Drones are being used for extensive surveillance in the United States, and reportedly have been used before in other countries for spying and targeted assassinations. There’ve been numerous reports of Customs and Border Protection that utilized Predator drones.
The Electronic Frontier Foundation (EFF) had provided evidence of its use by federal government and also local law enforcement. There are a lot of license records for drones, and the tracking of them on domestic flights. According to the organization, “EFF filed suit against the U.S. Department of Transportation (DOT), demanding data on certifications and authorizations the agency has issued for the operation of unmanned aircraft, also known as drones.”
These government surveillance issues outline a risky pattern that goes beyond internet monitoring, crazy intersection cameras, etc. These drones have impressive yet disturbing functionality to civil liberties advocates. According to the FOIA complaint, they carry equipment that can, “conduct highly sophisticated and almost constant surveillance. Including video cameras, infrared cameras and heat sensors, and radar.”
According to CSO, “The complaint quoted a description of the U.S. Army’s A160 Hummingbird Drone-Copter that includes, “super-high-resolution ‘gigapixel’ cameras that can track people and vehicles from altitudes above 20,000 feet, … can monitor up to 65 enemies of the State simultaneously, and … see targets from almost 25 miles down range.”
The CSO has a collaborative article about the situation, with more information.
Well it’s Patch Tuesday, or what some people call “Black” Tuesday.
Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.
Current bulletins for this round:
- MS12-077 Cumulative Security Update for Internet Explorer
- MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
- MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
- MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
- MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
- MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass
(Key: Important – Critical)
For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 126.96.36.199 and earlier versions for Linux, Adobe Flash Player 188.8.131.52 and earlier versions for Android 4.x, and Adobe Flash Player 184.108.40.206 and earlier versions for Android 3.x and 2.x, Adobe said.
The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.
We reported back in October about the damage swell of Saudi Aramco, Saudi Arabia’s oil company, which fell victim to a cyberattack. Some new details have been revealed by a few investigating/reporting organizations…
The New York Times reported the following yesterday:
The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.
“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, said on Al Ekhbariya television. It was Aramco’s first comments on the apparent aim of the attack.
Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet been published.
The “Cutting Sword of Justice” made a post on PasteBin.com about taking credit for the attack.
We explained previously that most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. However, renewed thoughts of Aramco are showing the want by hackers to stop the flow of production. Good thing it got sorted out.
When you look at the scope of Android malware (malicious software/viruses), and then think about Windows Phone malware, it’s as if hackers and virus-makers (“cybercriminals”) are retrying their own luck. What is meant by this? Years ago when malware started gaining big time (probably around 2000), these cybercriminals tried a number of ways to hack the Windows API/kernel, causing innumerable issues for Windows users. Now, today’s market looks like it’s being done all over again.
During the 2000s era, it seemed like we had quite a few different types of malware. Here are those types explained in today’s market for smartphone malware:
- Dialer: a trojan app/program that automatically dials premium rate numbers and attempts to rack up charges on the user’s phone bill. This can be highly costly, so removing it immediately is the best option.
- Trojan: a common name for any type of app/program that is designed to look like it does one thing, but it’s code does something else untrustworthy. Many options trojans pick would be the stealing of personal data off of the device, or changing the settings of a device to make it behave a different way.
- Virus: a self-replicating piece of code, infects other files, or just damages files on devices.
- Spyware: another trojan app/program, which decides to attempt the stealing of personal data on the user’s device.
- Adware: another trojan app/program designed to show ads to the user, sometimes flooding their screen. Commonly, these ads are personalized for the user, by getting a scope of the type of apps they have.
- Rootkit: a piece of trojan code, designed to get administrator privileges on the device, and then take control (and manipulate) of the system.
As you can see, some of those issues are as prevalent on mobile devices as they were on Windows operating systems in the 2000s era.
To further protect your mobile device from anyone of the threats described, please consider purchasing Kaspersky Mobile Security: Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95 Click Here
Let’s discover the vulnerabilities of CVE-2012-4681 and CVE-2012-5076, what’s similar and what we can learn about these two serious vulnerabilities. These use a Java reflection mechanism that breaks applet security restrictions, and allow a malicious payload. In other words, they bypass security and execute malicious code.
Now, Java reflection is used in programs commonly, usually those requiring the examination of runtime behavior of applications running in Java Virtual Machine. It is very convenient for Java developers (despite saving time) to write Java programs, but it also opens up more opportunities for exploits.
Now, to open up for the technical part, which you can skip if you don’t understand Java or it would give you a headache. 🙂
== TECHNICAL START ==
Java reflection has many functions and they are:
- GET class
- GET all members and methods in class include private ones
- Invoke methods
Java’s big vulnerability in dealing with reflection is that it allows hidden fields. Obviously, this isn’t a true flaw (meaning the Java developers don’t see a problem), but it would help to change this attribute to avoid further problems.
Now, CVE-2012-4681 used Java reflection to induce a hidden field that was called statement.acc. It implemented, also, the “setfield” function, which changes the value of the ACC file (found in the hidden field). To break the code, “Java.beans.statement” would be implemented.
So, in Java, we’d see:
SetField(Statement.class, "acc", localStatement, localAccessControlContext);
Then, as we analyze CVE-2012-5062, we see the big offender, “util. GenericContructor”, which is used to create an object from a restricted class. We would implement it like “sun.invoke.anon.AnonymousClassLoader”, and then call its function “loadclass” – that would deliver the malicious payload. Here is a breakdown of how the payload would work:
- GET the method “loadclass” and then invoke.
- GET the method “r” in payload and then invoke.
- Using “Class.forName” to load a target class
- Using “getDeclaredFields”, which would enumerate all fields (not including hidden ones).
- Using “setAccessible” to expose hidden/private fields.
== TECHNICAL END ==
Obviously, it’s time, researchers, to keep an eye on Java reflection vulnerabilities.
Secret information on counter-terrorism shared by foreign governments may have been compromised by a massive data theft by a senior IT technician for the NDB, Switzerland’s intelligence service, European national security sources said.
Intelligence agencies in the United States and Britain are among those who were warned by Swiss authorities that their data could have been put in jeopardy, said one of the sources, who asked for anonymity when discussing sensitive information.
Swiss authorities arrested the technician suspected in the data theft last summer amid signs he was acting suspiciously. He later was released from prison while a criminal investigation by the office of Switzerland’s Federal Attorney General continues, according to two sources familiar with the case.
The suspect’s name was not made public. Swiss authorities believe he intended to sell the stolen data to foreign officials or commercial buyers.
A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.