Friday, July 15, 2011

Complete DHS Daily Report for July 15, 2011

Daily Report

Top Stories

• A Nuclear Regulatory Commission task force recommended tightened regulations and sweeping safety upgrades for the nation’s 104 nuclear reactors, the Washington Post reports. (See item 11)

11. July 13, Washington Post – (National) Tighter U.S. nuclear safety rules proposed. Calling existing nuclear safety rules a “patchwork,” a Nuclear Regulatory Commission (NRC) task force recommended tightened regulations and sweeping safety upgrades for the nation’s 104 nuclear reactors in a report July 13. If enacted, the proposed measures would constitute the biggest safety reforms for the industry since the NRC upgraded its rules after the September 11, 2001, terrorist attacks. The recommendations are the result of a 90-day assessment of the disaster at the Fukushima Daiichi nuclear plant in Japan. The report highlights several of the proposed rules: a requirement that nuclear power companies evaluate earthquake and flood hazards every 10 years and follow up with mitigation of any risks uncovered, more extensive disaster training for severe accidents, and enhanced plans and equipment to deal with a 72-hour loss of reactor cooling power. The spent fuel pools that store tons of still-radioactive fuel at many U.S. nuclear plants also drew the task force’s attention. It said U.S. nuclear plant operators should upgrade their pool monitoring and provide for emergency water pumping in case of emergency. The five NRC commissioners will discuss the report at a July 19 meeting. But a NRC spokesman cautioned there will be no immediate action. Many of the proposed rules — even if agreed upon by the commissioners — will require public input and formal federal rulemaking. The NRC continues to monitor Fukushima, and the task force will make additional, more detailed safety recommendations in another 3 months. Source:

• According to Stars and Stripes, more than a fifth of U.S. Navy ships fell short of combat readiness in the past 2 years, and fewer than half of the service’s deployed combat aircraft are ready for their mission at any given time, the chairman of a House Armed Services subcommittee said. (See item 14)

14. July 14, Stars and Stripes – (International) Navy facing ‘alarming’ deficiencies in combat readiness, lawmaker says. More than a fifth of U.S. Navy ships fell short of combat readiness in the past 2 years, and fewer than half of the service’s deployed combat aircraft are ready for their mission at any given time, according to the chairman of a the House Armed Services readiness subcommittee. With an ascendant threats at sea, and a potential $400 billion in Defense Department budget cuts over the next decade, the Navy is facing “glaring deficiencies that are nothing short of alarming,” the ranking member of the panel said at a hearing the week of July 11. The Navy’s deployed ships spend nearly 40 percent of their time under way with at least one major equipment or system failure, according to the chairman. Citing the Pentagon’s quarterly defense review submitted to Congress, the chairman said the fleet is suffering a nearly 16 percent backlog for aircraft and engines, fewer available spare parts, and more than $815 million in unfunded maintenance requirements. Source:


Banking and Finance Sector

15. July 13, Shelby Township Advisor & Source – (Michigan) Sterling Heights police search for men who carjacked armored van. The FBI and Sterling Heights, Michigan police were searching for two suspects accused of carjacking an armored vehicle July 8, and stealing thousands of dollars in cash, the Shelby Township Advisor & Source reported July 13. According to police, the robbery occurred around 9:20 a.m. in the parking lot of the Michigan Department of Treasury Building located at 41300 Dequindre Road in Sterling Heights. “The vehicle pulled up to the building and it was approached by two black males, one pointing a gun at the occupants,” the Sterling Heights police chief said. “They ordered the driver and passenger out, and stole the vehicle.” The employee got out, and the robbers drove away with the armored car. There were no injuries. The vehicle was found 1 hour later in a church parking lot on 18 Mile Road in Troy. Police said it is from Detroit security company Total Armor. Source:

16. July 13, Kansas City Business Journal – (Missouri) Five plead guilty in $11M mortgage fraud scheme in Kansas City area. Five co-defendants pleaded guilty July 12 in federal court related to an $11 million mortgage fraud scheme involving upscale Kansas City, Missouri-area homes. Each of the five defendants could face 5 years in federal prison without parole, a fine of $250,000, and a restitution order. Sentencing has not been scheduled. The scheme, which involved homes in cities such as Lee’s Summit, Blue Springs, Liberty, and Parkville, lasted from early 2005 until August 2006, bringing in inflated mortgage loans totaling more than $11.09 million through use of fraudulent loan applications, and supporting documents. Buyers got about $2 million in kickbacks without lenders’ knowledge, according to a release from a U.S. attorney for the Western District of Missouri. Fake invoices were used to cover up the kickbacks. One of the mortgage broker’s got $6.8 million in fraudulent loans for 10 properties, gaining fees and $50,336 in kickbacks. Another broker was involved in the purchase of eight properties, for which mortgage lenders approved about $5.1 million in loans that resulted in a loss of about $2.3 million. That broker’s business, Carole Colson Real Estate LLC, got $165,776 in commissions. Source:

17. July 13, Wall Street Journal – (North Carolina) N.C. man to pay $2 mln commodity scam settlement. A North Carolina resident will pay more than $2 million to settle charges he fraudulently solicited more than $3 million from investors in a commodity futures Ponzi scheme, according to the Commodity Futures Trading Commission (CTFC). The commission said the Charlotte, North Carolina man must pay $1.5 million in restitution to pool participants and a $500,000 civil penalty. He also is banned from any commodity-trading-related activity. He neither admitted nor denied the allegations, according to the CFTC. The commission alleged the man, from at least 2001 through 2008, used funds from 22 individual investors to trade options in a commodity pool, though he never had registered with the CFTC. He was accused of misrepresenting his past trading performance, misappropriating at least $1.5 million of the funds for personal use, and using participants funds to pay other investors. He also was accused of issuing misleading statements to investors to conceal trading losses. Source:

Information Technology Sector

39. July 14, Help Net Security – (International) Google+ related scams move to Facebook. Scammers continue to take advantage of the interest raised by the introduction of Google+ and have begun tricking Facebook users into giving them access to their accounts via a rogue application. Users are lured in by updates on their news feeds seemingly posted by their friends, which “like” the “Google+ - Get Invite” Facebook page. Clicking on the link gets users to the page, where the rogue app by the name “Google Plus - Direct Access” is linked. Clicking on the link initiates the request for permissions from the app. Once the permission is given, the victim is urged to “like” the page that propagates the app and is encouraged to send and invite to their friends to visit it — in the hope that they will fall more easily for the scam if a friend of theirs appears to be supporting it. At the end of the process, the user is redirected to the official Google+ homepage. However, if they try to sign-in, they are faced with the notice that the service currently exceeded capacity. Source:

40. July 14, Help Net Security – (International) Apache Tomcat security bypass vulnerability. A security issue and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS, according to Secunia. The security issue is caused due to Apache Tomcat not properly verifying sendfile request attributes when running under a security manager, which can be exploited by a malicious Web application to bypass intended restrictions and, for example, disclose local files. The vulnerability is caused due to Apache Tomcat not properly handling sendfile requests with invalid start and endpoints, which can be exploited to crash the JVM. Successful exploitation requires that a malicious Web application is deployed, and a security manager and the HTTP NIO or HTTP APR connector with enabled sendfile is used. Source:

41. July 14, The Register – (International) Sega forums still closed a month after mystery hack. Sega’s forum remains offline almost a month after its forums and other sites were hit by hacktivists, The Register reported July 14. Hackers broke into Sega’s systems and made off with user registration details, e-mail addresses, birth dates, and encrypted passwords of about 1.3 million users in June. No financial data was exposed by the hack, which was initially blamed on the hacking group LulzSec. The now defunct group denied involvement, even going so far as offering to track down the miscreants. Sega took the precaution June 16 of suspending its forums and other sites accessed via Sega Pass system while it beefed up security. This work remains ongoing almost a month later. A representative of Sega told The Register the sites remain offline for testing. No date has been set for restoration. Source:

