Wednesday, May 11, 2011

Complete DHS Daily Report for May 11, 2011

Daily Report

Top Stories

• Associated Press reports federal regulators ordered in-depth inspections at Browns Ferry Nuclear Power Plant in Alabama, after deciding the failure of an emergency cooling system could have been a serious safety problem. (See item 6)

6. May 10, Associated Press – (Alabama) Ala. nuclear plant cited for safety. Federal regulators ordered in-depth inspections May 10 at Browns Ferry Nuclear Power Plant run by the Tennessee Valley Authority (TVA) in Alabama, after deciding the failure of an emergency cooling system there could have been a serious safety problem. The U.S. Nuclear Regulatory Commission (NRC) issued a red finding — the most severe ranking the agency gives to problems uncovered in its inspections — against the plant after it investigated how a valve on a residual heat removal system became stuck shut. Safety regulators said only five red findings have been issued nationwide in the past decade. In an emergency, the failure of the valve could have meant that one of the plant’s emergency cooling systems would not have worked as designed. The problem, which was identified as the plant was being refueled in October 2010, was fixed before the reactor was returned to service. “The valve was repaired prior to returning the unit to service and Browns Ferry continued to operate safely,” said the NRC’s Region II administrator. “However, significant problems involving key safety systems warrant more extensive NRC inspection and oversight.” It was not clear whether TVA officials would appeal the finding. TVA officials attributed the valve failure to a manufacturer’s defect, and said they inspected all similar valves in the facility. NRC officials were critical of the utility for not identifying the problem sooner through routine inspections and testing. The valve failed sometime after March 2009, but was not discovered until more than a year later. As part of the upcoming inspections, the NRC said it will review the plant’s performance, its safety culture and its organization. Source: http://www.google.com/hostednews/ap/article/ALeqM5hXNh72muUm_euidsqjuArVZrZJTw?docId=34f76c9a06a64585b9f953f61acd441e

• According to the Associated Press, nearly four dozen drivers of tour buses, taxis, and other commercial vehicles were charged with felonies for holding commercial licenses even though they had other licenses suspended under different names. (See item 18)

18. May 9, Associated Press – (New York) NY crackdown ensnares 46 bus drivers. Nearly four dozen drivers of tour buses, New York City buses, taxis, and other commercial vehicles were charged with felonies for holding commercial licenses even though they had other licenses suspended under different names, New York’s governor announced May 9. The latest and broadest crackdown on commercial drivers comes after a tour bus crash in March that killed 15 people returning to New York City from a Connecticut casino. The licensed drivers include four working for the Metropolitan Transportation Authority (MTA), one of whom is a mechanic who also drives buses in MTA facilities. Their driver’s licenses are suspended pending court action. “Many of the individuals arrested today obtained multiple driver licenses in order to collect benefits, and even worse, to conceal violent criminal histories,” said the New York City police commissioner. He told the Associated Press the arrests were the result of partnerships with authorities from the New York City Police Department and U.S. Customs, along with prosecutors in suburban Westchester, Rockland, and Nassau counties, and in the New York City boroughs of Queens, the Bronx, and Brooklyn. The state department of transportation has made 1,960 surprise roadside inspections since March 17. State police issued 197 tickets and 173 bus drivers and 143 buses were sidelined.The department of motor vehicle facial recognition technology, first used last year, has so far identified more than 3,000 people with multiple licenses. More than 600 were arrested on felony charges. Source: http://www.google.com/hostednews/ap/article/ALeqM5hB300YeY6lf80RVAMPX9PuXiPFvQ?docId=d39882209d7a4a88b8b9db0009799c36

