Wednesday, June 8, 2011

Complete DHS Daily Report for June 8, 2011

Daily Report

Top Stories

• According to KPHO 5 Phoenix, several major wildfires burning across the state have closed nearly 150 miles of highways in eastern and southern Arizona. (See items 22, 58)

22. June 7, KPHO 5 Phoenix – (Arizona) 150 miles of state highway closed by wildfires. Several major wildfires burning across the state have closed nearly 150 miles of highways in eastern and southern Arizona, according to the Arizona Department of Transportation (ADOT). The Wallow Fire in eastern Arizona near Alpine has scorched more than 230,000 acres since it started May 29. ADOT said closures on state highways remain in effect June 7: State Route 373, a 4.5 mile-long highway that connects Greer with SR 260 west of Eagar; US 191 between Alpine and north of Clifton (mileposts 176-253); SR 261 and 273, the main access roads to Big Lake and Crescent Lake in the White Mountains. SR 261 starting about 7 miles south of SR 260 to Crescent Lake (mileposts 395-413) and SR 273 between Sunrise Park and Big Lake (mileposts 383-394); US 180 between the SR 260 junction near Eagar and the New Mexico state line (mileposts 403-433). Two major wildfires are active in southern Arizona, including the Murphy Fire, which has claimed nearly 40,000 acres in the Coronado National Forest near Rio Rico, and the Horseshoe Two Fire, which has engulfed over 100,000 acres in Cochise County near Portal. The following closures remained in effect June 7: SR 289 along mileposts 2-10, about 2 miles north of the Interstate 19 junction; SR 366 at milepost 118 leading up to Mount Graham near Safford. There is no estimated time to reopen the highways, according to ADOT. Source:

58. June 7, Associated Press – (Arizona; New Mexico; Colorado) Wildfire becomes 2nd largest in Ariz. history. A ferocious wildfire burning in eastern Arizona’s mountains June 7 is now the second-largest in state history, consuming 486 square miles, threatening several mountain towns and sending smoke as far away as Iowa. A fire spokeswoman said the fire has grown most on the north side, as winds whipped flames through the ponderosa pine forest. Only five structures have burned, but several mountain towns and thousands of people have been evacuated, and more than 150 miles of roads have been closed. About 2,500 firefighters, including many from several western states and as far away as New York, were working June 7 to contain the fire, a fire information officer said. Arizona’s governor signed an emergency declaration June 6 that allows the use of $200,000 in emergency funds and authorizes the mobilization of the National Guard if it becomes necessary. Haze from the fire was being carried as far as central Iowa, a National Weather Service meteorologist said. The smoke was also visible in New Mexico, Colorado, Nebraska, and Kansas. In eastern Colorado, the haze obscured the view of the mountains from downtown Denver and prompted some municipal health departments to issue air quality warnings. The 163-square-mile Horseshoe Two fire has devoured two summer cabins and four outbuildings since it started May 8, and is threatening two communities. The fire danger in Arizona prompted the full closure of the Coronado National Forest near Tucson that will begin June 9. Source:

• Associated Press reports that officials expect water to overtop 11 levees near the borders of Nebraska, Missouri and Iowa, and bury Hamburg, Iowa under several feet of water for weeks. (See item 65)

65. June 6, Associated Press – (Iowa; Missouri; Nebraska) Army expects full breach of Missouri River levee. Crews scrambled June 6 to protect a southwest Iowa town from the swollen Missouri River, but Hamburg officials said it is unclear whether they will be able to prevent the river from leaving the community under several feet of water for weeks. If efforts to pile massive sandbags on a faltering levee and build a secondary barrier fail, part of Hamburg could be under as much as 8 feet of water for a month or more, a fire chief said. Flooding along the river this summer — expected to break decades-old records — will test the system of levees, dams and flood walls like never before. The earthen levee that guards an area of farmland and small towns between Omaha, Nebraska, and Kansas City, Missouri has been partially breached in at least two places south of the Iowa-Missouri border. Emergency management officials expect new breaches in the coming days as the river rises. The last time the Missouri River crested at levels predicted for this summer happened in 1952, before most of the major dams along the river were built. The flooding is expected to last into mid-August. The U.S. Army Corps of Engineers will be releasing more water than it ever has from the dams by mid-June, meaning there likely will be other levee problems like the ones near Hamburg, said an official with the Corps’ water management office. Officials also predict that the water will get high enough to flow over at least 11 levees in the area near Hamburg in the corners of southeast Nebraska, southwest Iowa, and northwest Missouri. Source:


Banking and Finance Sector

15. June 7, New York Post – (New York; Illinois; Florida) Four charged in ATM skim scam. Four alleged high-tech thieves were charged June 6 with stealing at least $1.5 million through a scheme that involved installing illegal electronic equipment on four Manhattan, New York bank machines. Members of the gang replaced the key pads on ATMs at Chase branches in Midtown, Chelsea, and across from the United Nations in March and April 2010, court papers claim. The “skimming” devices allowed the suspects — who are from Romania and Austria — to remotely obtain customers’ PINs and loot their accounts, according to the Manhattan federal court indictment. The suspects did not confine their illegal activities to New York, prosecutors said, accusing them of also targeting Chase and Citibank branches in Miami, Florida and Chicago, Illinois. If convicted, the suspects face up to 60 years in prison. Source:

16. June 7, Charleston Daily Mail – (West Virginia) Former BB&T employee pleads guilty to stealing. A former teller supervisor for BB&T, pleaded guilty in U.S. district court June 6 to falsifying records and stealing at least $200,000. She was accused of stealing money from the branch from at least May 2004 to October 2007. The woman was a supervisor at the West Side branch of BB&T and its predecessors from 1977 to November 2007. She also previously held the positions of head teller and vault teller during her employment with the banking company. According to the indictment, she embezzled the money by making at least 26 false cash balance records of foreign currency, unfit, and mutilated bills in teller drawers, and the bank vault. That resulted in a charge of 26 counts of embezzlement, carrying a possible sentence of 30 years in prison, and a $1 million fine for every count. She admitted concealing the theft and the resultant cash shortage by making false entries in the books and records to make it appear as if the cash total reconciled when it did not. To further her embezzlement scheme, she recorded fictitious cash dollar amounts in her drawers. She also admitted that on other occasions, she would reduce the cash shown in her teller or vault drawer by creating fictitious cash-out tickets. Source:

17. June 7, Federal Bureau of Investigation – (National) Eric Lipkin: Another Bernie Madoff employee pleads guilty. A former employee in the investment advisory business of Bernard L. Madoff Investment Securities LLC (BLMIS), pleaded guilty June 7 to a six-count superseding information charging him with conspiracy, falsifying books and records of a broker-dealer, falsifying books and records of an investment adviser, bank fraud, and making false statements to facilitate a theft concerning the Employee Retirement Income Security Act (ERISA). He also agreed to cooperate with the government in its ongoing investigation of BLMIS. In 1996, the suspect and his co-conspirators began falsifying the books and records at BLMIS. He was also responsible for processing the payroll and administering the 401(k) plan at the firm, as well as preparing and maintaining internal payroll records. During his tenure at BLMIS, the suspect created false BLMIS books and records reflecting individuals who did not actually work at the firm. The 37-year-old New Jersey man faces a statutory maximum sentence of 70 years in prison. He will also forfeit at least $1.4 million as well as his interest in his home and various investment accounts. Source:

18. June 6, Softpedia – (International) Banking malware hosted on Amazon’s cloud. Security researchers from Kaspersky Lab have discovered a piece of Brazilian banking malware hosted on Amazon Web Services (AWS), and the cloud provider failed to respond in a timely manner. The malware installer was distributed from an account on Amazon’s Simple Storage Service (Amazon S3) as a .scr (screen saver) file. Once executed, it installs a rootkit which prevents several security products from running, including avast! Antivirus 5, AVG Antivirus, ESET NOD32, and Avira AntiVir. It also disables a browser security add-on called GBPlugin that is commonly distributed by Brazilian banks to their customers. The malware is designed to steal financial information from nine Brazilian banks and two international ones, log-in credentials for Microsoft’s Live Messenger, and digital certificates used by eTokens. In addition, it reports back with information about the infected computers, such as their name, CPU type, and hard drive volume numbers. Source:

19. June 6, Huffington Post – (National) Foreclosure fraud price tag: $20 billion. The nation’s largest mortgage companies are operating on the assumption that they will have to pay as much as $20 billion to resolve claims of widespread foreclosure abuse, an amount four times what they had originally proposed, the top federal official overseeing the discussions told state officials June 6, according to people who participated in the conversation. The associate U.S. Attorney General (AG) told a bipartisan group of state attorneys general during a conference call that he believes the banks have accepted the realization that a wide-ranging settlement to the months-long probes will cost them much more than the $5 billion offer they floated in May, according to officials with direct knowledge of the call. The assistant AG said he is basing his belief on his recent conversations with representatives of the five targeted firms: Bank of America, JPMorgan Chase, Wells Fargo, Citigroup, and Ally Financial. Source:

20. June 6, Reuters – (Ohio) ‘Mullet bandit’ robs another Ohio bank, his fourth in spree. The man federal authorities have nicknamed the “Mullet Bandit” robbed another bank in Ohio June 6, his fourth heist in the area over the past month. A man matching the description of the suspect entered the First Service Federal Credit Union on Holt Road in Columbus and handed an employee a note saying he was robbing the bank, had a gun, and wanted cash. As in previous holdups believed to be part of Mullet Bandit’s spree, the suspect was wearing large dark sunglasses and a Seattle Mariners baseball cap, and carrying a large black book bag. A man matching that description is wanted in three previous holdups in the Columbus area on May 5, May 18, and May 27. Source:

21. June 6, Fort Myers News-Press – (National) Sanibel man operated $16 million Ponzi ring, feds say. A Sanibel, Florida resident is in federal custody, accused of bilking $16 million from more than 100 investors in a Ponzi scheme spanning the past 4 years. He was preparing to board a flight May 31 to Bermuda when he was arrested. He is charged with conspiracy to commit mail and wire fraud, committing mail and wire fraud, and money laundering. “He had everyone believing he was a legitimate business manager,” said a Boca Raton attorney representing dozens of victims — 65 in Lakeland, 1 in Lee, 1 in Charlotte, 5 in California, 2 in Colorado and 1 each in Texas, Utah, Kentucky, Arkansas, Hawaii, and Ontario, Canada. Most of the victims, the attorney said, are between ages 65 and 90, with most investments ranging from $50,000 to $250,000. Officials said of the $20 million the the man and an accomplice collected, only about $4 million got invested or distributed. The remaining $16 million was spent solely for the personal enrichment of the pair. Source:|topnews|text|Home

Information Technology

43. June 7, Softpedia – (International) LulzSec leaks Sony Devnet source code. Lulz Security has hit Sony again, this time leaking source code corresponding to Sony’s Computer Entertainment Developer Network (SCE Devnet). In addition, the group also hacked into Sony BMG’s network. These latest attacks bring the number of Sony-related compromises credited to LulzSec to six. The hackers released a 54MB-large torrent containing a copy of the Sony Developer Network SVN repository on The Pirate Bay. At the same time, the group announced their sixth hack, which involves Sony BMG. Maps of the company’s internal network were released as proof of the compromise. The public availability of the devnet source code might create problems for Sony. In the past, devnet bugs allowed users to download paid games for free. Sony will also have to verify the integrity of the source code because it is likely the hackers also had write access to it, and might have left backdoors behind. Source:

44. June 6, IDG News Service – (International) After hack, RSA offers to replace SecureID tokens. In an acknowledgment of the severity of its recent computer compromise, RSA Security said June 6 that it will replace SecureID tokens for any customer that asks. Customers have been left wondering whether to trust RSA’s security tokens since March, when the company acknowledged it had been hacked and issued a vague warning to its customers. Then, 2 weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology. In a letter sent to customers June 6, RSA confirmed the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA’s executive chairman said in the letter. He said the company remains “highly confident in the RSA SecureID product,” but noted the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.” Source:

45. June 6, Computerworld – (International) Hackers exploit Flash bug in new attacks against Gmail users. Adobe confirmed June 6 that the Flash Player bug it patched June 5 is being used to steal log-in credentials of Google’s Gmail users. The vulnerability was in an “out-of-band,” or emergency update. The fix was the second in less than 4 weeks for Flash, and the fifth in 2011. A weekend patch is very unusual for Adobe. “We have reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an e-mail message,” an Adobe spokeswoman said. “The reports we received indicate that the current attacks are targeting Gmail specifically. However, we cannot assume that other Web mail providers may not be targeted as well.” According to Adobe’s advisory, the Flash vulnerability is a cross-site scripting bug. Source:

46. June 6, – (International) DroidKungFu malware discovered on Android platform. Computer researchers are warning Android users of another malware campaign targeted at the platform, which appears to circumnavigate traditional anti-virus filters. North Carolina State University researchers identified at least two applications in more than eight third-party app stores and forums based in China infected with the DroidKungFu malware. The malware mainly affects Android 2.2, exploiting two vulnerabilities to install a back door on a victim’s device which allows hackers to take complete control, according to a post on the university’s official blog. “Previously identified malware, such as DroidDream, has also taken advantage of these two vulnerabilities. But [the researchers] think DroidKungFu is different because, based on the early results of their research, it does a better job of avoiding detection by security software,” the blog noted. “And, while later versions of Android have patched these vulnerabilities, they are not entirely secure. The security patches severely limit DroidKungFu, but it is still able to collect some user data — such as a mobile phone device ID number — and send them to a remote site.” Source:

47. June 6, H Security – (International) VLC Media Player 1.1.10 fixes vulnerabilities. The VideoLAN project has announced the release of version 1.1.10 of its VLC media player, the free open source cross-platform multimedia player which supports a variety of audio and video formats. According to the developers, the eleventh release of the 1.1.x branch of VLC is a maintenance and security update that addresses several issues found in the previous update from mid-April. VLC 1.1.10 fixes several previously reported vulnerabilities in libmodplug, also known as the ModPlug XMMS Plugin, and addresses an integer overflow in the XSPF playlist demultiplexer. Other changes include the removal of FontCache building in the Freetype module, a rewrite of PulseAudio output on Linux/BSD, and various codec and translation updates. A number of Mac OS X interface and hotkey fixes have also been implemented. Source:

48. June 3, The Register – (International) Android app brings cookie stealing to unwashed masses. A developer has released an app for Android handsets that brings Web site credential stealing over smartphones into the script kiddie realm. FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication tokens sent over Facebook, Twitter, and other popular Web sites when users do not bother to use encrypted secure sockets layer (SSL) connections. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker’s device. Source:

49. June 2, inAudit – (International) Zeus variant targetting LinkedIn users. Computer security firm Trusteer has spotted a fraudulent e-mail containing a variant of Zeus trojan that targets LinkedIn users and downloads malware onto the device. Trusteer’s CEO said the malicious link is identical with the genuine link on LinkedIn “so it’s hard to notice that the first is fraudulent while the second is genuine.” “If you click the “Confirm that you know” link on the genuine e-mail, it takes you to LinkedIn’s Web site. However, if the same button is clicked on the fraudulent e-mail, it takes you to a malicious Web site that downloads malware onto your computer,” he said. The domain of the malicious site was registered a few days ago with an IP address that points to Russia, the Trusteer CEO added. The malicious server downloads malware to the victim’s computer using the BlackHole exploit kit, which has been made available for free. Source:

For more stories, see item 18 above in the Banking and Finance Sector

Communications Sector

50. June 7, The Register – (International) Skype hangs up on users yet again. Users around the world again experienced problems using Skype June 7. With seemingly identical problems in May, punters initially experienced frustration signing into the service before later reporting that the VoIP software had crashed on their machine. Skype played down the scope of the problem, which it blamed on a ““configuration problem,” in an update to its status page. It promised to resolve the snafu via an automatic update that would be in place within an hour or so. The symptoms of the latest glitch, at least, are identical to problems experienced across the VoIP network less than 2 weeks ago. Resolving the problem then involved deleting a file called “shared.xml” on users’ machines that had somehow been corrupted. Source:

51. June 6, Computerworld – (International) Hackers may try to disrupt World IPv6 Day. Hundreds of popular Web sites — including Google, Facebook, Yahoo and Bing — are participating in a 24-hour trial of a new Internet standard called IPv6 June 8, prompting worries that hackers will exploit weaknesses in this emerging technology. Dubbed World IPv6 Day, the trial runs from 8 p.m. June 7 to 7:59 p.m. June 8. Security experts were concerned that the 400-plus corporate, government and university Web sites that are participating in World IPv6 Day could be hit with distributed denial of service or other hacking attacks during the 24-hour trial. Source:

For more stories, see items 46 and 48 above in Information Technology

Tuesday, June 7, 2011

Complete DHS Daily Report for June 7, 2011

Daily Report

Top Stories

• According to the Associated Press, fire officials said June 6 that a massive wildfire in eastern Arizona that forced the evacuation of several mountain communities has grown to 301 square miles. (See item 62)

62. June 6, Associated Press – (Arizona; New Mexico) Arizona forest fire expands to 193,000 acres. A massive wildfire in eastern Arizona that forced the evacuation of several mountain communities has grown to 301 square miles, fire officials said June 6. Strong winds and low humidity were predicted at the Wallow fire, with a red flag warning from 10 a.m. to 8 p.m. The U.S. Forest Service said the blaze has burned nearly 193,000 acres since it started more than a week ago near Alpine. So far there is zero containment. About 2,300 firefighters were on the scene, including many from western states and as far away as New York, a fire information officer said. The Apache County sheriff’s office told people east of Alpine along U.S. Highway 180 to evacuate. Alpine itself has been under mandatory evacuation orders since June 2, along with Nutrioso and several lodges and camps in the scenic high country. Officials said several subdivisions close to the border with New Mexico were ordered emptied June 5. The fire and heavy smoke creating pea-soup visibility forced the closure of several area roads, including a 2-mile stretch of Highway 180 between Alpine and the New Mexico line. In Greer, which has fewer than 200 year-round residents, many people have voluntarily left. Fire officials said if the blaze comes within 2 miles of a containment line nearby, the town will be evacuated. Since the blaze started May 29, four summer rental cabins have been destroyed, the U.S. Forest Service said. No serious injuries have been reported. The fire is the state’s third-largest in its history. The state also was contending with another major wildfire, its fifth-largest, in far southeastern Arizona that threatened two communities. Air crews dumped water and retardant near the Methodist church camp as the 156-square-mile blaze burned around the evacuated camp in the Pine Canyon near Paradise. Paradise and East Whitetail Canyon were evacuated in advance, and the nearby Chiricahua National Monument was closed. Crews set backfires and kept the blaze from about a dozen occupied homes and vacation residences. Source:

• Associated Press reports that about 600 residents in southwest Iowa as well as federal dam officials were ordered June 5 to evacuate after the Missouri River breached a levee in Missouri. (See item 63)

63. June 5, Associated Press – (Iowa; Missouri) Missouri levee breach prompts evacuations in Iowa. About 600 residents in southwest Iowa were ordered June 5 to evacuate their homes after the Missouri River breached a levee across the border in Missouri. The evacuation covers nearly half of the town of Hamburg, a spokeswoman for the Iowa Department of Homeland Security and Emergency Management (IDHSEM) said. Residents, most of them on the south side of the city of 1,141, were told to get out within 24 hours. The U.S. Army Corps of Engineers reported a levee was breached June 5 south of Hamburg in Missouri’s Atchison County. A Corps spokesman said crews had been working June 4 on another issue near the breach and all workers were evacuated. The IDHSEM head characterized the breach as a “boil” — a leak that “shoots out like a small geyser” — that was 1 inch to 1.5 inches in diameter. Iowa sent a Blackhawk helicopter June 5 to drop roughly 1,000-pound sandbags on the levee, he said, adding it was too dangerous to use ground crews. It was not known how long the work would take. The emergency management director for Atchison County, Missouri, said another nearby levee had a similar break June 4, but she said crews were able to repair it. She said levees along the Missouri River have been weakened by the river’s recent high water levels. Source:


Banking and Finance Sector

13. June 6, Charleston Gazette – (West Virginia; South Carolina) Deputies arrest suspect in credit union robberies. Kanawha County, West Virginia sheriff’s deputies arrested a fugitive June 2 wanted in connection with three recent credit union robberies in West Virginia, and South Carolina. The man was wanted for robbery of a credit union in Berkeley County, South Carolina. Upon his arrest, the FBI was able to tie the man to two robberies in West Virginia: the May 26 robbery of the Pioneer Federal Credit Union in South Charleston, and the June 1 robbery of the Universal Federal Credit Union in Barboursville. Deputies used a Taser to subdue the suspect at a motel and place him in custody following a brief struggle. Source:

14. June 4, Amarillo Globe-News – (Texas; Natiional) Credit union says thieves did not breach network. Unauthorized purchases that caused dozens of people to lose thousands of dollars involved no hacking or network breach of any sort, officials with The People’s Federal Credit Union (PFCU) of Amarillo, Texas said June 3. The thieves who used Amarillo, Texas funds to make purchases during the Memorial Day weekend in California and other places combined publicly available bank identification numbers with randomly generated debit card numbers to create fake debit cards, PFCU’s marketing director said. The Amarillo Police Department, which has handed the case over to federal authorities in California, said June 3 that scams similar to the one that affected the Amarillo credit union hit 22 other institutions nationwide at the same time. The thieves tested the cards by first attempting to make small purchases or trying the numbers with online stores, the PFCU marketing director said. The credit union has about 8,000 debit-card holders, and 17,500 accounts. The credit union has yet to determine how much money was lost, but the reported charges per person ranged from a few hundred dollars to more than $1,000. So far, the credit union has attempted to protect members from further scams by requiring PINs for all transactions outside Texas, and denying signature requests made outside the state. Source:

15. June 4, Business Spectator – (International) AFP assisting in $540 million U.S. bank fraud case: report. The Australian federal police are assisting the United States in an alleged bank fraud case where online poker sites may have laundered $540 million via an Australian payments processor, according to Fairfax Media. The FBI alleges that Intabill, registered in the British Virgin Islands, processed a minimum of $543,210,092 worth of transactions for the poker companies Full Tilt, PokerStars, and Absolute Poker between mid-2007 and March 2009. Source:

16. June 3, Highland Park Patch – (Illinois) Local developers indicted in $15.7 million mortgage fraud scheme. Five defendants were indicted by the U.S. Justice Department (DOJ) June 2 after they allegedly engaged in a $15.7 million fraudulent loan scheme to finance the failed Center of the North Shore development in Northbrook, Illinois. According to the DOJ, three partners of the center, a title company executive, and a loan officer took out fraudulent loans to make interest payments on a $26.2 million loan to finance the development. The 517,000 square-foot mixed-use development, which was planned for 14 acres at Dundee Road and Skokie Boulevard, fell into foreclosure in October 2008. Two of the defendants were charged with two counts of wire fraud, one count of bank fraud, and one count of making a false statement to influence the action of a bank; a third was charged with two counts of wire fraud, and one count of bank fraud; a fourth was charged with seven counts of wire fraud, and one count of making a false statement to influence the action of a bank; and a fifth was charged with seven counts of wire fraud. In total, the conspirators were able to obtain $15.79 million from their fraudulent home mortgages, and a construction loan. The DOJ seeks forfeiture of $10 million from the five defendants. Source:

17. June 2, KPHO 5 Phoenix – (Arizona; National) Mortgage company hacked, admits security breach. Thousands of homeowners could be at risk for identity theft, after a major mortgage company was hacked. The Lending Company, based in Phoenix, Arizona said the security breach was akin to getting one’s Facebook account hacked, however, when a mortgage application is hacked, everything about one’s finances is wide open. The Lending Company does business in 12 states. A borrower contacted a Phoenix-area TV station in early June after receiving a letter from the lender, alerting him to the security breach. The company admitted its secure database was breached May 4, potentially putting at risk thousands of its customers. Lending Company officials refused to comment, saying only that so far, none of its customers or employees has reported identity theft. The company filed a report with Phoenix police. It said it has an idea who the culprit is behind the breach. Source:

Information Technology

48. June 6, threatpost – (International) Adobe ships emergency fix for Flash bug. Adobe has released an out-of-cycle update for Flash that fixes a serious vulnerability in the application on all platforms. The bug is a cross-site scripting flaw that can be used in drive-by download attacks and Adobe said it is currently being used in some targeted attacks. Adobe security officials said they first found out about the Flash vulnerability June 3, and the company was able to develop and release a fix for it June 5. The bug exists in Flash running on Windows, Mac OS X, Android, Linux, and Solaris. “An important vulnerability has been identified in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message,” Adobe said in its advisory. Source:

49. June 5, Associated Press – (International) Nintendo says U.S. server breached, no data lost. Nintendo was targeted in a recent online data attack, but no personal or company information was lost, the Japanese company said June 5. The server of an affiliate of Nintendo Co.’s U.S. unit was accessed unlawfully a few weeks ago, but there was no damage, according to a company spokesman. “There were no third-party victims,” he said, “but it is a fact there was some kind of possible hacking attack.” Lulz Security claimed credit for the Nintendo attack, posting what they said was a Nintendo server configuration file to the Web. Source:

50. June 4, Softpedia – (International) European Sony Website hacked. A breach on Sony’s European Web site was reported June 4. A hacker who goes by the name of Idahc claims to have obtained access to the database which contained the personal information of around 120 developers. Extracted data includes usernames, passwords, mobile phone numbers, e-mail addresses and, in some cases, Web sites. Even though the passwords were not stored in plain text, they were hashed with MD5, an algorithm that is known to be insecure. As a result, the hacker managed to recover and include most of them in his public data dump on Judging by the screenshot released by Idahc, the method of compromise was SQL injection, the same type of attack that led to the recent hacking of many Sony Web sites. Source:

51. June 3, Computerworld – (International) Acer server in Europe reportedly breached. Hacking group Pakistan Cyber Army (PCA) June 3 claimed it had broken into an Acer server in Europe and stolen personal data on about 40,000 people. The group said it also stole several pieces of source code stored on the compromised computer. News of the breach was first reported June 3 by The Hacker News (THN), which published screenshots showing samples of the allegedly compromised data, including names, e-mail addresses, phone numbers, and other information stored on the server. The director of media relations for Acer America said the company’s U.S. operations have no information on the breach. The company is trying to get a response to the PCA claims from its European officials, she added. The breach comes as Acer, the second-largest manufacturer of laptop computers in the world, faces increased scrutiny of its financial reporting practices. Source:

52. June 3, Computerworld – (International) Mac scareware gang, Apple trade blows yet again. Scareware makers again changed their fake security software scam June 3, while Apple issued the third signature update in as many days to combat the con. The newest version of what is generically called “MacDefender” appeared June 3, according to a pair of security companies. The phony antivirus program now goes by the name “MacShield,” the fifth title since the early-May appearance of the scheme. Apple in turn released another signature update June 3 to XProtect, the bare bones anti-malware tool tucked into Mac OS X 10.6 (Snow Leopard). According to logs on several Macs, Apple started pushing the update around 7 p.m. June 2 ET. The new signature was labeled “OSX.MacDefender.D” by Apple. Source:

53. June 3, The Register – (International) Notorious rootkit gets self-propagation powers. One of the most notorious rootkits acquired a self-propagating mechanism that could allow it to spread to new victims, a security researcher has warned. A new version of the TDSS rootkit, which also goes by the names Alureon and TDL4, is able to infect new machines using two separate methods, a Kaspersky Lab researcher said June 3. The first is by infecting removable media drives with a file that gets executed each time a computer connects to the device. The technique has been around for years and has been used by plenty of other computer worms, including the one known as Conficker. Other than using files with titles such as myporno.avi(dot)lnk and pornmovs(dot)lnk, there is nothing unusual about the way TDSS goes about doing this. The second method is to spread over local area networks by creating a rogue DHCP server and waiting for attached machines to request an IP address. When the malware finds a request, it responds with a valid address on the LAN and an address to a malicious DNS server under the control of the rootkit authors. The DNS server then redirects the targeted machine to malicious Webvpages. “After these manipulations, whenever the user tries to visit any web page, s/he will be redirected to the malicious server and prompted to update his/her web browser,” the researcher wrote. “The user will not be able to visit websites until sh/he agrees to install an ‘update.’ “ Source:

Communications Sector

54. June 6, GSMA Mobile Business Briefing – (International) Docomo network glitch hits 1.72M users. Japanese mobile market leader NTT Docomo said June 6 a mysterious network glitch was affecting up to 1.72 million mobile customers, making it difficult for them to make calls or send messages. According to a Dow Jones Newswires report, the fault was first registered the morning of June 6 Japanese time) in the greater Kanto region, which includes Tokyo. A Docomo spokesman said trouble at a facility that processes phone number information likely led to network connection problems, and that these problems caused people to make repeated attempts to call or send messages, exacerbating the situation by increasing the burden on base stations. Eight hours after the problem was flagged, the operator said on its Web site the situation was gradually improving. However, the spokesman said the firm was not sure when the situation would return to normal. The 1.72 million subscribers thought to be affected by the problem represent almost 3 percent of Docomo’s 58 million mobile customer base. Source: