John Leyden

Contact Mail Follow Twitter RSS feed
Big bill

Last year's ICO fines would be 79 times higher under GDPR

Fines from the Information Commissioner's Office (ICO) against Brit companies last year would have been £69m rather than £880,500 if the pending General Data Protection Regulation (GDPR) had been applied, according to analysis by NCC Group. The 2015 penalties would also have risen drastically from £1m to £35m under the same …
John Leyden, 28 Apr 2017

Mysterious Hajime botnet has pwned 300,000 IoT devices

Hajime – the "vigilante" IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab. The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante- …
John Leyden, 27 Apr 2017

Super-secure Pi-stuffed nomx email server box given a good probing

Updated Security researchers claim to have uncovered a variety of serious security holes in a heavily touted secure email server technology. Nomx, the firm behind the device, strongly disputes the claims and has challenged researchers to a hacking challenge, involving the creation of an email account on a designated remotely hosted nomx …
John Leyden, 27 Apr 2017
phishing_648

Seven in ten UK unis admit being duped by phishing attacks

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source. The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 …
John Leyden, 27 Apr 2017

Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets

Cyberespionage and ransomware attacks are on the increase, according to the latest annual edition of Verizon's breach report. Organisations in manufacturing, the public sector and education bore the brunt of spying attacks, it adds. Mounting high proliferation of propriety research, prototypes and confidential personal data …
John Leyden, 27 Apr 2017
Hyundai Android Auto

Hyundai app security blunder allowed crooks to 'steal victims' cars'

Hyundai has patched its Blue Link smartphone app to stop it blabbing private info that could, it is claimed, be used to break into and steal people's cars. The now-updated software, available for iOS and Android, leaked sensitive personal information about registered users and their vehicles, including usernames, passwords, …
John Leyden, 25 Apr 2017
Linux penguin canape... snacks. Photo by SHutterstock

Hackers uncork experimental Linux-targeting malware

Hackers have unleashed a new malware strain that targets Linux-based systems. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) and Lua scripts for modularity, according to an analysis of the nasty by security researchers at ESET. Shishiga relies on the use of weak, default …
John Leyden, 25 Apr 2017
shutterstock_206717503

Kremlin-backed DNC hackers going after French presidential hopeful Macron

The Russian cyberespionage group blamed for the infamous US Democratic National Committee email leak launched targeted phishing attacks against French presidential candidate Emmanuel Macron's campaign as recently as last month. Security researchers at Trend Micro warn that the APT28 crew have also targeted Germany's Christian …
John Leyden, 25 Apr 2017

Alert: If you're running SquirrelMail, Sendmail... why? And oh yeah, remote code vuln found

Updated Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. Filippo Cavallarin and Dawid Golunski independently discovered a remote code execution hole in SquirrelMail version 1.4.22 and likely prior. That's the latest version, by the way, and is dated July 2011. The bug is a …
John Leyden, 24 Apr 2017

eBay denies claims it's failing to thwart 'systematic fraud'

A campaigner has gone public with his concerns over an alleged scam on eBay. The person claimed a group of fraudsters have found a way around PayPal/eBay's anti-fraud system, in a complex multi-stage scam. eBay says it has the problem in hand, a contention strongly disputed by the campaigner, who said he has tracked and …
John Leyden, 24 Apr 2017
Man looks suspiciously over his shoulder while working on laptop. Photo via Shutterstock

LinkedIn U-turns on Bluetooth-enabled 'Tinder for marketers'

LinkedIn irked privacy advocates by dropping a Bluetooth-enabled "Tinder for marketers" feature into its mobile app on Thursday. Respected security researcher Rik Ferguson was nonplussed at changes in LinkedIn's mobile app that threw up a pop-up requesting permission to share data with nearby Bluetooth devices even when users …
John Leyden, 21 Apr 2017

Peer pressure, not money, lures youngsters into cybercrime – report

Teenage hackers get mixed up in cybercrime mostly to gain bragging rights over peers rather than to get rich, according to a new study. The National Crime Agency report fingers peer pressure and kudos as a key reason for youngsters in getting mixed up with online crime. Few if any of those who stray on to the wrong side of the …
John Leyden, 21 Apr 2017

Online ad scam launders legions of pirates and pervs into 'legit' surfing

An elaborate online ad scam that disguised junk traffic as views on reputable sites has been costing advertisers as much as $7m per month. Fraudsters behind the "Traffic Alchemist" scam dressed junk traffic as quality views originating from Google and Twitter. They began by buying traffic, typically on porn or torrent sites, …
John Leyden, 20 Apr 2017
botnet

Flaws found in Linksys routers that could be used to create a botnet

Multiple models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet, security researchers at IOActive warn. The flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted …
John Leyden, 20 Apr 2017
Image by ART production http://www.shutterstock.com/gallery-3278237p1.html

Microsoft shrugs off report that Edge can expose user identities from JS Fetch requests

Updated An independent researcher claims to have uncovered a security flaw in Microsoft Edge. The issue enables any website to identify someone by their username from another website, according to Ariel Zelivansky. More specifically the bod alleges that Edge exposes the URL of any JavaScript Fetch response, in contradiction to the …
John Leyden, 20 Apr 2017
phishing

UK.gov survey shines light on cybersecurity threats to businesses

Phishing and ransomware remain the most pressing security threats for UK business, according to a government-backed survey out Wednesday. The survey, commissioned by the Department for Culture, Media and Sport, found that the most common types of breaches are related to staff receiving fraudulent emails (in 72 per cent of …
John Leyden, 19 Apr 2017

Profit with just one infection! Crook sells ransomware for $175

Cybercrooks have begun retailing a new easy-to-use ransomware strain that promises profit with only one successful infection. Karmen is being sold on Dark Web forums from Russian-speaking cyber-criminal DevBitox for $175. The new ransomware-as-a-service variant offers a graphical dashboard, allowing purchasers to keep a …
John Leyden, 18 Apr 2017
Woman stares at laptop screen, shocked. Pic by shutterstock

Cerber surpasses Locky to become dominant ransomware menace

Cerber eclipsed Locky as the most common ransomware pathogen doing the rounds in the first three months of 2017. Cerber's control of the cybercrime market rose from 70 per cent market share in January to 87 per cent in March, according to the latest cybercrime tactics report by Malwarebytes Lab. The success of Cerber is down …
John Leyden, 13 Apr 2017

Callisto Group snoopers wreak havoc with leaked HackingTeam spyware

Leaked HackingTeam spyware was used by a cyber-spy group to collect intelligence. The Callisto Group cyber-spies collected intel on foreign and security policy in eastern Europe and the south Caucasus using spyware developed for law enforcement agencies, according to F-Secure Labs. The group – which remains active – has …
John Leyden, 13 Apr 2017
Man ties laces on running shoe pre-jog. Photo by Shutterstock

Free health apps laugh in the face of privacy, sell your wheezing data

Free health tracker apps pose a severe privacy risk, security researchers warn. Developers frequently neglect data protection and, worse, intentionally lure in users with free health gimmicks in order to monetise their data. Other sharp practices uncovered by the researchers include unsecured data transmission and ad tracking …
John Leyden, 13 Apr 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017
Australian money at a crime scene

Cyberattacks wipe more than $50bn off big biz value, say beancounters

Severe cyber-break-ins permanently stripped 1.8 per cent off companies' stock prices, on average, according to a new study out today. Putting that 1.8 per cent drop in context, that dip represents a permanent loss of market capitalization of £120m ($150m) for a typical FTSE 100 biz, we're told. Eggheads at Oxford Economics in …
John Leyden, 12 Apr 2017
Brexit - arrow points to leave

MPs worried Brexit vote website wobble caused by foreign hackers

A committee of MPs has expressed concerns that foreign hackers might have had a hand in crashing the UK's voter registration website last year shortly before the Brexit referendum. The Public Administration Committee concluded that a foreign cyber attack remains a potential reason that the "register to vote" site crashed on 7 …
John Leyden, 12 Apr 2017

Gordon Ramsay's in-laws admit plot to hack sweary celeb chef's biz

Gordon Ramsay's father-in-law has admitted conspiring to hack into the computer systems of businesses run by the celebrity chef. Christopher Hutcheson, 68, and his sons Adam, 46, and Christopher, 37, all admitted conspiracy to unlawfully access Gordon Ramsay Holdings Limited's computer systems at a hearing in London's Central …
John Leyden, 12 Apr 2017

Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

Cybercrooks are actively exploiting an unpatched Microsoft Word vulnerability to distribute the Dridex banking trojan, claim researchers. Booby-trapped emails designed to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint. …
John Leyden, 11 Apr 2017

Biting the hand that feeds IT © 1998–2017