Tuesday, July 31, 2012 

Daily Report

Top Stories

• By the week of July 23, more than 63 percent of the contiguous United States was considered in moderate to exceptional drought. Specifically, 1,369 counties across 31 States were declared drought-disaster areas. The drought, the most severe since the 1950s, is expected to cost at least $12 billion. – Ag Professional

21. July 27, Ag Professional – (National) Drought expanding rapidly, now covers 63 percent of U.S. The week of July 23, the U.S. Department of Agriculture’s Drought Monitor to showed the largest 1-week jump in extreme drought growth during the report’s 12-year history. Nationally, drought conditions grew for the 10th consecutive week. More than 63 percent of the contiguous United States were considered in moderate to exceptional drought. Specifically, 1,369 counties across 31 States were declared drought-disaster areas. “We’ve seen tremendous intensification of drought through Illinois, Iowa, Missouri, Indiana, Arkansas, Kansas and Nebraska, and into part of Wyoming and South Dakota in the last week,” the author of the Drought Monitor said. The Weather Channel noted that the growth of extreme drought in the country expanded this week by 219,000 miles, an area slightly larger than the States of California and New York combined. The percentage of the continental U.S. in severe to exceptional drought set a new high for the second week straight. The drought, the most severe since the 1950s, is expected to cost at least $12 billion. Source: http://www.agprofessional.com/news/Drought-expanding-rapidly-now-covers-61-of-US---163874336.html

• French security firm Intego discovered a new Mac Trojan horse the week of July 23 that is being used to target specific individuals. The Trojan, dubbed “Crisis” by Intego — a Mac-only antivirus developer — and called “Morcut” by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers, and Skype. – Computerworld View 41 below in the Information Technology Sector

• Police in Missouri investigating bomb threats that triggered evacuations and searches for dangerous devices at eight Walmart stores in Missouri and two store locations in Kansas, said they have the phone number from at least one of the calls that was made between July 27 and July 29. – ABC News

50. July 30, ABC News – (Missouri; Kansas) Police believe Walmart bomb threats are connected. Police in Missouri investigating bomb threats that triggered evacuations and searches for dangerous devices at 10 Walmart stores said they have the phone number from at least one of the calls that was made between July 27 and July 29. In total eight stores across Missouri received bomb threats, while two more store locations, in Kansas, also received similar calls. No devices were found at any of the stores. Walmart locations in Jefferson City, Nixa, Ozark, Raytown, Gladstone, and Fredericktown in Missouri, and in Leavenworth and Lawrence, Kansas, were shut down due to bomb threats. In each case, the caller said explosive devices were on the premises. Source: http://abcnews.go.com/US/police-walmart-bomb-threats-connected/story?id=16884459#.UBZ7rqAbamg

• About 60 million gallons of water is leaking through the 101-year-old Peterson Dam in Las Vegas, New Mexico, each year. Consultants recommended that the dam, responsible for holding the city’s water supply, be raised to provide more than 391 million gallons of storage, a project estimated at $20 million. – Associated Press; Las Vegas Optic

57. July 27, Associated Press; Las Vegas Optic – (New Mexico) 101-year-old northern NM dam on brink of failure. About 60 million gallons of water is leaking through the 101-year-old Peterson Dam in Las Vegas, New Mexico, each year, the Associated Press reported July 27. Consultants recommended that the dam, responsible for holding the city’s water supply, be raised to provide more than 391 million gallons of additional storage, a project estimated at $20 million. Its current capacity is 211 acre-feet, or 68 million gallons — a small fraction of the water the city uses in a year. The governor of New Mexico said she would make the dam’s repair a priority in the next legislative session with a proposed $2 million in funding, the Las Vegas Optic reported. The dam is a symbol of the city’s dilapidated water infrastructure, but officials said the entire system needs an overhaul. The city already is planning stark water rate increases to fund improvement projects that go beyond the dam and could cost $120 million over 40 years. Rebuilding the dam will take at least 2 years. In the meantime, the city will undergo a project in October to recapture most of the leaking water and pump it back into the water system. The city and the federal government have reached an agreement to let 5 percent of the water leak through the dam to maintain a wetland that serves as a habitat for the Southwestern willow flycatcher. Source: http://www.alamogordonews.com/ci_21173910/101-year-old-northern-nm-dam-brink-failure


Banking and Finance Sector

7. July 28, Ogden Standard-Examiner – (National) Bucket List Bandit hits N.C. bank, now wanted in 5 states. The ‘Bucket List Bandit’ was named as a suspect in a July 20 robbery at a Bank of America in Winston-Salem, North Carolina, the Roy, Utah police chief said July 27. Based on security camera photos, the robber wore identical clothing in both heists. The Bucket List Bandit is also suspected of robbing Chase Bank branches in Arvada, Colorado, June 21, and Flagstaff, Arizona, June 27, as well as the Pocatello Ireland Bank in Pocatello, Utah, July 6, according to the FBI. Source: http://www.standard.net/stories/2012/07/27/bucket-list-bandit-hits-nc-bank-now-wanted-5-states

8. July 27, WFXT 25 Boston – (Rhode Island; Massachusetts) ‘Bearded Bandit’ believed to have robbed bank in RI. The man known to the FBI as the “Bearded Bandit” was believed to have robbed a bank in Barrington, Rhode Island, July 26. He was also suspected in four bank robberies in Rhode Island and Massachusetts. A FBI special agent said that in each robbery the bearded man tells the teller he has a weapon, talks on his cell phone, and leaves when he has the money. Source: http://www.myfoxboston.com/story/19133244/bearded-bandit-believed-to-have-robbed-bank-in-ri

9. July 27, Associated Press – (National; International) German fugitive sought for $100 million financial fraud scheme arrested in Vegas. Federal officials said a German man sought for five years in a more than $100 million financial fraud scheme was arrested in Las Vegas, the Associated Press reported July 27. U.S. Immigration and Customs Enforcement officials said the man was arrested July 25 on a U.S. immigration violation. He was in custody pending his transfer to Germany. The man is accused of using false names, and of using a company in Cape Coral, Florida, to defraud investors in a pyramid scheme. U.S. Marshall found the man living in Nevada under one of his false names. Source: http://www.foxnews.com/us/2012/07/27/german-fugitive-sought-for-100-million-financial-fraud-scheme-arrested-in-vegas/

Information Technology Sector

39. July 30, Help Net Security – (International) 1,500 severe security events detected on Black Hat WLAN. The WLAN network at Black Hat was accessed by 3,155 attendees with a maximum of 904 simultaneous clients detected and quickly contained a total of 1,561 severe independent security events. These events included more than 280 rouge access points (AP) — with some rogue APs attempting to impersonate the official event network. Other wireless attacks that were detected included Block ACK DoS attacks, Power Save DoS attacks, Deauth Broadcast, AP Spoofing, and “Hotspotter” attacks. The network also detected some malicious fragmentation-based attacks from the wired side, which were all contained very quickly. The network, which covered a 200,000 square foot facility, consisted of 23 mesh point Aruba AP-134 APs and 16 mesh portal Aruba AP-134 APs. The 16 mesh portal APs were wired into the hotel’s infrastructure. Also included in the network were an Aruba 3600 Mobility Controller and an Aruba S3500 Mobility Access Switch. Source: http://www.net-security.org/secworld.php?id=13339&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

40. July 29, IDG News Service – (International) Researcher creates proof-of-concept malware that infects BIOS, network cards. A security researcher created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer’s Basic Input Output System (BIOS), and can compromise the operating system at boot time without leaving traces on the hard drive. Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS, however, it differentiates itself from similar threats by using new tricks to achieve persistency and evade detection. Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy. Rakshasa was built with open source software. It replaces the vendor-supplied BIOS with a combination of Coreboot and SeaBIOS, alternatives that work on a variety of motherboards from different manufacturers, and also writes an open source network boot firmware called iPXE to the computer’s network card. All of these components have been modified so they do not display anything that could give their presence away during the booting process. Coreboot even supports custom splashscreens that can mimic the ones of the replaced BIOSes. The only way to get rid of the malware is to shut down the computer and manually reflash every peripheral, a method that is impractical for most users because it requires specialized equipment and advanced knowledge. Source: http://www.networkworld.com/news/2012/072912-researcher-creates-proof-of-concept-malware-that-261243.html?source=nww_rss

41. July 27, Computerworld – (International) New Mac Trojan hints at ties to high-priced commercial hacking toolkit. French security firm Intego discovered a new Mac Trojan horse the week of July 23 that is being used to target specific individuals, Computerworld reported July 27. The Trojan, dubbed “Crisis” by Intego — a Mac-only antivirus developer — and called “Morcut” by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers, and Skype. According to Intego, which published an initial analysis July 24, and has followed up with more information, Crisis sports code that points to a connection with an Italian firm that sells a $245,000 espionage toolkit to national intelligence and law enforcement agencies. The malware tries to hide from security software by installing a rootkit, and also monkeys with OS X’s Activity Monitor — a utility bundled with the operating system that displays the working processes and how much memory each is consuming — as another lay-low tactic. Once on a Mac, Crisis monitors Adium and MSN Messenger, a pair of instant messaging clients; Skype; and the Safari and Firefox browsers. It captures a variety of content transmitted by those programs, including audio from Skype, messages from Adium and MSN Messenger, and URLs from the browsers. It also can turn on the Mac’s built-in webcam and microphone to watch and listen, take snapshots of the current Safari and Firefox screens, record keystrokes, and steal contacts from the machine’s address book. The French firm pegged Crisis as “a very advanced and fully-functional threat,” in part because of signs that some of the malware’s code originated with commercial spying software. Source: http://www.computerworld.com/s/article/9229725/New_Mac_Trojan_hints_at_ties_to_high_priced_commercial_hacking_toolkit?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&

42. July 27, Threatpost – (International) Study: SQL attacks jump 69 percent in recent months. The number of SQL attacks jumped by nearly two thirds earlier in 2012, according to cloud hosting firm FireHost who recorded over 450,000 blocked SQL injection attacks between the first and second quarter. According to a report in ComputerWeekly, the firm claimed the week of July 23 that it protected its users from 17 million cyber attacks from April to June 2012. 469,983 of those attacks were SQL injections, up from 277,770 attacks earlier this year, a 69 percent jump. While security statistics have an intrinsic ebb and flow to them, FireHost’s numbers mark a spike. In this year’s X-Force Trend and Risk Report, IBM noted a 46 percent drop in SQL injections in 2011 while a study by WhiteHat Security earlier this year noted the number of SQL injections in sites was also decreasing. After analyzing 7,000 websites, the firm found that only 11 percent of the sites contained SQL injection vulnerabilities while only 4 percent of the sites carried at least one SQL injection flaw compared to the overall vulnerability population. Source: http://threatpost.com/en_us/blogs/study-sql-attacks-jump-69-percent-year-072712

43. July 27, IDG News Service – (International) Twitter suffers malware spam outbreak. A widespread spam attack linking to malware has broken out on Twitter, according to the security firm Sophos. The malicious tweets often read “It’s you on photo?” or “It’s about you?” The tweets and URLs often include a user’s Twitter handle. Many of the links Sophos discovered have a .RU domain name. “The attack itself is very simple, relying on people’s natural curiosity about anything they think mentions them. Including the target’s Twitter username in the link is an added hook to reel people in,” the head of Sophos’ U.S. labs, said in a statement. The links in the spammed tweets lead to a Trojan that ultimately redirects users to Russian Web sites containing the Blackhole exploit kit, Sophos said. The Blackhole exploit kit first emerged in 2010, and its use is widespread. The version of the kit being promoted on Twitter targets vulnerabilities in Adobe Reader and Shockwave Flash, according to Sophos. Source: http://www.computerworld.com/s/article/9229733/Twitter_suffers_malware_spam_outbreak

Communications Sector

44. July 30, CNET Asia – (International) Text messages and tweets blamed for Olympic TV coverage hiccups. Overwhelming text messages and tweets by hundreds of thousands of fans in London, England, had apparently disrupted the Olympics coverage of the recent men’s cycling road race, CNET Asia reported July 30. According to the International Olympics Committee (IOC), this sudden surge in data had resulted in a network outage, blocking GPS navigation information of the cyclists from reaching the Olympics commentators covering the event. The issue was attributed to oversubscription of a particular network, added an IOC spokesperson. Olympics fans in London have also been told not to send non-urgent text messages and tweets to mitigate this problem. Source: http://asia.cnet.com/text-messages-and-tweets-blamed-for-olympic-tv-coverage-hiccups-62218171.htm

45. July 29, WIBW 13 Topeka – (Kansas) Crews working on phone outage in Osage County. Phone services were down in Osage County, Kansas, July 29, after a backhoe operator cut one of the company’s fiberoptic cables. A CenturyLink spokeswoman told WIBW 13 Topeka the backhoe operator cut a fiberoptic cable between Alma and Alta Vista. She said the outage affected communities in Osage County, Wabaunsee County, and Coffey County. The Wabaunsee County sheriff’s office also released a statement, “Wabaunsee County is experiencing widespread telephone outage. Incoming and outgoing long-distance has been interrupted, as well as 911 telephone coverage.” Source: http://www.wibw.com/home/localnews/headlines/Crews-Working-On-Phone-Outage-In-Osage-County-164210156.html

46. July 27, Maysville Ledger Independent – (Kentucky) Communications slammed by storms. Storms that rolled through Kentucky July 26 and July 27, left some area residents without electricity and others with limited phone service. Lightning caused most of the problems, said the Mason County, Kentucky emergency manager. “It knocked out some phones and local television,” he said. According to the Germantown fire chief, access to Bracken County 9-1-1 dispatch from land-based phone lines was affected by the storms for a time. Callers to the non-emergency number for Bracken County 9-1-1 also continued to get a busy signal through the afternoon of July 27. In Robertson County, phone service to the courthouse annex was not working. Residents also reported phone outages in Mount Olivet and Piqua July 27. Source: http://www.maysville-online.com/news/local/communications-slammed-by-storms/article_1f6e4933-2e30-5977-b990-378d77366c86.html

47. July 27, Casper Star-Tribune – (Wyoming) FCC slaps Casper radio station owner with $68,000 fine. Nearly a year ago, a Federal Communications Commission (FCC) inspector tuned in to several radio frequencies in Casper, Wyoming, and heard music where it did not belong, the Casper Star-Tribune reported July 27. The music, from four Casper radio stations belonging to Mt. Rushmore Broadcasting Inc., sang from the company’s studios in downtown Casper to its transmission facilities for rebroadcast on regular FM radio frequencies. In Casper August 17, 2011, Mt. Rushmore Broadcasting did not have the right to broadcast using the radio links. In the case of two of the radio stations, the company had been using the unlicensed radio links for 16 years. The FCC, July 26 said on its Web site it is fining the company $68,000 for “willfully and repeatedly” violating the law, and it gave the stations’ owner 30 days to get the licenses its needs for stations KMLD 94.5 FM Casper, KASS 106.9 FM Casper, KQLT 103.7 FM Casper, and KHOC 102.5 FM Casper. Source: http://billingsgazette.com/news/state-and-regional/wyoming/fcc-slaps-casper-radio-station-owner-with-fine/article_bb05c009-9f38-5971-a85f-fe798697cdc1.html

Monday, July 30, 2012 

Daily Report

Top Stories

 • Powerful storms knocked out power to more than 100,000 homes and businesses in New York, Ohio, and Pennsylvania, cancelled more than 900 flights, and killed two people. – Reuters 

2. July 27, Reuters – (New York; Ohio; Pennsylvania) Two dead, over 100,000 without power after fierce storms. Two people were dead and more than 100,000 homes and businesses in New York, Ohio, and Pennsylvania were without electricity July 27 after severe thunderstorms swept through the region July 26. The storms spawned a tornado that touched down in Elmira, New York, toppling trees and tearing off roofs, the National Weather Service said. Officials in Pennsylvania and New York reported two storm-related deaths. A woman camping in Genesee, Pennsylvania, near the New York State line was killed when she took refuge from the storm in her car and a tree fell on it, the director of emergency services for Potter County said. Pennsylvania accounted for a majority of those still without power, with more than 85,000 customers in the dark July 27, according to electric companies serving the region. Roughly 34,000 people in New York were without power, most of them in the southern tier region near Elmira, according to NYSEG. About 13,500 customers in eastern Ohio were still offline, according to AEP Ohio. The storm activity forced the cancellation of over 900 flights July 26, according to FlightAware, a Texas-based company that tracks the status of flights. The highest number of cancellations was at LaGuardia Airport in New York City. Source: http://www.cnbc.com/id/48352437

 • Ford Motor Company announced July 27 the recall of more than 400,000 model year 2001-2004 Escape vehicles because of problem with the throttle cable that could lead to uncontrolled acceleration and make it difficult to stop or slow down. – U.S. Department of Transportation 

8. July 27, U.S. Department of Transportation – (National) NHTSA recall notice - Ford Escape speed control cable connector. Ford Motor Company announced July 27 the recall of 423,634 model year 2001-2004 Escape vehicles equipped with 3.0L V6 engines and speed control manufactured from October 22, 1999 through January 23, 2004. Inadequate clearance between the engine cover and the speed control cable connector could result in a stuck throttle when the accelerator pedal is fully or almost-fully depressed. This risk exists regardless of whether or not speed control (cruise control) is used. A stuck throttle may result in very high vehicle speeds and make it difficult to stop or slow the vehicle, which could cause a crash, serious injury, or death. Ford will notify owners, and dealers will repair the vehicles by increasing the engine cover clearance. Remedy parts are expected to be available in mid-August. Until then, dealers will disconnect the speed control cable as an interim remedy, if parts are not available at the time of an owner’s service appointment. Source: http://www-odi.nhtsa.dot.gov/recalls/recallresults.cfm?start=1&SearchType=QuickSearch&rcl_ID=12V353000&summary=true&prod_id=203264&PrintVersion=YES

 • A peer-to-peer botnet targeting banking customers has infected more than 675,000 systems, including those at 14 of the top 20 Fortune 500 companies, according to research released at the Black Hat security conference. – eWeek.com See item 16 below in the Banking and Finance Sector

 • Authorities found more than 20 rifles and handguns and 40 boxes of ammunition at the home of a man they arrested who threatened to shoot people at a Prince George’s County, Maryland facility of computer software and hardware manufacturer Pitney Bowes. – Washington Post See item 34 below in the Information Technology Sector


Banking and Finance Sector

13. July 26, Associated Press – (New Mexico) Fallout from fake audit causing NM financing authority to scale back loans for governments. Cities, counties, and other local governments could find it harder to get low-cost loans from the New Mexico Finance Authority during the next several months because of fallout from a scandal over a fake audit of the agency’s finances, the Associated Press reported July 26. The authority’s governing board reviewed a proposal for limiting a loan program that finances projects such as sewers, roads, and other infrastructure in communities. The authority can only make loans using $37 million in cash reserves because it is unable to issue new bonds without a final audit or unless it taps into a $50 million line of credit previously arranged with a bank. Bonds are the primary way the authority finances projects and has money to lend. At issue in the unfolding scandal are the authority’s financial statements, which were faked to indicate they had been audited by an outside accounting firm. Investors may have relied on the data in considering whether to buy the authority’s bonds. Officials blamed a former controller for the fake audit, which was disclosed earlier in July. The former employee acknowledged putting together the fake audit but said no money was missing and the financial figures in the report were correct. Source: http://www.therepublic.com/view/story/5c3a7527f2b84285aa99fcdaa469779a/NM--Fake-Audit

14. July 26, Sacramento Bee – (California) Three accused of identity theft in skimming operation. Three people were arrested on suspicion of identity theft in a case involving the use of skimming devices in the Sacramento, California area, the Sacramento Bee reported July 26. After a month-long investigation, sheriff’s detectives along with officers from the California Highway Patrol, Sacramento Police Department, San Joaquin County Sheriff’s Department, and the FBI, recovered thousands of credit card numbers, hundreds of counterfeit California ID cards, numerous counterfeit credit cards, and skimming devices. Authorities said they believed the majority of the skimming devices were installed inside gas pumps. The devices could not be detected from the outside of the pump but would be easily recognizable if the pump panel were opened. Installing the skimming devices would take only seconds, and opening the gas pump panel would not disrupt service or activate alarms, they said. Source: http://blogs.sacbee.com/crime/archives/2012/07/three-accused-of-identity-theft-in-skimming-operation.html

15. July 26, KPTV 12 Portland – (Oregon) ‘Bling Bandit’ suspect arrested. Police took into custody a suspect thought to be the “Bling Bandit” who committed multiple armed robberies in the Portland, Oregon area, KPTV 12 Portland reported July 26. The man was arrested for a parole violation. Federal bank robbery charges against him are pending. According to Portland police, further investigation including a fingerprint left at the scene and the execution of a search warrant, identified the man as the suspect. The three bank robberies occurred within 4 months with the bandit robbing the same U.S. Bank twice April 26 and July 16 as well as a Wells Fargo bank June 29. Source: http://www.kptv.com/story/19123121/bling-bandit-suspect-arrested

16. July 25, eWeek.com – (International) ‘Gameover’ financial botnet compromises nearly 700,000 victims. A peer-to-peer botnet targeting banking customers has infected more than 675,000 systems, including those at 14 of the top 20 Fortune 500 companies, according to research released July 25 at the Black Hat security conference. The Gameover botnet uses a private version of the Zeus framework and targets the customers of banks in the United States, Europe, and Asia. To infect more systems, the bot operators used a third-party spam botnet, known as Cutwail, to send out copies of legitimate emails that were modified to spread malware. People who click on a link in the email will be sent to a server that redirects them to another system hosting the Blackhole exploit kit. “The Blackhole kit is not dropping the malware itself,” a researcher said. “Instead, it is dropping a downloader known as Pony, which is interesting in that it is not just a loader, but it steals your HTTP, FTP, and email credentials.” Once Pony installs Zeus on the compromised system, the software establishes a communications channel back to the attackers using peer-to-peer networking, which makes the botnet harder to dismantle because there are no central command-and-control servers to shut down. Infected machines then contact a hard-coded list of peers to get updates and commands. Source: http://www.eweek.com/c/a/Security/Gameover-Financial-Botnet-Compromises-Nearly-70000-Victims-304658/

Information Technology Sector

34. July 27, Washington Post – (Maryland) Maryland police may have thwarted shooting. Authorities have arrested a man who referred to himself as “a joker” and threatened to shoot people at his former workplace in Prince George’s County, Maryland, investigators said July 27. Investigators said that the man called Pitney Bowes the week of July 23 and threatened to carry out a shooting there. He later called back and acknowledged that it was not smart to be making such threats over the phone. Pitney Bowes called Prince George’s police July 25. The man lives in Crofton, and he was taken into custody there by Anne Arundel County police. Police found more than 20 rifles and handguns and 40 steel boxes of ammunition at his home, investigators said. The suspect was being held at an Anne Arundel hospital for medical evaluation, authorities said. Pitney Bowes said in a statement that the suspect arrested was an employee of a subcontractor to Pitney Bowes. He has not been on any Pitney Bowes property in more than 4 months. “What we believe was a significant threat has been averted,” the Prince George’s police chief said. Authorities wrote in an affidavit that they believed that the suspect was referencing the movie theater shootings in Colorado when he called himself a joker. Source: http://www.washingtonpost.com/blogs/crime-scene/post/maryland-police-may-have-thwarted-shooting/2012/07/27/gJQAC6AuDX_blog.html

