John Leyden

Contact Mail Follow Twitter RSS feed

Vawtrak challenges almighty ZeuS as king of the botnets

Crooks behind Vawtrak, a dangerous banking Trojan, are ramping up its reach and sophistication, security firms have warned. Vawtrak currently ranks as the single most dangerous threat, according to PhishLabs. Only Zeus and its many variants (GameOver, KINS, ZeusVM, Zberp, etc.) taken as a single malware "family" would outrank …
John Leyden, 27 Dec 2014

White hats do an NSA, figure out LIVE PHONE TRACKING via protocol vuln

Security vulnerabilities in the SS7 phone-call routing protocol that allow mobile call and text message tracking will be revealed this weekend. Details of SS7 vulnerabilities are due to be revealed to the public for the first time at the Chaos Communication Congress hacker conference in Hamburg on 27 December (schedule here). …
JP Morgan HQ at Canary Wharf

JPMorgan Chase mega-hack was a simple two-factor auth fail

Hackers broke into JPMorgan's network through a giant security hole left open by a failure to switch on two-factor authentication on an overlooked server. The New York Times reports that technicians at JPM had failed to upgrade one of its network servers, meaning that access was possible without knowing a combination of a …
John Leyden, 23 Dec 2014
Al Pacino as Scarface

GCHQ: We can't track crims any more thanks to Snowden

The Snowden revelations harmed GCHQ’s ability to monitor the communications of crime lords, leading to some vanishing off the grid and the abandonment of other surveillance operations, sources have told a British newspaper. Intelligence officers claim to be blind to more than a quarter of the actions of the UK’s worst crime …
John Leyden, 23 Dec 2014
assange attack tools

Doh! WikiLeaks' PDF viewer springs XSS vuln

Wikileaks' Flash-powered PDF reader has sprung a vulnerability or two. The whistle-blowing website uses an open source Flash library called FlexPaper to display PDF files. Unfortunately various coding errors left FlexPaper open to cross site scripting and content spoofing. Developers behind the open source web based document …
John Leyden, 23 Dec 2014
Nuclear bomb image

NUKE HACK fears prompt S Korea cyber-war exercise

The firm running South Korea's nuclear plants has decided to run cyber-war drills following the leak of sensitive data and threats from unidentified hackers. Korea Hydro and Nuclear Power Co (KHNP) has decided to run the exercises after the online leak of plant equipment designs and manuals last week. The technical documents …
John Leyden, 22 Dec 2014
Crime in Russia

Sneaky Russian hackers slurped $15 MILLION from banks

Millions of dollars, credit cards and intellectual property have been stolen by a newly discovered group of cyber criminals. The Anunak hackers group has been involved in targeted attacks and espionage since 2013, we now know, and targets banks and payments systems in Russia and former CIS countries, according to joint research …
John Leyden, 22 Dec 2014
Gloved hand reaches into victim's pocket to steal mobile phone

Sony Pictures hack is Hollywood's 'Snowden moment' say infosec bods

Hackers obtained system administrators' passwords to pull of the mega-hack against Sony Pictures' servers, according to reports. This will come as no surprise to IT professionals. Purloined administrator credentials gave miscreants calling themselves Guardians of Peace broad latitude to access systems and sensitive data; that …
John Leyden, 19 Dec 2014

Welsh council rapped for covert spying on sick leave worker

A council that ordered covert surveillance of a sick employee has been ordered to review its practices following an investigation by data privacy watchdogs. An Information Commissioner’s Office (ICO) investigation found that Caerphilly Council breached the Data Protection Act when it ordered the surveillance of an employee …
John Leyden, 19 Dec 2014

Linux 'GRINCH' vuln is AWFUL. Except, er, maybe it isn't

A dispute has arisen about the seriousness of a vulnerability in Linux, dubbed "Grinch", that supposedly creates a privilege escalation risk. The flaw resides in the Linux authorisation system, which can unintentionally allow privilege escalation, granting a user “root", or full administrative, access. “With full root access, …
John Leyden, 19 Dec 2014
Fraud image

Webcam-snooping spawn of ZeuS hits 150 banks worldwide

The latest evolution of the online bank account raiding Trojan ZeuS is the webcam-spying Chthonic malware, according to researchers. Chthonic infects Windows PCs, and allows criminals to connect to the compromised PC remotely and command it to carry out fraudulent transactions. The software nasty is targeting customers of more …
John Leyden, 19 Dec 2014

Misfortune Cookie crumbles router security: '12 MILLION+' in hijack risk

Infosec biz Check Point claims it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. The commandeered boxes could be used to launch attacks on PCs and gadgets within their local networks. More than 12 million low-end SOHO routers worldwide are …
John Leyden, 18 Dec 2014
Flytrap

CoolReaper pre-installed malware creates backdoor on Chinese Androids

Security researchers have discovered a backdoor in Android devices sold by Coolpad, a Chinese smartphone manufacturer. The “CoolReaper” vuln has exposed over 10 million users to potential malicious activity. Palo Alto Networks reckons the malware was “installed and maintained by Coolpad despite objections from customers”. It's …
John Leyden, 18 Dec 2014
Blackmail image

TorrentLocker ransomware pestilence plagues Europe, bags $500k

TorrentLocker, one of the most widespread pieces of ransomware, has claimed thousands of victims since it first surfaced in February 2014, according to new research. Out of 39,670 infected Windows systems, 570 or 1.45 per cent have paid the ransom to criminals to decrypt their locked-up files, according to infosec biz ESET. The …
John Leyden, 18 Dec 2014

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Third-party providers will face more stringent regulations as part of a revamp in payment card industry regulations due to go into full effect in the new year. The new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) will be mandatory for all businesses that store, process or transmit payment card information beginning …
John Leyden, 17 Dec 2014

London teen pleads guilty to Spamhaus DDoS

A 17 year-old Londoner has pleaded guilty to a series of denial-of-service attacks against internet exchanges and the Spamhaus anti-spam service last year. The teenager – who we cannot name for legal reasons – also admitted money laundering and possessing indecent images. faces a sentencing hearing on 9 January, a police …
John Leyden, 17 Dec 2014

Roll up, come see the BOOMING HACKER BAZAAR!

Underground hacker markets are booming with counterfeit documents, premiere credit cards, hacker tutorials, and "complete satisfaction guarantees", according to a new report from Dell SecureWorks. The means to create a false identity are easily purchased through the cracker bazaars. A fake social security card can be obtain for …
John Leyden, 15 Dec 2014
Blackmail image

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Cybercrooks have brewed a strain of ransomware that uses elliptic curve cryptography for file encryption, and Tor for communication. The malware, dubbed OphionLocker, is spreading using a malicious advertising (malvertising) campaign featuring the RIG exploit kit. The ransomware encrypts files of particular types on infected …
John Leyden, 15 Dec 2014

UK banks ill-prepared for return of the rabid POODLE

The latest evolution of a high-profile security flaw potentially exposes UK banks' web site traffic to eavesdropping. The POODLE (Padding Oracle On Downgraded Legacy Encryption) security flaw first surfaced in October and was thought to affect only the obsolete - but still widely used - Secure Sockets Layer (SSL) 3.0 crypto …
John Leyden, 15 Dec 2014

Sony Pictures hit by 'fightback on filesharers' DDoS claims – report

Sony Pictures is alleged to have conducted a retaliatory DDoS attack against websites currently holding its leaked information for public download, according to a media report. The unconfirmed strike-back follows the two weeks of relentless attacks on Sony networks, punctuated by extortion demands, as well as the theft and …
John Leyden, 12 Dec 2014
bug on keyboard

FreeBSD developers VANQUISH Demon bug

Developers have quashed a potentially nasty security bug in FreeBSD. Security researchers at Norse discovered that a programming error creating a buffer overflow in the stdio (standard I/O) library's __sflush( ) function. The bug created a possible mechanism to inject hostile code into vulnerable systems running the open source …
John Leyden, 11 Dec 2014

Elderly zombie Asprox botnet STILL mauling biz bods, says survey

The Asprox botnet was responsible for about 80 per cent of all attack sessions recorded during October 2014, impacting nearly 2,000 different organisations. These figures, from a new report by Palo Alto Networks, provide evidence that the Asprox (AKA Kuluoz) malware family is continuing to plague businesses, despite multiple …
John Leyden, 11 Dec 2014
GCHQ Benhall doughnut aerial view

GCHQ, police to team up to hunt down child abuse on the darknet

GCHQ is to team up with the UK's National Crime Agency to target paedophiles sharing child abuse images on the "dark net". The as-yet-unnamed unit will focus on developing technology capable of scouring the underbelly of the internet for child abuse-related chat and image exchanges. It will also focus on the most prolific …
John Leyden, 11 Dec 2014

Charge Anywhere? More like Hacked Everywhere: Mobe cash biz admits 5-year security breach

Mobile payments biz Charge Anywhere has admitted a hacker may have been snooping on its systems for FIVE years. While probing an internal malware infection, Charge Anywhere discovered someone has been able to eavesdrop on its network traffic since November 2009. That investigation revealed all sorts of sensitive data had been …
John Leyden, 11 Dec 2014
Uber - living the dream

Taxi app Uber plugs 'privacy-threatening' web security flaw

Updated A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication credentials …
John Leyden, 10 Dec 2014
Pair of pliers with other tools

Belden buys Tripwire for $710m: Will keep network burglars out of Internet of Things things

Signal transmission firm Belden has agreed to buy security tools firm Tripwire for $710m in cash. The deal, announced Monday, is expected to close in the first quarter of 2015, subject to customary closing conditions. Tripwire's security and compliance products, such as Tripwire Enterprise, will be further developed and …
John Leyden, 10 Dec 2014

Put me through to Buffy's room, please. Sony hackers leak stars' numbers, travel aliases

The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report. This latest development will likely pile extra pressure on the comprehensively pwned entertainment giant. …
John Leyden, 09 Dec 2014
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014
Photo from stage looking out on crowd

Manchester festival marketers fined £70,000 over spam ‘mum’ texts

Organisers of a Manchester music festival have been fined £70,000 after sending unsolicited marketing text messages. The digital junk was sent to 70,000 people who had bought tickets for the 2014 edition of Manchester's annual festival, the Parklife Weekender, and appeared on the recipients’ mobes to have been sent by "Mum". …
John Leyden, 08 Dec 2014

Kaspersky: That 2 years we took to warn you about Regin ? We had GOOD REASON

Kaspersky Lab has responded to criticism that security vendors took years too long to spot Regin, a recently discovered strain of ultra-sophisticated (and probably state-sponsored) spyware. Regin is a software framework rather than an individual malicious code sample. Security vendors have until recently only seen fragments of …
John Leyden, 05 Dec 2014
Laurel and Hardy on the phone

Stupid humans and their EXPENSIVE DATA BREACHES

UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection. A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused …
John Leyden, 05 Dec 2014
Pwned

Sony Pictures MEGAHACK: Securobods pull out probes, analyse badness

Security experts have been able to obtain and analyse samples of the malware linked to the Sony Pictures breach. An FBI advisory issued on Monday, leaked to Reuters, warned US businesses to be vigilant about a new strain of “destructive” malware. The link between the Sony breach and the malware described by the FBI is yet to be …
John Leyden, 04 Dec 2014
Cartoon of  green skeletal figure reaching out of phone

DeathRing: Cheapo Androids pre-pwned with mobile malware

A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain. DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian …
John Leyden, 04 Dec 2014
Barbed wire against a clear blue sky

Google kills CAPTCHAs: Are we human or are we spammer?

Google has developed a new CAPTCHA-like system to allow people, and not automated software, into websites with only a single click. The "No CAPTCHA reCAPTCHA" offers a tick box for humans to check rather than distorted text to decipher. It's designed so that automated spam software is still fooled by it and gets stuck on the …
John Leyden, 03 Dec 2014

Not sure what RFID is? Can't hack? You can STILL be a card fraudster with this Android app

Cybercrooks have developed an Android app that makes it possible to hack RFID payment cards, researchers discovered after a Chilean transport system was defrauded. The app at the centre of the scam hacked into the user’s radio frequency ID (RFID) bus transit card in order to recharge credits. The fraud-enabling Android tool, …
John Leyden, 03 Dec 2014

US retail giant Target fails to get banks' MEGABREACH lawsuit slung out of court

Target has failed in is attempt to persuade a judge to reject lawsuit by banks harmed by losses following the US retail giant's megabreach. US District Judge Paul Magnuson ruled that Target played a "key role" in permitting cybercriminals to infiltrate its computer networks. Because of this, a lawsuit by banks seeking to recoup …
John Leyden, 03 Dec 2014

US parking operator: YEP, hackers got your names, credit card numbers, secret codes...

Point-of-Sale systems have been hacked at major US parking garage operator SP+. The breach has resulted in the exposure of customer financial information, SP+ explained at an advisory on Friday. SP+ said it had learned of the breach from the firm that handles its payment card processing. The firm operates about 4,200 parking …
John Leyden, 02 Dec 2014

FBI warns of disk NUKE malware after Sony Pictures megahack

The FBI has alerted US businesses to data-wiping malware after hackers, possibly in North Korea, ransacked computers at Sony Pictures. The malicious software described in the Feds' warning is pretty close to the malware believed to have infiltrated Sony's network. Miscreants have leaked gigabytes of passwords, personal records, …
John Leyden, 02 Dec 2014
Toshiba Betamax and VHS video recorder ad

HACKERS can DELETE SURVEILLANCE DVRS remotely – report

Updated DVR systems from Hikvision have vulnerabilities that open the door to hacking, security researchers have warned. Digital Video Recorders (AKA Network Video Recorders), such as those from the likes of Hikvision, are used to record surveillance footage of office buildings and surrounding areas. However, the range of …
John Leyden, 21 Nov 2014
Hacker image

DoubleDirect hackers snaffle fandroid and iPhone-strokers' secrets

Hackers are running “Man-in-the-Middle” attacks (MitM) against smartphones using a new attack technique, security researchers warn. The so-called DoubleDirect technique enables an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads …
John Leyden, 21 Nov 2014

Citadel Trojan snooped on password managers to snatch victims' logins

Crooks have unsheathed a variant of the Citadel Trojan that targets password managers. The malware is designed to steal a victim's master passphrase, thus unlocking his or her database of website passwords in the process. The software nasty runs a key-logger to intercept what people type into the Password Safe and KeePass open- …
John Leyden, 21 Nov 2014
Sean Connery in Dr. No

Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER

Amnesty and Privacy International are offering a free-of-charge spyware detection tool designed to help journalists and human rights activists stay one step ahead of government surveillance. The Windows-only Detekt anti-spyware tool is designed to be a supplement, rather than an alternative, to pre-existing anti-virus protection …
John Leyden, 20 Nov 2014
Angry woman on mobile

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked

Downloading mobile apps from non-official sources has become a lot more dangerous over the last year, with apps now needing more built-in protection, according to a new report. The number of Top 100 iOS apps that have been hacked1 over the past year increased from 56 per cent in 2013 to 87 per cent in 2014. The majority (97 per …
John Leyden, 20 Nov 2014

A life of cybercrime, a caipirinha and a tan: Fraudsters love a Brazilian

Brazil is the only market that offers training services for cybercriminal wannabes, making it possible to start a new career in cybercrime for just $500. Training modules, hands-on exercises, interactive guides, instructional videos, as well as post-training support are available, according to a new report of the Brazilian …
John Leyden, 20 Nov 2014
Photo by Heather Sorenson / sxc.hu

Webcam hacker pervs in MASS HOME INVASION

Too many people are leaving their internet-connected webcams wide open to silent perverts, the UK's privacy watchdog has warned. The ICO has urged everyone to make sure they've changed their passwords on the devices from the factory defaults, which scumbags are exploiting to spy on victims from afar. The warning follows the …
John Leyden, 20 Nov 2014
blackmail

Hackers seize Detroit's database, demand $800k. Motor City shrugs: OK, take it

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin. The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday. The stolen database wasn’t needed by the cash- …
John Leyden, 20 Nov 2014
Android logo

'Most advanced mobile botnet EVER' is coming for your OFFICE Androids

A newly discovered variant of NotCompatible is establishing what has been called the most advanced mobile botnet yet created. Security researchers at Lookout warn that the latest version of the Android malware is capable of infiltrating secure enterprise networks via compromised devices. NotCompatible uses a peer-to-peer control …
John Leyden, 19 Nov 2014
Night scene of bank station in central london

London police chief: City bankers, prepare for a terrorist cyber attack. Again

+Comment Western financial institutions should prepare themselves for cyber attacks from Islamic militants, the head of the City of London police warns. Commissioner Adrian Leppard urged preparations ought to be put at hand during a security conference in New York. According to the FT, he singled Islamic State of Iraq and the Levant (aka …
John Leyden, 19 Nov 2014

Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority

A new certificate authority – backed by big names on the internet including Mozilla, Cisco and Akamai – plans to offer SSL certs at no charge starting next year. The move will make it even more easier for people to run encrypted, secure HTTPS websites. Let’s Encrypt aims to provide an easier way to obtain and use a digital …
John Leyden, 18 Nov 2014
Jade Goody and pals

Anonymous ‪hacks the Ku Klux Klan after Ferguson‬ threats

Hactivist collective Anonymous has taken out the websites and Twitter accounts of white supremacist group the Ku Klux Klan following threats by a local chapter of the Klan against protestors in ‪Ferguson, Missouri. Tensions in Ferguson are high in the run-up to a ruling on whether criminal charges will be brought against a white …
John Leyden, 18 Nov 2014