Feeds

John Leyden

Contact Mail Follow Twitter RSS feed
Toshiba Betamax and VHS video recorder ad

HACKERS can DELETE SURVEILLANCE DVRS remotely – report

DVR systems from Hikvision have vulnerabilities that open the door to hacking, security researchers have warned. Digital Video Recorders (AKA Network Video Recorders), such as those from the likes of Hikvision, are used to record surveillance footage of office buildings and surrounding areas. However, the range of …
John Leyden, 21 Nov 2014
Hacker image

DoubleDirect hackers snaffle fandroid and iPhone-strokers' secrets

Hackers are running “Man-in-the-Middle” attacks (MitM) against smartphones using a new attack technique, security researchers warn. The so-called DoubleDirect technique enables an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads …
John Leyden, 21 Nov 2014

Citadel Trojan snooped on password managers to snatch victims' logins

Crooks have unsheathed a variant of the Citadel Trojan that targets password managers. The malware is designed to steal a victim's master passphrase, thus unlocking his or her database of website passwords in the process. The software nasty runs a key-logger to intercept what people type into the Password Safe and KeePass open- …
John Leyden, 21 Nov 2014
Sean Connery in Dr. No

Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER

Amnesty and Privacy International are offering a free-of-charge spyware detection tool designed to help journalists and human rights activists stay one step ahead of government surveillance. The Windows-only Detekt anti-spyware tool is designed to be a supplement, rather than an alternative, to pre-existing anti-virus protection …
John Leyden, 20 Nov 2014
Angry woman on mobile

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked

Downloading mobile apps from non-official sources has become a lot more dangerous over the last year, with apps now needing more built-in protection, according to a new report. The number of Top 100 iOS apps that have been hacked1 over the past year increased from 56 per cent in 2013 to 87 per cent in 2014. The majority (97 per …
John Leyden, 20 Nov 2014

A life of cybercrime, a caipirinha and a tan: Fraudsters love a Brazilian

Brazil is the only market that offers training services for cybercriminal wannabes, making it possible to start a new career in cybercrime for just $500. Training modules, hands-on exercises, interactive guides, instructional videos, as well as post-training support are available, according to a new report of the Brazilian …
John Leyden, 20 Nov 2014
Photo by Heather Sorenson / sxc.hu

Webcam hacker pervs in MASS HOME INVASION

Too many people are leaving their internet-connected webcams wide open to silent perverts, the UK's privacy watchdog has warned. The ICO has urged everyone to make sure they've changed their passwords on the devices from the factory defaults, which scumbags are exploiting to spy on victims from afar. The warning follows the …
John Leyden, 20 Nov 2014
blackmail

Hackers seize Detroit's database, demand $800k. Motor City shrugs: OK, take it

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin. The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday. The stolen database wasn’t needed by the cash- …
John Leyden, 20 Nov 2014
Android logo

'Most advanced mobile botnet EVER' is coming for your OFFICE Androids

A newly discovered variant of NotCompatible is establishing what has been called the most advanced mobile botnet yet created. Security researchers at Lookout warn that the latest version of the Android malware is capable of infiltrating secure enterprise networks via compromised devices. NotCompatible uses a peer-to-peer control …
John Leyden, 19 Nov 2014
Night scene of bank station in central london

London police chief: City bankers, prepare for a terrorist cyber attack. Again

Western financial institutions should prepare themselves for cyber attacks from Islamic militants, the head of the City of London police warns. Commissioner Adrian Leppard urged preparations ought to be put at hand during a security conference in New York. According to the FT, he singled Islamic State of Iraq and the Levant (aka …
John Leyden, 19 Nov 2014

Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority

A new certificate authority – backed by big names on the internet including Mozilla, Cisco and Akamai – plans to offer SSL certs at no charge starting next year. The move will make it even more easier for people to run encrypted, secure HTTPS websites. Let’s Encrypt aims to provide an easier way to obtain and use a digital …
John Leyden, 18 Nov 2014
Jade Goody and pals

Anonymous ‪hacks the Ku Klux Klan after Ferguson‬ threats

Hactivist collective Anonymous has taken out the websites and Twitter accounts of white supremacist group the Ku Klux Klan following threats by a local chapter of the Klan against protestors in ‪Ferguson, Missouri. Tensions in Ferguson are high in the run-up to a ruling on whether criminal charges will be brought against a white …
John Leyden, 18 Nov 2014
2001: A Space Odyssey

Can’t be TRUSTe-d? Online privacy firm coughs $200k to settle 'deception' charges

TRUSTe, which issues the privacy seals displayed on thousands of websites, has paid a settlement over charges it deceived consumers through its Privacy Seal Program. As part of an agreed settlement with US consumer watchdogs at the Federal Trade Commission, it also promised it would ensure all certified websites removed a …
John Leyden, 18 Nov 2014
apple mac malware vxer

Three WireLurker suspects arrested in China – reports

Three people suspected of involvement in the WireLurker malware campaign have been arrested in China, according to reports. The suspects – whom the Beijing Public Security "internet" unit named only as Chen, Lee and Wang – were apparently arrested in the Beijing area following an investigation assisted by local security firm …
John Leyden, 17 Nov 2014

State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED

The State Department has suspended its unclassified email system in response to a suspected hacking attack. The unprecedented shutdown on Friday was reportedly applied to give technicians an opportunity to repair possible damage, as well as to apply security improvements. A senior department official said possible problems were …
John Leyden, 17 Nov 2014
Don't Panic towel

WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed

Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week. The release of a PoC for the MS14-066 vulnerability through the Canvas tool from Immunity Inc underlines the need to patch. The flaw opens the door to remote code execution on unpatched servers …
John Leyden, 17 Nov 2014

Apple: Want a PATCH for iOS Masque attack? TOUGH LUCK, FANBOI

Apple has downplayed the Masque iOS security threat, saying no one has actually been affected by the security vulnerability. The Masque Attack opened by the security shortcoming creates a way for attackers to replace genuine iOS apps with malicious doppelgängers, as previously reported. Security firm FireEye warned about the iOS …
John Leyden, 14 Nov 2014

Mastercard and Visa to ERADICATE password authentication

Mastercard and Visa are removing the need for users to enter their passwords for identity confirmation as part of a revamp of the existing (oft-criticised) 3-D Secure scheme. The arrival of 3D Secure 2.0 next year will see the credit card giants moving away from the existing system of secondary static passwords to authorise …
John Leyden, 14 Nov 2014
Mark is delivered to online pharmacy page

Pharmacist caught spying on friends' med records fined £1,000

A pharmacist who unlawfully spied on family and friends’ medical records has received a modest fine after he was convicted of data protection offences. Harkanwarjit Dhanju, 50, was convicted of unlawfully accessing the medical records of family members, work colleagues and local health professionals while working as a "sessional …
John Leyden, 14 Nov 2014
The Blue Mosque in Istanbul

HSBC Turkey WON'T reissue cards despite 2.7 MILLION account details going AWOL

HSBC Turkey has confessed to a security breach exposing the details of 2.7m credit card accounts but the bank has made a decision not to reissue cards after deciding that the data exposed is not enough to make fraudulent transactions. The compromise – limited to the international bank's business in Turkey – exposed credit card …
John Leyden, 14 Nov 2014
Prison window

Ha ha, fooled you! Shares tumble over G4S fake website profit warning

False rumours of a profit alert and executive dismissals put the skids under G4S shares on Wednesday. A bogus statement was emailed to journalists falsely stating that the security service firm had discovered accounting errors. The false warning (suggesting G4S profits would be restated) was sent out in an email containing a …
John Leyden, 13 Nov 2014

Lads from Lagos using 'Predator Pain' on hapless 419 victims

Advanced-fee fraudsters are adopting the tactics of state-sponsored hackers in attacks targeting small- to medium-sized businesses, rather than large corporates, according to research from Trend Micro. 419 gangs are using the Predator Pain and Limitless keyloggers to steal network credentials through spear-phishing attacks, …
John Leyden, 13 Nov 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014

ISPs are stripping encryption from netizens' email – EFF

Some ISPs are removing encryption from customers' connections to email servers – threatening the privacy of their communications – claims civil-liberties group the Electronic Frontier Foundation. Incidents in the US and Thailand over recent months have seen service providers intercepting their customers' data to strip a security …
John Leyden, 12 Nov 2014

Annus HORRIBILIS for TLS! ALL the bigguns now officially pwned in 2014

The appearance of a critical flaw in Microsoft SChannel - patched as part of this year's phenomenal November Patch Tuesday - means that every major TLS stack has now fallen victim to a critical flaw at some time during this year. The security flaw (MS14-066) in Microsoft's TLS cryptography library open the door to remote code …
John Leyden, 12 Nov 2014
Sky's Sainsbury's iPad shopping trolley

Target, Home Depot and UPS attacks: Dude, you need to rethink point-of-sale security

A new report on point-of-sale malware presents the most detailed examination of the malicious code behind high-profile attacks against US retailers to date. Cyphort Labs’ in-depth look focuses on Target, Home Depot and UPS breaches and involved an analysis of BlackPOS, FrameworkPOS and Backoff malware samples. The researchers …
John Leyden, 12 Nov 2014

Most convincing PHISHING pages hoodwink nearly half of you – Google

Nearly half (45 per cent) of those who visit the most convincing phishing pages are tricked into handing over personal information, according to Google. This effectiveness drops to just three per cent in the case of the most obviously scummy phishing sites, while the online giant reports that the account hijackers work quickly, …
John Leyden, 11 Nov 2014
Eve in the Garden of Eden talking to a rather angry God on Snapchat

Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS

Security experts have now probed further into the vuln in non-jailbroken iOS 7 and iOS 8 devices which was exploited by the previously revealed WireLurker USB-hopping malware. Dubbed a “Masque Attack”, the tactic allows hackers to install iOS apps on iPhone or iPad via email or text message. The attack takes advantage of a …
John Leyden, 10 Nov 2014

BrowserStack HACK ATTACK: Service still suspended after rogue email

Browser testing service BrowserStack has temporarily suspended its services while it recovers from a "hack attack" by someone apparently bent on discrediting the security of the widely used tool. "We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it and will keep …
John Leyden, 10 Nov 2014

Crooks are using proxy servers to build more convincing phishing sites – new claim

Crooks using phishing pages to grab victims' passwords have apparently upped their game – by using proxy servers rather than static pages to craft legit-looking websites. Normally, thieves recreate a web page – such as a login page for an online shop or webmail – and stick it on a compromised server, then direct marks towards …
John Leyden, 07 Nov 2014

Home Depot: Someone's WEAK-ASS password SECURITY led to breach

Hackers gained access to Home Depot's network via a third-party vendor system, according to preliminary results of an investigation into the September mega-breach. Cybercrooks used access to the US retail giants' network gained via ineffective password security at an unnamed third party vendor's system to run a stepping-stone …
John Leyden, 07 Nov 2014
apple mac malware vxer

'Older' WireLurker previously tried, failed to leap from Windows to iThings

An older version of WireLurker, the newly discovered malware capable of spreading onto Apple iOS devices from infected Mac OS X systems, once targeted Microsoft Windows, it has emerged. WireLurker is the first malware capable of attacking non-jailbroken iPhones and iPads, smashing the conventional wisdom that such devices are …
John Leyden, 07 Nov 2014
US Military hacking team

Spyware-for-cops Hacking Team faces off against privacy critics

Controversial spyware-for-cops outfit Hacking Team has defended its snooping and come out on the offensive against security research critics. Last week Glenn Greenwald’s The Intercept published what it asserted were secret manuals illustrating how Hacking Team sold its spyware sold to authoritarian regimes around the world. The …
John Leyden, 07 Nov 2014
The tag in question

Shove over, 2FA: Authentication upstart pushes quirky login tech

Security upstart LiveEnsure is trying to shake up the authentication market with technologies that verify users by device type, location and user behaviour, as an alternative to established authentication systems. The firm is pushing its smartphone-based services as an alternative to security tokens, biometrics, one-time- …
John Leyden, 07 Nov 2014
Hacker baseball cap

Hackers use DRAFT emails as dead-drops for running malware

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto the …
John Leyden, 06 Nov 2014
Pandemia

Rovnix Trojan infection outbreak infects 130,000 machines in Blighty

A new cluster of infections by the Rovnix Trojan has infected more than 130,000 Windows computers in the UK alone. The data-stealing malware is also affecting Germany, Italy, the US and Iran to a far lesser extent - 87 per cent of the computers infected are actually in the UK, according to anti-virus firm Bitdefender. Rovnix is …
John Leyden, 06 Nov 2014
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 05 Nov 2014

