Thursday, August 16, 2012
Daily Report
Top Stories
• A contractor working on a natural gas pipeline
in Washington County, Pennsylvania, unearthed a live pipe bomb that police said
could have caused significant damage. – Pittsburgh Post-Gazette
3.
August 15, Pittsburgh Post-Gazette –
(Pennsylvania) Pipe bomb discovered on natural gas pipeline. A
contractor working on a natural gas pipeline in Washington County,
Pennsylvania, unearthed a pipe bomb August 13. The device was detonated by the
Allegheny County bomb squad. ―One of our contractor’s employees found a small
pipe device on a right-of-way‖ where a pipeline is being constructed near Rural
Valley Road in Buffalo, said the director of corporate communications for
National Fuel Supply Corp. Police characterized the device as a ―live pipe
bomb‖ that could have caused a catastrophe. The spokeswoman said police later
scoured the pipeline route with bomb-sniffing dogs but could find no other
devices. Source: http://shale.sites.post-gazette.com/index.php/news/archives/24744
• West Nile virus is spreading faster than it
has in years, federal health officials stated, noting that as of August 14, the
mosquito-borne disease was responsible for 693 illnesses and 28 deaths in 32
states. – USA Today
30.
August 15, USA Today – (National) West
Nile virus spreads faster. West Nile virus is spreading faster than it has
in years, health officials stated, and the pace of the mosquito-borne disease
is getting worse, USA Today reported August 15. States are reporting more cases
than usual, said a specialist in mosquito-borne diseases with the Centers for
Disease Control and Prevention (CDC) in Fort Collins, Colorado. Texas is
getting the worst of it. Sixteen people have died of West Nile virus this
summer in Texas. That is out of 381 cases of the illness. Nationwide there have
been at least 693 cases and 28 deaths, according to the CDC and State numbers
released August 14. That is up from 390 cases and 8 deaths the week of August
6. Thirty-two states have had cases of West Nile, the CDC said. Louisiana has
had six deaths in 68 cases, Oklahoma one death in 55 cases, and Mississippi one
death in 59 cases. In Arizona, there has been one death in seven cases.
California had 23 cases, one of which was fatal, and South Dakota had one
fatality in 37 cases. Source: http://www.usatoday.com/news/health/story/2012-08-14/west-nile-virus-mosquito/57057540/1?csp=34news
• A gunman who shot a security guard August 15
at the Family Research Council office in Washington, D.C., carried a handgun
and several additional rounds of ammunition, federal investigators said. – NBC
News
53. August
15, NBC News – (Washington, D.C.) Security guard shot at conservative
group’s D.C. office. A gunman who shot a security guard August 15 at the
Family Research Council (FRC) office in Washington, D.C., carried a handgun and
several additional rounds of ammunition, federal investigators said. When
challenged by the security guard, the gunman shot the guard in the arm. He was
then detained by other guards, and district police and the FBI responded. He
was taken into custody by FBI agents. The FBI will have jurisdiction if the
incident turns out to be a hate crime. One law enforcement official told NBC
News it was fairly clear the FRC was the man’s target. Officials said the
suspect came from Herndon, Virginia. The FBI said the security guard was in the
hospital and was ―doing OK.‖ Federal officials said the suspect was carrying a
backpack with materials related to Chick-fil-A restaurants. The FRC’s
presidentl sent an email to members in July in support of comments by the
restaurant chain’s president on same-sex marriage. Two federal officials said
the suspect appeared mentally disturbed. Source: http://usnews.nbcnews.com/_news/2012/08/15/13298020-security-guard-shot-at-conservative-groups-dc-office?lite
• A recent seismic hazard assessment found
greater earthquake potential for the central Washington area where many dams
are located. – NPR
62.
August 14, NPR – (Washington; Oregon) Earthquake
study raises risk potential around central Wash. dams. A recent seismic
hazard assessment found greater earthquake potential for the central Washington
area than previously thought. Estimates for how strongly the ground could shake
from a local earthquake has tripled or quadrupled since the building of
hydropower dams in the area. The study took 4 years to produce and was
commissioned by three Washington public utility districts, covering their six
large hydropower dams. A consulting seismologist said the risk comes primarily
from crumpling of the earth’s crust rbetween the Oregon-Washington border,
Yakima, Ellensburg, and Wenatchee. Seismic retrofits could cost ratepayers
across the region hundreds of millions of dollars. The Mid-Columbia dam owners
and their federal regulator are taking an approach that has very little
tolerance for risk and are prepared to spend money to protect against an event
that may only happen once every 10,000 years. The new information about
earthquake potential in central Washington has prompted the U.S. Department of
Energy to launch its own seismic risk update for the Hanford site and its sensitive
nuclear facilities. Separately, the Eugene Water & Electric Board ordered a
similar comprehensive seismic reevaluation of its hydropower dams on the
McKenzie River in the Oregon Cascade foothills. Source: http://www.npr.org/templates/story/story.php?storyId=158761474
Details
Banking and Finance Sector
13. August
15, Help Net Security – (International) Malware-laden emails
target hedge fund managers. A highly targeted spam campaign aimed at hedge
and private equity fund managers has recently been spotted by Barracuda Labs
researchers, Help Net Security reported August 15. The email looks like it has
been forwarded a few times, and supposedly has a document with details about
NSYE carried interest fees attached to it. Recipients who do not notice that
the file in question is an executable and run it are faced with a PDF that
contains the information: ―SEC Release Adopts New Rule 13h-1 and Form 13H;
Large Trader Reporting.‖ The PDF comes bundled with a keylogger, which secretly
installs itself on the victim’s machine and begins recording keystrokes and
sending them to a remote server via FTP. The researchers have managed to follow
the traffic to the server, and to peek inside it. They discovered that all the
files containing the keystrokes are neatly deposited in a folder and, according
to the number of existing folders, the attackers have managed to compromise at
least 20 computers so far. Source: http://www.net-security.org/malware_news.php?id=2222
14. August
14, Akron Beacon Journal – (Ohio) FBI seeks robber of five area
banks. The FBI is circulating video images of a man police believe robbed
five Akron, Ohio-area banks since July 2. The robberies all occurred at banks
inside grocery stores, and most happened on a Friday between 4 and 6 p.m. The
man either has shown a weapon in his waistband or has indicated he has a
weapon, according to a news release from a special agent in charge of the FBI’s
Cleveland Division. The robberies took place July 2 at U.S. Bank inside Fishers
Food in Plain Township; July 20 at U.S. Bank inside Giant Eagle in Cuyahoga
Falls; July 27 at Huntington Bank inside Giant Eagle in Youngstown; August 3 at
Huntington Bank inside Giant Eagle in North Canton; and August 10 at Huntington
Bank inside Giant Eagle in Canton. A reward is being offered for information
leading to the man’s arrest. Source: http://www.ohio.com/news/local-news/fbi-seeks-robber-of-five-area-banks-1.327155
15. August
14, New York Times – (International; New York) Standard Chartered settles Iran
inquiry for $340 million. Standard Chartered, the British bank, has agreed
to pay New York’s top banking regulator $340 million to settle claims it
laundered hundreds of billions of dollars in tainted money for Iran and lied to
regulators, the New York Times reported August 14. The agreement is a victory
for the New York Superintendent of Financial Services and his 10-month old
agency, which took on the bank alone in charging it schemed for nearly a decade
with Iran to hide from regulators 60,000 transactions worth $250 billion. Some
federal authorities worry the deal has the potential to undercut a sweeping
settlement between the bank and federal regulators, including the Federal
Reserve and the Treasury Department. They are also investigating Standard
Chartered, a 150-year-old bank based in London with operations across the
globe. As part of the settlement, the bank will install a monitor for at least
2 years to vet money-laundering controls and put in permanent officials who
will audit internal procedures. Source: http://www.nytimes.com/2012/08/15/business/standard-chartered-settles-with-new-york-for-340-million.html?pagewanted=1&_r=2
Information Technology Sector
44. August
15, Help Net Security – (International) Sirefef infections
explode due to new infection technique. The Sirefef/Zaccess family of trojans
— designed to download other malware, disable a machine’s security features,
and often make lasting changes to a computer — is usually distributed to
unsuspecting victims via email spam campaigns. However, its peddlers changed
their strategy recently, and began bundling the malware with codecs, game
installers, and crack/keygen applications, Trend Micro warned. ―During the last
weeks of July, we received reports from customers that their services.exe files
were being patched by an unknown malware,‖ the researchers shared. The patched
file was a component of the Sirefef/Zaccess malware family, and was used to run
the malware’s other malicious components upon reboot. The infection with this
new variant was traced back to the execution of K-Lite Codec Pack.exe, more
than likely downloaded by the users from the Internet to play movies downloaded
via peer-to-peer applications. To preserve the illusion the offered codec is
legitimate and to increase the likelihood of it being used, the file names are
often modified to include the titles of popular movies. According to Trend
Micro numbers, Sirefef/Zaccess infections increased in July, going from 1,000
infected computers on the 1st of the month to more than 11,000 on the 27th. The
majority of infected computers are located in the United States. Source: http://www.net-security.org/malware_news.php?id=2223
45. August
15, Computerworld – (International) Security vendor exposes vulnerabilities in
DDoS rootkit. In what it says is an attempt to turn the tables on malicious
hackers, security vendor Prolexic released details August 14 of vulnerabilities
it discovered in a toolkit family used by hackers to launch distributed
denial-of-service (DDoS) attacks against corporate networks. The disclosure is
designed to give IT security staff information they can use to mitigate attacks
launched using the DDoS toolkit, according to Prolexic. The company’s
vulnerability report specifically details flaws in the command and control
(C&C) component of the Dirt Jumper DDoS toolkit associated with recent DDoS
attacks. The flaws allow ―counter-attackers to obtain access to the Command and
Control (C&C) database backend, and potentially server-side files,‖ the
company noted in a statement. Such counterattacks can result in a total compromise
of the toolkit’s attack capabilities, Prolexic said. ―With this information, it
is possible to access the C&C server and stop the attack,‖ Prolexic’s CEO
said in statement. Source: http://www.computerworld.com/s/article/9230288/Security_vendor_exposes_vulnerabilities_in_DDoS_rootkit
46. August
15, The H – (International) Java SE 7 Update 6 hands OS X support to
Oracle. A Java Runtime Environment for Mac OS X and a free, but not open
source, Linux ARM v6/v7 JDK are the highlights of Oracle’s release of Java SE 7
Update 6. The process of moving the responsibility for keeping Java on Mac OS X
up to date from Apple to Oracle was completed with this release. The new
release brings a Java Runtime Environment (JRE) to the Apple platform supported
by Java’s owners, Oracle. The Mac OS X JRE will also support automatic updating
and will in future be updated at the same time as the Windows version of Java.
As well as the JRE, Java SE 7 Update 6 also has final versions of JavaFX 2.2
rich client platform and JavaFX Scene Builder for Mac OS X. Earlier in 2012, an
estimated half a million users of Mac OS X found themselves infected with
Flashback, malware that infiltrates systems using a vulnerability in Java
already patched on other platforms. Apple’s slow updating of Java was a cause
for concern for some time, but the Flashback incident brought it to the fore.
After taking action to halt Flashback, Apple worked with Oracle to move support
for Java to Oracle, which already maintains the Java software for Windows,
Linux, and some Unix systems. Source: http://www.h-online.com/security/news/item/Java-SE-7-Update-6-hands-OS-X-support-to-Oracle-1667714.html
47. August
14, Computerworld – (International) Kaspersky pleads for crypto help to probe
Gauss malware. August 14, Kaspersky Lab appealed for help from expert
cryptographers to help it break the encryption of a still-mysterious payload
delivered by the Gauss cyber-surveillance malware. While Kaspersky discovered
the payload is delivered via USB flash drives — to close the ―air gap‖ between
the Internet and PCs not connected to the Web — it has been stymied in its
attempts to decrypt the module, which is encrypted with an RC4 key. Kaspersky
noted the decryption key for the payload is generated dynamically by the victimized
PC. ―[That] prevents anyone except the designated target(s) from extracting the
contents of the sections,‖ Kaspersky said. ―The resource section [of the
encrypted payload] is big enough to contain a Stuxnet-like SCADA-targeted
attack code and all the precautions used by the authors indicate that the
target is indeed high profile.‖ Source: http://www.computerworld.com/s/article/9230272/Kaspersky_pleads_for_crypto_help_to...
48. August
14, Infosecurity – (International) Groupon email scam gives victims more than
they bargained for. Commtouch detected a series of recent attacks that
contain emails promising great Groupon ―deals,‖ but deliver malware instead.
The attacks rely on malware attached to the emails that purportedly come from
―friends‖ who want to share great deals, explained the director of product
marketing at Commtouch. The scams are also using LinkedIn ―friends.‖ The
Commtouch director explained these attacks are different from the blended
attacks, which mix email and Web links to spread malware, since they use
attached malware rather than links to drive-by malware. Source: http://www.infosecurity-magazine.com/view/27588/
49. August
14, Threatpost – (International) Adobe patches critical Flash bug, releases
massive Reader update. Adobe issued a fix for a critical Flash
vulnerability that attackers already are taking advantage of with targeted
attacks. The flaw can allow attackers to get complete control of vulnerable
machines, and Adobe said it is aware of attacks targeting Flash on Internet Explorer.
The CVE-2012-1535 vulnerability in Flash, when exploited, either will crash the
app or it could allow the attacker to run arbitrary code on the machine. Adobe
officials are urging users to patch their systems now, especially given the
fact there are attacks targeting the Flash vulnerability. ―There are reports
that the vulnerability is being exploited in the wild in limited targeted
attacks, distributed through a malicious Word document. The exploit targets the
ActiveX version of Flash Player for Internet Explorer on Windows,‖ Adobe said
in its advisory. Google also released a new version of Chrome August 14, which
includes the updated Flash Player. In addition to the patch for Flash, Adobe
also released a huge update for Reader and Acrobat August 14. The update
includes fixes for Reader and Acrobat X on Windows and Mac OS X and patches a
slew of vulnerabilities, including numerous memory corruption vulnerabilities,
stack overflows, buffer overflows, and heap overflows, all of which could allow
remote code execution, Adobe said. Source: http://threatpost.com/en_us/blogs/adobe-patches-critical-flash-bug-releases-massive-reader-update-081412
Communications Sector
50.
August 15, Watertown Daily Times –
(New York) Phone problems plague Wanakena. Verizon customers in
Wanakena, New York, have suffered with the problem of nonworking phones for
years, routinely registering complaints with the State Public Service
Commission. Customers have grown tired of the recurring issue, especially since
Wanakena is in a part of the Adirondacks that does not have cellphone coverage,
the Watertown Daily Times reported August 15. ―I have been without a phone 15
times in the last two months,‖ said the Adirondack Park Agency commissioner.
The outage is often spotty and intermittent. It might last 10 minutes or a day.
One person’s phone may be out while a neighbor’s is working. Reception is often
crackly even when the phones are working. Verizon is aware of the community’s
concerns, a company spokesman said. ―The root cause of the service
interruptions is multiple lightning strikes along the cable route from Star
Lake to Wanakena. The length of the route between the two communities increases
the likelihood of lightning strikes, especially during the summer season,‖ he
said. Source: http://www.watertowndailytimes.com/article/20120815/NEWS05/708159894/-1/NEWS