Friday, June 20, 2014

Security Management Weekly - June 20, 2014

header

  Learn more! ->   sm professional  

June 20, 2014
 
 
Corporate Security
Sponsored By:
  1. "PG&E Will Begin Metcalf Substation Security Upgrades This Year" Pacific Gas & Electric
  2. "'Embarrassed' FIFA Vows Tighter Security After Rio Breach" World Cup
  3. "Ukraine Suspects Terrorism in Pipeline Explosion"
  4. "Meet Bob, Britain's First Robotic Security Guard"
  5. "Doctor's Sex Assault Case Spurs Talk of Background Checks" Maryland

Homeland Security
Sponsored By:
  1. "Trial Secondary as U.S. Questions a Libyan Suspect"
  2. "Sunni Extremists in Iraq Occupy Hussein's Chemical Weapons Facility"
  3. "U.S. Captures Benghazi Suspect in Secret Raid"
  4. "Terrorism Experts Warn: Leader of ISIS has his Eyes on New York City" Islamic State in Iraq and Syria
  5. "Will ISIS Plan a 9/11-Style Terror Plot Against the U.S.?"

Cyber Security
Sponsored By:
  1. "Maliciously Crafted Files Can Disable Microsoft's Antimalware Products"
  2. "Columbia Engineering Team Finds Thousands of Secret Keys in Android Apps"
  3. "First Major Mobile Banking Security Threat Hits the U.S."
  4. "Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking"
  5. "Dyreza Banker Trojan Seen Bypassing SSl" Secure Socket Layer

   

 
 
 

 


PG&E Will Begin Metcalf Substation Security Upgrades This Year
Contra Costa Times (06/19/14) Avalos, George

The California electricity provider PG&E said June 18 that it plans to spend $100 million over the next three years on security improvements at an unspecified number of substations. Ken Wells, the utility's senior director of substations, said that the upgrades were prompted by the sniper attack on the Metcalf substation facility in April 2013, and added that upgrades at some substations have already been completed. The Metcalf facility is among those that will receive additional security, though PG&E has not said which of its other substations will be receiving improvements. The utility did say that the upgrades will include opaque fences, new security cameras, and improved lighting. The work at the Metcalf facility will begin before the end of the year. Meanwhile, the California Public Utilities Commission (PUC) and the Federal Energy Regulatory Commission are looking into security improvements for the power grid. On the legislative front, California state Sen. Jerry Hill has introduced SB 699, which would require the PUC to create security standards for the state's electricity system.


'Embarrassed' FIFA Vows Tighter Security After Rio Breach
Agence France-Presse (06/19/14)

FIFA Security Director Ralf Mutschke said Thursday that security will be tightened at the 12 World Cup venues in Brazil in response to an incident on June 18 in which dozens of Chilean fans were able to gate-crash Maracana Stadium. He commented that the ticketless fans had managed to shatter a door leading into the stadium's media center and tried to make it to the pitch before being halted by security guards. The Chilean consul said that 90 fans were arrested after the incident. This was the second time in which fans tried to crash the gates at the stadium. Mutschke said that additional security measures have been discussed by World Cup organizers and will be implemented in order to prevent similar incidents from taking place in the future. Hilario Medeiros, the head of security for the local World Cup organizing committee, said the problems at Maracana Stadium were "operational" in nature and not the result of an inadequate number of security personnel or issues with physical security barriers.


Ukraine Suspects Terrorism in Pipeline Explosion
New York Times (NY) (06/18/14) Herszenhorn, David M.

An explosion on Tuesday that damaged a section of a major natural gas pipeline in central Ukraine is believed to have been the result of a terrorist attack. The Ukrainian state-operated pipeline company Ukrtransgaz said that the fire had been brought under control and the damage to the pipeline contained about an hour after the explosion occurred. The company noted that it was able to manage the situation in such a short amount of time due to the pipeline system's design features and to its "adherence to response protocols." Further, the company said that natural gas deliveries were not interrupted due to the explosion, as supplies going to Ukrainian customers and other European countries were traveling through different pipes. The explosion occurred only a day after the Russian energy company Gazprom announced that it would be cutting off natural gas supplies to Ukraine due to a dispute regarding pricing. The pipeline where the explosion took place runs from northern Russia through Ukraine before terminating in Slovakia. Ukrainian Interior Minister Arsen Avakov, commented that his agency is conducting an investigation into the incident.


