Wednesday, August 1, 2012 

Daily Report

Top Stories

 • Margarita’s Mexican Restaurant in Holland, Michigan, voluntarily shut down after 150 people reported illness after eating there. – Associated Press

11. July 31, Associated Press – (Michigan) 150 sickened after eating at Holland area restaurant. State health officials on the west side of Michigan said the number of people reporting illness after eating at a restaurant in Holland reached 150, the Associated Press reported July 31. The Health Department said Margarita’s Mexican Restaurant voluntarily shut down after officials started investigating July 26. The department launched its probe after getting reports of 10 illnesses. Health officials hoped to get results from lab tests the week of July 30. Source:

 • The ongoing drought could be to blame for about nine water main breaks in July that required Bloomington, Illinois, to send water to Towanda and Hudson the week of July 23. – Bloomington-Normal Pantagraph

20. July 30, Bloomington-Normal Pantagraph – (Illinois) Drought blamed for water main breaks. The ongoing drought could be to blame for an uptick in water main breaks in July that required Bloomington, Illinois, to send Normal water to Towanda and Hudson the week of July 23. The city saw about nine water main breaks in July which the water director said was high compared to the one break in July 2011, two breaks in July 2010, and four breaks in July 2009. “We think some of the breaks we have this month is because of too dry soil,” he said. The drying soil shrinks, compacting and causing the pipes to break. He said the city cannot positively attribute any water main breaks to the drought but in several cases there appears to be no other reason. Normal also repaired 6 broken water mains in July. That is only slightly above the four or five the department typically has in an average July. Bloomington’s water supply comes from two lakes, which are more vulnerable during a drought than Normal’s underground supply. The lakes — Evergreen and Lake Bloomington — were a combined 6.2 feet below average July 30. Voluntary water use restrictions are not triggered until lake levels are 8 feet below normal, which is not expected until September. Source:

 • A cryptography specialist released tools for cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft. The tools were released at the Def Con conference July 28. – CNET  View 36 below in the Information Technology Sector

 • Some 700 people were evacuated from a Walmart in Secaucus, New Jersey, after a bomb threat was phoned in July 30, authorities said. The threat was 1 of 12 that was recently phoned in to Walmart stores across the country. – Jersey Journal

38. July 31, Jersey Journal – (New Jersey; Missouri; Kansas) 700 people evacuated from Mill Creek Mall Walmart in latest of 12 bomb threats plaguing its chain stores. Some 700 people were evacuated from the Walmart at the Mill Creek Mall in Secaucus, New Jersey, July 30 after a bomb threat was phoned in, authorities said. The building was cordoned off to the public as police used bomb-sniffing dogs to conduct an extensive search of the 100,000-square-foot facility. No explosive devices were found. The threat was one of 12 that has been recently phoned in to Walmarts across the nation. The Hudson County sheriff said someone called the manager’s office in the Walmart that afternoon and said an explosive device was going to go off. The store notified Secaucus police who called the sheriff’s office. Trailers in the vicinity of the store were also searched, police said. The Secaucus scare came after 11 bomb threats, 8 in Missouri and 3 in Kansas that were phoned in over the July 28 weekend. Police in Missouri said July 30 they had a telephone number they believed all the threats in the Midwest originated from and their investigation was very active. Source:


Banking and Finance Sector

6. July 30, Riverside Press-Enterprise – (California) Bank robber ‘Plain Jane Bandit’ strikes again. The “Plain Jane Bandit,” suspected in the robbery of six banks in southern California, struck again in Downey, California, July 30. The unidentified woman robbed a Bank of America, according to the FBI. She is being sought for the robberies of two Moreno Valley banks and one robbery each in Wildomar, Santa Fe Springs, Whittier, and Buena Park. Source:

7. July 30, U.S. Department of Justice – (New York) Two Queens attorneys convicted of mortgage fraud. A federal jury in New York City returned a verdict July 30 convicting 2 attorneys on 10 felony counts for participating in a mortgage fraud scheme that resulted in over $25 million in fraudulently-obtained loans from Countrywide Financial, Fremont Investment and Loan, IndyMac Bank, Sun Trust Mortgage, Inc., Wells Fargo & Company, and New Century Mortgage Corporation. From January 2006 to September 2008, the defendants, partners at a law firm, worked as attorneys at real estate closings for fraudulent home sales. The defendants worked with co-conspirator real estate agents and loan officers to falsify loan documents in order to induce banks to give mortgage loans for properties located in Queens, Brooklyn, and Long Island. Many of the properties were purchased by “straw buyers” who had been recruited by the co-conspirator real estate agents and loan officers to purchase the properties. In many instances the straw buyers subsequently failed to make mortgage payments to the lending institutions, and as a result millions of dollars of loans entered default. The defendants profited by paying themselves attorneys’ fees from the mortgage loan proceeds. Source:

8. July 30, State Island Advance – (New York) No bail for suspect in spree of daily bank robberies, including Staten Island heist. The alleged 1-a-day bank bandit, who authorities said started a 5-day robbery spree in New York City’s Staten Island the week of July 23, was held without bail July 30 after his arrest. The man was suspected in five robberies over the course of a week. He was suspected of robbing a Northfield Bank branch July 22 and then of robbing the same Chase branch in Williamsburg, Brooklyn, July 23 and July 24. He then allegedly robbed a Citibank branch in Ridgewood, Queens, July 25. And July 26 he was suspected in two incidents in Forest Hills, Queens. The first time, the teller turned him away, so he walked down the block and robbed a second bank instead. Source:

Information Technology Sector

30. July 31, Dark Reading – (International) Hiding SAP attacks in plain sight. As some of the biggest processors of regulated data in any large organization, business-critical applications like enterprise resource planning (ERP) applications from SAP are well within the purview of compliance auditors and malicious attackers. Many organizations believe that if these systems are set behind firewalls, they are safely segmented enough to not require further hardening. However, as one researcher demonstrated at Black Hat the week of July 23, business-critical application servers never process data as an island, and in those connections there are opportunities for attack by hiding malicious packets within admissible ones. Called server-side request forgery (SSRF), the attack technique highlighted by the head of Russian firm ERPScan makes it possible to execute a multi-chained attack on SAP applications that can be executed from the Internet while bypassing firewalls, IDS systems, and internal SAP security configurations. Source:

31. July 30, Agence France-Presse – (International) Hackers topple Huawei routers. Hackers at the Def Con conference were shown how to easily gain access to computer networks through some routers made by Chinese electronics manufacturer Huawei Technologies. The chief of Recurity Labs and his teammate were troubled that Huawei did not issue any security advisories about its routers to warn users to take precautions. The chief referred to the routers studied by Recurity as having technology reminiscent of the 1990s and said once attackers gain access, they could potentially run amok in networks. Recurity did not examine “big boxes,” large routers Huawei makes for businesses and telecom networks. Source:

32. July 30, The Verge – (International) New zero-day exploits in industrial software channel the ghost of Microsoft Bob. A security researcher at the Def Con conference revealed several new zero-day exploits in the supervisory control and data acquisition (SCADA) systems used to interface with industrial machinery. For these latest vulnerabilities, the researcher presented the 17-year-old software, Microsoft Bob. Bob may be long gone, but the researcher showed the captive kiosk interface shares similarities with Human Machine Interfaces (HMIs) — the software “control panels” for SCADA systems — and demonstrated how they can be manipulated to allow unauthorized access. Source:

33. July 30, The H – (International) EFI rootkit for Macs demonstrated. At the Black Hat conference, an Australian security expert demonstrated a rootkit which is able to insert itself into a Macbook Air’s EFI firmware and bypass the FileVault hard drive encryption system. Although the concept of an EFI rootkit is not new, this was the first time it was demonstrated live and the hacker used a previously unknown method based on a modified Thunderbolt to Ethernet adapter. Source:

34. July 30, BBC News – (International) Ubisoft rush to fix security hole exposed by plug-in. Games maker Ubisoft was forced to release an emergency patch to fix a security hole discovered in its Uplay application. A Web browser add-on reportedly left users open to outside attackers gaining control of their computer. The Uplay software is bundled with major titles like Assassin’s Creed. The flaw was discovered by a Google employee. It was discovered that any Web site could force users with the plug-in to open any program on their PC. To demonstrate this, one security researcher created a Web site proving the exploits’ existence. When a person visited the Web site, the calculator program would launch. While the calculator is harmless, experts warned the technique could be used to launch a potentially malicious program. Source:

35. July 30, Infosecurity – (International) New Morto worm variant emerges with file infection capability. A new variant of the Morto worm added a file infection capability to the malware’s arsenal of weapons, warned a Microsoft researcher. The original Morto worm was able to compromise remote desktop protocol (RDP) connections by exploiting weak administrator passwords, but the new strain has added file infection capability to its repertoire, noted the researcher with the Microsoft Malware Protection Center. He explained that the new Morto variant “infects .EXE files found on fixed and removable drives as well as on default RDP and Administrative shares, but avoids infecting files that contain strings like ‘windows’, ‘winnt’, ‘qq’, ‘Outlook’, ‘System Volume Information’ or ‘RECYCLER’ in their path. Morto also leaves an infection marker, ‘PPIF’ in infected files.” Source:

36. July 28, CNET – (International) Tools boast easy cracking of Microsoft crypto for businesses. A cryptography specialist released tools at the Def Con conference July 28 for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2. The tools crack WPA2 (Wi-Fi Protected Access) and VPN passwords used by corporations and organizations running networks protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2 for authentication. ChapCrack captures the MS-CHAPv2 handshakes, or SSL (Secure Sockets Layer) negotiation communications, and converts them to a token that can be submitted to CloudCracker. It takes less than a day for the service to return results in the form of another token that is plugged back into ChapCrack where the DES (Data Encryption Standard) keys are cracked. With that data, someone can see all of the information traveling across the Wi-Fi network, including sensitive corporate emails and passwords, and use passwords that were revealed to log in to corporate networks. The tools are designed for penetration testers and network auditors to use to check the security of their WPA2 protected networks and VPNs, but they could also be used by people who want to steal data and get unauthorized access to networks. Source:

Communications Sector

Nothing to report.