John Leyden

Contact Mail Follow Twitter RSS feed

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

A Wi-Fi hack experiment conducted at various locations at or near the Republican National Convention site in Cleveland, US, underlines how risky it can be to connect to public Wi-Fi without protection from a VPN. The exercise, carried out by security researchers at Avast, an anti-virus firm, revealed that more than 1,000 …
John Leyden, 21 Jul 2016

Ransomware gang: How can I extort you today?

Three out of four ransomware criminal gangs are willing to negotiate the shakedown price. And all the operators of file encrypting ransomware scams will give victims more time to pay up. So say security researchers at F-Secure, who investigated the "customer experience" of five active crypto-ransomware variants, beginning with …
John Leyden, 21 Jul 2016

DDoS trends: Bigger, badder but not longer

DDoS attacks once again escalated in both size and frequency during the first six months of 2016. Netscout's DDoS mitigation arm Arbor Networks warns that attacks greater than 100Gbps are far from uncommon. The security firm has monitored 274 attacks over 100Gbps in the first half of 2016, versus 223 in all of 2015. The …
John Leyden, 19 Jul 2016

Carbon Black snaps up cloud-dwelling threat-sniffing 'next-gen AV'

Endpoint security firm Carbon Black has bought "next-generation antivirus" firm Confer. Financial terms of the deal, announced today, were undisclosed. Carbon Black plans to re-badge Confer’s security software as “Cb Defense” and offer it alongside its existing roster of application control, incident response, and threat …
John Leyden, 19 Jul 2016
Curser icon over a news paper folded

IoT baby monitor style hacks still a threat

Lessons have not been learned from an incident where a Russian website provided links to access baby monitor cameras, according to the UK’s data protection watchdog. The website allowed people to watch footage from insecure cameras around the world, prompting a warning from the Information Commissioner’s Office (ICO) back in …
John Leyden, 19 Jul 2016
News room with blur motion effect

Pokemon Go driver woes

A worrying minority of drivers freely admit to using their smartphone while behind the wheel. According to a new survey by used car specialists HPL Motors, more than one in five people have used a non-hands-free mobile phone to take a call or text whilst driving. A second survey revealed that more than one in 10 people had …
John Leyden, 19 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
China will see you on the dark side of the moon

Maxthon web browser blabs about your PC all the way back to Beijing

A web browser developed by Chinese company Maxthon has allegedly been collecting telemetry about its users. Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer's operating system and version number, the screen resolution, the CPU type and speed, the amount of memory …
John Leyden, 19 Jul 2016
Hackers

UKFast owner slurps app security biz Pentest

Secarma, the cyber security business owned by UKFast chief exec Lawrence Jones, has bought application security specialists Pentest Limited reportedly for £10m. The CHECK and CREST accredited company, whose 45-strong team work with global blue chip organisations, will add a team of ethical hackers to Secarma's roster. John …
John Leyden, 18 Jul 2016

Hackers steal millions from ATMs using 'just their smartphones'

Authorities in Taiwan are trying to work out how hackers managed to trick a network of bank ATMs into spitting out millions. Police suspect that two Russian nationals wearing masks cashed out dozens of ATMs operated by Taiwan's First Bank on Sunday and left the country the following day. The crooks stole an estimated T$70m ($2 …
John Leyden, 15 Jul 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016
Bank vault

BAE Systems partners with SWIFT to bolster hacker intel

BAE Systems has been recruited to help SWIFT's newly formed Customer Service Intelligence team in a bid to get ahead of cyber-criminals targeting banks connected to the global financial messaging service. The announcement follows the analysis and identification of malware that BAE Systems’ threat intelligence team was able to …
John Leyden, 15 Jul 2016

Security gurus get behind wheel of driverless car debate

Security experts have already waded into the UK government's consultation into self-driving technologies. The two month session comes against a backdrop of increasing concerns about connected cars. Infosec vendors argue security needs to be considered alongside other issues such as changes to driving regulations (the Highway …
John Leyden, 15 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016

Symantec, Intel carve out diminishing slice of growing security market

Worldwide security software revenues rose 3.7 per cent to reach $22.1bn in 2015, according to analyst Gartner. Security information and event management (SIEM) remained the fastest-growing sub segment of the cybersecurity biz last year, experiencing 15.8 per cent growth. By contrast, consumer security software recorded a 5.9 …
John Leyden, 14 Jul 2016

You really do want to use biometrics for payments, beam banks

Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
John Leyden, 14 Jul 2016

Kids’ shoes seller Start-rite suspends sales following breach

Children’s shoes retailer Start-rite Shoes has suspended sales following the discovery of an attack by hackers last weekend. UK-based Start-rite reckons hackers may have obtained customer names, postal address, telephone number and email address of its clients. Payment details are not stored on the site and therefore should …
John Leyden, 13 Jul 2016

Exploit kit miscreants rush to plug gap in cyber-crime marketplace

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits. While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in …
John Leyden, 13 Jul 2016
CSIRO Parkes Radio Telescope

SAP squashes clickjack bugs

SAP has released patches to fix 36 vulnerabilities, most of them (24) involving clickjacking. Tuesday’s patch update also contains fixes for several dangerous vulnerabilities, according to security specialists ERPScan. One particularly noteworthy flaw affects a utility industry-specific module. A separate code injection …
John Leyden, 13 Jul 2016

SCADA malware caught infecting European energy company

Security researchers have identified a strain of malware that has already infected at least one European energy company. The malware, dubbed SFG, is related to an earlier sample called Furtim, that created a backdoor on targeted industrial control systems. This backdoor might be used to deliver a payload which could be used to …
John Leyden, 12 Jul 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Nukeware: New malware deletes files and zaps system settings

Lazy but sneaky cybercrooks are slinging a new ransomware variant that falsely claims to have encrypted files when in reality it has deleted them. Ranscam tricks victims by falsely claiming that files have been moved onto an hidden, encrypted partition. In reality the malware has deleted files and comprehensively messed with …
John Leyden, 12 Jul 2016
stack of newspapers view from the side

PhonepayPlus to rename

UK telecoms regulator that is definitely not a cut-rate mobile phone biz, PhonepayPlus, is to rename itself as the Phone-paid Services Authority. The name change will come into effect in autumn 2016 along with a new mission statement defining it as “the UK regulator for content, goods and services charged to a phone bill.” …
John Leyden, 12 Jul 2016
Bearded man sitting at desk reading from his tablet by hi laptop

4K state hacker Google alerts

Google is notifying customers about 4,000 state-sponsored cyber attacks per month. The APT notification ran rate was disclosed by Google senior vice president and Alphabet board member Diane Greene during a Fortune magazine tech conference in Aspen, Colorado, Reuters reports. Google began notifying users about suspected …
John Leyden, 12 Jul 2016

EU cybersecurity directive will reach Britain, come what May

The passage of the EU Directive on the Security of Network and Information Systems (NIS) will have a profound effect on corporate security across Europe and even in Britain, despite the Brexit vote. The NIS Directive applies to organisations that provide elements of a country’s critical national infrastructure – i.e. operators …
John Leyden, 11 Jul 2016
A dog wearing glasses, on a park bench reading the news paper

Scammers gotta catch em all

Survey scams have joined potential muggings and malware as another peril for Pokémon Go fans. A pitch promising Pokécoins (the microtransaction currency) doing the rounds is actually a ruse designed to trick victims into visiting a scam site. Prospective marks are invited to fill in a variety of survey on the pre-text of a non …
John Leyden, 11 Jul 2016