Meet Bob, Britain's First Robotic Security Guard
Daily Mail (United Kingdom) (06/16/14) Zolfagharifard, Ellie

Bob, the first robotic security guard in the United Kingdom, is helping G4S to help secure its headquarters in Gloucestershire. When the metal minder spots something out of place, he stores the information on his internal hard-drive and quickly reports it to his human counterparts. The machine is part of a £7.2 million ($12.2 million) robot pilot project by the University of Birmingham to get robots in offices around the world. "Bob is not about replacing our security officers; the security officers are at the point of use," says G4S spokesman Stewart Angell. "They are able to make incisive, very, very quick decisions about changes in the environment. Bob is a complimentary activity that can do guard tours over a period of time overnight or during the day, but also pick up on some of the low level activities that the guard doesn't necessary need to be involved in."


Doctor's Sex Assault Case Spurs Talk of Background Checks
Baltimore Sun (06/14/14) Dance, Scott

Maryland lawmakers are expected to consider a bill during the next legislative session that would require physicians to undergo criminal background checks before being licensed. The push for criminal background checks comes after it was discovered that Dr. William Dando was able to obtain a medical license despite a rape conviction on his record. The Catonsville, Md. doctor is currently on trial over allegations that he sexually assaulted a patient in April. Maryland is currently one of only 13 states that do not require background checks on physicians. The most recent legislative push to require background checks, led by Del. Barbara Robinson, came in 2013, but that bill was derailed over whether to use the word "may" or "shall" in the language requiring background checks. Robinson says she plans to submit a similar bill during the next General Assembly session. The Maryland Board of Physicians is expected to release a legislative proposal following meetings this summer.




Trial Secondary as U.S. Questions a Libyan Suspect
New York Times (06/20/14) Schmidt, Michael S.; Apuzzo, Matt; Schmitt, Eric; et al.

The case of Ahmed Abu Khattala, the Libyan man who was recently captured for allegedly being behind the 2012 attack on the U.S. diplomatic outpost in Benghazi, poses a test of the Obama administration's strategy of trying to collect intelligence from terrorist suspects before attempting to prosecute them in civilian court. The strategy marks a departure from the Bush administration, which focused on creating a network of secret CIA prisons and prosecuting suspects in military tribunals because it did not believe that intelligence could be successfully collected from terrorist suspects facing criminal prosecution. In addition, the Bush administration relegated the FBI to a small law enforcement role in the fight against terrorism--a role that has since been expanded under President Obama. FBI interrogators began questioning Abu Khattala on Monday to glean information about his knowledge of past and future terrorist plots, the Islamic militia he led until his capture, and the security situation in Libya. Although the Obama administration plans to prosecute Abu Khattala in civilian court, the FBI is focusing more heavily on collecting intelligence from him rather than seeking admissible evidence. Because Abu Khattala was not presented to a magistrate judge within 48 hours of his arrest as required under law, his statements to interrogators could be suppressed by a judge, though one expert says prosecutors could successfully argue against such a suppression of Abu Khattala's statements.


Sunni Extremists in Iraq Occupy Hussein's Chemical Weapons Facility
Wall Street Journal (06/19/14) Barnes, Julian E.

U.S. State Department officials report that members of the Islamic State of Iraq and al-Sham (ISIS) have occupied a chemical-weapons manufacturing facility from the reign of Saddam Hussein which still contains old weapons. However, the officials say that it is unlikely the militant group will be able to use the weapons, as they are old, contaminated, and difficult to transport. "We remain concerned about the seizure of any military site" by ISIS, said Jen Psaki, a State Department spokeswoman. "We do not believe that the complex contains CW [chemical weapon] materials of military value and it would be very difficult, if not impossible, to safely move the materials." According to the Iraq Study Group, weapons produced at the facility included sarin, mustard gas, and the nerve agent VX. However, chemical stocks at the facility were supposedly dismantled, rendered militarily useless, and sealed in bunkers. ISIS has yet to gain access to those bunkers, intelligence sources say.


U.S. Captures Benghazi Suspect in Secret Raid
Washington Post (06/18/14) DeYoung, Karen; Goldman, Adam ; Tate, Julie

The U.S. Army's Delta Force and the FBI carried out a joint operation on June 15 near Benghazi, Libya, that resulted in the capture of Ahmed Abu Khattala, a senior leader of the terrorist group Ansar al-Sharia and the alleged mastermind of the 2012 attack against the U.S. diplomatic outpost in Benghazi. The operation, which had been in the works for months before it was approved by President Obama on June 13, did not result in any American casualties and was carried out without the approval of the Libyan government. The Obama administration was reportedly preparing to capture Abu Khattala last October but postponed those plans due to the violent reaction to a raid in Tripoli that month that resulted in the capture of a suspect in the 1998 U.S. Embassy bombings. Abu Khattala is the first of the suspects in the Benghazi attack to be captured. He is currently being debriefed in an effort to obtain intelligence and is being transported to the U.S. to face trial in federal court in Washington, D.C. Officials have not said where Abu Khattala will be held, though the administration has ruled out sending terrorist suspects to Guantanamo Bay. Abu Khattala could be detained in a jail run by the District of Columbia, since other high-profile terrorism suspects awaiting trial have been held there in the past. Abu Khattala, who has said that he was not at the Benghazi compound until the attack was almost over, could face the death penalty if convicted on some of the felony charges against him.


Terrorism Experts Warn: Leader of ISIS has his Eyes on New York City
CBS News (06/17/14)

Security experts warn that Abu Bakr al-Baghdadi, leader of the Islamic State in Iraq and Syria (ISIS), is interested in launching terrorist attacks on New York City. After being released from an American detention camp in 2009, Al-Baghdadi reportedly said "I'll see you guys in New York." The threat is being taken seriously by New York City Mayor Bill de Blasio, the FBI, and the New York Police Department. Former FBI agent Manny Gomez agreed that al-Baghdadi's threats should be taken seriously. "This guy’s on the move," he said. "He’s only gaining strength. He’s gaining more resources — vis-à-vis weaponry, intelligence backing. His numbers are growing. His financial strength is growing. Success breeds success and this guy, unfortunately for us, has been very successful." The U.S. government may be considering carrying out a drone strike against al-Baghdadi, though he will have to be located first. In the meantime, the FBI and the NYPD are expected to question informants both in the United States and abroad to see if they can discover more specifics about al-Baghdadi's plans.


Will ISIS Plan a 9/11-Style Terror Plot Against the U.S.?
CBS News (06/16/14) Kaplan, Rebecca

Republican lawmakers have warned that the next 9/11-style terror plot against the U.S. could come from the Islamic State of Iraq and Syria (ISIS), an extremist group that has captured the cities of Tikrit and Mosul and is threatening to take control of Baghdad as well. Though experts have expressed concern over the rapidly growing group's increasing power and reach, it is not clear when the group may pose a threat to the U.S. Former Acting CIA Director Michael Morell has predicted that it will be at least a year before ISIS might pose a serious threat to the U.S. However, he noted that the threat posed by the group could increase if the U.S. were to offer highly-visible assistance to Iraqi Prime Minister Nouri al-Maliki. Morell said that ISIS is principally targeting the Iraqi government at the moment. However, national security analyst Juan Zarate has warned that senior al-Qaida figures who traveled to Syria could influence ISIS and could be attempting to get the group to focus its attention on the West. While Zarate noted that the U.S. is better able to deal with the threat of a terror attack than it was before 9/11, the country is "in some ways, blind to a lot of the threats that may be emerging and unable to impact the momentum that some of these extremist groups have."




Maliciously Crafted Files Can Disable Microsoft's Antimalware Products
IDG News Service (06/18/14) Constantin, Lucian

Microsoft has corrected a vulnerability in its PC and server security tools that could leave computers unprotected from malware if successfully exploited. The vulnerability exists in the Microsoft Malware Protection Engine, which is used by tools such as Microsoft Forefront Client Security, Microsoft System Center 2012 Endpoint Protection, and Windows Defender. Microsoft noted an attacker could exploit this vulnerability on a PC by placing a specially-crafted file on a victim's machine, either by sending the file to a user via email or instant messaging or by using a website the victim visits. The vulnerability could be exploited on servers used to host websites that accept user-supplied content by uploading the file through such a site, Microsoft says. If the Microsoft Malware Protection Engine scans such a file, it will stop scanning the machine for security threats until the file is deleted and the malware protection tool is restarted. It remains unclear how an attacker would create the malicious file that prevents the Microsoft Malware Protection Engine from working, though the researcher who discovered the vulnerability says the problem lies in Windows Defender's JavaScript Interpreter. Users and network administrators are being urged to protect themselves by applying the patch that Microsoft released on June 17.


