John Leyden

Contact Mail Follow Twitter RSS feed
Angry Judge

Hacker exposed bank loophole to buy luxury cars and a face tattoo

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). …
John Leyden, 20 Jun 2017

Brit hacker admits he siphoned info from US military satellite network

A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about …
John Leyden, 16 Jun 2017
Office Space

If you haven't already obliterated your Jaff-infected comp, there is an antidote available

Security researchers have developed a free decryption tool for victims of the ‪Jaff‬ ransomware, meaning they can regain access to files without paying crooks. The utility – developed by boffins at Kaspersky Lab – works on all variants released to date. Of course there is still the possibility that the criminals behind Jaff …
John Leyden, 15 Jun 2017

Cloud bigger than ever, biz suddenly keen to fork out for security. Put 'em together...

Growth cloud-based security services will remain strong, with the market reaching $5.9bn in 2017, up 21 per cent from 2016, analyst house Gartner predicts. Growth in the cloud-based security services market will outpace the overall information security market. Email security, web security and identity and access management ( …
John Leyden, 15 Jun 2017

Banking websites are 'littered with trackers' ogling your credit risk

A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm …
John Leyden, 15 Jun 2017

Don't all rush out at once, but there are a million devices ripe to be the next big botnet

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn. UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai …
John Leyden, 15 Jun 2017

Internet hygiene still stinks despite botnet and ransomware flood

Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack. A follow-up audit by Rapid7 – the firm behind the Metasploit pen-testing tool – found that more than a million endpoints were confirmed …
John Leyden, 14 Jun 2017

Telegram chat app founder claims Feds offered backdoor bribe

The founder of chat app Telegram has publicly claimed that feds pressured the company to weaken its encryption or install a backdoor. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," Pavel Durov said on Twitter. "It would be naive to think …
John Leyden, 14 Jun 2017

Discredit a journo? Easy, that'll be $55k. Fix an election? Oh, I can do that for just $400k

Fake news has come to be associated with political intrigue but the same propaganda techniques are also abused by cybercriminals, according to a study by Trend Micro. The techniques and methods used to spread fake news and manipulate public opinion have a wide range of objectives and even a price list. Cybercriminals produce …
John Leyden, 13 Jun 2017
Prison

Jailed fraudster admits running same cold-caller con from behind bars

The jailed kingpin behind a multimillion-pound fraud has admitted attempting to run an almost identical con from behind bars. Feezan "Fizzy" Hameed, 26, ran a voice-based phishing fraud which claimed 750 RBS group victims (mainly small businesses such as accountants and solicitors) and resulted in loses of £113m. He used his …
John Leyden, 12 Jun 2017

Move over, Stuxnet: Industroyer malware linked to Kiev blackouts

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December …
John Leyden, 12 Jun 2017
A_KUDR http://www.shutterstock.com/gallery-1864778p1.html

Mac ransomware author is giving away malicious code to script kiddies

Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs. Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet. MacRansom uses symmetric …
John Leyden, 12 Jun 2017
router

Virgin Media resolves flaw in config backup for Super Hub routers

A recently resolved flaw in Virgin Media wireless home routers gave hackers a means to gain unauthorised administrative-level access to the devices. Security shortcomings in software from the Super Hub 2 and Super Hub 2AC, manufactured by Netgear, were uncovered by researchers from Context Information Security, Jan Mitchell …
John Leyden, 12 Jun 2017
Witcher 3: Wild Hunt

Witcher dev CD Projekt Red says hackers stole game concepts and asked for ransom

CD Projekt Red, the Polish developer behind the critically acclaimed Witcher games, yesterday admitted that some of its internal files and concepts for upcoming title Cyberpunk 2077 have been snaffled by hackers and held for ransom. The dev downplayed concerns by telling gamers that the files involved are "old and largely …
John Leyden, 09 Jun 2017

Say hello to Dvmap: The first Android malware with code injection

A powerful Android trojan with novel code injection features that posed as a game was distributed through the Google Play Store before its recent removal. The Dvmap trojan installs its malicious modules while also injecting hostile code into the system runtime libraries. But Dvmap has other tricks up its sleeve. Once …
John Leyden, 09 Jun 2017
Mad Saudi

DDoS attack brings Qatar's Al Jazeera website to its knees

Qatar-based news network Al Jazeera yesterday said it was being targeted with systematic hacking attempts. DDoS assaults affecting Al Jazeera's websites and digital platforms follow a recent hack of the state news service that resulted in the promotion of false news and is blamed, in part, on an ongoing diplomatic crisis in …
John Leyden, 09 Jun 2017
what has been seen? pic by SHutterstock

Most vulnerabilities first blabbed about online or on the dark web

More than three-quarters of vulnerabilities are publicly reported online before National Vulnerability Database publication. News sites, blogs and social media pages as well as more remote areas of the web including the dark web, paste sites, and criminal forums first published bugs more often than NIST's1 centralised National …
John Leyden, 08 Jun 2017
Still from the company's catalogue showing woman scientist in lab

Forcing digital forensics to obey 'one size fits all' crime lab standard is 'stupid and expensive'

Analysis Opposition is growing over demands that digital forensics labs comply with ISO 17025 – an international checklist for laboratory testing. Essentially, the UK government and Brit police chiefs want computer forensics labs serving Blighty's criminal justice system to be ISO 17025 compliant by October 2017. That means IT experts …
John Leyden, 08 Jun 2017

Pop-up Android adware uses social engineering to resist deletion

A malicious Android app that downloads itself from advertisements posted on forums strongly resists removal, security firm Zscaler warns. The dodgy Android utility poses as "Ks Clean", an Android cleaner app. Once installed, the app displays a fake system update message in which the only option presented to the user is to …
John Leyden, 07 Jun 2017

Hand in your notice – by 2022 there'll be 350,000 cybersecurity vacancies

The General Data Protection Regulation (GDPR) will force European organisations to expand their cyber workforce, causing demand to outstrip the supply of expertise. Two in five governments and companies will expand their cybersecurity divisions by more than 15 per cent in the next 12 months, according to a survey by the …
John Leyden, 07 Jun 2017
hacker

Kremlin hackers' new target: Montenegro

The prolific Kremlin-backed hacking crew blamed for attacking the US Democratic National Committee last year has targeted the Montenegro government with cyberattacks, according to cybersecurity company FireEye. The assaults were motivated by Montenegro's decision to join the North Atlantic Treaty Organization (NATO), a move …
John Leyden, 06 Jun 2017
Kaspersky

Kaspersky files antitrust suit against Microsoft

Kaspersky Lab has filed an antitrust complaint against Microsoft over allegations that Redmond is hobbling third-party antivirus software. The complaint was submitted to both the European Commission and German Federal Cartel Office this week following earlier protests to Russia's Federal Antimonopoly Service last year. …
John Leyden, 06 Jun 2017

Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts

Calls by a former special advisor to ex UK Prime Minister David Cameron to allow the circumvention of end-to-end encryption to monitor terrorist suspects have come under fire from security experts. Rohan Silva, government policy consultant turned co-founder at Shoreditch-based tech incubator/workspace startup Second Home, …
John Leyden, 06 Jun 2017
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Russia is struggling to keep its cybercrime groups on a tight leash

Russia's control of cybercrime groups that have come to play a part in its espionage activity is crumbling, according to Cybereason. The security intelligence outfit reached this conclusion after reviewing the latest tactics and procedures associated with high-profile cyber-espionage pops blamed on the Kremlin. Russia has made …
John Leyden, 06 Jun 2017

Europe's looming data protection rules look swell – for IT security peddlers. Ker-ching!

The rush to comply with Europe's upcoming General Data Protection Regulation will balloon the continent's IT security budgets to $11.5bn in 2018, analyst group Canalys reckons. That's a 16 per cent year on year increase, apparently. For what it's worth, IDC thinks Europe will spend $19bn on IT security this year, and more next …
John Leyden, 05 Jun 2017

Biting the hand that feeds IT © 1998–2017