Tuesday, January 10, 2012

Complete DHS Daily Report for January 10, 2012

Daily Report

Top Stories

• Federal agents arrested a Pinellas Park, Florida, man described as having extremist jihadist beliefs after he attempted to procure guns and explosives and threatened to blow up government and commercial buildings. – Tampa Tribune (See item 30)

30. January 9, Tampa Tribune – (Florida) Feds: Man planned terrorism attacks in Tampa. Federal agents the weekend of January 7 arrested a Pinellas Park, Florida, man described as having extremist jihadist beliefs who wanted to blow up a target in Tampa and create “terror.” The man was taken into custody after an FBI sting operation in which he tried to buy explosives, at least 10 grenades, Uzis, and an AK-47, authorities said. His intended target shifted over the course of the investigation, which spanned several months, at times involving government buildings, the Hillsborough County Sheriff’s Office operations center in Ybor City, and a pub in South Tampa, authorities said. The arrest came about, in part, because of assistance from the Muslim community, said a U.S. attorney. The sting culminated at a Tampa hotel January 7 after the suspect had the person from whom he was purchasing the explosives –- unknown to him, an undercover agent –- film him making a video explaining his reasoning for the planned attack, according to the complaint. The suspect, who was born in the former Yugoslavia, came to authorities’ attention in September 2011 when he contacted a store owner and asked for flags representing al-Qa’ida, according to a federal complaint. The suspect began working for the owner as a laborer. The store owner contacted the FBI, which initiated an undercover investigation. Source: http://suncoastpinellas.tbo.com/content/2012/jan/09/091105/feds-man-planned-terrorism-attacks-in-tampa/news/

• Two vulnerabilities in the Siemens FactoryLink industrial control systems used in the oil and gas, chemical, and food and beverage industries, could enable a hacker to carry out remote denial of service and arbitrary code execution attacks. – Infosecurity. See item 41 below in the Information Technology Sector


Banking and Finance Sector

13. January 8, NetworkWorld – (National) FBI warns of malware phishing scam. The FBI issued a warning the week of January 2, on a new Internet blight called “Gameover,” which, once ensconced on a PC, can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. The FBI said it has seen an increase in the use of Gameover, which is an e-mail phishing scheme that invokes the names of prominent government financial institutions — the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC). The FBI said Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information. This is how the FBI described the scam: “Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information. After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.” The FBI went on to say some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores. Source: http://www.pcworld.com/article/247450/fbi_warns_of_malware_phishing_scam.html

14. January 8, Asheville Citizen-Times – (North Carolina) Bank of Asheville officials negligent, FDIC says. Directors of the Bank of Asheville in North Carolina ignored their own policies and warnings from regulators while making risky real estate loans that ultimately forced the bank’s closure, the Asheville Citizen-Times reported January 8. That is the thrust of a lawsuit filed recently by the Federal Deposit Insurance Corp. (FDIC) against seven former bank directors that seeks to recover $6.8 million in losses on loans the suit said the directors approved. The lawsuit, filed December 29 in a U.S. district court, identifies 30 loans it said were negligently approved. It said bank directors generally approved loans via e-mail instead of meeting and discussing loan applications in person. Many of the applications were based on only cursory research on borrowers’ finances and the adequacy of collateral, it said. The FDIC and state regulators shut Bank of Asheville in January 2011. Bank of Asheville previously reported substantial losses on real estate loans. The former bank president and chief executive pleaded guilty in June to fraud in connection with a loan. Source: http://www.citizen-times.com/article/20120109/NEWS/301090019/FDIC-slams-Asheville-bank?odyssey=tab|topnews|text|Frontpage

15. January 6, Huffington Post – (California) ‘Dying Son Bandit’ held up five southern California banks since November. In southern California, one father is claiming his family’s staggering hospital bills are driving him to a life of crime as a bank robber, the Huffington Post reported January 6. Known among local law enforcement authorities as the “Dying Son Bandit,” he has reportedly been apologetic during bank hold-ups as he explains he needs the money to pay for his ailing son’s care. A FBI spokeswoman told KCBS 2 Los Angeles that during two bank robberies January 5 — one in Dana Point and the other in Lake Forest — he told tellers he needed the cash to pay for his family’s medical bills. The spokeswoman confirmed the report with the Huffington Post and revealed the FBI has been on the trail of the “Dying Son Bandit” since late 2011 when he started robbing banks in San Diego County. In November he robbed a bank in Carlsbad. In early December, he robbed a bank in Encinitas, then a bank in Oceanside New Year’s Eve. The FBI was able to tie the bank robberies in San Diego County with the January 5 hits in Orange County because of the similar modus operandi, and very clear photos from surveillance cameras. Source: http://www.huffingtonpost.com/2012/01/06/dying-son-bandit-bank-robberies-hospital-bills-california_n_1190217.html

16. January 6, KNBC 4 Los Angeles – (California) Alleged ‘Market Duo’ bandit still on the loose. A man taken into custody in California who was believed to be the second half of the “Market Duo” robbery team was released, and now authorities are searching for a suspect who managed to escape a police perimeter. Following a police pursuit January 5, one suspect was shot and arrested. A second man fled the scene on foot. After setting up a perimeter, a man was taken into custody; however, it was “later determined that the man had no involvement with the incident,” a deputy told City News Service. The incident started January 5 when two men — believed to be the serial robbers known as the “Market Duo” — allegedly held up a Wells Fargo branch in Placentia. A freeway pursuit ensued, at times reaching 100 mph. The chase ended in Paramount when the suspects’ vehicle hit a curb. After exiting the vehicle, one suspect allegedly pulled out a replica weapon, a Placentia detective said. Wells Fargo is offering a $10,000 reward for information leading to the identification and conviction of the second suspected robber. The “Market Duo” bandits earned the nickname because they allegedly targeted bank branches in grocery stores. The robbers are believed to have held up the same branch November 21, an FBI spokeswoman said. The alleged bandits are also suspected of robbing a U.S. Bank branch in La Habra October 25 and another U.S. Bank branch in Seal Beach November 3, a FBI special agent said. Source: http://www.nbclosangeles.com/news/local/Market-Duo-Robbery-136832503.html

17. January 6, Wired – (New York) Romanian man charged in $1.5 million ATM skimming scam. A Romanian man was arrested in a $1.5 million card-skimming operation that targeted 40 ATMs belonging to HSBC branches in New York, Wired reported January 6. Between May 2010 and the week of January 2 the man and others allegedly installed card-skimming devices that stole card numbers and PINs on HSBC ATMs in Manhattan, Long Island, and Westchester. Using the videotaped PINs, they withdrew about $1.5 million from customer accounts over about 7 months, authorities said. According to an affidavit filed by a U.S. Secret Service agent, the suspect was caught on bank surveillance cameras January 5 –- and on prior occasions –- installing the skimmers and pin-hole cameras and made no attempt to hide his face. The suspect, according to authorities, was in the United States illegally on an overstayed visa. He was charged with one count of conspiracy to commit bank fraud and one count of bank fraud. If convicted, he faces a maximum sentence of 60 years in prison. Source: http://www.wired.com/threatlevel/2012/01/hsbc-skimming-operation/

18. January 6, Minneapolis Star Tribune – (Minnesota; Wisconsin) Wisconsin man admits mass mortgage fraud. A man suspected in what authorities described as “the next wave” in mortgage fraud schemes surprised Hennepin County, Minnesota, prosecutors January 6 and pleaded guilty to a charge of racketeering, exposing himself to a potential prison term of up to 20 years. The man owned and operated Mortgage Planners Inc., a licensed mortgage originator in St. Paul. He admitted January 6 he and others submitted forged financial documents to lenders to qualify “straw buyers” for mortgage loans guaranteed by the Federal Housing Administration (FHA). In addition to the forgeries, he also admitted he relied on a phony “phone tree” set up to provide employment verifications at nonexistent companies for some borrowers. Others facing charges in the scheme include the man’s wife and two other men. The U.S. Department of Housing and Urban Development said the defendants brokered about $23 million in loans, which were used to buy 136 properties in the Twin Cities area and outstate Minnesota. The suspect property transactions were complex deals that took advantage of provisions of Minnesota foreclosure law, prosecutors said. Source: http://www.startribune.com/local/west/136832893.html

Information Technology

39. January 9, Computerworld – (International) Big IT vendors lead patching laggards. IBM, Hewlett-Packard (HP), and Microsoft led the list of companies that failed to patch vulnerabilities after being notified by the world’s largest bug-bounty program, according to the TippingPoint Zero-Day Initiative. During 2011, TippingPoint — a division of HP — released 29 “zero-day” advisories that had information about vulnerabilities the company reported to IT vendors 6 or more months earlier. Ten of the 29 were bugs in IBM software, 6 were in HP applications and 5, later patched, were in Microsoft products. Other vendors on the late-to-patch list included CA, Cisco, and EMC. TippingPoint, which sponsors the Pwn2Own hacking contest, buys information about vulnerabilities from independent security researchers and privately reports them to vendors. It uses the data to craft defenses for its own line of security appliances. In mid-2010, TippingPoint announced it would go public with advisories that included “limited details” of reported vulnerabilities if vendors did not patch them within 6 months. Source: http://www.computerworld.com/s/article/9223221/Big_IT_Vendors_Lead_Patching_Laggards

40. January 6, Threatpost – (International) Adobe plans critical security updates for Reader, Acrobat next week. Adobe said January 6 it will issue critical fixes for its popular Reader and Acrobat products January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for the Windows and Macintosh platforms to fix a slew of critical security issues. They include the vulnerabilities CVE-2011-2462 and CVE-2011-4369, which were patched in Adobe products up through version 9 in December, the company said on its PSIRT blog. The January patch will be released January 10 as part of Adobe’s monthly patch cycle. Source: http://threatpost.com/en_us/blogs/adobe-plans-critical-security-updates-reader-acrobat-next-week-010612

41. January 6, Infosecurity – (International) Flaws in Siemens FactoryLink could be exploited remotely. Two vulnerabilities in the Siemens FactoryLink industrial control system could enable a hacker to carry out remotel denial of service and arbitrary code execution attacks, warned the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Buffer overflow and data corruption vulnerabilities, discovered by a researcher from Taiwan’s Information and Communication Security Technology Center, affect ActiveX components in Siemens Tecnomatix FactoryLink versions V8.0.2.54, V7.5.217 (V7.5 SP2), and V6.6.1 (V6.6 SP1). The Siemens Tecnomatix FactoryLink software is used for monitoring and controlling industrial processes in variety of industries, including oil and gas, chemicals, food and beverage, and building automation. The buffer overflow vulnerability is exploited by inputting a long string to a specific parameter, causing a buffer overflow that could allow the execution of arbitrary code. The data corruption vulnerability is exploited by inputting arbitrary data, causing a file save to any specified location on the target system, the ICS-CERT explained. Siemens released a patch to its customers to address these vulnerabilities. ICS-CERT confirmed the Siemens patch resolves the reported vulnerabilities. In addition, Microsoft released a kill bit to address the ActiveX vulnerabilities. Customers of Siemens Tecnomatix FactoryLink should also install the security update referenced in the Microsoft Security Advisory 2562937, the ICS-CERT advised. Source: http://www.infosecurity-magazine.com/view/23047/

For another story, see item 13 above in the Banking and Finance Sector

Communications Sector

42. January 8, Associated Press – (Montana; Wyoming) Verizon Wireless network working again in Montana, northern Wyoming. A Verizon Wireless spokesman said service was restored after a January 8 outage of more than 7 hours in Montana and northern Wyoming. A spokesman told the Billings Gazette a switch failed during scheduled maintenance on the network. He said engineers fixed the problem. Customers reported cell phone calls could not be completed and text messaging had problems. The spokesman said the company’s network team typically does maintenance and software updates early in the morning when traffic is light. He said the routine maintenance normally does not cause problems in the network. Source: http://www.therepublic.com/view/story/5a30b22afba74b95a1a7a9f6223add49/MT--Verizon-Wireless-Outage/

43. January 6, WSPA 7 Spartanburg – (South Carolina) Weather radio outage for the GSP area. The transmitter located on Paris Mountain that handles the heart of the Greenville/Spartanburg area in South Carolina failed, WSPA 7 Spartanburg reported January 6. Repair efforts are underway, but it was not known when the broadcasts to National Oceanic and Atmospheric Administration (NOAA) weather radios would continue. There is a possibility the outage could linger into early February, but officials hoped for a quicker fix. The 162.550 MHz frequency is down until further notice. Source: http://www2.wspa.com/blogs/dan-bickford/2012/jan/06/weather-radio-outage-gsp-area-ar-2997953/

Monday, January 9, 2012

Complete DHS Daily Report for January 9, 2012

Daily Report

Top Stories

• A total of 79 vehicles were involved in a chain-reaction crash near LaBelle, Texas, that injured more than 50 people and closed a major highway for 5 hours. – KSAT 12 San Antonio (See item 17)

17. January 6, KSAT 12 San Antonio – (Texas) 59 hurt in 79 vehicle crash near Houston. A total of 79 vehicles were involved in a chain-reaction crash near LaBelle, Texas that injured more than 50 people. The Jefferson County Sheriff’s Office said the first crash happened on Highway 73 near the Veolia plant shortly before 5:30 a.m. January 5 and started a chain-reaction pileup. Emergency crews said two cars were on fire when they arrived. A tanker-truck was overturned. The chief with Labelle-Fannett Fire Department told KBMT 12 Beaumont that four people had to be rescued using the Jaws of Life. At least 54 people were taken to hospitals with injuries. Four victims were listed in critical condition. All 20 ambulances in the area went to the scene to transport patients. However, officials ran out of ambulances and began transporting victims on shuttle buses with a paramedic on board. Life Flight helicopter was also used for patients. Officials said fog and smoke from marsh wildfires led to the accident because of zero visibility in the area. All eastbound and westbound lanes of Highway 73 were closed west of Taylor’s Bayou. The scene was cleared by 10:30 a.m. Source: http://www.ksat.com/news/59-hurt-in-79-vehicle-crash-near-Houston/-/478452/7649990/-/33ul5oz/-/

• Nineteen people in seven states were confirmed infected with a multi-drug resistant strain of Salmonella Typhimurium in an outbreak linked to contaminated ground beef sold at Hannaford Supermarkets. – Food Safety News (See item 20)

20. January 6, Food Safety News – (National) 19 ill in drug-resistant Salmonella ground beef outbreak. Nineteen people in seven states have now been confirmed infected with a multi-drug resistant strain of Salmonella Typhimurium in the outbreak linked to contaminated ground beef sold at Hannaford Supermarkets, the Centers for Disease Control and Prevention (CDC) reported January 5. That is three more cases of Salmonella infection confirmed since the CDC’s last report on the outbreak, two weeks ago. The new cases were reported in New Hampshire and New York. Hannaford, a chain based in Scarborough, Maine, recalled an undisclosed amount of fresh ground beef December 15. Epidemiologic evidence led outbreak investigators to Hannaford’s ground beef. Among 18 of the ill people, 14 recalled eating ground beef the week before they got sick. The outbreak has sent at least seven people to the hospital, the CDC said. They are infected with a strain of Salmonella resistant to several commonly prescribed antibiotics. New Hampshire has reported six cases associated with the outbreak, New York five, and Maine four, while Hawaii, Kentucky, Massachusetts and Vermont each have reported one case. Source: http://www.foodsafetynews.com/2012/01/19-ill-in-drug-resistant-salmonella-ground-beef-outbreak/


Banking and Finance Sector

12. January 6, phillyBurbs.com – (Pennsylvania) Man pleads guilty to $658,000 in check kiting scam. A Lower Moreland Township, Pennsylvania man pleaded guilty to bank fraud January 5 in connection with a check writing scheme involving three used car dealerships in Lower Bucks. According to federal authorities, the man would write checks on a bank account for one used-car business that amounted to more than was in the account, cash the checks at a Bensalem check cashing business, and redeposit the money into the original account. According to court records, he repeatedly wrote checks on accounts for NIKA Trade in Feasterville, and Superior Auto Trade, also known as Ambela Auto Trading or South Philly Leasing in Langhorne. Agents said the check amounts escalated, enabling the man to inflate each account in a process known as “check kiting.” By continuing to write checks, the inflated amounts moved from account to account between May and July 2010, according to authorities. Before the thefts were discovered, First Niagara Bank lost $658,979.91 to the scheme. Source: http://www.phillyburbs.com/my_town/bensalem/man-pleads-guilty-to-in-check-kiting-scam/article_768ca593-9eec-5388-b7f1-88c0b3ff70ce.html

13. January 6, Seattle Times – (Washington) Incendiary device that failed to ignite left at southeast Seattle bank. A suspicious package found January 6 at a bank in southeast Seattle was an incendiary device that failed to ignite. Seattle police called the incident an attempted arson. A Seattle police spokesman said someone who apparently saw the device inside the secure ATM area at a Chase Bank reported it to a patrol officer. Police arson/bomb squad investigators rendered the device safe, according to a police news release. Sound Transit’s light rail service through the area was disrupted for a short time during the investigation. Source: http://today.seattletimes.com/2012/01/suspicious-package-found-in-southeast-seattle-bank/

14. January 5, St. Louis Post-Dispatch – (Missouri) ‘Logo bandit’ robs two St. Louis-area banks in one day. Police believe the so-called “Logo Bandit” robbed two more St. Louis-area banks January 5, bringing the number of robberies attributed to this man to seven in the past 4 months. The first robbery took place the morning of January 5 at a Bank of America branch in Warson Woods, police officials said. A FBI spokeswoman said the suspect entered the bank around 10:30 a.m. and presented a demand note. He did not show a weapon. He struck again during the afternoon in Clayton. Police said he entered the Truman Bank at around 2 p.m. and handed the teller a demand note. Again the suspect did not indicate a weapon. Authorities labeled him the “logo bandit” because he wears hats and sweatshirts featuring brand-name or athletic logos. Source: http://www.stltoday.com/news/local/crime-and-courts/logo-bandit-robs-two-st-louis-area-banks-in-one/article_4cca355c-37c9-11e1-89b4-0019bb30f31a.html

15. January 5, Associated Press – (Ohio) Ohio real estate agent pleads guilty to charges in mortgage fraud scheme. An Ohio real estate agent pleaded guilty to submitting false loan applications to obtain $6.9 million from lending institutions in a mortgage fraud scheme. The suspect pleaded guilty January 5 in federal court in Cincinnati to single counts of wire fraud and bank fraud. Authorities said the man encouraged clients to buy homes at prices they could not afford and submitted loan applications for them that contained false statements about their assets. Prosecutors said he also fraudulently created bank statements to support the false loan applications. Prosecutors said each count is punishable by up to 30 years in prison and a fine of up to $1 million. Source: http://www.therepublic.com/view/story/662816ea524549c59dc660682ca82f14/OH--Mortgage-Fraud-Charges/

16. January 4, Panama City News Herald – (Florida) 5 indicted in $8.7 million mortgage fraud scheme. Federal prosecutors have indicted five people in connection to an alleged mortgage fraud scheme that involved nine Panama City Beach, Florida properties and nearly $9 million, the Panama City News Herald reported January 4. Investigators said the suspects fraudulently obtained more than $8.7 million in mortgages to purchase nine properties in Panama City and Panama City Beach in 2006. However, the individuals never paid the mortgage payments and, according to federal prosecutors, never intended to pay the mortgages leading to foreclosure actions. The defendants each were charged with wire fraud. The indictment states the owner of a real estate investment company in Miami, obtained the services of a realtor to assist him in finding properties to purchase in the Panama City Beach area. Once he found the sites, he entered into sales contracts with his business as the buyer. An attorney, the owner of a mortgage company, and a mortgage broker then recruited and paid straw buyers for the properties, officials said. An escrow agent with a title company conducted closings and disbursed lender funds to three of the defendants through various companies owned by them, officials wrote in a news release. Each defendant faces a maximum of 20 years’ imprisonment, 3 years of supervised release, a $1 million fine, or a fine in twice the amount of the gross gain/loss. Source: http://www.newsherald.com/news/mortgage-99447-mugs-available.html

Information Technology

35. January 6, Computerworld – (International) Symantec confirms source code leak in two enterprise security products. Symantec confirmed January 5 that source code used in two of its older enterprise security products was publicly exposed by hackers the week of January 2. In a statement, the company said the compromised code is between 4 and 5 years old and does not affect Symantec’s consumer-oriented Norton products as was previously speculated. “Our own network was not breached, but rather that of a third party entity,” the company said in the statement. “We are still gathering information on the details and are not in a position to provide specifics ... Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” the statement said. A Symantec spokesman identified the two affected products as Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2. Both are targeted at enterprise customers and are more than 5 years old, he said. Symantec is developing a remediation process for enterprise customers still using the affected products, he noted. An Indian hacking group calling itself Lords of Dharmaraja earlier claimed it accessed source code for Symantec’s Norton AV products. Source: http://www.computerworld.com/s/article/9223198/Symantec_confirms_source_code_leak_in_two_enterprise_security_products?taxonomyId=17

36. January 6, H Security – (International) Chrome 17 enters beta, improves speed and security. Version 17 of Chrome has been released into the WebKit-based browser’s Beta channel, H Security reported January 6. Its developers said the new Chrome beta, version 17.0.963.26, is focused on improving security. With this version, Chrome’s Safe Browsing technology has been extended to protect against malicious downloads by analyzing executable files, including Windows .exe and .msi files. If a user visits a Web site and is tricked into downloading, for example, a fake anti-virus product, Chrome will issue a warning if the file appears to be malicious and will advise the user to discard it. The Chrome team at Google also updated the browser’s Stable channel to version 16.0.912.75, closing three high risk security holes. These include a use-after-free in animation frames, a heap-buffer-overflow in the libxml software library, and a stack-buffer-overflow in glyph handling. Source: http://www.h-online.com/security/news/item/Chrome-17-enters-beta-improves-speed-and-security-1404530.html

37. January 6, The Register – (International) Sony website defacer pwned by second hacker. A defacer affiliated with Anonymous vandalized Sony’s online front door the week of January 2 over the company’s support of the Stop Online Piracy Act a hated anti-piracy law proposed in the U.S., The Register reported January 6. The Sony Picture’s Web site was defaced and unauthorized comments were posted on the company’s Facebook page. The digital graffiti was scribbled by a hacker who uses the Twitter handle s3rver_exe. Both acts of vandalism were rapidly purged, while the YouTube video illustrating the hack was quickly pulled. The latest security breach comes after Sony announced it was bolstering its electronic defenses following the PlayStation Network hack in 2011, which forced Sony to take down its gaming platform for weeks. Source: http://www.theregister.co.uk/2012/01/06/sony_defacement/

38. January 5, Threatpost – (International) Pastebin downed by second DDoS attack this week. Pastebin.com found itself hit by a distributed denial-of-service (DDoS) attack January 5 for the second time in a week. The site was previously taken offline for a portion of the day January 3, though no motives or culprits for that attack have been named yet. A post to the service’s Twitter account (@pastebin) around 1:30 p.m. acknowledged the attack: “Pastebin is under DDOS attack again guys, working on it ...” Initially started as a site to allow developers to share code, over the last year Pastebin has proved to be the favored drop-off spot for hacktivist groups such as Anonymous and Lulzsec for dumping long diatribes of text detailing accounts of hacks, exploits, and other information. As of the late afternoon January 5, the site was still offline. Source: http://threatpost.com/en_us/blogs/pastebin-downed-second-ddos-attack-week-010512

39. January 5, Computerworld – (International) Microsoft plans big January Patch Tuesday. Microsoft said January 5 it would deliver seven security updates the week of January 9 to patch eight vulnerabilities in Windows and its developer tools. However, the company declined to confirm the slate will include a patch pulled at the last minute a month ago. One of the seven updates was tagged “critical,” while the others were marked “important,” even though some of them could conceivably be exploited by attackers to plant malware on users’ PCs. Altogether, three of the updates were labeled as “remote code execution,” meaning they could be used to hijack an unpatched system, Microsoft said in its monthly advance notification. A twist to this month’s Patch Tuesday is Microsoft’s classification of one of the updates as “security feature bypass,” a label it has never applied before. Source: http://www.computerworld.com/s/article/9223180/Microsoft_plans_big_January_Patch_Tuesday?taxonomyId=17

40. January 5, Dark Reading – (International) New denial-of-service attack cripples Web servers by reading slowly. A researcher published proof-of-concept code January 5 that takes a different spin on the slow HTTP denial-of-service (DoS) attack simply by dragging out the process of reading the server’s response — and ultimately overwhelming it. The senior software engineer with Qualys also added this new so-called Slow Read attack to his open-source Slowhttptest tool. Slow Read basically sends a legitimate HTTP request and then very slowly reads the response, thus keeping as many open connections as possible and eventually causing a DoS. The researcher’s Slowhttptest attack tool initially was inspired by related open-source tools Slowloris and OWASP’s Slow HTTP Post. Slowloris keeps connections open by sending partial HTTP requests and sends headers at regular intervals to prevent the sockets from closing, while the Slow HTTP POST distributed DoS (DDoS) tool simulates an attack using POST headers with a legitimate “content-length” field that lets the Web server know how much data is arriving. Once the headers are sent, the POST message body is transmitted slowly, thus gridlocking the connection and server resources. Slow HTTP attacks are gaining in popularity among miscreants as a way to quietly wage a DoS attack because these exploits are relatively easy to perform, require minimal computing resources, and often are tough to detect until it is too late. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232301367/

Communications Sector

41. January 6, Summit Daily News – (Colorado) High winds damage KBCO radio antenna near Breckenridge. More consequences of the New Year’s Eve high winds were discovered January 3 when damaged equipment on top of Baldy Mountain in Colorado was found to be the culprit of a Front Range radio station’s lost signal. KBCO, an adult rock station hosted in Summit County by Summit Public Radio (SPR) and TV, went off the air the weekend of December 30, prompting SPRTV volunteers to head up Baldy to see what was wrong. They discovered high winds — which were up to 126 mph along the Tenmile Range south of Frisco December 31 — blew over a modular building and toppled a tower supporting several antennae. While the building did not house SPRTV broadcasting equipment, the collapse of the supporting tower damaged the antennae that receive KBCO’s signal. The station will remain off the air until the receiving antennae can be repaired, and the supporting tower temporarily replaced, according to the SPRTV marketing chair. It is hoped work can begin the weekend of January 7 and 8, but only if the weather permits. A permanent replacement of the supporting tower is not possible until this summer, since that requires more construction. Source: http://www.summitdaily.com/article/20120106/NEWS/120109904/1078&ParentProfile=1055

42. January 5, KENS 5 San Antonio – (Texas) Are you there? 911, phone service temporarily cut in Atascosa County. For most of the afternoon and evening January 4, residents throughout Atascosa County, Texas, were unable to make any phone calls, including calls to 911. According to the Atascosa County Sheriff’s Office, the outage occurred around 3:30 p.m. when work crews near Pleasanton accidentally cut through a fiber optic line, disabling phone lines in parts of the county. The Jourdanton police chief said most 911 calls appeared to be going through to nearby Wilson County, and then transferred to emergency responders in Atascosa County via radio. However, some Atascosa County residents claim they could not make any calls whatsoever, and that left them nervous in case of an emergency. In a statement to KENS 5 San Antonio, AT&T officials said they were aware of the situation and were working to get it fixed as soon as possible. Source: http://www.kens5.com/news/South-Texas-residents-concerned-after-phone-lines-go-down-for-hours-136713273.html