Monday, July 9, 2012 

Daily Report

Top Stories

 • A man pleaded guilty to running a massive mortgage fraud scheme in the Detroit area that cost lenders more than $100 million in losses. – Detroit Free Press See item 5 below in the Banking and Finance Sector

 • A United Airlines flight bound for Houston had to return to Phoenix Sky Harbor International Airport and make an emergency landing because of a cracked windshield. – Associated Press 

11. July 5, Associated Press – (Arizona) Windshield crack forces flight to return to Ariz. A United Airlines flight bound for Houston had to return to Phoenix Sky Harbor International Airport in Phoenix because of a cracked windshield. Federal Aviation Administration (FAA) officials said the pilot declared an emergency and Flight 1138 landed without incident at Sky Harbor July 5. It was not immediately clear how long the Boeing 737 had been in flight before the windshield cracked. Source:

 • The percent of contiguous U.S. land area experiencing exceptional drought in July reached the highest level in the history of the U.S. Drought Monitor. – Pork Network
12. July 6, Pork Network – (National) U.S. drought expands, intensifies. The U.S. Drought Monitor report issued July 5 confirmed what most have suspected: the drought, now covering up to half the nation, is expanding and intensifying. The percent of contiguous U.S. land area experiencing exceptional drought in July reached the highest levels in the history of the U.S. Drought Monitor, said an official at the National Drought Mitigation Center at the University of Nebraska-Lincoln. Nearly 12 percent of the contiguous United States fell into the “exceptional” classification, according to the report. Eighteen percent of the country is classified as under either extreme or exceptional drought, said a University of Nebraska assistant geoscientist. The extreme dry, hot conditions in the nation’s mid-section are driving up corn and soybean prices to record or near-record levels. The latest drought report featured the expansion and intensification of dryness in large sections of the country, with only southern Texas reporting some improvement. The dryness was beginning to take a significant toll on some of the nation’s crops, pastures, and rangelands. In the primary growing States for corn and soybeans (18 each), 22 percent of the crop is in poor or very poor condition, as are 43 percent of the pastures and rangelands, and 24 percent of the sorghum crop. Source:

 • The Kentucky Energy and Environment Cabinet July 6 announced a “water shortage watch” for 27 counties because drought conditions are threatening the availability of drinking water. – Evansville Courier & Press 

16. July 6, Evansville Courier & Press – (Kentucky) Kentucky issues ‘water shortage watch’ for 27 counties. The Kentucky Energy and Environment Cabinet July 6 announced a “water shortage watch” for 27 counties in the commonwealth, including Webster and Crittenden counties. According to a news release issued by the agency, such a watch is issued when “drought conditions have the potential to threaten the normal availability of drinking water supply sources. Officials at the Kentucky Division of Water study rainfall amounts, reservoir levels, streamflows, the Palmer Drought Index and the Drought Monitor when determining drought status,” the news release stated. Most of Western Kentucky is in an extreme drought, with some areas more than a foot of rain below the annual average. The agency said counties listed in the watch should “be prepared to reduce water use upon request by their local water supplier.” Source:

 • A man engaged police in a shootout, stole a cruiser, and led officers on a chase in Prince George’s County, Maryland, that damaged many other cruisers and shut down a major area road. – WRC 4 Washington, D.C. 

23. July 6, WRC 4 Washington, D.C. – (Maryland) Suspect steals police car after shootout. A police-involved shooting left one man in the hospital and several Prince George’s County, Maryland police cruisers damaged July 6. Police said it started late July 5 in College Park, just off the campus of the University of Maryland. They responded to reports of gunshots, and when they arrived found a man wielding a gun. The man and police exchanged gunfire, and the suspect was hit many times. Witnesses said police put the man in the back of a cruiser. Somehow, he was able to get into the driver’s seat and speed off down Route 1 before crashing into a wall in front a McDonald’s. Several other police cars then swarmed the suspect, pinning him in, and ultimately placing him back in custody. The suspect was then taken to a nearby hospital where he was recovering from non-life threatening injuries. Police shut down Route 1 for several hours to investigate and reopened it early July 6. Source:

 • Search crews were looking for survivors among the hundreds of people visiting Great Smoky National Park in Tennessee after severe thunderstorms swept through the area killing two, injuring eight, and closing 40 miles of roads. – CNN 

39. July 6, CNN – (Tennessee) Crews search Smoky Mountain wilderness after deadly storm. Search crews fanned out across the backcountry of the Great Smoky Mountains National Park July 6, hours after severe thunderstorms swept through east Tennessee, killing two people and injuring eight, park officials said. An unknown number of hikers and campers may have weathered the July 5 storm on the dozens of trails and camping sites in the most hard-hit portion of the park, a park spokesman said. Hundreds, perhaps thousands, of people were visiting the nation’s most-visited national park when the storms hit. Forty miles of roads in the park remained closed July 6 due to downed trees, he said. Authorities were working to evacuate campers who survived the storm without injury but were stranded by fallen trees. Park officials said one man died in a motorcycle accident, while a woman was killed in a separate incident when a tree fell on her. The area near Cades Cove was one of the hardest hit by the storm. The area, which is accessible by only one road, remained closed to visitors July 6. Source:


Banking and Finance Sector 

5. July 6, Detroit Free Press – (Michigan) Fenton man pleads guilty in $100-million mortgage scheme. A man pleaded guilty July 5 to running a massive mortgage fraud scheme in the Detroit area that cost lenders more than $100 million in losses. The U.S. attorney’s office said the ringleader ran a nearly 4-year scheme with 8 others that involved more than 500 fraudulent mortgage loans, more than 100 straw buyers, and roughly 180 residential properties in metro Detroit. The properties were used as, or falsely portrayed as, collateral for the loans, most of which went into default and foreclosure, authorities said. The loans ranged from $350,000 to $600,000, triggering more than $100 million in losses to the lenders. Source:|newswell|text|FRONTPAGE|s

6. July 5, Columbus Republic – (Indiana) Man indicted in $10 million bank fraud. A Columbus, Indiana man accused of defrauding Indiana banks of more than $10 million was indicted on 13 federal charges of bank and wire fraud, The Columbus Republic reported July 5. A grand jury indicted him on charges including 10 counts of bank fraud and three counts of wire fraud. The indictment alleges the man, the president and manager of Seymour-based Van Natta Asset Management LLC and a variety of related companies, devised a scheme to defraud financial institutions to obtain large sums of money for 2 years beginning in March 2007. He allegedly prepared and submitted numerous false documents to banks throughout central and southern Indiana, including financial institutions headquartered in Bartholomew, Decatur, Washington, Morgan, and Monroe counties. The false documents included fraudulently created tax returns that hid the true income and financial affairs of his family members, according to the U.S. attorney’s office. Source:

7. July 5, Federal Bureau of Investigation – (National) Three plead guilty in $41M video advertisement scheme based in Ventura County. Two residents of Oxnard, California, and a South Carolina man each pleaded guilty July 5 to federal fraud charges, admitting they participated in a $41 million investment scheme that victimized hundreds of investors across the United States. Using Ventura County, California companies called Unlimited Cash Inc. (UCI) and Douglas Network Enterprises Inc. (DNE), the defendants told victims that UCI would sell ATMs and “Ad Toppers” — computer monitors capable of displaying video advertisements — and DNE would place the devices in commercial locations that would generate income. Victims were told they would earn income from ATM transaction fees and advertisement revenue generated by Ad Toppers. Even though they took in about $41 million over a 4-year period, the defendants did not place most of the ATMs and Ad Toppers sold to investors. The loss amount to victims was about $27 million. Source:

Information Technology Sector

25. July 6, H Security – (International) Pidgin IM client update fixes buffer overflow vulnerability. A new update, version 2.10.5, to the open source Pidgin instant messaging program was released, closing an important security hole. Previous versions of Pidgin contained a vulnerability in the MXit component, where parsing incoming messages with inline images led to a buffer overflow. The developers said this could have been exploited by an attacker to execute arbitrary code on a victim’s system by using a specially crafted message. Source:

26. July 6, H Security – (International) DoS vulnerabilities in Asterisk closed. The Asterisk developers fixed two denial-of-service (DoS) problems in their open source PBX system. The bugs in the invite and voice-mail areas of the application were addressed by the release of Asterisk versions 1.8.11-cert4,, 10.5.2, and 10.5.2-digiumphones. In one case, attackers are able to inhibit the Asterisk server by using all available RTP (Real-time Transport Protocol) ports, which leads to a DoS situation. In the vulnerable version of the software, if Asterisk sends a re-invite to a call over the SIP protocol and an endpoint responds with a provisional reply but never sends the final response, the RTP ports for the call will not be released. If this is repeated often enough, the server will run out of RTP ports and then cannot receive any incoming calls. The other bug is located in Asterisk’s voice-mail system. If two parties simultaneously manipulate the same voice-mail account, this can cause a condition where memory is freed twice and the server crashes. Source:

27. July 6, H Security – (International) Microsoft’s July Patch Tuesday will close 16 holes. Microsoft announced that July 10, the July Patch day, it will issue 9 security updates closing 16 holes in Windows (XP SP3 and later), Office, Internet Explorer, Visual Basic for Applications, and SharePoint Server. Three updates address critical holes in Windows, one of which also affects Internet Explorer. Mac users should also be aware that one of the updates affects Office 2011 for Mac. Source:

28. July 5, H Security – (International) Double security for Flash under Linux. Chrome version 20 represents a major step forward for the security of the Google browser, especially for Linux users. It introduces a new sandbox concept that regulates and filters the system calls a process is able to make. In terms of security, the Linux version has, until now, been neglected by Chrome, having failed to benefit from many of the browser’s security features. Features such as restricting hazardous plugins like Flash to a secure sandbox were largely reserved for the Windows versions. In February, Google introduced Pepper Flash for 64-bit Linux, which isolates the plug-in process within a chroot environment, and blocks communication with other processes. The recently released Chrome 20 now adds a seccomp sandbox. According to a Google developer, Chrome 20’s native 64-bit Flash plugin is, at least in the current Ubuntu 12.04, isolated within a seccomp sandbox. It thus complements the Pepper Flash sandbox. Because the Windows sandbox essentially relies on the integrity levels introduced in Vista and therefore permits processes to read whatever they like, the doubled-up Linux sandbox is probably currently the safest method for executing Flash content in a browser. Source:

29. July 5, Krebs on Security – (International) New Java exploit to debut in BlackHole exploit kits. Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software was set to be deployed late the week of July 2 to cyber criminal operations powered by the BlackHole exploit pack. The attack may be related to an exploit published for CVE-2012-1723 in mid-June. However, according to the current vendor of the BlackHole exploit pack, the exact exploit for this vulnerability has only been shared and used privately to date. The BlackHole author said the new Java attack was to be included in a software update made available July 8 to all paying and licensed users of BlackHole. Source:

30. July 5, IDG News Service – (International) Google says spam not coming from Android botnets. July 5, Google dismissed the possibility that a new wave of pharmacy, penny stock, and e-card spam e-mails were being sent by Android spam botnets. “Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using,” a Google spokesman said in response to security researchers from Microsoft and antivirus firm Sophos who first identified what they believed to be the work of an Android botnet. The researchers do not have a copy of the Android malware responsible for this spam campaign, but there is indirect evidence that suggests the e-mails are being sent from Android devices. Not all security researchers are convinced by the evidence found so far. Source:

31. July 4, H Security – (International) John the Ripper now able to crack office files and use GPUs. The recently released version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird, and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix “jumbo” appears to be intended literally — more than 40,000 lines of code were added in the 6 months since the previous release. Developer Solar Designer told The H’s associates at heise Security that, in developing GPU support, the focus was on modern functions that can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu’s standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, “because others were unhappy about releasing a tool with ‘non-impressive’ speed numbers, even if this is desirable in practice.” Source:

32. July 4, – (International) Android malware pandemic set to intensify through 2012. The number of cyber attacks targeting Android mobile devices is far higher than initially predicted, according to security firm Trend Micro. The company reported detecting 25,000 Android malware samples in the second quarter of 2012, more than double the 11,000 it predicted for the period, and 4 times greater than the 6,000 found in the first quarter. Trend Micro predicted the boom seen so far will accelerate further as the year progresses. It estimates there will be around 38,000 malicious samples in the third quarter of 2012, and 129,000 in the fourth quarter. Trend also reported 17 malicious apps were downloaded more than 700,000 times from the Google Play store. Two of these included fake versions of popular sports game apps, suggesting the firm’s Bouncer tool is proving inadequate at detecting numerous rogue applications. Source:

Communications Sector 

33. July 6, Associated Press – (North Carolina) Damaged communications tower down in Smithfield. A 180-foot communications tower damaged by wind in Smithfield, North Carolina, was dismantled and about a dozen residents were allowed to return home, the Associated Press reported July 6. A tower near the intersections of U.S. Highways 70 and 301 was damaged by high winds July 5. Authorities said a cable on the tower snapped, leaving the tower swaying when firefighters arrived. The fire captain said crews dismantled the tower in 30-foot segments to get it safely on the ground early July 6. A fast food restaurant was allowed to open early July 6, and the evacuated residents were told it was safe to go home. Source:

34. July 6, Salem Today’s Sunbeam – (New Jersey) Thieves take advantage of storm by stealing from victims in Salem County. Thieves took advantage of a storm the weekend of June 30 by stealing from its victims in Salem County, New Jersey, authorities said July 5. The storm swept through the county early June 30 ripping down trees and power lines and leaving thousands without power. According to police, two large, industrial-size generators were stolen from a Comcast location July 1. The same day, police received reports that some people were involved in trying to steal downed utility cable. According to police, the individuals were supposedly cutting the downed wire and coiling it up, apparently hoping to sell it for scrap. Police added that it was dangerous because wires could still be live. Source:

For more stories, see items 25, 26, 30, and 32 above in the Information Technology Sector