John Leyden

Contact Mail Follow Twitter RSS feed

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016
Wi-Fi

BT's Wi-Fi Extender works great – at extending your password to hackers

BT is urging folks to patch the firmware in its Wi-Fi Extender following the discovery of multiple security flaws. Security researchers at Pen Test Partners discovered vulnerabilities with the consumer-grade kit, including cross-site scripting and the ability to change a password without knowing it. Pen Test Partners found it …
John Leyden, 21 Sep 2016
Data breach

Mobile review website MoDaCo coughs to data breach

Smartphone news and reviews site MoDaCo has admitted to a data breach. MoDaCo founder, Paul O’Brien confirmed a security leak (first reported by haveibeenpawned), while playing down its significance. Email and IP addresses together with (hashed) passwords and usernames for up to 875,000 MoDaCo accounts were dumped online. …
John Leyden, 20 Sep 2016
Auctioneer with hammer

Going, going, done: Trio of prolific auction fraud fraudsters jailed

Three men have been jailed yesterday over a conspiracy to commit internet shopping fraud scam that involved taking payments for non-existent goods and services. Calin Serbenescu, 28, a former labourer, was sentenced to five years' imprisonment; Ionut Cotavian Anitescu, 26, unemployed, was sent down for three years; while Dorel …
John Leyden, 20 Sep 2016
Venomous snake

EurekAlert breach outage

Science news alert service EurekAlert! remains offline following a large-scale cyber attack earlier this month. EurekAlert! - which is run by The American Association for the Advancement of Science, a non profit - offers daily trending science news, images and videos. A cyber attack on 9 September left it unable to fulfil its …
John Leyden, 19 Sep 2016

Brits: Can banks do biometric security? We'd trust them before the government

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa. Consumers are nearly twice as likely to trust banks to store and keep their biometric information such as fingerprints and iris scans safe (60 per cent), than they are …
John Leyden, 19 Sep 2016

Microsoft snubs alert over Exchange hole

Microsoft has downplayed the seriousness of an alleged Exchange auto-discovery vulnerability, saying that it sees no need to patch the reported security weakness. Redmond contends that its existing security advice covers the issue, a point disputed by flaw-finder Marco van Beek. Van Beek explains: “I recently discovered that …
John Leyden, 19 Sep 2016
Man in helmet looks uncertain, holds up shield. Photo by Shutterstock

National Cyber Security Centre to shift UK to 'active' defence

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security. The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days …
John Leyden, 16 Sep 2016

Pramworld admits mailing list breach

UK baby care supplier Pramworld has admitted that a breach of its systems was the reason customers were sent spam emails on Friday. In a statement supplied to El Reg (below), Pramworld admitted its mailing list had been compromised while downplaying the problem and offering reassurance that payment information had not been …
John Leyden, 16 Sep 2016
lg_rolly_keyboard_648

Amex phishing tackle

Brazen phishing fraudsters are using counterfeit versions of American Express’s own identity theft prevention scheme as a scam lure. SafeKey, Amex’s name for 3D Secure technology, adds an additional layer of security to online transactions and is designed to help prevent identity theft. Fraudsters have turned the purpose of …
John Leyden, 16 Sep 2016

Trump website server config snafu left interns' CVs exposed

Misconfiguration of Donald Trump's campaign website left the personal information of interns – and perhaps more – accessible to casual snooping. Staffers of the real estate mogul-turned-US presidential candidate “bungled the settings on their Amazon S3 server”, according to MacKeeper security researcher Chris Vickery, the …
John Leyden, 15 Sep 2016
couch_potato_remote_control_surfer

DDoSers do it more now, but they do it less fiercely*

The number of distributed denial of service attacks has doubled over the last 12 months. Akamai reports that Q2 saw a 129 per cent year-on-year increase in total DDoS attacks. During the second quarter, Akamai mitigated a total of 4,919 attacks, one of which (against a media company) reached an eye-watering 363n Gbps. Although …
John Leyden, 15 Sep 2016
shutterstock_184661174

SMiShing on the rise

Fraudsters are increasingly targeting mobile messaging apps such as WhatsApp. A quarter (26 per cent) of chat app users say they receive an unsolicited message every day, while 49 per cent receive at least one a week. The research by global trade body Mobile Ecosystem Forum and messaging specialist CLX Communications confirmed …
John Leyden, 15 Sep 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

