Friday, June 29, 2012

Complete DHS Daily Report for June 29, 2012

Daily Report

Top Stories

• United Technologies Corp and two of its subsidiaries sold China software enabling Chinese authorities to develop and produce their first modern military attack helicopter, U.S. authorities said. – Reuters

16. June 28, Reuters – (National; International) United Technologies sent military copter tech to China. United Technologies Corp and two of its subsidiaries sold China software enabling Chinese authorities to develop and produce their first modern military attack helicopter, U.S. authorities said June 28. At a federal court hearing in Bridgeport, Connecticut, United Technologies and its two subsidiaries, Pratt & Whitney Canada and Hamilton Sundstrand Corp, agreed to pay more than $75 million to the U.S. government to settle criminal and administrative charges related to the sales. As part of the settlement, Pratt & Whitney Canada agreed to plead guilty to two federal criminal charges — violating a U.S. export control law and making false statements. The charges were in connection with the export to China of U.S.-origin military software used in Pratt & Whitney Canada engines, which was used to test and develop the new Z-10 helicopter. Also as part of the deal, United Technologies and Hamilton Sundstrand admitted to making false statements to the U.S. government about the illegal exports. Hamilton Sundstrand and Pratt & Whitney Canada also admitted they failed to make timely disclosures, required by regulations, to the U.S. State Department about the exports. Source: http://www.reuters.com/article/2012/06/28/us-usa-china-helicopters-idUSBRE85R1AG20120628

• Prosecutors said the brother of the leader of a massive Ponzi scheme will plead guilty June 29 to conspiracy and falsifying records and will forfeit $143 billion, for his role in a massive fraud that destroyed the savings of thousands of investors. – Associated Press See item 20 below in the Banking and Finance Sector

• Eight screeners at Newark Liberty International Airport in New Jersey were fired June 27 after they were caught on video sleeping on the job or failing to follow standard operating procedures for screening checked bags. – WNBC 4 New York

21. June 28, WNBC 4 New York – (New Jersey) 8 TSA workers fired after caught sleeping, not following procedure. Eight screeners at Newark Liberty International Airport in Newark, New Jersey, were fired June 27 after they were caught on video sleeping on the job or failing to follow standard operating procedures for screening checked bags, authorities said. The workers were all transportation security officers who worked in a bag room at Terminal B, the Transportation Security Administration said. They will not be allowed to work again for the agency. The firings are part of an investigation into security operations at Newark following a series of security breaches there in early 2011. The airport’s federal security director was replaced in April 2011. Source: http://overheadbin.msnbc.msn.com/_news/2012/06/28/12456682-8-tsa-workers-fired-after-caught-sleeping-not-following-procedure?lite

• The FBI has joined local Colorado authorities in investigating reports an arsonist may have set a wildfire that had burned more than 18,000 acres, destroyed hundreds of homes and other structures, and forced tens of thousands of people to evacuate. – CNN

56. June 28, CNN – (Colorado) Calmer winds may aid Colorado firefighters in epic battle. Calming winds could help Colorado firefighters gain ground June 28 on a wildfire that has burned more than 18,000 acres and chased 36,000 people from their homes near Colorado Springs. However, the Waldo Canyon Fire is only 5 percent contained, and it could be mid-July before it is fully under control, according to the U.S. Forest Service. Still June 28 brought some respite to crews stymied by erratic winds. The incident commander said he expected a much larger percentage of the fire contained by the end of June 28. Officials said they had not completed an inventory of homes and other structures lost or damaged by the fire. The U.S. President will travel to the Colorado Springs area June 29 to survey the damage and thank responders, the White House said. The Denver office of the FBI joined local authorities in investigating reports that the fire may have been set. The fire captured attention because of its proximity to landmarks such as Pikes Peak, the Air Force Academy, and Colorado Springs, a city of about 400,000, the State’s second largest. The Flying W Ranch, a Western-style tourist attraction in Colorado Springs, burned to the ground. Colorado wildfires had consumed 181,426 acres by June 27, according to the Colorado Division of Emergency Management. The largest of the fires was the High Park Fire, which began June 9 and has now consumed 87,284 acres, the U.S. Forest Service said. It was 75 percent contained June 27. The total number of homes burned stood at 257. An estimated $33.5 million has been spent trying to contain the fire. Source: http://www.cnn.com/2012/06/28/us/western-wildfires/index.html?hpt=hp_t1