Details

Banking and Finance Sector

11. May 10, Wall Street Journal – (National) Reports of mortgage fraud reach record level. Reports of mortgage fraud, which have been increasing since the housing boom, rose to their highest level on record in 2010, Treasury Department figures showed May 9. The Financial Crimes Enforcement Network, a Treasury agency, reported 70,472 “suspicious activity reports” related to suspected mortgage fraud, up from 67,507 in 2009, or a 5 percent increase. That is the highest number recorded by the government since tracking began in 1996. At the height of the U.S. housing boom, in 2006, more than 37,000 fraud reports were recorded. In 2001, before the housing market heated up, there were 4,695 reports of suspected mortgage fraud. Much of the suspected fraud being reported took place several years ago and is only now coming to light, according to Lexis-Nexis’s Mortgage Assert Research Institute, a data service, which issued a report May 9 highlighting the statistics. Last July, the Obama administration began a broad effort to investigate and prosecute mortgage fraud that resulted in 485 arrests and 1,215 criminal defendants in cases that resulted in the recovery of about $147 million of $2.3 billion in losses, according to the Department of Justice. Source: http://online.wsj.com/article/SB10001424052748704681904576313591278154546.html?mod=googlenews_wsj

12. May 10, Associated Press – (California) 6 charged in LA with ID theft, $3m bank fraud. A federal grand jury in Los Angeles, California, has charged six people with an identity theft fraud that cost banks more than $3 million. The U.S. attorney’s office said the jury returned a 29-count bank fraud indictment the week of May 2 against an Arkansas woman and six associates from Los Angeles, Beverly Hills, and Carson. Prosecutors said they stole Social Security numbers and other personal information from people with good credit scores, then used the information to set up phony businesses and obtain more than 70 lines of credit from Bank of America and Wells Fargo. The money was used for personal expenses. All six have been arrested. If convicted, they could be could be sentenced to hundreds of years in federal prison. Source: http://www.mercurynews.com/portal/breaking-news/ci_18031938?nclick_check=1&_loopback=1

13. May 10, Spokane Spokesman-Review – (Washington) ‘Bad Hair Bandit’ strikes again. A bank robber dubbed the “Bad Hair Bandit” and linked to as many as 15 holdups across Puget Sound and Eastern Washington, struck May 9 in Spokane, Washington. Deputies were dispatched at 12:17 p.m. to the Chase bank branch at 822 W. Francis Avenue after employees said a woman entered the building and demanded money while implying she had a weapon, a sheriff’s spokesman said. Witnesses described the woman as a 5-foot-6, 220-pound white female. Tellers said she had dark brown hair with bangs and possibly a wig. She wore a blue hooded sweatshirt. The FBI has linked the robber to 14 holdups across Washington, the spokesman said. The bandit may be staying in lower-cost motels, said the spokesman, who also announced a special reward by Crime Stoppers for information that leads to her arrest. Source: http://www.spokesman.com/stories/2011/may/10/bad-hair-bandit-strikes-again/

14. May 9, AnnArbor.com – (International) Chelsea State Bank, FBI investigating ‘widespread’ fraud attack on debit card accounts. Chelsea State Bank (CSB) in Chelsea, Michigan is investigating a suspected incident of debit card fraud that caused bank officials to temporarily shut down the accounts of about 5,000 customers May 7. The CEO of CSB said the bank and the FBI are actively trying to determine how many customers were affected. The CEO said the bank has about 5,000 debit card holders — and those accounts were frozen after the bank discovered suspicious purchases that started May 7 in Australia. He said that bank customers whose funds were misused would not be forced to accept losses, and that the bank’s losses would be covered by insurance. The bank notified its customers over the weekend of May 7 and 8 that their accounts had been temporarily frozen. He said it was too early to estimate how much money was affected. The attacker tried to “duplicate existing debit card accounts” by acquiring “a good (account) number” and running “sequential numbers after that” to make purchases, the CEO said. The CEO emphasized the attacker did not gain inside access to the customer’s accounts. Instead, the suspect successfully forged account numbers to make purchases. He said it is too early to know how the attacker acquired the numbers. “It’s not a computer system breach,” he said. Source: http://www.annarbor.com/business-review/chelsea-state-bank-investigating-widespread-fraud-attack-on-debit-card-accounts/

15. May 9, Federal Bureau of Investigation – (Arkansas) Arkansas banker charged in fraud conspiracy with Northport Farm Credit manager. Federal prosecutors May 9 charged an Arkansas man with conspiring with the branch manager of a Northport farm credit institution to profit from fraudulent loans, announced a U.S. attorney and the FBI Special Agent in Charge. A one-count information filed in U.S. district court charges the 44-year-old man with conspiracy to commit bank fraud. He is charged with conspiring with an accomplice to defraud First South Farm Credit in Northport of $271,190 by creating false loans. In March, prosecutors charged the accomplice with four counts of defrauding First South Farm Credit of about $1.9 million between 2007 and 2010. The man pleaded guilty to the charges April 25. Those $1.9 million in fraudulent loans do not include the false loans to the Arkansas man charged on May 9. Source: http://www.loansafe.org/arkansas-banker-charged-in-fraud-conspiracy-with-northport-farm-credit-manager

Information Technology

44. May 10, Help Net Security – (International) Fake Patch Tuesday alert leads to Zeus infection. As the latest patches are supposed to be released May 11, scammers have initiated a low-volume spam campaign that holds a link to a zeus trojan variant masquerading as the update. “The executable (the fake patch) is being hosted on a compromised domain and at the time of writing holds an 11 percent detection rate on VirusTotal,” warned Websense researchers. The message looks legitimate, as the headers were made to look like it is coming from Microsoft Canada, the text in the message is written in both English and French, and there are very few spelling errors. What could tip off the users to the fact that this is a fake message is the subject line (“URGENT: Critical Security Update”), with which the attackers try to generate a sense of urgency with the intent of making users less careful. Source: http://www.net-security.org/malware_news.php?id=1717

45. May 10, Help Net Security – (International) Fake AV spreading via Yahoo! Answers. Bkis researchers have recently spotted some new fake AV variants being distributed under the guise of legitimate questions on Q&A sites such as Yahoo! Answers and public forums. What they discovered is a number of questions answered with a variant of “Anyway, I think this will help you [LINK]” The offered link takes the users to a site (answers-yahoo-z(dot)tk) mimicking the Yahoo! Answers site (answers.yahoo.com). The user is supposed to download the file with the answer, but in reality it is an executable — a fake AV downloader. Similarly poisoned are other Q&A sites and forums. The offered links consistently drive the traffic to the same Web site. The link is likely to be changed in the future. Source: http://www.net-security.org/malware_news.php?id=1716

46. May 9, Computerworld – (International) Security firm exploits Chrome zero-day to hack browser, escape sandbox. French security company Vupen said May 9 that it has figured out how to hack Google’s Chrome by sidestepping not only the browser’s built-in “sandbox” but also by evading Windows 7’s integrated anti-exploit technologies. Google said it was unable to confirm Vupen’s claims. “The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox,” Vupen said in a blog post May 9. “It is silent (no crash after executing the payload), it relies on undisclosed (‘zero-day’) vulnerabilities and it works on all Windows systems.” According to Vupen, its exploit can be served from a malicious Web site. If a Chrome user surfed to such a site, the exploit executes “various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.” Source: http://www.computerworld.com/s/article/9216542/Security_firm_exploits_Chrome_zero_day_to_hack_browser_escape_sandbox

47. May 9, IDG News Service – (International) WebGL hit by hard-to-fix browser security flaw. The WebGL graphics technology turned on by default in Firefox and Chrome poses a serious security risk and IT managers should consider disabling it, a security consultancy has recommended. The flaws researched by U.K. consultancy Context Information Security are serious enough, the company said, to allow an attacker to compromise the attacked PC through the poorly defended graphics card layer, or at least crash the system to make it more vulnerable. The company confirmed that it was able to exploit systems using proof-of-concept attacks with certain graphics cards in a way — kernel mode — that breached the most secure ring of an OS. “The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so the interface (API) they expose assumes the applications are trusted,” a Context research and development manager said. “While this may be true for local applications, the use of WebGL-enabled, browser-based applications with certain graphics cards now poses serious threats from breaking the cross-domain security principle to denial of service attacks, potentially leading to full exploitation,” he said. The most serious of Context’s claims is the flaws in WebGL are inherent to its architecture and will be extremely difficult to fix. “In the short term, individual end users or IT departments can avoid potential problems by simply disabling WebGL within their browsers; but the only long-term solution is for the developers of WebGL itself to ensure the specification is designed and tested to prevent these types of risks,” the Context research and development manager said. The company believes WebGL was not suitable for mass adoption. Source: http://www.computerworld.com/s/article/9216539/WebGL_hit_by_hard_to_fix_browser_security_flaw

48. May 9, Associated Press – (International) Sony aims to fully restore PlayStation Network, down by hacker attack, by end of May. Sony said May 10 it aims to fully restore its PlayStation Network, shut down after a massive security breach affecting over 100 million online accounts, by the end of May. Sony also confirmed personal data from 24.6 million user accounts was stolen in the hacker attack in April. Personal data, including credit card numbers, might have been stolen from another 77 million PlayStation accounts, a Sony Computer Entertainment Inc. spokesman said. He said Sony has not received any reports of illegal uses of stolen data, and the company is continuing its probe into the hacker attack. He declined to give details on the investigation. Sony shut down the PlayStation network, a system that links gamers worldwide in live play, April 20 after discovering the security breach. Source: http://www.washingtonpost.com/business/sony-aims-to-fully-restore-playstation-network-down-by-hacker-attack-by-end-of-may/2011/05/10/AFY3C0dG_story.html

49. May 8, The Register – (International) Think file-hosting sites guard your private data? Think again. Academic researchers said they have uncovered weaknesses in dozens of the most popular file hosting sites that allow people to gain unauthorized access to data that is supposed to be available only to those selected by the user. The services, which include sites such as RapidShare, FileFactory, and Easyshare, allow users to upload large files and make them available to anyone who knows the unique Uniform Resource Identifier (URI) bound to each one. Users may post the link on Web sites or forums available to the public or share it in a single e-mail to prevent all but the recipient from downloading it. RapidShare, for instance, said it can be used to “share your data with your friends, colleagues or family.” But according to academics in Belgium and France, a “significant percentage” of the 100 file hosting services (FHS) they studied made it trivial for outsiders to access the files simply by guessing the URLs that are bound to each uploaded file. They presented evidence that such attacks, far from being theoretical, are already happening in the wild. Source: http://www.theregister.co.uk/2011/05/08/file_hosting_sites_under_attack/

Communications Sector

50. May 9, Florida Times-Union – (Florida) Digital billboards light up in Jacksonville; opponents plan lawsuit. Clear Channel Outdoor has installed three of the eight digital billboards it plans for Jacksonville, Florida giving motorists a view of the technology that lit up city council debate and appears headed for a showdown in court. Though smaller electronic signs in front of Jacksonville businesses and churches have used similar technology for years, the billboards being built by Clear Channel are the first of their kind in the city. The division president for Clear Channel Outdoor, said advertisers can purchase time slots for digital billboards and customize messages for different times of the day. Digital billboard opponents are preparing to go to court to make the signs go dark. A Jacksonville attorney who represents Scenic Jacksonville, said a 1995 settlement agreement with the billboard industry does not allow construction of digital billboards. The settlement agreement followed a 1987 city charter election where voters approved reducing the number of billboards in Jacksonville. He said each time a digital billboard goes into operation, “it’s a violation of the settlement and the charter, under our position.” He said rather than amend a lawsuit each time another digital billboard goes up, opponents will wait until the billboards are up and then make a final decision on challenging them in court. The city’s general counsel’s office has taken the position the settlement agreement does not bar digital billboards. Source: http://jacksonville.com/business/2011-05-09/story/digital-billboards-light-jacksonville-opponents-plan-lawsuit

Tuesday, May 10, 2011

Complete DHS Daily Report for May 10, 2011

Daily Report

Top Stories

• The Anchorage Daily News reports authorities evacuated about 50 homes May 6 in the Trapper Creek, Alaska area after the discovery of 550 pounds of unstable ammonium nitrate and nitoglycerine in the trunk of an abandoned station wagon. (See item 5)

5. May 8, Anchorage Daily News – (Alaska) Explosives detonation rattles dozens of Trapper Creek homes. Authorities evacuated about 50 homes May 6 in the Trapper Creek, Alaska area after the discovery of roughly 550 pounds of aging, unstable explosives in the trunk of an abandoned station wagon, state troopers said. An explosives team from Joint Base Elmendorf-Richardson destroyed the cache, which included 15- to 20-year-old ammonium nitrate and nitroglycerine, and the car, at 2 a.m. May 7. No one was injured, though some neighbors reported shattered windows. The explosives had been in the car since the mid-1990s, when a man who owns the property moved them there from a nearby railroad boxcar or boxcars, said a wildlife trooper. The man has been living in one of the railroad cars, a trooper spokeswoman said. She declined to identify him because he had not been charged with a crime. The incident, which displaced neighboring families for hours, began when the man left a message for the wildlife trooper to visit his property for what at the time were unknown reasons, troopers said. Source: http://www.adn.com/2011/05/07/1851016/explosives-detonation-wakes-up.html

• According to WNYW, two breaches occurred where suspects with fireworks, and a man who made a bomb threat, got into train tunnels in New York and New Jersey. (See item 20)

20. May 9, WNYW 5 New York – (New York; New Jersey) 2 rail security breaches cause scares. Two rail security breaches reportedly occurred within hours of each other in New York, New York, May 8 as authorities remained on alert for an al-Qaida attack. In one breach near the World Trade Center, a man slipped into a train tunnel and walked from Manhattan to New Jersey before saying that he left a bomb in the tunnel. That scare — and an unrelated escapade involving four “urban explorers” infiltrating an under-construction subway tunnel — came just days after the FBI warned that al-Qaida could be targeting U.S. trains. There was no bomb on the tracks, police said. Officials said that a 20-year-old man, of Bayonne, New Jersey, hopped down onto the tracks in a Manhattan tunnel from a station being patrolled by two Port Authority officers. The suspect then walked the 2 miles to Jersey City, New Jersey. A Port Authority contractor spotted him exiting at around 3 a.m. May 8 and called police. “I just put a bomb down on the tracks,” he allegedly told officers. The tunnel was shut down while the Joint Terrorism Task Force and bomb-sniffing dogs searched for a device. He was charged with criminal trespass, evaluated at a hospital, and released. Separately, at around 4:30 a.m., police arrested four men who allegedly sneaked into the Second Avenue subway tunnel carrying Roman candles and cameras. The men told cops they were part of an “urban explorers” group and that they planned to use the fireworks for light for photos. The four were charged with criminal trespass after a Harlem resident alerted cops that the group descended into the tunnel around 112th Street. Source: http://www.myfoxny.com/dpp/news/2-rail-security-breaches-cause-scares-new-york-city-ncx-20110509

Details

Banking and Finance Sector

15. May 6, Detroit Free Press – (Michigan) Brighton man steps off plane, is arrested in $50M Ponzi scheme. A man whom federal authorities have accused of fleecing 440 investors in a $50 million Ponzi scheme, was arrested May 5 in New York City after getting off an inbound flight from Italy, the U.S. attorney’s office said May 6. The arrest means the 42-year-old man of Brighton, Michigan, is facing criminal charges for what authorities have described as one of Michigan’s largest investment schemes. A criminal complaint unsealed May 5 makes no mention of a Ponzi scheme. It allegesthe man misled investors about how their money would be used, how secure their money would be, and the returns they could expect. He also told investors he would not be paid unless BBC was profitable, which was untrue, the FBI said in a criminal complaint. The suspected fraudster is the founder and chairman of BBC Equities, LLC., which authorities have dubbed the Billionaire Boys Club. The Securities and Exchange Commission accused the man and a co-conspirator in a civil complaint in July 2009 of defrauding investors in a real estate investment scheme. It said the pair promised investors 8-12 percent annual returns. The criminal complaint said of the more than $50 million collected from investors, only $20.7 million was invested in real estate. It said a significant portion was used to pay the man’s personal expenses. Source: http://www.freep.com/article/20110506/NEWS06/110506029/Brighton-man-steps-off-plane-arrested-50M-Ponzi-scheme

16. May 6, WABC 7 New York – (New Jersey) ‘Dapper Bandit’ burglary spree in New Jersey. A bank burglar, dubbed the “Dapper Bandit”, wears a suit coat, shined shoes, and creased pants, and he is wanted in connection with crimes at banks in Essex, Union, and Bergen counties in New Jersey since April. The suspect was caught on surveillance video near a safe at a Livingston bank in New Jersey. He used a crowbar to open cash drawers at banks once they have closed for the day. He has left without money from a few of his break-ins, but he has made off with an unknown amount of cash from others. No one has been injured in any of the incidents. Source: http://abclocal.go.com/wabc/story?section=news/local/new_jersey&id=8117183

17. May 6, KSLA 12 Shreveport – (Texas; Louisiana) Waskom bank robbery: FBI investigating connection to Shreveport robberies. The FBI is looking into the possibility of a connection between an armed robbery of a Waskom, Texas bank May 6 and a series of hold-ups in the Shreveport, Louisiana area. Around 1:20 p.m. May 6, witnesses said a man armed with a gun ran in to the Citizens National Bank in Waskom and demanded money from a teller. Police said the man took off on foot with an undisclosed amount of cash. The suspect was described as being about 5’11” to 6’ tall with a slender build. He was wearing a ski mask, a red long-sleeve shirt, baggy pants, and white tennis shoes. Waskom schools were placed on lockdown immediately following the armed robbery. It was lifted at 2:20 p.m., and students were sent home shortly afterward. Eight Shreveport area banks have been held up since December 2010, including the Chase bank on E. 70th Street December 16. It was robbed again December 30. Source: http://www.ksla.com/story/14590159/waskom-bank-robbery-fbi-investigating-connection-to-shreveport-robberies

18. May 5, Chico Enterprise-Record – (California) Two guilty pleas in Chico mortgage fraud scheme. Two of the principal players in a multimillion dollar mortgage fraud scheme in Chico, California, pleaded guilty May 5 in federal district court in Sacramento. A 29-year-old man pleaded guilty to one count of mail fraud and one count of money laundering, and a 31-year-old woman pleaded guilty to one count of mail fraud. In the May 5 hearing, the 29-year-old admitted he and others originated approximately $21 million in fraudulent loans, causing losses to lenders of more than $4 million. A Chico builder, who has already pleaded guilty, was among those involved in the scheme. Source: http://www.chicoer.com/breakingnews/ci_18003714

Information Technology

41. May 9, Softpedia – (International) Sony deals with third breach. Sony has dealt with a new breach over the weekend of May 7 and 8 that exposed the names and partial addresses of 2,500 people who participated in a sweepstakes contest 10 years ago. Sony learned about the intrusion after hackers stole the information and posted it on a public Web site. The company took measures to remove the data from the Internet and apologized for the new incident. The information was taken from a Web site that was used for a product sweepstakes contest back in 2001. “The Web site was out of date and inactive when discovered as part of the continued attacks on Sony,” the company told Reuters. No credit card details, Social Security numbers, or user passwords were compromised in this new incident. The breach comes after recent reports that a group of hackers was planning a new attack against Sony that was to involve the disclosure of sensitive information stolen from its systems. There is no evidence to definately link the rumored plan to the new breach. Sony also announced that restoring the PlayStation Network and Qriocity services has been further delayed. Source: http://news.softpedia.com/news/Sony-Deals-with-Third-Breach-199092.shtml

42. May 7, Softpedia – (International) Fix for critical Skype vulnerability available. Skype announced a patch for a vulnerability in its Mac client that could be used to remotely execute code has been available since April 14, despite users not being automatically notified. A senior security consultant at security vendor Pure Hacking, publicly reported the existence of the critical flaw May 6. He found the vulnerability by chance when he pasted a payload to a colleague on Skype as part of an unrelated discussion. The colleague’s Skype client crashed, prompting the researcher to further investigate the strange behavior. After additional testing, he concluded that only the Mac client was vulnerable. The researcher classified the vulnerability extremely wormable and dangerous and explains that an attacker can exploit it by simply sending a message to the victim. The researcher decided to publicize the issue one month after notifying Skype because he did not see a fix being released. A Skype spokesman claimed a hotfix (Skype for Mac version 5.1.0.922) has been available since April 14, but that users have not been automatically prompted to update. Source: http://news.softpedia.com/news/Fix-for-Critical-Skype-Vulnerability-Available-198996.shtml

43. May 6, Help Net Security – (International) Facebook scammers go back to using Javascript. As users become accustomed to ignoring one particular scam approach — and as Facebook is becoming more adept at spotting and blocking the rogue applications — the copy/paste script one is making a comeback. The most popular lure used by these scammers is the undying “See who viewed your profile” offer. The landing page could be a Facebook one or one hosted on another domain, and it asks the user to copy some Javascript into the browser address bar and press “Enter.” Once the directions are executed, the user is asked to fill out a survey in order to finally get the results. In the meantime, the Java script does its job. “Depending on the configurations of the attacker, the script will post a new bait message to the user’s wall, send chat messages to friends, tag you in post messages or images, or even create an event and send an invitation to all your friends,” Symantec explains. “Of course as always the attack is easy configurable through a toolkit. Since the script runs in the context of Facebook and uses your open session it can do a lot with your profile, it can do nearly everything you could do yourself.” Source: http://www.net-security.org/secworld.php?id=10987

44. May 6, H Security – (International) Google Images search results may lead to malicious sites. Postings by SANS Internet Storm Center and a security specialist describe how, in recent weeks, both have been receiving many reports that vulnerabilities in Google Images search are being exploited to load malicious software onto users’ systems. Both sources state users were being led to fake anti-virus Web sites and presented with false security alerts. The Internet Storm Center gives a detailed description of the exploit: legitimate sites are compromised and scripts are planted on them; these scripts monitor Google Trends for suitable search terms and create fake Web pages containing text and images culled from various Web sites; these Web pages and the images they contain are then indexed by the Google bots; when a user clicks on a relevant thumbnail in the results of a Google Images search, the exploit will be triggered and the user directed to a fake anti-virus Web site. Source: http://www.h-online.com/security/news/item/Google-Images-search-results-may-lead-to-malicious-sites-1238858.html

45. May 6, Computerworld – (International) Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher. Although Microsoft patched multiple DLL load hijacking vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9) can still be exploited, a security company warned May 6. Microsoft confirmed it is investigating the claims by Acros Security. Researchers from Acros will demonstrate the new attacks at the Hack in the Box security conference later in May. “We’ll reveal how IE8 and IE9 can be used on Windows 7, Vista and XP for attacking users without any security warnings, even in ‘Protected mode,’ and how to remotely make many seemingly-safe applications, for example, Word 2010 and PowerPoint 2010, vulnerable,” Acros’s CEO said May 6. The attack class called “DLL load hijacking” by some, but dubbed “binary planting” by Acros, jumped into public view last August when the creator of the Metasploit penetration hacking toolkit and chief security officer at Rapid7, found dozens of vulnerable Windows applications. His report was followed by others, including several from Kolsek and Acros. Many Windows applications do not call DLLs using a full path name, but instead use only the filename, giving hackers a way to trick an application into loading a malicious file with the same title as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shared folders, or get them to plug in a USB drive — and in some cases con them into opening a file — they can hijack a PC and plant malware on it. Since the original report, Microsoft has issued 13 DLL load hijacking-related updates stretching from November 2009 to April 2011, when it patched a pair in Office and Visual Studio as part of a massive 64-fix update. Source: http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher?taxonomyId=17&pageNumber=1

46. May 6, Computerworld – (International) LastPass says users no longer have to reset passwords. LastPass May 6 rescinded its day-old order that all users of its online password management system reset their master passwords due to a database breach. In a LastPass blog post May 6, the company said it will not allow users to change master passwords “until our databases are completely caught up and we have resolved outstanding issues.” In an e-mail to Computerworld, LastPass’s CEO said the company changed its plan in response to demands from users asking they not be required to reset their passwords. “They’re asking because they know how strong their master password is — that it’s not vulnerable and therefore they know they’re safe even if it was exposed,” he said. However, comments posted on a LastPass blog suggest the company’s decision may also be related to trouble some users appear to be having with the password reset process. The LastPass blog post acknowledged it had “identified an issue” with roughly 5 percent of users that reset their master passwords. The company said it would be contacting those users about a fix to the problem. Source: http://www.computerworld.com/s/article/9216471/LastPass_says_users_no_longer_have_to_reset_passwords

Communications Sector

Nothing to report