35. July 26, IDG News Service – (International) Twitter blames two-hour failure on dual data-center crashes. A Twitter outage July 26 that lasted as long as 2 hours for some users was caused by separate data centers failing at nearly the same time, the company said in a blog post. Twitter went down between about 8:20 a.m. and 9 a.m. Pacific Time and was back in action by about 10:25 a.m., wrote the vice president of engineering. Two data centers that operate in parallel for redundancy both failed, in what the vice president called an “infrastructural double whammy. What was noteworthy about today’s outage was the coincidental failure of two parallel systems at nearly the same time,” he wrote. “We are investing aggressively in our systems to avoid this situation in the future.” It was Twitter’s second outage in about 6 weeks. The company blamed the June 21 outage on a cascading bug, a type of problem that spreads from one software element to others. Source: http://www.computerworld.com/s/article/9229705/Twitter_blames_two_hour_failure_on_dual_data_center_crashes

36. July 26, Network World – (National) Study: Microsoft repeatedly ranks as top U.S. spammer. Microsoft has topped a list of biggest U.S. spammers for 5 out of the past 15 months, and for some of those months it ranked No. 1 in the world, according to a University of Texas (UT) study to flag the worst offenders in an effort to get them to improve their security. Based on results culled from spam block lists, researchers found that Microsoft IP addresses were responsible for a big enough volume of spam to top their SpamRankings list for the United States in April and May 2011, and in March, April, and June 2012, said a researcher with the project at McCombs School of Business, UT Austin. The project analyzes raw data about where spam traffic comes from and tracks down what organization owns the offending IP addresses. The raw data gathered by groups outside UT, and the Microsoft rankings are based on those compiled by Passive Spam Block List. The researcher said one factor in the high volume of Microsoft spam may be that part of it is MSN, the Microsoft portal that includes its ISP. “Its purpose is to let people have access to the Internet, and that means people have their own computers, which may have all sorts of security problems,” he said. Outbound spam from an organization indicates a security problem, he said, sometimes because machines have been compromised by botnets and sometimes because users have fallen for phishing ploys. Source: http://www.networkworld.com/news/2012/072512-microsoft-spammer-261183.html?page=1

37. July 25, Network World – (International) Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims. Cyber-espionage operations across the Internet are extensive yet highly targeted, said a research director at Dell SecureWorks, speaking at the Black Hat Conference in Las Vegas. His paper, titled “Chasing APT” released July 25, pinpoints 200 unique families of custom malware used in cyber-espionage campaigns that many refer to as “advanced persistent threats.” It is not just governments targeting other governments or trying to steal corporate secrets — private security companies also are involved in these break-ins even while claiming to offer “ethical hacking services.” In terms of its technical analysis of APTs, SecureWorks stated it believes that along with the 200 unique families of custom malware used in cyber-espionage intrusions, there appear to be more than 1,100 domain names registered by cyber-espionage actors for use in hosting malware command-and-control or spear-phishing, and nearly 20,000 subdomains or purposes such as “malware C2 resolution.” But unlike other types of criminal botnets that “can contain millions of infected computers,” cyber-espionage is far more focused, with “tens of thousands of infected computers spread across hundreds of botnets, each of which may only control a few to a few hundred computers at a time,” the Dell SecureWorks report said. Source: http://www.computerworld.com/s/article/9229658/Black_Hat_Cyber_espionage_operations_vast_yet_highly_focused_researcher_claims?taxonomyId=82&pageNumber=1

For more stories, see items 16 above in the Banking and Finance Sector and 38 below in the Communications Sector

Communications Sector

38. July 26, Door County Daily News – (Wisconsin) Fiber problem causes Internet outage. Quite a bit of Door County, Wisconsin, had to do without Internet service for a time early July 26. The network administrator for Online Door County, a local Internet service provider said, it appeared that Charter Communications’ data network to Door County went down early July 26 and was down for about an hour and a half. The outage affected more than 1,000 customers of Online Door County and an undetermined number of Charter customers. He stated his company has taken steps to prevent future outages. He said they placed an order with Nsight 9 weeks ago to have more fiber optic installed but that installation had not yet taken place. Source: http://www.doorcountydailynews.com/news/details.cfm?clientid=28&id=40505

For another story, see item 35 above in the Information Technology Sector