Details

Banking and Finance Sector

18. June 27, Reuters – (International) U.S. bars business with four in Hezbollah laundering link. The U.S. Treasury Department June 27 banned Americans from doing business with three Lebanese-Venezuelans and a Lebanese man it accused of helping to launder drug money to the benefit of the Lebanon-based Hezbollah militant group. It also designated one Colombian-Lebanese man as a global terrorist for his involvement with Hezbollah fund-raising. The action freezes any assets the man may have in the United States and also bars Americans from doing business with him. The Treasury Department said that the group of men involved with money laundering were linked to a Lebanese drug kingpin who was indicted in December 2011 by a U.S. federal grand jury in Virginia on charges of aiding Mexican drug cartels. Source: http://www.reuters.com/article/2012/06/27/us-usa-lebanon-drugs-idUSBRE85Q1N120120627

19. June 27, Associated Press – (National) SEC files fraud charges against hedge fund manager. Federal regulators are suing a hedge fund manager and his firm, Harbinger Capital Partners, accusing him of civil fraud for using fund money to pay his taxes and favoring some fund customers at the expense of others, the Associated Press reported June 27. The Securities and Exchange Commission (SEC) also said the manager manipulated bond prices. The SEC is seeking to ban him from serving as an officer or director of any public company, along with unspecified penalties and restitution. The agency said that from 2006 through early 2008, the manager manipulated the market for high-yield, high-risk bonds issued by a company named Maax Holdings Inc. Using two of Harbinger’s funds, he bought up large amounts of the bonds to shrink the supply on the market and drive up prices, the suit alleges. The SEC also said the manager and Harbinger secretly gave “certain strategically important investors” in the fund the right to cash out of their holdings. In exchange, the favored investors gave him and the fund permission to bar the other investors from being able to cash out, according to the SEC. Source: http://www.google.com/hostednews/ap/article/ALeqM5jZNJoZ70HzGBo6aP5SQ3STsU3PNA?docId=cc07afa8f5634adfacb514eb03148473

20. June 27, Associated Press – (National) Ponzi scheme leader’s brother to admit guilt in multibillion-dollar fraud. The brother of the leader of a massive Ponzi scheme will plead guilty June 29 to conspiracy and falsifying records, admitting his role in the multibillion-dollar fraud that destroyed the savings of thousands of investors, prosecutors told a judge June 27. The former chief compliance officer at the private investment arm of the Ponzi leader’s business agreed to serve a decade in prison, they said. He also agreed to the criminal forfeiture of $143 billion, including all of his real estate and personal property. The $143 billion, representing the amount of money believed to have flowed through the business accounts when he was part of the multi-decade Ponzi scheme, was included in a criminal forfeiture agreement. Court papers signed by a federal judge in New York showed the man, who had worked with his brother since 1965, will plead guilty to two criminal counts, admitting his role in a conspiracy to commit securities fraud, falsify records of an investment adviser, falsify records of a broker dealer, make false filings with the Securities and Exchange Commission, commit mail fraud, and obstruct the Internal Revenue Service. Source: http://www.usatoday.com/money/industries/brokerage/story/2012-06-27/madoff-brother-to-plead-guilty/55868496/1

For another story, see item 47 below in the Information Technology Sector

Information Technology Sector

45. June 28, Softpedia – (International) Citadel trojan upgraded to prevent virtual machine analysis. S21sec experts detected two major improvements implemented by malware authors for the Citadel trojan. Its encryption algorithm is changed, but it was also fitted with a mechanism that detects if it is executed inside a virtual machine or a sandbox. The enhancements were already seen in the wild, but they were also advertised on a Russian underground forum. The anti-emulator function is described as being able to protect the botnet against those who might want to perform reverse engineering on them. When the malware is executed, it checks to see if it is run inside applications such as CWSandbox, VMware, or Virtualbox. If it detects their presence, it does not remove itself and it does not stop from working. Instead, it begins to operate in a surreptitious manner. The trojan creates a fake domain name and attempts to connect to it. This strategy should fool the researchers into believing that the command and control (C&C) server cannot be reached and that the bot is dead. By closing all the processes related to VMware, such as vmwareuser.exe and vmwaretray.exe, experts forced the malware to begin working normally and to connect to the real C&C server. Source: http://news.softpedia.com/news/Citadel-Trojan-Upgraded-to-Prevent-Virtual-Machine-Analysis-278073.shtml

46. June 27, H Security – (International) RSA says that its tokens are secure. After a significantly improved attack on cryptographic hardware was recently reported, an RSA official said the affected SecurID 800 token is secure. The token was not cracked, and the attack is not useful, he explained, adding the attack does not allow private RSA keys to be extracted from the token. The attack does not affect tokens for creating one-time passwords. It affects multi-purpose devices with USB connections that, like smartcards, offer key and certificate storage and are capable of encrypting/decrypting data. RSA emphasized the described attack is not a new one; it is based on a well-known problem and only greatly accelerates previously existing attacks. Even the researchers themselves state the private RSA key on a token used to encrypt a message cannot be compromised using this attack. Source: http://www.h-online.com/security/news/item/RSA-says-that-its-tokens-are-secure-1627326.html

47. June 27, Infosecurity – (International) New Zitmo variant has improved functionality, better disguise. A new variant of the Zitmo malware, a mobile version of Zeus, was spotted with improved functionality and a better disguise, according to security firm Damballa. The Zitmo (Zeus in the mobile) malware has been infecting smartphones for several years. It began by infecting smartphones with the Symbian operating system, then switched to Android in 2011 when Symbian lost favor with consumers. Zitmo is used by cybercriminals in tandem with the traditional Zeus keylogging malware on PCs to steal the victim’s banking credentials and ultimately the victim’s money. Zitmo is used to intercept two-factor authentication that banks use to validate the identity of the account holder when logging in. This new variant improves Zitmo’s injection vectors, social engineering techniques, money mule methods, and infrastructure protection. The group behind the variant is the FourStreetAvengers (aka ZiMo_GroupA), Damballa explained. Source: http://www.infosecurity-magazine.com/view/26606/

48. June 27, Threatpost – (International) New crimeware bot Zemra behind DDoS attacks. Zemra, a new crimeware bot that shares traits with the banking trojans Zeus and SpyEye, has been making the rounds lately, according to a recent post on Symantec’s Security Response blog. In the post, a Symantec researcher claims Zemra has been seen executing distributed denial-of-service (DDoS) attacks against organizations and aiming to extort funds as of late. Like Zeus and SpyEye before it, Zemra’s Web-based command and control panel is hosted on a remote server, allowing it to distribute commands to vulnerable computers. The bot is also capable of dynamically updating itself, monitoring devices, downloading and executing binary files, and spreading through USB devices, among other functions, Symantec said. Source: http://threatpost.com/en_us/blogs/new-crimeware-bot-zemra-behind-ddos-attacks-062712

49. June 27, ZDNet – (International) BlackHole exploit kit experimenting with ‘pseudo-random domains’ feature. According to security researchers from Symantec, the author of the market leading BlackHole Web malware exploitation kit is experimenting with a new feature offered as a trial to selected customers of his kit. Based on their analysis, the kit’s author is experimenting with a pseudo-random client-side exploits serving domain feature. The security researchers were able to decode the algorithm and are currently able to anticipate the exact domains to be registered at a future date, and consequently block access to them. Source: http://www.zdnet.com/blog/security/blackhole-exploit-kit-experimenting-with-pseudo-random-domains-feature/12593