42. July 14, H Security – (International) VLC Media Player vulnerable to heap overflow exploits. According to the VideoLAN project, VLC Media Player is susceptible to two heap overflow vulnerabilities in the Real Media and AVI file parsers. These holes, rated as “Highly critical” by security specialists at Secunia, could be exploited by an attacker to crash the player or possibly execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted malicious file. The vulnerabilities have been confirmed to affect the latest 1.1.10 release of VLC, from early June. According to the VLC developers, an upcoming maintenance and security update, VLC 1.1.11, will address these problems and introduce further stability fixes. Source:

43. July 13, Dark Reading – (International) Report: Sixty percent of users are running unpatched versions of Adobe. Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks, according to a report published July 13. In a study of its own antivirus users, Avast Software found 60.2 percent of those with Adobe Reader were running a vulnerable version of the program, and only 40 percent of users had the newest Adobe Reader X or were fully patched. One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old, the study said. Adobe Reader is the most popular PDF reader application, and is a frequent target for malware writers. More than 80 percent of Avast users run a version of Adobe Reader. Source:

44. July 13, Help Net Security – (International) Trend Micro Control Manager file disclosure vulnerability. A vulnerability in Trend Micro Control Manager can be exploited by malicious users to disclose sensitive information, according to Secunia. Input passed via the “module” parameter to WebApp/widget/proxy_request.php (when “sid” is set to “undefined” and “serverid”, “SORTFIELD”, “SELECTION”, and “WID” are set) is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also be affected. Source:

Communications Sector

45. July 14, The Register – (International) Voda femtocells open phones up to intercept. Security researchers claim to have uncovered a serious security hole in Vodafone’s mobile network. Security shortcomings in the femtocell technology supplied by the cell phone giant create a means to extract data that would allow hackers to intercept calls or impersonate users that connect through a compromised device, The Hacker’s Choice (THC) claims. Femtocells are home routers that use broadband connections to improve mobile coverage, allowing calls to be made indoors more easily. THC claims to have reverse-engineered the Sagem-manufactured kit, and discovered a way for any subscriber to use a femtocell. A second vulnerability creates a means for hackers to grab secret subscriber information from Vodafone (specifically IMSI — international mobile subscriber identity — data from Home Location Register and authentication systems). Because of this shortcoming, it is possible to turn a hacked femtocell into an interception device, the researchers claim. Access to a victim’s voicemail would also be possible. All these hacks would only work once a victim had been tricked into using a compromised base station, something that can happen automatically, but only over a short distance of around 50 meters from the device. The root cause of the problem is that the allegedly insecure base station kit is assigned functions normally restricted to carriers’ core network authentication systems. Source:

46. July 13, WSAV 3 Savannah – (Georgia) Comcast experiencing outage in several areas. Comcast said July 13 their engineers were working hard to fix an issue that knocked out cable to thousands of customers in Georgia. They said it seemed to be a fiber optic related issue. Comcast said they had no estimated time of return of service. Outages were reported on Wilmington Island, Bloomingdale, Southside, Hinesville, Long County, Bryan County, Savannah, Pooler, and Guyton. Source:

47. July 13, North Country Now – (New York) Telephone service disrupted throughout much of St. Lawrence County. Telephone service throughout St. Lawrence County, New York, was disrupted July 13, with many landline phones unable to receive or make calls. Slic Network Solutions and Nicholville Telephone officials said they and other phone service providers were “experiencing issues with calls outside of their own networks.” The situation only affected phone service, not e-mail and Internet service, they said. Slic and Nicholville Telephone said late in the afternoon of July 13 that they were working to restore services as quickly as possible. Source: