January 30, Securityweek – (International) New “F0xy” malware uses clever techniques to stay hidden. Websense researchers discovered a new piece of malware that uses legitimate Web sites and services to minimize its detection so it can download a crypto-currency miner onto an infected machine. Earlier versions of the malware worked solely on Windows Vista and later versions of Microsoft’s operating system, while the most recent variants will also run on Windows XP. Source
January 30, Softpedia – (International) Multiple security weaknesses in Microsoft Outlook for iOS revealed by developer. A developer at GmbH discovered that Microsoft Outlook for iOS functions violate best security practices and present business risks by storing business email credentials in the cloud and allowing use of a single ID across devices, creating challenges for administrators to maintain security levels for company data. Source
January 30, Securityweek – (International) Skeleton Key malware linked to backdoor trojan: Symantec. Symantec researchers reported that the Trojan.Skelky (Skeleton Key) malware appears to have been used in conjunction with the Backdoor. Winnti malware family is capable of bypassing authentication on Active Directory (AD) systems. Skeleton Key malware was identified by Dell SecureWorks in January and was detected on computers in five unidentified organizations with offices in the U.S. and Vietnam since 2013. Source
January 30, Softpedia – (International) Vulnerability in Connected Drive allows unlocking BMW cars via mobile phone. German automobile club ADAC identified a security flaw in a digital-service system, Connected Drive, which is installed on 2.2 million BMW vehicles worldwide, that could allow an attacker to unlock the car’s doors and manipulate functions activated by a SIM card. BMW officials confirmed the flaw and stated that a fix would be released by January 31 for the affected BMW, Mini, and Rolls Royce vehicles produced between March 2010 and December 2014. Source