Hackers Can Take Over iPhones, Steal Cryptocurrency Funding and Find Dow Jones Data

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Apple Update Addresses Wi-Fi Security Flaw

Apple’s recent software update addresses several security issues, including one that allowed a remote attacker to take over a device searching for a Wi-Fi connection.

The Wi-Fi flaw, dubbed Broadpwn, will be demonstrated at Black Hat July 27 by the security researcher Nitay Artenstein. Artenstein said the vulnerability in Broadcomm’s Wi-Fi chipset was also in a variety of other phones, including Androids made by Samsung, HTC and Nexus. Google released a patch to address the issue July 5.

The iOS update, released July 19, also addresses bugs in contacts, notifications and the Safari web browser for iPhone 5 through 7, iPads (fourth generation and up) and iPod Touch (sixth generation).

CoinDash Says Someone Swiped $7M from Funding Round

A cryptocurrency startup said someone interrupted its initial funding round and made off with $7 million.

Cryptocurrency trading platform CoinDash held an initial coin offering—a way of crowdsourcing funds—but on July 17 claimed that its investors’ funding had been intercepted, Bloomberg reported.

The company asked investors to send funds through the digital currency called Ethereum to a specific address. A third-party hacked CoinDash’s website and changed the recipient address to an alternate where it could receive funds instead of CoinDash. CoinDash stopped the ICO when it discovered its funding was going elsewhere.

CoinDash said it is working with Israeli law enforcement and released a plan to credit affected investors with CoinDash tokens.

Cloud Leaks Personal Data of 2.2M Dow Jones & Co. Customers

Another misconfigured cloud server leaked personal data, this time from customers of Dow & Jones and Co., which includes subscribers to The Wall Street Journal and Barron’s.

Cybersecurity firm UpGuard notified the company of the leak in June, when a security researcher found the database was configured to allow access to any AWS user, International Business Times reported.

Customers’ names, addresses, account information, email addresses and the last four digits of their payment cards were exposed, though a Dow Jones spokesman told The Hill the company had no evidence anyone accessed the information.

UpGuard also recently found data leaks due to misconfigured cloud settings at Verizon and the data analytics firms used by the Republican National Committee, exposing the data of 6 million Verizon customers and almost 200 million voters, respectively.