Monday, August 6, 2012 


Daily Report

Top Stories

 • The Internal Revenue Service (IRS) may have delivered more than $5 billion in refund checks to identity thieves who filed fraudulent tax returns for 2011, Treasury Department investigators said August 2. – Associated Press See item 10 below in the Banking and Finance Sector

• One person was killed and dozens of others were injured when a double-decker Megabus bound from Chicago smashed into a concrete pillar of an overpass on Interstate 55 August 2, State police said. – Chicago Tribune

12. August 2, Chicago Tribune – (Illinois) Survivor of fatal Megabus crash ‘just wokup to screaming’. One person was killed and dozens of others were injured when adouble-decker Megabus bound from Chicago smashed into a concrete pillar of an overpass on Interstate 55 August 2, State police said. The bus, with about 64 passenlisted on the manifest, apparently blew a tire and skidded into the center pillar near Litchfield, Illinois, about 60 miles north of St. Louis, shutting down I-55 in both directions between the Carlinville and Litchfield exits. As many as half the people othe southbound bus were injured, according to a State Police captain. Four to five ofinjured were trapped and had to be extricated, including one who later died, he said.Thirty ambulances and five medical helicopters responded. Source: http://articles.chicagotribune.com/2012-08-02/news/chi-megabus-from-chicago-crashes-into-i55-overpass-20120802_1_fatal-megabus-crash-southbound-bdouble-decker-bus

• Burch Equipment LLC expanded their cantaloupe recall initiated July 28 due to the potential for the fruit being contaminated with Listeria monocytogenes, the U.S. Food and Drug Administration reported August 2. – U.S. Food and Drug Administration

19. August 2, U.S. Food and Drug Administration – (National) Burch Equipment LLC expands cantaloupe recall due to possible health risk. Burch Equipment LLC, of North Carolina, expanded their cantaloupe recall initiated July 28, the U.S. Food and Drug Administration (FDA) reported August 2. The firm voluntarily recalled 13,888 cases of whole Athena variety cantaloupes and 581 bins of Athena variety cantaloupes due to the potential for being contaminated with Listeria monocytogenes. Melons affected by this recall total 188,902. The whole Athena variety cantaloupes were shipped between July 15-27 and distributed to retail stores operating in Florida, Georgia, Illinois, Maryland, North Carolina, New Jersey, New York, Pennsylvania, South Carolina, and Virginia. The FDA and the North Carolina Department of Agriculture were working with Burch Equipment LLC following a random sample of an Athena variety cantaloupe testing positive for Listeria monocytogenes. The recall expansion was based on unsanitary conditions found at the cantaloupe packing shed during FDA’s ongoing inspection that may allow for contamination of cantaloupes with Listeria monocytogenes. Source: http://www.fda.gov/Safety/Recalls/ucm314213.htm

• Websense detected a massive phishing campaign targeting AT&T customers, sending in-excess of 200,000 fake emails masquerading as billing information. – V3.co.uk See item 38 below in the Communications Sector

Details

Banking and Finance Sector

8. August 3, Bloomberg News – (National) Bristol-Myers insider arrest followed probe of deal. A U.S. Securities and Exchange Commission (SEC) probe, prompted by suspicious circumstances surrounding Gilead Sciences Inc.’s announcement that it was buying Pharmasset Inc. for $11 billion, resulted in the arrest of a Bristol-Myers Squibb Co. executive August 2. The man was charged with making $311,361 in illegal profit by buying stock options in three pharmaceutical companies targeted for acquisition. The SEC is continuing its probe, and the Department of Justice also joined the investigation. The executive held high-level jobs including executive director of pensions and savings investments and assistant treasurer for capital markets. He helped the New York-based drugmaker evaluate whether to buy targeted companies, according to the FBI arrest complaint. As he conducted due diligence on pension and savings plans of those companies, he bought options in all three based on insider information. The chief of the SEC’s Market Abuse Unit said the SEC is concerned about the ―apparent epidemic of insider trading involving the securities of pharmaceutical and healthcare companies. Source: http://www.businessweek.com/news/2012-08-03/bristol-myers-insider-arrest-followed-probe-of-deal#p1

9. August 2, The Register – (National) New target for 419 fraudsters: Struggling ‘weak’ banks. Desperate banks have become the target for so-called 419 advance-fee fraud scams, The Register reported August 2. Banks on the Federal Deposit Insurance Corporation’s (FDIC) Problem Bank List have been targeted as they might be prepared to take the risk because poor profits and earnings outlooks that deter traditional investors, the Problem Bank List blog warned. The FDIC issued an alert saying it became aware of individuals or purported investment advisers approaching weak institutions in attempts to defraud them by claiming access to funds for recapitalization. The scheme requires banks to pay fees in advance, and, once paid, the parties involved failed to conduct due diligence or actively pursue the proposed investment. Source: http://www.theregister.co.uk/2012/08/02/struggling_us_banks_warned_over_419_scams/

10. August 2, Associated Press – (National) IRS missing billions in ID theft. The Internal Revenue Service (IRS) may have delivered more than $5 billion in refund checks to identity thieves who filed fraudulent tax returns for 2011, Treasury Department investigators said August 2. They estimated another $21 billion could make its way to ID thieves’ pockets over the next 5 years. The IRS detected far fewer fraudulent tax refund claims than actually occur, a government audit stated. Although the IRS detected about 940,000 fraudulent returns for 2011 claiming $6.5 billion in refunds, there were potentially another 1.5 million undetected cases of thieves seeking refunds after assuming the identity of a dead person, child, or someone else who normally would not file a tax return. Topping the list of concerns was the IRS’s lack of timely access to third-party information it needs to verify returns and root out fraud. Due to the gap between when taxpayers can start filing returns and when employers and financial institutions are required to submit withholding and income documents to taxpayers, the IRS often issues refunds before it can confirm the information on the returns. Of the 1.5 million undetected cases of potential fraud, 1.2 million used direct deposits. Source: http://www.boston.com/business/personal-finance/taxes/2012/08/02/irs-missing-billions-theft/vHJriJPNyuc1NuTANdzLHL/story.html

Information Technology Sector

33. August 3, Help Net Security – (International) Google Play updates developer policies to tackle rogue apps. Unlike Apple, Google never instituted a vetting process for the applications submitted to its Android app store, Google Play. Instead, the company relies on Bouncer — an automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device — to catch and ban malicious apps and developers. Recently, however, Bouncer has been unable to detect a number of bad apps. As a result, Google announced it will tighten its app developer policies in an effort to crack down on rogue and potentially malicious apps that proliferate on Google Play. Source: http://www.net-security.org/secworld.php?id=13368&utm

34. August 2, The H – (International) Opera 12 update closes important security holes. The first maintenance update to version 12 of the Opera Web browser was released closing four important security holes. The first of these is rated as critical by the company and affects all supported platforms. According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code. Opera 12.01 addresses two high-severity errors that could lead to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters. A third high-risk problem fixed may result in downloading and executing a malicious file; this is done by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence. Versions up to and including 12.0 are affected; upgrading to 12.01 corrects these problems. Source: http://www.h-online.com/security/news/item/Opera-12-update-closes-important-security-holes-1659121.html

35. August 2, Dark Reading – (International) Scope of APTs more widespread than thought. A researcher discovered some 200 different families of custom malware used to spy and steal intellectual property, with hundreds of attackers in just two groups out of Shanghai and Beijing, suggesting cyberespionage malware and activity is far more prolific than imagined. The researcher, the director of malware research at Dell Secureworks, also identified a private security firm located in Asia — not in China — that is waging a targeted attack against another country’s military operations, as well as spying on U.S. and European companies and its own country’s journalists. He declined to provide details on the firm or its country of origin, but confirmed it is based in a nation friendly with the United States. The company has its own malware and is using spear-phishing and backdoors in its cyberespionage operations. Source: http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240004827/

36. August 2, SC Magazine UK – (International) Olympics hit by SEO poisoning, as black hat hackers change tactics. Poisoning of Olympic-related search engine results has appeared, but big names and events are not the obvious targets, according to the director of product marketing EMEA at Blue Coat. Black hat hackers changed their tactics to target lesser known athletes and celebrities and moved away from big events. He told SC Magazine that while search engine optimization (SEO) poisoning is still the primary vector for spreading malware, there has been a move away from poisoning the results of big events to hitting more mundane targets. Source: http://www.scmagazineuk.com/olympics-hit-by-seo-poisoining-as-black-hat-hackers-change-tactics/article/253088/

37. August 1, Dark Reading – (International) Hacking Oracle database indexes. One of the world’s top database security researchers disclosed an Oracle database security blind spot at Black Hat USA the week of July 23. He demonstrated how manipulating code and permissions within Oracle indexes can lead to privilege escalation. The highlight of the talk was what the researcher called a zero-day vulnerability, but which some other security researchers believe may have been discreetly patched by Oracle in its July 2012 quarterly Critical Path Update for Oracle 11g revision 2 databases only. According to the chief technology officer of Application Security Inc., the attack and vulnerability described in the talk closely resembles many Oracle vulnerabilities found today. Source: http://www.darkreading.com/database-security/167901020/security/news/240004776/

Communications Sector

38. August 3, V3.co.uk – (National) Massive phishing scam hits AT&T customers. Websense detected a massive phishing campaign targeting AT&T customers, sending in-excess of 200,000 fake emails masquerading as billing information. The phishing emails, pretending to be from the American communication services provider, were discovered by Websense August 2. The fake emails look to scam consumers containing bogus claims that they owe AT&T hundreds of dollars. The email also reportedly houses a malicious link that lets the scams author’s infect victims’ machines. ―Clicking on the link in the bogus message sends the user to a compromised web server that redirects the browser to a Blackhole exploit kit. As a result, malware is downloaded onto the computer that is currently not detected by most anti-virus products, according to VirusTotal,‖ read Websense’s blog. Source: http://www.v3.co.uk/v3-uk/news/2196588/massive-phishing-scam-hits-at-t-customers

39. August 2, Philadelphia Inquirer – (National) Glitch in the nation’s new weather alert system. The nation’s new weather alert system experienced an error August 2. The frightening ―Severe alert! Flash flood warning‖ messages caught the attention of mobile-phone users across the Philadelphia region. The issue was that most of the people who received the warnings were in no danger whatsoever. Some of the areas warned were far removed from the areas endangered. August 2, flood warnings were issued for selected portions of Philadelphia, Bucks, Chester, and Montgomery Counties in Pennsylvania. Beamed from cell towers, however, the alerts they triggered lapped well beyond the targeted areas and into places unaffected by local weather. A standard free feature on many mobile devices sold approximately within the last year, the system began operation in April to carry alerts for assorted natural and unnatural disasters. The weather-alert piece came online in June. The alerts — for floods, tornadoes or hurricanes — are announced by special ringtones or vibrations. August 2, mobile users were told to ―check local media.‖ Source: http://articles.philly.com/2012-08-02/news/33001824_1_alert-system-flood-warnings-weather-alert