| |
Security Director Admits to Aiding New Brunswick Thefts
New Brunswick Patch (07/05/13) Saccenti, John
Lawrence Sorbino, a former security director for the New Brunswick (N.J.) Parking Authority, pleaded guilty to charges of official misconduct on Wednesday for helping two people steal cash from payments made at two city paring decks. After pleading guilty, Sorbino told the court that he regularly took bribes totaling more than $3,000 from two co-defendants, Emil Hanna and Emad Naguib, to keep quiet and let them continue stealing. According to the prosecutor's office, Hanna and Naguib were convicted on Jan. 28 of official misconduct, a conviction that was later dismissed. Around three years ago, Sorbino, Hanna and Naguib were among seven parking authority employees charged with theft as part of an investigation into the theft of more than $100,000 in parking fees between July 2007 and June 2010. Sorbino entered his guilty plea as part of a plea agreement reached with Middlesex County Acting Assistant Prosecutor Douglas Herring. Under the plea agreement, Sorbino will be sentenced to serve up to five years in a New Jersey state prison with no chance of parole for two years. Sentencing is expected to occur on Sept. 30.
Man Arrested in Beach Hotel Theft Admits to 13 More
Miami Herald (07/05/13) Bu Shra, Shadi
Dequan Johnson was arrested on July 4 by Miami Beach Police in connection with a burglary at the Miami Beach Resort and Spa Hotel in early June where $20,000 in cash, jewelry, and electronics were stolen. The Miami Beach Police caught a break in that case when they found hotel security camera footage of the suspect leaving the building. After his arrest and the reading of his Miranda rights, Miami Beach Police found that Johnson was wanted by six other police departments for 14 similar burglaries committed in Miami Beach alone. Johnson admitted to being involved in those burglaries. In the 14 affidavits detailing the confessions, the burglaries Johnson admitted to all followed a similar pattern: he would approach a maid or housekeeper who was working in a guest's room, flash a key card and claim that he was either staying in the room or the guests were his relatives. After the maid or housekeeper left, Johnson would then allegedly steal valuable items from the room. He has been charged with 11 counts of burglary and 12 counts of grand theft.
Former Tiffany Official Charged With $1.3 Million Jewelry Theft
Wall Street Journal (07/03/13) Bray, Caad
Ingrid Lederhaas-Okun, a former vice president of product development at Tiffany & Co., was arrested on July 2 and charged with stealing more than $1.3 million of jewelry from her former employer. Prosecutors claim that Lederhaas-Okun checked out more than 165 pieces of jewelry between November 2012 and February 2013 and sold some, if not all, of the stolen pieces to an international jewelry reseller. The thefts were discovered in February after Tiffany terminated Lederhaas-Okun's employment as part of company downsizing. When questioned about why she had not returned the dozens of pieces of jewelry she had checked out, all valued at less than $10,000, prosecutors say that Lederhaas-Okun provided inconsistent reasons for her actions. Lederhaas-Okun faces charges of wire fraud, for which she faces up to 20 years in prison, and interstate transportation of stolen property. Lederhaas-Okun did not enter a plea and was released on a $250,000 personal recognizance bond following a brief court hearing.
Miami Man Pleads Guilty in $90 Million Enfield Pharmaceutical Theft
Courant.com (07/01/13) Owens, David
Amed Villa, who was arrested on May 3 on federal theft and conspiracy charges, has pleaded guilty in federal court to conspiracy to commit theft from an interstate shipment and to two counts of theft from interstate shipments. Villa faces up to 25 years in prison for his participation in the January 2010 theft of $8 million worth of cigarettes and a cargo trailer from East Peoria, Ill., and the March 2010 theft of about $90 million in drugs from an Eli Lilly warehouse located in Enfield, Conn. Villa and others bypassed the security systems of the buildings in both thefts. In the March 2010 theft from Eli Lilly's warehouse, the thieves gained access by scaling a wall, cutting through the roof, and dropping in with ropes. Once inside forklifts were used to load around 53 pallets of drugs onto a trailer truck. The stolen drugs were recovered in 2012 in a storage facility in Florida. According to federal authorities, the break in the case came from DNA left behind on a water bottle used by Amed Villa. Villa's younger brother Amaury Villa was also arrested in connection with the theft on May 3. Federal authorities have said that a group associated with the brothers was responsible for thefts of truckloads of pharmaceuticals from truck stops in Ohio, Pennsylvania, and Tennessee, and from a drug company warehouse in Virginia.
