishers target Italian credit card provider CartaSi. Security researchers from German antivirus vendor Avira warn of several phishing scams targeting customers of CartaSi, an Italian credit card provider. There were a total of four attacks, all of them using different lures to trick users into clicking on the phishing URLs. According to a data security expert at Avira, the e-mails are being sent by botnets from around the world and bear fake headers to appear as coming from official-looking CartaSi addresses. Some of the messages use traditional tricks such as warning the recipients that they need to activate their accounts or re-confirm their information. Others inform potential victims that they qualify for a fidelity bonus. Recipients are asked to log into their accounts withing 48 hours before the offer expires. All phishing e-mails lead customers to spoofed CartaSi pages designed to steal their personal data or online banking credentials. The number of phishing attacks has increased since the beginning of 2011, particularly because of the tax season starting in several countries. The week of January 23 there was a huge wave of tax refund-themed e-mails that spoofed taxation authorities in the United Kingdom, the United States, and Australia. Source: http://news.softpedia.com/news/Phishers-Target-Italian-Credit-Card-Provider-CartaSi-181533.shtml

Information Technology

54. February 1, Help Net Security – (International) Vulnerabilities in Cisco WebEx conferencing applications. Core Security Technologies disclosed stack overflow vulnerabilities affecting the Cisco WebEx applications used to conduct Web-based video conferencing. They identified vulnerabilities that can compromise end-user machines and can cause the computers to crash. They discovered two separate vulnerabilities, each affecting a separate Cisco WebEx application. First, the research team manipulated a file created by the Cisco WebEx recorder (carrying the .WRF extension) and played by the WebEx player. A portion of the new file’s execution pointed to a user call instruction and allowed a hacker to execute other functions on the machine. Second, the research team made a slight change to the XML code within a file that governs polling functionality within Cisco WebEx Meeting Center. The resulting code, when published as a poll during a presentation, crashed the machine and ultimately affected other machines connected to the WebEx meeting, causing the other participants’ machines to crash. Source: http://www.net-security.org/secworld.php?id=10515

55. February 1, Softpedia – (International) Scammers spread account closure FUD on Facebook. Facebook users are warned that claims of accounts being closed en masse are scams that trick them into installing rogue apps and participating in surveys. According to antivirus vendor Sophos, the rogue messages sent from the accounts of people who fell for these scams informs users that unless users update, their accounts will be shut down. The message contains a link that takes users to a rogue app called “Update your Acc Urgent” which asks for permission to post on users’ walls. If the app is installed, users will unknowingly start spamming their friends and will be directed to a page asking them to verify their identity by filling out a survey. In the background, the page displays a fake message allegedly from Facebook’s founder and CEO, which announces the introduction of an “active account verification process” due to the overpopulation of the website. Source: http://news.softpedia.com/news/Scammers-Spread-Account-Closure-FUD-on-Facebook-181826.shtml

56. February 1, Softpedia – (International) PlentyOfFish resets user passwords following hack. Online dating website PlentyOfFish has reset user passwords after hackers managed to extract people’s registration information by exploiting vulnerabilities in the platform. According to an independent security journalist, the compromise was first reported by an Argentinian hacker who demonstrated a proof-a-concept to him. The hacker claims that he is not the only one to have obtained unauthorized access to the PlentyOfFish database and that the site’s database is being circulated in the hacking community. “Plentyoffish was hacked last week and we believe e-mails usernames and passwords were downloaded,” the founder of PlentyOfFish wrote in a blog post. “We have reset all users passwords and closed the security hole that allowed them to enter,” he stressed. The dating site, which is popular in Canada, the United Kingdom, and the United States, has over 145 million visitors a month and over 10 million registered users. In a later statement, the company noted that only 345 accounts had their password exposed, which would make it a relatively limited breach. Source: http://news.softpedia.com/news/Plentyoffish-Resets-User-Passwords-Following-Hack-181789.shtml

