| |
Cops: Man Stabbed in Chesco Workplace Dispute
Delaware County Daily Times (PA) (11/01/12) Price, Michael N.
A Chester County, Pa., man was arrested Monday after allegedly stabbing a coworker during a workplace dispute outside the mushroom house at which both me work. Police first responded to the home of Roberto Cruz-Ortiz, who they found suffering from potentially life-threatening wounds to his chest, face, and hands. Cruz-Ortiz reported to police that he and his coworker Gilberto Bernal-Reyes had gotten into a fight earlier in the day and that Bernal-Reyes had pulled out a knife and stabbed and slashed him repeatedly. Cruz-Ortiz was transported to a hospital to undergo surgery and police went to the mushroom house where they found Bernal-Reyes, whose clothes had blood stains on them. A witness reported to police that she had seen the two men struggling in the parking lot outside the mushroom house around 8:30 a.m. that morning and had helped to separate them, after which Cruz-Ortiz got into his car and drove off. Bernal-Reyes has been charged with attempted homicide, aggravated assault, and related charges, and is currently in Chester County Prison after failing to post bond.
Audits Show Possible Employee Theft of More Than Half Million Dollars
Mountain Valley News (10/31/12) Collins, Kami
A Colorado district attorney is expected to file criminal charges against the former finance officer of the town of Paonia, Colo., after the conclusion of an investigation suggesting she stole upwards of $600,000 from the town over two years. Kristin Chesnik was placed on administrative leave and then resigned her position in January 2011 after an audit of the town's books carried out by the CPA firm Blair and Associates found $224,583 missing from the 2010 financial records. A subsequent 2011 audit turned up an additional $401,063 in missing funds, which Blair and Associates blamed on employee fraud. Auditor Pete Blair says that his firm believes Chesnik defrauded the town of the entire $625,646, a number he said is in line with that found by a recently concluded investigation by the Colorado Bureau of Investigation.
Microsoft Sued Over Use of Live Tiles in Windows
IDG News Service (MA) (10/31/12) Perez, Juan Carlos
Maine-based SurfCast has filed a patent infringement suit against Microsoft for its use of "live" tile icons in the newly launched Windows 8 operating system. Surfcast argues that the tile system infringes on its 2004 patent titled “System and Method for Simultaneous Display of Multiple Information Sources." The suit seeks an unspecified amount of damages and attorney's fees. Microsoft has responded to the suit, saying it was "confident" it would be able to prove that SurfCast's claims are without merit. The use of live tiles is a key part of the new operating system.
Citing Attacks Directed at Buses, Metro Weighs Service Cuts in Anacostia
Washington Post (10/28/12) Lazo, Luz
Numerous rock-throwing attacks and other incidents of vandalism targeting public buses in southeast Washington, D.C., has prompted the Washington Metropolitan Area Transit Authority to consider cutting night service for its W6 and W8 Metrobus routes. Buses on these routes have been the targets of vandalism, particularly rock and brick-throwing incidents that have broken windows and sent drivers and riders to the hospital. Most recently a driver was hospitalized in September after a rock came through a window of her bus and struck her in the head. Vandalism and rock throwing attacks cost the Metrobus program $41,109.86 in September. While residents in the area are sympathetic to the Metrobus drivers who favor eliminating night service in the dangerous areas, others are frustrated by the seeming refusal of both D.C. police and Metro Transit Police to address the issue. "They have not tried everything. Simple as that," said D.C. Council member Marion Berry, who represents Ward 8, where the affected bus lines are located. Both D.C. and Metro Transit Police accuse the other of not doing anything to address the attacks, which are largely carried out by teenagers who quickly flee the scene and are hard to apprehend.
The ADA and Workplace Drug Testing: What Are an Employer's Rights?
Lexology (10/25/12) Pezzulich, Janet Barringer
Employers should ensure their drug testing policies comply with the Americans With Disabilities Act, which requires that a balance be struck between providing an alcohol- and drug-free workplace and protecting recovering alcoholics and drug addicts from discrimination. The ADA protects employees using prescription drugs related to a disability, provided they can perform the essential tasks of the job with or without a reasonable accommodation. Tests for illegal drugs comply with the ADA so long as the illegal drug use is "current," meaning recent enough for the employer to reasonably believe that there is a continuing problem, and alcohol testing is permitted only if there is reason to believe that the employee is under the influence while at work. The employer's drug testing policy should inform applicants and employees about required testing, such as pre-employment testing for illegal drug use only; how tests are conducted; how confidentiality is maintained; and any disciplinary actions for positive drug tests, refusing to submit to a test, or failing to complete a test.
CIA Takes Heat for Role in Libya
Wall Street Journal (11/02/12) Entous, Adam; Gorman, Siobhan; Coker, Margaret
The CIA is being criticized for its role in the response to the Sept. 11 attack on the U.S. consulate compound in Benghazi, Libya, a facility mostly run by the agency. Congressional investigators probing the attack say that the CIA and the State Department appear to have had a misunderstanding about their roles in securing the consulate and whose real purpose was to gather intelligence about potential terrorist threats in the region. The compound's "annex," as it was referred to by a State Department office in order to conceal its true purpose, was protected by a security force made up of about ten men that the State Department believed was also supposed to provide security to the consulate in the event of an emergency. However, the CIA did not appear to have the same understanding of its role in protecting the consulate as the State Department did. Although an officer working in the consulate did trigger an alarm shortly after the attack began to alert the CIA security team, it took nearly an hour for the force to reach the consulate. The delay was due in part to the fact that the security force needed to obtain heavy weapons before it responded, and because it was attacked as it closed in on the consulate. Congressional investigators say that the large amount of time that it took for the CIA security force to respond to the consulate illustrated the inadequacy of the security arrangement between the agency and the State Department. Critics also contend that the CIA is using secrecy to protect itself from being blamed for any failings in responding to the attack, though officials with ties to the agency deny those charges.
2 Suspects Held in USC Halloween Shooting That Wounded 4
Los Angeles Times (11/01/12) Mather, Kate; Blankenstein, Andrew
Two suspects are in custody after a shooting at a Halloween party on the campus of the University of Southern California that left four people injured Wednesday night. According to police Capt. David Carlisle, the shooting took place at 11:45 p.m. outside the Ronald Tutor Campus Center, where a student organization was hosting a Halloween party attended by more than 100 people. The shooting was reportedly the result of an argument between two men who were not affiliated with the university, one of whom pulled out a gun and opened fire, critically wounding his target and inflicting non-life-threatening injuries on three bystanders. Police apprehended the two suspects, one of whom is believed to be the shooter, a short distance from the campus center. Fifteen minutes after the shooting the university sent out a text message alert warning students of an active shooting and advising them to seek shelter, with an all-clear message sent out two hours later at 2:17 a.m.
U.S., Allies Marshaling African Proxies for Fight Against Terrorism
Los Angeles Times (10/31/12) Williams, Carol J.
Galvanized by the deadly attack by Islamist militants on its mission in Benghazi, Libya, in September, the U.S. is taking a more active role in the effort to organize and coordinate a regional campaign to oust a trio of Islamist groups that have seized control of northern Mali. Secretary of State Hillary Clinton this week met with Algerian President Abdelaziz Bouteflicka to discuss a developing plan that calls for some 6,000 troops from regional neighbors to coordinate with the Malian military in retaking the north. Bouteflicka was hesitant to commit his country to military action, as Algeria has its own problems with Islamist militants including al-Qaida in the Islamic Maghreb. But Clinton reports the Algerian president was amenable to increased policing of Algeria's porous, 1,200 mile border with northern Mali, which could act as an escape route for militants should they be ousted from their strongholds in Mali. Bouteflicka also raised the issues of helping rebuild the Malian government, which was deposed in a coup this spring, and making alliances with the moderate Tuareg rebels that the Islamists turned on after having joined their uprising earlier this year.
U.S. Seeks Algeria Help in Mali
Wall Street Journal (10/30/12) Solomon, Jay; Hinshaw, Drew
Secretary of State Hillary Clinton was in Algeria on Monday drumming up support for an African-led military offensive against the Islamist extremists that have taken over northern Mali and are providing refuge to members of al-Qaida in the Islamic Maghreb (AQIM). AQIM is believed to have been involved in the deadly attack on the American consulate in Benghazi, Libya, last month, and is thought to be using its base in northern Mali to plot attacks against U.S. and European interests. U.S. officials such as Clinton want Algeria's support for the effort, which will be carried out by 3,300 troops from the 15 member nations of the Economic Community of West African States (Ecowas), because its military has a large amount of experience fighting Islamic extremists. Algeria's intelligence and military forces are also seen as being the best in the region, and their involvement in the military effort in Mali could help unify the international community around the cause, U.S. officials said. Clinton was not able to reach an agreement with Algerian President Abdelaziz Bouteflika during her meeting with him on Monday, though she said that talks between Washington and Algiers would continue and that Algeria's concerns about the military operation will be taken into consideration. Algerian diplomats have expressed dismay that members of Ecowas are planning an operation in neighboring Mali without their input.
$213M Security Project Not Working at Nuke Site
Albuquerque Journal (10/29/12) Fleck, John
The National Nuclear Security Administration is threatening to substantially garnish the management fee of the contractor responsible for security at the Los Alamos National Laboratory after a seven-year project to upgrade security at the laboratory's nuclear weapon manufacturing facility failed while running dramatically over budget. The new security system for Los Alamos' Technical Area 55, which manufactures and tests nuclear weapons components, was supposed to come on line next year, but on Oct. 17 the facility reported that the project was between $23 and $25 million over budget and that several serious flaws, including improperly installed fiber optic cables, had been found. Since then the upgrade has been put on indefinite hold. The specifics of the upgraded system are classified, but Los Alamos spokesman Kevin Roark says it included sensors, alarms, and access denial systems. At least some of the cost of the failed upgrade is likely to be borne by Los Alamos National Security, the facility's security contractor, which was slated to receive a $76 million management fee for the 2011-2012 fiscal year.
Data Security Breach Expands to 657K SC Businesses
The State (SC) (11/01/12) Shain, Andrew
The data security breach that took place at the South Carolina Department of Revenue in August and September is now believed to have affected businesses as well as millions of state residents. State officials had previously said that they did not think that business records had been exposed. But Mandiant, a consultant that had been hired by the Department of Revenue, found Tuesday that the tax records of as many as 657,000 South Carolina businesses may have been compromised in the breach. Nearly all of those records, as well as almost all of the tax information of up to 3.6 million people that is also thought to have been compromised, was unencrypted when Russian hackers used state-approved credentials to break into the Department of Revenue's systems beginning in August. The state has since begun encrypting tax data. In addition to tax records, the hackers also are believed to have stolen 387,000 credit card numbers from the Department of Commerce—most of which were also unencrypted. Credit monitoring services are being offered to the businesses and consumers affected by the breach.
Security Research Labels More Than 290,000 Google Play Android Apps as 'High-Risk'
Computerworld (11/01/12) Messmer, Ellen
Twenty-five percent of more than 400,000 Android apps studied in the Google Play store pose security risks to mobile-device users, according to new research from security vendor Bit9. The vendor classifies these Android apps as questionable or suspicious because they could gain access to personal data to collect GPS information, phone calls, or phone numbers and much more after the user gave the app "permission." Bit9 says while this does not mean that the apps are malware per se, they could wreak havoc if compromised because the user has given so much permission. Google Play is believed to contain about 600,000 apps, and Bit9 CTO Harry Sverdlove says his company is compiling a "reputation" database of Android apps, and also will move on to other app stores such as those run by Apple and Amazon in order to create mobile security solutions that can shield users based on risk-scoring of apps.
Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures
Forbes (10/31/12) Greenberg, Andy
On Oct. 30, less than a week after the official launch of Windows 8, the French IT security firm Vupen claimed on Twitter that it had successfully developed a zero-day exploit for the new operating system. The improved security features of Windows 8, which include default anti-virus, Unified Extensible Firmware Interface (UEFI) firmware, secure boot procedures, and improvements to the Internet Explorer 10 browser, had been lauded by many in the security community ahead of the operating system's release. But Vupen says that Internet Explorer 10 has a vulnerability that could allow an attacker to take over a machine running Windows 8. While Vupen has not revealed the details of the new exploit to Microsoft, few doubt the veracity of the company's claims, with Qualys CTO Wolfgang Kandek saying of the team, "they're very bright people, and they're very good at finding a piece of software's weaknesses." Vupen, which develops software techniques and security software which it sells to NATO governments and their partners, is one of a growing number of firms that develops zero-day exploits for sale, a controversial practice that was decried by the Electronic Frontier Foundation this March. Other firms that develop zero-day exploits include Netragard and Endgame, as well as U.S. defense contractors Northrop Grumman and Raytheon.
Insecure Industrial Control Systems, Hacker Trends Prompt Federal Warnings
CSO Online (10/30/12) Gonsalves, Anthone
The exposure of vulnerabilities in industrial control systems combined with troubling trends in the hacker underground have led the U.S. Department of Homeland Security (DHS) to issue a warning about the increased security risk to the control systems used by power utilities, water treatment plants, and manufacturing companies. One of the vulnerabilities that was recently discovered by researchers with the security vendor Digital Bond exists in Smart Software Solutions' CoDeSys product, which is used in programmable logic controllers (PLCs). The vulnerability allows anyone to upload code without authentication. The fact that the software was designed without authentication indicates that the vendor was aware of the vulnerability, said Digital Bond Chief Executive Dale Peterson. Digital Bond and researchers from other organizations have begun a research effort called Project Basecamp, dedicated to exposing security weaknesses in ICS devices to push manufacturers into fixing the problems. These systems were often designed with no internal security, a flaw known as insecure-by-design, a trend that has continued and produced many vulnerable PLCs. These vulnerabilities have earned more attention as interest in PLCs has grown among hacktivists and anarchist groups, with the DHS reporting that several new exploit tools released in February targeted PLCs from several utilities and made it possible for vulnerabilities to be used to crash or restart devices. According to the DHS, these trends have increased the danger of hacktivist-led attacks against critical infrastructure, noting that it is unclear whether disclosing weaknesses makes the systems less secure. Supporters believe exposing weaknesses will force vendors to fix problems more rapidly, particularly the ones hackers know already exist. Until fixes are released for vulnerabilities, the DHS has advised all affected systems to be removed from any network connected to the internet. As there are currently no laws governing security in industrial control systems, it is incumbent on companies to decide how to lock down the systems to protect vulnerabilities from exploitation.
Perpetrators of Cyber Attacks on Banks Will Most Likely Be Caught, Investigator Says
American Banker (10/29/12) Crosman, Penny
The members of the Izz ad-Din al Qassam Cyber Fighters Group, a hacktivist organization claiming to be behind a recent campaign of distributed denial-of-service (DDoS) attacks targeting major U.S. banks, declared last week that they would suspend their "Operation Ababil" over the four-day Eid al-Adha holiday this past weekend. However, Verizon risk team Director A. Bryan Sartin says they will almost certainly be back. Sartin and his team have been tracking the Cyber Fighters, which he believes represent a new breed of hacktivist group: one with a more coherent and stable membership and greater ideological and political cohesion than the loose collective Anonymous. However, they are less concerned about hiding their activities, leading Sartin to assert that it is likely that at least some of the Cyber Fighters will eventually be identified and brought to justice. "DDoS attacks are noisy, obvious, blatant things, so it's easy to see where the attacks are coming from ... to vector in on who's controlling those attacking systems," says Sartin. However, Sartin also cautions that it is likely that "Operation Ababil" could morph into a more insidious data theft or cyber espionage scheme, and warns U.S. banks to invest in improved IT security, especially incident detection systems and cyber intelligence resources.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment