Security Alerts & News
by Tymoteusz A. Góral

History
#1084 Android security bulletin features two patch levels
The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware.

The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle for Android users who must rely on carriers and handset makers to integrate and distribute Google updates.

The latest Android Security Bulletin, released today, provides little relief. It’s a sizable update—late by nearly a week because of the July 4 U.S. holiday—but contains fixes for problems in a host of familiar areas including Mediaserver and a number of Qualcomm, MediaTek and NVIDIA components that have been featured in almost every bulletin since the monthly releases started last August.
#1083 EasyDoc malware adds Tor backdoor to Macs for botnet control
Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor.

The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the system, allowing it to be used as part of a botnet or to spy on the owner.

"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab.

"For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless."
#1082 Adwind RAT resurfaces, targeting Danish companies
The remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies, researchers said.

In emails purporting to be order requests coming from either spoofed or fake return addresses, attackers are spreading malicious .jar, or Java archive files. Assuming a user clicks through and opens the file, Adwind’s code is run, and the machine is pulled into a botnet.

According to researchers with Romania-based Heimdal Security, who described the RAT in a blog post on Monday, this iteration of Adwind communicates with a server that’s been used in other RAT campaigns that use dynamic DNS services. Command and control servers used by the RAT have been down and up over the course of its existence. Most of them rely on Dynamic DNS servers and are not real domain registrations.
#1081 An increase of sophisticated phishing attacks in Sweden
Whilst sitting and working in the South African office I receive an email from my Swedish ISP. I quickly look at it and there is something that doesn’t add up. The email states that I need to pay my invoice, but I never receive electronic invoices from this company.

Like everyone else I receive a lot of spam and phishing emails, but this one is different from any other phishing email I have ever seen before. To be honest, it’s probably the most sophisticated phishing campaign that I’ve ever encountered. It’s not the technical setup that makes it sophisticated it is a very simple factor that has been added to the email that just makes the email look very authentic.

The phishing campaign has the usual mistakes, the sender of the email is not related to the company, and the domains used in the links don’t point to a domain that is registered by the ISP.
#1080 12 security suites for Mac OS X put to the test
While Mac OS X does already utilize its own internal system protection mechanisms, those wanting to be absolutely sure should ramp up their protection with good security software. The Magdeburg-based institute, AV-TEST, examined 12 of the latest applications, whereby some of them did not perform well.
#1079 Second man pleads guilty of hacking entertainment industry celebrities
A second man has pleaded guilty to using a phishing scheme to get access to private and sensitive videos and photographs of people in the entertainment industry in Los Angeles.

Edward Majerczyk, 28, a resident of Chicago and Orland Park, Illinois, has admitted in a plea agreement entered in the U.S. District Court for the Central District of California that between Nov. 23, 2013 through August 2014, he had engaged in a phishing scheme to obtain usernames and passwords from his victims, according to the U.S. Attorney’s Office for the Central District of California.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12