Monday, July 16, 2012 


Daily Report

Top Stories

 • Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that swindled money from more than 7,700 investors throughout the country. – Federal Bureau of Investigation See item 14 below in the Banking and Finance Sector

 • An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. – Associated Press; CBS News 

17. July 13, Associated Press; CBS News – (Michigan; International) Detroit-Windsor Tunnel reopens after bomb threat. An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. No explosives were found, CBS News reported July 13. The Detroit Windsor Tunnel, a busy border crossing beneath the Detroit River, was shut down after a duty free shop employee on the tunnel’s Canadian plaza reported receiving a call about a bomb threat. The tunnel was closed and traffic on both sides of the river was directed to the nearby Ambassador Bridge, which spans the river, the tunnel’s executive vice president said. Homeland Security, U.S. Customs and Border Protection, Detroit police, and other agencies flooded the plaza and entrance on the tunnel’s U.S. side. The bomb threat also resulted in heightened security along the Ambassador Bridge, west of downtown Detroit. The 82-year-old tunnel stretches about 1 mile across the Detroit River, which is one of North America’s busiest trade crossings. Cars and buses make up most of the traffic. About 4.5 million cars crossed in 2011. After the call came in, officials at the tunnel followed protocol that is established between the tunnel operators and local emergency services officials in consultation with U.S. Customs and Border Protection, tunnel officials said. Source: http://www.cbsnews.com/8301-505245_162-57471753/detroit-windsor-tunnel-reopens-after-bomb-threat/

 • A severe drought spreading across the Midwest has resulted in some of the worst conditions in decades, leaving more than 1,000 counties in 26 States designated as natural disaster areas, authorities said. – CNN 

25. July 13, CNN – (National) Drought stretches across America, threatens crops. A severe drought is spreading across the Midwest, resulting in some of the worst conditions in decades and leaving more than 1,000 counties designated as natural disaster areas, authorities said, CNN reported July 13. Farmers in the region are suffering, with pastures for livestock and fields of crops becoming increasingly parched during June, according to the National Climatic Data Center. Many areas in the southern Midwest are reporting the poorest conditions for June since 1988. As of July 10, about 61 percent of the contiguous United States (excluding Alaska, Hawaii, and Puerto Rico) was experiencing drought, the highest percentage in the 12-year record of the U.S. Drought Monitor. Unusually high temperatures and little rainfall have led to “widespread deterioration and expansion of dryness and drought” in the Midwest, northwestern Ohio Valley, and southern Great Plains, the drought monitor said. That has left 1,016 counties in 26 States termed as natural disaster areas, the U.S. Department of Agriculture said the week of July 9. A county is generally qualified as a natural disaster area if it has suffered severe drought for 8 consecutive weeks. The past 12 months have been the warmest the United States has experienced since records began in 1895, the climatic data center said. Source: http://www.cnn.com/2012/07/13/us/midwest-drought/index.html?hpt=hp_t1

 • Thousands of patients of two Denver-area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C over a period of 11 years. – KUSA 9 Denver 

30. July 13, KUSA 9 Denver – (Colorado) Denver area oral surgeon may have exposed patients to HIV. Patients of two Denver area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C. The Colorado Department of Public Health and Environment has sent out more than 8,000 letters to patients and former patients of an oral surgeon in Highlands Ranch and Denver. However, the department believes there are more patients that have been impacted. An investigation began after a report of unsafe injection practices. During the investigation, the health department determined syringes and needles used to inject medications through patients’ IV lines were saved and reused. The health department advised anyone who was a patient of the oral surgeon in Highlands Ranch and Denver to be tested if they received intravenous medications including sedation from September 1999 through June 2011. Officials said patients may be at risk if they were seen by the surgeon at the following locations: September 1999 to June 2011 - Stein Oral and Facial Surgery, 8671 S. Quebec St., #230, Highlands Ranch, CO 80130; August 2010 to June 2011 at Stein Oral and Facial Surgery (New Image Dental Implant Center), 3737 E.1st Ave., Suite B, Denver, CO 80206. Source: http://www.9news.com/news/local/article/277306/222/Denver-area-dentist-may-have-exposed-patients-to-HIV

Details

Banking and Finance Sector

10. July 13, Softpedia – (International) FBI arrests 3 more individuals accused of carding crimes. As a continuation of an operation where authorities apprehended 24 individuals suspected of being involved in payment card information trafficking in June, the FBI announced the arrests of three more suspects, bringing the number of defendants to 27, Softpedia reported July 13. One known as HellsAngel was arrested July 11 in Mumbai, India. Another that went by the username Swat Runs Train, and another called xTGxKAKAROT, were taken into custody in Canada and Colorado, respectively. Swat Runs Train was suspected of selling complete credit card details, including names, addresses, Social Security numbers, birth dates, and bank account information. The one known as HellsAngel was also believed to have offered the same type of data. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers. xTGxKAKAROT possessed around 170,000 credential sets, comprised of usernames and passwords, which could be used to access online accounts. He also made money by selling electronic devices he obtained as a result of his carding activities. Source: http://news.softpedia.com/news/FBI-Arrests-3-More-Individuals-Accused-of-Carding-Crimes-281157.shtml

