John Leyden

Contact Mail Follow Twitter RSS feed
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Dodgy dealer on Amazon lures marks towards phishing site

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam. A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used – like new" at significantly lower costs than in the shops. …
John Leyden, 06 Jan 2017
backdoor_648. Pic via Shutterstock

Windows PC spy nasty dormant for three years, mutates and resurfaces

Two new variants of some Windows spyware first discovered in 2013 have surfaced in targeted attacks, security firm Forcepoint warns. The new nasties – BigBoss and SillyGoose – are based on the three-year-old MM Core backdoor. MM Core spawned a spin-off named "StrangeLove" shortly after its discovery before mysteriously …
John Leyden, 05 Jan 2017
Exhausted looking business man on phone in from of laptop. Photo by Shutterstock

DomainMonster email service restored at last after Yuletide borkage

Updated DomainMonster finally resolved problems with its hosted email service on Tuesday, more than two weeks after they first began on 21 December. Reg readers affected by the problem were eventually told that a data centre networking issue was to blame for the extended outage. This remains unconfirmed since neither DomainMonster, a …
John Leyden, 04 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 04 Jan 2017

Hot Desk? Sec-tech firm LANDESK to be forged together with HEAT

Clearlake Capital Group has acquired IT systems and security management company LANDESK from Thoma Bravo. Financial terms of the deal, announced on Tuesday, were not disclosed. Clearlake will be combining LANDESK with its existing portfolio company, HEAT Software. The merged firm will be led by LANDESK chief Steve Daly and …
John Leyden, 03 Jan 2017
I AM NIKOM / Shutterstock.com

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers. The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to. Switcher brute-forces …
John Leyden, 03 Jan 2017

Vinyl and streaming sales offset CD decline in UK music sales

Vinyl sales, which reached a 25-year high, and a continued increase in streaming offset decline in CD sales as music consumption rose last year, according to official music industry figures. Figures from the BPI out Tuesday show UK music consumption rose 1.5 per cent last year to reach 123 million albums. A total of 45 billion …
John Leyden, 03 Jan 2017

A year in infosec: Bears, botnets, breaches ... and elections

How often can we say that an IT blunder might have changed the course of world history? Hillary Clinton’s use of a private email server whilst serving as outgoing US President Barack Obama’s Secretary of State became a key element in the US presidential election this year. The FBI investigation around Clinton’s use of a …
John Leyden, 26 Dec 2016

Netgear: Nothing to see here, please disperse. Just another really bad router security hole

Netgear has downplayed the significance of newly discovered flaws in its WNR2000 line of consumer routers. The vulnerabilities could hypothetically allow a remote attacker to execute code and take over the device without authentication, claims Pedro Ribeiro, the security researcher who discovered the bugs. “It is a LAN based …
John Leyden, 23 Dec 2016

US healthcare under siege: Got good insurance?

US healthcare organisations, including hospitals, are increasingly vulnerable to medical device hijacks as well as the growing ransomware threat, according to a new study by security vendor TrapX. A total of 93 major attacks occurred during 2016. Hackers were responsible for almost a third (31.42 per cent) of all major HIPAA ( …
John Leyden, 23 Dec 2016

Bad news: Exim hole was going to be patched on Xmas Day. Good news: Keyword 'was'

Updated An information-leaking security hole in widely used email agent Exim – scheduled for repair on Christmas Day – may now be publicly patched earlier, possibly as soon as Friday. System administrators were stunned by the suggestion that a patch for the vulnerability would be released on December 25 when pretty much everyone …
John Leyden, 22 Dec 2016

'DNC hackers' used mobile malware to track Ukrainian artillery – researchers

The Russian hacking crew controversially linked to hacks against the Democrat Party during the US election allegedly used Android malware to track Ukrainian artillery units from late 2014 until 2016, according to new research. Threat intelligence firm CrowdStrike reckons that mobile malware was used to harvest communications …
John Leyden, 22 Dec 2016

Groupon frauds blamed on third-party password breaches

Groupon has blamed fraudulent purchases from some UK customers' accounts on password leaks from other sites. UK consumer website MoneySavingExpert reports that “a number of Groupon users have seen £100s siphoned from their banks in recent weeks after fraudsters commandeered their accounts to make unauthorised purchases.” The …
John Leyden, 22 Dec 2016

Netflix US Twitter account hacked

Netflix's US Twitter account was briefly hijacked on Wednesday. The feed was taken over by a hacking group, OurMine, who used the hijack to promote its website and invite Netflix to get in touch. The social media team running the Netflix US Twitter account, which has 2.5 million followers, got off easily. Previous account …
John Leyden, 21 Dec 2016
High voltage power grid, in the sunset. Photo by SHutterstock

Energy firm points to hackers after Kiev power outage

A cyber attack is suspected in connection with an outage of the Ukrainian power grid that affected homes around Kiev last weekend. A substation in Pivnichna was cut off from the main power grid for about 75 minutes late on Saturday 17 December, lasting into the early hours of Sunday. As a result, houses and flats of the right …
John Leyden, 21 Dec 2016

Testing times: Can your crypto-code survive the Google gauntlet?

Google has unleashed Project Wycheproof, a set of security tests to check cryptographic libraries for susceptibility to known weaknesses. The toolkit, maintained by Google’s security engineers, is named after Mount Wycheproof, the smallest mountain in the world, and has set out with commendably modest goals. The aim is to look …
John Leyden, 20 Dec 2016
WWI French tank picture via Shutterstock

Swiss defence firm snaps up Brit security outfit Clearswift

Swiss aerospace and defence firm RUAG has slurped UK cyber security outfit Clearswift from private equity owner Lyceum Capital, the financial terms of which were not disclosed. The buy continues a recent trend of aerospace and defence companies investing into cybersecurity armoury, exemplified by Raytheon's acquisition of …
John Leyden, 20 Dec 2016

Bad news, fandroids: Mobile banking malware now encrypts files

Cybercrooks have outfitted ransomware functionality onto an already dangerous mobile banking Trojan. The modified Faketoken can steal credentials from more than 2,000 Android financial applications, security researchers at Kaspersky Lab warn. Based on telemetry, Kaspersky Lab estimates that Faketoken has claimed over 16,000 …
John Leyden, 20 Dec 2016
Plane. Image via shutterstock

This is your captain speaking ... or is it?

Updated Vulnerabilities in Panasonic in-flight entertainment systems create a possible mechanism for attackers to control in-flight displays, PA systems and lighting, say researchers. Ruben Santamarta, principal security consultant at IOActive, said it had found vulnerabilities in Panasonic Avionic In-Flight Entertainment (IFE) …
John Leyden, 20 Dec 2016
Frustrated accountant puts head in hands. Photo by Shutterstock

Cyber insurance brokers: If it makes you feel any better, 2016 was not our year either

Insurers are handling "hundreds" of breach claims, according to figures from CFC Underwriting. CFC Underwriting said it handled more than 400 claims against cyber-breach policies it issued this year alone. The rise in data breaches and money transfer scams are driving the increase. Claims on CFC policies almost doubled year …
John Leyden, 19 Dec 2016

Akamai buys bot-sniffing startup Cyberfend

Akamai Technologies has beefed up its existing bot management and mitigation services with the acquisition of US startup Cyberfend. Financial terms of the deal, announced Monday, were undisclosed. Credential theft and abuse is a significant problem for online businesses and their customers. Cyberfend’s tech is designed to …
John Leyden, 19 Dec 2016

PayAsUGym breach exposes passwords

Fitness website PayAsUGym has been breached in a hack that may have exposed up to 400K emails and passwords. In a breach notice to users, the firm admitted one of its servers was hacked after “underground researchers” posted screenshots purporting to show PayAsUGym’s hacked database via Twitter. The 1x0123 hacker crew later …
John Leyden, 19 Dec 2016
Auctioneer with hammer

Bayrob: Romanian auction fraud suspects extradited to the US

Three suspected cybercriminals have been arrested and extradited from Romania to the US over a multi-million dollar malware-facilitated scams. The suspects are believed to be members of a gang, nicknamed Bayrob by Symantec researchers, which allegedly earned a living from online fraud for nearly a decade. The indictment claims …
John Leyden, 19 Dec 2016
Photo by MediaGroupBestForYou / Shutterstock

'I told him to cut it out' – Obama is convinced Putin's hackers swung the election for Trump

Analysis Outgoing US President Barack Obama has promised to take action against Russia over its alleged interference in the presidential election campaign. American intelligence agencies have concluded that hackers linked to the Kremlin infiltrated the computer network of the Democratic National Committee as well as the email account …
John Leyden, 17 Dec 2016
Vodafone adds payment cards to mobile wallet

Banks 'not doing enough' to protect against bank-transfer scams

UK banks have been told they needed to go further protecting consumers against money transfer scams - a growing form of fraud. The Payment Systems Regulator said institutions must improve the way they respond to bank transfer scams and do more to identify fraudulent payments without advocating changes in liability for …
John Leyden, 16 Dec 2016