U.S. Looks to Blunt Corporate Espionage by Chinese Firms
Wall Street Journal (07/01/13) Ma, Wayne
Benjamin Bai, a partner at Allen & Overy in Shanghai, commented that a recent law strengthening the U.S. Economic Espionage Act is likely to encourage U.S. companies to file criminal charges against Chinese companies that steal their intellectual property. The amendment was signed in December, and gives prosecutors the ability to seek charges against those who steal the trade secrets of products and services. In the latest case of alleged intellectual property theft by a Chinese company, U.S. prosecutors accused Sinovel Wind Group of stealing trade secrets from American Superconductor in the form of the source codes for the software that is used to control the Massachusetts-based engineering company's wind turbines. Sinovel then allegedly shipped four turbines equipped with the code to customers in the U.S. A growing amount of attention has been paid to the issue of intellectual property theft following recent reports that U.S. companies are being hacked by groups that allegedly have connections with the Chinese government. James Zimmerman, the managing partner of the law firm Sheppard Mullin Richter & Hampton in Beijing and a former chairman of the American Chamber of Commerce in China, suggested that the case against Sinovel "is indicative that American companies and the U.S. government are fed up, and can and should pursue all available legal remedies, including criminal sanctions, to put an end to trade-secret theft."
US Sends Government Arrest Warrant for Snowden
Irish Times (Ireland) (07/05/13) Lally, Conor
U.S. officials on July 4 submitted a provisional arrest warrant for Edward Snowden to the Irish government. Snowden is still in the transit zone of the Moscow airport, though U.S. officials apparently believe that he may attempt to leave the airport on an Aeroflot flight to Cuba that would stop in Ireland for refueling. Should Snowden make such a trip, he would be arrested in Ireland under the provisional arrest warrant and could be put in jail for as long as 18 days. The U.S. government, meanwhile, would then begin extradition proceedings to bring Snowden back to the U.S. Snowden could also apply for asylum in Ireland during that time. Ireland is one of the countries where Snowden has sought asylum, though he cannot formally apply for asylum in Ireland until he is physically present there. However, some officials believe that Snowden is unlikely to travel to Cuba via Ireland now that a warrant has been issued for his arrest. Meanwhile, Russian President Vladimir Putin is still refusing to turn Snowden over to U.S. authorities. As a result, security sources believe that Snowden is likely to remain at the Moscow airport for some time.
Canadian Police Foil Alleged Terrorism Attempt
USA Today (07/02/13) Eversley, Melanie
Canadian police arrested a man and woman on Monday for allegedly planning a terrorist attack on July 1, Canada Day. John Nuttall and Amanda Korody were reportedly planning to place bombs at British Columbia's provincial legislature during Canada Day celebrations there, which typically attract thousands of people. The duo, who were reportedly inspired by al-Qaida, have been under surveillance by the Royal Canadian Mounted Police since February. The explosive devices they planned to use were built using pressure cookers, similar to those used in the attack by the Boston Marathon bombers. However, authorities in Canada do not believe that there is a link between the Canada Day plot and the Boston Marathon bombings. The suspects also are believed to be working alone, having been radicalized after Nuttall converted to Islam several years ago. They have been charged with conspiracy, facilitating a terrorist activity, and making an explosive device. Police say that the public was never in any danger, as the pressure cooker bombs that the suspects allegedly planned to use were under police control and were inert.
Snowden Withdraws Request for Asylum in Russia
Washington Post (07/02/13) Lally, Kathy
A spokesman for Russian President Vladimir Putin said Tuesday that Edward Snowden has withdrawn his request for political asylum in Russia. Snowden, who is still believed to be inside the transit zone at Moscow's Sheremetyevo International Airport, made the request on Sunday at the Russian consular office inside the airport. The request was passed along to the Russian Foreign Ministry and to Putin, who said that Snowden would be required to stop engaging in any activity that damaged the United States before he could be granted asylum. Snowden subsequently dropped his request for asylum, apparently because he was unwilling to go along with that requirement. Snowden's fate is still unclear, as Russia continues to refuse to extradite him to the U.S. Putin's spokesman said that it would be "impossible" for Russia to extradite someone to a country like the U.S. that uses the death penalty, though the crimes for which Snowden is accused are not punishable by death. Snowden has made as many as 20 asylum requests through the Russian consulate at the airport, including one to Venezuela. That has raised the possibility that Snowden could be flown out of Moscow on board the official airplane of Venezuelan President Nicolas Maduro, who was in the Russian capital on Monday. Maduro has defended Snowden's actions but would not say whether he would fly him back to Venezuela.
On Defense for Reportedly Bugging EU Offices, US Says it Gathers Same Threat Data as Allies
Associated Press (NY) (07/01/13)
The German newsweekly Der Spiegel published a report on Sunday describing U.S. spying programs that target the offices of European Union officials. The report, which cited classified documents believed to have been taken by Edward Snowden, noted that the National Security Agency (NSA) planted listening devices in the European Union's diplomatic offices in Washington and also hacked into the building's computer network. NSA also reportedly used secure facilities at NATO headquarters in Brussels to dial into telephone maintenance systems, thereby allowing it to intercept phone calls and Internet traffic of senior European Union officials working at a nearby office. Britain's Guardian newspaper, meanwhile, published a similar report on Sunday, noting that the NSA targeted not only the embassies and missions of European countries but also those of Mexico, South Korea, and India, among others. The reports have outraged European Union officials, with Green Party leaders in the E.U. Parliament calling for an immediate investigation as well as the cancellation of existing agreements with the U.S. to exchange bank transfer and passenger record information. U.S. officials have defended the spying efforts by saying that other countries collect the same kinds of intelligence as well. U.S. intelligence officials are planning to meet with E.U. officials to discuss the matter.
Assange: More Revelations Coming
Wall Street Journal (06/30/13) Bravin, Jess
WikiLeaks leader Julian Assange said Sunday that the publication of information regarding U.S. surveillance programs would continue, no matter what happens to former National Security agency contractor Edward Snowden. Speaking from the Ecuadorian Embassy in London where he has taken asylum, Assange said that "Great care has been taken to make sure that Mr. Snowden can't be pressured by any state to stop the publication process." Snowden, who is reportedly hiding in an airport transit lounge in Moscow, is attempting to find safe harbor in another country, though the U.S. is actively working to prevent him from doing so. Ecuador's president, who granted asylum to Assange, has said his government would consider approving an asylum request from Snowden if he is able to reach Ecuador itself or one of the country's embassies. Secretary of State John Kerry has said "people may die" now that terrorists can see more clearly how American intelligence collects data, though Assange dismissed that assertion, saying "We have heard this rhetoric" before, "And it all proved to be false."
New Gaping Security Holes Found Exposing Servers
Dark Reading (07/02/13) Higgins, Kelly Jackson
Security researchers Dan Farmer and HD Moore, the creator of Metasploit, recently announced their discovery that the widely deployed Intelligent Platform Management Interface (IPMI) out-of-band management protocol and the Baseboard Management Controllers (BMCs) packaged with most servers feature six vulnerabilities that could enable attackers "equivalent to physical access." The six flaws all spring from some variant of default backdoor access built in by vendors for ease of access and use that have been left open to the Internet. "By definition, the technology is pretty much broken," says Moore, adding that, "there's no such thing as an IPMI secure device." The vulnerabilities allow attackers enormous access and privileges, such as booting single-user mode, accessing BIOS settings and the physical display, viewing and copying unencrypted data, launching denial-of-service attacks, and sniffing credentials, to name just a few. Moore says that his scans of the Internet have turned up more than 100,000 servers and workstations vulnerable to one or more of these flaws, which of which many systems administrators are completely unaware. Moore and Farmer suggest scanning Internet-facing systems to ensure that they do not include any IPMI-enabled BMCs, as well as disabling the Cipher 0 encryption method in IPMI version 2.0, setting up strong passwords, and updating BMC firmware.
Companies Lack Real-Time Breach-Detection Capabilities: Survey
eWeek (07/02/13) Roos, Gina
Fewer than 60 percent of security professionals employ any type of automated security strategies for detecting data breaches, such as real-time alerts or daily/weekly reporting, according to a new survey from Varonis. The survey found that 24 percent of the nearly 250 security professionals polled did not have any automation technologies to detect breaches by monitoring for privilege escalations, suspicious data access, file access changes, or unusual email event activity. Researchers said they were surprised to find that just 6 percent of survey respondents could monitor for these events in real time. The study also found that just 28 percent of respondents have the capability to spot suspicious access to data. Varonis vice president David Gibson points out that while attacks cannot always be prevented, companies need to be able to detect what they do not prevent. And because security breaches are certain to happen, Gibson says it makes sense to have a Plan B, or strategy for mitigating liabilities, along with preventive controls such as authentication, access control lists, and firewalls.
Vulnerabilities Found in Code Library Used by Encrypted Phone Call Apps
IDG News Service (07/01/13) Constantin, Lucian
ZRTPCPP, an open source library used by multiple apps that offer end-to-end encrypted phone calls, contains three flaws that could have enabled arbitrary code execution and denial-of-service attacks, Azimuth Security researchers report. ZRTPCPP is a C++ implementation of the ZRTP cryptographic key agreement protocol for voice over IP communications designed by PGP creator Phil Zimmermann. Azimuth Security co-founder Mark Dowd says the flaws in ZRTPCPP were found while evaluating the security of some of the products that offer encrypted phone call capabilities. One weakness involves a buffer overflow in the ZRtp::storeMsgTemp() function. Dowd says if an attacker sends a packet larger than 1,024 bytes that gets stored temporarily, a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host. Dowd also says patches for this and the other two flaws have been added to ZRTPCPP's code repository on Github and that Silent Circle has updated its own apps on Google Play and Apple's App Store with fixes.
Critical Vulnerabilities Found in Single Sign-On Enterprise Tool Atlassian Crowd
IDG News Service (07/01/13) Constantin, Lucian
Command Five has published a security advisory warning of critical vulnerabilities in Australian software developer Atlassian's enterprise single-sign on and identity management tool, Crowd. Atlassian says Crowd is used by some 1,000 organizations in 55 countries, with users ranging from car manufacturers and government agencies to universities and Internet service providers. According to Command Five, the vulnerabilities include a variation of a vulnerability in Crowd's parsing of XML entities in Document Type Definition headers that was patched last year. That patch was incomplete and left the vulnerability still exploitable, but it has been fixed in the latest version of Crowd, which was released on June 24. Command Five also points to another vulnerability, a backdoor that allows attackers to at the very least escalate unauthorized network access, and at worst to gain complete control over the Crowd client. Atlassian acknowledged patching the first vulnerability, but says it has not yet been able to confirm the existence of the backdoor vulnerability, noting that Command Five has not yet contacted them.
Pair of PC Viruses Help Each Other Survive
BBC News (07/01/13)
Microsoft researcher Hyun Choi disclosed the discovery that a pair of malware, Vobfus and Beebone, have been acting together in a novel way to defeat detection and removal. Vobfus is usually the first of the malware to infect a system, using a number of vectors from compromised hyperlinks on websites to infected USB drives. Once in the system, Vobfus can aggressively spread through networks and engage in data exfiltration, but it also downloads a copy of Beebone, which enrolls the infected PC in a spam botnet. The two malware then work together, downloading and installing the latest version of the other, making them very difficult to root out. Even if a version of one or the other malware is detected and removed by antivirus software, if the other remains on the system it will just download and install the latest, and likely as yet undetected, version of its compatriot. Choi notes that Vobfus has been a known problem since 2009, but the way that it interacts with Beebone has only recently come to light. Choi says combating the malware can be difficult, and advises taking basic precautions such as keeping security software up to date, disabling autorun, and observing careful Web browsing habits.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment