This Week in Cybersec Headlines, April 10, 2017

Smartphones Vulnerable to Wifi Code Execution Flaw identified by Google

The Hacker News, Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air “Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction.”

SC Magazine, Apple’s iOS 10.3.1 update patched Wifi code execution flaw.

Google, Project Zero, Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1).

ArsTechnica, Android devices can be fatally hacked by malicious Wi-Fi networks

Tax Time Scams and Warnings

Medium, Taxing times: Watch out for malicious email campaigns this tax season “Last year, the Internal Revenue Service (IRS) reported an approximate 400 percent increase in phishing and malware incidents during tax season. In February, it also warned both taxpayers and tax accountants to be wary of phishing scams during the 2017 tax season.”

DarkReading, Businesses Hit by More W-2 Fraud as Cybercriminals Shift Tax Season Targets “Businesses, not individuals, are more frequently targeted with scams as cybercriminals try to cash in on tax season.”

Krebs on Security, Phishers Spoof CEO, Request W2 Forms.

Krebs On Security, FTC: Tax Fraud Behind 47% Spike in ID Theft.

HelpNet Security, Tax season security tips: Protect yourself from cybercrime.

IRS, Tax Scams / Consumer Alerts 31-Mar-2017. IRS, IR-2017-15, Phishing Schemes Lead the IRS “Dirty Dozen” List of Tax Scams for 2017; Remain Tax-Time Threat 01-Feb-2017

US and UK Airports and Nuclear Power Plants on Alert for Cyberattacks after government warnings

SC Magazine, U.S., U.K. warn airports, nuclear facilities of cyberattacks

The Telegraph, Airports and nuclear power stations on terror alert as government officials warn of ‘credible’ cyber threat

ATM Hacks Continue

SC Magazine, ATM hackers drilling for money

“Cybercriminals in Russia and Europe have found a weak spot in some ATM machines that allow them to access a vital bus giving them complete control of the unit’s cash dispensing system.”

Kaspersky, Three ways to rob an ATM: Remote, almost remote, and physical

Scottrade Breach

Scottrade Cloud Server Misconfiguration Exposes Data of 20,000 Customers

 The Register, Scottrade admits server snafu blabbed 20,000 customer files to world Online brokerage Scottrade has admitted sensitive loan applications from roughly 20,000 customers were exposed to the world by a fumble-fingered third-party supplier.”

Scottrade, Statement on Cloud Data Set.

Pegasus Spyware for Android

SC Magazine, Researchers confirm Android version of dangerous Pegasus spyware “The Pegasus spyware that last year was found exploiting a trio of zero-day iOS vulnerabilities collectively known as Trident officially has a counterpart that infects Android phones.”

WikiLeaks Update

WikiLeaks releases source code for Marble Framework

NakedSecurity, WikiLeaks spills source code files for CIA’s Marble Framework “Late last week, WikiLeaks dropped a third batch of documents as part of its Vault7 project, this time detailing what the CIA called the “Marble Framework“. Its purpose: obfuscate text strings within CIA malware so forensic experts can’t trace its source back to the CIA.”