57. February 1, Softpedia – (International) VLC media player hit by new critical vulnerability. A new critical vulnerability has been identified in the popular VLC media player and can potentially be used by attackers to execute arbitrary code remotely. The vulnerability affects VLC 1.1.6, the latest stable version of the player, and is located in the MKV demuxer, the component used to parse Matroska or WebM video files. The flaw is the result of insufficient input validation and was reported by a member of VSR (Virtual Security Research). According to the advisory published by the VideoLAN Project, the VLC developers were first notified about the vulnerability January 26, which was too late to include a fix in VLC 1.1.6. The Matroska project contributed a patch to the VLC source code January 29, which consists of a single line that solves the input validation problem. Attackers can exploit the vulnerability by tricking users into opening a maliciously crafted .MKV or WebM files. This can also be done over the Web because of VLC’s ActiveX and Firefox plugins. The VLC ActiveX control is installed by default, but the VLC Netscape plugin needs to be manually selected during installation. Source: http://news.softpedia.com/news/VLC-Media-Player-Hit-by-New-Critical-Vulnerability-181754.shtml

58. February 1, Softpedia – (International) Fake failed package delivery notifications spread SpyEye. Security researchers warn of a SpyEye distribution campaign which generates failed delivery notifications that purport to originate from a package delivery service. According to Belgian e-mail security provider MX Lab the rogue e-mails bear a subject of “Post Express Service. Package is available for pickup! NR1535” and come from a spoofed address. The message contained within is consistent with traditional package delivery failure alerts that have been used by malware distributors before. The e-mails are signed by “Post Express Service,” but the only service with that name that we could identify is located in Serbia. Source: http://news.softpedia.com/news/Fake-Failed-Package-Delivery-Notifications-Spread-SpyEye-181733.shtml-

59. January 31, Reuters – (International) Intel discovers chip flaw in midst of major launch. Intel Corp. found a defect in its new Sandy Bridge chip, hurting its credibility during a major product launch and at a time when demand for microprocessors in PCs is being threatened. The company said January 31 it stopped shipments of the chip used in personal computers with its Sandy Bridge line of processors and has already started production of a new version. The Santa Clara, California, company said the defect was discovered after it shipped more than 100,000 of the chips to computer manufacturers getting ready to sell new PC models with the Sandy Bridge processor, which Intel touts as its biggest-ever leap in processing power. Had the problem gone undiscovered, about 5 percent of PCs using the new chipsets could have failed over a 3-year period, the vice president and director of PC Client Operations at Intel, said. Intel said its engineers zeroed in on the newest defect the week of January 23 after manufacturers stress-tested the chips with high voltage and temperatures. The flaw could have stopped computers from being able to communicate with their hard disk drives or DVD drives. Source: http://www.reuters.com/article/2011/01/31/us-intel-idUSTRE70U4DH20110131?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+reuters/technologyNews+(News+/+US+/+Technology)

60. January 31, Help Net Security – (International) New malware strains wreaking havoc on Facebook. PandaLabs announced the discovery of security exploits via popular social media sites Facebook and Twitter. In the last several days, two new malware strains have been wreaking havoc on Facebook users. The first, Asprox.N, is a trojan delivered via e-mail informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. Source: http://www.net-security.org/malware_news.php?id=1609

Communications Sector

61. January 31, Albany Times-Union – (New York) Thieves drive off with fiber-optic equipment. Equipment meant to be used to install fiber optics near the Northway wound up in the hands of thieves, State Police said. The state Department of Transportation contracted with Control Network Communications to do the installation, and the firm’s workers brought the equipment to the east side of the Northway just north of the Twin Bridges on January 27. Sometime between 10:17 and 10:51 a.m., the equipment was stolen. The stolen equipment includes a rig for splicing fiber optic cable, two 50-foot extension cords, a tube splitter, a socket set and a five-gallon gas can. State Police in Clifton Park are seeking help from motorists who may have seen the equipment being loaded into a vehicle and driven away. Source: http://www.timesunion.com/local/article/Thieves-steal-fiber-optic-equipment-988042.php

62. January 31, The News - Gazette – (Illinois) State fines AT&T for outage that hit Urbana. Commerce Commission has found AT&T at fault for a days-long interruption in its own service in November that affected an undetermined number of customers in Urbana. Director of AT&T regulatory, said the communications company will not appeal a $2,700 fine doled out by the ICC, which it learned of last week. The ICC sent the company a letter dated January 27, saying that AT&T was responsible because USIC Locating Services Inc., the subcontractor it hired to do the underground utilities location, had not properly marked the area on the University of Illinois Quadrangle being excavated. About 8:30 a.m. on November 18, Midwest Engineering and Testing Inc. of Champaign was digging for a core soil sample at the northwest corner of Noyes Lab on the UI Quad in Urbana, when an auger struck a duct system containing telecommunication cables owned and operated by AT&T. The hit resulted in interrupted phone, Internet and credit card service to many businesses and residences in Urbana – some for almost four days – and even caused some 911 phone lines at METCAD in east Urbana to have to be rerouted for several hours. It’s not clear if anyone tried to make calls to 911 and couldn’t get through. Employees there noticed the service interruption almost immediately and took steps to get back-up systems running within minutes. METCAD Deputy Director said the agency never received any complaints of lost calls. He expressed relief that the break happened at a time of day when calls for service are typically low. Source: http://www.news-gazette.com/news/politics-and-government/2011-01-31/state-fines-att-outage-hit-urbana.html

Tuesday, February 1, 2011

Complete DHS Daily Report for February 1, 2011

Daily Report

Top Stories

• Federal law enforcement officials announced the arrest of an Ohio man for possessing ricin, a deadly toxin that can be used as a biological weapon, CNN reports. (See item 34)

34. January 28, CNN – (Ohio) FBI charges Ohio man with possessing toxin. Federal law enforcement officials announced the arrest of an Ohio man for possessing a toxin that can be used as a biological weapon January 28. FBI officers arrested the man after tests showed a substance removed from the Coventry Township man’s home was ricin. Ricin is a poison manufactured from castor beans. The suspect was charged with one count of unlawful possession of a biological agent. Authorities do not believe the substance was to be used in a terrorist act. The arrest took place 3 days after special FBI hazardous materials teams from Pittsburgh, Pennsylvania, and Quantico, Virginia, Summit County sheriff’s deputies, and firefighters from three Ohio departments responded to the suspect’s home, which was in foreclosure. Tests conducted at the National Bioforensic Analysis Center in Maryland confirmed the substance was ricin, an FBI special agent said. “Ricin is a very poisonous toxin that certainly can be fatal if it’s injected or you breathe it in or you eat it,” he said. Source: http://articles.cnn.com/2011-01-28/us/ohio.ricin.arrest_1_castor-beans-ricin-ohio-man?_s=PM:US

• According to Associated Press, authorities arrested a California man traveling with explosives in his vehicle with the intention of blowing up one of the nation’s largest mosques in Dearborn, Michigan. (See item 56)

56. January 31, Associated Press – (Michigan) Man arrested with explosives at Michigan mosque. A 63-year-old Southern California man who was traveling with explosives in his vehicle with the intention of blowing up one of the nation’s largest mosques where mourners had gathered for a funeral was arrested in the Detroit suburb of Dearborn, Michigan, authorities said January 30. Dearborn police said the man was arraigned January 26 on one count of making a false report or threat of terrorism, and one count of possessing explosives with an unlawful intent. He had a large but undisclosed quantity of class-C fireworks including M-80s, which are outlawed in Michigan, a police chief said. He was arrested January 24 without incident in the parking lot of Islamic Center of America, while a large group was gathered inside. He said police received a 911 call from a resident. The police chief said authorities believe he was acting alone but still take him “very seriously.” He said the suspect has “a long history of anti-government activities.” The police chief said he called the mosque leader January 25 to let him know of the arrest, and later met with mosque board members. He said members shared concerns about copycat crimes if the arrest was publicized. The suspect remained jailed January 30 on a $500,000 bond. A preliminary examination is scheduled for February 4. Source: http://www.google.com/hostednews/ap/article/ALeqM5iOXULcE-kwqDvZ3kAHtVJhIRgLtA?docId=949fec1a2202400bb04855d3b943d1ca

Details

Banking and Finance Sector

12. January 31, Help Net Security – (National) ATM skimmers don’t even have to be on the ATM. Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN. Unfortunately, sometimes even that is not enough to stop fraudsters. A security analyst has discovered a type of attack that can not be detected by users because there’s nothing off on the machine or close enough to it to make them suspicious. The analyst said the new tactic is employed to steal data from users who prefer to use ATMs located in the antechamber of a bank or building lobby. Access to these machines is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card. The analyst said crooks have devised a way to add a skimmer to these locks, so they record card information. When customers finally access the ATM, those of them who do not take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above the ATM — which they assume is there to allow them to see if someone is standing behind them. Source: http://www.net-security.org/secworld.php?id=10513

13. January 30, TulsaWorld – (Oklahoma) Bank robbed minutes after gunman thwarted elsewhere. Tulsa police are investigating a bank robbery and an attempted bank robbery that happened within a half-hour January 29. Police were called to the Arvest Bank at 2500 E. Edison St. just after 10:45 a.m. after a masked man tried to enter the bank. A teller saw the man approach and locked the front door before he could enter. When he could not open the door, the man fired a shot into the ground before leaving, a police official said. The man was described as black, between 5 foot 7 inches and 5 foot 10 inches tall and weighing between 160 to 175 pounds. He wore a red hooded sweatshirt, black bandanna, black pants and black shoes and carried a small-caliber revolver. Twenty minutes later, a man with a similar description robbed the Arvest Bank at 36th Street and Yale Avenue. The man jumped the counter and demanded money; he ran west from the bank, police said. The suspect wore a multicolored stocking cap, blue nylon rain jacket, black pants and black-and-red shoes. He also carried a small-caliber pistol. Source: http://www.tulsaworld.com/webextra/content/2010/crimesite/article.aspx?subjectid=450&articleid=20110130_11_A12_Tlaplc366774

14. January 30, McClatchy-Tribune Information Services – (California) Skimming device at Terra Linda Chase Bank results in thefts. Chase Bank has confirmed a skimming device attached to an ATM at its Terra Linda, California branch siphoned money from customers’ accounts. Customers said perpetrators withdrew money from victims’ accounts just after the Martin Luther King Jr. Day weekend, but the bank declined to provide details about the thefts, citing an active investigation. “We investigate all reported skimming activity and are working closely with law enforcement,” a JPMorgan Chase spokeswoman said in a statement. “Any customer who sees unusual or suspicious activity on their account should report it to the bank immediately. If we confirm a transaction was not initiated by the customer, the customer has zero liability.” Skimming devices often work with cameras and other equipment to record bank account data and personal identification numbers from ATM machines, and from debit card scanners at gas stations. Source: http://robotics.tmcnet.com/news/2011/01/30/5276520.htm

15. January 29, San Diego North County Times – (California) ‘Geezer bandit’ hits bank No. 13. The “Geezer Bandit” has struck again, this time in Santa Barbara County, California the 13th strike for the notorious bank robber. And it appears he is continuing to work his way north. The latest heist took place in Goleta, near Santa Barbara, at a Bank of America branch on 5892 Calle Real about 6 p.m. January 28. The man believed to be the Geezer Bandit reportedly threatened a teller with a weapon and demanded money, according to a written news release from the FBI. The teller complied with his demand and delivered a sum of money to the robber. Any information leading to the arrest and conviction of the Geezer Bandit still has a hefty reward attached to it. The FBI. has been offering a $20,000 reward for information on the thief since December 2010. Source: http://www.nctimes.com/news/local/sdcounty/article_a2f1a2eb-637d-56da-b23d-db84dfc12ed3.html

16. January 29, United Press International – (Illinois) Guards foil robbery attempt, killing one. The attempted robbery of an armored truck in Chicago, Illinois, left one of the would-be robbers’ dead and the other in critical condition, police said. The two men attempted to rob a Garda armored truck as it was making a pickup at a Family Dollar store January 28, and a guard shot and killed one of the men, the Chicago Tribune reported January 30. The dead man was a 52 year-old from Chicago who had served time in prison for armed robbery in 1990. Police said one suspect held a guard in a choke hold while the second put what turned out to be a fake shotgun to his chin. The guard broke loose and fatally shot one of the suspects in the head. Another guard, who had been inside the armored vehicle, stepped out and shot and critically wounded the second man. He was in critical condition at Mt. Sinai Hospital. Neither guard was injured. Source: http://www.upi.com/Top_News/US/2011/01/29/Guards-foil-robbery-attempt-killing-one/UPI-72411296314792/

17. January 29, BankInfoSecurity.com – (National) 4 banks close on Jan. 28. First Community Bank, Taos, New Mexico, is the largest of four banks to fail January 28. The $2.31 billion institution was subsequently acquired by U.S. Bank, National Association, Minneapolis, Minnesota. It was the 11th failed bank so far in 2011. FirsTier Bank, Louisville, Colorado, was closed by the Colorado Division of Banking, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. To protect depositors, FDIC created the Deposit Insurance National Bank of Louisville (DINB), which will remain open until February 28, to allow depositors access to insured deposits and time to open accounts at other insured institutions. As of September 30, FirsTier Bank had $781.5 million in total assets and $722.8 million in total deposits. FDIC estimates the cost to the Depositors Insurance Fund (DIF) will be $242.6 million. Evergreen State Bank, Stoughton, Wisconsin, was closed by the Wisconsin Department of Financial Institutions, which appointed FDIC as receiver. FDIC entered into a purchase and assumption agreement with McFarland State Bank, McFarland, Wisconsin, to assume all of Evergreen deposits. As of September 30, Evergreen had about $246.5 million in total assets and $195.2 million in total deposits. McFarland assumed all of Evergreen’s deposits and agreed to purchase all assets. FDIC estimates the cost to the DIF will be $22.8 million. The First State Bank, Camargo, Oklahoma, was closed by the Oklahoma State Banking Department, which appointed FDIC as receiver. FDIC entered into a purchase and assumption agreement with Bank 7, Oklahoma City, Oklahoma, to assume all deposits of First State. As of September 30, First State had about $43.5 million in total assets and $40.3 million in total deposits. Source: http://www.bankinfosecurity.com/articles.php?art_id=3307

Information Technology

48. January 31, H Security – (International) New critical vulnerability in VLC Media Player. Update 1.1.6, released the week of January 23, fixed a critical vulnerability in the VideoLAN project’s VLC Media Player. Now the project has reported a new vulnerability that can be exploited using specially crafted MKV (Matroska Video and WebM) films to inject malicious code onto a system and execute that code with the user’s privileges. All versions up to and including 1.1.6 are affected. The root of the problem lies with insufficient input validation in the MKV demuxer plugin (libmkv_plugin.*). The update consists of swapping a single line within a macro. The change has already found its way into the Git repository. An official update, version 1.1.7, is expected to be released shortly. Source: http://www.h-online.com/security/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html

49. January 31, H Security – (International) Data theft vulnerability in Android 2.3 not plugged. A security vulnerability in the Android browser that could be exploited to steal data, and was disclosed back in November 2010, is still exploitable in the latest version of the smartphone operating system (version 2.3, “Gingerbread”). A security researcher from the University of North Carolina (UNC) reports that it is possible to bypass the patch that was supposed to fix the vulnerability. He said he informed the Android Security Team of the problem January 26, and provided them with exploit code tested on a Nexus S. He stressed that it is not a root exploit. It runs within the Android sandbox and consequently only has access to some data, such as that stored on the SD card. No exploit for the vulnerability has been observed in the wild. Source: http://www.h-online.com/security/news/item/Data-theft-vulnerability-in-Android-2-3-not-plugged-1180183.html

50. January 29, Softpedia – (International) SourceForge resets all passwords following security breach. SourceForge, the world’s largest open source software repository, has reset the password for all of its users following a successful attack against its infrastructure. The SourceForge team discovered the security breach January 27 when exploits were found uploaded on several servers. A preliminary investigation revealed the attack originated on the CVS hosting server, but the actual attack vector has not been identified yet. As a result of the incident, some functionality was suspended, including CVS hosting, Web-based source code browsing (ViewVC), the capability to upload new releases, and the Interactive Shell services. A subsequent update posted on the site’s official blog did not reveal any more information except the team better understands what happened and how it can prevent it in the future. An e-mail went out to all users January 29, notifying them their passwords had been reset. SourceForge is operated by Geeknet, a firm that also owns and runs Slashdot, freshmeat, and ThinkGeek. Source: http://news.softpedia.com/news/Sourceforge-Servers-Compromise-Leads-to-Service-Downtime-181335.shtml

51. January 29, Softpedia – (International) Former Kaspersky employee responsible for leaked source code. The Kaspersky source code that recently made its way onto public Web sites was leaked by a former employee of the antivirus vendor who received a suspended prison sentence for intellectual property theft. Russian technology publication CNews quotes a Kaspersky Lab spokesperson, according to whom a former employee with legitimate access to the source code stole it in early 2008. It is not clear if he did it out of revenge or entirely for profit, but he ended up offering it for sale on the black market. Kaspersky issued a statement January 31 noting its former employee received a 3-year suspended prison sentence for his actions, and warning everyone against downloading the publicly available source code. Kaspersky claims the security of its current products is not at risk because they only contain a small part of the leaked code that does not concern protection functions. It is likely that having knowledge of the leak for almost 2 years, the company rewrote the most critical parts of the code and made significant changes to its technology. Source: http://news.softpedia.com/news/Former-Kaspersky-Employee-Responsible-for-Leaked-Source-Code-181367.shtml

52. January 28, Computerworld – (International) Microsoft warns of new Windows zero-day bug. Microsoft warned Windows users January 28 of a new unpatched vulnerability attackers could exploit to steal information and dupe people into installing malware. In a security advisory, Microsoft said a bug in its MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer. “The best way to think of this is to call it a variant of a cross-side scripting vulnerability,” the director of security operations at nCircle Security said. Cross-site scripting bugs (XSS), can be used to insert malicious script into a Web page that can then take control of the session. “An attacker could pretend to be the user, and act if as he was you on that specific site,” the security director said. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.” Source: http://www.computerworld.com/s/article/9206999/Microsoft_warns_of_new_Windows_zero_day_bug

Communications Sector

53. February 1, SC Magazine – (International) Egypt cuts off Internet to starve protests. Week-long protests against the Egyptian government have resulted in the state cutting Internet and mobile phone data services. US news organization National Public Radio said Egypt’s four primary Internet providers: Link Egypt; Vodafone/Raya; Telecom Egypt; and Etisalat Misr all stopped moving data in and out of the country at 12:34 a.m. January 31. Telecom experts said Egyptian authorities could have engineered the cut-off with a simple change to the instructions for the companies’ networking equipment. A statement by Vodafone Egypt said: “All mobile operators in Egypt have been instructed to suspend services in selected areas. Under Egyptian legislation, the authorities have the right to issue such an order and we are obliged to comply with it. The Egyptian authorities will be clarifying the situation in due course.” Those still able to access social media confirmed “Egypt now is a total black hole.” An Egyptian based in South Africa said: “We should be prepared for total mobile phone blackout tomorrow also (or at least in protest hotspots).” Source: http://www.securecomputing.net.au/News/246580,egypt-cuts-off-internet-to-starve-protests.aspx

54. January 31, IT Pro – (National) AASIP gives IPv6 as standard. Internet service provider (ISP) Andres and Arnold (AAISP) has confirmed it will be offering IPv6 capabilities as standard to customers. The ISP has been offering IPv6 as an opt-in choice for more than 8 years but, in light of the news IPv4 addresses are soon to run out, it has decided to bundle in IPv6 ability at no extra cost. “With the announcement that the final blocks of IPv4 address space have been allocated, it is clear that all ISPs, business and home users alike have to get themselves IPv6 ready,” the company said. Although it will be automatic for new customers, existing ones need to ask AAISP’s support to turn on the capability. Business customers should already have an IPv6 capable router but consumers may not. However, AAISP confirmed it hoped to have these available by the end of February. IPv4 is the Internet protocol numbering system in use since 1995, but a number of industry experts have warned it could be a matter of weeks before the allocation runs out. Back in November, one of the fathers of the Internet, called for government incentives to make people migrate to the new IPv6 system. Source: http://www.itpro.co.uk/630505/aasip-gives-ipv6-as-standard

55. January 31, Fierce Government IT – (National) White House supports D block reallocation to public safety. The Presidential administration will now support efforts to grant public safety license to a 10 megahertz swath of spectrum known as the D block, the DHS Secretary said January 27. She spoke at George Washington University, delivering what she said was the first of an annual address on the state of homeland security. The Federal Communications Commission (FCC) is under congressional mandate to auction the D block, which is located in the 700 MHz band, with the proviso the commercial licensee give public safety priority access to the band during emergencies. Many public safety groups have said that without them controlling the D block license, plans for a national broadband wireless network would not come to fruition. FCC’s position has been that public safety’s existing 10 MHz broadband license in the 700 MHz band is sufficient, and that failure to hold an auction would make the network unattainably expensive for many public safety agencies. FCC has envisioned growth of a private sector market for end-user devices that would be compatible with the D block and public safety’s existing 10 MHz license. If that market doesn’t materialize, due to there being no customers, costs of building out the network infrastructure would increase by billions of dollars, and that would “create a patchwork system across the country of haves and have-nots,” the chief of the FCC’s public safety and homeland security bureau has said. Source: http://www.fiercegovernmentit.com/story/white-house-supports-d-block-reallocation-public-safety/2011-01-31

For more stories, see item 49 above in the Information Technology Sector