Monday, May 2, 2011

Complete DHS Daily Report for May 2, 2011

Daily Report

Top Stories

• According to, 1 person is dead, and 73 people in 35 states have been sickened in an outbreak of salmonella poisonings linked to clinical and teaching microbiology laboratories. (See item 35)

35. April 29, – (National) Salmonella outbreak linked to microbiology labs. One person is dead and at least 10 have been hospitalized in an outbreak of salmonella poisonings linked to clinical and teaching microbiology laboratories across the nation, government health officials reported. Some 73 people in 35 states have been sickened by the bacteria since August, including some by a strain of Salmonella Typhimurium sold commercially for use in lab settings, the Centers for Disease Control and Prevention (CDC) said April 28. The ill include students and employees of the labs, as well as children who live in households of people who study or work at the labs. CDC officials warned that bacteria used in the labs can be transmitted through contaminated lab coats, pens, notebooks, car keys, and other items brought into the labs. Illnesses likely began August 20, 2010, with the most recent illnesses reported March 8, the CDC report said. Ill patients ranged in age from less than 1 to 91, with a median age of 24. Cases that developed after March 19 may not yet be included in the total because of the lag time in assessing and reporting illness. Illnesses have been tied to labs from Alaska to New York, with most reporting one or two cases. Five cases have been reported in Washington state and four in Minnesota. The CDC is working with local and state health departments, the American Society for Microbiology, and the Association of Public Health Laboratories to track the outbreak. Source:

• United Press International reports Texas wildfires have scorched more than 2,390 square miles, and noted that as of April 28, officials were battling 15 major fires, burning more than 664,000 acres. (See item 59)

59. April 28, United Press International – (Texas) Texas wildfires scorch 2,390 square miles. Texas wildfires have scorched more than 2,390 square miles across the drought-stricken state, the Texas Forest Service (TFS) said April 28. “The state has responded to 886 fires that have burned 1.53 million acres,” a spokeswoman said in an e-mail. The acreage figure translates to slightly more than 2,390 square miles. Three people were reported killed in the fires, including two volunteer firefighters, and an estimated 400 homes were destroyed, officials said. Dozens of other homes and ranches were threatened. The service said April 28 it was “working on 15 major fires burning more than 664,000 acres” in 17 counties. Firefighters from 34 states fought the blazes on the ground and from the air, with helicopters fitted with tanks, known as helitankers, and with air tankers, also known as water bombers, dropping hundreds of thousands of gallons of retardant on the blazes. Low humidity and heightened winds were making containment difficult, TFS said. The weather was forecast to stay dry until May 2, when isolated thunderstorms were predicted for some areas. Ninety percent of the windswept fires were started by humans, officials said. Source:


Banking and Finance Sector

15. April 28, Bank Info Security – (Florida) Tax fraud hits Florida. So far, more than 70 South Florida victims have been affected by fraudsters hijacking their identities and filing fraudulent tax returns, Bank Info Security reported April 28. Among the known cases are two public works employees in Fort Lauderdale, and six employees of the Miami Association of Realtors. Most of the fraudulent returns were filed electronically, according to reports, using someone else’s name and Social Security number. In most cases, the thieves had funds electronically routed to bank accounts, and then quickly withdrew the funds using debit cards at ATMs. No connection has been reported between these incidents and the recently discovered breach at the Social Security Administration (SSA), which exposed personally identifiable information for some 37,000 people between May 2007 and April 2010. The SSA breach, announced earlier in April in an audit summary compiled by the SSA Inspector General, involved the sale information in the Death Master File that erroneously contained information about living people. The Death Master File contains information about persons who had Social Security numbers and whose deaths have been reported to the SSA. The IRS is not commenting on the South Florida tax fraud incidents, but the head of the Identity Theft Resource Center said the identities were likely stolen from an outside source months or even years ago. Source:

16. April 28, Associated Press – (New Jersey) Police interrupt NJ bank robbery; suspect wounded. On April 28, police in Rutherford, New Jersey interrupted a bank robbery in progress and pursued a suspect onto Union Avenue. The confrontation ended with the unidentified suspect injured and taken to a local hospital, the Bergen County prosecutor’s office said. There was no immediate word on his condition, or on whether any money was stolen or recovered. The robbery attempt occurred at a Chase Bank branch across from a middle school. In an e-mail, the FBI’s Newark division said no police or bystanders were injured. It was not immediately clear whether the suspect fired any shots at police. Source:

17. April 28, Reuters – (International) Sony breach could cost card lenders $300 million. Credit card lenders could be facing more than $300 million of card replacement costs if customers affected by the Sony Corp. data breach decide to replace their credit cards. Analysts have previously estimated the incident could cost Sony more than $1.5 billion, but this is the first time they have put a price tag on how much major lenders will also suffer. The FBI is working with federal prosecutors in San Diego, California as agents try to determine the facts and circumstances surrounding the alleged crimes, an FBI spokesman said April 28. Each customer request to replace a credit card would cost lenders about $3 to $5 per card, several analysts told Reuters April 27 and 28. Those costs would include the new piece of plastic itself, postage, and various customer service costs. Credit card lenders could also lose business from customers affected by the breach, even if they were quick to replace the cards. Consumers may also be reluctant to use a card they perceive as higher risk because it might have been involved in a hacking episode, even if the breach of security was not the issuer’s fault. The Sony breach was one of the biggest online data infiltrations ever. Source:

18. April 27, Bergen County Record – (New Jersey) Man admits robbing banks in Hackensack, Rutherford and three other towns. A Warren County, New Jersey, man who was once part of a bank robbery duo dubbed “Bonnie and Clyde on heroin” pleaded guilty April 27 to stealing $18,000 from banks in Hackensack, Rutherford, and three other towns during a 6-week crime spree earlier this year. The 46-year-old admitted to a U.S. district judge in Trenton, New Jersey that he held up five banks in three counties between January 29 and March 10. The man voluntarily surrendered to police 2 days after his last robbery, telling detectives the crimes weighed heavily on his conscience. He confessed to carrying a fake plastic pistol during the robberies, but never displayed it. He also told officers the robberies were driven by his heroin addiction. He pleaded guilty to five counts of bank robbery “by force, violence and intimidation.” He faces up to 20 years in prison on each count. In 1997, the man was sentenced to more than 6 years in federal prison for a string of bank holdups he staged with a getaway-car driver. The couple admitted robbing banks in Hackensack, Union City and Hasbrouck Heights, netting $10,000 to support their heroin habits. Source:

19. April 26, Northfield Patch – (Minnesota) FBI says Northfield Bank robber is suspect in Tuesday’s bank robberies. The FBI believes the man who robbed the US Federal Credit Union in Northfield, Minnesota, April 14 is responsible for two other bank robberies and one attempted bank robbery April 26. In less than 2 hours April 26, the FBI believes the man made a stop at three banking establishments. It is also believed the same man robbed the Sterling Bank in Savage April 11. The alleged Northfield robber is described as white and about 25-years-old, the FBI said. The man is about 5 feet 10 inches tall and between 190 and 210 pounds. He wore a black-hooded jacket, a dark mask that covered his face from below his nose, blue jeans, dark gloves, and black and white sneakers, the agent said. Source:

Information Technology

46. April 29, H Security – (International) Mozilla patches Firefox and Thunderbird. The Mozilla project has released new versions of Firefox and Thunderbird to address several critical issues found in the previous releases. The first update to Firefox 4.0, version 4.0.1, addresses a total of three vulnerabilities, two of which are rated as critical. The browser’s WebGLES feature contains bugs that could lead to crashes, potentially resulting in the execution of malicious code. The Windows version of Firefox was also found to have been compiled without ASLR which could allow an attacker to bypass ASLR’s protection against malicious code if a memory corruption flaw was found. Several critical memory safety bugs in the browser engine used by Firefox have also been corrected. These bugs reportedly contained evidence of memory corruption under certain circumstances. The developers presume that, with enough effort, some of them could be exploited to run arbitrary code. Updates have also been issued for the 3.5.x and 3.6.x branches of Firefox. These updates, versions 3.5.19 and 3.6.17, address the same memory safety bugs noted above, as well as five other vulnerabilities. The legacy branches of Firefox contain two further critical holes, a privilege escalation problem in the Java Embedding Plugin (JEP) which shipped with Mac OS X versions, and multiple dangling pointer vulnerabilities. Two moderate risk bugs and one low risk bug have also been corrected. The developers note that version 3.5.19 of Firefox will be the last planned security and stability update for the 3.5 branch and encourage all users to upgrade to the 4.0.x branch of Firefox. Mozilla has also released an update for Thunderbird, version 3.1.10. According to the release notes, the update includes several performance, stability and security fixes. Source:

