Thursday, July 26, 2012 

Daily Report

Top Stories
• The Michigan governor declared an energy emergency in the State July 24 due to temporary shortages of gasoline and diesel fuel caused by the shutdown of a pipeline in Wisconsin. – Reuters

6. July 24, Reuters – (Michigan) Michigan governor declares emergency over fuel shortage. The Michigan governor declared an energy emergency in the State July 24 due to temporary shortages of gasoline and diesel fuel in parts of the Upper Peninsula caused by the shutdown of a pipeline in Wisconsin. The emergency declaration suspends State and federal regulations that limit hours of service for motor carriers and drivers transporting gasoline, diesel fuel, and jet fuel to address the shortages, the governor said in a statement. The West Shore pipeline that carries 70,000 barrels-per-day of refined products from Chicago to Green Bay in northern Wisconsin was shut for several days after a gasoline leak was found July 17. The pipeline was restarted July 21. The pipeline, which is operated by Buckeye Partners LP, carries gasoline, diesel fuel, and jet fuel. The closed section of the line started about 10 miles northwest of Milwaukee. The leak spilled about 1,000 barrels of unleaded gasoline, according to a report the company filed with the National Response Center. Source:

 • Fire and emergency crews battled to contain a chemical fire in Oklahoma City that forced the evacuation of several commercial buildings and nearby homes. The fire also threatened a major water source. – KWTV 9 Oklahoma City; CBS News

7. July 25, KWTV 9 Oklahoma City; CBS News – (Oklahoma) Chemical fire forces home, business evacuations. Fire crews and emergency crews battled to contain a chemical fire in Oklahoma City that sent toxic smoke billowing into the air and forced the evacuation of several commercial buildings and nearby homes, July 25. Smoke from the Bachman Services plant and nearby Horizon Hydraulics forced employees out of their buildings. Workers said they heard several explosions and believe a forklift caught on fire, which ignited several hundred chemical barrels filled with triazine, a toxic flammable liquid. Scores of firefighters worked to keep the fire from spreading to other buildings. “The building is pretty much demolished,” said the Oklahoma City Fire Department chief. Several Oklahoma City firefighters had to be decontaminated after exposure to the toxic fumes, and people living downwind were told to evacuate. Public works and environmental officials tried to keep the toxic chemicals from getting into ground water because storm water drains in the area lead straight to the Oklahoma River. Source:

 • The Centers for Disease Control and Prevention is collaborating with public health and agriculture officials in many States and the U.S. Department of Agriculture to investigate a Salmonella outbreak linked to live poultry. As of July 19, 37 people in 11 States had been infected, and more than half a dozen had been hospitalized. – Centers for Disease Control and Prevention

31. July 23, Centers for Disease Control and Prevention – (National; Idaho) Multistate outbreak of human Salmonella Hadar infections linked to live poultry. The Centers for Disease Control and Prevention (CDC) is collaborating with public health and agriculture officials in many States and the U.S. Department of Agriculture to investigate an outbreak of human Salmonella Hadar infections linked to chicks, ducklings, and other live poultry from Hatchery B in Idaho, a July 23 notice states. Public health investigators are using the PulseNet system to identify cases of illness that may be part of these outbreaks. As of July 19, 37 people infected with the outbreak strain of Salmonella Hadar have been reported from 11 States: Arizona (2), California (1), Colorado (3), Idaho (5), Illinois (2), Oregon (5), Tennessee (2), Texas (1), Utah (5), Washington (9), and Wyoming (2). Illnesses began between March 19 and July 6. Among 26 ill persons with available information, 8 have been hospitalized. Twenty-four of 27 ill persons interviewed reported contact with live poultry before becoming ill. Live poultry were purchased from agricultural feed stores or direct from the mail-order hatchery. Source:

 • The Federal Communications Commission and emergency responders in York County, Maine, were looking for the person who jammed radio communications July 22. Officials believe the jammer has been active since 2004. – Portland Press Herald

36. July 25, Portland Press Herald – (Maine) Locating emergency radio jammer in York County ‘not easy’. The Federal Communications Commission (FCC) will have trouble finding the person responsible for recent emergency radio jamming in York County, Maine, without monitoring constantly, an agency spokesman said July 24. Local authorities believed a rogue radio jammer plagued the town of Lebanon and a few other surrounding communities off and on since 2004. The perpetrator fell silent earlier this year, but the jammer resurfaced July 22, following initial reports of a multi-vehicle crash with numerous injuries. Rescue workers and police who scrambled to the scene to assess the accident found their scanners’ radio signal blocked. When officials realized the signal was being interfered with, a dispatcher sent a message over the airwaves that the FCC was monitoring. The jamming stopped immediately. Source:


Banking and Finance Sector

12. July 25, Arlington Heights Daily Herald – (Illinois) Seven face federal fraud charges in mortgage ‘scheme’. Seven men faced federal fraud charges stemming from what prosecutors called a “scheme” to bilk mortgage lenders out of more than $8.5 million for properties in Chicago’s South Side, the Arlington Heights Daily Herald reported July 25. The individuals were charged with mail and wire fraud in the scheme. Prosecutors said the men worked together to “fraudulently obtain” more than 20 residential mortgage loans between 2007 and 2008. Court papers charged that two of the individuals sold the properties at inflated prices, knowing the buyers had fraudulently obtained the loans and would not be able to repay them, and that the other men recruited buyers or helped falsify loan applications. Source:

13. July 25, Arlington Heights Daily Herald – (Illinois) FBI: Suspects rob 4th area bank since late May. A man and his two accomplices wanted in connection with the robbery of an Elmhurst, Illinois bank inside a grocery store are also suspected in three other area holdups, according to the FBI. The suspect in a July 23 robbery of the TCF Bank branch inside a Jewel-Osco passed a note to a teller demanding cash, while accompanied by two other men, officials said. The main suspect implied he had a weapon but did not display one. The other men did not approach the teller counter, but left with the robber on foot after he was handed some money. The same suspects are wanted in robberies of separate TCF Bank branches inside Jewel-Oscos. The robberies took place May 26 in Elmhurst, June 6 in Bartlett, and June 12 in Elgin. The suspects also attempted to rob a TCF branch inside a Jewel-Osco in Hoffman Estates June 6, but were unsuccessful, according to authorities. Source:

14. July 25, BankInfoSecurity – (National) Micro attacks: The new fraud scheme. A small point-of-sale (POS) attack in Kentucky points to a larger fraud trend impacting banking institutions and their customers, BankInfoSecurity reported July 25. “Micro attacks” is the term a Gartner analyst used to describe this new scheme characterized by localized fraud incidents that are relatively small in nature, eluding detection and giving the fraudsters more time to drain accounts. In the latest example, a Winchester, Kentucky-based restaurant was named as the source of a POS attack that affected scores of credit and debit accounts and more than a dozen local banks. Other institutions in different locations report similar stories: small attacks that affect a handful of card-issuing institutions, which often fail to have fraud-detection systems sophisticated enough to connect the dots to a single point of compromise. The attacks are usually waged against a certain type of POS device or system model, which hackers hit through remote-access portals. This is easy, according to the Gartner analyst, because many businesses — especially restaurants — fail to change the default passwords installed by the original equipment manufacturer, and so fraudsters find no resistance. Source:

15. July 25, Associated Press – (International) Mexico fines HSBC $28 million in laundering case. Mexican regulators said they have fined HSBC $28 million for failing to prevent money laundering through accounts at the bank, the Associated Press reported July 25. Mexico’s National Securities and Banking Commission said the Mexico subsidiary of the London-based bank has paid the fines. The commission and a report by a U.S. Senate investigative committee found the bank failed to control suspicious flows of billions of dollars through its accounts. Officials said HSBC became the main shipper of bank cash transfers from Mexico to the United States in the 2000s, and in 2007 and 2008 sent north about $7 billion in cash. Source:$28-million-in-laundering-case/

16. July 24, Inland Valley Daily Bulletin – (California) ‘Plain Jane’ bandit hits another bank. A woman dubbed the “Plain Jane” bandit robbed another southern California bank making it her fifth heist in less then 2 weeks, the Inland Valley Daily Bulletin reported July 25. The woman is linked to two July 23 bank robberies in Moreno Valley, and then a third robbery July 24 in Buena Park. During the robberies, she uses written and verbal demands and makes it sound as if she possibly has an accomplice waiting for her outside the bank. She is being sought in connection to four U.S. Bank heists, and one at a Chase Bank. Source:

17. July 24, KOMO 4 Seattle – (Washington) Police make arrest in Bank of America stabbing. A man police believe stabbed a Seattle bank’s security guard in the stomach July 24 was arrested later the same day. The stabbing occurred at a Bank of America branch after a man walked in and expressed interest in opening a new account. When he was told he would have to fill out paperwork, he told the teller he would return later. While walking out, the man stabbed the guard on duty twice in the abdomen “for no apparent reason,” police said. The guard was rushed to a hospital with non-life threatening injuries. The suspect fled on foot and was later arrested. Source:

Information Technology Sector

38. July 25, – (International) Researchers uncover new Mac malware attack. Researchers are warning users following the discovery of a new malware attack targeting OS X systems. Security firm Intego said the OS X/Crisis malware looks to infect systems running MacOS X Lion and Snow Leopard systems. Researchers did not say whether the malware is able to infect Apple’s Mountain Lion release. According to Intego, the Crisis malware is able to install itself without any user interaction or notification and installs files locally, allowing the downloader to continue operating after a system restart. While the origin of the Crisis downloader was not revealed, researchers noted the malware has not yet been spotted performing attacks in the wild. The exact nature of how the malware functions is not yet known. Source:

39. July 25, H Security – (International) Microsoft warns of Oracle holes in Exchange and SharePoint. Microsoft warned its Exchange and SharePoint server products may be affected by security holes Oracle patched in its most recent Critical Patch Updates the week of July 16. Apparently, the Microsoft components use the Oracle Outside In libraries, which, Oracle said, contain security holes. According to Microsoft Security Advisory 2737111, the issue affects Exchange Server 2007 and 2010 as well as FAST Search Server 2010 for SharePoint. SharePoint is only vulnerable if the Advanced Filter Pack is activated, said Microsoft. As a workaround, the company recommends users disable this feature in Sharepoint for the time being. Exchange administrators were advised to disable the attachment transcoding service. However, this may cause the OWA Web frontend’s file attachment preview to malfunction. Microsoft did not say whether or when it will release suitable patches to eliminate the root of the problem. Source:

40. July 25, Dark Reading – (International) Impersonating Microsoft Exchange servers to manipulate mobile devices. At the Black Hat security conference July 26, an Australian researcher will demonstrate a proof-of-concept attack using a man-in-the-middle connection and Microsoft Exchange to conduct unauthorized remote wipes on mobile devices. According to the research presented at Black Hat, this is the beginning to further explorations of what man-in-the-middle attacks leveraging Microsoft Exchange against poorly configured mobile devices are really capable of doing. Source:

41. July 25, IDG News Service – (International) Java flaws increasingly targeted by attackers, researchers say. Java vulnerabilities are increasingly exploited by attackers to infect computers, and the problem could become worse if Oracle does not do more to secure the product and keep its installation base up to date, according to security researchers who will talk about Java-based attacks at the Black Hat USA 2012 security conference. Several years ago, the most targeted browser plug-ins were Flash Player and Adobe Reader. However, many current Web exploit toolkits rely heavily on Java exploits, said a security researcher with HP DVLabs, Hewlett-Packard’s vulnerability research division. Source:

42. July 25, The Register – (International) Siemens squashes Stuxnet-like bugs in SCADA kit. Siemens closed vulnerabilities in its industrial control kit similar to those exploited by the Stuxnet worm. Security bugs on the German manufacturer’s Simatic Step 7 and Simatic PCS 7 supervisory control and data acquisition (SCADA) software created a means to load malicious dynamic-link library (DLL) files. Siemens said previous versions of its Step 7 and PCS 7 software allowed the loading of DLL files into the Step 7 project folder without validation, giving the malware free rein to attack the SCADA systems. The firm fixed the flaw by introducing a mechanism that rejected the loading of DLL files into the folder — effectively blocking the path to possible infection, a July 23 advisory by the Industrial Control Systems Cyber Emergency Response Team (ISC-CERT) explains. A second update, also released July 23, involves a SQL server authentication security flaws in Siemen’s Simatic WinCC and Simatic PCS 7 software. Left unfixed, the vulnerability created a means for hackers to access targeted systems using default credentials. Siemens issued a series of patches in the wake of the discovery of the Stuxnet worm in 2010, but this failed to placate critics, including one who claimed in 2011 that many shortcomings in Siemens’ SCADA systems remained unpatched. Source:

43. July 25, H Security – (International) Wireshark updates fix DoS vulnerabilities. The developers at the Wireshark project released versions 1.6.9 and 1.8.1 to close important security holes in their open source network protocol analyzer. The updates to the cross-platform tool address two vulnerabilities that could be exploited by remote attackers to cause a denial-of-service. They are a problem in the point-to-point protocol dissector that leads to a crash and a bug in the network file system dissector that could result in excessive consumption of CPU resources; to take advantage of the holes, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8, and 1.8.0 are affected; upgrading to the new 1.6.9 and 1.8.1 releases fixes the problems. According to the security advisories, version 1.4.14 should correct these issues on the 1.4.x branch of Wireshark. However, at the time of writing, Wireshark 1.4.14 is not available on the site and release notes for that version are not yet published. Source:

44. July 24, Threatpost – (International) New OpFake Android malware entices users with Opera mini browser. There is a new variant of the OpFake mobile malware making the rounds, and this version comes bundled with a version of the legitimate Opera Mini mobile browser. The malware targets Android phones and steals money from victims by sending SMS messages without the user’s knowledge to premium-rate numbers and also collects data about the device it infects. Researchers at GFI Labs discovered the new variant of OpFake, and found that, unlike older versions of the malware that disguised itself as Opera Mini, this version downloads a copy of the mobile browser. The attackers set up a fake Opera Mini Web site that encourages users to download the browser. Clicking on the link on the site begins the installation routine for the malware, downloading a package called “opera_mini_65.apk.” Source:

45. July 24, ZDNet – (International) Warning: Battery-saver app on Android is malware. A new piece of malware is trying to take advantage of poor battery life on Android smartphones. Cyber criminals created an application that is supposed to reduce battery use, but in reality steals the user’s contacts data stored on the device. Symantec, which first discovered the malware, is calling this particular threat Android.Ackposts. As opposed to using third-party app stores or the official Google Play store, this app is pushed via Japanese spam email that includes a link to download and install it. Although the messages claim the app reduces battery use by half, the app does nothing to save battery power. It does, however, send the user’s contacts data (name, phone number, email address, and more) to an external Web site. Source:

46. July 24, CNET – (International) Windows malware slips into Apple’s iOS App Store. A Windows malware worm was found embedded in an application being distributed in Apple’s App Store for iOS. While this malware, being Windows-based, is a threat to neither the iOS platform nor Mac OS, it may be a threat to those who manage their iTunes and App Store accounts on Windows-based machines. Source:

47. July 24, Infosecurity – (International) Latest report shows India now ahead of the US in email spam volume. The latest “Dirty Dozen” spam-relaying countries report from Sophos shows that Asia in general, and India in particular, is now responsible for the greatest volume of the world’s spam. Heading the list for the second successive quarter is India, responsible for 11.7 percent of all spam caught by the Sophos worldwide network of spam traps. Italy comes in second with 7 percent. South Korea is third with 6.7 percent, and the United States moved from the second to fourth position at 6.2 percent. “The chief driver for Asia’s dominance in the spam charts,” explains a senior technology consultant at Sophos, “is the sheer number of compromised computers in the continent.” Source:

For more stories, see item 14 above in the Banking and Finance Sector

Communications Sector

See items 39, 40, 44, and 45 above in the Information Technology Sector