John Leyden

Contact Mail Follow Twitter RSS feed

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Interview Despite the hype about state-sponsored hackers, most breaches are actually the result of either criminal activity or "kids messing around", according to breach expert Troy Hunt. Hunt, operator of the breach notification service Have I Been Pwned, noted that many of the current spate of breach disclosures actually stem from …
John Leyden, 07 Oct 2016
Lady looking at phone with the world map in the background connecting with the phone

Pay up or your data gets it, Fandroid

Ransomware became the main danger to users of the Android operating system in the first half of 2016. Bitdefender’s Android malware statistics show the Android SLocker ransomware family accounts for almost half of all mobile malware reported by infected devices in H1 2016 in Denmark, and a quarter in Germany. Australia (21.5 …
John Leyden, 07 Oct 2016

Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality

Spotify has apologized to its subscribers after it served up malicious adverts that attempted to infect listeners' computers. The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads …
Phone Booth

ISP GMX attempts the nigh impossible: PGP for the masses

Internet service provide GMX claims to have overcome the notorious usability problems of PGP with the launch of a new email service that offers end-to-end encryption. The new email security works across all devices and platforms: including laptops, tablets, smartphones and web browsers, according to GMX, which says that the …
John Leyden, 06 Oct 2016
Fancy Bear Anonymous bear logo

Fancy Bears' who-takes-what in sports hack list ‘manipulated’ before leak

Hackers may have doctored athletes’ data prior to leaking it, according to the World Anti-Doping Agency (WADA). The "Fancy Bear" hacking group has been releasing details of athletes' Therapeutic Use Exemptions (TUE*) after breaking into the systems of the fair play enforcement agency, as previously reported. WADA, which …
John Leyden, 06 Oct 2016
Man flexing for webcam

Mac malware lies in wait for YOU to start a vid sesh...

Mac malware could piggy-back on your legitimate webcam sessions - yep, the ones you've initiated - to locally record you without detection, a leading security researcher warns. Patrick Wardle, a former NSA staffer who heads up research at infosec biz Synack, outlined the vulnerability together with counter-measures he’s …
John Leyden, 06 Oct 2016
Sad iPhone

'Flaw' in iOS 10 private browsing... not as bad as it looks

Independent security experts have downplayed concerns about a reported flaw in iOS 10 private browsing. Stacey Jury, a digital forensic analyst at IntaForensics, found that the private browsing mode in Apple iOS 10 is not foolproof, since it does not delete your data correctly, leaving it open to recovery. “Apple have made …
John Leyden, 06 Oct 2016

Today's fruitless cash-chuck

UK businesses doubled security spending last year without seeing any tangible returns. Average UK security spending last year doubled last year from £3m to £6.2m (nearly 60 per cent higher than global average - £3.9m), according to PwC. Despite this increased investment 18 per cent of UK organisation still don't know how many …
John Leyden, 06 Oct 2016 ransom cluelessness

Three in five companies targeted by ransomware believe they will fall prey to attack again, according to a new survey. Trend Micro’s findings are based on a survey of 305 IT decision makers at firms that employ more than 1,000 staff. Almost a third of companies (33 per cent) do not have a programme to educate employees on the …
John Leyden, 05 Oct 2016

Mastercard rolls out pay-by-selfie across Europe

Analysis MasterCard’s "selfie pay" will be coming to Europe next year after trials in the US, Canada and the Netherlands. The financial services firm  is rolling out biometric technologies that will allow European consumers to authenticate their identity without a password, but with a selfie, in order to provide customers with a more …
John Leyden, 05 Oct 2016

True man-in-the-middle: Transmitting logins through the human body

Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
John Leyden, 04 Oct 2016
Lady looking at phone with the world map in the background connecting with the phone cyber alert hub is up

NCSC, a UK government-run national cyber incident response bureau, opened its virtual door for business on Tuesday. The new organisation will serve as a hub for sharing best practices in security between public and private sectors as well as taking a lead role in national cyber incident response. The organisation will report …
John Leyden, 04 Oct 2016
Worker welds at manufacturing plant. Phto by Shutterstock

Industrial control kit hackable, warn researchers

Multiple vulnerabilities in MOXA ioLogik controllers placed industrial facilities at risk if they do not apply patches. Applied Risk said it had found multiple vulnerabilities in the MOXA E1242 Ethernet remote I/O series, a widely used range of kit used in industrial facilities such as utilities and manufacturing plants. Code …
John Leyden, 04 Oct 2016

Source code unleashed for junk-blasting Internet of Things botnet

Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend. The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in …
John Leyden, 03 Oct 2016
Man on bicycle talks on mobile on busy Brussels street. Photo by Alredo Cerra via Shutterstock

ICO boss calls for EU-style data protection rules post-Brexit

The UK’s new information commissioner reckons that a post-Brexit Britain should adopt data protection laws similar to those of, er... the EU. Elizabeth Denham made the comments during her first speech (transcript here) as UK information Commissioner at an event in London last week. Denham said the EU’s General Data Protection …
John Leyden, 03 Oct 2016
Robot drives a car. Conceptual illustration from Shutterstock

Upstart bags $2.5m to help put the brakes on self-driving car hackers

Israeli car security startup Karamba Security has banked $2.5m in fresh investment, which it plans to use to extend its technology to autonomous vehicles. The tech will be geared towards protecting engine control units (ECUs) in robot cars from hackers and malware infections. Miscreants typically infiltrate a vehicle by first …
John Leyden, 30 Sep 2016
Venomous snake

Avast closes AVG buyout

Avast has closed the acquisition of one-time free-of-charge security scanner rival AVG Technologies. The combined entity boasted more than $700m in revenue for 2016 and 400 million customers, with significant mobile and SMB market share. Vince Steckler has been named the chief executive officer of the new Avast, with AVG’s …
John Leyden, 30 Sep 2016

NHS trusts ‘complacent’ on cloud app security risks

Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request. The same FOI by cloud security firm Netskope also revealed that fewer than one-fifth of NHS Trusts have visibility into all cloud app use, leaving sensitive data vulnerable to both risky apps and …
John Leyden, 30 Sep 2016
A partially-eaten langos

Cloudy with a chance of ransomware

Cybercrooks have brewed up a strain of malware that both encrypts and infects files. The Virlock ransomware is dangerous because infected files can be spread through through cloud sync and collaboration applications, putting enterprises particularly at risk of attack. Cloud security firm Netskope warns that the tactic creates …
John Leyden, 30 Sep 2016
Schematics of the Parkes FRB detection

If you seek Amy

Comedian Amy Schumer is the most dangerous cyber-celebrity of 2016 according to Intel Security. The funny girl’s risky search status was revealed in the latest edition of an annual study by Intel Security into which celebrities are most often used by search engine result-manipulating hackers in order to trick surfers into …
John Leyden, 29 Sep 2016
Slices of madeira cake

NHS security deal

NHS Digital is planning to work closely with the National Cyber Security Centre (NCSC) to improve security for hospitals and other healthcare units. The role was revealed days before the NCSC, a UK government-run national cyber incident response bureau, opens its door for business next month. “NHS Digital, along with other …
John Leyden, 29 Sep 2016
Bear attack

Russian hackers target MH17 journalists for embarrassing Putin

Journalists investigating the downing of the MH17 flight over eastern Ukraine in 2014 have been hacked by Russia, according to security intelligence outfit ThreatConnect. The Joint Investigation Team (JIT) recently announced that Malaysia Airlines flight MH17 was shot down over Eastern Ukraine in July 2014 by a missile …
John Leyden, 29 Sep 2016
Game of Thrones

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Cybercriminals are hawking their claimed ability to exploit newly introduced biometric-based ATM authentication technologies. Many banks view biometric-based technologies such as fingerprint recognition to be one of the most promising additions to current authentication methods, if not a complete replacement to chip and PIN. …
John Leyden, 29 Sep 2016

Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett. The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations …
John Leyden, 21 Sep 2016

BT's Wi-Fi Extender works great – at extending your password to hackers

BT is urging folks to patch the firmware in its Wi-Fi Extender following the discovery of multiple security flaws. Security researchers at Pen Test Partners discovered vulnerabilities with the consumer-grade kit, including cross-site scripting and the ability to change a password without knowing it. Pen Test Partners found it …
John Leyden, 21 Sep 2016