John Leyden

Contact Mail Follow Twitter RSS feed
bank robbery

Ker-ching! NotPetya hackers cash out, demand 100 BTC for master decrypt key

All the Bitcoins paid by victims of the NotPetya ransomware attack were withdrawn overnight. Some paid the equivalent of $300 in Bitcoin even though there were no real means to recover their data. Just over 3.96 Bitcoins ($10,382) were drained from a wallet tied to NotPetya early on Wednesday morning, according to a Twitter …
John Leyden, 05 Jul 2017
Car crash

Automobile Association under fire for car-crash handling of data breach

Breakdown and car insurance outfit AA has been scolded for its handling of a data breach that spilled customer email addresses and partial credit card numbers. Data from the AA's online shop leaked online in April due to a server misconfiguration. The whoopsie gave access to backup files about orders for maps, motoring …
John Leyden, 04 Jul 2017
malware

For all the chaos it sows, fewer than 1% of threats are actually ransomware

Ransomware dominated the threat landscape last year even though file-encrypting nasties made up less than one in a hundred examples of different Windows malware during 2016. The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers, …
John Leyden, 04 Jul 2017
Image by rangizzz http://www.shutterstock.com/gallery-660385p1.html

So. A cross-Europe cyberwar simulation. Of ransomware

Organisers have drawn up their conclusions following a pan-European cyberwar exercise. Cyber Europe 2016, the fourth cyber crisis exercise organised by the European Union Agency for Network and Information Security (ENISA), is one of the biggest international stress-test exercises to date. Over 1,000 participants from all 28 …
John Leyden, 03 Jul 2017

Security bug bounty programs are a nice little earner for hackers

Some security-conscious organizations award hackers up to $900,000 a year, according to what's touted as the biggest bug bounty industry report to date. The study – commissioned by HackerOne, a bug bounty and vulnerability disclosure platform provider – examined 800 hacker-powered programs and 50,000 resolved security …
John Leyden, 29 Jun 2017

'Janus' resurfaces: I was behind the original Petya. I want to help with NotPetya

A Twitter user purporting to speak for the cybercrime group behind the original Petya ransomware has claimed they want to help "repair" the damage caused by this week's attack. The Twitter account Janus Cybercrime Solutions (@JanusSecretary), which went dark for a time after the original Petya outbreak, was reactivated on …
John Leyden, 29 Jun 2017

NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month in England, a report by The Chartered Institute for IT concludes. The report, published today, comes following a similar, but more limited attack against UK-based …
John Leyden, 29 Jun 2017
channel

123-reg resolves secure database access snafu

UK-based hosting and domains provider firm 123-reg has fixed an issue that meant access to some customers' databases ran over an unsecured link, creating a privacy risk in the process. A reader and 123-reg hosting customer got in touch over the issue after failing to get action directly from the hosting firm over the problem, …
John Leyden, 28 Jun 2017

Pwned UK SME fined £60K for leaving itself vulnerable to hack attack

A small UK company that suffered a cyber attack has been fined £60,000 by the Information Commissioner’s Office (ICO). An investigation by the ICO found Berkshire-based Boomerang Video failed to take basic steps to stop its website being attacked, a hacking incident that led to the exposure of the personal details of 26,000 …
John Leyden, 27 Jun 2017

50th anniversary of the ATM opens debate about mobile payments

Analysis Today marks the 50th anniversary of the Automated Teller Machine (ATM), the first of which was installed outside Barclays Bank, Enfield Town in north London. Actor Reg Varney from '70s sitcom On the Buses was the first to use the cash machine. Fast forward half a century and cash machines have become a familiar high street …
John Leyden, 27 Jun 2017

Huge ransomware outbreak spreads in Ukraine and beyond

Updated A huge ‪ransomware‬ outbreak has hit major banks, utilities and telcos in Ukraine as well as victims in other countries. Check out our full analysis of the software nasty, here. Early analysis of the attack points towards a variant of the known Petya ransomware, a strain of malware that encrypts the filesystem tables and …
John Leyden, 27 Jun 2017

Make sure your Skype is up to date because FYI there's a nasty hole in it

Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows. The stack buffer overflow flaw allows miscreants to inject malicious code into Windows boxes running older versions of Skype, bug hunters at Vulnerability Laboratory warn: The issue can be exploited …
John Leyden, 27 Jun 2017
Web browsers 2015

European Commission chucks cash at UR – the universal language of mind your own biz

Privacy-focused French browser developer UR* has scored a grant from the European Union it hopes will help turbo charge its nascent technology. UR, founded two years ago in 2015, plans to use the funds to bring its browser to a larger number of people. The French startup scored the funding by fulfilling two core values of the …
John Leyden, 27 Jun 2017

Braking news: AA password reset email cockup crashes servers

UK car insurance giant the AA caused all sorts of confusion on Monday after accidentally sending out a "password update" email to people. The alert led to motorists rushing to log into the motoring organization's website to change their passwords, only to overload the servers and effectively run them over. Brits were furious …
John Leyden, 26 Jun 2017
Big Ben and Underground sign. Pic: Crown copyright/MoD

UK Parliament hack: Really, a brute-force attack? Really?

Comment Just under 90 Parliamentary email accounts were compromised by a brute force attack on the parliamentary network over the weekend. And there is a long-established technology which can normally see off this kind of attack. Two factor authentication (2FA) technology has been ubiquitous among enterprises as an verification …
John Leyden, 26 Jun 2017

US Secretary of State: Я буду работать с Россией по вопросам кибербезопасности

Analysis US Secretary of State Rex Tillerson has expressed a willingness to work directly with Russia on cybersecurity and other issues. The proposed partnership is surprising, given the continued controversy over allegations that the Russians interfered with last year's US presidential election – a serious accusation at the center of …
John Leyden, 23 Jun 2017

Virgin Media router security flap follows weak password expose

Virgin Media has urged 800,000 customers to change their passwords to guard against possible hacking attack. The move follows an investigation by consumer mag Which? that discovered hackers could access the UK cableco's Super Hub 2 router, allowing access to IoT devices connected through the same home network. The issue stems …
John Leyden, 23 Jun 2017
sir_humphrey_screengrab_648

Russian hackers selling login credentials of UK politicians, diplomats – report

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still …
John Leyden, 23 Jun 2017
businessman shrugging - illustration via shutterstock

Microsoft PatchGuard flaw could let hackers plant rootkits on x64 Windows 10 boxen

Flaws in Microsoft PatchGuard create a means for hackers to plant rootkits on Windows 10, 64-bit OS devices. The newly discovered attack technique, dubbed GhostHook, allows attackers to completely bypass PatchGuard, security researchers at CyberArk Labs warn. PatchGuard (formally known as Kernel Patch Protection) was …
John Leyden, 22 Jun 2017
Sherlock Holmes

UCL ransomware attack traced to malvertising campaign

Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign. Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a …
John Leyden, 22 Jun 2017

Cybereason snags $100m from Softbank to mount distribution, tech offensive

Cybersecurity startup Cybereason is looking to go to the next level after securing $100m in funding from SoftBank. Cybereason, with headquarters in Boston, Massachusetts and Tel Aviv, Israel, offers a range of endpoint detection and response, next-generation antivirus, and managed monitoring services. These are crowded …
John Leyden, 21 Jun 2017
Batman. Credit: DC Comics.

Breach at UK.gov's Cyber Essentials scheme exposes users to phishing attacks

Updated The operation behind the UK government's Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme's badges are required by suppliers bidding for "certain sensitive and personal information-handling [government] contracts". Companies were notified of …
John Leyden, 21 Jun 2017
honda crv engine

Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak

Honda said today that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware. The Japanese car maker halted production for one day at a domestic vehicle plant on Monday after finding samples of the WannaCrypt ransomware in its computer network, Reuters …
John Leyden, 21 Jun 2017

US is Number One! In sales register hacking attacks, at least

Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure. Incidents affecting sales tills and payment systems increased to 31 per cent in 2016, according to research by security firm Trustwave, while incidents affecting e-commerce environments fell to …
John Leyden, 20 Jun 2017
Angry Judge

Hacker exposed bank loophole to buy luxury cars and a face tattoo

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). …
John Leyden, 20 Jun 2017

Biting the hand that feeds IT © 1998–2017