Friday, July 13, 2012 

Daily Report

Top Stories

 • Los Alamos National Laboratory significantly underestimated how much radiation could leak from the nation’s premier plutonium lab after a major earthquake and fire, a federal oversight panel concluded. – Associated Press 

12. July 11, Associated Press – (New Mexico) Oversight board: Los Alamos lab underestimated risk from possible radiation leak in disaster. Los Alamos National Laboratory in Los Alamos, New Mexico significantly underestimated how much radiation could leak from the nation’s premier plutonium lab after a major earthquake and fire, a federal oversight panel concluded, according to a July 11 report by the Associated Press. The Defense Nuclear Facilities Safety Board recently sent lab officials a report and letter saying board staff identified a number of deficiencies in calculations that concluded any release would be below the threshold deemed safe to the public. Board staff said its calculations indicate the potential for a radiation release from an earthquake-induced fire could instead be more than four times higher than levels considered safe for public exposure. Source:

 • Delta Air Lines faced nearly $1 million in fines from the Federal Aviation Administration after the agency said the airline flew planes with flaws in a nose cone and a cockpit light. – USA Today

21. July 11, USA Today – (National) FAA proposes nearly $1 million fine against Delta Air Lines. Delta Air Lines faced nearly $1 million in fines from the Federal Aviation Administration (FAA) after the agency said the airline flew planes with flaws in a nose cone and a cockpit light, USA Today reported July 11. The latest case for Delta involved a February 2010 inspection that found a chip in the Boeing 737-800 nose cone that was supposed to be fixed immediately. But the FAA proposed a $687,500 fine because the plane allegedly flew 20 additional flights before it was repaired. The FAA also claimed Delta had a problem with an Airbus A320 that had a broken cockpit floodlight socket that was to be repaired within 10 days. The FAA proposed a $300,000 fine because it said the plane flew 884 times from May 2010 to January 2011 without a fix. Source:

 • Yahoo Inc. said it was reviewing reports of a security breach that may have exposed nearly half a million users’ e-mail addresses and passwords. – Associated Press See item 40 below in the Information Technology Sector

 • A Utah wildfire that destroyed 52 homes and left a man dead was caused by arcing between power transmission lines that were built too closely together and sent a surge to the ground that ignited dry grass, a fire investigator said July 11. – Associated Press

55. July 11, Associated Press – (Utah; National) Arcing power lines caused Utah wildfire. A Utah wildfire that destroyed 52 homes and left a man dead was caused by arcing between power transmission lines that were built too closely together and sent a surge to the ground that ignited dry grass, a fire investigator said July 11. The central Utah Wood Hollow Fire began June 23 and was not fully contained for 10 days, costing nearly $4 million to fight, according to State officials. They said 160 structures were destroyed. The 75-square-mile blaze began when winds caused two sets of high-voltage power lines to touch or swing close enough to each other to create a surge that swept down the poles into dry brush, said a State deputy fire marshal. Elsewhere in Utah, five major wildfires continued to burn July 11, but fire crews largely had them contained. Meanwhile, fires burned across the West. An eastern Oregon wildfire had grown to about 450 square miles July 11, and authorities put some residents on notice that they might have to evacuate. A nearby fire had grown to about 70 square miles. Firefighters had little containment on both blazes. A wildfire in the Boise National Forest east of Idaho’s capital city was threatening about 100 homes July 11 as lightning sparked several new fires across the State. The blaze on about 300 acres was a concern for a nearby subdivision about 25 miles from Boise, authorities said. The State’s largest wildfire had burned through about 340 square miles but was expected to be contained by July 11. Lightning sparked several new fires in Montana, including one that forced the evacuations of 30 homes near Livingston 30 miles east of Bozeman. The fire was mostly contained July 11 after burning more than 1,500 acres. In southeastern Montana, officials reported the 389-square-mile Ash Creek fire was completely contained by July 11, but red-flag weather conditions persisted. Source:


Banking and Finance Sector

13. July 12, Tyler Morning Telegraph – (Texas; Arkansas) ‘Loan Ranger Bandit’ strikes again in Salado. The man accused of robbing two Texas banks is believed to be responsible for at least three more in Texas and one in Arkansas, the Tyler Morning Telegraph reported July 12. The First State Bank in Salado, Texas, was hit by a man matching the description of a robber who struck two Tyler banks: BBV Compass Bank in May and the Altra Federal Credit Union in August 2011. The man, dubbed the “Loan Ranger Bandit” used a handgun and did not wear a mask in the robbery. The robber’s brand comes because he targets institutions that issue loans, and he wore a Texas Rangers cap in at least one robbery. A Tyler Police Department spokesman said the department was working with the FBI. Source:

14. July 12, International Business Times – (International) HSBC faces $1 billion ‘money laundering’ fine. HSBC became the latest banking giant mired in scandal after it emerged July 12 that the British lender will be fined $1 billion by U.S. regulators for failing to implement sufficient money laundering controls. According to an internal memo, HSBC will “acknowledge and apologize” to a U.S. Senate committee the week of July 16 for failing to spot money laundering activity in its banks that could have been used to finance terrorism and organized crime from 2004 to 2010. In a bid to eradicate money laundering in the future, HSBC’s CEO told Agence-France Presse the bank will continue to increase its compliance budget. The bank increased its spending on anti-money laundering efforts to $400 million from $200 million in 2010. Source:

15. July 11, Oakland Tribune – (California) Oakland: ‘Fedora bandit’ arrested in bank, store robberies. A convicted Washington bank robber was arrested in Oakland, California, July 10, less than 5 hours after police said he robbed the same downtown bank he held up in June. Besides the two heists at the Citibank branch, the man who police dubbed the “fedora bandit” because he wore a hat in some of the holdups, was also suspected of robbing a CVS drugstore, and a Safeway supermarket. Authorities said the man was armed with a gun when he robbed the Citibank location July 10. Police investigators said police recovered the hats worn in the robberies and some of the cash. Police also found evidence indicating he was involved in identity theft, check fraud, and counterfeiting. Losses in the robberies ranged from a few hundred to a few thousand dollars. Source:

16. July 11, KAAL 6 Austin – (National) 2 arrested in West Metro skimming scheme. Two people from California were arrested in Plymouth, Minnesota, for setting up credit card skimming devices in the pumps at a local gas station, KAAL 6 Austin reported July 11. The two were arrested late the week of July 2. Inside their car, police found a list of nearly 100 metro gas stations, a cordless drill, and items to make fake credit cards. Officers went to a gas station in New Hope, where they found skimming devices on six of the eight pumps. The suspects had the credit card information of several area people. Source:

For more stories, see item 42 in the Information Technology Sector

Information Technology Sector

37. July 12, The Register – (International) Indian software pirating suspect faces US extradition. An alleged software counterfeiter from India faces possible U.S. extradition. The man, a resident in the Mumbai suburb of Andheri, was arrested by Indian police July 11 over alleged hacking and copyright violations. Computers, CDs, USB sticks, and other evidence was seized from his home by Mumbai police — who were acting on a request from the U.S. Southern District Court, New York. It is unclear if U.S. authorities will seek the man’s extradition or whether an FBI team will travel to Mumbai to question him. The man allegedly used hacking techniques to defeat copyright protection measures before creating counterfeit CDs, which he then re-sold. The case prompted an FBI investigation that led to a March 2010 indictment. Source:

38. July 12, The Register – (International) Instagram bug ‘exposed’ hipsters’ private photos to strangers. A recently patched vulnerability in Instagram potentially exposed users’ private photos and more to strangers. A bug in the popular photo touch-up utility, acquired by Facebook in April, allowed malicious users to add themselves as “friends” to individual accounts without permission and view pictures marked as private. In a security advisory, Instagram said the “Following Bug” was fixed. It denied private photos were even exposed, an assurance that conflicts with claims in a blog post by the Spanish security researcher who discovered the flaw. He warned that photos and private data were exposed by the bug, which stems from the ability to guess and forge approved requests to follow, or befriend a user, using a brute-force attack. Both Android and iPhone versions of Instagram were affected by the vulnerability. Source:

39. July 12, H Security – (International) Chrome 20 update fixes high-risk security vulnerabilities. Google published a new update to the stable 20.x branch of Chrome to close security holes in the WebKit-based Web browser. Version 20.0.1132.57 of Chrome addresses three vulnerabilities, all of which are rated as “high severity” by the company. These include two use-after-free errors in counter handling and in layout height tracking. A third high-risk problem related to object access with JavaScript in PDFs was also corrected. Further details about the vulnerabilities were being withheld until “a majority of users are up-to-date with the fix.” Other changes include stability improvements, and updates to the V8 JavaScript engine and the built-in Flash player plug-in. Source:

40. July 12, Associated Press – (International) Yahoo says it’s investigating a report of a breach involving 450,000 passwords. July 12, Yahoo Inc. said it was investigating reports of a security breach that may have exposed nearly half a million users’ e-mail addresses and passwords. The company said it was looking into “claims of a compromise of Yahoo! user IDs” but did not disclose the size of the reported breach or how it may have happened. Yahoo’s head of U.K. Consumer Public Relations said she could not immediately provide any more detail on the breach “as we are still investigating it.” Technology news Web sites including CNET, Ars Technica, and Mashable said hackers calling themselves the D33D Company claimed responsibility for the attack, adding that data posted to the group’s Web site carried more than 453,000 log-in credentials from an unidentified Yahoo subdomain. The little-known group was quoted as saying that they stole the passwords using an SQL injection — the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable Web sites. Source:

41. July 12, Softpedia – (International) DarkComet RAT used to target gamers, military and governments, experts find. Researchers from Arbor Networks analyzed a number of campaigns that relied on the DarkComet Remote Access Trojan (RAT). “Dark Comet is very popular RAT and is actively developed and widely used. It can be difficult to determine the motive of the attacker, however sometimes there are enough traces left over that can help us piece together the potential goals of a campaign,” a researcher from Arbor Networks explained. The security firm has over 4,000 samples of the RAT. They managed to identify some campaigns by analyzing the command and control (C&C) servers, passwords, and server IDs used by them. The C&C server’s IP address for one campaign pointed to an area in South Africa where two air force bases are located. While they could not determine the motives, the researchers believe the bases may have something to do with the attack. In another campaign, the RAT was possibly used by someone to redirect .gov sites. The domains are bogus, but the scenario shows the cyber criminals were simulating man-in-the-middle attacks and redirects. Runescape and other gaming communities were also targeted in operations that leveraged this particular tool. Source:

42. July 11, Dark Reading – (International) Series of convincing spam runs part of one massive advanced attack campaign. Recent widespread spam runs posing as convincing-looking e-mail messages from LinkedIn, Facebook, ADP, American Express, US Airways, the U.S. Postal Service, UPS, and several other high-profile organizations are all part of a single, orchestrated attack campaign using the Blackhole exploit kit and aimed at stealing victims’ online financial credentials, Dark Reading learned. Researchers at Trend Micro said they found multiple common threads that tie the spam messages together as one effort by one cybercriminal group, or multiple groups working together. “It’s one operation probably run by two to three individuals very focused on the theft of financial credentials,” and likely out of Eastern Europe, said the vice president of cybersecurity at Trend Micro. The attackers are using mostly Zeus and Cridex malware variants in the attacks via the Blackhole Exploit Kit, he said.  Source:

43. July 11, IDG News Service – (International) Facebook launches malware checkpoints for users with infected computers. July 10, Facebook launched a feature that allows users to lock down their Facebook accounts and perform malware scans if they suspect their computers might be infected. Facebook already uses internal scanners to detect spam and malicious messages that might have been sent from user accounts hijacked by malware. When found, such accounts are temporarily locked down and their owners are asked to go through a multi-step account recovery process that involves downloading and running a malware scanner called McAfee Scan and Repair. The new “malware checkpoints” feature will allow users who believe their computers might be infected to initiate the account lockdown procedure themselves and perform an antivirus scan for free. Users will be able to choose to scan their computers with McAfee Scan and Repair, a run-once anti-malware scanner, or with Microsoft Security Essentials, a full-featured antivirus product that must be downloaded and installed. Source:

44. July 11, ZDNet – (International) Tumblr haunted by stored (persistent) XSS flaw. A security researcher posted evidence of a serious cross-site scripting (XSS) vulnerability on Tumblr, the popular micro-blogging site used by millions, ZDNet reported July 11. Technical details on the flaw, described as a stored (persistent) XSS issue, were being withheld by the researcher who found the issue. The researcher said he disclosed the issue to Tumblr June 25, but the vulnerability still exists, putting millions of Web users at risk of malicious hacker attacks. Source:

45. July 10, Network World – (International) Warp Trojan from China said to fool routers into spreading Windows malware. A security firm said it spotted malware from China dubbed the Warp trojan that takes a totally new approach; after infecting a vulnerable Windows computer, it pretends to be a router and tells the real local subnet router to send traffic for other networked computers to the infected machine, so the malware can then try to compromise the other computers through a man-in-the-middle attack. Kindsight Security Labs believes Warp trojan hails from China and may be used as some kind of adware to drive traffic to Web sites there. Source:

For more stories, see item 46 below in the Communications Sector

Communications Sector 

46. July 12, ZDNet – (International) BBC website crash leaves millions without on-demand, news. The BBC’s Web site crashed late July 11, but the broadcaster had yet to work out exactly what happened and why. During television prime-time, the entire BBC Web site crashed with an “internal error,” leaving hundreds of millions without access to BBC News, or its on-demand television service, BBC iPlayer. The Web site failed to load late July 11 and the entire online network was inaccessible 15 minutes later. Many sections of the site were restored around an hour later, but its front page remained problematic over the following hour. The publicly funded broadcaster said there was a “major technical issue” caused by a failure of traffic managers in both BBC data centers. A BBC spokesman explained in a blog post its traffic managers are “critical” to its infrastructure and handle all site requests. Source:

For more stories, see items 38, 40, and 44 above in the Information Technology Sector