John Leyden

Contact Mail Follow Twitter RSS feed
Game of Thrones  cartoon

HBO Game Of Thrones leak: Four 'techies' arrested in India

Four arrests connected with the leak of an unaired Game of Thrones episode have been made in India. Star India Private Limited, a HBO distribution partner owned by 21st Century Fox, said on Tuesday that local police had arrested four workers associated with its technology vendor, Prime Focus Technologies, apparently in …
John Leyden, 16 Aug 2017
password

Och. Scottish Parliament under siege from brute-force cyber attack

Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster. MSPs and Holyrood staff were warned on Tuesday that as-yet unidentified hackers were running "brute-force" attacks on systems in the devolved assembly, The Guardian reports. Similar attacks on Westminster back …
John Leyden, 16 Aug 2017
Data breach

Months after breach at the 'UnBank' Ffrees, customers complain: No one told us

Customers of UK financial services firm FFrees said they were unaware of a breach that took place there four months ago until a security researcher got in touch with them. The same anonymous white hat who discovered the now infamous AA shop accessories breach back in April also uncovered the exposure of data by Ffrees Family …
John Leyden, 16 Aug 2017
Office war photo via Shutterstock

Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway

Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits. Opening the document in a vulnerable installation of Office is supposed to lead to arbitrary execution of any malicious code within the file. Cisco's security outfit Talos believes "the attackers used the combination …
John Leyden, 15 Aug 2017

APT-style attack against over 4,000 infrastructure firms blamed on lone Nigerian 20-something

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal. The campaign started in April 2017, and has targeted some of the largest international organisations in the oil, gas, manufacturing, banking and construction industries. The global scale …
John Leyden, 15 Aug 2017
Marcus Hutchins

WannaCry vanquisher Marcus Hutchins pleads not guilty to flogging banking trojan Kronos

Marcus Hutchins, the WannaCry kill-switch hero, has today pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin. The court took the unusual step of relaxing the the 23-year-old's bail terms, allowing him to access the internet and work again. He will also be able to live in Los …
John Leyden, 14 Aug 2017
Anonymous

If Anonymous 'pwnd' the Daily Stormer, they did a spectacularly awful job

Doubts have been cast over claims that hacktivists have taken control of neo-Nazi website the Daily Stormer. Elements of the loose hacker collective Anonymous supposedly took control of the site as a reprisal for the death of anti-racist protestor Heather Heyer after she was struck by a car during protests by white …
John Leyden, 14 Aug 2017
Hotel staff

Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

Russian hackers accused of ransacking the US Democratic party's servers last year may now be targeting hotels in Europe and the Middle East, it is claimed. Miscreants are using various techniques, including the leaked NSA EternalBlue exploit also wielded by the WannaCry malware, to hack into laptops and other devices used by …
John Leyden, 12 Aug 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Good Lord: Former UK spy boss backs crypto

A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps. Lord Evans, who retired in 2013, told BBC Radio 4’s Today programme (link here) that he did not support encryption restrictions despite acknowledging cryptography had been an obstacle in investigating terrorist cases, saying …
John Leyden, 11 Aug 2017
petya

Ukrainian man, 51, cuffed on suspicion of distributing NotPetya

A middle-aged Ukrainian has been arrested on suspicion of acting as an agent in distributing the infamous NotPetya ransomware. Sergey Neverov, 51, a video blogger and computer enthusiast from Nikopol, was cuffed by Ukrainian police on August 7 (official statement in Ukrainian here). Neverov is accused of posting a video …
John Leyden, 11 Aug 2017

Can GCHQ order techies to work as govt snoops? Experts fear: 'Yes'

Analysis The UK Home Office's ambiguous response to whether or not the Investigatory Powers Act gives the British government the authority to pressure or force people to work for GCHQ is troubling. When Reg reader Simon Clubley pointed out the unclear wording of section 190 of the new law, it generated a lively debate among legal …
John Leyden, 10 Aug 2017
flaw

SAP cleans up more than a dozen troubling CRM security blunders

Critical issues in SAP’s CRM application – patched on Tuesday – open the door to corporate espionage, security researchers warn. SAP resolved a total of 19 software flaws yesterday. Among the most critical bugs is an SQL injection in SAP CRM WebClient User Interface (SAP Security Note 2450979). The issue, identified by …
John Leyden, 09 Aug 2017

NotBeingPetya: UK critical infrastructure firms face huge fines for lax security

The UK government has announced that businesses providing essential services like energy and transport could be fined as much as £17m or 4 per cent of global turnover for failing to have effective cyber security measures in place. The proposals from the Department for Digital, Culture, Media & Sport satisfy requirements under …
John Leyden, 08 Aug 2017
Image by Alexander_P http://www.shutterstock.com/gallery-493324p1.html

Re-identifying folks from anonymised data will be a crime in the UK

The British government is planning to impose criminal sanctions on people who intentionally re-identify individuals from data that should have protected their identities. The plans will be set out in the Blighty's Data Protection Bill – due to be introduced to Parliament next month – and could see an unlimited fine levied on …

PasteBin data dump: Hackers claim files are from Mandiant FireEye 'breach'

Hackers have leaked what they claim is information stolen from FireEye/Mandiant after apparently breaking into the incident response biz's network. Mandiant has denied this. The miscreants, who branded their attack campaign "Op #LeakTheAnalyst," claimed in a preface to their PasteBin dump that they had "breached [Mandiant's] …
John Leyden, 31 Jul 2017
airplane

Virgin America workers reset passwords after hacker's crash landing

Virgin America's staff and contractors have been told to change their passwords after a hacker raided the airline's systems. The T-Mobile-USA-of-the-skies revealed in a letter to its workforce that its network was compromised by one or more miscreants. A copy of the missive was, as required by law, shared with California's …
Apple

Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers

Black Hat USA Security researchers say they have come up with two separate "attacks" against ApplePay, highlighting what they claim are weaknesses in the mobile payment method. One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not. In …
John Leyden, 28 Jul 2017
Homer Simpson

Flaws in web-connected, radiation-monitoring kit? What could go wrong?

Black Hat Vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs) present a potential mechanism for triggering false alarms and worse, according to research unveiled at Black Hat on Wednesday. RDMs are used to monitor radiation in critical infrastructure such as nuclear power plants, seaports, borders, and hospitals. …
John Leyden, 28 Jul 2017

Should you stay awake at night worrying about hackers on the grid?

Analysis The energy sector across multiple Western countries is under intensified assault by hackers. Security experts warn that industrial systems are wide open to potential exploit once hackers secure a foothold, the most difficult part of the hacking process, using targeted phishing or similar tactics. The UK's government lead cyber …
John Leyden, 28 Jul 2017

Strong and stable, my arse. UK wobbles when coping with ransomware

A third of businesses have suffered a ransomware attack in the last 12 months, according to a new survey sponsored by Malwarebytes. Globally, most organisations experienced some form of attack or breach during the past year, with 35 per cent suffering a ransomware attack specifically. Ransomware demands are relatively low, …
John Leyden, 27 Jul 2017
bank robbery

Details of 400,000 loan applicants spilled in UniCredit bank breach

Italian bank UniCredit admitted on Wednesday that a series of breaches, undetected for nearly a year, exposed the personal data of 400,000 loan applicants. In an English-language statement, UniCredit blamed an unnamed third-party provider for exposing Italian customer data – including International Bank Account Numbers (IBANs …
John Leyden, 26 Jul 2017
police hacking

Revealed: 779 cases of data misuse across 34 British police forces

A freedom-of-information request by Huntsman Security has discovered that UK police forces detected and investigated at least 779 cases of potential data misuse by personnel between January 2016 and April 2017. Despite the high number of cases, the same request also revealed that the vast majority of the 34 police forces …
John Leyden, 26 Jul 2017

Time-rich netizens marshall ballot-stuffing bots against... Radio Times contest

Internet ballot-stuffing has existed for as long as Rickrolling, if not longer, but it used to be a serious endeavour requiring a certain level of commitment, however misguided. Yesterday a Reddit community sprung up dedicated to the proposition that it's worth the trouble to use bots to skew a Radio Times poll. Yes, the TV …
John Leyden, 26 Jul 2017
Cat attacking

Crappy hacker crew fingered for Bundestag snooping operation

Security researchers have lifted the lid on a new cyber-espionage crew that has targeted the German Bundestag and Turkish diplomats. CopyKittens has attacked government, security and academic institutions, websites in Germany and Turkey, as well as United Nations employees and organisations in Saudi Arabia, Israel and Jordan …
John Leyden, 25 Jul 2017
hacker

Briton admits to router hack that DDoSed Deutsche Telekom

An as yet unnamed 29-year-old pleaded guilty on Friday to charges relating to the hijacking of more than 1.25 million Deutsche Telekom routers, according to reports in the German press. German news agency DPA and others quoted a court spokesman as saying the accused, who pleaded guilty to "attempted computer sabotage", had " …
John Leyden, 24 Jul 2017

Biting the hand that feeds IT © 1998–2017