Thursday, June 26, 2014

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk



Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins.

WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that’s why tens of millions of websites across the world opt it.

But if you or your company are the one using the popular image resizing library called “TimThumb” to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update.

0-Day REMOTE CODE EXECUTION & NO PATCH
The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, resides in its “Webshot” feature that, when enabled, allows attackers to execute commands on a remote website.

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk



Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins.

WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that’s why tens of millions of websites across the world opt it.

But if you or your company are the one using the popular image resizing library called “TimThumb” to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update.

0-Day REMOTE CODE EXECUTION & NO PATCH
The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, resides in its “Webshot” feature that, when enabled, allows attackers to execute commands on a remote website.

Hackers recreate the NSA Spying Kit using junkyard items.



Mr. Edward Snowden revealed last year the NSA’s Advanced Network Technology catalog, a list of the tools provided by the NSA to its agents for spying purposes. Now some hackers and security experts have used this leaked information to make similar tools using available junkyard electronics.

The leaked catalog was examined by Michael Ossmann and his team. And they found out that many of the items were very easy to recreate at a fairly low price. He has already build a Software-Defined-Radio (SDR) which can record and transmit data from a target PC using a Kickstarter project, and this can be bought for just $300.

Hackers recreate the NSA Spying Kit using junkyard items.



Mr. Edward Snowden revealed last year the NSA’s Advanced Network Technology catalog, a list of the tools provided by the NSA to its agents for spying purposes. Now some hackers and security experts have used this leaked information to make similar tools using available junkyard electronics.

The leaked catalog was examined by Michael Ossmann and his team. And they found out that many of the items were very easy to recreate at a fairly low price. He has already build a Software-Defined-Radio (SDR) which can record and transmit data from a target PC using a Kickstarter project, and this can be bought for just $300.

Wednesday, June 25, 2014

Most IT secretaries unaware of their role



NAGPUR: Victims of any kind of cyber fraud can avail civil remedy or suitable compensation by approaching the IT secretary of their home state. However, concerned officials from most states in the country are either not aware of their duty or not responsive or techno-savvy enough to reply to the complaint mails sent to them.

This came to fore when city-based NGO Cyber Awareness Organisation sought help for cyber fraud victims. The NGO had written mails to IT secretaries of more than 20 states but only a few responded while a majority ignored their request. Surprisingly, while mails to the official IDs of Bihar and Jharkhand bounced, the IT secretary of Uttar Pradesh maintained that a cyber crime was to be dealt by the IT cell of police and he had no role in solving it.

"As we were approached by people living in these states for help, we wrote to the IT secretaries on their behalf. The most shocking behaviour was of the UP official. Not only did we write to him but our client even went and met him. Despite explaining him the entire case, the adjudicator insisted that he could not help and that we approach the local police," said cyber law expert and president of Cyber Awareness Organization Mahendra Limaye.

Most IT secretaries unaware of their role



NAGPUR: Victims of any kind of cyber fraud can avail civil remedy or suitable compensation by approaching the IT secretary of their home state. However, concerned officials from most states in the country are either not aware of their duty or not responsive or techno-savvy enough to reply to the complaint mails sent to them.

This came to fore when city-based NGO Cyber Awareness Organisation sought help for cyber fraud victims. The NGO had written mails to IT secretaries of more than 20 states but only a few responded while a majority ignored their request. Surprisingly, while mails to the official IDs of Bihar and Jharkhand bounced, the IT secretary of Uttar Pradesh maintained that a cyber crime was to be dealt by the IT cell of police and he had no role in solving it.

"As we were approached by people living in these states for help, we wrote to the IT secretaries on their behalf. The most shocking behaviour was of the UP official. Not only did we write to him but our client even went and met him. Despite explaining him the entire case, the adjudicator insisted that he could not help and that we approach the local police," said cyber law expert and president of Cyber Awareness Organization Mahendra Limaye.

Man robs Cary bank after attempting to rob another



Police said a suspect robbed the First Citizen Bank in Cary after his attempted to rob the Fidelity Bank was thwarted by bank employees.

Employees of the Fidelity Bank, located at the intersection of Cary Parkway and Old Apex Road, locked the doors when they saw a man approaching wearing a hoodie, glasses and gloves around 4:10 p.m., police said.

Police said the suspect left the Fidelity Bank on a bike.
The same suspect entered the First Citizens Bank at 1825 Kildaire Farm Road 26 minutes later and jumped the counter, police said.
The suspect took an undisclosed amount of money and left in a green Z-71 Chevy Pickup truck, police said.
He was last seen traveling northbound on Kildaire Farm Road.

Police described the suspect as standing 6 feet tall, slim build wearing blue jeans, work boots, gray hoodie, bandana, glasses and gloves.

Man robs Cary bank after attempting to rob another



Police said a suspect robbed the First Citizen Bank in Cary after his attempted to rob the Fidelity Bank was thwarted by bank employees.

Employees of the Fidelity Bank, located at the intersection of Cary Parkway and Old Apex Road, locked the doors when they saw a man approaching wearing a hoodie, glasses and gloves around 4:10 p.m., police said.

Police said the suspect left the Fidelity Bank on a bike.
The same suspect entered the First Citizens Bank at 1825 Kildaire Farm Road 26 minutes later and jumped the counter, police said.
The suspect took an undisclosed amount of money and left in a green Z-71 Chevy Pickup truck, police said.
He was last seen traveling northbound on Kildaire Farm Road.

Police described the suspect as standing 6 feet tall, slim build wearing blue jeans, work boots, gray hoodie, bandana, glasses and gloves.

Charlotte man accused of hail damage insurance claim fraud



CHARLOTTE —

North Carolina Department of Insurance commissioner Wayne Goodwin announced the arrest of a Charlotte man accused of hail damage insurance claim fraud.

Ronald Leonard Pierce, 56, was charged with 108 counts of obtaining property by false pretense.

After a yearlong investigation, Department of Insurance criminal investigators allege that Pierce was acting as a public adjuster without a license to provide those services for two of his businesses, Clear Choice Construction and Piedmont Disaster Services.

Pierce is accused of providing inflated hail damage repair estimates to homeowners.

“For all of the 108 charges we're looking at a sum of $450,000 in fraudulent and allegedly fraudulent claim payments,” said Marni Schribner, a spokeswoman with the NC Department of Insurance.

It’s not the only state agency that has been tracking Pierce’s businesses.

Eyewitness News checked records with the NC Secretary of State’s Office and found that the state had revoked one of Pierce’s business licenses in 2013 and notified him that they may do the same with his second company because he had not filed the required annual reports with their office.

Charlotte man accused of hail damage insurance claim fraud



CHARLOTTE —

North Carolina Department of Insurance commissioner Wayne Goodwin announced the arrest of a Charlotte man accused of hail damage insurance claim fraud.

Ronald Leonard Pierce, 56, was charged with 108 counts of obtaining property by false pretense.

After a yearlong investigation, Department of Insurance criminal investigators allege that Pierce was acting as a public adjuster without a license to provide those services for two of his businesses, Clear Choice Construction and Piedmont Disaster Services.

Pierce is accused of providing inflated hail damage repair estimates to homeowners.

“For all of the 108 charges we're looking at a sum of $450,000 in fraudulent and allegedly fraudulent claim payments,” said Marni Schribner, a spokeswoman with the NC Department of Insurance.

It’s not the only state agency that has been tracking Pierce’s businesses.

Eyewitness News checked records with the NC Secretary of State’s Office and found that the state had revoked one of Pierce’s business licenses in 2013 and notified him that they may do the same with his second company because he had not filed the required annual reports with their office.

Thursday, June 19, 2014

Reward offered for information on Benson NC bank robbery



The North Carolina Bankers Association is offering a reward for information leading to an arrest in the armed robbery Thursday of a bank in Benson.

Authorities said a robber wearing a black neoprene face mask entered the First Federal Bank on North Johnson Street shortly after 10 a.m. There were no reports of injuries.



Read more at http://www.wral.com/reward-offered-for-information-on-benson-bank-robbery/13748628/#qI2lrvdYQGDYD7to.99

Reward offered for information on Benson NC bank robbery



The North Carolina Bankers Association is offering a reward for information leading to an arrest in the armed robbery Thursday of a bank in Benson.

Authorities said a robber wearing a black neoprene face mask entered the First Federal Bank on North Johnson Street shortly after 10 a.m. There were no reports of injuries.



Read more at http://www.wral.com/reward-offered-for-information-on-benson-bank-robbery/13748628/#qI2lrvdYQGDYD7to.99

North Carolina man arrested shortly after Roanoke bank robbery



By Jordan Fifer and Amy Friedenberger | The Roanoke Times

Roanoke police have arrested a North Carolina man in connection with the robbery of a Carter Bank & Trust on Wednesday afternoon.

Victor Eugene Angus, 64, of Stella, North Carolina, was arrested by a Botetourt County sheriff’s deputy in the 3800 block of Lee Highway shortly after the robbery, said Roanoke police spokesman Scott Leamon.

Angus was charged with robbery.

During an interview with detectives, Angus admitted to robbing the Carter Bank & Trust on Peters Creek Road in Roanoke on June 4, Leamon said.

A warrant was also obtained charging Angus with that robbery.

Angus is being held in the Roanoke City Jail without bond.

Police responded to the 1700 block of Hershberger Road Northwest, the Carter Bank & Trust, at 2:55 p.m. to investigate a robbery, Leamon said.

Witnesses told officers the suspect walked into the bank and demanded money from the teller, Leamon said. After the teller complied, the suspect exited the building with an undisclosed amount of cash.

North Carolina man arrested shortly after Roanoke bank robbery



By Jordan Fifer and Amy Friedenberger | The Roanoke Times

Roanoke police have arrested a North Carolina man in connection with the robbery of a Carter Bank & Trust on Wednesday afternoon.

Victor Eugene Angus, 64, of Stella, North Carolina, was arrested by a Botetourt County sheriff’s deputy in the 3800 block of Lee Highway shortly after the robbery, said Roanoke police spokesman Scott Leamon.

Angus was charged with robbery.

During an interview with detectives, Angus admitted to robbing the Carter Bank & Trust on Peters Creek Road in Roanoke on June 4, Leamon said.

A warrant was also obtained charging Angus with that robbery.

Angus is being held in the Roanoke City Jail without bond.

Police responded to the 1700 block of Hershberger Road Northwest, the Carter Bank & Trust, at 2:55 p.m. to investigate a robbery, Leamon said.

Witnesses told officers the suspect walked into the bank and demanded money from the teller, Leamon said. After the teller complied, the suspect exited the building with an undisclosed amount of cash.

Tuesday, June 17, 2014

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine



Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service.

An update is available for the following affected software:
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 Endpoint Protection Service Pack 1
Microsoft Malicious Software Removal Tool (Applies only to May 2014 or earlier versions)
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
Windows Defender for Windows RT and Windows RT 8.1
Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline
Windows Intune Endpoint Protection


US-CERT encourages users and administrators to review the Microsoft Security Advisory 2974294 and apply the necessary updates.

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine



Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service.

An update is available for the following affected software:
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 Endpoint Protection Service Pack 1
Microsoft Malicious Software Removal Tool (Applies only to May 2014 or earlier versions)
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
Windows Defender for Windows RT and Windows RT 8.1
Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline
Windows Intune Endpoint Protection


US-CERT encourages users and administrators to review the Microsoft Security Advisory 2974294 and apply the necessary updates.

Friday, June 13, 2014

Pandemiya banking malware emerges as Zeus-level threat



Researchers have uncovered a new banking malware variant that they say is notable not only for the hefty prices its authors are demanding, but also because the malware has been coded from scratch -- a dangerous oddity in the world of malware development.

In a blog post this week, RSA's FraudAction team detailed the malware finding, dubbed Pandemiya, which they said is being sold on underground malware sites for between $1,500 and $2,000 dollars, depending on the functionality a buyer desires.

Pandemiya is a typical malware banking variant in many ways. It is capable of stealing form data and login credentials, as well as enabling attackers to inject malicious webpages into the three major Web browsers to gather further information on victims.

Communications between machines infected by Pandemiya and a botnet are also encrypted, according to RSA, and the modular nature of the malware means it is "quite easy to expand and add functionality" to via DLL plug-ins -- some of which are made available for a higher price, including a reverse proxy and an FTP login stealer.

What sets Pandemiya apart is that it's not based on the Zeus source code, which was leaked online in 2011 and has since been the favorite base code for exploit authors to craft numerous variants of the infamous banking malware, including Citadel, Carberp and Zberp.

Pandemiya banking malware emerges as Zeus-level threat



Researchers have uncovered a new banking malware variant that they say is notable not only for the hefty prices its authors are demanding, but also because the malware has been coded from scratch -- a dangerous oddity in the world of malware development.

In a blog post this week, RSA's FraudAction team detailed the malware finding, dubbed Pandemiya, which they said is being sold on underground malware sites for between $1,500 and $2,000 dollars, depending on the functionality a buyer desires.

Pandemiya is a typical malware banking variant in many ways. It is capable of stealing form data and login credentials, as well as enabling attackers to inject malicious webpages into the three major Web browsers to gather further information on victims.