Crypto collision used to hijack Windows Update goes mainstream

The cryptographic hash collision attack used by cyberspies to subvert Microsoft's Windows Update has gone mainstream, revealing that MD5 is hopelessly broken. Security researcher Nat McHugh created two images of different rock 'n' roll icons - James Brown and Barry White - with the same MD5 hash. "The images were just two I …
John Leyden, 05 Nov 2014
Range Rover Evoque Si4

Israeli ex-spies want to help you defend your CAR from cybercrooks

Security shortcomings in new cars could nurture a new branch of the infosec industry in much the same way that Windows' security failings gave rise to the antivirus industry 20 or so years ago, auto-security pioneers hope. Former members of Unit 8200, the signals intelligence unit of the Israel Defense Forces, have banded …
John Leyden, 05 Nov 2014
Sham Shui Po market Hong Kong

Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit

Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye. Sites promoting the Occupy Central Pro Democracy movement, including Next Media’s Apple Daily publication and …
John Leyden, 03 Nov 2014
Houses of Parliament at night-time

Data protection laws come to the rescue of poor, underpaid UK MPs

UK lawmakers may escape further expense abuse investigations after paperwork related to pre-2010 claims was shredded by parliamentary authorities in accordance with data protection regulations, sparking accusations of a fresh cover-up of MPs’ expenses. Houses of Parliament at night-time Under the House of Commons' "Authorised …
John Leyden, 03 Nov 2014
ISIS leader Shakir Wahiyib with Facebook thumbs-up

Pro-ISIS script kiddies deface West Yorkshire egg-chasers' site

Pro-ISIS script kiddies defaced the website of Rugby League team the Keighley Cougars over the weekend in the latest of a series of attacks against somewhat obscure targets. The West Yorkshire club's home page was replaced by a black screen and the message: "I love you Isis" with the tag "Hacked By Team System DZ" at the top of …
John Leyden, 03 Nov 2014
Now you've done it...

Drupalgeddon megaflaw raises questions over CMS bods' crisis mgmt

The security world has been shocked to its foundations following ominous warnings that millions of Drupal websites that didn't apply a critical patch within hours of its release earlier this month should be regarded as hopelessly compromised. The maintainers of the Drupal content management system warned users that “automated …
John Leyden, 03 Nov 2014

Popular Science site shrugs off malicious code infection

Surfers visiting Popular Science would be well advised to check their systems following an attack that has left the site compromised and harbouring malicious code. Security firm Websense warns that visiting the site exposed surfers to the RIG exploit kit. The malicious code was removed on Wednesday, but a number of surfers may …
John Leyden, 31 Oct 2014

BIGGEST THREAT to Europe’s cybersecurity? Hint: not hackers

Forget cyber-espionage, cyber-warfare and cyber-terrorism. The biggest threat to Europe’s infrastructure cybersecurity are power outages and poor communication. On Thursday, ENISA (European Network and Information Security Agency) held its biggest ever cybersecurity exercise involving more than 200 organisations and 400 cyber- …
pyramidinvestnorthafrica

The ULTIMATE CRUELTY: Sandworm uses PowerPoint against Swiss bank customers

The Sandworm vulnerability is being actively abused to attack Swiss banking customers, Danish security consultancy CSIS has warned. CSIS reports that the attacks are pushing the latest version of the Dyre banking trojan. Attacks arrive as spam emails under the guise of information about unpaid invoices. In reality the …
John Leyden, 30 Oct 2014

UK consumers particularly prone to piss-poor patching

UK consumer patching practices have worsened still further over the last three months, increasing the threat of malware problems, according to a new study by IT security provider Secunia. Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition, …
John Leyden, 30 Oct 2014
Photo of the White House at dusk

WHITE HOUSE network DOWN: Nation-sponsored attack likely

Hackers have disrupted computer operations at the White House after breaking into its unclassified internal network. The attack, blamed by US government sources on Russian hackers, has resulted in the disruption of some services while incident response teams work to contain the intrusion. The White House network is under …
John Leyden, 29 Oct 2014
Q and Bond, Skyfall

Security Avengers team up to take down Chinese hacking group

Security firms are claiming credit for putting the skids under a Chinese cyber-espionage crew thought to have been operating for at least six years. The so-called Axiom Threat Actor Group allegedly victimised pro-democracy non-governmental organisations (NGO) and other groups and individuals that would be perceived as a …
John Leyden, 28 Oct 2014