50. June 26, Dark Reading – (International) New forensics method may nab insider thieves. One of the biggest challenges of forensics investigations into insider theft is that the markers computer forensics investigators use to detect most attacks are typically not present in insider cases where an employee or other authorized user has legitimate access to sensitive data. In July at Black Hat USA in Las Vegas, a presenter will introduce a new methodology that compares normal file access patterns against patterns present when files are copied to detect when insiders copy data inappropriately. Typically, said the presenter, most forensics investigations today depend upon what are called artifacts, which are essentially the markers left on a machine that leave an evidence trail. At its root, the idea behind his method is to compare the relatively random and chaotic time-of-access file usage statistics of a typical user’s machine to the orderly patterns in time-of-access made by a machine when a user makes a wholesale copy of many files at once. Source: http://www.darkreading.com/insider-threat/167801100/security/news/240002768/

For more stories, see items 16 above in Top Stories and 51 and 52 below in the Communications Sector

Communications Sector

51. June 28, Associated Press – (National) Comcast agrees to pay $800K in settlement with FCC. Comcast Corp. has reached a settlement with federal regulators under which it will pay the government $800,000 and offer a broadband Internet access option to customers who do not subscribe to the cable company’s video cable services. The Federal Communications Commission (FCC) said June 27 that Comcast agreed to take those and other steps as part of a consent decree to settle an investigation by the agency into the company’s compliance with conditions of its NBCUniversal acquisition, which was completed in January 2011. Comcast, the nation’s largest cable TV company, bought a controlling interest in NBCUniversal after the FCC and the Justice Department approved the deal with conditions following a year-long review. One of the conditions called on Comcast to offer stand-alone broadband Internet access services at reasonable prices and with sufficient bandwidth to customers who don’t pay to get Comcast’s cable TV service. The agency launched an investigation after it received information suggesting that Comcast was not adequately marketing the service. Source: http://www.boston.com/business/technology/2012/06/27/comcast-agrees-pay-settlement-with-fcc/mtuIwk8m9nYp8T4YpnxH3K/story.html

52. June 27, CNET – (International) Latest hacker dump looks like Comcast, AT&T data. A group of hackers posted to the Web June 27 data that appears to include Comcast employee names, ages and salaries, as well as e-mails and passwords associated with AT&T VoIP service accounts. Proclaiming the kickoff of “#WikiBoatWednesday ... when all the members from @TheWikiBoat fight corruption, leak data, and bring down websites,” the hackers released the data in two different posts to the Pastebin Web site. One of the Twitter handles used by the group is @AnonymousWiki but the connection to the larger, decentralized collective known as “Anonymous” is unclear. As with many data dumps, it is unclear whether the data is what the hackers claim it is, whether it is current, who actually stole it, and how. Source: http://news.cnet.com/8301-1009_3-57462403-83/latest-hacker-dump-looks-like-comcast-at-t-data/

For another story, see item 47 above in the Information Technology Sector

Thursday, June 28, 2012

Complete DHS Daily Report for June 28, 2012

Daily Report

Top Stories

• Barclays and its subsidiaries agreed to pay more than $400 million to settle charges it tried to manipulate key global interest rates tied to all manner of loans and investments for 4 years. – Associated Press See item 6 below in the Banking and Finance Sector

• An international cyber sting led by the FBI attracted criminals from four continents looking to buy and sell stolen credit card numbers, bank information, and drivers licenses online. The sting led to 24 arrests. – ABC News See item 10 below in the Banking and Finance Sector

• The governors of Wisconsin and Minnesota declared states of emergency in response to heavy flooding that caused tens of millions in damage to roads, public infrastructure, and homes. – Reuters

13. June 27, Reuters – (Wisconsin; Minnesota) Governor declares state of emergency in Wisconsin flooding. The governor of Wisconsin declared a state of emergency June 26 for three counties in the northwest corner of the State after heavy rain caused flooding. Some roads remain underwater from the heavy rain of 3-5 inches that fell across northwestern Wisconsin June 19 and 20, causing damage to roads, culverts, and other public infrastructure of more than $2.5 million. The state of emergency covers Douglas, Ashland, and Bayfield counties. The governor also directed all State agencies to assist the area in the cleanup and recovery effort. Three people died in Clark County to the south when vehicles entered a ravine created where a road washed out. The governor of Minnesota declared a state of emergency late the week of June 18 for the northeastern part of the State where up to 10 inches of rain fell in some spots. Hundreds of residents in northeastern Minnesota were forced from their homes because of flooding that ripped up dozens of roads and caused mudslides and sinkholes. June 21, Duluth's mayor said damage was estimated at up to $80 million to the city's public infrastructure alone. Source: http://in.reuters.com/article/2012/06/27/weather-midwest-floodsidINL2E8HQKP820120627

• An explosive wildfire doubled in size and moved into residential area of Colorado Springs, Colorado, a city of about 400,000. The fire chased 32,000 people from homes and forced the evacuation of the U.S. Air Force Academy campus. It was just one of several huge fires burning in Colorado and Utah. – CNN

44. June 27, CNN – (Colorado; Utah) Colorado fire of 'epic proportions' roars into neighborhoods. Fueled by winds and dry conditions, a wildfire doubled in size and moved down foothills, razing residential areas of Colorado Springs, Colorado, June 27. The Waldo Canyon Fire engulfed 15,517 acres, with only 5 percent contained, and forced 32,000 people to flee their homes, said the incident commander. The 1,000 firefighters braced for predicted thunderstorms that could worsen the situation. The storms bring strong winds that can gust unpredictably. Winds gusting to 65 mph through mountain canyons blew the wildfire through containment lines. The flames came dangerously close to the U.S. Air Force Academy campus. An evacuation order was issued for about 700 residents in its Pine Valley Housing and 1,400 in Douglass Valley Housing, a public affairs officer said. The academy's powered flight, glider, and parachuting operations were called off since June 23 so the U.S. Forest Service could use runways for helicopters used to fight fires. Colorado Springs set a record high of 101F June 26 as firefighters contended with conditions, including ash falling on highways and neighborhoods. Meanwhile, a new fire in Boulder prompted preevacuation notices to 2,300 phone numbers. Six other wildfires were active in the State, according to the Colorado Division of Emergency Management. The largest of the fires was the High Park Fire, which began June 9 and consumed 87,284 acres, the U.S. Forest Service said. It was 65 percent contained June 27. The total number of homes lost rose to 257. An estimated $33.1 million has been spent trying to contain it. A large section of Utah was under a red-flag warning, with three wildfires burning June 26. Authorities said they found the body of one person after they entered the evacuated areas of the Wood Hollow Fire, about 30 miles south of Provo. The Federal Emergency Management Agency was providing funds to help fight that fire, which has grown to 46,190 acres since starting June 23. Containment was 15 percent. Source: http://www.cnn.com/2012/06/27/us/western-wildfires/index.html?hpt=hp_t1

Details

Banking and Finance Sector

6. June 27, Associated Press – (International) Barclays will pay $400M for manipulating interest rates. Barclays and its subsidiaries agreed to pay more than $400 million to settle charges it tried to manipulate key global interest rates, the Associated Press reported June 27. The rates affect the costs of hundreds of trillions of dollars in loans and investments such as bonds, auto loans, and derivatives. The U.S. Commodity Futures Trading Commission (CFTC) said the incidents occurred between 2005 and 2009 and sometimes took place daily. The CFTC said Barclays senior management and multiple traders were involved, and they coordinated with traders at other banks to make false submissions. The falsified data was used in determining the London interbank offered rate (LIBOR) and Euribor rates, which influence many other interest rates. Barclays' settlement with the CFTC includes a $200 million civil penalty. Britain's financial services authority levied a fine of $92.7 million, the biggest fine ever imposed by the British regulator. Barclays also agreed to pay $160 million as part of an agreement with the fraud section of the Justice Department's criminal unit on a related matter. Source: http://www.usatoday.com/money/industries/banking/story/2012-06-27/barclays-penalty/55854212/1

7. June 27, Associated Press – (National) 2 plead guilty to skimming IDs for fake cards. A Bulgarian man and a Florida woman pleaded guilty in Birmingham, Alabama, to skimming bank customers' identification at ATMs across the south and using the information to create more than 300 counterfeit credit and debit cards, the Associated Press reported June 27. Federal officials said the two pleaded guilty to bank fraud, possession of counterfeit cards, and aggravated identity theft. Prosecutors said the fraud cost the Bank of America more than $862,000, which the two must repay. Hoover, Alabama police arrested the two in May 2011 as they attempted to place a camouflaged skimmer on a bank ATM. They recovered $50,000 in cash and skimmer equipment from their hotel room. Prosecutors said the two were working with a group that placed skimmers in Alabama, North Carolina, Florida, Virginia, Tennessee, and South

Carolina. Source: http://www.sfgate.com/news/article/2-plead-guilty-to-skimming-IDs-for-fakecards- 3665986.php

8. June 27, Reuters – (International) U.S. files lawsuit against Wyndham over data breach. U.S. regulators filed a complaint against Wyndham Worldwide Corp and three subsidiaries June 26, alleging that a failure by the hospitality company to safeguard consumers' personal information led to more than $10 million lost to fraud. The Federal Trade Commission (FTC) said repeated failures to secure consumer data led to hundreds of thousands of consumers' payment card information being exported to an Internet domain address registered in Russia. Wyndham operates several hotel brands, including the value-oriented Days Inn and Super 8. In its complaint, the FTC said fraudulent charges on Wyndham's consumer accounts totaled more than $10.6 million following three data breaches in less than 2 years. The breaches occurred in April 2008, March 2009, and in late 2009, it said. A vice president for investor relations at Wyndham said the company offered affected customers credit-monitoring services while also strengthening its security systems. Wyndham was unaware of any customers losing money because of the breach, he said. Source: http://www.reuters.com/article/2012/06/27/uk-ftc-wyndhamidUSLNE85Q01Q20120627

9. June 26, San Jose Mercury News – (California) Los Gatos developer, two others indicted on charges related to mortgage fraud. A Los Gatos, California developer, his nephew, and a real estate broker were indicted by a federal grand jury on charges of bank fraud, conspiracy, and making false statements to financial institutions related to the sale of homes in a Salinas subdivision. The indictment alleges the developer and his nephew built the homes and then sold them to low-income home buyers who they knew would not be able to afford them. The indictment said the suspects falsified loan documents to secure financing, and when a dozen homes went into foreclosure, the prices plummeted from the 2006 sale price. According to the U.S. Department of Justice, the family members made more than $4.5 million through the sales, while the broker got $230,000. The banks lost more than $5.5 million. Source: http://www.mercurynews.com/los-gatos/ci_20944864/los-gatos-developer-twoothers-indicted-charges-related

10. June 26, ABC News – (International) Largest cyber sting in history nabs 24 on four continents. An international cyber sting led by the FBI attracted criminals from around the world and led to 24 arrests in what is believed to be a multi-million online financial fraud case, ABC News reported June 26. Eleven people were arrested in the United States, and another 13 were taken into custody by foreign law enforcement officials. Officials called the sting the largest coordinated international police action in history targeting cyber crime. The cyber sting used a Web site created by federal law enforcement officials as the spider web that lured in the alleged criminals. It was dubbed "Operation Card Shop," officials said. The alleged fraudsters could buy and sell stolen credit card numbers, drivers licenses, and bank information on the Web site, as well as discuss general hacking techniques. Agents then identified the suspects and fanned out across four continents to make the arrests. The actions were the result of a 2-year undercover operation led by the FBI. Source: http://abcnews.go.com/Business/largest-cyber-sting-history-nabs-24-continents/story?id=16653993#.T-sjIpFgrNO

11. June 26, U.S. Securities and Exchange Commission – (National) SEC charges founder of equity research firm with insider trading. The Securities and Exchange Commission (SEC) June 26 charged the owner of the California-based equity research firm Insight Research with insider trading. The SEC alleged that from 2006 through 2009, the owner frequently traded in the securities of Abaxis, Inc. based on inside information he received from a close relative employed at Abaxis. He repeatedly traded for himself in advance of the company’s quarterly earnings announcements while in possession of key data in those announcements, reaping approximately $145,000 in illicit profits. In addition to trading in his own account, the SEC alleged he passed the inside data to New York-based Barai Capital Management and Boston-based Sonar Capital Management. The two hedge fund managers — who collectively were paying Insight Research tens of thousands of dollars each month — traded Abaxis securities based on the inside information he provided and reaped more than $7.2 million in illicit gains for their hedge funds. Source: http://www.sec.gov/news/press/2012/2012-121.htm

For more stories, see items 37 below in the Information Technology Sector and 42below in the Communications Sector

Information Technology Sector

36. June 27, Threatpost – (International) Researcher warns of security hole in KeePass password manager. A researcher from Vulnerability Lab said in an e-mail to Threatpost that he discovered a hole in a software filter and validation feature in KeePass Password Manager up to and including v1.22. If exploited, the hole would enable an attacker with access to a machine running the KeePass software to inject malicious script by passing the html/xml export feature a specially crafted file. The security hole is rated "medium" — a reflection of the need for attackers to obtain local access to a vulnerable system, and fool users into taking certain actions to import malicious content without noticing that it is malicious. The researcher said the vulnerability is remote exploitable. Source: http://threatpost.com/en_us/blogs/researcher-warns-security-hole-keepasspassword-manager-062712

37. June 27, Help Net Security – (International) Customized webinjects for Zeus and SpyEye Trojans on sale. Criminals are selling customized webinjects that are priced per feature. For example, one seller offers a webinject for Zeus/SpyEye that contains the automatic transfer system. Initially, criminals used malware-based pricing for selling webinjects. In this model, webinjects were developed for specific malware platforms such as Zeus and SpyEye, and priced per platform. Certain platforms commanded a higher price for webinjects. This pricing system was followed with bulk pricing, where criminals offered discounts for large orders, as well as geography-based pricing, where webinjects costs were determined by the location of the target they were designed to attack. That was followed by production cost pricing, where sellers offered cheaper pre-made webinjects and charged a premium for custom webinjects. The new pricing strategy Trusteer discovered charges for webinjects based on specific features requested and user information they are designed to steal. In one advertisement they came across, the criminal offers to develop webinjects for any malware platform (e.g., SpyEye, Zeus, Ice IX) and target specified by the buyer. Source: http://www.net-security.org/malware_news.php?id=2163&utm

38. June 27, IDG News Service – (International) Gunmen drive into Microsoft's Greece headquarters, set van on fire. Armed men drove a stolen van loaded with gas canisters into the Microsoft Greece headquarters in Athens June 27 and set it on fire, causing damage to the building. "The Microsoft building in Athens, Greece, was attacked by assailants who drove a van through the entrance to the building, ushered the two security personnel out of the building, and then set the van on fire," a Microsoft spokeswoman said. The stolen van was packed with gas canisters and other cans of flammable materials, but no one was injured, local news media reports said. The attack occurred around 4 a.m. Athens time, and the gunmen escaped. Microsoft has more than 150 permanent employees in Greece, according to its Web site. The Microsoft office was closed and the counterterrorism unit of the Greek national police launched an investigation. The reasons behind the attack were not immediately clear. Source:

http://www.computerworld.com/s/article/9228564/Gunmen_drive_into_Microsoft_39_s_Greece_headquarters_set_van_on_fire?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&ut

39. June 27, H Security – (International) Chrome 20 closes 23 security holes. Google closed 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser's sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) were also fixed. Chrome 20 also includes the latest version of Adobe's Flash Player on Linux, using the new cross-platform Pepper API. In testing at the H, it was confirmed the Flash Player support also works on 64-bit Linux systems. Source: http://www.h-online.com/security/news/item/Chrome-20-closes-23-securityholes-1627112.html

