John Leyden

Contact Mail Follow Twitter RSS feed
Newly passed out 2Lts from 6 RIFLES on Salisbury Plain Training Area. Crown copyright, 2013

Flaws fixed in SAP's police and military software

Three of the 31 patches pushed out by SAP on Tuesday tackle flaws in the ERP giant’s technology for Defense Forces & Public Security. In particular, SAP's Defense Forces & Public Security and SAP Mobile Defense & Security components are susceptible to a missing authorisation check vulnerability. “This issue potentially allows …
John Leyden, 14 Dec 2016

'I found a bug that let anyone read anyone's Yahoo! Mail and all I got was this $10k check'

A security researcher says he bagged $10k after discovering and reporting a serious flaw in Yahoo! Mail that could have been exploited by crooks to read victims' messages. Jouko Pynnönen says he reported the vulnerability in Yahoo! Mail via bug-bounty organizers HackerOne. "The impact of the bug is similar to the one I …
John Leyden, 09 Dec 2016
Man looks at his mobile - mildly surprised or shocked about something. Photo by shutterstock

Ugh! Is that your security budget? *Sucks teeth and shakes head*

Organisations spend an average of 5.6 per cent of their overall IT budget on IT security and risk management, according to analyst Gartner. IT security spending ranges from approximately 1 per cent to 13 per cent of the IT budget. Gartner warns that simply looking at the size of security spending - even in comparison to other …
John Leyden, 09 Dec 2016
Q in James Bond

UK.gov state of the nation report: Infosec's very important, mmmkay

The UK government’s first annual report on the implementation of the 2015 National Security Strategy has reaffirmed that cyber-security remains a key priority. The 39 page report (pdf) lists cyber-security alongside Russia’s actions in Syria and Ukraine and terrorism as among the greatest threats Britain faces. The range of …
John Leyden, 09 Dec 2016

Trend Micro AV nukes innocent Sharepoint code, admins despair

Trend Micro's antivirus software has flagged benign Sharepoint code as potentially malign and nuked the files, causing the Microsoft package to fall over. After installing a dodgy update, Trend's OfficeScan tool removes a harmless JavaScript file from Sharepoint, leaving crashing servers in its wake. Aggrieved admins have …
John Leyden, 08 Dec 2016
Password

US commission whistles to FIDO: Help end ID-based hacks by 2021

A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises. The US Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security …
John Leyden, 08 Dec 2016
Shaun of the dead zombies cricket bat movie still. Copyright Universal Pictures

Mirai variant turns TalkTalk routers into zombie botnet agents

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots. The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula. “The botnet devices’ geolocation is very uncommon for DDoS botnets …
John Leyden, 08 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 07 Dec 2016
airplane just kidding shot

Hackers actively stealing Wi-Fi keys from vulnerable routers

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys. Andrew Tierney, a security researcher at UK consultancy Pen Test Partners, noticed the switch-up in tactics in attacks against its honeypot network over the weekend. Customers of UK ISP …
John Leyden, 06 Dec 2016

Own goal for Scottish Football Association as fans sent phishy emails

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach. The SFA blamed a breach at a third-party supplier for a leak of sensitive info that was used in an attempt to trick recipients into opening a dodgy email that appeared under the guise of an …
John Leyden, 06 Dec 2016
Cops with guns, image via Shutterstock

Yorkshire cyber security biz ECSC Group to debut on AIM exchange

Bradford-based cyber security consultancy ECSC Group is set to float on the AIM stock exchange on December 14. ECSC is bullish about its prospects, stating that the "recent proliferation of high-profile cyber security breaches affecting some of the world's most largest companies" has made cyber security a strategic issue for …
John Leyden, 05 Dec 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Russia accuses hostile foreign powers of plot to undermine its banks

Russia has accused unnamed foreign spies of launching a concerted effort to undermine its domestic banking system. Cyber attacks are being combined with fake social media reports about banks going bust, according to Russia's state security agency, the FSB. Servers physically located in the Netherlands and leased to BlazingFast …
John Leyden, 02 Dec 2016

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so. Problems at the Post Office …
John Leyden, 02 Dec 2016
inspector clouseau

Europol cop took terror dossier home, flashed it to the web accidentally

An investigator at Europe's FBI Europol took home a USB stick packed with terror probe documents and accidentally spilled the files on the internet. Dutch telly documentary series Zembla reported this month that about 700 pages of analysis on terrorist groups and related sensitive information were exposed online as a result of …
John Leyden, 01 Dec 2016
Surfers

Hull surfers cut off by router attack

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack. Local telco KCOM blamed difficulties for its customers which began over the weekend and remains ongoing on an attack it said was targeted at models of routers it supplies to some of its customers. Since …
John Leyden, 01 Dec 2016
Data breach

Clients say they'll take their money and run if service hacked – poll

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked. Almost half (48 per cent) of the 1,000 Brits questioned by Onepoll claimed they would cancel accounts if a provider of theirs suffered a data breach. In addition, a …
John Leyden, 01 Dec 2016
android_toys_648

Android-rooting Gooligan malware infects 1 million devices

A new strain of Android malware is infecting an estimated 13,000 devices per day. The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users' sensitive data from Gmail accounts, security researchers at Check Point …
John Leyden, 30 Nov 2016

UK cops spot webcam 'sextortion' plots: How vics can hit stop

The NCA has said that "at least four young men have taken their own lives" after being targeted by financially motivated webcam blackmailers, while UK police forces are sharing stats and tips in a campaign to combat the rising problem. Police say they've recorded 864 cases of webcam blackmail cases so far in 2016, more than …
John Leyden, 30 Nov 2016
lottery

UK National Lottery data breach: Fingers crossed – it might not be you

Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts. Camelot, the company behind the National Lottery, detected the scam and subsequent attempted frauds and responded by locking down accounts, triggering compulsory password resets …
John Leyden, 30 Nov 2016
Bank vault

'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee

A former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket. Earlier this month Tesco Bank admitted that an estimated £2.5m had been stolen from 9,000 customer accounts in the biggest cyber-heist of its kind to affect a UK bank. The …
John Leyden, 30 Nov 2016

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study. Eleven of the 46 products that made it into monthly top 20 most vulnerable product charts between August and October were security packages, Secunia reports. Products from vendors including AlienVault …
John Leyden, 29 Nov 2016
Alan Turing (Benedict Cumberbatch) and the Bombe machine

Bletchley Park Trust vows to shore up insecure website

The Bletchley Park Trust has promised that a website revamp due in January will address security concerns highlighted by a security expert on Sunday. Paul Moore slammed the site, which was home of the WWII Enigma codebreakers, for all manner of security shortcomings including emailing password resets and vulnerabilities to the …
John Leyden, 29 Nov 2016
Sheaf of £50 notes poised on the rim of a toilet bowl as toilet is flushed. Collage of two photos sourced from Shutterstock

Ransomware scams cost Brits £4.5m per year

More than 4,000 Brits have had their computers infected with ransomware this year, with over £4.5m paid out to cyber criminals, according to Action Fraud. Ransomware is a type of malware that encrypts files of infected PCs before demanding an extortionate payment for the encryption key needed to recover data. The malware …
John Leyden, 28 Nov 2016
Tesla Model X

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

A smartphone app flaw has left Tesla vehicles vulnerable to being tracked, located, unlocked, and stolen. Security experts at Norwegian app security firm Promon were able to take full control of a Tesla vehicle, including finding where the car is parked, opening the door and enabling its keyless driving functionality. A lack …
John Leyden, 25 Nov 2016
Crop of doctor with pen and clipboard

EU puts out prescription for smart hospitals

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines. The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of …
John Leyden, 25 Nov 2016