Thursday, February 16, 2012
Complete DHS Daily Report for February 16, 2012
Daily Report
Top Stories
• A United Nations panel is calling for tougher inspections and detailed labeling of air shipments of lithium batteries following incidents in which aircraft were destroyed when freight shipments burst into flames. – Bloomberg (See item 21)
21. February 15, Bloomberg – (International) Burning batteries are risk to jets. Label them, UN says. A United Nations (UN) panel is calling for tougher inspections and detailed labeling of air shipments of lithium batteries following two incidents in which aircraft were destroyed when freight shipments burst into flames. The Dangerous Goods Panel at the UN’s International Civil Aviation Organization (ICAO) agreed February 15 to the new standards, said the Air Line Pilots Association’s head of hazardous-materials handling issues. Without new rules, lithium batteries that can spontaneously combust were projected to destroy one U.S.- registered cargo jet every other year, according to a study commissioned by U.S. and Canadian aviation regulators. Shipments of the batteries that include those used in mobile phones, tablets, and laptop computers were suspected of contributing to two U.S. cargo-jet accidents since 2006. The Rechargeable Battery Association, which represents companies such as Apple and Panasonic, said in a statement the ICAO’s recommendations were a “reasonable compromise.” The Federal Aviation Administration barred passenger flights from carrying non-rechargeable lithium batteries in 2004 because they if they catch fire, flames cannot be stopped by cargo compartment extinguishers. Under the proposed ICAO rules, all lithium battery shipments must be labeled as hazardous material. Companies that want to ship batteries must train employees on how to handle them. Airlines such as United Airlines or FedEx Corp. would have to inspect shipments before loading and removing them from planes. Pilots would also be notified when lithium batteries are loaded. A UPS Boeing 747-400 that caught fire 22 minutes after it left Dubai September 3, 2010, was carrying more than 81,000 lithium batteries, states a preliminary report by the General Civil Aviation Authority of the United Arab Emirates. The jet crashed at a military base while pilots tried to make an emergency landing. Both pilots died. Source: http://www.chron.com/news/politics/article/Burning-batteries-are-risk-to-jets-Label-them-3322372.php
• The maker of best-selling anticancer drug Avastin warned that counterfeit copies of the drug lacking active ingredients were distributed to health care facilities throughout the United States. – Associated Press (See item 31)
31. February 14, Associated Press – (National) Roche warns of counterfeit Avastin in U.S. The maker of the best-selling anticancer drug Avastin is warning doctors and patients about counterfeit vials of the product distributed in the United States, the Associated Press reported February 14. Roche’s Genentech unit said the fake products do not contain the key ingredient in Avastin, which is used to treat cancers of the colon, lung, kidney, and brain. The company believes drugs labeled with the following lot numbers may be fake: B86017, B6011, and B6010. The counterfeit products do not have “Genentech” printed on their packaging, which appears on all FDA-approved cartons and vials. A spokeswoman said the counterfeit drug was distributed to health care facilities in the United States. The company is working with the Food and Drug Administration to track down the counterfeit vials and analyze their contents. It said it was alerted to the problem by foreign health regulators and believes the counterfeits were imported from abroad. Additionally, legitimate Avastin contains a six-digit lot number with no letters. All the text on the product’s packaging is in English. Source: http://yourlife.usatoday.com/health/story/2012-02-14/Roche-warns-of-counterfeit-Avastin-in-US/53096312/1
Details
Banking and Finance Sector
15. February 15, Bloomberg – (New York; International) Pentagon Capital must pay SEC $76.8 million for abusive trading. Pentagon Capital Management Plc, a closed United Kingdom hedge fund, was told by a judge February 14 to pay $76.8 million in a lawsuit filed in 2008 by the U.S. Securities and Exchange Commission (SEC) over allegedly abusive mutual fund trading. The U.S. district judge in Manhattan ruled the SEC proved its claim the hedge fund and its chief executive officer (CEO) engaged in a fraudulent scheme by making mutual fund trades after the 4 p.m. close of markets in New York. The judge ruled Pentagon Capital and its CEO must disgorge $38.4 million in improper profits. He imposed the same amount as an additional civil penalty. He ruled against the SEC’s claim Pentagon Capital committed fraud by making deceptive, rapid-fire transactions known as market-timed trades. Pentagon Capital said in 2008 it was closing and returning investors’ money because of the SEC investigation and civil suit.
