John Leyden

Contact Mail Follow Twitter RSS feed
Container Vessel at Sea

US government fines Intel's Wind River over crypto exports

The US Government has imposed a $750,000 fine on an Intel subsidiary for exporting encryption to China, Russia, Israel and other countries Wind River Systems was fined for exporting products that incorporated encryption to foreign governments and to organisations on the US government restricted list. The controversial move means …
John Leyden, 17 Oct 2014

UK's a very popular target for EMEA cyberspies – report

Malware attacks, especially in Europe, nearly doubled in the first half of 2014, according to a new report. Government, financial services, telecommunications and energy were the most targeted sectors – collectively making up more than half of attacks detected by security vendor FireEye. The UK (17 per cent) followed by Germany …
John Leyden, 17 Oct 2014
android tongue

Bad news, fandroids: He who controls the IPC tool, controls the DROID

A security flaw in a core message-passing mechanism leaves every Android device potentially vulnerable to attack, security researchers warned on Thursday. The newly discovered flaw enables hackers to override in-app security features, leaving critical apps such as mobile banking susceptible to tampering. The same vulnerability …
John Leyden, 16 Oct 2014
Crime in Russia

Hacker-hunters finger 'Keyser Soze' of Russian underground card sales

A hacker based in Odessa, Ukraine has become the main provider of data stolen from compromised credit cards, a new study claims. According to Russian cyber-security consultancy Group-IB, a person or persons operating under the pseudonym “Rescator” (AKA Helkern and ikaikki) uploaded details of over five million cards onto the …
John Leyden, 16 Oct 2014

Drupal SQL injection nasty leaves sites 'wide open' to attack

A newly patched SQL injection flaw in Drupal leaves sites that rely on the widely used web development platform wide open to attack. Admins of sites that run Drupal 7 should upgrade to 7.32 to guard against possible attack. Patching needs to take place sooner rather than later because the easy-to-exploit vulnerability hands …
John Leyden, 16 Oct 2014

FinFisher spyware used to snoop on Bahraini activists, police told

Allegations that three Bahraini activists resident in Britain were spied on by Bahraini authorities using British spyware have led to a criminal complaint. Privacy International is calling on the National Cyber Crime Unit of Britain's National Crime Agency to investigate the unlawful surveillance of three human rights …
John Leyden, 16 Oct 2014
Harry the Rottweiler - aka small poodle called Patsy

Man bites dog: HTTPS-menacing POODLE is 'hard to exploit' – unless you're on public Wi-Fi

Analysis Mozilla will ditch support for the insecure SSL 3.0 from Firefox next month, following the discovery of a design flaw in the protocol that allows hackers to hijack victims' online accounts. SSL v3 will be disabled by default in Firefox 34, due to be released on 25 November. Security experts are unanimous that sysadmins and …
John Leyden, 16 Oct 2014
Remy from Ratatouille

FireEye, Microsoft, Cisco team up to take down RAT-flinging crew

Security vendors have teamed up to fight a prolific cyber-espionage group thought to be based in China. The hacking crew has been targeting finance, education, government, policy groups and think tanks for around four years since 2010. One of its main tools is Moudoor, a derivative of the infamous Gh0st RAT (remote access tool …
John Leyden, 15 Oct 2014

Snapchat 'hack' pics mostly clothed user snaps, odd bits of legacy pr0n – report

Last week's SnapChat image leak has turned out to be a damp squib rather than the serious privacy breach anticipated by many in the wake of the "Fappening". As previously reported, 200,0000 private photos and videos sent using the SnapChat application and archived using the unofficial (and now defunct) SnapSaved.com site leaked …
John Leyden, 14 Oct 2014
Kindle Big Brother

Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen

IP Expo Law enforcement and intel agencies have no right to complain about the improved security of smartphones because they brought the problem on themselves, according to security guru Mikko Hyppönen. Policing and government officials on both sides of the Atlantic have been vociferous in their complaints about Apple and Google's …
John Leyden, 13 Oct 2014

Selfmite on STEROIDS: Pumped-up SMS worm is BACK...

The SMS worm Selfmite is back: bigger, badder and now global. The worm, which first surfaced in June and affects Android smartphones and tablets, has spawned a new version. Selfmite-B infects many more users, uses several money-making techniques and is generally more dangerous and difficult to stop, warns mobile security firm …
John Leyden, 10 Oct 2014
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is …
John Leyden, 10 Oct 2014
emma watson

Facebook scammers punt fake 'sexy vid' of Emma Watson

Scammers are taking advantage of Emma Watson’s growing popularity by using the Harry Potter star as bait to spread malware on Facebook. The supposed “sexy videos” of the British actress – who has recently stood up against sexism in her new role as Goodwill Ambassador for Women – drop Trojans rather than the promised salacious …
John Leyden, 10 Oct 2014
Hacker image

'A motivated, funded, skilled hacker will always get in' – Schneier

IP Expo Hacking attacks are more or less inevitable, so organisations need to move on from the protection and detection of attacks towards managing their response to breaches so as to minimise harm, according to security guru Bruce Schneier. Prevention and detection are necessary, but not sufficient, he said. Improving response means …
John Leyden, 09 Oct 2014

Sir Tim Berners-Lee defends decision not to bake security into www

IP Expo Sir Tim Berners-Lee has defended his decision not to build in security at the onset of the world wide web. It’s easy to be wise in hindsight, but Sir Tim explained that at the point he invented the world wide web 25 years ago, he wanted to create a platform that developers would find familiar and easy to use. Baking in security …
John Leyden, 08 Oct 2014

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Video Thieves are sneaking malware dubbed Tyupkin into ATMs to force them to cough millions of dollars, we're told. The crims don't need to use stolen or cloned cards. Instead, fraudsters infect the ATM's on-board PC, and later type a special combination of digits on the PIN keypad to drain the machine of banknotes – that's according …
John Leyden, 08 Oct 2014

Britain’s snooping powers are 'too weak', says NCA chief

Keith Bristow, head of of the National Crime Agency (the UK’s FBI), is arguing Britain’s snooping powers are “too weak”. In an interview with The Guardian, the NCA’s director general said police need new powers to monitor data about emails and phone calls. He admits many don't see the police case for comms data snooping while …
John Leyden, 07 Oct 2014

Monster banking Trojan botnet claims 500,000 victims

Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date. The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More …
John Leyden, 07 Oct 2014
USB tampon

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

The seriousness of a USB security weakness, which could potentially allow hackers to reprogram USB drives, has been ratcheted up a notch, with the release of prototype code. Researchers Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, demonstrated how it might be possible to reprogram the firmware within …
John Leyden, 03 Oct 2014

MAC BOTNET uses REDDIT comments for directions

A zombie network that feasts on the computer brains of infected Macs has press-ganged 17,000 compromised machines into its ranks, Russian anti-virus firm Dr Web warns. The iWorm creates a backdoor on machines running OS X. Miscreants are using messages posted on Reddit as a navigational aid which points infected machines towards …
John Leyden, 03 Oct 2014
Car-2-Car

We're not Mr Brightside: Asda Car Insurance broker hacked

No customer data was exposed after the firm behind Asda Car Insurance was hacked, said the broker as it explained why the ACI website went offline earlier this week. Reg reader and Asda Car Insurance customer Arthur forwarded us a notice he received from Brightside Group, who provide white label insurance products for Asda and …
John Leyden, 03 Oct 2014
sabu

LulzSec supersnitch led attacks on UK, Australia – report

Hacktivist kingpin turned FBI snitch Hector Xavier "Sabu" Monsegur orchestrated attacks against 30 countries, including systems in the UK and Australia, according to a report that joins the dots between sealed court docs and leaked IRC chat logs. According to the court documents, Monsegur persuaded other hacktivists – among them …
John Leyden, 02 Oct 2014

Bash bug flung against NAS boxes

Hackers are attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage (NAS) systems. Miscreants are actively exploiting the time-to-patch window in targeting embedded devices, security firm FireEye warns. We have evidence that attackers are actively exploiting the time-to-patch window …
John Leyden, 01 Oct 2014

Xen sticks pin in bug behind Rackspace GLOBAL CLOUD REBOOT

Details of the mysterious Xen vulnerability, which prompted the Amazon AWS/Rackspace cloud reboots late last week, have been revealed, with patches already available. The CVE-2014-7188 vulnerability creates a way to trick the hypervisor into reading unallocated memory. "A buggy or malicious HVM [hardware virtual machine] guest …
John Leyden, 01 Oct 2014
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014

George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests

George Clooney and his new wife – a human rights lawyer who has represented six-fingered embassy dweller Julian AssangeTM – went to extreme lengths to safeguard the privacy of their wedding, even issuing guests with "burner phones" under their control. Guests at last weekend's nuptials between George Clooney and top lawyer Amal …
John Leyden, 30 Sep 2014

Consumers agree to give up first-born child for free Wi-Fi – survey

Consumers carelessly use public Wi-Fi without regard for their personal privacy, even blithely agreeing to surrender their first born in exchange for the opportunity to check their emails without paying. That's according to an experiment which involved setting up a "poisoned" Wi-Fi hotspot. Unsuspecting users who connected to …
John Leyden, 30 Sep 2014

Shellshock: 'Larger scale attack' on its way, warn securo-bods

The Shellshock vulnerability has already become the focus for malicious scanning and at least one botnet but crooks are still testing the waters with the vulnerability and much worse could follow, security watchers warn. Net security firm FireEye said it has seen all manner of overtly malicious traffic leveraging the Bash bug, …
John Leyden, 29 Sep 2014
iCloud brute force

Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

A long established smut spammer is using hacked websites to sell stolen photographs of naked celebrities including Jennifer Lawrence, Kate Upton and McKayla Maroney. The miscreant (who uses compromised web servers to host his landing pages) has altered his pitch to include copies of the recently released stolen photographs of …
John Leyden, 29 Sep 2014

SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches

The majority of Fortune 1000 and Global 2000 companies have already deployed, or are now deploying, Shellshock patches to fend off code attacks, according to cloud security firm CloudPassage. The Shellshock vulnerability allows remote attackers to execute arbitrary code on servers using a variety of techniques, with the CVE-2014 …
John Leyden, 29 Sep 2014

Stunned by Shellshock Bash bug? Patch all you can – or be punished

Updated The UK's privacy watchdog is urging organisations to protect their systems against the infamous Shellshock vulnerability in Bash – even though the full scope of the security bug remains unclear. The Shellshock flaw affects Bash up to and including version 4.3. It's a vital component of many Linux and Unix systems, as well as …
John Leyden, 26 Sep 2014
Disney's Beagle Boys

Four caged in UK after cyber-heist swipes €7m in EU carbon credits

Four men were jailed in the UK this week following the theft of millions of pounds in carbon-emission credits. The gang was convicted for their part in an operation that stole half a million credits – valued at €7m (£5m) at the time – from the Czech Republic’s carbon-emission registry back in January 2011. European carbon- …
John Leyden, 26 Sep 2014
Now you've done it...

Hackers thrash Bash Shellshock bug: World races to cover hole

Sysadmins and users have been urged to patch the severe Shellshock vulnerability in Bash on Linux and Unix systems – as hackers ruthlessly exploit the flaw to compromise or crash computers. But as "millions" of servers, PCs and devices lay vulnerable or are being updated, it's emerged the fix is incomplete. The flaw affects the …
John Leyden, 25 Sep 2014

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014

Latest Firefox and Thunderbird updates plug CRITICAL SSL vuln

Mozilla Firefox needs patching urgently following the discovery that the open source browser is vulnerable to SSL man-in-the-middle attacks. The critical bug arises because the Network Security Services (NSS) libraries parser built into the browser is capable of being tricked into accepting forged RSA certificate signatures. …
John Leyden, 25 Sep 2014

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Updated A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large. It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers. The vulnerability is present in …
John Leyden, 24 Sep 2014
Canvas fingerprinting

Apple is too shallow, must go deeper to beat TouchID fingerprint hack, say securo-bods

News that Apple’s iPhone 6 can be spoofed with the same fake fingerprints that tricked its earlier version, the iPhone 5S, has sparked off a lively debate among security researchers. Lookout researcher Marc Rogers demonstrated that the TouchID fingerprint sensor of the latest iPhones could be made to work with a cloned …
John Leyden, 24 Sep 2014
Heatmiser PRS-TS WiFi RF Thermostat

Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI

Digital thermostats from Heatmiser are wide open to takeover thanks to default login credentials and myriad other security flaws. The UK-based manufacturer has promised to develop a fix. Pending the arrival of a patch, users are advised to disable the device's Wi-Fi capability. The security flaws were discovered by Andrew …
John Leyden, 24 Sep 2014
Detail from Chaos Computer Club video

Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack

Apple’s shiny new iPhone 6 can be spoofed with the same fake fingerprints that tricked its older sibling, the iPhone 5S. That's according to mobile security firm Lookout, which said it discovered that it is possible to create a fake fingerprint that's capable of fooling the TouchID fingerprint sensor of the latest iPhones (6 and …
John Leyden, 23 Sep 2014
Files

UK banks hook themselves up to real-time cop data feed

UK banks will receive real-time warnings about threats to their customers' accounts as well as the overall integrity of their banking systems from a new financial crime alert system. Financial Crime Alerts Service (FCAS), which is being rolled out by banking industry association BBA, is designed to allow financial crime …
John Leyden, 23 Sep 2014

Tripadvisor site coughs to card data breach for a potential 800k users

TripAdvisor has suffered a data breach at its Viator tour-booking and review website. An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data. The compromise also potentially aired the email address, password and Viator "nickname" associated …
John Leyden, 23 Sep 2014
Call of Duty: Black Ops 2

BLAM, BLAM, BLAM... nooooo! Hacker crew Lizard Squad spits DDoS venom on Call of Duty

Hackers from the group Lizard Squad have reneged on their promise to quit earlier this month, apparently launching distributed denial-of-service (DDoS) attacks on major gaming industry websites. After an attack on the Playstation Network in August, Lizard Squad has added two uber-popular shoot-'em-up games from Activision …
John Leyden, 23 Sep 2014
iOS 8

Apple slaps a passcode lock on iOS 8 devices, but cops can still inhale your iCloud

Improved security features in iOS 8 prevent Apple from unlocking phones – even when requested to by law enforcement. But search warrant-holding cops can still get almost everything through iCloud backups, according to ElcomSoft. The consumer device manufacturer's attempts at upgrading iOS encryption to "defeat lawful search …
John Leyden, 23 Sep 2014
Targeted Spam

Mushy spam law's IDEAL for toothless watchdog: Spamhaus slams CAN-SPAM

Antispam organisation Spamhaus has reacted phlegmatically to a recent survey that one in 10 of the world’s largest online retailers are still violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. Richard Cox, CIO of The Spamhaus Project, suggested the Online Trust Alliance (OTA)'s …
John Leyden, 22 Sep 2014
Microsoft CEO Satya Nadella

Blood-crazed Microsoft axes Trustworthy Computing Group

Microsoft is closing its Trustworthy Computing Group as part of the loss of 2,100 jobs in a restructuring plan unveiled on Thursday. The Trustworthy Computing Group is to be disbanded, with responsibilities for security and privacy programs folded into its Cloud & Enterprise Division, and its Legal & Corporate Affairs group. …
John Leyden, 19 Sep 2014
FBI badge and gun

TOR users become FBI's No.1 hacking target after legal power grab

The FBI wants greater authority to hack overseas computers, according to a law professor. A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet. The …
John Leyden, 19 Sep 2014

Russian botnet suspects cuffed over romantic MMS spyware allegs

Russian cops have arrested two mobile botnet cybercrime suspects as part of an ongoing investigation that's reckoned to be the first of its kind in Russia. The unnamed duo, aged 25 and 24 and both resident in Arkhangelsk (a city in the north of European Russia) were arrested as part of an investigation into attempts to defraud …
John Leyden, 19 Sep 2014
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014
Alistair Darling and Alex Salmond debate Scottish independence

Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM

Web users have been warned to be wary of fake results messages about the Scottish Independence referendum. The warning from UK.gov-backed Get Safe Online comes hours after the polling booths opened north in the border in a history-making vote that will determine Scotland's fate. Unlike a political election, there will not be …
John Leyden, 18 Sep 2014
australian credit cards fraud contactless

Forget bonking, have ONE OFF THE WRIST with Barclaycard's bPay

Barclaycard is trying to push consumers towards a cashless society with its contactless payment wristband, bPay. The technology is positioned as a competitor to Google Wallet and PayPal and the Apple Pay. These NFC-based smartphone technologies are debuting in the US, whereas bPay will be available much sooner in the UK. …
John Leyden, 18 Sep 2014