Report finds growing use of US surveillance gear by repressive nations

Human rights monitors have documented the use of US-manufactured Internet surveillance and censorship gear in 21 countries, some with checkered human rights policies such as Syria, China, and Saudi Arabia.

The report, titled Planet Blue Coat: Mapping Global Censorship and Surveillance Tools, scanned the Internet for unique digital signatures transmitted by equipment made by Blue Coat Systems. The analysis determined that PacketShaper, a Blue Coat device that detects more than 600 Web applications and controls undesirable traffic, was being used by a slew of countries: Afghanistan, Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey, and Venezuela. Researchers also found a second Web filtering program called ProxySG was being used by Egypt, Kuwait, Qatar, Saudi Arabia, and the United Arab Emirates.

The New York Times has a detailed report on the findings here.

Read 4 remaining paragraphs | Comments

Symantec Protections for Red October

An advanced cyber-espionage network targeting high-profile organizations and governments has recently been unveiled. The main attack method being used in this campaign is spear phishing.

The spear phishing emails contain Word document or Excel spreadsheet attachments that exploit three known vulnerabilities in order to compromise computers. The vulnerabilities used are:

Another attack method exploits the Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CVE-2011-3544) and is detected as the following:

This exploit is also blocked by our Intrusion Prevention Signatures:

Initially, samples of this malware were being detecting as Backdoor.Trojan. We have since broken out the following additional specific detections:

Figure 1. Backdoor.Rocra distribution
 

Figure 2. Backdoor.Rocra targets
 

Below is an example of a spear phishing email associated with this campaign and blocked by Symantec Mail Security for Microsoft Exchange:
 

Figure 3. Backdoor.Rocra spear phishing email with attachment
 

Figure 4. Backdoor.Rocra malicious spear phishing attachment
 

This is not the first time that a high-profile attack campaign has used spear phishing emails and, as a popular method, it likely will not be the last . However, we are now seeing increased adoption of watering hole attacks being used in campaigns (compromising certain websites likely to be visited by the target organization). For more information on watering hole attacks, read our paper on The Elderwood Project.

We advise users to ensure that operating systems and software are up to date and to avoid clicking on suspicious links and opening suspicious email attachments.

If you want to read more about the Red October campaign, Kaspersky has released a paper entitled "Red October" Diplomatic Cyber Attacks Investigation.

OKCupid’s new blind date app not so blind thanks to data leak

Blind dates are already both exciting and terrifying—the former because you might meet your future soulmate, and the latter because your date might end up boiling your bunny. That's why a privacy bug in OKCupid's brand new app, Crazy Blind Date, was even more disturbing than usual, even though there's no evidence of that data having been accessed.

The app's goal is to anonymously match you with another dater in your area for, well, a blind date. But the app apparently made users' full e-mail addresses and birth dates easily accessible "to anyone with the right technical skills," the Wall Street Journal discovered, thereby voiding much of the app's benefit. Worse, the bug could be used to see the information of anyone nearby who had signed up to use the service—a blind date did not have to be arranged first—putting the personal information of all of the new app's users at risk.

According to the WSJ, the bug came from Crazy Blind Date's API. In addition to the e-mail addresses and birth dates, someone could use the API to grab a Crazy Blind Date user's ID and correlate it to his or her OKCupid profile, potentially finding more information on that person.

Read 2 remaining paragraphs | Comments

$5,000 will buy you access to another, new critical Java vulnerability (Updated)

An exploit for yet another critical Java software vulnerability began circulating online amid reports that the patch Oracle issued two days ago is incomplete.

In an article published Wednesday morning on KrebsOnSecurity, reporter Brian Krebs said a fully "weaponized" executable that exploits the bug was being advertised for $5,000 in an underground Internet forum. The price also included source-code for the exploit so that it could be folded into other types of attacks. The advertisement came one day after Oracle rushed out a fix for an earlier critical vulnerability that was being "massively" exploited online. Researchers classified that vulnerability as CVE-2013-0422.

Krebs said the latest attack exploited "a different and apparently still-unpatched zero-day vulnerability in Java." His article came around the same time researchers from antivirus provider Trend Micro warned that the Oracle patch may not be effective at blocking some attacks.

Read 7 remaining paragraphs | Comments