John Leyden

Contact Mail Follow Twitter RSS feed
Computer mouse  connected to a rolled up newspaper with the headline Tech News

Saudis under trojan attack

The Saudi Arabian financial and technology sectors are under attack by trojan-slinging cybercriminals. The latest run of the OilRig campaign features malware used to target the defence industry in the kingdom last year, reports Palo Alto Networks. In the latest run of attacks crooks are posing as legitimate service providers …
John Leyden, 27 May 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …
John Leyden, 27 May 2016

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …
John Leyden, 27 May 2016
Night scene of bank station in central london

Bank in the UK? Plans afoot to make YOU liable for bank fraud

Bank customers may be obliged to bear the bill for fraud against their accounts, under proposed changes mulled by banks, the UK government and GCHQ. Under the plans, individuals or companies with poor online security could be “frozen out of banking services or even excluded from the system whereby banks compensate customers …
John Leyden, 26 May 2016

It's been a breach-tastic year. And Sophos sales were good, apparently

Operating losses at security software firm Sophos have grown in its first year as a listed company – despite increased sales and an encouraging outlook overall. For the year-ending 31 March 2016, Sophos recorded an operating loss of $32.7 million on revenues of $478.2m. This compares to a loss of $0.5m on revenues of $446.7m …
John Leyden, 26 May 2016

Blighty's National Cyber Security Centre cyber-reveals cyber-blueprints

The UK government has released the prospectus for its National Cyber Security Centre (NCSC), ahead of the launch of the facility this Autumn. The blueprint [PDF] outlines that the NCSC will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response. As …
John Leyden, 26 May 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

You've patched that Flash hole, but have the users? Phone's ringing. It's for you

Security researchers are warning of a new wave of malvertising that harnesses the latest Flash exploit. The attack features tainted ads from websites including dailymotion.com, vodlocker.com, answers.com and legacy.com. Fraudulent advertisers are posing as legitimate retail or legal businesses in order distribute "conditional …
John Leyden, 25 May 2016

Wire offers secure video chat

Messaging app Wire has added fully private video messaging to its platform. The new feature is integrated with the existing chat app, adding secure, non-tracked and advertising-free video messaging. Wire, the privacy-focused communications app backed by Skype co-founder Janus Friis, boasts that it is the first messaging …
John Leyden, 25 May 2016
Frustrated accountant puts head in hands. Photo by Shutterstock

Insure against a cyberwhat now? How the heck do we crunch those numbers?

The head of a UK industry insurance organisation has called for the government to create a database where companies would be obliged to “record details of cyber attacks”. Insurers are struggling to assess premiums for newly introduced cyber insurance policies in the absence of background info, according to the head of the …
John Leyden, 24 May 2016

Google to kill passwords on Android, replace 'em with 'trust scores'

Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
John Leyden, 24 May 2016
Archer cracks the ISIS mainframe's password

LinkedIn mass hack reveals ... yup, you're all still crap at passwords

Analysis of passwords from the LinkedIn leak has revealed, should there be any doubt, that users remain terrible at choosing secure login credentials. Last week a black hat hacker using the nickname Peace was revealed as attempting to sell 117 million LinkedIn users' emails and passwords on the dark web. "Peace" wants 5 BTC …
John Leyden, 24 May 2016

Surrey teen charged over Mumsnet hack attack

A Surrey man has been charged with hacking offences related to the attack on the Mumsnet website last year. David Gerrard Buchanan, 18, of Haslemere, Surrey, was charged on Saturday with three offences under the Computer Misuse Act following an investigation by the Met’s Cyber Crime Unit (MPCCU). Two of the alleged offences …
John Leyden, 23 May 2016

Apple: Another bug fix. Er, thanks, GCHQ

GCHQ’s CESG (Communications-Electronics Security Group) assurance arm was behind the report of an OS X bug to Apple that the consumer electronics giant patched last week. The UK’s signals intelligence is perhaps better known in security circles for finding and exploiting software vulnerabilities in order to spy on foreign …
John Leyden, 23 May 2016
Laptop user, photo via Shutterstock

Tech support locker scam poses as failed Microsoft Update

Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses. The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their …
John Leyden, 20 May 2016

A UK digital driving licence: What could possibly go wrong?

Security vendors have welcomed plans to trial digital versions of the UK’s driving licence. The DVLA (Driver and Vehicle Licensing Agency) is working on a digital version of its driving license for smartphones, to serve as an "add-on" to the existing plastic card. DVLA chief Oliver Morley tweeted a snapshot of the prototype …
John Leyden, 20 May 2016
CSIRO Parkes Radio Telescope

Anon attack Turkish hospital

Elements of Anonymous have pledged to launch attacks on Turkish medical facilities. Attacks against Turkey's hospitals are billed as a reprisal against recent ransomware attacks on Hollywood Presbyterian Medical Center in Los Angeles, California, and Methodist Hospital in Henderson, Kentucky. The malware attacks were the work …
John Leyden, 19 May 2016
Vodafone adds payment cards to mobile wallet

Android Pay may, er, pay... providing it gets over security hurdle

Android Pay's UK launch is promising but could be held back by malware concerns, security and payment experts warn. The Google-backed technology launched in the UK on Wednesday, adding to the options smartphone users can employ when paying for goods and services using their mobile rather than a card. Smartphone payment systems …
John Leyden, 19 May 2016

LinkedIn plays down '117 million users' breach data sale

LinkedIn has responded to the recent sale of users’ data - apparently the fruits of a 2012 breach - on the dark web. As previously reported, a black hat hacker using the nickname Peace is attempting to sell 117 million LinkedIn users' emails and passwords on the dark web. "Peace" wants 5 BTC for the trove of private info which …
John Leyden, 19 May 2016
Afraid of the dark, image via Shutterstock

Dark net LinkedIn sale looks like the real deal

A hacker is attempting to sell 117 million LinkedIn users' emails and passwords on the dark web. The black hat "Peace" claims the data is the fruits of a well publicized LinkedIn breach from 2012. At the time, only around 6.5 million encrypted passwords were posted online. The business-focused social network LinkedIn never …
John Leyden, 18 May 2016

Phishing scam targets ... actual fishermen in eastern Ukraine

Security firm ESET has uncovered a long running cyber-espionage campaign in Ukraine, and seemingly targeted at separatists. Operation Groundbait is a targeted attack most likely run from within Ukraine by as yet unidentified politically motivated hackers. The region is a hotspot for malware-based spying campaign thanks largely …
John Leyden, 18 May 2016
Archer cracks the ISIS mainframe's password

Hmmm, where should I dump those unencrypted password files? I know - OneDrive

Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology. OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it, according to a study by cloud control tech vendor Skyhigh Networks. The average corporate OneDrive service …
John Leyden, 18 May 2016
Prince philip Thames barrier old control room photo Environment Agency

Landmark computer hacking archive deposited at TNMOC

An archive that tells the story of how the 1980s hack of Prince Philip’s mailbox led to UK anti-hacking legislation has been deposited at The National Museum of Computing (TNMOC). Robert Schifreen, the "white hat" at the centre of the 1980s controversy, compiled the archive, which details Schifreen’s two-year-long legal …
John Leyden, 18 May 2016

First ATM malware is back and badder than ever

Cybercriminals have retrofitted a strain of ATM malware first discovered in 2009 to create an even more potent threat. Skimer was the first malicious program to target ATMs*. Seven years later, Russian cybercriminals are reusing the malware – but both the crooks and the program have evolved, to pose an even more potent threat …
John Leyden, 17 May 2016

It's all very well hacking ISIS, Barry, but what about your ISA?

Credit card fraud is in decline while ad fraud is poised for growth, according to a new study on the business of cybercrime out Tuesday. Hewlett Packard Enterprise’s (HPE) study provides a detailed look into the inner workings of cybercriminal organisations, their business functions, motivations, and more. The IT giant posits …
John Leyden, 17 May 2016
Wall of Spam. Pic: freezelight

Sainsbury’s Bank insurance spam scam causes confusion

Numerous UK surfers were left confused on Monday after receiving email confirmations for insurance products with Sainsbury’s Bank that they never bought. People are receiving emails claiming they have started new policies for travel, home and car insurance from the UK supermarket giant’s banking business. El Reg learnt of the …
John Leyden, 17 May 2016