Smartphones Vulnerable to Wifi Code Execution Flaw identified by Google
The Hacker News, Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air “Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction.”
Google, Project Zero, Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1).
Tax Time Scams and Warnings
Medium, Taxing times: Watch out for malicious email campaigns this tax season “Last year, the Internal Revenue Service (IRS) reported an approximate 400 percent increase in phishing and malware incidents during tax season. In February, it also warned both taxpayers and tax accountants to be wary of phishing scams during the 2017 tax season.”
DarkReading, Businesses Hit by More W-2 Fraud as Cybercriminals Shift Tax Season Targets “Businesses, not individuals, are more frequently targeted with scams as cybercriminals try to cash in on tax season.”
Krebs on Security, Phishers Spoof CEO, Request W2 Forms.
Krebs On Security, FTC: Tax Fraud Behind 47% Spike in ID Theft.
HelpNet Security, Tax season security tips: Protect yourself from cybercrime.
IRS, Tax Scams / Consumer Alerts 31-Mar-2017. IRS, IR-2017-15, Phishing Schemes Lead the IRS “Dirty Dozen” List of Tax Scams for 2017; Remain Tax-Time Threat 01-Feb-2017
US and UK Airports and Nuclear Power Plants on Alert for Cyberattacks after government warnings
SC Magazine, U.S., U.K. warn airports, nuclear facilities of cyberattacks
ATM Hacks Continue
SC Magazine, ATM hackers drilling for money
“Cybercriminals in Russia and Europe have found a weak spot in some ATM machines that allow them to access a vital bus giving them complete control of the unit’s cash dispensing system.”
Scottrade Cloud Server Misconfiguration Exposes Data of 20,000 Customers
The Register, Scottrade admits server snafu blabbed 20,000 customer files to world “Online brokerage Scottrade has admitted sensitive loan applications from roughly 20,000 customers were exposed to the world by a fumble-fingered third-party supplier.”
Scottrade, Statement on Cloud Data Set.
Pegasus Spyware for Android
SC Magazine, Researchers confirm Android version of dangerous Pegasus spyware “The Pegasus spyware that last year was found exploiting a trio of zero-day iOS vulnerabilities collectively known as Trident officially has a counterpart that infects Android phones.”
WikiLeaks releases source code for Marble Framework
NakedSecurity, WikiLeaks spills source code files for CIA’s Marble Framework “Late last week, WikiLeaks dropped a third batch of documents as part of its Vault7 project, this time detailing what the CIA called the “Marble Framework“. Its purpose: obfuscate text strings within CIA malware so forensic experts can’t trace its source back to the CIA.”