Thursday, July 26, 2012
Daily Report
Top Stories
• The Michigan governor declared an energy emergency
in the State July 24 due to temporary shortages of gasoline and diesel fuel
caused by the shutdown of a pipeline in Wisconsin. – Reuters
6.
July 24, Reuters – (Michigan) Michigan
governor declares emergency over fuel shortage. The Michigan governor
declared an energy emergency in the State July 24 due to temporary shortages of
gasoline and diesel fuel in parts of the Upper Peninsula caused by the shutdown
of a pipeline in Wisconsin. The emergency declaration suspends State and
federal regulations that limit hours of service for motor carriers and drivers
transporting gasoline, diesel fuel, and jet fuel to address the shortages, the
governor said in a statement. The West Shore pipeline that carries 70,000
barrels-per-day of refined products from Chicago to Green Bay in northern
Wisconsin was shut for several days after a gasoline leak was found July 17.
The pipeline was restarted July 21. The pipeline, which is operated by Buckeye
Partners LP, carries gasoline, diesel fuel, and jet fuel. The closed section of
the line started about 10 miles northwest of Milwaukee. The leak spilled about
1,000 barrels of unleaded gasoline, according to a report the company filed
with the National Response Center. Source: http://wkzo.com/news/articles/2012/jul/25/michigan-governor-declares-emergency-over-fuel-shortage/
• Fire and emergency crews battled to contain
a chemical fire in Oklahoma City that forced the evacuation of several
commercial buildings and nearby homes. The fire also threatened a major water
source. – KWTV 9 Oklahoma City; CBS News
7.
July 25, KWTV 9 Oklahoma City; CBS News –
(Oklahoma) Chemical fire forces home, business evacuations. Fire crews
and emergency crews battled to contain a chemical fire in Oklahoma City that
sent toxic smoke billowing into the air and forced the evacuation of several
commercial buildings and nearby homes, July 25. Smoke from the Bachman Services
plant and nearby Horizon Hydraulics forced employees out of their buildings.
Workers said they heard several explosions and believe a forklift caught on
fire, which ignited several hundred chemical barrels filled with triazine, a
toxic flammable liquid. Scores of firefighters worked to keep the fire from
spreading to other buildings. “The building is pretty much demolished,” said
the Oklahoma City Fire Department chief. Several Oklahoma City firefighters had
to be decontaminated after exposure to the toxic fumes, and people living
downwind were told to evacuate. Public works and environmental officials tried
to keep the toxic chemicals from getting into ground water because storm water
drains in the area lead straight to the Oklahoma River. Source: http://www.wafb.com/story/19109739/chemical-fire-forces-home-business-evacuations
• The Centers for Disease Control and
Prevention is collaborating with public health and agriculture officials in
many States and the U.S. Department of Agriculture to investigate a Salmonella
outbreak linked to live poultry. As of July 19, 37 people in 11 States had been
infected, and more than half a dozen had been hospitalized. – Centers for
Disease Control and Prevention
31.
July 23, Centers for Disease Control and
Prevention – (National; Idaho) Multistate outbreak of human
Salmonella Hadar infections linked to live poultry. The Centers for Disease
Control and Prevention (CDC) is collaborating with public health and
agriculture officials in many States and the U.S. Department of Agriculture to
investigate an outbreak of human Salmonella Hadar infections linked to chicks,
ducklings, and other live poultry from Hatchery B in Idaho, a July 23 notice
states. Public health investigators are using the PulseNet system to identify
cases of illness that may be part of these outbreaks. As of July 19, 37 people
infected with the outbreak strain of Salmonella Hadar have been reported from
11 States: Arizona (2), California (1), Colorado (3), Idaho (5), Illinois (2),
Oregon (5), Tennessee (2), Texas (1), Utah (5), Washington (9), and Wyoming
(2). Illnesses began between March 19 and July 6. Among 26 ill persons with
available information, 8 have been hospitalized. Twenty-four of 27 ill persons
interviewed reported contact with live poultry before becoming ill. Live
poultry were purchased from agricultural feed stores or direct from the
mail-order hatchery. Source: http://www.cdc.gov/salmonella/hadar-live-poultry-07-12/index.html
• The Federal Communications Commission and
emergency responders in York County, Maine, were looking for the person who
jammed radio communications July 22. Officials believe the jammer has been
active since 2004. – Portland Press Herald
36.
July 25, Portland Press Herald –
(Maine) Locating emergency radio jammer in York County ‘not easy’. The
Federal Communications Commission (FCC) will have trouble finding the person
responsible for recent emergency radio jamming in York County, Maine, without
monitoring constantly, an agency spokesman said July 24. Local authorities
believed a rogue radio jammer plagued the town of Lebanon and a few other
surrounding communities off and on since 2004. The perpetrator fell silent
earlier this year, but the jammer resurfaced July 22, following initial reports
of a multi-vehicle crash with numerous injuries. Rescue workers and police who
scrambled to the scene to assess the accident found their scanners’ radio
signal blocked. When officials realized the signal was being interfered with, a
dispatcher sent a message over the airwaves that the FCC was monitoring. The
jamming stopped immediately. Source: http://www.pressherald.com/news/locating-radio-jammer-not-easy_2012-07-25.html
Details
Banking and Finance Sector
12. July 25,
Arlington Heights Daily Herald – (Illinois) Seven face
federal fraud charges in mortgage ‘scheme’. Seven men faced federal fraud
charges stemming from what prosecutors called a “scheme” to bilk mortgage
lenders out of more than $8.5 million for properties in Chicago’s South Side,
the Arlington Heights Daily Herald reported July 25. The individuals were
charged with mail and wire fraud in the scheme. Prosecutors said the men worked
together to “fraudulently obtain” more than 20 residential mortgage loans
between 2007 and 2008. Court papers charged that two of the individuals sold
the properties at inflated prices, knowing the buyers had fraudulently obtained
the loans and would not be able to repay them, and that the other men recruited
buyers or helped falsify loan applications. Source: http://www.dailyherald.com/article/20120724/news/707249713/
13. July 25,
Arlington Heights Daily Herald – (Illinois) FBI: Suspects rob
4th area bank since late May. A man and his two accomplices wanted in
connection with the robbery of an Elmhurst, Illinois bank inside a grocery
store are also suspected in three other area holdups, according to the FBI. The
suspect in a July 23 robbery of the TCF Bank branch inside a Jewel-Osco passed
a note to a teller demanding cash, while accompanied by two other men,
officials said. The main suspect implied he had a weapon but did not display
one. The other men did not approach the teller counter, but left with the
robber on foot after he was handed some money. The same suspects are wanted in
robberies of separate TCF Bank branches inside Jewel-Oscos. The robberies took
place May 26 in Elmhurst, June 6 in Bartlett, and June 12 in Elgin. The
suspects also attempted to rob a TCF branch inside a Jewel-Osco in Hoffman
Estates June 6, but were unsuccessful, according to authorities. Source: http://www.dailyherald.com/article/20120725/news/707249698/
14. July 25,
BankInfoSecurity – (National) Micro attacks: The new fraud scheme. A small
point-of-sale (POS) attack in Kentucky points to a larger fraud trend impacting
banking institutions and their customers, BankInfoSecurity reported July 25.
“Micro attacks” is the term a Gartner analyst used to describe this new scheme
characterized by localized fraud incidents that are relatively small in nature,
eluding detection and giving the fraudsters more time to drain accounts. In the
latest example, a Winchester, Kentucky-based restaurant was named as the source
of a POS attack that affected scores of credit and debit accounts and more than
a dozen local banks. Other institutions in different locations report similar
stories: small attacks that affect a handful of card-issuing institutions,
which often fail to have fraud-detection systems sophisticated enough to
connect the dots to a single point of compromise. The attacks are usually waged
against a certain type of POS device or system model, which hackers hit through
remote-access portals. This is easy, according to the Gartner analyst, because
many businesses — especially restaurants — fail to change the default passwords
installed by the original equipment manufacturer, and so fraudsters find no
resistance. Source: http://www.bankinfosecurity.com/micro-attacks-new-fraud-scheme-a-4980/op-1
15. July 25,
Associated Press – (International) Mexico fines HSBC $28 million in laundering
case. Mexican regulators said they have fined HSBC $28 million for failing
to prevent money laundering through accounts at the bank, the Associated Press
reported July 25. Mexico’s National Securities and Banking Commission said the
Mexico subsidiary of the London-based bank has paid the fines. The commission
and a report by a U.S. Senate investigative committee found the bank failed to
control suspicious flows of billions of dollars through its accounts. Officials
said HSBC became the main shipper of bank cash transfers from Mexico to the
United States in the 2000s, and in 2007 and 2008 sent north about $7 billion in
cash. Source: http://www.cbsnews.com/8301-501715_162-57479720/mexico-fines-hsbc-$28-million-in-laundering-case/
16. July 24,
Inland Valley Daily Bulletin – (California) ‘Plain Jane’
bandit hits another bank. A woman dubbed the “Plain Jane” bandit robbed
another southern California bank making it her fifth heist in less then 2
weeks, the Inland Valley Daily Bulletin reported July 25. The woman is linked
to two July 23 bank robberies in Moreno Valley, and then a third robbery July 24
in Buena Park. During the robberies, she uses written and verbal demands and
makes it sound as if she possibly has an accomplice waiting for her outside the
bank. She is being sought in connection to four U.S. Bank heists, and one at a
Chase Bank. Source: http://www.dailybulletin.com/breakingnews/ci_21150540/plain-jane-bandit-hits-another-bank
17. July 24,
KOMO 4 Seattle – (Washington) Police make arrest in Bank of America stabbing. A
man police believe stabbed a Seattle bank’s security guard in the stomach July
24 was arrested later the same day. The stabbing occurred at a Bank of America
branch after a man walked in and expressed interest in opening a new account.
When he was told he would have to fill out paperwork, he told the teller he
would return later. While walking out, the man stabbed the guard on duty twice
in the abdomen “for no apparent reason,” police said. The guard was rushed to a
hospital with non-life threatening injuries. The suspect fled on foot and was
later arrested. Source: http://www.komonews.com/news/local/Search-on-for-attacker-after-bank-security-guard-stabbed-163575706.html
Information Technology Sector
38. July 25,
V3.co.uk – (International) Researchers uncover new Mac malware attack. Researchers
are warning users following the discovery of a new malware attack targeting OS
X systems. Security firm Intego said the OS X/Crisis malware looks to infect
systems running MacOS X Lion and Snow Leopard systems. Researchers did not say
whether the malware is able to infect Apple’s Mountain Lion release. According
to Intego, the Crisis malware is able to install itself without any user
interaction or notification and installs files locally, allowing the downloader
to continue operating after a system restart. While the origin of the Crisis
downloader was not revealed, researchers noted the malware has not yet been
spotted performing attacks in the wild. The exact nature of how the malware
functions is not yet known. Source: http://www.v3.co.uk/v3-uk/news/2194005/researchers-uncover-new-mac-malware-attack
39. July 25,
H Security – (International) Microsoft warns of Oracle holes in Exchange
and SharePoint. Microsoft warned its Exchange and SharePoint server
products may be affected by security holes Oracle patched in its most recent
Critical Patch Updates the week of July 16. Apparently, the Microsoft
components use the Oracle Outside In libraries, which, Oracle said, contain
security holes. According to Microsoft Security Advisory 2737111, the issue
affects Exchange Server 2007 and 2010 as well as FAST Search Server 2010 for
SharePoint. SharePoint is only vulnerable if the Advanced Filter Pack is
activated, said Microsoft. As a workaround, the company recommends users
disable this feature in Sharepoint for the time being. Exchange administrators
were advised to disable the attachment transcoding service. However, this may
cause the OWA Web frontend’s file attachment preview to malfunction. Microsoft did
not say whether or when it will release suitable patches to eliminate the root
of the problem. Source: http://www.h-online.com/security/news/item/Microsoft-warns-of-Oracle-holes-in-Exchange-and-SharePoint-1652458.html
40. July 25,
Dark Reading – (International) Impersonating Microsoft Exchange servers to
manipulate mobile devices. At the Black Hat security conference July 26, an
Australian researcher will demonstrate a proof-of-concept attack using a
man-in-the-middle connection and Microsoft Exchange to conduct unauthorized
remote wipes on mobile devices. According to the research presented at Black
Hat, this is the beginning to further explorations of what man-in-the-middle
attacks leveraging Microsoft Exchange against poorly configured mobile devices are
really capable of doing. Source: http://www.darkreading.com/vulnerability-management/167901026/security/news/240004323/
41. July 25,
IDG News Service – (International) Java flaws increasingly targeted by
attackers, researchers say. Java vulnerabilities are increasingly exploited
by attackers to infect computers, and the problem could become worse if Oracle
does not do more to secure the product and keep its installation base up to
date, according to security researchers who will talk about Java-based attacks
at the Black Hat USA 2012 security conference. Several years ago, the most
targeted browser plug-ins were Flash Player and Adobe Reader. However, many
current Web exploit toolkits rely heavily on Java exploits, said a security
researcher with HP DVLabs, Hewlett-Packard’s vulnerability research division.
Source: http://www.computerworld.com/s/article/9229641/Java_flaws_increasingly_targeted_by_attackers_researchers_say
42. July 25,
The Register – (International) Siemens squashes Stuxnet-like bugs in SCADA
kit. Siemens closed vulnerabilities in its industrial control kit similar
to those exploited by the Stuxnet worm. Security bugs on the German
manufacturer’s Simatic Step 7 and Simatic PCS 7 supervisory control and data
acquisition (SCADA) software created a means to load malicious dynamic-link
library (DLL) files. Siemens said previous versions of its Step 7 and PCS 7
software allowed the loading of DLL files into the Step 7 project folder
without validation, giving the malware free rein to attack the SCADA systems.
The firm fixed the flaw by introducing a mechanism that rejected the loading of
DLL files into the folder — effectively blocking the path to possible
infection, a July 23 advisory by the Industrial Control Systems Cyber Emergency
Response Team (ISC-CERT) explains. A second update, also released July 23,
involves a SQL server authentication security flaws in Siemen’s Simatic WinCC
and Simatic PCS 7 software. Left unfixed, the vulnerability created a means for
hackers to access targeted systems using default credentials. Siemens issued a
series of patches in the wake of the discovery of the Stuxnet worm in 2010, but
this failed to placate critics, including one who claimed in 2011 that many
shortcomings in Siemens’ SCADA systems remained unpatched. Source: http://www.theregister.co.uk/2012/07/25/siemens_scada_security/
43. July 25,
H Security – (International) Wireshark updates fix DoS vulnerabilities. The
developers at the Wireshark project released versions 1.6.9 and 1.8.1 to close
important security holes in their open source network protocol analyzer. The
updates to the cross-platform tool address two vulnerabilities that could be
exploited by remote attackers to cause a denial-of-service. They are a problem
in the point-to-point protocol dissector that leads to a crash and a bug in the
network file system dissector that could result in excessive consumption of CPU
resources; to take advantage of the holes, an attacker must inject a malformed
packet onto the wire or convince a victim to read a malformed packet trace
file. Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8, and 1.8.0 are affected;
upgrading to the new 1.6.9 and 1.8.1 releases fixes the problems. According to
the security advisories, version 1.4.14 should correct these issues on the
1.4.x branch of Wireshark. However, at the time of writing, Wireshark 1.4.14 is
not available on the site and release notes for that version are not yet
published. Source: http://www.h-online.com/security/news/item/Wireshark-updates-fix-DoS-vulnerabilities-1652207.html
44. July 24,
Threatpost – (International) New OpFake Android malware entices users with
Opera mini browser. There is a new variant of the OpFake mobile malware
making the rounds, and this version comes bundled with a version of the
legitimate Opera Mini mobile browser. The malware targets Android phones and
steals money from victims by sending SMS messages without the user’s knowledge
to premium-rate numbers and also collects data about the device it infects.
Researchers at GFI Labs discovered the new variant of OpFake, and found that,
unlike older versions of the malware that disguised itself as Opera Mini, this
version downloads a copy of the mobile browser. The attackers set up a fake
Opera Mini Web site that encourages users to download the browser. Clicking on
the link on the site begins the installation routine for the malware,
downloading a package called “opera_mini_65.apk.” Source: http://threatpost.com/en_us/blogs/new-opfake-android-malware-entices-users-opera-mini-browser-072412
45. July 24,
ZDNet – (International) Warning: Battery-saver app on Android is
malware. A new piece of malware is trying to take advantage of poor battery
life on Android smartphones. Cyber criminals created an application that is
supposed to reduce battery use, but in reality steals the user’s contacts data
stored on the device. Symantec, which first discovered the malware, is calling
this particular threat Android.Ackposts. As opposed to using third-party app
stores or the official Google Play store, this app is pushed via Japanese spam
email that includes a link to download and install it. Although the messages
claim the app reduces battery use by half, the app does nothing to save battery
power. It does, however, send the user’s contacts data (name, phone number,
email address, and more) to an external Web site. Source: http://www.zdnet.com/warning-battery-saver-app-on-android-is-malware-7000001483/
46. July 24,
CNET – (International) Windows malware slips into Apple’s iOS App
Store. A Windows malware worm was found embedded in an application being
distributed in Apple’s App Store for iOS. While this malware, being Windows-based,
is a threat to neither the iOS platform nor Mac OS, it may be a threat to those
who manage their iTunes and App Store accounts on Windows-based machines.
Source: http://reviews.cnet.com/8301-13727_7-57478793-263/windows-malware-slips-into-apples-ios-app-store/
47. July 24,
Infosecurity – (International) Latest report shows India now ahead of the US
in email spam volume. The latest “Dirty Dozen” spam-relaying countries
report from Sophos shows that Asia in general, and India in particular, is now
responsible for the greatest volume of the world’s spam. Heading the list for
the second successive quarter is India, responsible for 11.7 percent of all
spam caught by the Sophos worldwide network of spam traps. Italy comes in
second with 7 percent. South Korea is third with 6.7 percent, and the United
States moved from the second to fourth position at 6.2 percent. “The chief
driver for Asia’s dominance in the spam charts,” explains a senior technology
consultant at Sophos, “is the sheer number of compromised computers in the
continent.” Source: http://www.infosecurity-magazine.com/view/27155/
For more stories, see item 14 above in
the Banking and Finance Sector
Communications Sector
See
items 39, 40,
44, and 45 above in the Information Technology
Sector