16. February 14, Bloomberg – (New York; Kansas; International) Nasdaq, Bats sites attacked as trading systems unaffected. Nasdaq OMX Group Inc. and Bats Global Markets Inc., two of the three biggest operators of U.S. stock exchanges, said access to their Web sites was disrupted February 14 by attacks that flooded their systems with traffic. Both companies said their trading systems were unaffected. A spokesman for New York-based Nasdaq OMX and a spokeswoman for Lenexa, Kansas-based Bats confirmed the outages. For Nasdaq, its main Web page as well as nasdaqtrader.com, a market information site, were disrupted. NYSE Euronext, owner of the New York Stock Exchange, did not experience an outage, according to a spokesman. Nor did Direct Edge Holdings Inc., the fourth-largest U.S. exchange owner, a spokesman said. Source: http://www.bloomberg.com/news/2012-02-14/nasdaq-website-access-disrupted-as-trading-systems-unaffected.html
17. February 14, U.S. Federal Trade Commission – (National) FTC action leads to ban on alleged mortgage relief scammers who harmed thousands of consumers. At the request of the Federal Trade Commission (FTC), a U.S. district court February 14 put the mortgage relief business permanently off limits to marketers who allegedly charged thousands of consumers up to $2,600 each, based on bogus promises to provide loan modifications that would make mortgages more affordable. According to the FTC, the scheme caused consumer losses of nearly $19 million. All but two of the defendants settled with the agency, while the two other corporate defendants received default judgments. The FTC alleged the defendants used direct mail, the Internet, and telemarketing to target homeowners. The defendants typically asked for half of the fee up-front, falsely claiming a success rate of up to 100 percent, according to the complaint. They deceptively claimed they could prevent foreclosure, that they were affiliated with or approved by consumers’ lenders, and that they would refund consumers’ money if they failed to deliver promised services, according to the FTC. They told consumers not to contact lenders and to stop making mortgage payments, claiming that falling behind on payments would demonstrate hardship, the FTC alleged. The complaint charged U.S. Mortgage Funding, Inc., Debt Remedy Partners Inc., Lower My Debts.com LLC, and four individuals with violating the FTC Act and the FTC’s Telemarketing Sales Rule. The court orders ban all the defendants from providing mortgage and debt relief services and telemarketing. Source: http://www.ftc.gov/opa/2012/02/usmortgage.shtm
18. February 14, KLAS 8 Las Vegas – (Nevada; International) Former attorney guilty in scheme to hide income from IRS. A former lawyer and author pleaded guilty to felony conspiracy, tax, and identity theft charges in a scheme to help individuals hide their income and assets from the Internal Revenue Service (IRS) and other creditors, a Nevada U.S. attorney said February 14. He pleaded guilty to conspiracy to defraud the United States, aggravated identity theft, and attempt to evade or defeat taxes. He faces up to 12 years in prison and $750,000 in fines. The defendant and two accomplices were indicted in July 2011 for a scheme in which they allegedly made more than $60 million. The indictment alleged that from 1998 to 2006, the defendants enriched themselves through the sale of services and products designed to help individuals conceal assets from the IRS and creditors. The service allowed clients to place funds in bank accounts held in the names of nominees, and created and maintained domestic corporations and offshore international business firms with obscured ownership. The company allegedly sold a business opportunity training program to at least 1,000 people for about $10,000 each, created roughly 2,500 disguised ownership corporations in Nevada for $795 each, opened more than 900 disguised ownership corporate bank accounts, and prepared more than 400 fraudulent liens. One man allegedly received more than 180 corporate tax referrals from the company and prepared more than 400 tax returns. From 2003 to 2006, the company allegedly received more than $63 million in deposits, made more than $62 million in withdrawals through one of its bank accounts, and sent more than $11 million offshore. Source: http://www.8newsnow.com/story/16936671/former-attorney-guilty-in-scheme-to-hide-income-from-irs
For more stories, see items 37 and 41 below in the Information Technology Sector.
Information Technology
37. February 15, Computerworld – (International) Researchers crack online encryption system. An online encryption method widely used to protect banking, e-mail, e-commerce, and other sensitive Internet transactions is not as secure as assumed, according to a report issued by a team of U.S and European cryptanalysts. The researchers reviewed millions of public keys used by Web sites to encrypt online transactions and found a small but significant number to be vulnerable. In most cases, the problem had to do with the manner in which the keys were generated, according to the researchers. The numbers associated with the keys were not always as random as needed, the research showed. Therefore, the team concluded, attackers could use public keys to guess the corresponding private keys that are used to decrypt data — a scenario previously believed to be impossible. Source: http://www.computerworld.com/s/article/9224265/Researchers_crack_online_encryption_system?taxonomyId=17
38. February 15, H Security – (International) Shockwave Player critical holes closed. Adobe updated Shockwave Player on Windows and Mac OS X to version 11.6.4.634 after identifying nine critical vulnerabilities. The problems affect Shockwave Player 11.6.3.633 and all earlier versions on Windows and Mac OS X. Adobe recommend updating to the new release by downloading it from get.adobe.com/shockwave. To identify whether Shockwave Player is installed on a system, users should visit the test page on Adobe’s site. Most problems are in the Shockwave 3D Asset where seven memory corruption vulnerabilities could lead to code execution; these were all reported by a researcher from FortiGuard Labs. An eighth memory corruption issue and a heap overflow vulnerability, both of which could also lead to code execution, were reported by “instruder” of vulnhunt.com and bring the flaw tally up to nine. Source: http://www.h-online.com/security/news/item/Shockwave-Player-critical-holes-closed-1434644.html
39. February 15, H Security – (International) Microsoft’s Patch Tuesday fixes critical vulnerabilities. Microsoft released 9 bulletins to close 21 holes in its products February 14. Four of the bulletins close critical vulnerabilities in Windows, Internet Explorer, .NET, and Silverlight, including an issue in the Windows kernel-mode drivers that became publicly known in December 2011. The company advises those responsible for prioritizing update deployment to focus on critical patches for Internet Explorer and the C Runtime Library in Windows, as these could be exploited by an attacker to remotely execute arbitrary code. For an attack to be successful, a user must first visit a malicious Web page or open a specially crafted file. The other critical bulletins fix issues in .NET and Silverlight. Microsoft notes it has yet to see any active attacks exploiting these issues. Rated as “important,” the remaining five bulletins correct many remote code execution and privilege escalation issues. These include six vulnerabilities in SharePoint and the Ancillary Function Driver in Windows that could be used to allow elevation of privileges. Five holes in the Windows Color Control Panel, an issue in the Indeo Codec in Windows, and five problems in Visio Viewer — part of Microsoft Office — that could be used to remotely execute code were also closed. According to the latest reports, the updates to the Microsoft Windows Malicious Software Removal Tool (MSRT) and the company’s Forefront security products, which were released at the same time as Microsoft’s Patch Tuesday security updates, result in a false positive malware warning on google.com. Source: http://www.h-online.com/security/news/item/Microsoft-s-Patch-Tuesday-fixes-critical-vulnerabilities-Update-1434678.html
40. February 15, Softpedia – (International) Waledac Botnet returns, steals passwords and credentials. In 2010, Microsoft was able to terminate the activity of the Waledac botnet, which at the time was famous for being a large source of spam. However, Palo Alto Networks researchers came across a new variant which is not only used for spamming, but also for stealing sensitive data from infected devices. The new version was spotted February 2. Experts conclude it is still sending spam, but it can also steal passwords and authentication data, including credentials for FTP, POP3, SMTP. Besides this, Waledac also steals .dat files for FTP and BitCoin and uploads them to the botnet. By relying on their WildFire systems, which enable a firewall to capture unknown files and analyze them in a malware sandbox, Palo Alto Networks was able to identify how the new variant behaves. Given the confusion created around the Kelihos botnet that was declared resurrected by Kaspersky, only to be put to sleep again by Microsoft, the company emphasizes this is not the old botnet, but a new variant. Source: http://news.softpedia.com/news/Waledac-Botnet-Returns-Steals-Passwords-and-Credentials-253071.shtml
41. February 15, H Security – (International) Google Wallet PIN brute-forcing now without rooting. An attack on Google Wallet’s PIN protection — which required the phone be rooted so the the PIN information could be accessed — can be achieved on an un-rooted Android smartphone by using a Linux privilege escalation vulnerability. This is according to Zvelo, who found the original problem with the storage of the PIN used to protect the NFC-enabled wallet embedded in the Google Nexus. Rooting, it was pointed out, would usually mean all the data on the device was deleted in the process and Google advised users not to use Wallet on rooted devices. However, by exploiting a known Linux privilege vulnerability that exists in Android 4.0 and has proof of concept code available, it is possible to get root access to the device without deleting any data. Zvelo says this is enough to get access to the Google Wallet PIN data, which can be easily brute-forced as in their original attack. An attacker could also obtain the data and send it to a remote server where the PIN could be brute-forced even faster. Google announced it restored the provisioning service for pre-paid debit cards associated with Google Wallet NFC-enabled hardware. Google disabled the system after it was widely publicized it was possible to get access to the credit on the prepaid card. An attacker could reset the Google Wallet application data and restart the application, at which point they could enter a new PIN and reconnect the virtual pre-paid card associated with the device, giving access to any available credit on the pre-paid card. Source: http://www.h-online.com/security/news/item/Google-Wallet-PIN-brute-forcing-now-without-rooting-1434908.html
42. February 14, IDG News Service – (International) Mozilla to ask certificate authorities to revoke SSL-spying certificates. Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect secure sockets layer (SSL)-encrypted traffic for domain names they do not control. The plan, whose details are still being worked out, is Mozilla’s response to Trustwave’s recent claim the use of such certificates for SSL traffic management within corporate networks is a common practice. After a week of debating whether to punish Trustwave for violating its CA Certificate Policy, Mozilla decided to send a communication to all certificate authorities asking that they come clean about similar certificates and to revoke them. A grace period extended to CAs for the revocation of sub-CA certificates currently used for the inspection of SSL-encrypted traffic on corporate networks has not been decided, but according to the owner of Mozilla’s CA Certificates Module, a time frame of 2 or 3 months is being considered. After that, those caught with such a certificate would have their root keys removed from Mozilla’s products, and all certificates they ever signed would result in an error when opened in the browser. Source: http://www.computerworld.com/s/article/9224249/Mozilla_to_ask_certificate_authorities_to_revoke_SSL_spying_certificates?taxonomyId=17
43. February 13, Government Computer News – (International) Cyber criminals find new way to exploit old Office hole. Cyberattackers found a new way to take advantage of an old Microsoft Office hole. Symantec researchers noticed a specially crafted trojan that exploits a previously patched vulnerability. The attack occurs when a user opens up an e-mail that contains a Microsoft Word file with a malicious Dynamic Link Library file (DLL). “The exploit makes use of an ActiveX control embedded in a Word document file,” a researcher at Symantec said. “When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library.” He said once this flaw is exploited, an attacker is free to load up an infected system with malware. He also advises that if a user sees an e-mail attachment with the file name ftutlsat.dll, proceed with caution. An e-mail with this type of attachment should be easy to spot, according to the researcher. The exploit, recently seen in the wild by the security firm, was previously fixed by Microsoft in September’s Security Update, bulletin MS11-073. The researcher warns that because the bulletin was only classified as “important” by Microsoft, it might have been overlooked. Source: http://gcn.com/articles/2012/02/10/trojan-exploits-unpatched-office-vulnerability.aspx
For another story, see item 44 below in the Communications Sector.
Communications Sector
44. February 15, DavidsonNews.net – (North Carolina) Damaged cable slows internet for MI-Connection users. MI-Connection Communications System Internet customers in North Carolina have faced slowdowns over the past few days because of a damaged cable belonging to one of MI-Connection’s network providers, DavidsonNews.net reported February 15. MI-Connection said it has “re-routed” traffic to alternate circuits, which is affecting streaming media, including YouTube, Netflix, and other applications. It wasn’t clear when full service might be restored. MI-Connection’s chief executive officer (CEO) said February 15 that it could be another day before workers repair the cable. MI-Connection’s provider is XO Communications. The problem emerged February 12, when XO notified MI-Connection of the problem. XO apparently did not have a backup line or re-routing in place. It sent a crew to begin repairs later Feburary 12, MI-Connection’s CEO said. MI-Connection lost about half its available network capacity, or bandwidth, in the incident. MI-Connection has about 10,300 Internet customers in north Mecklenburg and south Iredell. Source: http://davidsonnews.net/blog/2012/02/15/damaged-cable-slows-internet-for-mi-connection-users/
For another story, see item 41 above in the Information Technology Sector
No comments:
Post a Comment