Thursday, July 12, 2012
Daily Report
Top Stories
• Bank officials and the FBI released
surveillance photos July 10 of a group of armed bank robbers who struck at
least five banks in Connecticut and stole almost $500,000 since September 2010.
– WNBC 4 New York See item 8 below in the Banking and Finance Sector
• Two people were injured in a freight train
derailment and explosion in Columbus, Ohio, that forced the evacuation of
approximately 100 people, shut down roads, and put more than 100 area transit
buses out of commission. – United Press International
13.
July 11, United Press International –
(Ohio) 2 injured when train derails in Columbus. Two people were injured
in a freight train derailment and explosion in Columbus, Ohio that forced the
evacuation of about 100 people, shut down roads, and put more than 100 area
transit buses out of commission. The July 11 incident occurred near the Ohio
State Fairgrounds when 11 cars of the 98-car southbound Norfolk Southern train
carrying mixed freight derailed, and several cars caught fire, WCMH 4 Columbus
reported. About 100 people living near the derailment were evacuated to the
fairgrounds. Fire officials said 20,000 gallons of ethanol were burning.
Officials said several cars contained styrene which, if ignited, can emit a gas
that affects the nervous system if inhaled, becoming a “nerve agent.” Those
cars were not involved in the derailment or fire. Two people in the vicinity of
the train when it derailed were injured and drove themselves to a nearby
hospital. Officials said they hoped to extinguish the fire by July 11 and allow
evacuees to return to their homes. Police, fire, and HAZMAT personnel
responded. The National Transportation Safety Board said investigators were
dispatched to the scene. The Central Ohio Transit Authority said 135 to 140
buses that operate out of a garage near the derailment would not be in use
until further notice WCMH 4 Columbus reported. Source: http://www.upi.com/Top_News/US/2012/07/11/2-injured-when-train-derails-in-Columbus/UPI-10461342005045/
• A plane with 177 passengers was evacuated at
Philadelphia International Airport after 6 people on board fell sick July 10,
fire officials said. – Philadelphia Inquirer
14.
July 10, Philadelphia Inquirer –
(Pennsylvania) Plane evacuated at Phila. International after 6 fall ill. A
plane with 177 passengers was evacuated at Philadelphia International Airport
in Philadelphia after 6 people on board fell sick July 10, fire officials said.
US Airways Flight 720 departed from Charlotte, North Carolina, for Rome, Italy,
but was diverted to Philadelphia after people started falling sick on board,
officials said. The six people were taken to a hospital. Fire department crews
examined the plane and did not immediately find any evidence of fumes or
another cause for the people getting ill. Source: http://articles.philly.com/2012-07-10/news/32619855_1_plane-fire-department-crews-fall
• More than 20,000 evacuation calls were never
delivered to residents in the path of a wildfire that destroyed about 350 homes
around Colorado Springs, Colorado, in June, records show. – Associated Press
40.
July 10, Associated Press – (Colorado)
Thousands of wildfire warnings undelivered in Colo. More than 20,000
evacuation calls were never delivered to residents in the path of a wildfire
that destroyed about 350 homes around Colorado Springs, Colorado in June,
records show, according to the Associated Press, July 10. It was the second
time in 5 months that Colorado residents said they did not get calls to pack up
and run as flames raced toward their homes. Officials in El Paso and Teller
counties were trying to determine why two-thirds of the 32,000 impacted
residents did not receive calls during the Waldo Canyon fire that began June
23. Nearly 10,000 attempts to reach residents in Colorado Springs were
abandoned after the calls were not completed, and more than 11,000 calls were
not answered, according to records obtained by KMGH 7 Denver. Cassidian
Communications, the reverse notification provider, said some calls were not
completed because of heavy volume. Phone company officials said their phones
were working fine at the time. A spokesman for El Paso/Teller County E911 said
his agency will hold meetings to discuss the problem. The system had 13,000
people registered in its cellphone database before the wildfire, officials
said. That jumped to 52,000 as homes were burned, and at one point, 1,000
residents per hour were registering their mobile numbers, the Denver Post
reported. About 12 percent of the people authorities intended to notify didn’t
get a warning, a sheriff’s spokesman said. The company that handles that
system, Baton Rouge, Louisiana-based FirstCall Network Inc., said the process
worked exactly as it should have. Source: http://columbustelegram.com/news/national/thousands-of-wildfire-warnings-undelivered-in-colo/article_bfcdd02f-8b92-56fc-b5d6-51bfd1dd9543.html
Details
Banking and Finance Sector
6. July 10,
McAllen Monitor – (Texas) 2 accused of bilking thousands in fake credit card
ring. A man and woman faced allegations in McAllen, Texas, that they
participated in a credit card fraud ring that swindled thousands of dollars
from banks and retailers and involved hundreds of fraudulent credit cards, the
McAllen Monitor reported July 10. McAllen police arrested the two Mexican
nationals on suspicion of credit card fraud July 3. The U.S. Secret Service
brought federal fraud charges against the two defendants after police
discovered hundreds of fake credit cards, gift cards, computers, cocaine,
steroids, thousands of dollars in cash, and other brand-new electronics at two
apartments in McAllen. Officers also seized a credit card encoder, thousands of
debit card PIN numbers, and two luxury sport utility vehicles. Police uncovered
the case after they found the man at an Academy Sports + Outdoors store, where
he was found with several credit cards and recently purchased gift cards in his
pockets, and several American Express gift cards and watches inside his vehicle.
Source: http://www.themonitor.com/news/fake-62184-mcallen-accused.html
7. July 10,
Bloomberg News – (Iowa) Peregrine Financial allegedly has $200 million
shortfall. Peregrine Financial Group Inc., a futures brokerage, has a
customer fund shortfall of at least $200 million, the U.S. Commodity Futures
Trading Commission (CFTC) claimed in a complaint filed in federal court,
Bloomberg News reported July 10. The regulator is seeking a court order
freezing the firm’s assets and the appointment of a receiver, as well as
monetary relief including fines and restitution. The FBI is also participating
in the federal probe, according to an agency spokeswoman. The National Futures
Association, an industry self-regulator July 9 said Peregrine had reported it
held about $400 million in customer-segregated funds as of June 29, of which
$225 million was on deposit at U.S. Bank. The regulator was then made aware
that its chairman “may have falsified bank records” after finding only $5
million was on deposit. Source: http://www.businessweek.com/news/2012-07-10/peregrine-financial-has-200-million-shortfall-cftc-says
8. July 10,
WNBC 4 New York – (Connecticut) FBI seeks gang of armed bank robbers in Conn. Bank
officials and the FBI released surveillance photos July 10 of a group of armed
bank robbers who have struck at least five banks in Connecticut and stolen
almost $500,000 since September 2010. Authorities are looking for three to five
men who have entered banks armed with handguns and wearing work clothes and
dark masks. The men subdue the patrons and tellers, then ransack the teller
drawers before escaping, according to a FBI special agent. A FBI spokesman
said, “The gang appears to be very well organized. They don’t speak and have
assigned roles and then switch cars as they escape.” Source: http://www.nbcnewyork.com/news/local/Connecticut-Armed-Bank-Robbers-Gang-FBI-Photos-Reward-161964955.html
Information Technology Sector
42. July 11,
H Security – (International) Formspring question-and-answer platform
compromised. More than 400,000 passwords for Formspring accounts were
compromised. This resulted in several million password hashes for the question-and-answer
platform made public on the Internet. The H’s associates at heise Security
discovered the Formspring hashes at the end of the week of July 6, but could
not determine the origin of the data. Shortly afterward, a reader contacted The
H with the crucial piece of information that hundreds of passwords contained
the term “formspring.” After being informed of this discovery, the operators of
the platform managed to trace the leak to a development server that allowed an
attacker to access a production server. They said they successfully closed it.
Formspring also reset all user passwords. The company used the opportunity to
switch its hashing method from SHA-256 (salted) to bcrypt, a method that can
currently only be cracked with substantial computing power and, therefore, an
attack would take a significant amount of time. About half of the 400,000
hashes were already reconstructed by password crackers. Source: http://www.h-online.com/security/news/item/Formspring-question-and-answer-platform-compromised-1636642.html
43. July 11,
Computerworld – (International) Microsoft urges death of Windows gadgets as
researchers plan disclosures. Two weeks before researchers are to disclose
bugs in Windows “gadgets” at Black Hat, Microsoft acknowledged unspecified
security vulnerabilities in the software supported by Vista and Windows 7. To
deal with the vulnerabilities, Microsoft provided a way to cripple all gadgets
and disable the “sidebar” engine that runs them. “The purpose of this advisory
is to notify customers that Microsoft is aware of vulnerabilities in insecure
Gadgets affecting the Windows Sidebar on supported versions of Windows Vista
and Windows 7,” Microsoft said in a security warning issued July 10. Microsoft
did not detail the vulnerabilities or explain why it was letting users ditch
gadgets, but the move may be linked to an upcoming presentation at Black Hat,
the annual security conference held in Las Vegas. July 26, two researchers are
scheduled to present research on gadget flaws and exploits. Source: http://www.computerworld.com/s/article/9228997/Microsoft_urges_death_of_Windows_gadgets_as_researchers_plan_disclosures
44. July 11,
Help Net Security – (International) Targeted attacks focus on small businesses. Thirty-six
percent of all targeted attacks (58 per day) during the last 6 months were
directed at businesses with 250 or fewer employees, according to Symantec.
During the first half of 2012, the total number of daily targeted attacks
continued to increase at a minimum rate of 24 percent with an average of 151
targeted attacks being blocked each day during May and June. Large enterprises
consisting of more than 2,500 employees are still receiving the greatest number
of attacks, with an average 69 being blocked each day. “There appears to be a
direct correlation between the rise in attacks against smaller businesses and a
drop in attacks against larger ones. It almost seems attackers are diverting
their resources directly from the one group to the other,” said a cybersecurity
intelligence manager at Symantec. “It may be that your company is not the
primary target, but an attacker may use your organization as a stepping-stone
to attack another company,” he said. The defense industry was the targeted
industry of choice in the first half of 2012, with an average of 7.3 attacks
per day. The chemical/pharmaceutical and manufacturing sectors maintain the
number two and three spots, respectively. These targets clearly received a
smaller percentage of overall attention than in 2011, but the chemical/pharmaceutical
sector is still hit by one in every five targeted attacks, while manufacturing
still accounts for almost 10 percent of all targeted attacks. Source: http://www.net-security.org/secworld.php?id=13225&utm
45. July 10,
Threatpost – (International) More malware using a remote payload
discovered on Google Play. Symantec warned of new malware masquerading as
two applications on Google Play that claimed up to 100,000 victims before the
trojan was removed. “What is most interesting about this Trojan is the fact
that the threat managed to stay on Google Play for such a long time, clocking
up some serious download figures before being discovered,” a Symantec
researcher said July 10. “Our suspicion is that this was probably due to the
remote payload.” In 2011, the researcher wrote about this evasion-driven
technique, in which the payload is broken into separate modules and delivered
independently, making it easier to hide and inject in other apps. In the case
of this malware, called Android. Dropdialer, the first stage was posted on
Google Play. Once installed, it downloaded an additional package via Dropbox
called Activator.apk that sends SMS messages to a premium-rate number tied to
Eastern Europe. Source: http://threatpost.com/en_us/blogs/more-malware-using-remote-payload-discovered-google-play-071012
46. July 10,
Krebs on Security – (International) Plesk 0day for sale as thousands of sites
hacked. Hackers in the criminal underground are selling an exploit that
extracts the master password needed to control Parallels’ Plesk Panel, a
software suite used to remotely administer hosted servers at a large number of
Internet hosting firms. The attack comes amid reports from multiple sources
indicating a spike in Web site compromises that appear to trace back to Plesk
installations. A miscreant on a very exclusive cybercrime forum has been
selling the ability to hack any site running Plesk Panel version 10.4.4 and
earlier. The hacker, a longtime member of the forum who has a history of
selling reliable software exploits, even developed a point-and-click tool he
claims can recover the administrator password from a vulnerable Plesk
installation, as well as read and write files to the Plesk Panel. The exploit
is being sold for $8,000, and according to the seller, the vulnerability it
targets remains unpatched. Multiple other members appear to have used it and
vouched for its value. Source: http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/
47. July 10,
eSecurity Planet – (International) July Patch Tuesday: XML 5 still vulnerable. For
a month now, Microsoft users have known about a critical XML flaw that has left
their systems at risk. In Microsoft’s July Patch Tuesday update July 10, that
XML flaw was partially addressed in one of nine security bulletins issued by
Microsoft. The bulletins also address critical updates for flaws in Internet
Explorer and Microsoft Data Access Components (MDAC). The MS12-043 bulletin
details the Microsoft XML Core Services vulnerability first revealed in the
June Patch Tuesday update. While Microsoft is now issuing a patch, it does not
cover all possible vulnerable XML scenarios. The patch fixes Microsoft XML Core
Services 3.0, 4.0, and 6.0 — but it does not patch version 5.0, which is still
widely used and deployed in Microsoft’s Office products. However, Microsoft is
not leaving its users entirely exposed to the XML 5 vulnerability — the company
issued a fix-it patch for XML 5. Source: http://www.esecurityplanet.com/windows-security/july-patch-tuesday-xml-5-still-vulnerable.html
48. July 10,
Inquirer – (International) Hackers could target Chrome users’ webcams,
security experts warn. Google announced a beta version of its Chrome Web
browser in a blog post July 10, but experts warned of security threats it might
cause for users. The Chrome Beta release grants Web applications access to
users’ Web cams and microphones without a plugin through the Getusermedia
application programming interface (API) — a method that allows users to
interact with HTML5 applications through video and audio devices. However, the
director of security research and communication at Trend Micro warned that
Getusermedia will be attractive to criminals. Source: http://www.theinquirer.net/inquirer/news/2190523/hackers-target-chrome-users-webcams-security-experts-warn
49. July 10,
Threatpost – (International) Microsoft revokes trust in 28 of its own
certificates. In the wake of the Flame malware attack, which involved the
use of a fraudulent Microsoft digital certificate, the software company
reviewed its certificates and found nearly 30 that were not as secure as it
would like and revoked them. Microsoft also released its new updater for
certificates as a critical update for Windows Vista and later versions as part
of the July 10 July Patch Tuesday. Microsoft did not say what the now-untrusted
certificates were used for, but company officials said there were a total of 28
certificates affected by the move. Many of the affected certificates are listed
simply as “Microsoft Online Svcs.” However, the company said it was confident
none of the certificates were compromised or used maliciously. Source: http://threatpost.com/en_us/blogs/microsoft-revokes-trust-28-its-own-certificates-071012
50. July 10, Ars Technica – (International) Web exploit
figures out what OS victim is using, customizes payload. Security
researchers found a live Web exploit that detects if the target is running
Windows, Mac OS X, or Linux and drops a different trojan for each platform. The
attack was spotted by researchers from antivirus provider F-Secure on a
Columbian transport Web site, presumably after third-party attackers
compromised it. The unidentified site then displayed a signed Java applet that
checked if the user’s computer is running Windows, Mac OS X, or Linux. Based on
the outcome, the attack then downloads the appropriate files for each platform.
The exploit, however, was unable to infect modern Macs unless they were
modified to run software known as Rosetta. The software allows Macs using Intel
processors to run applications written for Macs using PowerPC processors, which
were phased out 5 years ago. Source: http://arstechnica.com/security/2012/07/cross-platform-web-exploit/
Communications Sector
51.
July 10, Duluth News Tribune –
(Minnesota) Man arrested after allegedly threatening to blow up Charter
cable TV building in Duluth. A Duluth, Minnesota man is in jail pending
felony charges of making terroristic threats after allegedly saying he was
going to burn or blow up the Charter Communications building in Duluth, then
showing up at that facility July 10. He was upset over his Internet service,
Duluth police said in a news release. He was being held at the St. Louis County
Jail. Police were called to the building after reports of a suspicious vehicle
outside the building, according to scanner reports. The incident began when a
Charter contact center adviser received a call from a Duluth customer
threatening to harm the Duluth office and its employees, said a Charter
spokeswoman. Employees in the Duluth office were notified and were evacuated to
a safe location, she said. A Charter technical supervisor in Duluth had seen a
man in a pickup truck parked in the lot in front of the building, she said. She
said the man left the truck before police arrived, but he was apprehended and
taken into custody. Source: http://www.duluthnewstribune.com/event/article/id/236513/group/homepage/
For
another story, see item 45 above in the Information Technology
Sector