Friday, August 10, 2012
Daily Report
Top Stories
• A massive refinery fire in Richmond,
California, could severely impact the facility‘s ability to produce petroleum.
Emergency management officials said they planned to ramp up the alert system
because emergency calls went out too slowly during the fire that sent more than
1,700 people to hospitals. – Contra Costa Times
1.
August 9, Contra Costa Times –
(California) Questions raised about Chevron’s handling of gas leak that
sparked massive blaze. Federal, State, and local agencies descended August
8 on the site of Chevron‘s massive refinery fire in Richmond, California, as
questions deepened about whether the company could have prevented the accident
by shutting down a crude unit that began leaking hours before the eruption of
the blaze. The lingering fire was finally extinguished the afternoon of August
8, but the company acknowledged that the damage was so severe that the plant‘s
ability to produce refined petroleum is limited — a situation that is pushing
up gas prices in California and across the Western United States. The
investigations may not begin in earnest until August 10, after State officials
declare the site safe. At least five separate investigations, including one by
the U.S. Chemical Safety Board, will target a pipe that burst after 2 hours of
monitored leaking, sparking the fire. About 1,700 western Contra Costa
residents visited county hospitals since the evening of August 6, said the
director of Contra Costa‘s Emergency Medical Services. Contra Costa had its own
phone issues, as the county‘s hazardous materials chief said warning calls to
area residents went out too slowly through the automatic phone system. The
director plans to beef up the system‘s capacity. Source: http://www.mercurynews.com/top-stories/ci_21264767/small-fire-flares-up-at-same-site-major
• Federal highway officials warned that grout
used to protect steel support cables on dozens of bridges in 21 States may be
contaminated with a chemical that could accelerate rusting. – Baltimore Sun
13.
August 8, Baltimore Sun – (Maryland;
Virginia; National ) Wilson Bridge, 34 others being checked for possible
structural defects. Grout used to protect steel support cables in the
Woodrow Wilson Bridge, which carries Interstate 95 over the Potomac River
between Maryland and Virginia, may be contaminated with an excessive level of
chloride, a corroding substance known to accelerate rusting. The Federal Highway
Administration (FHA) warned 21 States — including Maryland — that as many as 3
dozen bridges were built with possibly defective grout manufactured in Ohio
between November 2002 and March 2010. Chloride-contaminated grout was blamed in
the collapse of a pedestrian walkway at Lowe‘s Motor Speedway in Concord, North
Carolina, in 2000, injuring more than 100 fans. In the case of the Woodrow
Wilson Bridge, however, federal and State highway officials insist there is no
imminent hazard. The FHA said the presence of chloride is not an indication of
corrosion but ―does indicate corrosion potential.‖ ―There isn‘t any safety
issue. There isn‘t one in the foreseeable future,‖ said a spokesman for the
Maryland State Highway Administration. ―There‘s so much redundancy built into
the bridge. But we‘re keeping an eye on it.‖ Source: http://articles.baltimoresun.com/2012-08-08/news/bs-md-wilson-bridge-grout-20120808_1_grout-wilson-bridge-12-lane-bridge
• Agricultural officials were on high alert in
Colorado after the first anthrax outbreak in a generation killed at least 50
head of cattle on a ranch. – Food Safety News
17.
August 9, Food Safety News –
(Colorado) Anthrax outbreak on Colorado ranch kills cattle. Colorado‘s
first anthrax outbreak in a generation was being investigated on a Logan County
ranch, the State government confirmed, Food Safety News reported August 9.
Anthrax, an infection caused by the spores produced by Bacillus anthracis, has
reportedly killed at least 50 head of cattle on the Colorado ranch. Only bovine
infections are likely to arise from the Colorado outbreak, but humans can
become infected with anthrax by either breathing spores from infected animal
products or eating undercooked meat from infected animals. Foodborne or
gastrointestinal anthrax is rare. Colorado placed the ranch involved under
quarantine and notified surrounding ranches about the outbreak. No cattle left
the ranch before the quarantine, and no infected cattle entered the human food
supply, the State veterinarian said. The anthrax was confirmed by a necropsy
performed on a dead animal by the Colorado State University Veterinary
Diagnostic Laboratories. Cattle, people, and equipment were all being monitored
to prevent the disease from leaving the quarantined ranch. During a drought
like the one now affecting eastern Colorado, spores can develop naturally in
the soils of riverbeds. During periods of rain or flood, these spores can
become active and kill many animals quickly, often before anyone realizes they
are infected. Source: http://www.foodsafetynews.com/2012/08/anthrax-outbreak-on-colorado-ranch/#.UCO1-6D6fEU
• Massachusetts officials raised the risk
level from the dangerous Eastern equine encephalitis virus to ―critical‖ in some
towns and said the threat from mosquito-borne illness is the highest in
decades. – Reuters
30. August
8, Reuters – (Massachusetts) Massachusetts takes fresh steps against
dangerous mosquitoes. Massachusetts officials raised the risk level from
the dangerous Eastern equine encephalitis (EEE) virus to ―critical‖ in some
towns and said the threat from mosquito-born illness is the highest in decades.
Separately, health authorities said August 7 that the State‘s first human case
of the virus for 2012 had been identified, although most likely contracted out
of State. The man was hospitalized and released. The potentially deadly EEE
virus is spread to humans through the bite of an infected mosquito. Aerial
spraying — conducted in about 20 Massachusetts communities in late July — will
likely resume the week of August 13 in six towns, said a State Department of
Public Health spokeswoman. State officials said a mild winter in the Northeast
United States contributed to higher mosquito populations this summer in
Massachusetts and potentially neighboring States, and was also why mosquitoes
carrying EEE were found earlier than normal. Massachusetts had two cases of
EEE, one fatal, in 2011. Source: http://www.reuters.com/article/2012/08/08/us-usa-massachusetts-mosquitoes-idUSBRE8771NX20120808
• A wildfire burning on the grounds of the
Utah National Guard‘s Camp Williams near Salt Lake City quickly doubled in size
after the flames jumped containment lines and threatened to detonate thousands
of unexploded shells. – Associated Press
33.
August 9, Associated Press – (Utah) Wildfire
on Utah military camp doubles in size after flames cross containment lines. A
wildfire burning on the grounds of the Utah National Guard‘s Camp Williams near
Salt Lake City quickly doubled in size after the flames jumped containment
lines, Associated Press reported August 9. Fire officials said the blaze was
moving away from thousands of unexploded shells that can still detonate on the
base grounds. The Pinyon Fire has burned 9.8 square miles and was 10 percent
contained the morning of August 9. Containment was at 40 percent the afternoon
of August 8 before the flames crossed containment lines. More than 200
firefighters were battling the wildfire with air support. The fire destroyed
seven training structures that were part of a mock Afghan village on the camp.
Source: http://www.therepublic.com/view/story/025acbc209874d459657a085348fb691/UT--Utah-Wildfires
Details
Banking and Finance Sector
9. August
9, Wired – (International) Flame and Stuxnet cousin targets Lebanese
bank customers, carries mysterious payload. A newly uncovered espionage
tool known as Gauss, apparently designed by the same people behind the
State-sponsored Flame malware that infiltrated machines in Iran, has been found
infecting systems in other countries in the Middle East, according to
researchers. Wired.com reported August 9 that the malware steals banking
credentials and other information, and also carries a heavily encrypted
payload. Gauss was found infecting at least 2,500 machines, most of them in
Lebanon, said Russia-based security firm Kaspersky Lab, which discovered the
malware in June and published an extensive analysis of it. The malware targets
accounts at several banks in Lebanon, as well as customers of Citibank and
PayPal. The varied functionality of Gauss suggests a toolkit used for multiple
operations. While the banking component adds a new element to State-sponsored
malware, the mysterious payload may prove to be the most interesting part of
Gauss, since that part of the malware was carefully encrypted by the attackers
and so far remained uncracked by Kaspersky. The payload appears to be highly
targeted against machines that have a specific configuration, used to generate
a key that unlocks the encryption. So far the researchers have been unable to
determine what configuration generates the key. Source: http://www.wired.com/threatlevel/2012/08/gauss-espionage-tool/all/
10. August
8, Newark Star-Ledger – (New Jersey) N.J. officials charge
Jersey City hedge fund, executives with fraud. New Jersey officials sued a
Jersey City-based hedge fund and its executives over charges that they
defrauded dozens of investors and sold about $12 million worth of unregistered
securities, the Newark Star-Ledger reported August 8. The charges were levied
against Osiris Partners and an affiliated entity, Osiris Fund Limited
Partnership, and 10 individuals who either worked for the firm or sold
unregistered interests in the hedge fund. According to the complaint, the firm
violated multiple provisions of the State‘s securities law, including producing
falsified investor account statements, and overstating the value of the Osiris
fund‘s assets to generate higher management fees and conceal losses. The fund
firm also employed unregistered agents to sell limited partnership interests in
the Osiris fund, and failed to disclose its chairman‘s criminal background,
which included convictions for securities fraud. Source: http://www.nj.com/business/index.ssf/2012/08/nj_officials_charge_jersey_cit.html
11. August
8, Associated Press – (New Mexico) NM Finance Authority exec, ex-controller
arrested. The current chief operating officer (COO) and a former controller
at the New Mexico Finance Authority (NMFA) were arrested August 8 on charges of
State securities violations related to a fake audit that made the agency‘s
revenue look stronger than it actually was in 2011. According to the criminal
complaint, the former controller faces securities fraud, forgery, and racketeering
charges for misrepresenting about $40 million in the audit. Investigators said
he acknowledged he forged the agency‘s audit report that provides financial
statements about the agency, and he falsely claimed that it had been audited by
an outside firm. The COO was charged as an accessory on eight counts of
securities fraud and racketeering. He was also charged with conspiring to
engage in a pattern of racketeering by misrepresenting NMFA‘s financial
statements to ratings agencies, investors that buy the agency‘s bonds, and the
State. The NMFA‘s governing board said it would be uncertain about whether any
money is missing until a forensic audit of the agency is completed. Source: http://www.businessweek.com/ap/2012-08-08/nm-finance-authority-exec-ex-controller-arrested
For
another story, see item 42 below in the Information
Technology Sector
Information Technology Sector
38. August
9, IDG News Service – (International) Internet attacks from China and US increased
in first quarter of 2012, report says. China and the United States were the
two largest sources of Internet-attack traffic in the first quarter of 2012,
increasing to account for 16 percent and 11 percent respectively, according to
Akamai Technologies. Attack traffic from China increased three percentage
points compared to the last quarter of 2011, and attacks from the United States
increased one percentage point in the same period, Akamai said in its First Quarter,
2012 State of the Internet report. Russia ranks third in the top 10 and
generated 7 percent of all attack traffic, a slight increase compared to 2011‘s
results. Over the past 4 years, the United States has been responsible for as
little as 6.9 percent of attack traffic and as much as 22.9 percent, Akamai
said. The highest concentration of attack traffic generated from China was
observed in the third quarter of 2008 when the country was responsible for 26.9
percent of attack traffic, it added. Source: http://www.computerworld.com/s/article/9230124/Internet_attacks_from_China_and_US_increased_in_first_quarter_of_2012_report_says
39. August
9, Dark Reading – (International) Serving up malicious PDFs through SQL
injection. In July at the BSides conference Las Vegas, a pair of
researchers from FishNet Security demonstrated a new SQL injection attack
technique against Web sites that distribute binary file content such as PDFs
from dynamically-built URLs. Their methods give attackers the means to stealthily
extract data and distribute hidden malware by attacking SQL injection
vulnerabilities on these types of sites — even if the back-end database
distributing content to the Web application is hardened in every other way. The
technique they developed was precipitated by a real-world penetration test and
code review conducted by security consultants for FishNet Security against a
customer Web application designed to retrieve stored PDFs within a database and
return them as a Web page. Source: http://www.darkreading.com/database-security/167901020/security/news/240005188/
40. August
9, The H – (International) Improved Flash sandbox arrives in Chrome for
Windows. The Google Chrome developers, with help from Adobe, improved the
sandboxing of the browser‘s Flash plugin. To enable the improved sandboxing,
the developers ported the Flash player plugin from the older Netscape Plugin
API (NPAPI) to Google‘s Pepper Plugin API (PPAPI) architecture, developed
especially to allow advanced features such as sandboxing and hardware graphics
acceleration to be implemented. These improvements have now arrived as defaults
in the Windows version of the browser. Source: http://www.h-online.com/security/news/item/Improved-Flash-sandbox-arrives-in-Chrome-for-Windows-1663926.html
41. August
8, Dark Reading – (International) Top 3 HTML5 vulnerability risk categories. New
advice from Forrester Research urges companies to increase the pace of their
HTML5 adoption to keep up with mobility trends and enable better online
customer experiences. As HTML5 gains relevance in the enterprise, developers
need to think carefully about the vulnerabilities their new code may introduce
into their organizations‘ Web infrastructure. As one researcher highlighted at
the Black Hat annual conference recently, the capabilities afforded by HTML5
open up a whole new world of attack opportunities for hackers. In his talk, the
researcher discussed and demonstrated proof-of-concepts for many, different
vulnerabilities, with all of them falling under three main categories. Source: http://www.darkreading.com/vulnerability-management/167901026/security/news/240005129/
42. August 8, Help Net Security – (International) eBay’s
security efforts lead to massive fraud drop and 3K arrests. The online
auction and shopping Web site, eBay, managed to cut fraud by 90 percent in the
last 3 years, the company‘s former chief information security officer recently
said. According to CSO Online, this increased action in shutting down malicious
individuals trying to take advantage of the site and its users led to the
arrest of some 3,000 people around the world, mostly outside the United States.
Source: http://www.net-security.org/secworld.php?id=13396
For more stories, see item 9, above
in the Banking and Finance Sector
Communications Sector
43.
August 9, KWQC 6 Davenport – (Iowa) KWQC
transmitter repair. Due to technical issues, KWQC 6 in Davenport, Iowa, was
broadcasting at extremely low power (3 percent) while they awaited the arrival
of a tower crew to replace a bad connector on their transmission line, KWQC 6
Davenport reported. The problem occurred late August 8, and repairs were
successfully made overnight and signal transmission was near 50 percent power
the morning of August 9. Engineers shut down the transmitter while the
transmission line was repaired. Source: http://www.kwqc.com/story/19227173/kwqc-transmitter-repair
44.
August 8, Minneapolis Star Tribune –
(Minnesota) Lightning strikes twice at KBEM. KBEM 88 FM Minneapolis was
kept off the air for close to 24 hours beginning late August 3 and continuing
into the evening of August 4 by what was diagnosed as a lightning strike,
Minneapolis Star Tribune reported August 8. Lightning also knocked the station
off the air for part of the weekend of May 26. According to the district
spokeswoman, equipment belonging to the station‘s communications provider was
struck and ―all of our communications suffered.‖ That affected a T1 internet
connection that links the studio and transformer, another line that is used as
a backup, and the phone link that notifies the staff that there is a problem.
She said that normally tower equipment begins calling at 90 seconds of dead
air, but the downed link prevented that. Normally when the T1 line fails, there
is a backup. But the unit that handles that was still back at the factory being
repaired from the May 28 lightning strike. Source: http://www.startribune.com/local/blogs/165502436.html
No comments:
Post a Comment