Columbia Engineering Team Finds Thousands of Secret Keys in Android Apps
Columbia University (06/18/14) Evarts, Holly

Columbia University researchers, in a paper that won the Ken Sevcik Outstanding Student Paper Award at the ACM SIGMETRICS conference on June 18, have discovered a security problem in Google Play. "Given the huge popularity of Google Play and the potential risks to millions of users, we thought it was important to take a close look at Google Play content," says Columbia professor and paper co-author Jason Nieh. The researchers developed PlayDrone, a toll that uses various hacking techniques to bypass Google security to download Google Play apps and recover their sources. The researchers used PlayDrone to discover developers often store their secret keys in their apps software, and these can be used by hackers to maliciously steal user data or resources from service providers. "Google is now using our techniques to proactively scan apps for these problems to prevent this from happening again in the future," says Columbia Ph.D. student and paper co-author Nicolas Viennot. He notes developers already are receiving notifications from Google to fix their apps and remove the secret keys. "Our work makes it possible to analyze Android apps at large scale in new ways, and we expect that PlayDrone will be a useful tool to better understand Android apps and improve the quality of application content in Google Play," Nieh says.


First Major Mobile Banking Security Threat Hits the U.S.
Bank Technology News (06/16/14) Crosman, Penny

Kaspersky Lab says the Svpeng malware targeting mobile devices, first seen in Russia, has now emerged in the United States. Once the malware enters a mobile device, it looks for mobile banking apps from USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T, and Regions Bank. It then locks the phone, displays a fake FBI penalty notification letter, and demands $200 in Green Dot MoneyPak cards to unlock it. Avivah Litan, vice president of Gartner, calls the matter "troubling" because banks "cannot cleanse their customers' smartphones and have no control over this type of Trojan. ... Even securing mobile bank applications and strengthening authentication processes for mobile users won't stop this type of Trojan from operating." Researchers at Kaspersky Lab say it is just a matter of time before the malware steals mobile and online banking credentials, and it also has the potential to encrypt files stored on the device and demand money to unencrypt them. Experts say banks need to monitor transactions for signs of account takeover activity and take steps to prevent criminals from accessing or raiding accounts. Moreover, banks need to do more to educate consumers about malware targeting mobile devices.


Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking
IDG News Service (06/16/14) Constantin, Lucian

Malicious hackers could potentially exploit a new vulnerability in OpenSSL to decrypt and modify traffic to and from some of the most popular websites, according to experts. The vulnerability, known as CVE-2014-0224, can be exploited through a man-in-the-middle attack in which an attacker intercepts traffic between a client that uses OpenSSL and a server that uses a version of the crypto library from the 1.0.1 branch. About 14 percent of the 154,406 websites monitored by the SSL Pulse Project—which keeps tabs on the 1 million most popular websites that use SSL—use a version of OpenSSL that contains the flaw and is vulnerable to an exploit. Another 36 percent of websites monitored by the project use other versions of OpenSSL that also contain the vulnerability but as yet cannot be attacked using the CVE-2014-0224 flaw, although experts are advising websites that use those versions of the crypto library to upgrade to newer versions that are not vulnerable. Qualys' Ivan Ristic says most browser users will be unaffected by attacks that exploit CVE-2014-0224 since most browsers do not use OpenSSL, although those that use Android browsers and command-line and programmatic tools that use OpenSSL are at risk.


Dyreza Banker Trojan Seen Bypassing SSl
Threatpost (06/16/14) Fisher, Dennis

Security researchers have identified a new banking Trojan that uses a technique known as browser hooking to bypass secure-socket layer encryption and redirect banking traffic through their own domain. The new Trojan, called Dyre or Dyreza, has mostly been active in the U.K., targeting customers of Bank of America, Natwest, Citibank, RBS, and Ulsterbank. The Trojan spreads through phishing emails that are made to look like they come from the target financial institutions. Once infected, the Trojan waits for the user to visit the targeted financial site and then uses browser hooking to redirect their traffic, including the use of login credentials, to the attackers. "By using sleight of hand, the attackers make it appear that you're still on the website and working as HTTPS. In reality your traffic is redirected to the attackers' page," says PhishMe's Ronni Tokazowski. Dyreza's browser hooking technique works with Internet Explorer, Mozilla Firefox, and Google Chrome. Researchers in Denmark have identified two of the Trojan's command-and-control servers and found they funnel money to several bank accounts in Latvia.


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment