Thursday, March 15, 2012

Complete DHS Daily Report for March 15, 2012

Daily Report

Top Stories

• A transformer explosion and fire knocked out power to over 10,000 homes and businesses in downtown Boston March 13 and 14. The explosion caused many buildings to evacuate, and streets and transit stations to close. – WHDH 7 Boston

1. March 14, WHDH 7 Boston – (Massachusetts) Transformer fire causes Back Bay black out. About 12,000 people remained without power March 14 a day after a 3-alarm fire broke out in a Back Bay utility building where a115,000-volt transformer exploded in Boston. The early evening March 13 fire from a substation that housed two transformers created a power outage in Boston that officials of utility NSTAR said they had not seen before because of the concentration of homes and businesses affected. The lights went out on several major thoroughfares and in commercial areas such as the Back Bay, Chinatown, the Theater District, and Kenmore Square. About 100 generators were brought into the city early the afternoon of March 14 to help customers get back online. Due to the outages, several private colleges, businesses, transit stations, and a Boston Public Library location were closed. About 21,000 customers were without electricity at the height of the outage. The Boston Fire Department said the transformer that caught fire was in a utility building next to the Sheraton Back Bay and Hilton Back Bay hotels, which were evacuated due to the heavy smoke and power outages. Source: http://www1.whdh.com/news/articles/local/12006937742125/3-alarm-transformer-fire-breaks-out-in-back-bay/

• Congressional auditors found that despite vast government expenditures, many hospitals had lax or improper security of medical radioactive materials that could be used to make a “dirty bomb.” – New York Times

8. March 14, New York Times – (National) Hospital audit finds radioactive materials unsecured. Congressional auditors found many hospitals with lax or improper security of medical radioactive materials, the New York Times reported March 14. In testimony prepared for delivery to a Senate panel, a Government Accountability Office (GAO) official planned to say that people with responsibility for security told the auditors that they were trained as physicists or radiation health technicians and were being told to enforce rules “that they did not believe they were fully qualified to interpret.” The materials, such as cesium 137, could be included in a device with conventional explosives to make a “dirty bomb.” There are about 1,500 hospitals and medical buildings that use radioactive materials, according to the Energy Department, which has spent about $96 million to secure them. Source: http://www.nytimes.com/2012/03/14/us/hospital-audit-finds-radioactive-materials-unsecured.html?_r=1

• A strange foam found in about 1 in 4 hog farms in the midwestern United States has led to at least 6 explosions since 2009. Experts said that there was little farmers could do about it. – Wired

22. March 13, Wired – (Midwest) Mysterious hog farm explosions stump scientists. A strange new growth has emerged from the manure pits of midwestern hog farms, and the results are literally explosive, Wired reported March 13. Since 2009, six farms have blown up after methane trapped in an unidentified, pit-topping foam caught a spark. In the afflicted region, the foam is found in roughly 1 in 4 hog farms. There is nothing farmers can do except be very careful. Researchers are not even sure what the foam is. “This has all started in the last 4 or 5 years. We don’t have any idea where it came from or how it got started,” said an agricultural engineer of the University of Minnesota. The pits are emptied each fall, after which waste builds up again. Methane is a natural byproduct, and is typically dispersed by fans before it reaches explosive levels. However, inside the foam’s bubbles, methane reaches levels of 60 to 70 percent, or more than 4 times what is considered dangerous. The foam can reach depths of more than 4 feet. Disturb the bubbles and enormous quantities of methane are released in a very short time. Add a spark — from, say, a bit of routine metal repair, as happened in a September 2011 accident that killed 1,500 hogs and injured a worker — and the barn will blow. The foam can appear in one barn but not another on a farm where every barn is operated identically. Once the foam is established, it keeps coming back, regardless of cleaning and decontamination efforts. However, though it is now common in southern Minnesota and northern Iowa, and in adjacent parts of northwestern Illinois and southwestern Wisconsin, the foam does not seem to be spreading outside that area. Source: http://www.wired.com/wiredscience/2012/03/hog-manure-foam/

• A suspect surrendered to police after shooting four people, killing at least one, outside a county courthouse in Beaumont, Texas, March 14. – MSNBC

27. March 14, MSNBC – (Texas) Woman shot dead outside courthouse. At least one person was shot dead by a man outside a county courthouse in Beaumont, Texas, local media reported March 14. An elderly woman was killed and at least three others were shot, including two rushed to the hospital with several gunshot wounds, KFDM 6 Beaumont reported. The shootings took place outside the courthouse, in the basement of the county clerk’s office, and at a bus station. The suspect reportedly surrendered to police after barricading himself in a building two blocks from the courthouse. A judge told KBMT 12 Beaumont the suspect is a man facing charges of having sexually assaulted his young daughter, who reportedly is mentally handicapped. He had been expected at a hearing the afternoon of March 14, the judge said. Source: http://usnews.msnbc.msn.com/_news/2012/03/14/10686555-woman-reportedly-shot-dead-outside-courthouse

• Police said a man was shot by a police officer after he stabbed four people — critically wounding three — in an attack near a Columbus, Ohio technical school. – Associated Press

28. March 14, Associated Press – (Ohio) Police: 4 stabbed at Ohio downtown office building. Police said a man stabbed four people in an attack that began near a Columbus, Ohio technical school and then was shot by a police officer as he left the downtown office building March 14. A Columbus police spokesman said the suspect confronted one victim inside the building near Miami-Jacobs Career College. He said other people inside intervened and took away one knife the suspect was using. The spokesman said those who intervened did not realize suspect had a second knife. Three male victims were in critical condition, while a fourth man has minor injuries. The suspect was in critical condition. A school spokesman said he did not know whether the victims were students or staff. Source: http://www.sacbee.com/2012/03/14/4337058/police-4-stabbed-at-ohio-downtown.html

Details

Banking and Finance Sector

10. March 14, Reuters – (New York) Banks to pay $25 million to NY state over mortgage system. Five major U.S. banks have agreed to pay $25 million to New York State over their use of an electronic mortgage database the state said resulted in deceptive and illegal practices that led to more than 13,000 foreclosures, Reuters reported March 14. JPMorgan Chase & Co., Bank of America Corp., and Wells Fargo & Co. each agreed to pay $5.9 million in order to partially settle a lawsuit over their use of the Mortgage Electronic Registration System (MERS). Two other banks, Citigroup Inc. and Ally Financial, also agreed to pay $5.9 million and $1.25 million respectively, although they were not named in the February 3 lawsuit. All five banks in February reached a settlement with 49 states and federal agencies to pay $25 billion to resolve government lawsuits over faulty foreclosures and the handling of requests for loan modification. In the New York settlement in February, none of the banks admitted nor denied the MERS allegations, the agreement said, a copy of which was obtained by Reuters March 13. In exchange for the $25 million, New York State agreed to drop some specific MERS claims. The state will use the money to address housing issues, such as mortgage defaults and foreclosures, and for further investigation and prosecutions. Source: http://news.yahoo.com/banks-pay-25-million-ny-state-over-mortgage-050724137.html

11. March 14, Orlando Sentinel – (Florida) Kissimmee credit union evacuated for suspicious smell. A St. Cloud, Florida credit union was declared safe March 14, shortly after a sickening odor prompted an evacuation. Two workers were treated after they inhaled the smell at The CFE Federal Credit Union. A St. Cloud police sergeant indicated all air samples taken by fire rescue and HAZMAT personnel came back negative. She said the building was cleared and turned over to CFE staff, noting the odor was possibly related to sewer gas from a dried up floor drain. Source: http://www.orlandosentinel.com/news/local/breakingnews/os-smell-evacuation-bank-st-cloud-20120314,0,6633889.story

12. March 13, U.S. Securities and Exchange Commission – (National) SEC charges three mortgage executives with fraudulent accounting maneuvers in midst of financial crisis. The U.S. Securities and Exchange Commission (SEC) charged the senior-most executives at formerly one of the nation’s largest mortgage companies March 13 with hiding the company’s deteriorating financial condition at the onset of the financial crisis. The plan backfired and the company lost 90 percent of its value in 2 weeks. The SEC alleges that Thornburg Mortgage Inc.’s chief executive officer (CEO), chief financial officer (CFO), and chief accounting officer schemed to fraudulently overstate the company’s income by more than $400 million and falsely record a profit rather than an actual loss for the fourth quarter in its 2007 annual report. Behind the scenes, Thornburg was facing a severe liquidity crisis and was unable to make on-time payments for substantial margin calls it received from its lenders. When Thornburg began to default on this new round of margin calls, it was forced to disclose its problems in 8-K filings with the SEC. By the time the company filed an amended annual report March 11, 2008, its stock price had collapsed by more than 90 percent. Thornburg never fully recovered and filed for bankruptcy May 1, 2009. The SEC’s complaint charges the executives with violations of the antifraud, deceit of auditors, reporting, record keeping, and internal controls provisions of the federal securities laws. The complaint seeks officer and director bars, disgorgement, and financial penalties. Source: http://www.sec.gov/news/press/2012/2012-42.htm

13. March 13, U.S. Commodity Futures Trading Commission – (National) CFTC charges Arjent Capital Markets LLC, Chicago Trading Managers LLC with commodity pool fraud. The U.S. Commodity Futures Trading Commission (CFTC) filed an enforcement action March 13 charging Arjent Capital Markets LLC (Arjent), Chicago Trading Managers LLC (CT Managers), and two individuals with defrauding commodity pool investors by knowingly or recklessly issuing false account statements for three separate commodity pools. The complaint, filed in a New York district court, alleges that beginning around June 2008 through at least November 2009, participants in the three commodity pools invested about $10.5 million. The defendants allegedly aggregated investors’ funds into a single account in Arjent’s name, the Arjent Trading Account (ATA), held at and cleared by a futures commission merchant (FCM) in New York. The defendants then assigned subaccounts of the ATA to the pools so the value of each depended on the overall value of the ATA. Some subaccounts carried negative balances and by June 2009, some had losses of millions of dollars, the complaint said. A statement provided by Arjent to the FCM in December 2009 allegedly disclosed Arjent had carried negative balances of about $6.8 million since October 2009. However, account statements provided to investors did not disclose these critical facts. By not disclosing the negative balances, the defendants fraudulently overstated the value of the subaccounts, creating the false impression the individual accounts were worth more than they actually were. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6207-12

14. March 13, U.S. Securities and Exchange Commission – (National) Court orders two officers of United American Ventures to pay $1 million penalties and $8.5 million in disgorgement in SEC case. The U.S. Securities and Exchange Commission (SEC) announced March 13 that a federal judge has ordered two current and former officers of United American Ventures, LLC to pay $2 million in civil penalties and to disgorge more than $8.5 million in ill-gotten profits in a securities fraud case. The SEC litigated the case beginning in June 14, 2010 when the agency charged four individuals, United American Ventures, LLC (UAV), and Integra Investment Group, LLC (Integra) with securities fraud. The complaint alleged UAV raised $10 million from at least 100 investors through the unregistered and fraudulent sale of convertible bonds. According to the complaint, two of the defendants founded UAV, with one acting as the company’s president from 2006 until 2009, when the other defendant took over as president of the company. A judge in federal court in New Mexico granted judgment in favor of the SEC March 2, finding the men and UAV jointly liable for disgorgement of $8,652,942 and prejudgment interest of $426,430. The court also assessed civil penalties of $1 million each against the men. The court also granted judgment in favor of the SEC finding the third defendant and Integra jointly liable for $284,039 in disgorgement, and the fourth defendant liable for $54,381 in disgorgement. It assessed a $130,000 civil penalty against the third defendant, and a $54,381 penalty against the fourth. Source: http://www.sec.gov/litigation/litreleases/2012/lr22286.htm

15. March 13, Reuters – (National) CIT Group offers to pay $75 million to end fraud lawsuit. CIT Group Inc. asked a federal judge March 13 to approve a $75 million settlement proposal with former CIT shareholders in a class-action securities fraud lawsuit over actions preceding the large commercial lender’s 2009 bankruptcy. The preliminary settlement, which was submitted to a Manhattan, New York federal court judge for approval, would put an end to a lawsuit brought on behalf of purchasers of CIT securities from December 12, 2006 to March 5, 2008. CIT once lent to 1 million small- and mid-sized businesses, but filed one of the five largest bankruptcies in U.S. history November 1, 2009, after loan losses surged. The deal calls for CIT to pay $75 million in cash to be distributed among class members. In refusing to dismiss the case 2 years ago, the judge said investors had sufficiently alleged they were misled. The plaintiffs accused CIT of failing to disclose a lowering of credit standards, misrepresenting the performance of subprime mortgage and student loan portfolios. CIT’s bankruptcy filing caused the government to lose the $2.3 billion in bailout money it had injected into CIT in December 2008. Source: http://www.reuters.com/article/2012/03/14/us-cit-lawsuit-idUSBRE82D02U20120314

For another story, see item 35 below in the Information Technology Sector

Information Technology

35. March 14, Help Net Security – (International) Fake online streaming service phishes and robs users. BitDefender researchers recently spotted a bogus online video player by the name of Web Player being offered to users searching for media players through Google. The player appears legitimate at first glance. During the installation process, it presents a EULA and information about its supposed developer, but once installed, it asks users to log in with an e-mail address and a password. Even though users do not have to share that data with the software to be able to “connect” to the video, it is probable many inexperienced ones do, thus allowing crooks to access their e-mail accounts. According to the researchers, no matter what data the victims type in, they are redirected towards an HTML page that allegedly offers a free-of-charge movie online player for many classic movies and new releases. The pages to which the users are taken change constantly, as they often get blocked by antivirus vendors. However, all require users to “register” with credit card data to watch the movies they want. As such, not only do the users get scammed to share their e-mail credentials, but also their credit card data. Source: http://www.net-security.org/malware_news.php?id=2033

36. March 14, H Security – (International) Microsoft closes critical RDP hole in Windows. Microsoft released six security bulletins to close seven holes. It said one of the bulletins (MS12-020), rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP). The first is a “critical-class” issue in RDP that could be exploited by an attacker to remotely execute arbitrary code. Although RDP is disabled by default, many users enable it so they can administer systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported by the Zero Day Initiative, Microsoft said it has yet to see any active attacks exploiting these in the wild, but warns, “due to the attractiveness of this vulnerability to attackers,” it anticipates “that an exploit for code execution will be developed in the next 30 days.” Because of this, the company said installing the updates should be a priority. However, as some customers “need time to evaluate and test all bulletins before applying them,” Microsoft also provided a workaround and a no-reboot “Fix it” tool that enables Network-Level Authentication to mitigate the problem. A second “moderate-class” denial-of-service that can cripple an RDP server was also fixed. Another vulnerability is fixed in bulletin MS12-018 which provides a patch for a privilege escalation issue in all versions of Windows that could allow a user with limited rights to run arbitrary code in kernel mode, that is, with system privileges. The vulnerability exists in the PostMessage function of the kernel-mode driver in win32k.sys. Microsoft’s bulletin MS12-019 addresses a denial of service vulnerability in DirectX’s DirectWrite where trying to render a particular sequence of Unicode characters can lock up an application; the bug affects Vista and later versions of Windows. Source: http://www.h-online.com/security/news/item/Microsoft-closes-critical-RDP-hole-in-Windows-1471581.html

37. March 13, Computerworld – (International) Mozilla nixes Firefox 11 delay, will launch upgrade today. March 12, Mozilla announced it was postponing the release of Firefox 11, but changed its mind March 13, saying the browser upgrade would go out on schedule. March 12, the senior director of Firefox engineering said Mozilla was delaying Firefox 11’s launch to examine a bug unveiled at the Pwn2Own hacking contest the week of March 5, and to give developers time to scrutinize Microsoft’s security updates, set to release March 13. Originally, he said the delay would be “a day or two.” March 13, he updated his post to a Mozilla blog confirming the upgrade would go out after all. As for Windows security updates released March 13 — which he acknowledged “interacted badly with [Mozilla’s] updates before” — the company was taking a different tack. “In order to understand the impacts of Microsoft’s ‘Patch Tuesday’ fixes, we will initially release Firefox for manual updates only,” he said March 13. “Once those impacts are understood, we’ll push automatic updates out to all of our users.” Firefox 11 will include the usual security patches. Source: http://www.computerworld.com/s/article/9225149/Mozilla_nixes_Firefox_11_delay_will_launch_upgrade_today?taxonomyId=17

38. March 13, Infosecurity – (International) Adobe ships patch for ColdFusion flaw that could lead to DoS attacks. Adobe released a Priority 2 security update for ColdFusion that fixes a vulnerability that puts users at risk for denial-of-service attacks. The flaw, which is rated “important,” affects ColdFusion 9.0.1 and earlier version for Windows, Mac, and UNIX. “This vulnerability could lead to a denial of service attack using a hash algorithm collision,” Adobe said in its security bulletin. The Priority 2 rating, part of the new advisory system introduced by Adobe in February, means the “update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits.” The “important” rating indicates the vulnerability, if exploited, “would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user’s computer.” Adobe provided a hotfix for the vulnerability and recommended that users of ColdFusion apply the patch within the next 30 days. Source: http://www.infosecurity-magazine.com/view/24510/

39. March 13, Threatpost – (International) Microsoft adds new exploit mitigations to IE 10. Microsoft’s new version of Internet Explorer (IE) 10 includes major changes to the exploit mitigations. In addition to the existing implementations of address space layout randomization (ASLR), DEP, and other technologies in Windows and IE, Microsoft included many new ones designed to further inhibit memory attacks. The biggest change in IE 10 is a technology called ForceASLR meant to help compensate for the fact not every application on Windows is compiled with the flag that opts them into ASLR. One of the main exploit mitigations Microsoft added to Windows in recent years, ASLR basically turns memory modules into moving targets for attackers, making it more difficult for them to locate payloads where they want. This made browser-based exploits more complicated, but it only works if developers compile their applications with a specific flag, called /DYNAMICBASE, set. The new ForceASLR technology helps fix that shortcoming by allowing IE to tell Windows to load every module in a random location, regardless of whether it was compiled with the /DYNAMICBASE flag. Microsoft security officials said this is among the more important additions it has made to the security of its browser and Windows machines. Source: http://threatpost.com/en_us/blogs/microsoft-adds-new-exploit-mitigations-ie-10-031312

40. March 13, Dark Reading – (International) Malicious proxies may become standard fare. A number of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network. Yet proxies are not just used by security companies, but by criminals as well. DNSChanger, which authorities shut down November 2011, used just such a strategy to reroute victims to custom advertisements and malicious installers. When the program compromised a system, it would replace the list of valid DNS servers with entries that pointed to servers controlled by the criminal operators, allowing the botnet owners to reroute victims’ Internet requests to any site. While DNSChanger itself did little damage with Internet traffic under the control of malicious actors, compromised systems quickly became laden with secondary infections. Source: http://www.darkreading.com/advanced-threats/167901091/security/client-security/232602543/

Communications Sector

See item 35 above in the Information Technology Sector

No comments: