Thursday, October 11, 2012
Daily Report
Top Stories
• Tens of thousands of car owners whose air bags were replaced in
the past 3 years may have had dangerous counterfeit bags installed, the U.S.
Presidential administration warned October 10. – Associated Press
10. October
10, Associated Press – (National) Counterfeit air bags called 'extreme
safety
risk'. Car owners whose air bags were replaced in the past 3 years may
have had
dangerous counterfeit bags
installed, the U.S. Presidential administration warned
October 10. Only 0.1
percent of the U.S. vehicle fleet is believed to be affected, the
National Highway Traffic
Safety Administration (NHTSA) said in a statement.
However, industry
officials briefed by the government said tens of thousands of car
owners may be driving
vehicles with counterfeit air bags. In government tests of 11
counterfeit bags, 10 did
not inflate or failed to inflate properly. In one test, a counterfeit
bag shot flames and shards
of metal shrapnel at a crash dummy instead of inflating,
according to the NHTSA
Administrator. NHTSA is asking car owners to check a
government Web site for
information on how to contact a call center established by
auto manufacturers to
learn if their vehicle model is among those for which counterfeit
air bags are known to have
been made. NHTSA compiled a list of dozens of vehicle
makes and models for which
counterfeit air bags may be available, but the agency
cautioned that the full
scope of the problem was not clear yet and the list is expected to
"evolve over
time." The counterfeit bags were typically made to look like air bags
made by automakers and
usually include a manufacturer's logo. Government
investigators believe many
of the bags come from China, an industry official said.
• A man arrested at Los Angeles International Airport wearing a
bulletproof vest and flame-resistant pants refused to cooperate with federal
officials working to discover why he was headed to Boston with a suitcase full
of weapons. – Associated Press
20. October
9, Associated Press – (California) Feds: Man arrested at LA airport not
cooperating.
A man arrested at Los Angeles International Airport in Los Angeles
wearing a bulletproof vest
and flame-resistant pants would not cooperate with federal
officials working to
discover why he was headed to Boston with a suitcase full of
weapons, the Associated
Press reported October 9. The man was taken into custody
recently during a stopover
on a trip from Japan when U.S. Customs and Border
Protection officers
reported he was wearing the protective gear under his trench coat,
triggering a Homeland
Security investigation. A search of his checked luggage
uncovered numerous
suspicious items, including a smoke grenade, knives, body bags, a
hatchet, a collapsible
baton, a biohazard suit, a gas mask, billy clubs, handcuffs, leg
irons, and a device to repel
dogs, authorities said. The suspect was charged with one
count of transporting
hazardous materials, an offense that carries a maximum penalty of
5 years in prison. He made
a brief court appearance October 9, but his arraignment was
delayed until October 12
and he was ordered held until then. The suspect is a U.S.
citizen whose permanent
residence is in Boston, though he recently started living and
working in Japan,
officials said.
• Pressure mounted for greater federal regulation in response to a
meningitis scare caused by tainted steroid injections that widened to 11 States
and 138 people — including 12 who died — October 10. – Reuters
37. October
10, Reuters – (National) Calls for oversight grow as meningitis scare
widens. Pressure
mounted for greater regulation in response to a meningitis scare that
widened to 11 States on
October 10 with the first case confirmed in Idaho, Reuters
reported. The Idaho case
was the first discovered in the western United States. To date,
138 people have contracted
meningitis and 12 have died. Approximately 5 percent of
patients treated with the
suspect medication have contracted meningitis, said the chief
medical officer for the
Tennessee Department of Health. The rate of infection overall is
not known. The recalled
steroid vials were shipped to 76 facilities in 23 States,
according to the CDC.
Tennessee has been the hardest hit, with six reported deaths and
44 cases of meningitis,
followed by Michigan with three deaths and 28 cases, Virginia
with one death and 27
cases, and Maryland with one death and nine cases. The other
States with cases are
Indiana, Florida, Minnesota, North Carolina, Ohio, New Jersey,
and Idaho.
• The U.S. State Department withdrew U.S. security personnel from
Libya just weeks before suspected Islamist extremists killed the U.S.
ambassador and three other Americans there. This withdrawal occurred despite
warnings from the U.S. Embassy that the Libyan government could not protect
foreign diplomats, according to an email released October 9. – McClatchy
Newspapers
43. October
9, McClatchy Newspapers – (International) Security units pulled
from
embassy
in Libya despite warnings. The U.S. State Department withdrew U.S.
security personnel from
Libya just weeks before suspected Islamist extremists killed
the U.S. ambassador and
three other Americans there despite warnings from the U.S.
Embassy that the Libyan
government could not protect foreign diplomats, according to
an email released October
9. The State Department rejected requests to extend the tours
of U.S. diplomatic and
military security personnel in order to "normalize" embassy
operations according to
"an artificial timetable," the embassy's former security chief,
wrote in an October 1
email. The email and a list the former security chief compiled
while in Libya of 230
security incidents between June 2011 and July 2012 were
released by the House
Committee on Oversight and Government Reform on the eve of
a hearing at which the
chief, who is still a State Department security officer, was
scheduled to testify. A
lieutenant colonel who commanded a security detail at the
embassy in Tripoli was
also scheduled to appear. The security chief's list, which he said
resulted in a 30 percent
increase in pay this summer for embassy staff because of the
danger of the assignment,
recounted a litany of near-daily bombings, shootings,
robberies, and other
violence.
Details
Banking and Finance Sector
12. October
9, United Press International – (New York) Fake bills found
in New York
City
ATMs. Crudely counterfeited currency was found in automatic teller
machines at
two New York City banks,
and bank officials said about $110,000 was missing, United
Press International
reported October 9. Police and bank officials were investigating, on
the assumption the stacks
of fake money, printed on ordinary paper stock and only on
one side, were placed in
two Chase Bank branch machines to replace stolen cash. The
counterfeit bills were not
to fool customers but to imply the machines had a full load of
cash, The New York Times
reported. At least two customers received fake $20 bills in
transactions with the
machines, but alerted bank personnel quickly and resolved the
situations, a bank
official said.
13. October
9, MarketWatch – (National) U.S. approves stress test rules for 100
banks. Bank
regulators October 9 approved regulations requiring more than 100 large
financial institutions
with more than $10 billion in assets to conduct annual stress tests
to ensure they have enough
capital in the event of a deep recession. The rules expand
on a similar stress test
developed by the Federal Reserve for the biggest bank holding
companies with $50 billion
or more in assets, and the agencies have agreed to
coordinate efforts on the
tests. The Federal Reserve stress test in March gave failing
marks to Ally Financial
Inc., Citigroup Inc., MetLife Inc., and SunTrust Banks Inc. The
new rules were approved by
the board of Federal Deposit Insurance Corp., the
Comptroller of the
Currency, and the Federal Reserve as part of a three-agency joint
rule effort. The
regulation requires stress tests based on three scenarios, a baseline
scenario, an adverse scenario,
and a severely adverse scenario that will be provided to
banks and the public by
November 15 at the latest each year.
14. October
9, Bloomberg News – (International) Capital One target as cyber attacks
resume on
U.S. banks. Capital One Financial Corp. said it was the latest target in a
new round of coordinated
cyber attacks aimed at disrupting the Web sites of major U.S.
banks, Bloomberg News
reported October 9. SunTrust Banks Inc. and Regions
Financial Corp. said they
expect to be next. A spokeswoman for Capital One confirmed
in an email statement that
the bank’s online systems were disrupted, but that most
online services had been
restored. ―At this point, we have no reason to believe that
customer and account
information is at risk,‖ she said. The computer assaults are a
continuation of a campaign
that began last month using commercial servers to overload
bank Web sites with
Internet traffic, temporarily disrupting and slowing online services
for customers. A group
claiming responsibility said that attacks would continue against
SunTrust October 10, and
Regions Financial October 11.
15. October
9, Reuters – (National) U.S. sues Wells Fargo in mortgage fraud case. The
U.S. Government filed a
civil mortgage fraud lawsuit October 9 against Wells Fargo &
Co, the latest legal
volley against big banks for their lending during the housing boom.
The complaint, brought by
the U.S. Attorney in Manhattan, seeks damages and civil
penalties from Wells Fargo
for more than 10 years of alleged misconduct related to
government-insured Federal
Housing Administration (FHA) loans. The lawsuit alleges
the FHA paid hundreds of
millions of dollars on insurance claims on thousands of
defaulted mortgages as a
result of false certifications by Wells Fargo. Wells, the largest
U.S. mortgage lender,
denied the allegations, and said in a statement it believes it acted
in good faith and in
compliance with FHA and U.S. Department of Housing and Urban
Development rules.
Information Technology Sector
47. October
10, The H – (International) Mozilla closes numerous critical holes in
Firefox
16. Following
the recent Firefox 16 release, Mozilla detailed all of the security fixes in
the new version of its
open source Web browser as well as in the Thunderbird news and
email client. Version 2.13
of the SeaMonkey "all-in-one internet application suite" also
received fixes. In
addition to adding new features, version 16.0 of Firefox closes 14
security holes, 11 of
which are rated as "Critical" by the project. These critical
vulnerabilities include
several memory handling and corruption issues, buffer
overflows, and the
possibility of arbitrary code execution through bypassing security
checks for the
cross-origin properties. Another vulnerability could lead to JavaScript
crashing the browser when
using an invalid cast with the instanceof operator.
According to Mozilla, many
of these vulnerabilities could be exploited remotely by an
attacker to, for example,
execute malicious code on a victim's system.
48. October
10, The H – (International) BIND DNS server updates close critical
hole. The
Internet Systems Consortium (ISC) is warning users of a critical vulnerability
in the free BIND DNS
server that can be exploited by an attacker to cause a denial-ofservice
(DoS) condition. According
to the ISC, the security issue (CVE-2012-5166) is
caused by a problem when
processing a specially crafted combination of resource
records (RDATA). When
loaded, this data can cause a name server to lock up. The ISC
says that, when this
happens, normal functionality can only be restored by terminating
and restarting the named
daemon. Affected versions include 9.2.x to 9.6.x, 9.4-ESV to
9.4-ESV-R5-P1, 9.6-ESV to
9.6-ESV-R7-P3, 9.7.0 to 9.7.6-P3, 9.8.0 to 9.8.3-P3, and
9.9.0 to 9.9.1-P3. The ISC
notes that while versions 9.2, 9.3, 9.4, and 9.5 of BIND are
vulnerable, these branches
are considered to be "end of life" (EOL) and are no longer
updated. Upgrading to
9.7.7, 9.7.6-P4, 9.6-ESV-R8, 9.6-ESV-R7-P4, 9.8.4, 9.8.3-P4,
9.9.2, or 9.9.1-P4
corrects the problem. Alternatively, as a workaround, users can set
the
"minimal-responses" option to "yes" in order to prevent the
lockup.
Source: http://www.h-online.com/security/news/item/BIND-DNS-server-updates-closecritical-hole-1727232.html
49. October
10, The H – (International) Pwnium 2: Full Chrome exploit earns hacker
$60,000. Google's
Chrome Web browser fell at the company's Pwnium 2 security
competition, which took
place October 10 at the Hack In The Box conference. SC
Magazine reported that the
hacker who goes by the pseudonym "Pinkie Pie" was
successfully able to
"fully exploit" Chrome, escaping the sandbox using only bugs
within Chrome. The hack
was done on a fully patched 64-bit Windows 7 system
running the latest stable
branch of Chrome.
50. October
9, Threatpost – (International) Microsoft report exposes malware families
attacking
supply chain. Less than a month after the Nitol botnet takedown, Microsoft
released data casting more
scrutiny on supply chain security. In its latest Security
Intelligence Report (SIR),
Microsoft connected the most prevalent malware families
involved in supply chain
compromises, including malicious add-ons pre-installed on
PCs by manufacturers,
pirated software on peer-to-peer networks, and music and movie
downloads. Microsoft began
its Nitol investigation more than a year ago after it found
Nitol-related malware on
PCs built in China running counterfeit versions of Windows.
Microsoft took down more
than 70,000 sub-domains hosting the botnet, which was
backed by more than 500
different malware strains. In the SIR, Microsoft reports
hackers are hitting supply
chains by infecting networks with malware bearing file
names matching popular
downloads and by the presence of what Microsoft calls
indicator families on
machines compromised by file-sharing or an insecure supply
chain.
51. October
9, Threatpost – (International) Microsoft patches critical word flaw;
certificate
key length changes are official. Microsoft issued seven security
updates,
including a fix for a
critical remotely exploitable Word vulnerability. In all, Microsoft
repaired 20
vulnerabilities, and issued an advisory regarding poorly generated digital
certificates an automated
mechanism that will check for certificate key lengths,
revoking any shorter than
1024 bits. The patch for the Word flaw fixes a memoryparsing
vulnerability; attackers
using a specially crafted RTF file could remotely gain
the system privileges if
users preview or open the infected RTF file in Outlook's
preview pane when Word is
the default email reader. Microsoft Word 2003, 2007, and
2010 are vulnerable, as
are Microsoft Word Viewer, Microsoft Office Compatibility
Pack, Microsoft Word
Automation Services on Microsoft SharePoint Server 2010, and
Microsoft Office Web Apps.
52. October
9, Ars Technica – (International) Confirmed: Apple-owned fingerprint
software
exposes Windows passwords. Security consultants independently confirmed
a serious security
weakness that makes it trivial for hackers with physical control of
many computers sold by
Dell, Acer, and at least 14 other manufacturers to quickly
recover Windows account
passwords. The vulnerability is contained in multiple
versions of
fingerprint-reading software known as UPEK Protector Suite. In July,
Apple paid $356 million to
buy Authentec, the Melbourne, Florida-based company that
acquired the technology
from privately held UPEK in 2010. The weakness was
revealed no later than
September, but Apple has yet to acknowledge it or warn end
users how to work around
it.
53. October
9, Ars Technica – (International) Skype users targeted by malicious worm
that
locks them out of their PCs. Researchers detected a malware
campaign that
attempts to infect Skype
users by sending them booby-trapped links from contacts in
their address book. The
social-engineering ploy attempts to install a variant of the
Dorkbot worm that
previously menaced Twitter and Facebook users. Once installed,
Dorkbot uses its host
computer to engage in click fraud and installs software that locks
the user out of the
machine and displays screens saying their data will be deleted unless
a $200 "fine" is
paid within 48 hours. According to a report from Sophos, the malware
campaign is taking
advantage of the Skype API to spam out messages such as "lol is
this your new profile
pic?" along with a malicious URL.
54. October
9, Ars Technica – (International) HTTPS Everywhere plugin from EFF
protects
1,500 more sites. Members of the Electronic Frontier Foundation (EFF)
updated their HTTPS
Everywhere browser plugin to offer automatic Web encryption to
an additional 1,500 sites,
twice as many as previously offered. EFF introduced HTTPS
Everywhere in 2009 in
collaboration with members of the Tor anonymity project with
the goal of encrypting the
entire Web. When the browser extension is installed, users
are automatically directed
to secure sockets layer (SSL) versions of many Web sites
even when the
"HTTPS" tag is not in the URL. Google, Wikipedia, Twitter, and
thousands of other sites
are included, with more added regularly. A previous update to
HTTPS Everywhere introduced
an optional feature called the Decentralized SSL
Observatory. It detects
and warns of possible man-in-the-middle attacks on Web sites a
user visits by sending a
copy of the site's SSL certificate to the EFF's SSL Observatory.
When EFF detects anomalies,
it sends a warning to affected end users.
Source: http://arstechnica.com/security/2012/10/https-everywhere-plugin-from-effprotects-1500-more-sites/
For another story see item 14 above in
the Banking and Finance Sector
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment