Tuesday, July 17, 2012
Daily Report
Top Stories
• Authorities in northwest New Mexico said
vandals have used guns and other means to damage many natural gas wells beyond
repair. The vandals caused tens of thousands of dollars in damage. – Associated
Press
4.
July 13, Associated Press – (New
Mexico) Gas wells hit by vandals. Authorities in northwest New Mexico
said vandals targeting natural gas wells have caused tens of thousands of
dollars in damage, the Associated Press reported July 13. A San Juan County
sheriff’s detective said that at least seven wells have been vandalized in the
past 6 weeks north of Aztec. The companies that own the wells replaced them
because they were beyond repair. The companies also are on the hook for
environmental damage after some of the wells were riddled with bullets and
leaked fluid. The detective said cleanup costs in some cases hit $50,000.
Source: http://www.krqe.com/dpp/news/crime/gas-wells-hit-by-vandals
• A federal grand jury indicted two men, one
from Iran and the other from China, on charges of conspiring to send materials
from the United States to Iran for the purpose of enriching uranium. – NBC
News
7.
July 13, NBC News – (International) Indictment:
2 tried to send U.S. materials to Iran for nuclear program. A federal grand
jury indicted two men, one from Iran and the other from China, on charges of
conspiring to send materials from the United States to Iran for the purpose of
enriching uranium, the U.S. Justice Department said July 13. Using a Chinese
company as a go-between to avoid trade sanctions, the men tried for 3 years to
obtain U.S. materials, such as high-strength steel, that could be used in an
Iranian nuclear program, the department said. The Iranian citizen was arrested
in May in the Philippines, while the other man remains at large, the department
said. The two men succeeded in illegally exporting lathes and nickel-alloy wire
from the United States to China and then to Iran around June 2009, according to
the indictment. The Iranian man allegedly also began talking with an undercover
U.S. federal agent in 2009, including in emails in which he tried to acquire
radioactive source material. The emails continued into 2011, the indictment
said. Source: http://usnews.msnbc.msn.com/_news/2012/07/13/12727005-indictment-2-tried-to-send-us-materials-to-iran-for-nuclear-program?lite
• Shellfish harvesting in the Oyster Bay, New
York area was suspended after eight people who ate shellfish were sickened with
Vibrio parahaemolyticus infections. – Food Safety News
24.
July 14, Food Safety News – (New York)
Oyster Bay shellfish harvest suspended after 8 fall ill. Shellfish
harvesting in the area of Oyster Bay, New York, was suspended after eight
people who ate shellfish were sickened with Vibrio parahaemolyticus infections.
Approximately 1,980 acres on the north shore of Oyster Bay were closed until
environmental samples reveal the danger of Vibrio contamination has passed, the
New York Department of Environmental Conservation announced July 13. The New
York State Department of Health reported three residents of Nassau County —
where Oyster Bay is located — and five people from three other States became
ill after eating raw or partially cooked shellfish from Oyster Bay Harbor.
Laboratory analysis confirmed the infections were caused by the Vibrio
bacteria, a naturally occurring organism that thrives in warm marine water
environments. Source: http://www.foodsafetynews.com/2012/07/oyster-bay-shellfish-harvest-suspended-after-8-fall-ill/
• Three men were charged with stealing or
possessing guns and other equipment taken from an FBI agent’s government car
while it was parked in front of his house. – Associated Press
38.
July 15, Associated Press –
(Mississippi) 3 facing charges related to stolen FBI guns. Three men
were charged with stealing or possessing guns and other equipment taken from an
FBI agent’s government car while it was parked in front of his house, the
Associated Press reported July 15. Court records said one man broke into the
car in Hattiesburg, Mississippi, June 6, took a submachine gun, an assault
rifle, a shotgun, and other equipment and gave the loot to a second man.
Authorities said he then spread the weapons out on his bed, took a cellphone
photograph, and sent out sales pitches by text message. An alleged gang member
is charged with buying two of the guns — an M16 assault rifle and a shotgun —
for $120 and an ounce of marijuana. The men were charged the week of July 9 in
a four-count federal indictment. Source: http://www.sfgate.com/news/article/3-facing-charges-related-to-stolen-FBI-guns-3708360.php
• Emergency responders across the country and
in Horry County, South Carolina, have resorted to using expired medications or
making do without the emergency drugs because of shortages created by manufacturing
delays. – WPDE 15 Florence; Associated Press
39.
July 13, WPDE 15 Florence; Associated Press –
(South Carolina; National) Drug shortage hurts Horry County paramedics. Emergency
responders across the country and in Horry County, South Carolina, reported
they are struggling to deal with a shortage of drug supplies created by
manufacturing delays and industry changes, WPDE 15 Florence reported July 13. A
study from Salem, Oregon, showed some paramedics were injecting expired
medications, despite a risk they will not work as intended. Others were
scrambling to train paramedics to use alternative medications. In some cases,
ambulance crews have simply gone without drugs they cannot buy. One Central
Oregon fire department reported using expired supplies of 11 medications at the
peak of the crisis earlier in 2012. Another in Arizona went 3 weeks without any
drugs to treat seizures. In Horry County, paramedics had to struggle with
ordering different concentrations of medications to cope with the shortage of
others. They also had to shuffle resources of drugs from ambulances in rural
areas to more populated ones. Source: http://www.carolinalive.com/news/story.aspx?id=776241#.UAQUHJFnWtQ
• Two independent security researchers found a
vulnerability that involves over 300,000 instances of Niagara AX Framework, a
software platform installed in everything from energy management, to
telecommunications and security automation. – U.S. Industrial Control
Systems Computer Emergency Response Team See item 50 below in the Information Technology Sector
Details
Banking and Finance Sector
11. July 15,
Associated Press – (National) ‘Bucket List Bandit’ robs 4th bank. A man
dubbed the “Bucket List Bandit” who robbed a bank in Roy, Utah, the week of
July 9 used the same operating procedure at three other banks in Idaho,
Colorado, and Arizona in June, the Roy police chief said. The man walked into a
Wells Fargo branch July 6 and had a note ordering the teller not to mess with
him and to hand over a specific amount of money. The note also said he had just
4 months to live. The police chief said the man was wearing identical clothing
in all four robberies. The same man was also suspected of robbing the Ireland
Bank in Pocatello just a few hours before the Wells Fargo Bank in Roy. He was
also suspected of robbing banks in Arvada, Colorado, June 21 and Flagstaff,
Arizona, June 26. Source: http://www.deseretnews.com/article/765590070/Bucket-List-Bandit-robs-4th-bank.html
12. July 13,
Associated Press – (Michigan; National) Feds: Fraud totals nearly $300K at
Comerica ATMs. Criminals have stolen nearly $300,000 by installing
high-tech gadgets on Comerica Bank ATMs in the Detroit area and gleaning
personal information off customer cards, federal authorities said July 13. The
details were disclosed in a criminal complaint filed against a Detroit man who
was caught on surveillance video and admitted he installed and removed so-called
skimmers at Comerica ATMs, the U.S. Secret Service said. Counterfeit cards were
made with the information and then used for cash withdrawals, the Secret
Service said. The Detroit-area fraud began in April but has popped up elsewhere
in the country. Source: http://www.sfgate.com/news/article/Feds-Fraud-totals-nearly-300K-at-Comerica-ATMs-3705391.php
13. July 13,
KXTV 10 Sacramento – (National) ‘Bad hair bandit’ faces 21 bank robbery charges. A
registered nurse suspected in a string of multi-State bank robberies in 2011
was arraigned on 21 counts of robbery in a Sacramento, California federal court
July 13. The woman, described by prosecutors as a transient from Washington and
Idaho, was caught on Interstate 80 minutes after a bank hold-up in Auburn,
California, in August 2011. Law enforcement dubbed the suspect the “bad hair
bandit” because of different wigs and disguises worn during the robberies.
Besides the Bank of the West in Auburn, she is accused to robbing banks in
Sacramento and Davis as well as in Oregon, Washington, and Montana. Source: http://www.news10.net/news/article/200935/2/Bad-hair-bandit-faces-21-bank-robbery-charges
14. July 13,
WTMJ 4 Milwaukee – (Wisconsin) ‘Ball Cap Bandit’, another person arrested for
Germantown bank robbery. Police in Germantown, Wisconsin, arrested a man
July 13 suspected of robbing at least nine banks in southeast Wisconsin since
April. The “Ball Cap Bandit” and another person were taken into custody. The
two allegedly were involved in a robbery at a U.S. Bank branch that day and
their vehicle was identified by a sheriff’s deputy later the same day. Source: http://www.todaystmj4.com/news/local/162371156.html
15. July 13,
New Haven Independent – (Connecticut) 2 more plead guilty in
$10M mortgage scam. A second lawyer pleaded guilty in connection with a New
Haven, Connecticut mortgage fraud ring involving more than $10 million, the New
Haven Independent reported July 13. The lawyer pleaded guilty July 12 to
charges of conspiracy to commit mail fraud, wire fraud, and bank fraud. His
plea came two days after an admission of guilt by another lawyer to the same
charges. The fraudsters allegedly swindled lenders by falsely inflating the
price of homes with phony appraisals to get inflated mortgages, buying homes
for the real (as opposed to inflated) price, and then pocketing the difference.
The participants would then walk away from the properties, letting them fall
into foreclosure. Source: http://www.newhavenindependent.org/index.php/archives/entry/2_plead_guilty_in_10m_mortgage_scam/
16. July 13,
New York Times – (Iowa) Futures executive is arrested after admitting fraud. The
chief executive of the futures brokerage Peregrine Financial Group was arrested
in Cedar Falls, Iowa, July 13 after confessing to embezzling from clients and
defrauding banks over nearly 2 decades. He admitted that he stole more than
$100 million from his customers, prosecutors said. The formal charges, brought
by federal prosecutors in Iowa, accuse him of lying to government regulators.
The chief executive had tried to kill himself, and the criminal complaint
contained lengthy excerpts from a suicide note and statement that detailed his
crimes. A prosecutor said the executive could face additional charges. In his
note, the executive laid out how for nearly 20 years, he had forged false
account statements from U.S. Bank to embezzle millions of dollars from his
customers at Peregrine, which also did business as PFGBest. The Commodity Futures
Trading Commission previously filed civil fraud charges against Peregrine and
effectively shut the firm. Source: http://dealbook.nytimes.com/2012/07/13/futures-executive-confesses-to-stealing-millions-from-customers/
17. July 12,
Federal Bureau of Investigation – (California; Washington) Four
charged in $11 million loan origination scheme, Ramona real estate agent and
Seattle businessman enter guilty pleas. An unlicensed loan broker was
arrested July 12 in Las Vegas, and an indictment charged her, a Ramona,
California real estate agent, and the loan broker’s assistant with devising and
executing a $11 million mortgage loan origination fraud and kickback scheme in
California and Washington. Straw buyers were used to obtain mortgages with 100
percent financing to avoid making any down payments. The three individuals
falsified mortgage applications to obtain the loans, and then convinced sellers
to inflate the purchase price of the properties by about $100,000, allegedly to
be used for improvements. The defendants pocketed the money and allowed nearly
all 16 properties to fall into foreclosure. As a result of the foreclosures and
defaults caused by the defendants’ failure to make the mortgage payments they
promised, the defrauded lenders suffered losses of approximately $5 million.
Source: http://www.fbi.gov/sandiego/press-releases/2012/four-charged-in-11-million-loan-origination-scheme-ramona-real-estate-agent-and-seattle-businessman-enter-guilty-pleas
Information Technology Sector
41. July 16,
Softpedia – (International) Trend Micro confirms Yahoo! Mail flaw
possible cause of “Android botnet”. Researchers from mobile security firm
Lookout identified a security hole in the Yahoo! Mail application for Android,
which they believed to be responsible for the so-called mobile spam botnet.
July 16, Trend Micro experts confirmed the existence of the flaw. They could
not precisely say if the vulnerability is in fact responsible for the spam sent
out from mobile phones, but the fact that they independently appoint the same
weakness as a possible cause makes this scenario more plausible. The weakness
discovered by the researchers allows an attacker to steal a user’s Yahoo!
cookies. “This bug stems from the communication between Yahoo! mail server and
Yahoo! Android mail client. By gaining this cookie, the attacker can use the
compromised Yahoo! Mail account to send specially-crafted messages. The said
bug also enables an attacker to gain access to user’s inbox and messages,” a
mobile threats analyst said. Currently, the fix for the issue is being
coordinated with Yahoo! and the researchers promise a more technical analysis,
but in the meantime, users must be extra cautious when receiving shady pharmacy
advertisements that appear to be sent from Android devices via Yahoo! Mail.
Source: http://news.softpedia.com/news/Trend-Micro-Confirms-Yahoo-Mail-Flaw-Possible-Cause-of-Android-Botnet-281493.shtml
42. July 16,
H Security – (International) NVIDIA hackers publish user data. Late
the week of July 9, NVIDIA confirmed the database for its forums Web site was
broken into by unauthorized third parties, with data from more than 400,000
registered users affected. A hacker group calling itself “Team Apollo” has now
claimed responsibility for the breach which caused NVIDIA to take the site
down. As proof, they published email addresses and password hashes for about
800 users from the database on Pastebin, with more, apparently, to follow. If
the data proves to be genuine, NVIDIA’s statement that the password hashes were
salted would be contradicted: the database excerpt includes the hash
b018f55f348b0959333be092ba0b1f41 three times in the list, the result of
md5(‘nvidia123’). In addition, the hackers stated NVIDIA’s online store was
broken into, which NVIDIA did not mention to The H’s associates at heise
Security. The hacker group said the break-in occurred “a few weeks ago.”
Source: http://www.h-online.com/security/news/item/NVIDIA-hackers-publish-user-data-1643038.html
43. July 16,
V3.co.uk – (International) Symantec claims to have fixed PC-crashing
anti-virus update. Symantec promised that it fixed a bug in an anti-virus
update issued the week of July 9 that caused a number of Windows PCs to crash.
The problem occurred July 13 when the company released updates for its widely
used Symantec Endpoint Protection 12.1 and Norton anti-virus software for
businesses. The updates caused a number of PCs running Microsoft Windows XP
software to crash repeatedly, bringing up the “blue screen of death.” Symantec
has not said how many users were affected, though according to Reuters it
afflicted at least 300 of the company’s corporate customers. Source: http://www.v3.co.uk/v3-uk/news/2191762/symantec-claims-to-have-fixed-pccrashing-antivirus-update
44. July 16,
Softpedia – (International) Experts find filter bypass vulnerabilities in
Barracuda appliances. Security researchers from Vulnerability Lab
identified a serious security hole that could affect a number of companies that
rely on Barracuda products. They discovered a high severity validation filter
and exception handling bypass vulnerability in Barracuda’s appliances.
According to the experts, the input filter designed to block out persistent
input attacks is flawed, exposing all security appliances. The vulnerable
modules — Account MyResource Display and File Upload — persistently execute the
saved URL path (which can be a malicious code). The researchers said the flaw
can be fixed by parsing the second input request of the “file upload” function
and the path URL request. To demonstrate their findings, the experts published
a proof-of-concept video that shows how the input filter in Barracuda SSL VPN
can be bypassed by a local attacker to execute code persistently. Barracuda
Networks was notified of the issues sometime in May, but so far it is uncertain
when a patch will be made available. Source: http://news.softpedia.com/news/Experts-Find-Filter-Bypass-Vulnerabilities-in-Barracuda-Appliances-Video-281458.shtml
45. July 16,
H Security – (International) Security hole in Amazon’s Kindle Touch. The
Web browser built into Amazon’s Kindle Touch eBook reader contains a serious
security hole: when a user navigates to a specially crafted Web page, the
Kindle will execute arbitrary shell commands as root. This allows attackers to
access the eBook reader’s underlying Linux system at the highest privilege
level and potentially steal the access credentials for the Amazon account
linked to the Kindle, or purchase books with the Kindle user’s account. This
security issue was publicly documented about 3 months ago but did not attract
much attention. Recently, a browser-based jailbreak became available that
allows users to install software, which was not authorized for the device by
Amazon. The issue does not appear to affect any other Kindle models. Amazon’s
security department told heise Security that they are working on a patch. Source:
http://www.h-online.com/security/news/item/Security-hole-in-Amazon-s-Kindle-Touch-1642718.html
46. July 15,
NBC News – (International) Yahoo Voices password vulnerability fixed,
company says. Yahoo said it fixed the vulnerability that allowed 450,000
user email addresses and passwords to be stolen from its user-generated content
service, Yahoo! Voices. Yahoo said the “compromised information was provided by
writers who joined Associated Content prior to May 2010, when it was acquired
by Yahoo!. (Associated Content is now the Yahoo! Contributor Network.) This
compromised file was a standalone file that was not used to grant access to
Yahoo! systems and services.” Source: http://www.technolog.msnbc.msn.com/technology/technolog/yahoo-voices-password-vulnerability-fixed-company-says-883165
47. July 14,
SecurityWeek – (International) Following developer site hack, NVIDIA shuts
down online store. Following a shutdown of its “NVIDIA Developer Zone” the
week of July 9 after the online community for developers was hacked, graphics
chip maker NVIDIA also shut down its online store located at store.nvidia.com
July 13. The group of hackers behind the attack, going by the handle of “The
Appollo Project,” made mention of the claimed compromise in its original post
exhibiting its successful attack against the NVIDIA Developer Zone site. While
the company shut down the online store, it did not acknowledge that a
successful attack took place. But it appears to be reacting proactively based
on hacker claims and successful attacks on other sites. Source: http://www.securityweek.com/following-developer-site-hack-nvida-shuts-down-online-store
48. July 13,
CNET – (International) Intel OS X binary of latest multiplatform
malware discovered. The week of July 9, security company F-Secure uncovered
a new Web-based malware attack that uses Java to identify and distribute
platform-specific malware binaries to OS X, Windows, and Linux installations.
In the company’s first findings, the malware being issued for OS X was a
PowerPC binary, which prevented it from running on many Macs using Snow Leopard
and Lion; however, new developments unveiled an x86 binary. This new variant of
the malware is essentially the same as the previous findings, with the
exception that it will run on Lion and Snow Leopard systems without the need
for Rosetta. In the attack found the week of July 9, the downloaded binaries
would need to continue downloading more components to work properly, but in the
more recent findings these steps are packaged together, so once downloaded, the
binary is able to immediately function as a backdoor. Source: http://news.cnet.com/8301-1009_3-57471882-83/intel-os-x-binary-of-latest-multiplatform-malware-discovered/
49. July 13,
ZDNet – (International) Apple iOS in-app purchases hacked; everything
is free. Russian developer ZonD80 figured out how to circumvent Apple’s iOS
In-App Purchase program, allowing iPhone, iPad, and iPod touch users to acquire
digital game items, upgrade to full versions of applications, and purchase
additional content for free. The hack reportedly works on all Apple devices
running anything from iOS 3.0 to iOS 6.0 (the In-App Purchase program requires
iOS 3.0 or later). This circumvention technique relies on installing
certificates for a fake in-app purchase server as well as a custom DNS server.
The latter’s IP address is then mapped to the former, which in turn allows all
“purchases” to go through. ZonD80 could easily be gathering users’ iTunes
log-in credentials (as well as unique device-identifying data) in a
man-in-the-middle attack. Source: http://www.zdnet.com/apple-ios-in-app-purchases-hacked-everything-is-free-video-7000000877/
50. July 13,
U.S. Industrial Control Systems Computer Emergency Response Team –
(International) ICS-Alert-12-195-01—Tridium Niagara directory traversal and
weak credential storage vulnerability. Two independent security researchers
notified the Industrial Control Systems Computer Emergency Response Team
(ICS-CERT) of a directory traversal and weak credential storage vulnerability
with proof-of-concept exploit code for Tridium Niagara AX Framework software.
According to their research, the vulnerabilities are exploitable by downloading
and decrypting the file containing the user credentials from the server.
ICS-CERT is coordinating with the researchers and Tridium. Original attempts to
coordinate vulnerability information were unsuccessful and ICS-CERT, in
coordination with the researchers, was planning a release of the vulnerability
data. However, recent communications from Tridium indicated they were working
on a solution, resulting in the delayed release of this Alert so
mitigations/patches could be prepared. July 12, a public report came out
detailing the vulnerabilities and as a result, ICS-CERT shortened its release
schedule and issued this Alert to warn of the unpatched vulnerabilities.
Tridium released a security alert with instructions on how to implement interim
mitigations. Tridium stated they are testing a software update that will
resolve the vulnerabilities. ICS-CERT will issue an Advisory when the software
update is available. According to the Tridium Web site, more than 300,000
instances of Niagara AX Framework are installed worldwide in applications that
include energy management, building automation, telecommunications, security
automation, machine to machine, lighting control, maintenance repair
operations, service bureaus, and total facilities management. Source: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-195-01.pdf
Communications Sector
51. July 15,
Bay City News Service – (California) Vandals cut wires on Twin
Peaks, damage radio network. Vandals attacked a city communications
facility on Twin Peaks in San Francisco, cutting several wires, San Francisco
police said July 15. It appears that unknown suspects entered a city
communications facility and cut several wires, but did not steal any wiring or
other items, he said. The vandalism did not affect any essential services, but
because it involved the city radio network, the FBI was notified. Source: http://www.sfgate.com/crime/article/Vandals-cut-wires-on-Twin-Peaks-damage-radio-3708988.php
52. July 13,
KTVQ 2 Billings – (Montana) Lightning strike shuts down power to local TV and
radio transmitters. An apparent lightning strike cut power to multiple
transmitter sights near Sacrifice Cliffs overlooking Billings, Montana, KTVQ 2
Billings reported July 13. Sparks from an electric transformer started a small
grass fire that temporarily shut down power and transmission for local radio
stations, KTVQ-Television and Kulr-8. Lockwood Fire and Yellowstone County
sheriff’s deputies assessed the damage to a power pole that snapped in half and
was continuing to send sparks to the ground. Radio and TV tower lights were
being powered with backup generators, but the stations remained off the air for
some time. Source: http://www.ktvq.com/news/lightning-strike-shuts-down-power-to-local-tv-and-radio-transmitters/
For more stories, see items 41, 46, 49, and 50 above in the Information Technology Sector