Thursday, July 19, 2012 

Daily Report

Top Stories

 • Government safety regulators were investigating complaints that throttles can stick on older-model Ford Escape and Mazda Tribute sport utility vehicles and cause them to crash. They said the probe affects 730,000 vehicles, and that they received 99 complaints from owners alleging 13 crashes, 9 injuries, and 1 death. – Associated Press 

5. July 18, Associated Press – (National) Feds probe Ford Escapes for sticky throttles. Government safety regulators were investigating complaints that throttles can stick on older-model Ford Escape and Mazda Tribute sport utility vehicles (SUV) and cause them to crash, the Associated Press reported July 18. The probe by the National Highway Traffic Safety Administration affects 730,000 SUVs from the 2001 to 2004 model years that are powered by V-6 engines. The safety agency said it has received 99 complaints from owners of the SUVs alleging 13 crashes, 9 injuries, and 1 death caused by the problem. The throttles on the SUVs can fail to return to idle when the driver takes his foot off the gas pedal, according to agency documents. Sixty-eight of the complaints were about the Escape, and 31 involved the Tribute, a nearly identical vehicle made by Ford for Mazda. Investigators are looking into whether the sticky throttles could have been caused by repairs made as part of a 2004 recall of the same vehicles. About 590,000 of the vehicles were recalled in December of 2004 to fix an accelerator cable defect, and the documents said the repairs could have damaged the cruise control cable. Source:

 • Cybercriminals are taking advantage of cheap tools to send mass emails, SMS, and phone calls to prevent banks from alerting customers about fraudulent high-value transactions, researchers found. – Softpedia See item 6 below in the Banking and Finance Sector

 • A murder suspect from Colorado Springs, Colorado, attempted to hot-wire a SkyWest Airlines regional jet at the airport in St. George, Utah, then crashed it into a fence before killing himself, federal law enforcement authorities said. – NBC News

18. July 16, Associated Press – (Pennsylvania) Charleroi locks closed on Monongahela River through Aug. 3 for repairs of valves. The locks on the Monongahela River near Charleroi, Pennsylvania, will close through August 3, meaning cargo barges and pleasure boaters will not be able to pass through the river at that point, about 20 miles south of Pittsburgh. The U.S. Army Corps of Engineers said the chamber of Lock No. 4 would be drained starting July 23 so crews could fix the miter gate sills, the filling valves, and related machinery. Source:

 • The Indiana Department of Homeland Security extended a water shortage warning to all 92 counties in the State July 17. Officials asked for voluntary water conservation and for high-volume users to reduce usage by 10-15 percent. – Associated Press; WISH 8 Indianapolis

25. July 17, Associated Press; WISH 8 Indianapolis – (Indiana) Entire state under water shortage warning. The Indiana Department of Homeland Security extended a water shortage warning to all 92 counties July 17 after placing less than half the state in that category a week ago. State officials asked for voluntary water conservation, specifically asking high-volume users to reduce the volume they use by 10-15 percent. If conditions worsen, the governor could declare an emergency and put mandatory rules into place. In central Indiana, Citizens Water draws from three reservoirs, all of which are down from their usual levels at this time of year. Morse Reservoir is down nearly 6 feet, Geist Reservoir and Eagle Creek are both nearly 2 feet below normal. Citizens said it will increase filtration at its Fall Creek treatment plant, which will enable it to reduce the amount being drawn from Morse Reservoir for its White River treatment plant. Source:

 • Some 30 people, 28 firefighters and 2 civilians, suffered minor injuries in a 6-alarm fire that gutted an apartment building in New York City, making about 60 of 180 units unlivable. – WCBS 2 New York

39. July 18, WCBS 2 New York – (New York) Dozens injured in six-alarm Bronx blaze near Yankee Stadium. Thirty individuals, 28 firefighters, and 2 civilians, suffered minor injuries while involved with a 6-alarm fire in New York City. The fire began July 18 at a building near Yankee Stadium in the Bronx. The entire building was evacuated as crews worked to contain the fire, which broke out in the back of the building on the sixth floor. More than 200 firefighters responded. The historic building was part of the Grand Concourse Preservation Society. The fire chief said about a third of the 180 units are not livable. The Red Cross has been helping displaced residents with food and shelter at All Hallows High School. Source:


Banking and Finance Sector

6. July 18, Softpedia – (International) SMS, email, and phone call floods used by fraudsters to hide illegal money transfers. Cybercriminals have come up with a new way of ensuring banks can not alert customers when fraudulent high-value transactions are taking place using mass emails, mass SMSs, and phone call floods, Softpedia reported July 18. When a bank requests confirmation of an unusual transfer via SMS, phone call, or email, cybercriminals will block those lines of communication by flooding them with spam messages. For instance, if the bank usually sends the confirmation notice via email, the crooks would flood the victim’s email address with thousands of emails, making it almost impossible to find the one important message. Krebs On Security stumbled upon a number of tools – advertised on underground forums – that could easily perform these tasks. Prices for such tools were found to be low. For instance, for flooding a single email account with 25,000 emails, the customer pays $25. For one day of flooding one phone number – service available for any country and any operator – the price was $20. Mass SMS sending was even cheaper. For the price of $5 fraudsters can send 100 text messages. Source:

7. July 17, Fresno Bee – (California) Fresno's 'Smelly Bandit' pleads no contest in bank robberies. A man dubbed by police as the "Smelly Bandit" pleaded no contest July 17 in Fresno County Superior Court to robbing five banks and a Subway sandwich shop in Fresno and Clovis, California. Police said more than $15,000 was taken in the five bank robberies between January 6 and April 23. The man also admitted to robbing a Subway sandwich shop in 2011. The man would hand a note to the bank teller and demand money during the robberies. He was alleged to have used a knife to rob the sandwich shop. Source:

8. July 17, Federal Bureau of Investigation – (Illinois) Alton man commits bank fraud and pleads guilty in check kiting scheme. An Alton, Illinois man pleaded guilty in federal court in Illinois, July 16 to one-count of bank fraud by engaging in a check kiting scheme that cost two lenders $212,423. The man admitted that while he was serving as president of two companies, Topflight Logistics Inc. and TFV Trucking LLC, he engaged in a check kiting scheme through which he cross-deposited 208 checks between accounts for each firm. He admitted that he was responsible for managing the financial records of Topflight Logistics and TFV Trucking when he cross-deposited the 208 checks totaling $2,186,214.75. The scheme resulted in a total loss of $212,423.14 to the two financial institutions involved. Source:

9. July 17, Long Island Newsday – (New York) LI man charged in alleged $7.5 million mortgage scam. An Old Westbury, New York man was charged with running a $7.5 million mortgage scam, prosecutors said July 17. He was arrested July 16 along with a co-conspirator. They each were charged with conspiracy to commit wire, bank, and mail fraud, and two counts of conspiracy to make false statements. Prosecutors said that from 2007 until October 2010, the man ran a real estate brokerage in Queens known as Buy-a-Home LLC or First Home Brokerage, where he hired the co-conspirator as a sales manager. The pair recruited buyers to purchase homes at prices that were inflated by $100,000 above the original sales price. The duo improperly funneled money to the buyers to make it appear they could qualify for loans insured by the Federal Housing Administration (FHA). The co-conspirators allegedly defrauded the federal Department of Housing and Urban Development into issuing $7.5 million in loans that were then purchased by banks. In addition, many homes went into foreclosure, forcing FHA to make nearly $1 million in insurance payments. Source:

10. July 17, Chicago Sun-Times Media Wire – (Illinois) ‘Skimmers’ targeted credit-card users from Wrigley Field to Mag Mile. A Chicago man pleaded guilty July 17 to organizing an ATM skimming ring that stole more than $200,000 from diners using bank or credit cards at restaurants and attractions across the city, including Wrigley Field baseball stadium. The man pleaded guilty to felony conspiracy to commit a financial crime, according to the Illinois attorney general’s office. He paid employees of the restaurants and eateries to skim customer credit card information using a small card reader, prosecutors said. Employees would swipe customers’ cards, giving him access to account information, with which he created counterfeit credit cards and made phony purchases. Compromised in the scheme were accounts from Chase, U.S. Bank, Citibank, Harris Bank, American Express, Bank of America, and Fifth Third Bank, all of which assisted in the investigation and notified potential victims. Source:

11. July 17, Airzona Republic – (Arizona) 'Baseball Babe Bandit' sought in bank heists. FBI officials were searching for a woman they suspect was involved in multiple bank robberies in Mesa, Arizona, the Arizona Republic reported July 17. Officials dubbed her the "Baseball Babe Bandit." She usually wears a baseball style hat with latex gloves. During the incidents, the woman hands the teller a demand note and threatens bank employees. After receiving money, she has been seen leaving on a bicycle, officials said. The woman is believed to have robbed a Compass Bank March 27, another Compass Bank April 27, and a Bank of America June 28. Source:

Information Technology Sector

32. July 18, H Security – (International) Critical holes closed in Firefox, Thunderbird and SeaMonkey. Following the latest round of updates to its suite of Internet applications, Mozilla detailed all of the security fixes in the new versions of its Firefox Web browser, Thunderbird news and email client, and the SeaMonkey "all-in-one internet application suite." As they are all based on the same Gecko platform, version 14.0 of Firefox and Thunderbird, and version 2.11 of SeaMonkey close a number of the same security holes, some of which are rated as "Critical" by the project; updates were also published for the "enterprise" versions of Firefox and Thunderbird to address these issues. According to Mozilla, some of these vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim's system. Source:

33. July 18, Help Net Security – (International) Android malware is booming. Trend Micro's January prediction that 11,000 pieces of Android malware will be detected by June of 2012 proved completely inaccurate, as the number of malicious applications in the wild for Google's mobile operating system exploded and now is at more than 25,000. Forty-eight percent of these malicious apps are premium service abusers, followed by 22 percent that are adware, and 21 percent that are data stealers. Malicious downloaders are offered in 19 percent of cases, while rooters, click fraudsters, and spying tools are at the bottom of the ladder. The apps are pushed onto users through third-party online stores and even the official Google Play app store. Usually, they masquerade as legitimate and popular software such as Angry Birds, Skype, and Instagram. This unexpected boom in Android malware made the researchers revise their expectations — they believe there may be a total of 129,000 different malicious apps by the end of 2012. Source:

34. July 18, CSO – (International) Android malware steals location data from mobile devices. BitDefender Labs discovered Android malware that regularly broadcasts the location of the infected mobile device to a remote server. What the malware creators intend to do with the privacy-invading information is unclear. The application operates in the background and appears on the smartphone or tablet as an icon with the word "store" written on it. The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device's Wi-Fi connection and scan for access points. All of the data is transmitted to the remote server via the device's Internet connection. The spyware has no user interface and transmits location information every few seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps. Source:

35. July 18, H Security – (International) Oracle's July patch day brings 87 security updates. In its planned July Critical Patch Update (CPU), Oracle released 87 security updates to fix various vulnerabilities across many product families. The updates affect products including Oracle Fusion Middleware 11g, Oracle Database 10g and 11g, and MySQL. One of the holes was given the highest possible CVSS score of 10.0; it was closed in the JRockit Java Virtual Machine, which is part of Oracle Fusion. Holes were also closed in other Fusion components including Enterprise Manager for Fusion Middleware, Oracle HTTP Server, MapViewer, Outside In Technology, and Portal. The vulnerabilities that affect the Database Server were fixed in the Enterprise Manager for Oracle Database, in Core RDBMS, and in the network layer. Here, the highest CVSS score is 6.8; none of the holes in MySQL exceed this rating either. The company released security updates for Oracle Siebel CRM, Enterprise Manager Grid Control 10g and 11g, Hyperion BI+, Solaris, Solaris Cluster, the SPARC T-Series, the Glassfish Enterprise Server, and the Oracle iPlanet Web Server. Many of the closed holes can be exploited by remote attackers without authentication. Java is not affected by this CPU, as Oracle is planning to provide the next Java update with its October CPU. Source:

36. July 17, Krebs on Security – (International) Spammers target Dropbox users. July 17, users had difficulty logging into Dropbox, the online file storage service. The outages came amid reports that many European Dropbox users were being blasted with spam for online casinos, suggesting some kind of leak of Dropbox user email addresses. The trouble began earlier July 17, when users on Dropbox support forums began complaining of suddenly receiving spam at email addresses they created specifically for use with Dropbox. Various users in Germany, the Netherlands, and United Kingdom reported receiving junk email touting online gambling sites. At around 3 p.m. ET, the company's service went down in a rare outage, blocking users from logging into and accessing their files and displaying an error message on Source:

37. July 17, Threatpost – (International) Malware tied to Blackhole exploit kit appears as Facebook tag alert. SophosLabs discovered malware infecting machines by getting users to open a malicious link in a fake Facebook email notification. Everything looks legitimate about the alert with one exception: the domain name for the sender's URL is Faceboook(dot)com, not "If you click on the link in the email, you are not taken immediately to the real Facebook website," said a Sophos researcher. "Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware)." Those who click the "See Photo" button in the email are taken to the malicious site and before they can react, their browser redirects them to a random, unknowing person's Facebook page and not the page of the person who supposedly sent the email. Sophos said the malicious code is Troj/JSRedir-HW. Source:

38. July 17, Dark Reading – (International) 'Waldo' finds ways to abuse HTML5 WebSockets. HTML 5's WebSocket feature is susceptible to a wide range of abuses by attackers, as researchers will demonstrate the week of July 23 at the Black Hat USA conference. In particular, two researchers will release a hacking tool called Waldo for researchers to test for WebSocket vulnerabilities and potential attack vectors. WebSocket is a faster, more efficient way for browsers and Web servers to communicate (bi-directionally); it supports real-time applications such as customer-support chat features and online gaming, for example. Most major browsers support it. The problem is that current firewalls, next-generation firewalls, unified threat management (UTM), and IDS/IPS products are not WebSocket-aware, the researchers say. In other words, they cannot detect WebSocket traffic. Source:

For more stories, see item 6 above in the Banking and Finance Sector

Communications Sector

See items 6 above in the Banking and Finance Sector and 33, 34, and 37 above in the Information Technology Sector