Thursday, January 31, 2013


Daily Report

Top Stories

 • Freezing rain from a winter storm caused several accidents in southern Idaho and prompted the closure of an 83-mile portion of Interstate 84 January 29. – Mountain Home News
10. January 30, Mountain Home News– (Idaho) Ice storm brings I-84 to a standstill. Freezing rain from a winter storm caused several accidents in southern Idaho and prompted the closure of an 83-mile portion of Interstate 84 January 29. Source: http://www.mountainhomenews.com/story/1936257.html

 • A Long Island orthopedist pleaded guilty to helping over 700 retired Long Island Rail Road employees file fake disability claims totaling $1 billion. – New York Daily News

19. January 28, New York Daily News – (New York) Corrupt doctor pleads guilty as part of massive $1 billion LIRR disability claim. A Long Island orthopedist pleaded guilty to helping over 700 retired Long Island Rail Road employees file fake disability claims totaling $1 billion. The doctor charged a fee to create fraudulent medical histories for his clients in order for them to receive benefits from the federal Railroad Retirement board. Source: http://www.nydailynews.com/new-york/doctor-pleads-guilty-lirr-disability-scam-article-1.1242760

 • A hostage situation started January 29 when a suspect killed a school bus driver and took a student hostage. – WSFA 12 Montgomery
20. January 30, WSFA 12 Montgomery – (Alabama) Bus driver identified; child remains hostage in bunker. A hostage situation started January 29 when a suspect killed a school bus driver and took a student hostage. Alabama law enforcement units surrounded the suspect’s bunker and continued negations January 30. Source: http://www.wsfa.com/story/20791656/s-ala-bus-driver-has-died-child-remains-hostage-in-bunker

 • Researchers from Rapid7 found 40 to 50 million network devices utilizing Universal Plug-and-Play (UPnP) can be remotely compromised, potentially allowing unauthorized access to local networks. – The H See item 26 below in the Information Technology Sector

Details

Banking and Finance Sector

5. January 30, San Antonio Express-News – (Texas) Fraudster guilty in $50M loan scheme. A Dallas man was convicted for his part in a property scheme that cost lenders $50 million. Source: http://www.mysanantonio.com/news/local_news/article/Fraudster-guilty-in-50M-loan-scheme-4235206.php

6. January 30, The Register – (International) PayPal plugs SQL injection hole, tosses $3k to bug-hunter. PayPal corrected a blind SQL injection vulnerability that could have allowed attackers to access sensitive data. Source: http://www.theregister.co.uk/2013/01/30/paypal_sql_infection_flaw/

7. January 29, Bainbridge Island Review – (Washington) American Marine Bank officials sued by feds. The Federal Deposit Insurance Corporation filed a lawsuit against 10 former officers and directors of the failed American Marine Bank for allegedly allowing $18 million in risky loans despite regulatory warnings. Source: http://www.bainbridgereview.com/news/188914501.html

8. January 29, MarketWatch – (Texas) SEC charges trader with high-speed trading scheme. A Sugar Land day trader was charged by the U.S. Securities and Exchange Commission with allegedly defrauding investors of $6 million in an affinity scheme by providing falsified records that overstated assets. Source: http://www.marketwatch.com/story/sec-charges-trader-with-high-speed-trading-scheme-2013-01-29?link=MW_latest_news

Information Technology

25. January 30, Softpedia – (International) 4 security holes addressed with the release of Opera 12.13. The developers of the Opera browser released version 12.13, which addresses four security issues. Source : http://news.softpedia.com/news/4-Security-Holes-Addressed-With-the-Release-of-Opera-12-13-325230.shtml

26. January 30, The H – (International) Millions of devices vulnerable via UPnP. Researchers from Rapid7 found 40 to 50 million network devices utilizing Universal Plug-and-Play (UPnP) can be remotely compromised, potentially allowing unauthorized access to local networks. Source: http://www.h-online.com/security/news/item/Millions-of-devices-vulnerable-via-UPnP-1794032.html

27. January 30, Softpedia – (California; National) 27-year old hacker accused of blackmailing women arrested by the FBI. A Glendale man was arrested by the FBI and accused of hacking into the emails of several individuals and searching for compromising information to use in a blackmail scheme. Source: http://news.softpedia.com/news/27-Year-Old-Hacker-Accused-of-Blackmailing-Women-Arrested-by-the-FBI-325188.shtml

28. January 30, Softpedia – (International) Official ComboFix mirror infected with Sality virus. A mirror for the ComboFix malware removal tool on BleepingComputer was found to be infected with the Sality virus. Source: http://news.softpedia.com/news/Main-ComboFix-Installer-Infected-With-Sality-Virus-325121.shtml

For another story, see item 6 above in the Banking and Finance Sector

Communications Sector

Nothing to report


Wednesday, January 30, 2013


Daily Report

Top Stories

 • An oil spill caused by a barge colliding with a bridge January 27 forced the closure of a 16-mile stretch of the river causing at least 47 barges and other vessel to idle as crews worked to clean up the oil spill January 29. – Associated Press

8. January 29, Associated Press – (Mississippi) Ships idle for Miss. River oil cleanup after crash. An oil spill caused by a barge colliding with a bridge January 27 forced the closure of a 16-mile stretch of the river causing at least 47 barges and other vessel to idle as crews worked to clean up the oil spill January 29. Source: http://www.chron.com/news/science/article/Ships-idle-for-Miss-River-oil-cleanup-after-crash-4232193.php

 • Burglars stole roughly $40,000 worth of copper and tools from a Chesapeake High School athletic center. – WSAZ 3 Huntington

17. January 28, WSAZ 3 Huntington – (Ohio) Copper thieves target high school athletic complex. Burglars stole roughly $40,000 worth of copper and tools from a Chesapeake High School athletic center. Source: http://www.wsaz.com/news/headlines/Copper-Thieves-Target-High-School-Athletic-Complex--188753681.html

 • Very few U.S. online retailers, internet service providers (ISP), and financial institutions have implemented a major vulnerability in the Domain Name System (DNS), five years after the vulnerability was discovered. – Network World See item 20 below in the Information Technology Sector

 • A security flaw in the firmware of digital video recorders (DVR) made by 19 manufacturers can allow attackers to remotely view, delete, or copy video streams from security cameras networked to the DVRs. – The Register See item 22 below in the Information Technology Sector

Details

Banking and Finance Sector

7. January 29, Chicago Sun-Times – (Illinois) ‘People’s Attorney’ radio show host indicted in $10 million mortgage fraud. A radio show host was indicted for allegedly participating in a $10 million mortgage scam involving property in the Chicago area. Source: http://www.suntimes.com/news/metro/17857871-418/peoples-attorney-radio-show-host-indicted-in-10-million-mortgage-fraud.html3

For another story, see item 20 below in the Information Technology Sector

Information Technology

20. January 29, Network World – (International) 5 years after major DNS flaw is discovered, few US companies have deployed long-term fix. Very few U.S. online retailers, internet service providers (ISP), and financial institutions have implemented a major vulnerability in the Domain Name System (DNS), five years after the vulnerability was discovered. Source: http://www.networkworld.com/news/2013/012913-dnssec-266197.html

21. January 29, Softpedia – (International) Over 16,000 Facebook account credentials stolen by PokerAgent botnet. Researchers at ESET analyzed a botnet known as PokerAgent that stole the login and payment information of over 16,000 Facebook users in 2012. The malware used targeted players of Zynga Poker, infecting at least 800 computers. Source: http://news.softpedia.com/news/Over-16-000-Facebook-Account-Credentials-Stolen-by-PokerAgent-Botnet-324997.shtml

22. January 29, The Register – (International) Hackers squeeze through DVR hole, break into CCTV cameras. A security flaw in the firmware of digital video recorders (DVR) made by 19 manufacturers can allow attackers to remotely view, delete, or copy video streams from security cameras networked to the DVRs. Source: http://www.theregister.co.uk/2013/01/29/cctv_vuln/

23. January 29, The H – (International) iOS update fixes browser vulnerabilities. Apple released an update for iOS that closes a large number of security vulnerabilities, including some which allowed remote code injection and execution. Source: http://www.h-online.com/security/news/item/iOS-update-fixes-browser-vulnerabilities-1793259.html

24. January 29, Softpedia – (International) Ruby on Rails 3.0.20 and 2.3.16 released to address extremely critical vulnerability. The developers of Ruby on Rails released versions 3.0.20 and 2.3.16 and advised users to immediately apply the update to close a major vulnerability in past versions. Source: http://news.softpedia.com/news/Ruby-on-Rails-3-0-20-and-2-3-16-Released-to-Address-Extremely-Critical-Vulnerability-324866.shtml

25. January 29, Softpedia – (International) Over 85,000 HP printers found to be publicly accessible via the Internet. A software researcher discovered that over 85,000 printers
made by HP are available via a focused Google search, allowing remote access. Source: http://news.softpedia.com/news/Over-85-000-HP-Printers-Found-to-Be-Publicly-Accessible-Via-the-Internet-324836.shtml

26. January 28, CNET – (International) Facebook endures hours-long outage in the United States. A Domain Name System (DNS) issue caused Facebook users to be unable to reach the site for a few hours January 28 if they attempted to reach the site by typing in the URL. Source: http://news.cnet.com/8301-1023_3-57566336-93/facebook-endures-hours-long-outage-in-the-u.s/

Communications Sector

Nothing to report


Tuesday, January 29, 2013


Daily Report

Top Stories

 • Over 11,000 gallons of numerous acids and cyanide was found in drums and giant open vats at an abandoned building in Yuba City. Officials said the combination of acids had potential to explode and cause serious injuries. – Associated Press

3. January 25, Associated Press – (California) State finds, removes 11,000 gallons of chemicals. Over 11,000 gallons of numerous acids and cyanide was found in drums and giant open vats at an abandoned building in Yuba City. Officials said the combination of acids had potential to explode and cause serious injuries. Source: http://www.sacbee.com/2013/01/25/5141016/state-finds-removes-11000-gallons.html

 • A barge carrying 80,000 gallons of oil collided with a railroad bridge and leaked an unknown amount of oil into the Mississippi River in Vicksburg, causing the waterway to close for several miles in each direction. – Associated Press

10. January 27, Associated Press – (Mississippi) Barge hits Miss. River bridge; oil cleanup ongoing. A barge carrying 80,000 gallons of oil collided with a railroad bridge and leaked an unknown amount of oil into the Mississippi River in Vicksburg, causing the waterway to close for several miles in each direction. Source: http://abcnews.go.com/US/wireStory/oil-barges-hit-railroad-bridge-vicksburg-miss-18329715

 • Hospital spokespeople are notifying the public that an unencrypted CD containing 1,182 patients’ Medicare information was lost when the CD was stolen in the mail November 28. – Scranton Times-Tribune

18. January 28, Scranton Times-Tribune – (Pennsylvania) Lost CD contains patients’ Medicare information. Hospital spokespeople are notifying the public that an unencrypted CD containing 1,182 patients’ Medicare information was lost when an administrator at Wayne Memorial hospital sent the CD by certified mail November 28. The package which contained the CD, as well as related paperwork, arrived at its destination without the CD inside of it. The mail went through multiple postal hubs before reaching its destination. Source: http://www.poconorecord.com/apps/pbcs.dll/article?AID=/20130128/NEWS/301280315/-1/NEWS

 • The Web site for the U.S. Department of Justice’s Sentencing Commission was taken over by a group of computer hackers who threatened to release sensitive information and attack other sites. – Washington Times

24. January 26, Washington Times – (National) Hackers take over federal website, threatens ‘war’ on U.S. government. The Web site for the U.S. Department of Justice’s Sentencing Commission was taken over by a group of computer hackers who threatened to release sensitive information and attack other sites. Source: http://www.washingtontimes.com/news/2013/jan/26/hackers-take-over-federal-website-threatens-war-us/

Details

Banking and Finance Sector

5. January 25, Associated Press – (California) Frontman for LA band charged with $6M loan fraud. A Los Angeles man was charged with submitting false asset information on a loan application that resulted in him receiving more than $6 million in loans. Source: http://www.mercurynews.com/breaking-news/ci_22450379/frontman-la-band-charged-6m-loan-fraud

6. January 25, WINK 11 Fort Myers – (Florida) Missing banker last seen in Fla. charged with fraud. A Georgia banker was charged with stealing $40 million from investors and banks. He was last seen headed to Fort Myers in June and left a suicide note, though authorities believe he is alive and in hiding. Source: http://www.winknews.com/Local-Florida/2013-01-25/Missing-banker-last-seen-in-Fla-charged-with-fraud#.UQaZgR3AdFk

7. January 25, Associated Press; KOMO 4 Seattle – (Washington) Police: Arrest in Puget Sound bank robberies. Police in Seattle believe that a man arrested during a bank robbery January 24 is a serial bank robber responsible for eight bank robberies in the Puget Sound region. Source: http://seattletimes.com/html/localnews/2020216885_apwabuffettbanditarrest.html

Information Technology

31. January 28, Softpedia – (International) Security hole found on IO, AC, SH, TM domain registrar sites. Hacker recently uncovered a vulnerability in the Web sites of domain registrars who oversee the .io (Indian Ocean), .tm (Turkmenistan), .ac (Ascension Island), and .sh (Saint Helena) domains that allow attackers to gain access to DNS records. Source: http://news.softpedia.com/news/Security-Hole-Found-on-IO-AC-SH-TM-Domain-Registrar-Sites-324524.shtml

Communications Sector

32. January 25, Ashtabula Star Beacon – (Ohio) Some telephone service interrupted in Ashtabula, Lake counties. A severed fiber optic line in Cleveland cut off telephone service for Ashtabula and Lake counties January 25. Source: http://starbeacon.com/breakingnews/x1303529800/Some-telephone-service-interrupted-in-Ashtabula-Lake-counties