Wednesday, July 11, 2012 

Daily Report

Top Stories

 • The FBI was brought in to help investigate a cache of explosives — grenades, blasting caps and fuse igniters — that was found in a backpack under a bridge in Placentia, California, July 9. – Los Angeles Times
14. July 9, Los Angeles Times – (California) FBI joins probe of explosives found under O.C. bridge. The FBI was brought in to help investigate a cache of explosives — grenades, blasting caps and fuse igniters — that was found in a backpack under a bridge in Placentia, California, July 9. Orange County bomb squad officials were brought in after the backpack was discovered by people working in a drainage ditch, said an Orange County sheriff’s spokesman. After cordoning off the area, bomb technicians detonated the contents of the backpack, including six grenades, blasting caps, fuse igniters, and blasting powder. For several hours, Lakeview Avenue between Orangethorpe Avenue and Eisenhower Circle was closed to traffic. “It was a dangerous situation,” the spokesman said. “It could have caused major structural damage to the bridge.” Source:

 • The deterioration of corn and soybean crops expanded in the United States, dropping for a fifth straight week as unseasonably dry weather and record-high temperatures withered yield potential, the government said. – Bloomberg
20. July 9, Bloomberg – (National) Crop conditions worsening in U.S. as drought withers fields. The deterioration of the corn and soybean crops expanded in the United States, dropping for a fifth straight week as unseasonably dry weather and record-high temperatures withered yield potential, the government said, according to Bloomberg July 9. About 40 percent of the corn crop was in good or excellent condition as of July 8, down from 48 percent a week earlier and the lowest for this time of year since a drought in 1988, the U.S. Department of Agriculture said. An estimated 40 percent of soybeans got the top ratings, down from 45 percent and also the lowest in 24 years for that date. As of July 8, more than 91 percent of the production of corn and soybeans in the U.S., the world’s largest producer and exporter for both crops, was dry at the topsoil level and 59 percent was at high risk of intense stress and lower yields, T-Storm Weather said. About 53 percent of the Midwest had moderate to extreme drought conditions as of July 3, the highest since the government-funded U.S. Drought Monitor began tracking the data in 2000. Soil moisture in Illinois, Indiana, Ohio, Missouri, and Kentucky was so low that it ranks in the 10th percentile among all other years since 1895. Hot, dry weather also eroded the condition of spring wheat, a high-protein variety of the grain that is used to make bread and pasta, grown in the northern Great Plains. About 44 percent of the cotton crop was rated good or excellent, compared with 47 percent a week earlier and 26 percent a year earlier. An estimated 69 percent of the rice crop was rated good or excellent, compared with 72 percent a week earlier and 61 percent a year earlier. Source:

 • A stubborn and deadly outbreak of tuberculosis that has affected hundreds in Jacksonville, Florida, led the State to team up with the U.S. Centers for Disease Control and Prevention to battle the disease. – WTSP 10 St. Petersburg
26. July 9, WTSP 10 St. Petersburg – (Florida) Thousands feared exposed to Florida tuberculosis outbreak. A stubborn and deadly outbreak of tuberculosis (TB) in Jacksonville, Florida, is prompting Florida to team up with the U.S. Centers for Disease Control and Prevention (CDC) to battle the disease, but State health officials insist the situation is under control. The TB outbreak is linked to 13 deaths and nearly 100 illnesses since 2004, mainly among homeless people. It is estimated about 3,000 people have been exposed to the contagious disease but that information was never released to the media. Now State and federal health workers are trying to track down as many of those people as possible to check for symptoms of TB, including cough, fever, sweats and weight loss. Florida asked the CDC for help with the TB cluster in February but not because the situation was out of control, according to a doctor with the State Department of Health. He called it business as usual. He said the cluster of TB cases did not warrant a public warning because it was not a public health hazard, and said Florida has the resources to reach out to those potentially exposed to tuberculosis with federal, State, and local governments contributing to the effort. The ongoing outbreak has coincided with the shutdown of Florida’s only TB hospital — A.G. Holley in Lantana. The hospital closed the week of July 2 after State lawmakers passed and the Florida governor signed legislation eliminating funding for the facility. Source:

 • Tens of thousands of smart-phone applications, downloaded 80 million times, are running ads from rogue advertising networks that change device settings and take contact information without permission, according to a new study. – CNNMoney See item 41 below in the Information Technology Sector


Banking and Finance Sector
12. July 9, Chicago Tribune – (Illinois) FBI: Bandit strikes for 3rd time, robs Elmhurst bank. A bank robber who was believed to be responsible for two previous bank hold ups struck a third time July 9 at an Inland Bank and Trust branch in Elmhurst, Illinois, officials said. The robber, who officials believe robbed the bank previously June 11 and a Chase Bank branch in Bensenville April 2, approached a teller with a demand note. The note implied he had a weapon, but it was not brandished during the robbery, the FBI said. The man fled the bank with an undisclosed amount of cash. Source:

For more stories, see items 40 below in the Information Technology Sector and 49 in the Communications Sector

Information Technology Sector

37. July 10, Network World – (International) hit with second major outage in two weeks. suffered a significant service outage July 10, less than 2 weeks after another serious set of problems. The cloud-based customer relationship management vendor’s systems are divided into many instances around the world, each serving customers in different geographic regions. Seven instances went down at some time July 10 in North America, said a notice posted on’s system status page. Shortly thereafter, several regions, which are part of a set of “sandbox” instance that customers can use for development, testing, and new feature previewing, were also affected, according to the site.’s Application Store also went down because it shares infrastructure with one instance, the site said in another update. A number of instances had yet to be restored and the search infrastructure for the instances experienced performance issues, according to an update. It was not immediately clear what caused the problems. said “power problems” were detected and fixed, but the outages persisted. Source:

38. July 10, Softpedia – (International) ICS-CERT warns of malware that spreads via USB drives. The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned organizations to be cautious when handling removable media flash drives since there are many malicious elements that use them to spread. They cite an incident that took place in April 2012. Workers in an energy company identified a piece of malware on a USB stick left by mistake in the USB port of a human-machine interface (HMI) computer by another staffer. The Hamweq virus was not able to perform its tasks because it depended on the operating system’s auto-run function, which was disabled on all devices. If the auto-run feature was enabled, the threat could have injected malicious code and created a backdoor that may have been leveraged by the attackers to steal sensitive data. According to ICS-CERT, in order to avoid similar incidents, organizations should always properly mark removable media. They should also disable auto-run functions when possible. Other recommendations include the use of dedicated media for the same type of systems, and the separation of malfunctioning or potentially infected drives from ones cataloged as acceptable. The workers that operate industrial control systems should never connect removable media drives with an unknown origin to a system without properly checking first. They should also avoid using personally owned devices for work-related tasks. Source:

39. July 10, Dark Reading – (International) Best Buy says some customer accounts have been hacked. Electronics retail chain Best Buy e-mailed customers the week of July 9 to inform them their accounts may have been hacked. According to news reports, Best Buy is disabling some customers’ e-mail accounts until the passwords are changed. “We are currently investigating increased attempts by hackers around the world to access accounts on and other online retailers’ e-commerce sites,” says the retailer’s e-mail, sent July 6. “These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to accounts. The e-mail does not say how many Best Buy customers were affected, nor does it say exactly how the data might have been acquired. Source:

40. July 10, SecurityWeek – (International) Malware now targeting banking applications on Android, says Trusteer. Researchers at Trusteer discovered a type of attack targeting Android users via their desktops, with the aim of controlling both endpoint devices. So far, the malware itself is limited to Spain, Germany, the Netherlands, and Portugal. Trusteer’s discovery offers additional insight into the development of SpyEye and Tatanga, the families of malware making headlines recently. This time, Tatanga is combined with elements form SpyEye and used in a scheme to entice users to install an alleged security application. Based on what Trusteer published, it appears that this latest set of attacks is an upgrade and not a new infection point. Once an infected system visits a specialized or pre-determined domain (often banking related), Tatanga will use Web injects to entice the user to install the security application. Source:

41. July 10, CNNMoney – (International) Mobile ads can hijack your phone and steal your contacts. Tens of thousands of smart-phone applications are running ads from rogue advertising networks that change smart-phone settings and take contact information without permission, according to a new study released July 9. Aggressive ad networks can disguise ads as text message notifications or app icons, and sometimes change browser settings and bookmarks. Often, the ads will upload your contacts list to the ad network’s servers — information the ad network can then sell to marketers. As many as 5 percent of free mobile apps use an “aggressive” ad network to make money, according to Lookout, a San Francisco-based mobile security company. With millions of mobile apps in stores, that small percentage adds up to a big number. The study found that 19,200 of the 384,000 apps it tested used malicious ad networks. Those apps were downloaded 80 million times. Source:

42. July 10, H Security – (International) HP warns of critical holes in its server monitoring software. HP warned its customers about two security vulnerabilities in its Operations Agent server monitoring software. According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris, and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a Common Vulnerability Scoring System base score of 10.0, the highest possible severity rating. Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. The vulnerabilities were reported to HP by a researcher via TippingPoint’s Zero Day Initiative. A full list of affected versions and patch download information can be found in the HP’s security advisory. The company advises all administrators to install the patches as soon as possible. Source:

43. July 9, Threatpost – (International) Deep packet inspection firm Cyberoam issues fix following private key leak. Network security firm Cyberoam issued an over the air update for all of its deep packet inspection devices July 9 after a decrypted version of the company’s universal private key was leaked online the weekend of July 7. The New Jersey-based company pushed the hotfix after an anonymous commenter posted what was apparently a master privacy key for all of its devices on a blog belonging to anonymity network Tor July 8. After the update, each Cyberoam product will have had a new, unique key generated. Claiming it understands the “critical nature” of the issue at hand, Cyberoam said it is being singled out by Tor, and that there are other companies who also use a universal certificate authority. These firms, much like Cyberoam before its update, only put its devices at risk “when providing a HTTPS deep scan.” Source:

44. July 9, TechWeekEurope UK – (International) Back-up supplier Acronis apologises for data leak. Back-up vendor Acronis admitted some of its customers’ data leaked onto the Web, as it opens an investigation into what went wrong. Acronis said certain information from its knowledge base was opened up to everyone after the access control settings were reset to default. The back-up supplier said most of the content was not “sensitive or confidential.” “However, it did contain an older spreadsheet listing just the email addresses of customers who had been entitled to a free product upgrade and their upgrade license key. In compliance with our customer information security policies, no other identifying information was contained in this spreadsheet,” explained the chief customer officer at Acronis. Source:

45. July 9, The Register – (International) ISPs step in to supply DNSChanger safety net. The DNSChanger Working Group’s replacement DNS servers were taken offline as scheduled July 9. However, rather than leaving an estimated 300,000 machines without Internet services, many ISPs configured their own substitute DNS servers, so some infected machines still have a safety net. This means that the “infection count continues to decrease without a major crisis in support calls,” according to net security firm F-Secure. The security firm fielded three DNSChanger support queries of its own July 9. DNSChanger manipulated the domain name system settings of infected machines, redirecting users to dodgy Web sites as part of a long-running cybercrime. The FBI dismantled the botnet’s command-and-control infrastructure in November 2011, as part of Operation GhostClick. Source:

For more stories, see item 49 below in the Communications Sector

Communications Sector 

46. July 9, Abilene Reporter-News – (Texas) Lightning knocks KACU-FM off the air. A lightning strike during a July 8 thunderstorm in Texas knocked KACU 89.7 FM Abilene off the air, and the station was unlikely unable to broadcast over the airwaves again until July 10. The broadcast engineer for Abilene PubĂ‚lic Radio said he went to the studio July 8 after the station’s audio fell silent, and he found the equipment that sends a signal to a transmitter damaged by a lightning strike. The parts have to be shipped to Abilene from California. The broadcast engineer said he hoped to have them installed by July 10. Source:

47. July 9, WTRF 7 Wheeling – (West Virginia) Generators stolen from Frontier Communications. According to a news release, thieves stole six generators from the Frontier Communications facilities in New Martinsville, West Virginia, WTRF 7 Wheeling reported July 9. The Wetzel County company relied on generators and batteries since a June 29 windstorm. Frontier’s general manager asked anyone with information to call their tip line at 1-800-590-6605. He said the thefts are significantly hindering local recovery efforts. Source:

 48. July 9, CBS News – (National) Sun storms: solar activity at fiery high. The first week of July was an intense period of solar flares, and it showed no signs of stopping, CBS News reported July 9. The week of July 2 saw several huge solar flares, the biggest of which occurred July 6. Labeled an X1.1 class solar flare — the strongest classification used by the U.S. Space Weather Prediction Center — the sun storm caused radio blackouts on Earth as particles ejected from the sun crashed into the planet’s atmosphere. It was the fifth X-class solar flare of 2012. Earlier the week of July 2, several other powerful solar flares erupted from the sun. Most of them appear to be coming from the same area, a giant sunspot called AR1515. Technically a group of sunspots, AR1515 is an enormous plain of volatile activity. Source:

49. July 9, New York Times – (National) AT&T to start blocking stolen cellphones this week. AT&T said it expects to start a program the week of July 9 that will keep track of devices reported stolen, making it more difficult for thieves to sell the devices on the black market. The company said its database would initially prevent reactivation of stolen devices on its own network. Later in 2012, it plans to expand the database to work with other carriers. In April, the Federal Communications Commission (FCC) said it was working with police departments and wireless carriers to create a database to combat cellphone theft nationwide. Over the last year, one out of three robberies in the United States was related to the theft of a cellphone, the FCC said. Verizon Wireless, the number one carrier in the United States, said that unlike AT&T, it has had its own database for disabling stolen cellphones on its network for years. Verizon will also be participating in the nationwide database when it becomes available later in 2012, said a Verizon spokeswoman. Source:

For another story, see item 41 above in the Information Technology Sector