47. April 28, Computerworld – (International) Microsoft fixes Office flaws found in Patch Tuesday updates. Microsoft April 28 issued a fix for a problem in its Outlook 2007 e-mail client caused by an update that shipped 2 weeks ago. It was the second time in the last 6 days that Microsoft patched bugs introduced in Office applications by updates it issued April 12. “After installing the April 2011 Public Update, some Outlook 2007 users reported difficulty with print previewing messages,” Microsoft acknowledged in a post to its Office Updates blog. “To correct this issue, we have issued a public hotfix which you can download and install.” Although not a security update, the original Outlook 2007 fix appeared on Patch Tuesday, Microsoft’s monthly roll-out of bug updates. The April 12 update for Outlook was described as offering “stability and performance improvements.” Users quickly began reporting problems after installing the update, with some saying they could no longer send or receive e-mail, while others claimed that they could not print. Microsoft pulled the update from its Windows Update service. “This update was recalled by Microsoft and will be re-released shortly,” a company support document read. Source:

48. April 28, Softpedia – (International) Obama birth certificate image search results poisoned. Security researchers warned that Google Image searches for the U.S. President’s birth certificate have been poisoned with malicious links that lead users to scareware. This new black hat SEO campaign was prompted by the White House’s decision to release the President’s long-form birth certificate in order to put to rest the controversy surrounding his birthplace. News of the extended version being released has led to a lot of Google Image searches for “[President’s name] birth certificate,” which in turn provided an opportunity for attackers. Security researchers from GFI Software warn that links leading users to drive-by download attacks have made their way on the first page of results returned for the aforementioned keywords. The malicious pages load an exploit for a known Java vulnerability. If successful, the attacks result in the installation of a scareware application called “Security Shield” on the victims’ computers. The fake antivirus program currently has a very low detection rate according to an Virus Total scan, however it is not the only malicious application distributed as part of this campaign. According to a senior security researcher at GFI, other results distribute a well known rogue AV program called XP Anti-Spyware 2011. Source:

49. April 28, H Security – (International) Microsoft releases out-of-schedule update for anti-malware tool. Microsoft will support the FBI in its efforts to combat the Coreflood/Afcore botnet by releasing an out-of-schedule update for its Windows Malicious Software Removal Tool (MSRT). The company usually only updates the tool on the second Tuesday of every month, and it seems that the criminals behind Coreflood were aware of this as they circulated new variants of the worm at about the same time as Microsoft released its April MSRT update. Microsoft said the update also provides additional enhancements to the MSRT engine for other malware families. Coreflood is considered one of the longest-running botnets ever. Experts estimate the botnet has already been active for 10 years and could have infected more than 2 million computers during that time. Large parts of Coreflood are now controlled by the FBI. If an infected computer contacts a U.S. government-controlled command and control server, the bot will receive instructions to terminate. However, the termination is only valid until the next reboot. Users who want to permanently remove the malware from their systems must use an anti-malware tool such as MSRT. Source:

Communications Sector

50. April 29, Help Net Security – (National) DSL Reports intrusion compromises over 9,000 accounts. DSL Reports — the information and review site on high speed Internet services which operates over 200 forums — was hit with a blind SQL injection attack, which resulted in the compromise of at least 9,000 accounts. The founder of DSL Reports posted a notification about the intrusion on the forum dedicated to the site, in which he specified that no log-in names, zip codes, or private posts were compromised. The attack went on for 4 hours April 27, and it was blocked before it had completed more than 8 percent of its work. All the same, the attackers managed to obtain a large number of e-mail/password pairs. Source:

51. April 28, Computerworld – (National) Verizon restores LTE data network after outage. Verizon Wireless said its 4G LTE network was back “up and running” April 28 after a nationwide outage that began late April 26. As a result of the nationwide LTE outage, which lasted more than a day, Verizon customers could not get the faster LTE data service on their smartphones and were reverted to slower 3G service or the even slower CDMA 1xRtt service, Verizon said in a statement April 27. Voice and text service were not affected on Verizon’s first LTE phone, the ThunderBolt, because LTE only handles data. Source:

52. April 28, Associated Press – (International) Yahoo email outage frustrates free service’s users. Yahoo’s e-mail service suffered an outage that may be preventing a large number of users from getting into their in-boxes. The company apologized for the breakdown that occurred April 28 without specifying how many people were affected. Most users had no problem logging into their Yahoo e-mail accounts. ComScore Inc. indicates Yahoo Inc. had 284 million e-mail users worldwide in March, which means hundreds of thousands could have been locked out of their inboxes, even if the trouble only affected a small fraction of Yahoo’s users. Source: