Friday, January 25, 2013


Daily Report

Top Stories

 • Four of New Jersey’s electric utility companies were cited by the New Jersey Board of Public Utilities January 24 and told to improve their communications systems and training after an investigation into the Hurricane Irene response in 2011. – Bridgewater Courier-News

1. January 23, Bridgewater Courier-News – (New Jersey) NJ utilities told to improve communication in blackouts. Four of New Jersey’s electric utility companies were cited by the New Jersey Board of Public Utilities January 24 when the board stated that utility companies should improve their communications systems and training after an investigation into the Hurricane Irene response in 2011. Source: http://www.mycentraljersey.com/article/20130123/NJBIZ/301230044/NJ-utilities-told-to-improve-communication-in-blackouts?nclick_check=1

 • Federal prosecutors announced January 11 that two employees from an Albany machine product firm pleaded guilty to bribing a public official and over charging the U.S Department of Defense more than $900,000. – ATLAW

3. January 11, ATLAW – (Georgia) Albany military contractors plead guilty to bribery. Federal prosecutors announced January 11 that two employees from an Albany machine product firm pleaded guilty to bribing a public official and over charging the U.S Department of Defense more than $900,000. Source: http://www.atlawblog.com/2013/01/albany-military-contractors-plead-guilty-to-bribery/

 • The Russian national who developed and distributed the Gozi banking malware was charged along with two co-conspirators with various counts of fraud and unauthorized access related to their malware’s infection of over a million computers to obtain customers’ banking credentials. – Wired.com See item 7 below in the Banking and Finance Sector

 • Cenex Harvest States Inc. pleaded guilty and was fined $500,000 for the improper release of chemicals and exposing hundreds of cattle to hazardous smoke during a Great Falls fire in 2009. – Associated Press

14. January 23, Associated Press – (Montana) Cenex fined $500K for Malta chemical release. Cenex Harvest States Inc. pleaded guilty and was fined $500,000 for the improper release of chemicals and exposing hundreds of cattle to hazardous smoke during a Great Falls fire in 2009. Source: http://www.businessweek.com/ap/2013-01-23/cenex-fined-500k-for-malta-chemical-release

Details

Banking and Finance Sector

4. January 23, Albany Tribune – (Oregon) Serial robbery suspect “Dopey the Bandit” in custody. A suspect believed to be the bank robber known as “Dopey the Bandit” was arrested in Portland. He is suspected of 11 robberies, 4 of which targeted financial institutions. Source: http://www.albanytribune.com/23012013-serial-robbery-suspect-dopey-the-bandit-in-custody/

5. January 23, WBTV 3 Charlotte – (North Carolina) Charlotte woman sentenced to federal prison for mail fraud. A former manager at an insurance company was sentenced for defrauding her employer of around $730,000 over 6 years by creating duplicates of checks paid to underwriter companies and depositing them into a personal bank account. Source: http://www.wbtv.com/story/20661255/charlotte-woman-sentenced-to-federal-prison-for-mail-fraud

6. January 23, Out-Law News – (International) Most banks experienced DDoS attacks last year, according to Ponemon Institute survey. A report by the Ponemon Institute revealed that 64 percent of 650 banking IT professionals surveyed said a distributed denial of service (DDoS) attack targeted their institutions in 2012. The survey also measured responses on the ability of banks to prevent DDoS attacks and barriers to preventing attacks. Source: http://www.out-law.com/en/articles/2013/january/most-banks-experienced-ddos-attacks-last-year-according-to-ponemon-institute-survey/

7. January 23, Wired.com – (International) Mastermind behind Gozi bank malware charged along with two others. The Russian national who developed and distributed the Gozi banking malware was charged along with two co-conspirators with various counts of fraud and unauthorized access related to their malware’s infection of over a million computers to obtain customers’ banking credentials. Source: http://www.wired.com/threatlevel/2013/01/mastermind-behind-gozi-charged/

8. January 23, Federal Bureau of Investigation – (California) Owner of Elk Grove mortgage business convicted in massive mortgage fraud scheme. The owner and principal operator of Liberty Real Estate and Investment Company was found guilty in a Sacramento court of submitting falsified documents for buyers in real estate transactions, almost all of which went into foreclosure, costing lending institutions more than $5.5 million. Source: http://www.loansafe.org/owner-of-elk-grove-mortgage-business-convicted-in-massive-mortgage-fraud-scheme

Information Technology

23. January 24, Krebs on Security – (International) Backdoors found in Barracuda Networks gear. Various spam filters, firewalls, and VPN appliances sold by Barracuda Networks contain undocumented backdoor accounts that could be remotely accessed via secure shell (SSH) and are accessible to hundreds of non-Barracuda companies, the vendor acknowledged. Source: http://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/

24. January 23, Softpedia – (International) Microsoft addresses XSS vulnerability on Delish. Microsoft fixed a cross-site scripting (XSS) vulnerability on its Delish cooking Web site after the issue was reported by a researcher. Source: http://news.softpedia.com/news/Microsoft-Addresses-XSS-Vulnerability-on-Delish-323618.shtml

25. January 23, InformationWeek – (International) Security flaws leave networked printers open to attack. A security researcher discovered flaws in Hewlitt-Packard’s JetDirect printer networking software which can be used to bypass security controls, disable printers, or reprint previous documents. Source: http://www.informationweek.com/security/vulnerabilities/security-flaws-leave-networked-printers/240146805

For another story, see item 7 above in the Banking and Finance Sector

Communications Sector

Nothing to report