11. July 13, Softpedia – (California; Washington) Rapper ‘Guerilla Black’ arrested for buying and using stolen payment card details. A rap artist known as Guerilla Black was detained at his home in Los Angeles on suspicion of purchasing and using at least 27,257 stolen credit card numbers obtained by hackers from 2 restaurants from the Seattle area, Softpedia reported July 13. The two hackers were previously arrested and indicted. While the total losses were not yet known, the amount may be large, especially since only 137 of the cards were used to make purchases worth $150,000. The rapper was charged with accessing a protected computer without authorization to further fraud, access device fraud, bank fraud, aggravated identity theft, and conspiracy to commit access device fraud and to commit bank fraud. He was also accused of conspiracy to access protected computers to further fraud. Source: http://news.softpedia.com/news/Rapper-Guerilla-Black-Arrested-for-Buying-and-Using-Stolen-Payment-Card-Details-281192.shtml

12. July 12, WLS 7 Chicago – (Illinois) ‘Wicker Park Bandit’ pleads guilty to bank robberies. The man authorities call ‘The Wicker Park Bandit’ pleaded guilty to three bank robberies July 12 in Chicago. The man was arrested in February. At the time, the FBI said he was a suspect in as many as 10 bank robberies in and around Chicago’s Wicker Park neighborhood. Source: http://abclocal.go.com/wls/story?section=news/local&id=8734402

13. July 12, Bloomberg News – (Virginia) Bank of Commonwealth ex-CEO, officials charged with fraud. The former chief executive officer (CEO) of Norfolk, Virginia’s Bank of the Commonwealth was among six people indicted for an alleged fraud conspiracy involving a coverup of the bank’s financial condition from 2008 to 2011, Bloomberg News reported July 12. The former CEO who ran the bank for more than 3 decades was charged in a 25-count indictment. Three other former bank executives and two borrowers were also charged. The executives concealed shortfalls by overdrawing demand-deposit accounts to make loan payments and extending new loans or additional principal on existing loans to cover payment deficiencies, the indictment charged. Prosecutors are seeking $71 million in criminal forfeiture. From 2008 until it closed in 2011, the bank lost almost $115 million. The bank’s failure will cost the United States, through the Federal Deposit Insurance Corporation, more than $260 million. Source: http://www.businessweek.com/news/2012-07-12/bank-of-commonwealth-ex-ceo-officials-charged-with-fraud

14. July 12, Federal Bureau of Investigation – (National) Dallas men indicted in $485M investment fraud scheme. Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that involved investors throughout the country. The two men were charged with one count of conspiracy to commit mail fraud, and 10 counts of mail fraud. According to the indictment, the men, on behalf of Provident Royalties LLC, conspired with others to defraud investors in an oil and gas scheme that involved more than $485 million and 7,700 investors. Specifically, beginning in approximately September 2006, the two men and other individuals made materially false representations and failed to disclose material facts to their investors to induce them into providing payments to Provident. These included false representations that the funds invested would only be used for the project the funds were raised for, that one of Provident’s founders had previously been charged with securities fraud violations by the State of Michigan, and that funds from later investors were used to pay earlier ones. Source: http://www.loansafe.org/dallas-men-indicted-in-485m-investment-fraud-scheme

15. July 12, Associated Press – (New Mexico) Auditor says New Mexico Finance Authority issued fake audit for 2011. The New Mexico Finance Authority (NMFA), which makes billions of dollars in loans for public projects, faked its annual audit that was sent to creditors and investors for 2011, the State auditor said July 12. The State Auditor said he discovered the fake audit after the NMFA failed to submit its annual review as required by law. He said a fraudulent audit report had been produced for investors and creditors, but the firm that supposedly created that document confirmed it was not their work. The CEO of the NMFA called the matter “deeply concerning” but insisted it would have no effect on NMFA’s ability to meet its financial obligations. He blamed the authority’s former controller, who left in June, and said the NMFA took steps to rectify the issues as quickly as possible. He said that the NMFA alerted ratings agencies, investors, public officials, and law enforcement authorities. Source: http://www.therepublic.com/view/story/ff2882b265e14c1b8f18109fbd54f746/NM--Faked-Audit

16. July 12, IDG News Service – (International) Artema Hybrid point-of-sale devices can be hacked remotely, researchers say. Artema Hybrid, a point-of-sale terminal manufactured by VeriFone Systems, is vulnerable to attacks that could allow cyber criminals to steal payment card data and PIN numbers or alter transactions, said security researchers from security research firm Security Research Labs (SRLabs). The software running on the device — commonly referred to as the firmware — contains buffer overflow vulnerabilities in the network stack — the set of libraries that handle network communications, the founder and chief scientist of SRLabs, said July 12. An attacker could exploit these vulnerabilities to execute arbitrary code on the device. Source: http://www.csoonline.com/article/710833/artema-hybrid-point-of-sale-devices-can-be-hacked-remotely-researchers-say

Information Technology Sector

39. July 13, H Security – (International) Yahoo! confirms data breach. Yahoo! confirmed approximately 450,000 e-mail addresses and passwords from its log-in system were leaked on the Internet. The breach was publicized after a security expert posted about it on Twitter and was initially believed only to concern the Yahoo! Voice service. According to Yahoo!, an “old file” from the Yahoo! Contributor Network content sharing platform was compromised and is the source of the log-in data. The company said only around 5 percent of the leaked 450,000 e-mail address and password combinations have valid passwords. Yahoo! stated it is working on fixing the vulnerability and will change the passwords of affected users as well as notify other companies whose user accounts were affected by the breach. In addition to the 140,000 Yahoo! e-mail addresses, there were over 100,000 Gmail addresses and many from Hotmail and other services. Source: http://www.h-online.com/security/news/item/Yahoo-confirms-data-breach-1640148.html

40. July 13, H Security – (International) Symantec Endpoint Protection causing crashes. A signature update to Symantec’s Endpoint Protection software led to crashes of Windows XP. The problems with Endpoint Protection, a security package mainly used in the corporate environment, became noticeable by the frequent complaints from users and administrators to the company’s support team and in Symantec’s forums. According to an information page, although Symantec reproduced the problem, it is yet to identify the underlying cause. It has now, though, produced updated signatures to work around the problem. Source: http://www.h-online.com/security/news/item/Symantec-Endpoint-Protection-causing-crashes-1641046.html

41. July 13, V3.co.uk – (International) Nvidia Developer Zone stung by password pilfering hackers. Nvidia suspended its developer forum following a suspected data breach that may have compromised user passwords. The service was taken offline July 12, with Nvidia posting a statement saying it is investigating the matter. The company indicated the attack targeted user password information. Nvidia warned users about potential phishing scams using the information, urging forum members to remain wary of suspicious e-mails. Source: http://www.v3.co.uk/v3-uk/news/2191413/nvidia-developer-zone-stung-by-password-pilfering-hackers

42. July 13, V3.co.uk – (International) Cisco warns users of TelePresence security holes. Cisco advised customers to update their TelePresence system software and appliances following the release of a series of security fixes. The company issued four software updates designed to address vulnerabilities in various components of the videoconferencing platform. According to Cisco’s advisories, the vulnerable components include the TelePresence Manager, Recording Server, Multipoint Switch, and the TelePresence Immersive Endpoint System. If targeted, the components could be exploited for remote code execution operations. Source: http://www.v3.co.uk/v3-uk/news/2191356/cisco-warns-users-of-telepresence-security-holes

43. July 12, IDG News Service – (International) Oracle to release 88 security fixes. Oracle will deliver 88 security fixes July 17 for a wide range of its products, according to a pre-release announcement posted to its Web site July 12. A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said. Four fixes are for Oracle’s database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for log-in credentials, according to the notice. Oracle is also set to release 22 patches for its Fusion Middleware family, 8 of which can be remotely exploited without a username or password, Oracle said. The company uses the Common Vulnerability Scoring System (CVSS) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale. Another 25 fixes cover weaknesses in Oracle’s Sun product family, including the GlassFish application server and Solaris OS. The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said. Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft, and Oracle Industry Applications. Source: http://www.computerworld.com/s/article/9229081/Oracle_to_release_88_security_fixes

44. July 12, Threatpost – (International) AndroidForums.com hacked, user credentials stolen. An online forum for Android fans and developers was compromised and user account details stolen, according to a notice posted online July 10. Phandroid.com, which operates Androidforums.com, told users that hackers breached a back end database that powers Androidforums.com, an online bulletin board for Android users and developers. The data contained in that database includes androidforums usernames, email addresses, hashed passwords, the IP addresses members registered with, and forum group memberships, among other data. Phandroid.com believes the attack was aimed at gathering e-mail addresses for spam runs. Source: http://threatpost.com/en_us/blogs/androidforumscom-hacked-user-credentials-stolen-071212

45. July 12, ZDNet – (International) Microsoft patches Windows Live identity theft flaw. Two security researchers recently discovered a serious vulnerability in Microsoft’s Windows Live service. The cross-site scripting (XSS) flaw means an attacker could impersonate a Windows Live user by gaining full control of the victim’s cookies. Combined with social engineering, this technique could be used to steal a victim’s Windows Live identity. Source: http://www.zdnet.com/microsoft-patches-windows-live-identity-theft-flaw-7000000832/

For more stories, see items 10 and 11 above in the Banking and Finance Sector

Communications Sector 

See items 39, and 45 above in the Information Technogy Sector

Monday, July 16, 2012 


Daily Report

Top Stories

 • Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that swindled money from more than 7,700 investors throughout the country. – Federal Bureau of Investigation See item 14 below in the Banking and Finance Sector

 • An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. – Associated Press; CBS News 

17. July 13, Associated Press; CBS News – (Michigan; International) Detroit-Windsor Tunnel reopens after bomb threat. An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. No explosives were found, CBS News reported July 13. The Detroit Windsor Tunnel, a busy border crossing beneath the Detroit River, was shut down after a duty free shop employee on the tunnel’s Canadian plaza reported receiving a call about a bomb threat. The tunnel was closed and traffic on both sides of the river was directed to the nearby Ambassador Bridge, which spans the river, the tunnel’s executive vice president said. Homeland Security, U.S. Customs and Border Protection, Detroit police, and other agencies flooded the plaza and entrance on the tunnel’s U.S. side. The bomb threat also resulted in heightened security along the Ambassador Bridge, west of downtown Detroit. The 82-year-old tunnel stretches about 1 mile across the Detroit River, which is one of North America’s busiest trade crossings. Cars and buses make up most of the traffic. About 4.5 million cars crossed in 2011. After the call came in, officials at the tunnel followed protocol that is established between the tunnel operators and local emergency services officials in consultation with U.S. Customs and Border Protection, tunnel officials said. Source: http://www.cbsnews.com/8301-505245_162-57471753/detroit-windsor-tunnel-reopens-after-bomb-threat/

 • A severe drought spreading across the Midwest has resulted in some of the worst conditions in decades, leaving more than 1,000 counties in 26 States designated as natural disaster areas, authorities said. – CNN 

25. July 13, CNN – (National) Drought stretches across America, threatens crops. A severe drought is spreading across the Midwest, resulting in some of the worst conditions in decades and leaving more than 1,000 counties designated as natural disaster areas, authorities said, CNN reported July 13. Farmers in the region are suffering, with pastures for livestock and fields of crops becoming increasingly parched during June, according to the National Climatic Data Center. Many areas in the southern Midwest are reporting the poorest conditions for June since 1988. As of July 10, about 61 percent of the contiguous United States (excluding Alaska, Hawaii, and Puerto Rico) was experiencing drought, the highest percentage in the 12-year record of the U.S. Drought Monitor. Unusually high temperatures and little rainfall have led to “widespread deterioration and expansion of dryness and drought” in the Midwest, northwestern Ohio Valley, and southern Great Plains, the drought monitor said. That has left 1,016 counties in 26 States termed as natural disaster areas, the U.S. Department of Agriculture said the week of July 9. A county is generally qualified as a natural disaster area if it has suffered severe drought for 8 consecutive weeks. The past 12 months have been the warmest the United States has experienced since records began in 1895, the climatic data center said. Source: http://www.cnn.com/2012/07/13/us/midwest-drought/index.html?hpt=hp_t1

 • Thousands of patients of two Denver-area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C over a period of 11 years. – KUSA 9 Denver 

30. July 13, KUSA 9 Denver – (Colorado) Denver area oral surgeon may have exposed patients to HIV. Patients of two Denver area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C. The Colorado Department of Public Health and Environment has sent out more than 8,000 letters to patients and former patients of an oral surgeon in Highlands Ranch and Denver. However, the department believes there are more patients that have been impacted. An investigation began after a report of unsafe injection practices. During the investigation, the health department determined syringes and needles used to inject medications through patients’ IV lines were saved and reused. The health department advised anyone who was a patient of the oral surgeon in Highlands Ranch and Denver to be tested if they received intravenous medications including sedation from September 1999 through June 2011. Officials said patients may be at risk if they were seen by the surgeon at the following locations: September 1999 to June 2011 - Stein Oral and Facial Surgery, 8671 S. Quebec St., #230, Highlands Ranch, CO 80130; August 2010 to June 2011 at Stein Oral and Facial Surgery (New Image Dental Implant Center), 3737 E.1st Ave., Suite B, Denver, CO 80206. Source: http://www.9news.com/news/local/article/277306/222/Denver-area-dentist-may-have-exposed-patients-to-HIV

Details

Banking and Finance Sector

10. July 13, Softpedia – (International) FBI arrests 3 more individuals accused of carding crimes. As a continuation of an operation where authorities apprehended 24 individuals suspected of being involved in payment card information trafficking in June, the FBI announced the arrests of three more suspects, bringing the number of defendants to 27, Softpedia reported July 13. One known as HellsAngel was arrested July 11 in Mumbai, India. Another that went by the username Swat Runs Train, and another called xTGxKAKAROT, were taken into custody in Canada and Colorado, respectively. Swat Runs Train was suspected of selling complete credit card details, including names, addresses, Social Security numbers, birth dates, and bank account information. The one known as HellsAngel was also believed to have offered the same type of data. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers. xTGxKAKAROT possessed around 170,000 credential sets, comprised of usernames and passwords, which could be used to access online accounts. He also made money by selling electronic devices he obtained as a result of his carding activities. Source: http://news.softpedia.com/news/FBI-Arrests-3-More-Individuals-Accused-of-Carding-Crimes-281157.shtml

11. July 13, Softpedia – (California; Washington) Rapper ‘Guerilla Black’ arrested for buying and using stolen payment card details. A rap artist known as Guerilla Black was detained at his home in Los Angeles on suspicion of purchasing and using at least 27,257 stolen credit card numbers obtained by hackers from 2 restaurants from the Seattle area, Softpedia reported July 13. The two hackers were previously arrested and indicted. While the total losses were not yet known, the amount may be large, especially since only 137 of the cards were used to make purchases worth $150,000. The rapper was charged with accessing a protected computer without authorization to further fraud, access device fraud, bank fraud, aggravated identity theft, and conspiracy to commit access device fraud and to commit bank fraud. He was also accused of conspiracy to access protected computers to further fraud. Source: http://news.softpedia.com/news/Rapper-Guerilla-Black-Arrested-for-Buying-and-Using-Stolen-Payment-Card-Details-281192.shtml

12. July 12, WLS 7 Chicago – (Illinois) ‘Wicker Park Bandit’ pleads guilty to bank robberies. The man authorities call ‘The Wicker Park Bandit’ pleaded guilty to three bank robberies July 12 in Chicago. The man was arrested in February. At the time, the FBI said he was a suspect in as many as 10 bank robberies in and around Chicago’s Wicker Park neighborhood. Source: http://abclocal.go.com/wls/story?section=news/local&id=8734402

13. July 12, Bloomberg News – (Virginia) Bank of Commonwealth ex-CEO, officials charged with fraud. The former chief executive officer (CEO) of Norfolk, Virginia’s Bank of the Commonwealth was among six people indicted for an alleged fraud conspiracy involving a coverup of the bank’s financial condition from 2008 to 2011, Bloomberg News reported July 12. The former CEO who ran the bank for more than 3 decades was charged in a 25-count indictment. Three other former bank executives and two borrowers were also charged. The executives concealed shortfalls by overdrawing demand-deposit accounts to make loan payments and extending new loans or additional principal on existing loans to cover payment deficiencies, the indictment charged. Prosecutors are seeking $71 million in criminal forfeiture. From 2008 until it closed in 2011, the bank lost almost $115 million. The bank’s failure will cost the United States, through the Federal Deposit Insurance Corporation, more than $260 million. Source: http://www.businessweek.com/news/2012-07-12/bank-of-commonwealth-ex-ceo-officials-charged-with-fraud

14. July 12, Federal Bureau of Investigation – (National) Dallas men indicted in $485M investment fraud scheme. Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that involved investors throughout the country. The two men were charged with one count of conspiracy to commit mail fraud, and 10 counts of mail fraud. According to the indictment, the men, on behalf of Provident Royalties LLC, conspired with others to defraud investors in an oil and gas scheme that involved more than $485 million and 7,700 investors. Specifically, beginning in approximately September 2006, the two men and other individuals made materially false representations and failed to disclose material facts to their investors to induce them into providing payments to Provident. These included false representations that the funds invested would only be used for the project the funds were raised for, that one of Provident’s founders had previously been charged with securities fraud violations by the State of Michigan, and that funds from later investors were used to pay earlier ones. Source: http://www.loansafe.org/dallas-men-indicted-in-485m-investment-fraud-scheme

15. July 12, Associated Press – (New Mexico) Auditor says New Mexico Finance Authority issued fake audit for 2011. The New Mexico Finance Authority (NMFA), which makes billions of dollars in loans for public projects, faked its annual audit that was sent to creditors and investors for 2011, the State auditor said July 12. The State Auditor said he discovered the fake audit after the NMFA failed to submit its annual review as required by law. He said a fraudulent audit report had been produced for investors and creditors, but the firm that supposedly created that document confirmed it was not their work. The CEO of the NMFA called the matter “deeply concerning” but insisted it would have no effect on NMFA’s ability to meet its financial obligations. He blamed the authority’s former controller, who left in June, and said the NMFA took steps to rectify the issues as quickly as possible. He said that the NMFA alerted ratings agencies, investors, public officials, and law enforcement authorities. Source: http://www.therepublic.com/view/story/ff2882b265e14c1b8f18109fbd54f746/NM--Faked-Audit

16. July 12, IDG News Service – (International) Artema Hybrid point-of-sale devices can be hacked remotely, researchers say. Artema Hybrid, a point-of-sale terminal manufactured by VeriFone Systems, is vulnerable to attacks that could allow cyber criminals to steal payment card data and PIN numbers or alter transactions, said security researchers from security research firm Security Research Labs (SRLabs). The software running on the device — commonly referred to as the firmware — contains buffer overflow vulnerabilities in the network stack — the set of libraries that handle network communications, the founder and chief scientist of SRLabs, said July 12. An attacker could exploit these vulnerabilities to execute arbitrary code on the device. Source: http://www.csoonline.com/article/710833/artema-hybrid-point-of-sale-devices-can-be-hacked-remotely-researchers-say

Information Technology Sector

39. July 13, H Security – (International) Yahoo! confirms data breach. Yahoo! confirmed approximately 450,000 e-mail addresses and passwords from its log-in system were leaked on the Internet. The breach was publicized after a security expert posted about it on Twitter and was initially believed only to concern the Yahoo! Voice service. According to Yahoo!, an “old file” from the Yahoo! Contributor Network content sharing platform was compromised and is the source of the log-in data. The company said only around 5 percent of the leaked 450,000 e-mail address and password combinations have valid passwords. Yahoo! stated it is working on fixing the vulnerability and will change the passwords of affected users as well as notify other companies whose user accounts were affected by the breach. In addition to the 140,000 Yahoo! e-mail addresses, there were over 100,000 Gmail addresses and many from Hotmail and other services. Source: http://www.h-online.com/security/news/item/Yahoo-confirms-data-breach-1640148.html

40. July 13, H Security – (International) Symantec Endpoint Protection causing crashes. A signature update to Symantec’s Endpoint Protection software led to crashes of Windows XP. The problems with Endpoint Protection, a security package mainly used in the corporate environment, became noticeable by the frequent complaints from users and administrators to the company’s support team and in Symantec’s forums. According to an information page, although Symantec reproduced the problem, it is yet to identify the underlying cause. It has now, though, produced updated signatures to work around the problem. Source: http://www.h-online.com/security/news/item/Symantec-Endpoint-Protection-causing-crashes-1641046.html

41. July 13, V3.co.uk – (International) Nvidia Developer Zone stung by password pilfering hackers. Nvidia suspended its developer forum following a suspected data breach that may have compromised user passwords. The service was taken offline July 12, with Nvidia posting a statement saying it is investigating the matter. The company indicated the attack targeted user password information. Nvidia warned users about potential phishing scams using the information, urging forum members to remain wary of suspicious e-mails. Source: http://www.v3.co.uk/v3-uk/news/2191413/nvidia-developer-zone-stung-by-password-pilfering-hackers

42. July 13, V3.co.uk – (International) Cisco warns users of TelePresence security holes. Cisco advised customers to update their TelePresence system software and appliances following the release of a series of security fixes. The company issued four software updates designed to address vulnerabilities in various components of the videoconferencing platform. According to Cisco’s advisories, the vulnerable components include the TelePresence Manager, Recording Server, Multipoint Switch, and the TelePresence Immersive Endpoint System. If targeted, the components could be exploited for remote code execution operations. Source: http://www.v3.co.uk/v3-uk/news/2191356/cisco-warns-users-of-telepresence-security-holes

43. July 12, IDG News Service – (International) Oracle to release 88 security fixes. Oracle will deliver 88 security fixes July 17 for a wide range of its products, according to a pre-release announcement posted to its Web site July 12. A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said. Four fixes are for Oracle’s database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for log-in credentials, according to the notice. Oracle is also set to release 22 patches for its Fusion Middleware family, 8 of which can be remotely exploited without a username or password, Oracle said. The company uses the Common Vulnerability Scoring System (CVSS) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale. Another 25 fixes cover weaknesses in Oracle’s Sun product family, including the GlassFish application server and Solaris OS. The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said. Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft, and Oracle Industry Applications. Source: http://www.computerworld.com/s/article/9229081/Oracle_to_release_88_security_fixes

44. July 12, Threatpost – (International) AndroidForums.com hacked, user credentials stolen. An online forum for Android fans and developers was compromised and user account details stolen, according to a notice posted online July 10. Phandroid.com, which operates Androidforums.com, told users that hackers breached a back end database that powers Androidforums.com, an online bulletin board for Android users and developers. The data contained in that database includes androidforums usernames, email addresses, hashed passwords, the IP addresses members registered with, and forum group memberships, among other data. Phandroid.com believes the attack was aimed at gathering e-mail addresses for spam runs. Source: http://threatpost.com/en_us/blogs/androidforumscom-hacked-user-credentials-stolen-071212

45. July 12, ZDNet – (International) Microsoft patches Windows Live identity theft flaw. Two security researchers recently discovered a serious vulnerability in Microsoft’s Windows Live service. The cross-site scripting (XSS) flaw means an attacker could impersonate a Windows Live user by gaining full control of the victim’s cookies. Combined with social engineering, this technique could be used to steal a victim’s Windows Live identity. Source: http://www.zdnet.com/microsoft-patches-windows-live-identity-theft-flaw-7000000832/

For more stories, see items 10 and 11 above in the Banking and Finance Sector

Communications Sector 

See items 39, and 45 above in the Information Technogy Sector

Monday, July 16, 2012 


Daily Report

Top Stories

 • Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that swindled money from more than 7,700 investors throughout the country. – Federal Bureau of Investigation See item 14 below in the Banking and Finance Sector

 • An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. – Associated Press; CBS News 

17. July 13, Associated Press; CBS News – (Michigan; International) Detroit-Windsor Tunnel reopens after bomb threat. An international commuter tunnel connecting Detroit to Windsor, Ontario, was closed for nearly 4 hours July 12 after a bomb threat was phoned in on the Canadian side. No explosives were found, CBS News reported July 13. The Detroit Windsor Tunnel, a busy border crossing beneath the Detroit River, was shut down after a duty free shop employee on the tunnel’s Canadian plaza reported receiving a call about a bomb threat. The tunnel was closed and traffic on both sides of the river was directed to the nearby Ambassador Bridge, which spans the river, the tunnel’s executive vice president said. Homeland Security, U.S. Customs and Border Protection, Detroit police, and other agencies flooded the plaza and entrance on the tunnel’s U.S. side. The bomb threat also resulted in heightened security along the Ambassador Bridge, west of downtown Detroit. The 82-year-old tunnel stretches about 1 mile across the Detroit River, which is one of North America’s busiest trade crossings. Cars and buses make up most of the traffic. About 4.5 million cars crossed in 2011. After the call came in, officials at the tunnel followed protocol that is established between the tunnel operators and local emergency services officials in consultation with U.S. Customs and Border Protection, tunnel officials said. Source: http://www.cbsnews.com/8301-505245_162-57471753/detroit-windsor-tunnel-reopens-after-bomb-threat/

 • A severe drought spreading across the Midwest has resulted in some of the worst conditions in decades, leaving more than 1,000 counties in 26 States designated as natural disaster areas, authorities said. – CNN 

25. July 13, CNN – (National) Drought stretches across America, threatens crops. A severe drought is spreading across the Midwest, resulting in some of the worst conditions in decades and leaving more than 1,000 counties designated as natural disaster areas, authorities said, CNN reported July 13. Farmers in the region are suffering, with pastures for livestock and fields of crops becoming increasingly parched during June, according to the National Climatic Data Center. Many areas in the southern Midwest are reporting the poorest conditions for June since 1988. As of July 10, about 61 percent of the contiguous United States (excluding Alaska, Hawaii, and Puerto Rico) was experiencing drought, the highest percentage in the 12-year record of the U.S. Drought Monitor. Unusually high temperatures and little rainfall have led to “widespread deterioration and expansion of dryness and drought” in the Midwest, northwestern Ohio Valley, and southern Great Plains, the drought monitor said. That has left 1,016 counties in 26 States termed as natural disaster areas, the U.S. Department of Agriculture said the week of July 9. A county is generally qualified as a natural disaster area if it has suffered severe drought for 8 consecutive weeks. The past 12 months have been the warmest the United States has experienced since records began in 1895, the climatic data center said. Source: http://www.cnn.com/2012/07/13/us/midwest-drought/index.html?hpt=hp_t1

 • Thousands of patients of two Denver-area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C over a period of 11 years. – KUSA 9 Denver 

30. July 13, KUSA 9 Denver – (Colorado) Denver area oral surgeon may have exposed patients to HIV. Patients of two Denver area practices were advised to get tested July 12 after a licensed dentist and practicing oral surgeon may have exposed them to HIV, hepatitis B, and/or hepatitis C. The Colorado Department of Public Health and Environment has sent out more than 8,000 letters to patients and former patients of an oral surgeon in Highlands Ranch and Denver. However, the department believes there are more patients that have been impacted. An investigation began after a report of unsafe injection practices. During the investigation, the health department determined syringes and needles used to inject medications through patients’ IV lines were saved and reused. The health department advised anyone who was a patient of the oral surgeon in Highlands Ranch and Denver to be tested if they received intravenous medications including sedation from September 1999 through June 2011. Officials said patients may be at risk if they were seen by the surgeon at the following locations: September 1999 to June 2011 - Stein Oral and Facial Surgery, 8671 S. Quebec St., #230, Highlands Ranch, CO 80130; August 2010 to June 2011 at Stein Oral and Facial Surgery (New Image Dental Implant Center), 3737 E.1st Ave., Suite B, Denver, CO 80206. Source: http://www.9news.com/news/local/article/277306/222/Denver-area-dentist-may-have-exposed-patients-to-HIV

Details

Banking and Finance Sector

10. July 13, Softpedia – (International) FBI arrests 3 more individuals accused of carding crimes. As a continuation of an operation where authorities apprehended 24 individuals suspected of being involved in payment card information trafficking in June, the FBI announced the arrests of three more suspects, bringing the number of defendants to 27, Softpedia reported July 13. One known as HellsAngel was arrested July 11 in Mumbai, India. Another that went by the username Swat Runs Train, and another called xTGxKAKAROT, were taken into custody in Canada and Colorado, respectively. Swat Runs Train was suspected of selling complete credit card details, including names, addresses, Social Security numbers, birth dates, and bank account information. The one known as HellsAngel was also believed to have offered the same type of data. He also sold remote desktop protocol (RDP) access data that could be utilized to breach computers. xTGxKAKAROT possessed around 170,000 credential sets, comprised of usernames and passwords, which could be used to access online accounts. He also made money by selling electronic devices he obtained as a result of his carding activities. Source: http://news.softpedia.com/news/FBI-Arrests-3-More-Individuals-Accused-of-Carding-Crimes-281157.shtml

11. July 13, Softpedia – (California; Washington) Rapper ‘Guerilla Black’ arrested for buying and using stolen payment card details. A rap artist known as Guerilla Black was detained at his home in Los Angeles on suspicion of purchasing and using at least 27,257 stolen credit card numbers obtained by hackers from 2 restaurants from the Seattle area, Softpedia reported July 13. The two hackers were previously arrested and indicted. While the total losses were not yet known, the amount may be large, especially since only 137 of the cards were used to make purchases worth $150,000. The rapper was charged with accessing a protected computer without authorization to further fraud, access device fraud, bank fraud, aggravated identity theft, and conspiracy to commit access device fraud and to commit bank fraud. He was also accused of conspiracy to access protected computers to further fraud. Source: http://news.softpedia.com/news/Rapper-Guerilla-Black-Arrested-for-Buying-and-Using-Stolen-Payment-Card-Details-281192.shtml

12. July 12, WLS 7 Chicago – (Illinois) ‘Wicker Park Bandit’ pleads guilty to bank robberies. The man authorities call ‘The Wicker Park Bandit’ pleaded guilty to three bank robberies July 12 in Chicago. The man was arrested in February. At the time, the FBI said he was a suspect in as many as 10 bank robberies in and around Chicago’s Wicker Park neighborhood. Source: http://abclocal.go.com/wls/story?section=news/local&id=8734402

13. July 12, Bloomberg News – (Virginia) Bank of Commonwealth ex-CEO, officials charged with fraud. The former chief executive officer (CEO) of Norfolk, Virginia’s Bank of the Commonwealth was among six people indicted for an alleged fraud conspiracy involving a coverup of the bank’s financial condition from 2008 to 2011, Bloomberg News reported July 12. The former CEO who ran the bank for more than 3 decades was charged in a 25-count indictment. Three other former bank executives and two borrowers were also charged. The executives concealed shortfalls by overdrawing demand-deposit accounts to make loan payments and extending new loans or additional principal on existing loans to cover payment deficiencies, the indictment charged. Prosecutors are seeking $71 million in criminal forfeiture. From 2008 until it closed in 2011, the bank lost almost $115 million. The bank’s failure will cost the United States, through the Federal Deposit Insurance Corporation, more than $260 million. Source: http://www.businessweek.com/news/2012-07-12/bank-of-commonwealth-ex-ceo-officials-charged-with-fraud

14. July 12, Federal Bureau of Investigation – (National) Dallas men indicted in $485M investment fraud scheme. Two Dallas men were indicted July 12 in connection with a $485 million investment fraud scheme that involved investors throughout the country. The two men were charged with one count of conspiracy to commit mail fraud, and 10 counts of mail fraud. According to the indictment, the men, on behalf of Provident Royalties LLC, conspired with others to defraud investors in an oil and gas scheme that involved more than $485 million and 7,700 investors. Specifically, beginning in approximately September 2006, the two men and other individuals made materially false representations and failed to disclose material facts to their investors to induce them into providing payments to Provident. These included false representations that the funds invested would only be used for the project the funds were raised for, that one of Provident’s founders had previously been charged with securities fraud violations by the State of Michigan, and that funds from later investors were used to pay earlier ones. Source: http://www.loansafe.org/dallas-men-indicted-in-485m-investment-fraud-scheme

15. July 12, Associated Press – (New Mexico) Auditor says New Mexico Finance Authority issued fake audit for 2011. The New Mexico Finance Authority (NMFA), which makes billions of dollars in loans for public projects, faked its annual audit that was sent to creditors and investors for 2011, the State auditor said July 12. The State Auditor said he discovered the fake audit after the NMFA failed to submit its annual review as required by law. He said a fraudulent audit report had been produced for investors and creditors, but the firm that supposedly created that document confirmed it was not their work. The CEO of the NMFA called the matter “deeply concerning” but insisted it would have no effect on NMFA’s ability to meet its financial obligations. He blamed the authority’s former controller, who left in June, and said the NMFA took steps to rectify the issues as quickly as possible. He said that the NMFA alerted ratings agencies, investors, public officials, and law enforcement authorities. Source: http://www.therepublic.com/view/story/ff2882b265e14c1b8f18109fbd54f746/NM--Faked-Audit

16. July 12, IDG News Service – (International) Artema Hybrid point-of-sale devices can be hacked remotely, researchers say. Artema Hybrid, a point-of-sale terminal manufactured by VeriFone Systems, is vulnerable to attacks that could allow cyber criminals to steal payment card data and PIN numbers or alter transactions, said security researchers from security research firm Security Research Labs (SRLabs). The software running on the device — commonly referred to as the firmware — contains buffer overflow vulnerabilities in the network stack — the set of libraries that handle network communications, the founder and chief scientist of SRLabs, said July 12. An attacker could exploit these vulnerabilities to execute arbitrary code on the device. Source: http://www.csoonline.com/article/710833/artema-hybrid-point-of-sale-devices-can-be-hacked-remotely-researchers-say

Information Technology Sector

39. July 13, H Security – (International) Yahoo! confirms data breach. Yahoo! confirmed approximately 450,000 e-mail addresses and passwords from its log-in system were leaked on the Internet. The breach was publicized after a security expert posted about it on Twitter and was initially believed only to concern the Yahoo! Voice service. According to Yahoo!, an “old file” from the Yahoo! Contributor Network content sharing platform was compromised and is the source of the log-in data. The company said only around 5 percent of the leaked 450,000 e-mail address and password combinations have valid passwords. Yahoo! stated it is working on fixing the vulnerability and will change the passwords of affected users as well as notify other companies whose user accounts were affected by the breach. In addition to the 140,000 Yahoo! e-mail addresses, there were over 100,000 Gmail addresses and many from Hotmail and other services. Source: http://www.h-online.com/security/news/item/Yahoo-confirms-data-breach-1640148.html

40. July 13, H Security – (International) Symantec Endpoint Protection causing crashes. A signature update to Symantec’s Endpoint Protection software led to crashes of Windows XP. The problems with Endpoint Protection, a security package mainly used in the corporate environment, became noticeable by the frequent complaints from users and administrators to the company’s support team and in Symantec’s forums. According to an information page, although Symantec reproduced the problem, it is yet to identify the underlying cause. It has now, though, produced updated signatures to work around the problem. Source: http://www.h-online.com/security/news/item/Symantec-Endpoint-Protection-causing-crashes-1641046.html

41. July 13, V3.co.uk – (International) Nvidia Developer Zone stung by password pilfering hackers. Nvidia suspended its developer forum following a suspected data breach that may have compromised user passwords. The service was taken offline July 12, with Nvidia posting a statement saying it is investigating the matter. The company indicated the attack targeted user password information. Nvidia warned users about potential phishing scams using the information, urging forum members to remain wary of suspicious e-mails. Source: http://www.v3.co.uk/v3-uk/news/2191413/nvidia-developer-zone-stung-by-password-pilfering-hackers

42. July 13, V3.co.uk – (International) Cisco warns users of TelePresence security holes. Cisco advised customers to update their TelePresence system software and appliances following the release of a series of security fixes. The company issued four software updates designed to address vulnerabilities in various components of the videoconferencing platform. According to Cisco’s advisories, the vulnerable components include the TelePresence Manager, Recording Server, Multipoint Switch, and the TelePresence Immersive Endpoint System. If targeted, the components could be exploited for remote code execution operations. Source: http://www.v3.co.uk/v3-uk/news/2191356/cisco-warns-users-of-telepresence-security-holes

43. July 12, IDG News Service – (International) Oracle to release 88 security fixes. Oracle will deliver 88 security fixes July 17 for a wide range of its products, according to a pre-release announcement posted to its Web site July 12. A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said. Four fixes are for Oracle’s database. Three of the database vulnerabilities involved can be exploited by an attacker over a network without the need for log-in credentials, according to the notice. Oracle is also set to release 22 patches for its Fusion Middleware family, 8 of which can be remotely exploited without a username or password, Oracle said. The company uses the Common Vulnerability Scoring System (CVSS) to rank the seriousness of its patches. One of the fixes, for the Fusion Middleware product JRockit, has a CVSS score of 10.0, the highest on the scale. Another 25 fixes cover weaknesses in Oracle’s Sun product family, including the GlassFish application server and Solaris OS. The patch batch will also deliver six fixes for the MySQL database. None of the weaknesses involved can be exploited remotely without credentials, Oracle said. Other patches in the release include ones for Hyperion, Enterprise Manager Grid Control, E-Business Suite, Siebel CRM, PeopleSoft, and Oracle Industry Applications. Source: http://www.computerworld.com/s/article/9229081/Oracle_to_release_88_security_fixes

44. July 12, Threatpost – (International) AndroidForums.com hacked, user credentials stolen. An online forum for Android fans and developers was compromised and user account details stolen, according to a notice posted online July 10. Phandroid.com, which operates Androidforums.com, told users that hackers breached a back end database that powers Androidforums.com, an online bulletin board for Android users and developers. The data contained in that database includes androidforums usernames, email addresses, hashed passwords, the IP addresses members registered with, and forum group memberships, among other data. Phandroid.com believes the attack was aimed at gathering e-mail addresses for spam runs. Source: http://threatpost.com/en_us/blogs/androidforumscom-hacked-user-credentials-stolen-071212

45. July 12, ZDNet – (International) Microsoft patches Windows Live identity theft flaw. Two security researchers recently discovered a serious vulnerability in Microsoft’s Windows Live service. The cross-site scripting (XSS) flaw means an attacker could impersonate a Windows Live user by gaining full control of the victim’s cookies. Combined with social engineering, this technique could be used to steal a victim’s Windows Live identity. Source: http://www.zdnet.com/microsoft-patches-windows-live-identity-theft-flaw-7000000832/

For more stories, see items 10 and 11 above in the Banking and Finance Sector

Communications Sector 

See items 39, and 45 above in the Information Technogy Sector