John Leyden

Contact Mail Follow Twitter RSS feed
Wife dressed as nurse administers last act of mercy

Phone-fondling docs, nurses sling patient info around willy-nilly

UK doctors and nurses routinely share sensitive patient information via their smartphones, we're told. Two in three or 65 per cent of doctors at Imperial College London have used text messages to communicate with colleagues about a patient, and half (46 per cent) have used picture messaging on their smartphone to send a …
John Leyden, 08 Oct 2015
Woman slaps man. Pic: Shutterstock

Webcam spyware voyeur sentenced to community service

A UK voyeur who hacked webcams to spy on victims has avoided going to prison for his crimes. Stefan Rigo, 33, of Leeds, used the Blackshades malware to infect systems and spy on victims. He was arrested in November 2014 as part of an international operation targeting low-skilled crooks using Blackshades, which gives hackers …
John Leyden, 08 Oct 2015

LoopPay hackers may have wanted magnetic card-swipe tech

Samsung’s mobile payment system supplier, LoopPay, was hacked back in March this year, it has emerged. The breach - blamed on a Chinese hacking crew - at the Samsung subsidiary was only discovered in August. Investigators reckon hackers from the so-called Codoso Group were after information to do with the magnetic secure …
John Leyden, 08 Oct 2015
Sad Android

Ad-slinging rootkit nasty permanently drills into Android mobes, tabs

Security researchers have uncovered malware that infects deep inside Android devices, spams screens with pop-up adverts, and obeys commands from its masters across the internet. The software nasty, likely crafted by Chinese crims, has already spread to over 20 countries across all continents, security firm FireEye warns. The …
John Leyden, 07 Oct 2015

Shuttle bus firm Terravision belatedly adopts https for credit card sales

The pro-privacy 'https everywhere' campaign is gaining traction, but one e-commerce site is only just adopting the long-established technology in order to keep credit card details safe. Airport shuttle bus firm Terravision has just moved to https for online sales following a El Reg reader complaint. Tom W complained to both …
John Leyden, 07 Oct 2015

Factory settings FAIL: Data easily recovered from eBayed smartphones, disks

Data recovery experts have found a raft personal information from used hard drives and mobile phones purchased from Amazon, eBay and Gazelle in the UK, US and Germany. The research, by Blancco Technology Group and Kroll Ontrack, once again shows that failure to erase data from discarded devices continues to be a problem, …
John Leyden, 07 Oct 2015

Cisco hooks Angler Exploit Kit infrastructure

Security researchers at Cisco have struck a blow against crooks behind the notorious Angler Exploit Kit, blocking or re-routing access around dangerous domains on the interwebs. Angler has been linked to high-profile malvertising and ransomware campaigns over recent months. The utility uses software vulnerabilities (in …
John Leyden, 06 Oct 2015
Patrick McGoohan as The Prisoner in "Fall Out"

Edward Snowden denies making a deal with the Russian secret service

Former NSA contractor Edward Snowden has not done a deal with the Russian state security agency to acquire political asylum, the whistleblower revealed in a television version of a BBC interview. The programme, though failing to reveal anything new about surveillance, provided some interesting insights. During a 30-minute …
John Leyden, 06 Oct 2015
iPad Psycho image

iOS malware YiSpecter: iPhones menaced by software nasty

Updated The first iOS malware capable of attacking both non-jailbroken and jailbroken devices has surfaced online. The mobile malware nasty YiSpecter hooks into private APIs in iOS 8 to perform malicious actions, and has been in the wild for at least 10 months, mostly in China and Taiwan, since November 2014 if not earlier. YiSpecter …
John Leyden, 05 Oct 2015

UK gets the Ashley Madison fear: Data privacy moans on the up

Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO). Complaints about the security of personal information rose from 886 in 2013 to 1, …
John Leyden, 05 Oct 2015

Experian-T-Mobile US hack: 'We trusted them, now that trust is broken'

Analysis The IT security breach that spilt the personal details of an estimated 15 million T-Mobile US phone contract applicants has thrown a new spotlight on the risks of breaches at third-party companies. T-Mobile's own systems weren't compromised. Rather, the source of the leak was Experian, the company that processed the carrier's …
John Leyden, 02 Oct 2015

Hand-cranked ‘DDoS’ floors Thai government website amid protests

Thai government websites dropped offline this week in what was either a politically motivated distributed denial-of-service attack or a case of badly designed websites falling over in response to an unusual increase in visitor numbers. The outage started late on Wednesday and was resolved on Thursday – coinciding with protests …
John Leyden, 02 Oct 2015

How to evade Apple's anti-malware Gatekeeper in OS X and really ruin a fanboy's week

The myth that Macs are inherently more secure than Windows PCs has taken another hit. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, has found a new route around Apple's defensive Gatekeeper technology. Apple's Gatekeeper utility is built into OS X, and is …
John Leyden, 01 Oct 2015
Uber launch party by CC2.0 sharelalike attribution

Chinese fraudsters hitch a ride on Uber accounts

Uber accounts of US-based customers are apparently being fraudulently abused in China. Kirby Bittner was one of a number of users to complain to Uber late last month about fraudulent fares in China. She, along with others, blamed account hacking. Uber reportedly told SC Magazine that weak passwords or password reuse were to …
John Leyden, 01 Oct 2015
No junk mail. Pic: gajman, Flickr

Solar panel spammer hit by UK’s biggest ever nuisance calls fine

The UK's data privacy watchdog has issued its largest ever fine for a nuisance caller, £200,000, after a solar panels provider was found culpable for recklessly breaking marketing call regulations. An Information Commissioner’s Office (ICO) investigation discovered that Glasgow-based Home Energy & Lifestyle Management Ltd ( …
John Leyden, 30 Sep 2015

Arabic-speaking cyberspies targeting BOFHs with crude but effective attacks

An Arabic-speaking cyber-espionage group, active since 2012, has stepped up its attacks over the last six months, according to new research from Kaspersky Lab. The so-called "Gaza cyber-gang" focuses on attacking government entities, especially embassies, and primarily targets information technology and incident response staff …
John Leyden, 30 Sep 2015
Archer cracks the ISIS mainframe's password

Share-crazy millennials spaff passwords ALL OVER the workplace

Many (45 per cent) of workers say they could access a former employer’s systems through old, unchanged passwords, according to a survey by password management outfit Dashlane. Around a third (30 per cert) of workers said that their employer never changes passwords, or only do so when there is an issue, and this goes some way …
John Leyden, 30 Sep 2015

Linux-powered botnet lets rip on victims with 180Gbps network floods

Cybercrooks have built a network of compromised Linux servers capable of blowing websites and other systems off the internet with at least 150Gbps of junk traffic. The XOR Distributed Denial of Service (DDoS) botnet is launching 20 attacks a day from compromised machines, according to Akamai. 90 per cent of the attacks from …
John Leyden, 29 Sep 2015

UK team pioneers experimental cure for age-related blindness

A UK medical team is pioneering a potential cure for age-related blindness, with a treatment aimed at replacing damaged cells. Doctors at London's Moorfields Hospital transplanted embryonic stem cells into a 60-year-old woman who recently became unable to see. The unnamed UK resident is one of many who suffer from age-related …
John Leyden, 29 Sep 2015

Fiorina: I rushed out HP servers to power NSA snooping. Mwahahaha!

US presidential hopeful Carly Fiorina has boasted that HP sold the NSA servers that allowed the agency to build a system for mass surveillance. Servers originally earmarked for retail customers were shipped to the NSA instead, to power a warrantless surveillance programme codenamed “Stellar Wind”, approved by then-president …
John Leyden, 29 Sep 2015

The UN made privacy a human right – but that's not good enough for Team Snowden

NSA whistleblower Edward Snowden has backed calls to make privacy a basic human right. Y'know, Article 12 of the United Nations' declaration of human rights states that "no one shall be subjected to arbitrary interference with his privacy," but whatever. It seems Snowden wants all governments, including those not in the UN, to …
John Leyden, 28 Sep 2015

Saudi Arabia: They liked Hacking Team so much they tried to buy the company

The Saudi Arabian government came close to buying a majority stake in Italian surveillance software firm Hacking Team last year. Wafic Saïd – a UK-based, Syrian-born businessman who is friends with the Saudi royal family – and Ronald Spogli, a former US ambassador to Italy, who indirectly owned a stake in Hacking Team, tried …
John Leyden, 28 Sep 2015

Tits and ads: Malware-riddled banners stiff X-rated websites

An ongoing malvertising campaign that began in August by targeting, and other websites visited by millions of people has expanded to hit smut sites as well. Many porn websites have been fingered with tainted advertisements via an ad network called TrafficHaus, a big player in supplying ads to adult networks …
John Leyden, 25 Sep 2015

Obama brain trust sidesteps mandatory hackers' backdoor idea

An Obama administration working group mulled four mechanisms for breaking the encrypted smartphones of terrorist and criminal suspects before rejecting them all as too politically fraught or impractical. While planting backdoors was "technically feasible", each method risked becoming a focus of attacks by third parties and …
John Leyden, 25 Sep 2015
US cashpoint. Pic: Tax Credits

'Self-deleting' Mexican ATM malware let sneaky miscreants slurp cash

Security researchers have lifted the lid on a new ATM malware strain, dubbed GreenDispenser, which gives crooks the ability to walk up to a compromised machine and drain its cash. When installed, GreenDispenser displays an “out of service” message on the ATM – but attackers who enter the correct pin codes can then drain the …
John Leyden, 25 Sep 2015

Asia-focussed Chinese PLA hacking crew surfaces

Security researchers have blown the lid off another Chinese PLA hacking group. Kunming-based Unit 78020 of the People’s Liberation Army (PLA) specialises hacking Southeast Asian military, diplomatic, and economic targets, according to new research by security intelligence firm ThreatConnect. The APT group – commonly known as …
John Leyden, 24 Sep 2015

Hey Scandos, missed that parcel? Here’s some ransomware instead

Spam emails disguised as messages from local post offices – but actually packing the latest variant of the CryptoLocker ransomware – are being flung at surfers in Scandinavia. Heimdal Security reports that emails referring to an undelivered package and written in local languages are actually attempts to trick prospective marks …
John Leyden, 24 Sep 2015

Bloodthirsty data parasites hungrily eye up healthcare sector

The healthcare industry sees 340 per cent more security incidents and attacks than the average market segment, according to a new study by Raytheon|Websense. Raytheon|Websense also warns that healthcare organisations are more than 200 per cent more likely to encounter data theft. Carl Leonard, principal security analyst at …
John Leyden, 24 Sep 2015

Cyber peace deal still possible despite China's US cyber-spying denials

The US and China are still expected to announce a cyberwar peace deal, despite signs to the contrary during a state visit to the US by the Chinese paramount leader this week. Chinese President Xi Jinping kicked off his visit by telling the Wall Street Journal that the "Chinese government does not engage in theft of commercial …
John Leyden, 23 Sep 2015
Hard disk repair by William Warby cc 2.0 attribution generic

ESET slurps up UK-based crypto firm DESlock+

Security firm ESET has snapped up UK-based data encryption firm DESlock+. Terms of the deal, announced on Tuesday, were not disclosed. DESlock+, based in Taunton, UK, specialises in advanced encryption solutions and first partnered with ESET two years ago. The DESlock+ team of 12 employees was led by managing director David …
John Leyden, 23 Sep 2015

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015

XcodeGhost attack tapped into dev distaste for Apple's Gatekeeper

In light of XcodeGhost, the number of malware-laden iOS apps is focusing attention on how developers were tricked into using dodgy code in the first place. The Xcode development tools used by iOS app makers were copied, modified and distributed online before (mainly) Chinese developers used the counterfeit code to compile apps …
John Leyden, 23 Sep 2015 creates £500K fund to help universities teach cyber skills

The UK government is putting up a £500,000 fund to develop cyber security skills within universities and colleges, essentially helping them construct innovative teaching methods to provide the skills needed to protect the UK from hackers, malware and other information security threats. The Higher Education Academy will …
John Leyden, 23 Sep 2015

These US Presidential contestants can't even secure their websites – what hope for America?

The majority of US presidential candidates' websites failed a basic privacy and security audit. In the Presidential Candidate Online Trust Audit, an audit by the Online Trust Alliance (OTA), the failures in 17 out of 23 cases came as a result of a variety of poor privacy practices, including the sharing or trading of website …
John Leyden, 22 Sep 2015

Cyber crims up the ante with Google Play brainteaser malware

Android malware bundled in an intelligence-testing game has been published to the official Google Play Store, not once but twice, claiming hundreds of thousands of victims in the process. Dodgy versions of a gaming app called BrainTest were able to bypass Google’s security scanning of mobile apps using a range of techniques. …
John Leyden, 22 Sep 2015

Dislike: Facebook scammers latch onto anti-Like button calls

Survey scammers have already capitalised on Facebook's tentative plans to develop a "Dislike" button. Last week, Mark Zuckerberg conceded the obvious point that people didn't want to say they "liked" posts about friends' bad fortune, the only single button option available through the social network at present. He …
John Leyden, 22 Sep 2015

AVG to flog your web browsing, search history from mid-October

Changes in the privacy policy of AVG's free antivirus doodad will allow it to collect your web browsing and search history – and sell it to advertisers to bankroll its freemium security software products. The changes will come into play on 15 October, according to the Czech-based biz in a blog post. The revised privacy policy …
John Leyden, 21 Sep 2015

Symantec fires staff caught up in rogue Google SSL cert snafu

Symantec has fired some employees after Google engineers noticed rogue SSL certificates issued in the web goliath's name. Thawte, Symantec's certificate authority subsidiary, produced a small number of security certificates intended for internal testing. Worryingly, in the wrong hands, these certificates could have been used …
John Leyden, 21 Sep 2015

Apple cleans up iOS App Store after first big malware attack

Apple is cleaning up its official iOS App Store after the first large-scale attack on its walled garden mobile software site. The Xcode development tools used by iOS app makers was copied, modified, and distributed online, by hackers to inject malicious code into apps available on the App Store, as previously reported. Palo …
John Leyden, 21 Sep 2015

FireEye: The face of hacking is changing – and it's getting uglier

Cyberattacks from Russia have increased because of sanctions related to the Ukraine while assaults from Iran have dropped over recent months, thanks to the recent Iran nuclear deal. David DeWalt, FireEye chief exec, said these changes show how the diplomatic landscape affects what is happening in cyberspace even though the …
John Leyden, 21 Sep 2015

Flawless Dutch does for cuffed duo in CoinVault ransomware probe

The use of "flawless Dutch phrases" has seen two suspects, thought to be behind the spread of the CoinVault ransomware, arrested in the The Netherlands, in a case where security software firms offered technical knowhow to the Dutch police. Dutch police from the nation's National High Tech Crime Unit (NHTCU) arrested two (as …
John Leyden, 18 Sep 2015

Screenshot malware targeted innocent online poker players

Spyware is targeting users of the Full Tilt Poker and PokerStars online games – and it is said to allow cheats to get a sneaky advantage over honest players. The malware, named Odlanor, first checks if PokerStars or Full Tilt Poker is running before taking screenshots of the infected player’s virtual poker hand and their …
John Leyden, 18 Sep 2015
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Malware links Russians to 7-year global cyberspy campaign

Security researchers have shone the spotlight on an ongoing campaign by Russian cyberspies to snoop on western governments and NGOs, as well as targets in Georgia, using the Dukes malware. The Dukes group of attackers employ a family of unique malware toolsets used to steal information by infiltrating computer networks, before …
John Leyden, 17 Sep 2015

How a massive campaign of booby-trapped web ads went undetected for too long

Security firm Malwarebytes has published a comprehensive analysis of a recently detected malvertising attack that affected many ad networks and ran uninterrupted for almost three weeks. The tainted ad-slinging scheme affected large and small ad networks alike. What appeared to be legitimate advertisements were used to mask …
John Leyden, 15 Sep 2015
Malware image

Masses of Brit IT bods embroiled in leak riddle

Mystery surrounds the origin of a leak on Pastebin containing what looked like the full contact details on tech personnel at hundreds of UK organizations. The leaked document features names of people, the firms they worked for, email addresses, and phone numbers (mobile and landline). It surfaced on Sunday, and purported to …
John Leyden, 15 Sep 2015

Compromised Cisco routers spotted bimbling about in the wild

More than a dozen compromised router infections have been found in the wild, all targeting Cisco kit as part of sophisticated attempts to hack into corporate and government networks. Once considered only a theoretical risk, the finding of malware-infected routers by FireEye/Mandiant shows that the threat is all too real. A …
John Leyden, 15 Sep 2015

Infosec bods Flexera snap up Secunia's cybersecurity knowhow

Flexera Software has acquired vulnerability management tools firm Secunia, although terms of the deal, announced Tuesday, are undisclosed. Adding Secunia’s technology to Flexera's existing software licence solutions will transform software asset management practices, according to the US software licensing company. Secunia’s …
John Leyden, 15 Sep 2015

This new new chip will self-destruct in less than 10 seconds

Engineers at Xerox PARC have developed a prototype chip capable of self-destructing upon command. The Mission Impossible-style integrated circuit might be used for applications such as the storage of encryption keys. The chip is fabricated on a Gorilla Glass substrate and capable of shattering on demand into thousands of …
John Leyden, 15 Sep 2015

Murder suspect alert? Nah: Scammers fling cop-style malware

A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.* The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more …
John Leyden, 15 Sep 2015
PayPal inStore app in action

Infosec bunfight breaks out over 'unproven' PayPal authent bug

A row has broken out between PayPal and bug hunters who claim to have found a flaw on its website. Vulnerability Laboratory published an advisory about a vulnerability that it said creates a means to bypass the security approval procedure and two-factor authentication applied by the payment service earlier this month, as …
John Leyden, 14 Sep 2015