40. June 26, Infosecurity – (International) ICS-CERT identifies more security gaps for internet-accessible control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned about additional vulnerabilities to industrial controls systems that are Internet accessible. "ICS-CERT has recently become aware of multiple systems with default usernames and passwords that are accessible via the internet. These systems have not been configured securely with common best practices such as being placed behind a firewall or changing documented default credentials," the security update said. The systems include the Echelon i.LON product — deployed in motors, pumps, valves, sensors, and other control devices — which contains a default username and password. In addition, ICS-CERT warned that certain industrial control systems have weak authentication mechanisms, which are often difficult to fix because passwords often cannot be changed by the user to protect the system. These products include ClearSCADA, Siemens Simatic HMI, and RuggedCom.

Source: http://www.infosecurity-magazine.com/view/26603/icscert-identifies-moresecurity-gaps-for-internetaccessible-control-systems/

For more stories, see items 8 and 10 in the Banking and Finance Sector

Communications Sector

41. June 27, Asbury Park Press – (New Jersey) Cops charge man with discharging fire extinguisher, setting off evacuation of Point Pleasant Beach hotel. June 25, police arrested a man who they said caused a mass evacuation after he discharged a dry chemical fire extinguisher inside a hotel in Point Pleasant Beach, New Jersey. He was charged with causing false public alarm and possession of cocaine. According to a detective, he discharged the fire extinguisher on the third floor of the White Sands hotel. That set off the fire alarms in the hotel, and when police responded, the haze caused by the dry fire extinguisher appeared to be smoke, he said. Police began the evacuation as a precaution. Five fire departments also responded, according to the criminal complaint filed against the defendant. Source: http://www.app.com/article/20120626/NJNEWS/306260064/Cops-chargeman-discharging-fire-extinguisher-setting-off-evacuation-Point-Pleasant-Beachhotel?odyssey=nav|head&nclick_check=1

42. June 25, Boston Globe – (National) Rising sea level a threat in East, study says. The seas along the East Coast from North Carolina to New England are rising three to four times faster than the global average, and coastal cities, utilities, beaches, and wetlands are increasingly vulnerable to flooding, especially from storm surges, according to a U.S. Geological Survey study published June 24. "Cities in the hot spot, like Norfolk, New York, and Boston, already experience damaging floods during relatively lowintensity storms," said the lead author of the study in the journal Nature Climate Change. In Boston, officials began mapping low-lying areas and critical systems that are most likely to be inundated. The maps show that if sea levels rise just 2.5 feet, it could take little more than a Nor’easter to put much of the financial district underwater. The Boston Water and Sewer Commission will begin inspecting hundreds of miles of sewers, storm drain connections, pumping stations, and other utility systems this summer to assess what needs to be done to protect them from rising seas. Some major institutions such as the New England Aquarium already took action to protect their buildings. "As we get further along with climate change, buildings in the city like the aquarium are going to have to look at anywhere water can penetrate," said its chief executive. "People are going to have to think about whether they need sandbags or automatic devices to close off their buildings during storms or high tides. They’re also going to have to think about drainage and how to divert water."

Source: http://articles.boston.com/2012-06-25/metro/32393729_1_sea-levels-powerfulstorms-storm-surges

43. June 25, WTXF 29 Philadelphia – (New Jersey; Pennsylvania) Police report Splash World scare arrest. June 25, New Jersey State Police said a Cumberland County, Pennsylvania man was responsible for a scare at an amusement park in Clementon, New Jersey. Some 5,000 people had to evacuate Splash World when the suspect called in a threat the week of June 18. State police said he also called in a bomb threat to Cumberland Regional High School in Pennsylvania in early June. Source: http://www.myfoxphilly.com/story/18875768/police-report-splash-worldscare-arrest

For more stories, see items 12 and 13 in the Banking and Finance Sector