Communications between machines infected by Pandemiya and a botnet are also encrypted, according to RSA, and the modular nature of the malware means it is "quite easy to expand and add functionality" to via DLL plug-ins -- some of which are made available for a higher price, including a reverse proxy and an FTP login stealer.

What sets Pandemiya apart is that it's not based on the Zeus source code, which was leaked online in 2011 and has since been the favorite base code for exploit authors to craft numerous variants of the infamous banking malware, including Citadel, Carberp and Zberp.

Robo Scam Caller



Phone Number 214-414-1037 7:00 AM Eastern Time.


http://www.independentfcu.org/news/2014/04/03/general/fraud-alert-phishing-scam-hits-cardholders-in-our-region/

Robo Scam Caller



Phone Number 214-414-1037 7:00 AM Eastern Time.


http://www.independentfcu.org/news/2014/04/03/general/fraud-alert-phishing-scam-hits-cardholders-in-our-region/

Thursday, June 12, 2014

Robo-Caller, Prankster, Pervert



312-905-5864 Robo-Caller, Prankster, Pervert

Call's all times of day and night, sends lewd pictures via MMS. Block the number if you can.



Robo-Caller, Prankster, Pervert



312-905-5864 Robo-Caller, Prankster, Pervert

Call's all times of day and night, sends lewd pictures via MMS. Block the number if you can.



Wednesday, June 11, 2014

Adobe Releases Security Updates for Flash Player and Air



Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

The following updates are available:

Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux

Adobe Flash Player 11.2.202.378 for Macintosh and Linux

Adobe AIR 14.0.0.110 for Windows, Macintosh and Android

Adobe AIR SDK and Compiler 14.0.0.110 for Windows, Macintosh, Android and iOS

Adobe AIR SDK 14.0.0.110 for Windows, Macintosh, Android and iOS

Users and administrators are encouraged to review Adobe Security Bulletin APSB14-16 and determine which updates should be applied.

Adobe Releases Security Updates for Flash Player and Air



Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

The following updates are available:

Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux

Adobe Flash Player 11.2.202.378 for Macintosh and Linux

Adobe AIR 14.0.0.110 for Windows, Macintosh and Android

Adobe AIR SDK and Compiler 14.0.0.110 for Windows, Macintosh, Android and iOS

Adobe AIR SDK 14.0.0.110 for Windows, Macintosh, Android and iOS

Users and administrators are encouraged to review Adobe Security Bulletin APSB14-16 and determine which updates should be applied.

Google Releases Security Updates for Chrome and Chrome OS



Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system or cause a denial of service.

Updates available include:

Chrome 35.0.1916.153 for Windows, Mac and Linux

Chrome OS 35.0.1916.155 for all Chrome OS devices

US-CERT encourages users and administrators to review the Google Chrome release blog entries [1] and [2], and apply the necessary updates.



Google Releases Security Updates for Chrome and Chrome OS



Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system or cause a denial of service.

Updates available include:

Chrome 35.0.1916.153 for Windows, Mac and Linux

Chrome OS 35.0.1916.155 for all Chrome OS devices

US-CERT encourages users and administrators to review the Google Chrome release blog entries [1] and [2], and apply the necessary updates.



Tuesday, June 10, 2014

Latest OpenSSL bug ‘may be more dangerous than Heartbleed



As many of our readers already know, Heartbleed bug is a serious OpenSSL vulnerability allows remote attackers to steal sensitive information protected by SSL/TLS encryption because. It affected millions of websites, and there are still vulnerable/un-patched servers exist. Now researchers discovered new OpenSSL vulnerabilities and one of them is maybe more critical than Heartbleed. It allows attackers to decrypt and modify traffic protected by the transport layer security (TLS) protocol (Web, e-mail, VPN) , which is the Internet’s most widely used method for encrypting traffic traveling between clients and servers. In other words, vulnerability allows an attacker to perform Man-in-the-Middle (MITM) attacks on encrypted connections.

Tatsuya Hayashi, the researcher who found one of the critical bugs, told that the latest flaw “may be more dangerous than Heartbleed” as it could be used to directly spy on people’s communications.

Vulnerabilities have been disclosed in a security advisory issued by the OpenSSL Project and server admins running vulnerable versions have been urged to install the patches. Security advisory included details as follows;


Latest OpenSSL bug ‘may be more dangerous than Heartbleed



As many of our readers already know, Heartbleed bug is a serious OpenSSL vulnerability allows remote attackers to steal sensitive information protected by SSL/TLS encryption because. It affected millions of websites, and there are still vulnerable/un-patched servers exist. Now researchers discovered new OpenSSL vulnerabilities and one of them is maybe more critical than Heartbleed. It allows attackers to decrypt and modify traffic protected by the transport layer security (TLS) protocol (Web, e-mail, VPN) , which is the Internet’s most widely used method for encrypting traffic traveling between clients and servers. In other words, vulnerability allows an attacker to perform Man-in-the-Middle (MITM) attacks on encrypted connections.

Tatsuya Hayashi, the researcher who found one of the critical bugs, told that the latest flaw “may be more dangerous than Heartbleed” as it could be used to directly spy on people’s communications.

Vulnerabilities have been disclosed in a security advisory issued by the OpenSSL Project and server admins running vulnerable versions have been urged to install the patches. Security advisory included details as follows;


Microsoft Security Bulletin Summary for June 2014



This bulletin summary lists security bulletins released for June 2014.

With the release of the security bulletins for June 2014, this bulletin summary replaces the bulletin advance notification originally issued June 5, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on June 11, 2014, at 11:00 AM Pacific Time (US & Canada). Register now for the June Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

https://technet.microsoft.com/library/security/ms14-jun

Microsoft Security Bulletin Summary for June 2014



This bulletin summary lists security bulletins released for June 2014.

With the release of the security bulletins for June 2014, this bulletin summary replaces the bulletin advance notification originally issued June 5, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on June 11, 2014, at 11:00 AM Pacific Time (US & Canada). Register now for the June Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

https://technet.microsoft.com/library/security/ms14-jun

Sunday, June 8, 2014

BRIEF: Man charged with insurance fraud



June 07--Antonio Lennard Lawrence, 42, of 7180 Silverleaf Road, Rocky Mount was charged with insurance fraud and attempting to obtain property by false pretense.

N.C. Department of Insurance criminal investigators allege that Lawrence provided fraudulent documentation to GEICO Insurance Co. in support of a claim for the loss of his vehicle in a fire March 10.

Lawrence was arrested on June 6 with the assistance of the Wilson County Sheriff's Office and placed under a $3,000 bond.

BRIEF: Man charged with insurance fraud



June 07--Antonio Lennard Lawrence, 42, of 7180 Silverleaf Road, Rocky Mount was charged with insurance fraud and attempting to obtain property by false pretense.

N.C. Department of Insurance criminal investigators allege that Lawrence provided fraudulent documentation to GEICO Insurance Co. in support of a claim for the loss of his vehicle in a fire March 10.

Lawrence was arrested on June 6 with the assistance of the Wilson County Sheriff's Office and placed under a $3,000 bond.

BBB Scam Alert: Beware of Fake Bank Fraud Alerts



Connecticut Better Business Bureau is warning consumers about credit and debit card fraud alerts that appear to come from a financial institution.

With many banks and credit card companies offering alerts for their account holders, criminals have devised a way to commit fraud by claiming your card has been used by someone else.

How the scam works:

You receive an automated call or text claiming that your credit or debit card has been deactivated. You are informed that the problem is easy to fix by calling a customer service number and confirming some information.

One such text reads “Your ATM card has been put on hold. Call Customer Department now at (XXX) XXX-XXXX.”

If you call, you hear a recorded message that instructs you to enter your 16 digit credit card number. Unfortunately, the fraud alert and customer service number are fake, and consumers who follow the instructions leave themselves open to credit card fraud.

To avoid becoming a victim:

Familiarize yourself with fraud alert communication policies – Did you sign up for text alerts? Make certain you understand how your bank or credit card company will let you know if they suspect your card has been used fraudulently.

Verify the telephone number – Don’t call the number given in the text message. You can find the customer service number for your bank or credit card issuer on the back of the card or on their website, in order to allow you to confirm the status of your card.


BBB Scam Alert: Beware of Fake Bank Fraud Alerts



Connecticut Better Business Bureau is warning consumers about credit and debit card fraud alerts that appear to come from a financial institution.

With many banks and credit card companies offering alerts for their account holders, criminals have devised a way to commit fraud by claiming your card has been used by someone else.

How the scam works:

You receive an automated call or text claiming that your credit or debit card has been deactivated. You are informed that the problem is easy to fix by calling a customer service number and confirming some information.

One such text reads “Your ATM card has been put on hold. Call Customer Department now at (XXX) XXX-XXXX.”

If you call, you hear a recorded message that instructs you to enter your 16 digit credit card number. Unfortunately, the fraud alert and customer service number are fake, and consumers who follow the instructions leave themselves open to credit card fraud.

To avoid becoming a victim:

Familiarize yourself with fraud alert communication policies – Did you sign up for text alerts? Make certain you understand how your bank or credit card company will let you know if they suspect your card has been used fraudulently.

Verify the telephone number – Don’t call the number given in the text message. You can find the customer service number for your bank or credit card issuer on the back of the card or on their website, in order to allow you to confirm the status of your card.


Police: Masked robbers arrested for bank robbery



PENDER COUNTY, NC (WWAY) -- Burgaw Police Department responded to an armed robbery at the North Carolina State Employees Credit Union early Friday morning.

In a news release, police said Jordan Carrol, 20, went inside the SECU armed with a rifle and demanded money from the employees.

Carroll was spotted shortly afterwards by the Pender County Sheriffs’ Office in Rocky Point and was taken into custody under a $191,500 secured bond. He is charged with robbery with a dangerous weapon, felony larceny, possession of stolen goods, assault by pointing a gun and wearing a mask in public.

Police also arrested Alysha Harts Carroll, 24, and is being held under a $180,000 secured bond. She is charged with robbery with a dangerous weapon, felony larceny, and possession of stolen goods.



Police: Masked robbers arrested for bank robbery



PENDER COUNTY, NC (WWAY) -- Burgaw Police Department responded to an armed robbery at the North Carolina State Employees Credit Union early Friday morning.

In a news release, police said Jordan Carrol, 20, went inside the SECU armed with a rifle and demanded money from the employees.

Carroll was spotted shortly afterwards by the Pender County Sheriffs’ Office in Rocky Point and was taken into custody under a $191,500 secured bond. He is charged with robbery with a dangerous weapon, felony larceny, possession of stolen goods, assault by pointing a gun and wearing a mask in public.

Police also arrested Alysha Harts Carroll, 24, and is being held under a $180,000 secured bond. She is charged with robbery with a dangerous weapon, felony larceny, and possession of stolen goods.



Saturday, June 7, 2014

NC caretaker charged with defrauding VA

GASTONIA, N.C. (AP) — A Cherryville woman has been charged with defrauding the U.S. Department of Veteran Affairs of more than $22,000.

Gaston County Police said Friday 30-year-old Amber Nicole Chapman had been charged with obtaining property by false pretense, computer fraud and forgery.

Police say Chapman is the former caretaker of a VA beneficiary.

From May 2012 to December 2013, officials say Chapman continued to collect and withdraw benefit deposits with a fraudulently obtained debit card after the beneficiary had died. Police say those checks totaled roughly $22,000 in taxpayer money.

Chapman was released on a $10,000 bond, and it wasn't immediately known if she had an attorney.

NC caretaker charged with defrauding VA

GASTONIA, N.C. (AP) — A Cherryville woman has been charged with defrauding the U.S. Department of Veteran Affairs of more than $22,000.

Gaston County Police said Friday 30-year-old Amber Nicole Chapman had been charged with obtaining property by false pretense, computer fraud and forgery.

Police say Chapman is the former caretaker of a VA beneficiary.

From May 2012 to December 2013, officials say Chapman continued to collect and withdraw benefit deposits with a fraudulently obtained debit card after the beneficiary had died. Police say those checks totaled roughly $22,000 in taxpayer money.

Chapman was released on a $10,000 bond, and it wasn't immediately known if she had an attorney.

Friday, June 6, 2014

OpenSSL Releases Security Advisory



Original release date: June 05, 2014

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code.

The following updates are available:
OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

US-CERT recommends users and administrators review Vulnerability Note VU#978508 and the OpenSSL advisory for additional information and apply the necessary updates.

OpenSSL Releases Security Advisory



Original release date: June 05, 2014

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code.

The following updates are available:
OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h

US-CERT recommends users and administrators review Vulnerability Note VU#978508 and the OpenSSL advisory for additional information and apply the necessary updates.

BREAKING NEWS: Bank robbery may be linked to second incident



Thursday, June 5, 2014
By BULLETIN STAFF REPORTS -

Henry County Sheriff’s Office officials think there may be a connection between the robbery of a Ridgeway bank and the attempted robbery of a bank in North Carolina.

Both incidents occurred Wednesday. Security camera photos from a Carter Bank & Trust branch in Ridgeway and a High Point Bank branch in Kernersville, N.C., show similar-looking suspects wearing similar clothes.

A sheriff’s office release stated that in the incidents, “the method of operation and the description of the suspect are both very similar.”


BREAKING NEWS: Bank robbery may be linked to second incident



Thursday, June 5, 2014
By BULLETIN STAFF REPORTS -

Henry County Sheriff’s Office officials think there may be a connection between the robbery of a Ridgeway bank and the attempted robbery of a bank in North Carolina.

Both incidents occurred Wednesday. Security camera photos from a Carter Bank & Trust branch in Ridgeway and a High Point Bank branch in Kernersville, N.C., show similar-looking suspects wearing similar clothes.

A sheriff’s office release stated that in the incidents, “the method of operation and the description of the suspect are both very similar.”


N.C. audit finds UNCG violated travel policies for 18 years



GREENSBORO — The state auditor’s office says UNCG violated state and university policy for travel during a period of 18 years, a practice that “increased the risk of fraud, waste or abuse of university resources,” according to an audit report.

But UNCG officials say that there was no such waste or abuse and that the university is now in full compliance with the policy.

State Auditor Beth Wood’s report found that UNCG exempted senior administrators from travel authorization and supervisory approval for travel expenses, a violation of state and university policy.

Wood’s investigation, which cost nearly $20,000 to conduct, was prompted by a complaint about the travel of a senior administrator at UNCG, according to the report.

Reade Taylor, UNCG’s vice chancellor for business affairs, acknowledged that the university had not followed the policy since 1996 in regard to a group of about 30 employees who report directly to the chancellor or provost.

N.C. audit finds UNCG violated travel policies for 18 years



GREENSBORO — The state auditor’s office says UNCG violated state and university policy for travel during a period of 18 years, a practice that “increased the risk of fraud, waste or abuse of university resources,” according to an audit report.

But UNCG officials say that there was no such waste or abuse and that the university is now in full compliance with the policy.

State Auditor Beth Wood’s report found that UNCG exempted senior administrators from travel authorization and supervisory approval for travel expenses, a violation of state and university policy.

Wood’s investigation, which cost nearly $20,000 to conduct, was prompted by a complaint about the travel of a senior administrator at UNCG, according to the report.

Reade Taylor, UNCG’s vice chancellor for business affairs, acknowledged that the university had not followed the policy since 1996 in regard to a group of about 30 employees who report directly to the chancellor or provost.

Wednesday, June 4, 2014

Eight Individuals Charged in Four Separate Cyber Fraud Schemes



Southern District of Florida 226-9100. Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, and George L. Piro, Special Agent in Charge, Federal Bureau of Investigation, Miami Field Office, announce the arrests of eight individuals charged in four separate cases for their alleged participation in various cyber fraud schemes.

Miami Task Force Targets Cyber Fraud

U.S. Attorney's OfficeJune 3, 2014

Southern District of Florida (313) 226-9100

Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, and George L. Piro, Special Agent in Charge, Federal Bureau of Investigation(FBI), Miami Field Office, announce the arrests of eight individuals charged in four separate cases for their alleged participation in various cyber fraud schemes.

The cases announced today are, in large part, the result of the Miami Cyber Task Force (MCTF) initiative launched by the FBI in January 2014. The MCTF initiative is designed to combat the growing cyber fraud threat in South Florida. The MCTF initiative brings together federal, state, and local law enforcement to investigate and prosecute federally a myriad of cyber fraud offenders, including personal identity thieves, hackers, access device manufacturers, runners, and others.

U.S. Attorney Ferrer, joined by members of the MCTF, announce the following cases:

1. United States v. Kenneth Key, et al., Case No. 14-60122-Cr-Zloch. United States v. Kaleb Trotman, et al., Case No. 14-60123-Cr-Hurley

On May 29, 2014, Kenneth Key, 32, of Pompano Beach; Jonathan Mackey, 23, of Fort Lauderdale; Quenikka Brown, 28, of Atlanta, Georgia; Kaleb Trotman, 25, of Pompano Beach; Tsafiq Samuels, 24, of Miramar; and Tanya Morgan, 27, of Miami Gardens, were charged by indictment in two related schemes to steal AT&T customer information for the purpose of committing cell phone insurance fraud.


Eight Individuals Charged in Four Separate Cyber Fraud Schemes



Southern District of Florida 226-9100. Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, and George L. Piro, Special Agent in Charge, Federal Bureau of Investigation, Miami Field Office, announce the arrests of eight individuals charged in four separate cases for their alleged participation in various cyber fraud schemes.

Miami Task Force Targets Cyber Fraud

U.S. Attorney's OfficeJune 3, 2014

Southern District of Florida (313) 226-9100

Wifredo A. Ferrer, United States Attorney for the Southern District of Florida, and George L. Piro, Special Agent in Charge, Federal Bureau of Investigation(FBI), Miami Field Office, announce the arrests of eight individuals charged in four separate cases for their alleged participation in various cyber fraud schemes.

The cases announced today are, in large part, the result of the Miami Cyber Task Force (MCTF) initiative launched by the FBI in January 2014. The MCTF initiative is designed to combat the growing cyber fraud threat in South Florida. The MCTF initiative brings together federal, state, and local law enforcement to investigate and prosecute federally a myriad of cyber fraud offenders, including personal identity thieves, hackers, access device manufacturers, runners, and others.

U.S. Attorney Ferrer, joined by members of the MCTF, announce the following cases:

1. United States v. Kenneth Key, et al., Case No. 14-60122-Cr-Zloch. United States v. Kaleb Trotman, et al., Case No. 14-60123-Cr-Hurley

On May 29, 2014, Kenneth Key, 32, of Pompano Beach; Jonathan Mackey, 23, of Fort Lauderdale; Quenikka Brown, 28, of Atlanta, Georgia; Kaleb Trotman, 25, of Pompano Beach; Tsafiq Samuels, 24, of Miramar; and Tanya Morgan, 27, of Miami Gardens, were charged by indictment in two related schemes to steal AT&T customer information for the purpose of committing cell phone insurance fraud.


Monday, June 2, 2014

Federal agents knock down Zeus Botnet, CryptoLocker



WASHINGTON — The United States seized a global network of computer servers known as Gameover Zeus Botnet used by cyber-criminals to spread malware viruses and steal millions of dollars from businesses and consumers, the Justice Department announced Monday.

U.S. and foreign law enforcement agents in a separate action seized the computers that distributed malware known as "CryptoLocker" that freezes access to computer files until victims pay a ransom.

More than $100 million in losses were attributed to the schemes, which infected hundreds of thousands of computers, including a Massachusetts police department that paid a $750 ransom to restore its access to investigative files, digital mugshots and other administrative documents.

Deputy Attorney General James Cole described the Gameover Zeus operation, in which cyber thieves overtake computers to siphon often valuable financial information, the "most sophisticated and damaging botnet we have ever encountered.''

A 14-count indictment, unsealed Monday in Pittsburgh, charges Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, with directing Gameover Zeus. Charges include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. Bogachev is charged in Omaha with conspiracy to commit bank fraud for his alleged involvement with an earlier version of the Zeus malware called "Jabber Zeus."

Federal agents knock down Zeus Botnet, CryptoLocker



WASHINGTON — The United States seized a global network of computer servers known as Gameover Zeus Botnet used by cyber-criminals to spread malware viruses and steal millions of dollars from businesses and consumers, the Justice Department announced Monday.

U.S. and foreign law enforcement agents in a separate action seized the computers that distributed malware known as "CryptoLocker" that freezes access to computer files until victims pay a ransom.

More than $100 million in losses were attributed to the schemes, which infected hundreds of thousands of computers, including a Massachusetts police department that paid a $750 ransom to restore its access to investigative files, digital mugshots and other administrative documents.

Deputy Attorney General James Cole described the Gameover Zeus operation, in which cyber thieves overtake computers to siphon often valuable financial information, the "most sophisticated and damaging botnet we have ever encountered.''

A 14-count indictment, unsealed Monday in Pittsburgh, charges Evgeniy Mikhailovich Bogachev, 30, of Anapa, Russia, with directing Gameover Zeus. Charges include conspiracy, computer hacking, wire fraud, bank fraud and money laundering. Bogachev is charged in Omaha with conspiracy to commit bank fraud for his alleged involvement with an earlier version of the Zeus malware called "Jabber Zeus."

GameOver Zeus P2P Malware



Systems Affected

Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview


GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011[1], uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Description


GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer[2]. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community[1]. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data[3]. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult[1].
Impact


A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.
Solution




Users are recommended to take the following actions to remediate GOZ infections:
Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP systems)

Heimdal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

GameOver Zeus P2P Malware



Systems Affected

Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview


GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011[1], uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Description


GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer[2]. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community[1]. GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data[3]. Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult[1].
Impact


A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.
Solution




Users are recommended to take the following actions to remediate GOZ infections:
Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

F-Secure

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8)

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP systems)

Heimdal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP)

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above)

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.