John Leyden

Contact Mail Follow Twitter RSS feed

Annus HORRIBILIS for TLS! ALL the bigguns now officially pwned in 2014

The appearance of a critical flaw in Microsoft SChannel - patched as part of this year's phenomenal November Patch Tuesday - means that every major TLS stack has now fallen victim to a critical flaw at some time during this year. The security flaw (MS14-066) in Microsoft's TLS cryptography library open the door to remote code …
John Leyden, 12 Nov 2014
Sky's Sainsbury's iPad shopping trolley

Target, Home Depot and UPS attacks: Dude, you need to rethink point-of-sale security

A new report on point-of-sale malware presents the most detailed examination of the malicious code behind high-profile attacks against US retailers to date. Cyphort Labs’ in-depth look focuses on Target, Home Depot and UPS breaches and involved an analysis of BlackPOS, FrameworkPOS and Backoff malware samples. The researchers …
John Leyden, 12 Nov 2014

Most convincing PHISHING pages hoodwink nearly half of you – Google

Nearly half (45 per cent) of those who visit the most convincing phishing pages are tricked into handing over personal information, according to Google. This effectiveness drops to just three per cent in the case of the most obviously scummy phishing sites, while the online giant reports that the account hijackers work quickly, …
John Leyden, 11 Nov 2014
Eve in the Garden of Eden talking to a rather angry God on Snapchat

Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS

Security experts have now probed further into the vuln in non-jailbroken iOS 7 and iOS 8 devices which was exploited by the previously revealed WireLurker USB-hopping malware. Dubbed a “Masque Attack”, the tactic allows hackers to install iOS apps on iPhone or iPad via email or text message. The attack takes advantage of a …
John Leyden, 10 Nov 2014

BrowserStack HACK ATTACK: Service still suspended after rogue email

Browser testing service BrowserStack has temporarily suspended its services while it recovers from a "hack attack" by someone apparently bent on discrediting the security of the widely used tool. "We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it and will keep …
John Leyden, 10 Nov 2014

Crooks are using proxy servers to build more convincing phishing sites – new claim

Crooks using phishing pages to grab victims' passwords have apparently upped their game – by using proxy servers rather than static pages to craft legit-looking websites. Normally, thieves recreate a web page – such as a login page for an online shop or webmail – and stick it on a compromised server, then direct marks towards …
John Leyden, 07 Nov 2014

Home Depot: Someone's WEAK-ASS password SECURITY led to breach

Hackers gained access to Home Depot's network via a third-party vendor system, according to preliminary results of an investigation into the September mega-breach. Cybercrooks used access to the US retail giants' network gained via ineffective password security at an unnamed third party vendor's system to run a stepping-stone …
John Leyden, 07 Nov 2014
apple mac malware vxer

'Older' WireLurker previously tried, failed to leap from Windows to iThings

An older version of WireLurker, the newly discovered malware capable of spreading onto Apple iOS devices from infected Mac OS X systems, once targeted Microsoft Windows, it has emerged. WireLurker is the first malware capable of attacking non-jailbroken iPhones and iPads, smashing the conventional wisdom that such devices are …
John Leyden, 07 Nov 2014
US Military hacking team

Spyware-for-cops Hacking Team faces off against privacy critics

Controversial spyware-for-cops outfit Hacking Team has defended its snooping and come out on the offensive against security research critics. Last week Glenn Greenwald’s The Intercept published what it asserted were secret manuals illustrating how Hacking Team sold its spyware sold to authoritarian regimes around the world. The …
John Leyden, 07 Nov 2014
The tag in question

Shove over, 2FA: Authentication upstart pushes quirky login tech

Security upstart LiveEnsure is trying to shake up the authentication market with technologies that verify users by device type, location and user behaviour, as an alternative to established authentication systems. The firm is pushing its smartphone-based services as an alternative to security tokens, biometrics, one-time- …
John Leyden, 07 Nov 2014
Hacker baseball cap

Hackers use DRAFT emails as dead-drops for running malware

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto the …
John Leyden, 06 Nov 2014
Pandemia

Rovnix Trojan infection outbreak infects 130,000 machines in Blighty

A new cluster of infections by the Rovnix Trojan has infected more than 130,000 Windows computers in the UK alone. The data-stealing malware is also affecting Germany, Italy, the US and Iran to a far lesser extent - 87 per cent of the computers infected are actually in the UK, according to anti-virus firm Bitdefender. Rovnix is …
John Leyden, 06 Nov 2014
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014
Fawlty Towers

Watchdog bites hotel booking site: Over 3k card details slurped

Hotel booking website Worldview Limited has been fined £7,500 over a security breach involving its website that allowed hackers to swipe the full payment card details of some 3,814 customers. Sensitive data was accessed after the unidentified attacker exploited a SQL injection flaw in Worldview website to access the firm's …
John Leyden, 05 Nov 2014

Crypto collision used to hijack Windows Update goes mainstream

The cryptographic hash collision attack used by cyberspies to subvert Microsoft's Windows Update has gone mainstream, revealing that MD5 is hopelessly broken. Security researcher Nat McHugh created two images of different rock 'n' roll icons - James Brown and Barry White - with the same MD5 hash. "The images were just two I …
John Leyden, 05 Nov 2014
Range Rover Evoque Si4

Israeli ex-spies want to help you defend your CAR from cybercrooks

Security shortcomings in new cars could nurture a new branch of the infosec industry in much the same way that Windows' security failings gave rise to the antivirus industry 20 or so years ago, auto-security pioneers hope. Former members of Unit 8200, the signals intelligence unit of the Israel Defense Forces, have banded …
John Leyden, 05 Nov 2014
Sham Shui Po market Hong Kong

Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit

Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye. Sites promoting the Occupy Central Pro Democracy movement, including Next Media’s Apple Daily publication and …
John Leyden, 03 Nov 2014
Houses of Parliament at night-time

Data protection laws come to the rescue of poor, underpaid UK MPs

UK lawmakers may escape further expense abuse investigations after paperwork related to pre-2010 claims was shredded by parliamentary authorities in accordance with data protection regulations, sparking accusations of a fresh cover-up of MPs’ expenses. Houses of Parliament at night-time Under the House of Commons' "Authorised …
John Leyden, 03 Nov 2014
ISIS leader Shakir Wahiyib with Facebook thumbs-up

Pro-ISIS script kiddies deface West Yorkshire egg-chasers' site

Pro-ISIS script kiddies defaced the website of Rugby League team the Keighley Cougars over the weekend in the latest of a series of attacks against somewhat obscure targets. The West Yorkshire club's home page was replaced by a black screen and the message: "I love you Isis" with the tag "Hacked By Team System DZ" at the top of …
John Leyden, 03 Nov 2014
Now you've done it...

Drupalgeddon megaflaw raises questions over CMS bods' crisis mgmt

The security world has been shocked to its foundations following ominous warnings that millions of Drupal websites that didn't apply a critical patch within hours of its release earlier this month should be regarded as hopelessly compromised. The maintainers of the Drupal content management system warned users that “automated …
John Leyden, 03 Nov 2014

Popular Science site shrugs off malicious code infection

Surfers visiting Popular Science would be well advised to check their systems following an attack that has left the site compromised and harbouring malicious code. Security firm Websense warns that visiting the site exposed surfers to the RIG exploit kit. The malicious code was removed on Wednesday, but a number of surfers may …
John Leyden, 31 Oct 2014

BIGGEST THREAT to Europe’s cybersecurity? Hint: not hackers

Forget cyber-espionage, cyber-warfare and cyber-terrorism. The biggest threat to Europe’s infrastructure cybersecurity are power outages and poor communication. On Thursday, ENISA (European Network and Information Security Agency) held its biggest ever cybersecurity exercise involving more than 200 organisations and 400 cyber- …
pyramidinvestnorthafrica

The ULTIMATE CRUELTY: Sandworm uses PowerPoint against Swiss bank customers

The Sandworm vulnerability is being actively abused to attack Swiss banking customers, Danish security consultancy CSIS has warned. CSIS reports that the attacks are pushing the latest version of the Dyre banking trojan. Attacks arrive as spam emails under the guise of information about unpaid invoices. In reality the …
John Leyden, 30 Oct 2014

UK consumers particularly prone to piss-poor patching

UK consumer patching practices have worsened still further over the last three months, increasing the threat of malware problems, according to a new study by IT security provider Secunia. Secunia estimates 12.6 per cent of UK users are running unpatched operating systems, up from 9.7 per cent the previous quarter. In addition, …
John Leyden, 30 Oct 2014
Photo of the White House at dusk

WHITE HOUSE network DOWN: Nation-sponsored attack likely

Hackers have disrupted computer operations at the White House after breaking into its unclassified internal network. The attack, blamed by US government sources on Russian hackers, has resulted in the disruption of some services while incident response teams work to contain the intrusion. The White House network is under …
John Leyden, 29 Oct 2014
Q and Bond, Skyfall

Security Avengers team up to take down Chinese hacking group

Security firms are claiming credit for putting the skids under a Chinese cyber-espionage crew thought to have been operating for at least six years. The so-called Axiom Threat Actor Group allegedly victimised pro-democracy non-governmental organisations (NGO) and other groups and individuals that would be perceived as a …
John Leyden, 28 Oct 2014

FBI impersonated newspaper to finger school bomb threat suspect

A US newspaper has reacted angrily after it emerged that the FBI impersonated its website in order to locate a target using snoopware. The Feds set up a fake Seattle Times news story on a counterfeit website in order to entice a bomb-threat suspect to disclose his location back in 2007. Links to the doctored story were sent to …
John Leyden, 28 Oct 2014

Feds seek potential 'second Snowden' gov doc leaker – report

A worker at a US government contractor is suspected of being the second leaker who turned over sensitive documents on the US government's terrorist watch list to journalist Glenn Greenwald, according to recent reports. The FBI reportedly searched the suspect's home and opened a criminal case, according to unnamed law enforcement …
John Leyden, 28 Oct 2014
Kindle Big Brother

Schneier, Diffie, ex-MI5 bod, privacy advocates team up on Code Red

Security experts including Bruce Schneier and Whitfield Diffie are teaming up with privacy advocates to form a new privacy group that aims to champion privacy against the growing tide of intrusive government surveillance. The project, Code Red, is due to begin in January with the aim of becoming a "strategic think tank and …
John Leyden, 27 Oct 2014
iCloud brute force

Apple's OS X Yosemite slurps UNSAVED docs into iCloud

Apple's OSX 10.10 – aka Yosemite – is silently uploading users' unsaved documents and the email addresses of their contacts to Apple's iCloud, according to security researcher Jeffrey Paul. Berlin-based Paul said the discovered the document auto-syncing without consent issue, and another hacker expanded the point by discovering …
John Leyden, 27 Oct 2014

Knocking Knox: Samsung DENIES vuln claims, says mysterious blogger is a JOKER

A damning security critique against Samsung's US government-approved Knox system has been dismissed by the South Korean tech giant. Earlier this week, Knox was given the green light for use on classified Stateside government networks and data. Samsung had became the "first consumer mobile device manufacturer validated to handle …
John Leyden, 26 Oct 2014
iMessage

iMessage SPAM floods US mobile networks

China-based counterfeiters are spamvertising knock-off designer goods using Apple iMessage instead of using conventional email spam runs. iMessage has been hit with the single largest US mobile spam campaign this year. The campaign, which has been going on for months, was large enough to account for more than 80 per cent of all …
John Leyden, 24 Oct 2014

Lucky you. Twitter offers you its 'Digits' (for mobe app sign-ins)

Twitter's launch of a service that provides a new way to sign up to apps without using passwords has received a cautious welcome from security experts. The new service, Digits, is designed to offer application developers a simpler, password-free login option for their mobile applications. The utility is designed to fit into the …
John Leyden, 24 Oct 2014

We chat to CloudFlare about its 'EVERYBODY GETS SSL' venture

Interview CloudFlare boss Matthew Prince is hoping the firm's project to roll out SSL support to customers who use its free cloud-based web hosting service will inspire other internet firms to build out a fully encrypted web. The Universal SSL program from CloudFlare allows its customers to encrypt and secure web traffic between visitors …
John Leyden, 24 Oct 2014
Zombies, credit: Wikimedia from Night of The Living Dead

Ad-borne Cryptowall ransomware is set to claim FRESH VICTIMS

Security watchers are warning of a surge in CryptoWall ransomware victims this month that will coincide with a campaign to spread a new variant of the malware though advertising networks. More than 830,000 victims worldwide have been infected with the malware, a 25 per cent increase in infections since late August when there …
John Leyden, 23 Oct 2014
Qualcomm Atheros hybrid network

Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?

Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings. The networking devices are, we're told, commonly misconfigured to allow remote attackers to reprogram how network traffic flows to PCs, servers, tablets and other machines …
John Leyden, 22 Oct 2014

DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in "limited, targeted attacks …
John Leyden, 22 Oct 2014

APPLE support doc CONFIRMS 'ORGANIZED NETWORK ATTACKS'

Apple is warning its iCloud users over heightened spying risks following the discovery of attacks which security watchers have claimed are down to crude snooping by the Chinese government. Without naming China directly, Apple said it was "aware of intermittent organised network attacks" on its iCloud service designed to obtain …
John Leyden, 22 Oct 2014
GCHQ Benhall doughnut aerial view

Edward who? GCHQ boss dodges Snowden topic during last speech

Sir Iain Lobban's final speech as GCHQ director omitted any mention of that man Edward Snowden, and unlike recent speeches by FBI and law enforcement officials on both side of the Atlantic, the spy boss had no critical words for Apple and Google's plans to roll out improved encryption on smartphones and computers. Instead, an …
John Leyden, 21 Oct 2014
Cloud security

Defence giant BAE coughs $230m for cloud heavy SilverSky

BAE Systems has bought cloud-based email and network security firm SilverSky for $232.5m, seemingly finding the US company's products and customer base irresistible. Ian King, chief executive, BAE Systems, said: "SilverSky has an established sales force, a complementary suite of scalable products and a large installed customer …
John Leyden, 21 Oct 2014
Fraud image

Hacked and ashamed? C'mon, Brits – report that cybercrime

Internet-enabled frauds reached £670m across the UK in the 12 months running up to the end of August, according to new figures from the National Fraud Intelligence Bureau. Since the majority of internet-enabled fraud cases still go unreported, the true economic cost to the UK is likely to be significantly higher. The figures …
John Leyden, 21 Oct 2014
Screenshot of Microsoft promotional video touting Office 2013's cloud integration

Most cloud apps flout EU data protection rules – study

Three in four cloud services do not conform to the current EU Data Protection Directive, according to a new study. Enterprise cloud visibility firm Skyhigh Networks found that nearly three-quarters (72 per cent) of the cloud services used by European organisations do not meet the requirements of the current privacy regulations, …
John Leyden, 21 Oct 2014

FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for

There has been growing disquiet over Apple's desktop search app Spotlight, which sends queries for things back to the company's servers to process. Spotlight phones home in OS X Yosemite, version 10.10, and it is enabled by default: it can be switched off, but with Apple insisting that it now takes people's privacy seriously, …
John Leyden, 20 Oct 2014
IT Crowd. Source: Channel 4 / 2entertain

Sophos to offshore American support operations

Exclusive Sophos plans to offshore support operations from the US to Canada and the Philippines as part of a wide-ranging restructuring of its support operations. The plans were outlined in an internal email to staff from Mary Winfield, SVP Global Support, leaked to El Reg by an anonymous tipster. "Another year, another round of layoffs …
John Leyden, 20 Oct 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. Late …
John Leyden, 20 Oct 2014
Container Vessel at Sea

US government fines Intel's Wind River over crypto exports

The US Government has imposed a $750,000 fine on an Intel subsidiary for exporting encryption to China, Russia, Israel and other countries Wind River Systems was fined for exporting products that incorporated encryption to foreign governments and to organisations on the US government restricted list. The controversial move means …
John Leyden, 17 Oct 2014

UK's a very popular target for EMEA cyberspies – report

Malware attacks, especially in Europe, nearly doubled in the first half of 2014, according to a new report. Government, financial services, telecommunications and energy were the most targeted sectors – collectively making up more than half of attacks detected by security vendor FireEye. The UK (17 per cent) followed by Germany …
John Leyden, 17 Oct 2014
android tongue

Bad news, fandroids: He who controls the IPC tool, controls the DROID

A security flaw in a core message-passing mechanism leaves every Android device potentially vulnerable to attack, security researchers warned on Thursday. The newly discovered flaw enables hackers to override in-app security features, leaving critical apps such as mobile banking susceptible to tampering. The same vulnerability …
John Leyden, 16 Oct 2014
Crime in Russia

Hacker-hunters finger 'Keyser Soze' of Russian underground card sales

A hacker based in Odessa, Ukraine has become the main provider of data stolen from compromised credit cards, a new study claims. According to Russian cyber-security consultancy Group-IB, a person or persons operating under the pseudonym “Rescator” (AKA Helkern and ikaikki) uploaded details of over five million cards onto the …
John Leyden, 16 Oct 2014

Drupal SQL injection nasty leaves sites 'wide open' to attack

A newly patched SQL injection flaw in Drupal leaves sites that rely on the widely used web development platform wide open to attack. Admins of sites that run Drupal 7 should upgrade to 7.32 to guard against possible attack. Patching needs to take place sooner rather than later because the easy-to-exploit vulnerability hands …
John Leyden, 16 Oct 2014