John Leyden

Contact Mail Follow Twitter RSS feed
airplane just kidding shot

Hackers actively stealing Wi-Fi keys from vulnerable routers

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys. Andrew Tierney, a security researcher at UK consultancy Pen Test Partners, noticed the switch-up in tactics in attacks against its honeypot network over the weekend. Customers of UK ISP …
John Leyden, 06 Dec 2016

Own goal for Scottish Football Association as fans sent phishy emails

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach. The SFA blamed a breach at a third-party supplier for a leak of sensitive info that was used in an attempt to trick recipients into opening a dodgy email that appeared under the guise of an …
John Leyden, 06 Dec 2016
Cops with guns, image via Shutterstock

Yorkshire cyber security biz ECSC Group to debut on AIM exchange

Bradford-based cyber security consultancy ECSC Group is set to float on the AIM stock exchange on December 14. ECSC is bullish about its prospects, stating that the "recent proliferation of high-profile cyber security breaches affecting some of the world's most largest companies" has made cyber security a strategic issue for …
John Leyden, 05 Dec 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Russia accuses hostile foreign powers of plot to undermine its banks

Russia has accused unnamed foreign spies of launching a concerted effort to undermine its domestic banking system. Cyber attacks are being combined with fake social media reports about banks going bust, according to Russia's state security agency, the FSB. Servers physically located in the Netherlands and leased to BlazingFast …
John Leyden, 02 Dec 2016

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so. Problems at the Post Office …
John Leyden, 02 Dec 2016
inspector clouseau

Europol cop took terror dossier home, flashed it to the web accidentally

An investigator at Europe's FBI Europol took home a USB stick packed with terror probe documents and accidentally spilled the files on the internet. Dutch telly documentary series Zembla reported this month that about 700 pages of analysis on terrorist groups and related sensitive information were exposed online as a result of …
John Leyden, 01 Dec 2016
Surfers

Hull surfers cut off by router attack

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack. Local telco KCOM blamed difficulties for its customers which began over the weekend and remains ongoing on an attack it said was targeted at models of routers it supplies to some of its customers. Since …
John Leyden, 01 Dec 2016
Data breach

Clients say they'll take their money and run if service hacked – poll

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked. Almost half (48 per cent) of the 1,000 Brits questioned by Onepoll claimed they would cancel accounts if a provider of theirs suffered a data breach. In addition, a …
John Leyden, 01 Dec 2016
android_toys_648

Android-rooting Gooligan malware infects 1 million devices

A new strain of Android malware is infecting an estimated 13,000 devices per day. The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users' sensitive data from Gmail accounts, security researchers at Check Point …
John Leyden, 30 Nov 2016

UK cops spot webcam 'sextortion' plots: How vics can hit stop

The NCA has said that "at least four young men have taken their own lives" after being targeted by financially motivated webcam blackmailers, while UK police forces are sharing stats and tips in a campaign to combat the rising problem. Police say they've recorded 864 cases of webcam blackmail cases so far in 2016, more than …
John Leyden, 30 Nov 2016
lottery

UK National Lottery data breach: Fingers crossed – it might not be you

Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts. Camelot, the company behind the National Lottery, detected the scam and subsequent attempted frauds and responded by locking down accounts, triggering compulsory password resets …
John Leyden, 30 Nov 2016
Bank vault

'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee

A former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket. Earlier this month Tesco Bank admitted that an estimated £2.5m had been stolen from 9,000 customer accounts in the biggest cyber-heist of its kind to affect a UK bank. The …
John Leyden, 30 Nov 2016

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study. Eleven of the 46 products that made it into monthly top 20 most vulnerable product charts between August and October were security packages, Secunia reports. Products from vendors including AlienVault …
John Leyden, 29 Nov 2016
Alan Turing (Benedict Cumberbatch) and the Bombe machine

Bletchley Park Trust vows to shore up insecure website

The Bletchley Park Trust has promised that a website revamp due in January will address security concerns highlighted by a security expert on Sunday. Paul Moore slammed the site, which was home of the WWII Enigma codebreakers, for all manner of security shortcomings including emailing password resets and vulnerabilities to the …
John Leyden, 29 Nov 2016
Ransomware, photo via Shutterstock

Ransomware scams cost Brits £4.5m per year

More than 4,000 Brits have had their computers infected with ransomware this year, with over £4.5m paid out to cyber criminals, according to Action Fraud. Ransomware is a type of malware that encrypts files of infected PCs before demanding an extortionate payment for the encryption key needed to recover data. The malware …
John Leyden, 28 Nov 2016
Tesla Model X

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

A smartphone app flaw has left Tesla vehicles vulnerable to being tracked, located, unlocked, and stolen. Security experts at Norwegian app security firm Promon were able to take full control of a Tesla vehicle, including finding where the car is parked, opening the door and enabling its keyless driving functionality. A lack …
John Leyden, 25 Nov 2016
Crop of doctor with pen and clipboard

EU puts out prescription for smart hospitals

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines. The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of …
John Leyden, 25 Nov 2016

Drops the mic... Hang on, hackers could be listening through my headphones?

Experimental malware has highlighted the possibility that hackers might be able to turn headphones into microphones in order to snoop on computer users. Research by computer scientists at Ben-Gurion University, Israel, has revealed that both headphones and loudspeakers present a potential bugging risk. The boffins put together …
John Leyden, 25 Nov 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

Sorry, iPhone fans – only Fandroids get Barclays' tap-to-withdraw

Barclays is trialling smartphone cash withdrawals. The UK's first contactless mobile cash service will allow the bank's customers to withdraw up to £100 in-branch, with just a tap of their Android smartphone or contactless debit card. The technology offers an alternative to traditional cash withdrawals from specially outfitted …
John Leyden, 23 Nov 2016

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Customers of online takeaway firm Deliveroo are getting their accounts hijacked and charged for food they never ordered, according to an investigation by BBC One's Watchdog. Investigators from the campaigning TV consumer affairs programme uncovered evidence that scores of customers of the newly be-logo-ed Deliveroo are being …
John Leyden, 23 Nov 2016

Hospital info thief malware puts itself into a coma to avoid IT bods

A Trojan targeting US healthcare organizations attempts to avoid detection by going to sleep for prolonged periods after initial infection, security researchers warn. Symantec estimates that thousands of organizations have been hit by the Gatak Trojan since 2012. The malware is programmed to spread aggressively across an …
John Leyden, 22 Nov 2016
Gloved hand holds dismantled bug/listening /audio device. Photo by Shutterstock

Hack the Army: US military begs white hats to sweep it for bugs

Security experts reckon the US government’s newly unveiled "Hack the Army" bug bounty programme may usher in greater co-operation across the whole arena of security research. The US Army will offer cash rewards to hackers who find vulnerabilities in selected, public-facing Army websites under the scheme, which builds on the US …
John Leyden, 22 Nov 2016
Money laundering

178 arrested in pan-European money mule crackdown

A pan-European crackdown has resulted in the arrest of 178 suspected money mules. Across Europe, 580 people were identified as suspects. National law enforcement agencies last week interviewed 380 suspects collectively implicated in losses amounting to €23m. After malware or phishing is used to obtain the login credentials of …
John Leyden, 22 Nov 2016

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed. Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely …
John Leyden, 21 Nov 2016