John Leyden

Contact Mail Follow Twitter RSS feed

'Janus' resurfaces: I was behind the original Petya. I want to help with NotPetya

A Twitter user purporting to speak for the cybercrime group behind the original Petya ransomware has claimed they want to help "repair" the damage caused by this week's attack. The Twitter account Janus Cybercrime Solutions (@JanusSecretary), which went dark for a time after the original Petya outbreak, was reactivated on …
John Leyden, 29 Jun 2017

NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month, a report by The Chartered Institute for IT concludes. The report, published today, comes following a similar, but more limited attack against UK-based companies as …
John Leyden, 29 Jun 2017
channel

123-reg resolves secure database access snafu

UK-based hosting and domains provider firm 123-reg has fixed an issue that meant access to some customers' databases ran over an unsecured link, creating a privacy risk in the process. A reader and 123-reg hosting customer got in touch over the issue after failing to get action directly from the hosting firm over the problem, …
John Leyden, 28 Jun 2017

Pwned UK SME fined £60K for leaving itself vulnerable to hack attack

A small UK company that suffered a cyber attack has been fined £60,000 by the Information Commissioner’s Office (ICO). An investigation by the ICO found Berkshire-based Boomerang Video failed to take basic steps to stop its website being attacked, a hacking incident that led to the exposure of the personal details of 26,000 …
John Leyden, 27 Jun 2017

50th anniversary of the ATM opens debate about mobile payments

Analysis Today marks the 50th anniversary of the Automated Teller Machine (ATM), the first of which was installed outside Barclays Bank, Enfield Town in north London. Actor Reg Varney from '70s sitcom On the Buses was the first to use the cash machine. Fast forward half a century and cash machines have become a familiar high street …
John Leyden, 27 Jun 2017

Huge ransomware outbreak spreads in Ukraine and beyond

Updated A huge ‪ransomware‬ outbreak has hit major banks, utilities and telcos in Ukraine as well as victims in other countries. Check out our full analysis of the software nasty, here. Early analysis of the attack points towards a variant of the known Petya ransomware, a strain of malware that encrypts the filesystem tables and …
John Leyden, 27 Jun 2017

Make sure your Skype is up to date because FYI there's a nasty hole in it

Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows. The stack buffer overflow flaw allows miscreants to inject malicious code into Windows boxes running older versions of Skype, bug hunters at Vulnerability Laboratory warn: The issue can be exploited …
John Leyden, 27 Jun 2017
Web browsers 2015

European Commission chucks cash at UR – the universal language of mind your own biz

Privacy-focused French browser developer UR* has scored a grant from the European Union it hopes will help turbo charge its nascent technology. UR, founded two years ago in 2015, plans to use the funds to bring its browser to a larger number of people. The French startup scored the funding by fulfilling two core values of the …
John Leyden, 27 Jun 2017

Braking news: AA password reset email cockup crashes servers

UK car insurance giant the AA caused all sorts of confusion on Monday after accidentally sending out a "password update" email to people. The alert led to motorists rushing to log into the motoring organization's website to change their passwords, only to overload the servers and effectively run them over. Brits were furious …
John Leyden, 26 Jun 2017
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017

US Secretary of State: Я буду работать с Россией по вопросам кибербезопасности

Analysis US Secretary of State Rex Tillerson has expressed a willingness to work directly with Russia on cybersecurity and other issues. The proposed partnership is surprising, given the continued controversy over allegations that the Russians interfered with last year's US presidential election – a serious accusation at the center of …
John Leyden, 23 Jun 2017

Virgin Media router security flap follows weak password expose

Virgin Media has urged 800,000 customers to change their passwords to guard against possible hacking attack. The move follows an investigation by consumer mag Which? that discovered hackers could access the UK cableco's Super Hub 2 router, allowing access to IoT devices connected through the same home network. The issue stems …
John Leyden, 23 Jun 2017
sir_humphrey_screengrab_648

Russian hackers selling login credentials of UK politicians, diplomats – report

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still …
John Leyden, 23 Jun 2017
businessman shrugging - illustration via shutterstock

Microsoft PatchGuard flaw could let hackers plant rootkits on x64 Windows 10 boxen

Flaws in Microsoft PatchGuard create a means for hackers to plant rootkits on Windows 10, 64-bit OS devices. The newly discovered attack technique, dubbed GhostHook, allows attackers to completely bypass PatchGuard, security researchers at CyberArk Labs warn. PatchGuard (formally known as Kernel Patch Protection) was …
John Leyden, 22 Jun 2017
Sherlock Holmes

UCL ransomware attack traced to malvertising campaign

Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign. Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a …
John Leyden, 22 Jun 2017

Cybereason snags $100m from Softbank to mount distribution, tech offensive

Cybersecurity startup Cybereason is looking to go to the next level after securing $100m in funding from SoftBank. Cybereason, with headquarters in Boston, Massachusetts and Tel Aviv, Israel, offers a range of endpoint detection and response, next-generation antivirus, and managed monitoring services. These are crowded …
John Leyden, 21 Jun 2017
Batman. Credit: DC Comics.

Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks

Updated The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme's badges are required by suppliers bidding for "certain sensitive and personal information-handling [government] contracts". Companies were notified of …
John Leyden, 21 Jun 2017
honda crv engine

Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak

Honda said today that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware. The Japanese car maker halted production for one day at a domestic vehicle plant on Monday after finding samples of the WannaCrypt ransomware in its computer network, Reuters …
John Leyden, 21 Jun 2017

US is Number One! In sales register hacking attacks, at least

Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure. Incidents affecting sales tills and payment systems increased to 31 per cent in 2016, according to research by security firm Trustwave, while incidents affecting e-commerce environments fell to …
John Leyden, 20 Jun 2017
Angry Judge

Hacker exposed bank loophole to buy luxury cars and a face tattoo

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). …
John Leyden, 20 Jun 2017

Brit hacker admits he siphoned info from US military satellite network

A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about …
John Leyden, 16 Jun 2017
Office Space

If you haven't already obliterated your Jaff-infected comp, there is an antidote available

Security researchers have developed a free decryption tool for victims of the ‪Jaff‬ ransomware, meaning they can regain access to files without paying crooks. The utility – developed by boffins at Kaspersky Lab – works on all variants released to date. Of course there is still the possibility that the criminals behind Jaff …
John Leyden, 15 Jun 2017

Cloud bigger than ever, biz suddenly keen to fork out for security. Put 'em together...

Growth cloud-based security services will remain strong, with the market reaching $5.9bn in 2017, up 21 per cent from 2016, analyst house Gartner predicts. Growth in the cloud-based security services market will outpace the overall information security market. Email security, web security and identity and access management ( …
John Leyden, 15 Jun 2017

Banking websites are 'littered with trackers' ogling your credit risk

A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm …
John Leyden, 15 Jun 2017

Don't all rush out at once, but there are a million devices ripe to be the next big botnet

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn. UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai …
John Leyden, 15 Jun 2017

Biting the hand that feeds IT © 1998–2017