NEWS - April 23, 2014

Kaspersky Lab Weblog:

Recently, we've seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS-AndroidOS.Stealer.a; this Trojan came top in Kaspersky Lab's recent mobile malware TOP 20. It can currently send short messages to premium-rate numbers in 14 countries around the world.

But this is not all. Another Trojan, Trojan-SMS.AndroidOS.FakeInst.ef, targets users in 66 countries, including the US. This is the first case we have found involving an active SMS Trojan in the United States.

FakeInst was detected by Kaspersky Lab back in February 2013; since then, 14 various versions of it have emerged. The earlier versions were only capable of sending messages to premium-rate numbers in Russia. But by mid-2013 other countries appeared on the "support list":

Continued : http://www.securelist.com/en/blog/8209/An_SMS_Trojan_with_global_ambitions

In Internet years, AOL and its webmail counterpart AOL Mail are beyond ancient at this point. A relic of electronic mail history, the majority of users have long since jumped ship for Gmail or Yahoo.

Yet those who still have accounts with AOL were no doubt unhappy when they discovered last weekend that a slew of old AOL Mail accounts had been hacked to send spam to their friends.

While it's unclear exactly how many users' accounts have been compromised at this point, multiple users have complained on Twitter that their accounts - some which naturally have not been used for years - were compromised and used to send spam to other users.

Continued : http://threatpost.com/aol-email-hacked-by-spoofers-to-send-spam/105629

Related: Has your AOL account been spewing out diet spam? You're not alone ...

As former NSA director Michael Hayden learned on an Amtrak train last year, anyone with a smartphone instantly can become a livetweeting snoop. Now a whole crowd of amateur eavesdroppers could be as close as the nearest light fixture.

Two artists have revealed Conversnitch, a device they built for less than $100 that resembles a lightbulb or lamp and surreptitiously listens in on nearby conversations and posts snippets of transcribed audio to Twitter. Kyle McDonald and Brian House say they hope to raise questions about the nature of public and private spaces in an era when anything can be broadcast by ubiquitous, Internet-connected listening devices.

"What does it mean to deploy one of these in a library, a public square, someone's bedroom? What kind of power relationship does it set up?" asks House, a 34-year-old adjunct professor at the Rhode Island School of Design. "And what does this stream of tweets mean if it's not set up by an artist but by the U.S. government?"

Continued : http://www.wired.com/2014/04/coversnitch-eavesdropping-lightbulb/

It looks like it's time to update my Value of a Hacked Email Account graphic: Real estate and title agencies are being warned about a new fraud scheme in which email bandits target consumers who are in the process of purchasing a home.

In this scheme, the attackers intercept emails from title agencies providing wire transfer information for borrowers to transmit earnest money for an upcoming transaction. The scammers then substitute the title company's bank account information with their own, and the unsuspecting would-be homeowner wires their down payment directly to the fraudsters.

This scam was laid out in an alert sent by First American Title to its title agents:

Continued : http://krebsonsecurity.com/2014/04/phishers-divert-home-loan-earnest-money/

"A few office-productivity apps are protected from Heartbleed thanks to a mistake"

Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.

FireEye scanned 54,000 Android applications in Google's Play store on April 10 to see which ones are vulnerable to Heartbleed. The flaw, publicly disclosed on April 7, is contained in OpenSSL, a code library used to encrypt data traffic.

The security company found several games and office-based mobile applications that are vulnerable to the bug, mostly because the applications use their own native OpenSSL library rather than the one in the Android OS. Google said Android was mostly immune to Heartbleed.

Continued : http://news.techworld.com/security/3513059/coding-error-protects-some-android-apps-from-heartbleed/

From FireEye: If an Android Has a Heart, Does It Bleed?

An investigation spurred by one of the customers of their security product has lead researchers of security company Bkav to an unexpected discovery: the servers provided by Amazon's Cloud IaaS Service are riddled with vulnerabilities.

The customer in question complained about his server having been infected with spying and information-stealing malware despite the use of Bkav's antimalware solution.

While investigating how that might have happened, they discovered that Windows Server 2003 on Amazon's cloud server was last updated in October 2009. What's more, the Auto Update was turned off.

Continued : http://www.net-security.org/secworld.php?id=16731

Related: Amazon and HP Cloud Services Vulnerable Due to Unpatched Windows Server Installations

Symantec Security Response Blog:

Symantec has recently detected phishing emails related to the Heartbleed Bug. The phisher attempts to gather information by posing as a US military insurance service with a message about the Heartbleed bug.

The Heartbleed bug is a recently discovered security vulnerability affecting OpenSSL versions 1.0.1 to 1.0.1f. This vulnerability was fixed in OpenSSL 1.0.1g. Symantec's security advisory gives more details on the bug and offers remediation steps.

Spammers and phishers are known to use trending news and popular topics to disguise their payloads. In the case of phishing emails, phishers often cite security concerns to legitimize and disguise their social engineering methods. The payloads of these emails attempt to compel the messages' recipients into divulging sensitive information.

In this case, the phishers send the following email. [Screenshot]

Continued : http://www.symantec.com/connect/blogs/phishers-pump-out-heartbleed-attacks