Hacker and chums jailed over gold bullion hack, track 'n' grab scam

A UK hacker who broke into the computer systems to get details of gold bullion deliveries so they could be intercepted and stolen has been jailed for five years and four months. London resident Adam Penny, 25, was jailed this week after previously pleading guilty to conspiracy to steal and a computer misuse offence. Penny …
John Leyden, 15 Sep 2016
Man shouting the news from a rolled up newspaper

Spam texters fined £30K

Manchester firm Carfinance247 has been fined £30K over a spam text campaign. The car finance brokerage firm’s noxious text messaging tactics generated 912 complaints to the ICO, the UK’s data privacy watchdog. The firm’s four-month marketing campaign involved the distribution of 65,000 messages to people who hadn’t first …
John Leyden, 15 Sep 2016

IP telephony biz VoIPtalk quietly admits to possible data breach

UK-based IP Telephony service VoIPtalk warned customers of a potential data breach over the weekend. The firm has implemented tighter security controls and advised customers to change their passwords in response to the suspected hacker incident, which is still under investigation. In a notice (re-posted on a VoIP user forum …
John Leyden, 13 Sep 2016

Drones and alt energy tech star at Spanish start-up fiesta

Hardware tech such as drones and energy reclamation technology predominated at the Startup Ole conference in Salamanca, Spain last week. The two day event gathered 100 startups and more than 1,000 attendees to the historic University town in Western Spain. Similar events in the UK would be dominated by app developers or in …
John Leyden, 12 Sep 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Sniffing your storage could lead to sensitive leaks, warn infosec bods

Data from storage devices leaks through electromagnetic radiation to a much greater extent than previously thought, according to new research. Near-field analysis allowed security researchers at MWR Security to infer (or ‘sniff’) data transferred internally within a device. The finding means that resilient systems are far …
John Leyden, 12 Sep 2016

Filmmaker Werner Herzog interviews Elon Musk for internet doco

Uncompromising filmmaker Werner Herzog has made a documentary film about the internet. Lo and Behold: Reveries of the Connected World features interviews with PayPal and Tesla co-founder Elon Musk, roboticist Sebastian Thrun, and UCLA professor and co-creator of ARPANET (the precursor to the Internet) Leonard Kleinrock, among …
John Leyden, 09 Sep 2016
Piranha fish pattern illustration

Hot-cross-platform Mac malware

Hackers have developed a a cross-platform backdoor capable of infecting Windows, Linux or Mac OS X desktop computers. The Mokes malware family is able to steal various types of data from the victim’s machine, including but not limited to screenshots, files and keystrokes. Researchers at Kaspersky Lab first came across …
John Leyden, 09 Sep 2016

NHS health apps project plan: Powered by your medical records

UK health secretary Jeremy Hunt plans for NHS-approved health apps to play a role in patient records and healthcare have already spawned a rash of privacy concerns. The NHS.UK site will have a new collection of NHS-approved health apps to guide patient choice. Data from health apps and wearable activity trackers such as …
John Leyden, 09 Sep 2016

NHS hospitals told to swallow stronger anti-ransomware medication

NHS Digital is set to start expanding the range of cybersecurity services available to UK hospitals and clinics. CareCERT (Care Computer Emergency Response Team) launched in November 2015, offering a national service that helps health and care organisations to improve their cybersecurity defences by providing proactive advice …
John Leyden, 09 Sep 2016
Road at night image via Shutterstock

Network Management Systems are a 'treasure map' for hackers

Network Management Systems are far more easily attacked than previously reckoned, according to new research by Rapid7. The firm behind the popular Metasploit penetration testing tool warns that vulnerabilities in systems used to manage network elements (routers, servers, printers and more) offers attackers a “treasure map” of …
John Leyden, 07 Sep 2016
A plate of horderves

Kaspersky Ireland R&D haus

Kaspersky Lab is opening a new R&D office in Ireland. With an initial investment of close to $5m, Kaspersky plans to create 50 new Dublin-based roles in the next three years. The new office will focus mainly on developing data analysis and machine learning technologies for the firm’s enterprise product line-up. The Russian …
John Leyden, 07 Sep 2016
Piranha fish pattern illustration

Buckeyed cyberspies' switch

Cyberespionage group Buckeye has switched targets from the US to Hong Kong. Buckeye (also known as APT3, Gothic Panda, UPS Team or TG-0110) is a longstanding hacking group group that has been together for at least seven years. Buckeye is blamed for using a remote access Trojan (Backdoor.Pirpi) in attacks against a US …
John Leyden, 07 Sep 2016