John Leyden

Contact Mail Follow Twitter RSS feed
shutterstock_196823585-wafer

Heartless hackers break into Florida cancer clinic network – 2.2 million records exposed

US cancer clinic 21st Century Oncology has admitted that a breach on its systems may have exposed private information on 2.2 million patients and employees. Unidentified hackers were able to access sensitive patient and employee data, including names, SSNs, diagnosis and treatment details and insurance information after …
John Leyden, 10 Mar 2016

Critical flaw in Pidgin, Adium's Off The Record chat lib. Patch ASAP

Security researchers have discovered a critical vulnerability in libotr, a software library used in chat apps to send and receive encrypted messages. Several instant messengers – including ChatSecure, Pidgin, Adium and Kopete – are affected by the remote-code execution bug in libotr, which was discovered by Markus Vervier at …
John Leyden, 10 Mar 2016

First OS X ransomware actually a scrambled Linux file scrambler

The world's first fully functional OS X ransomware, KeRanger, is really a Mac version of the Linux Encoder Trojan, according to new research from Romanian security software firm Bitdefender. The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already …
John Leyden, 09 Mar 2016
Hotel staff

Malware-flingers check out credit card data from Rosen Hotels

US chain Rosen Hotels & Resorts has become the latest to confirm a malware-based breach of its payment processing systems. The breach covered an extended period between September 2, 2014 to February 18, 2016 - or almost 18 months. The unauthorised access was tied to certain locations, primarily at its restaurants. While Rosen …
John Leyden, 09 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016

Trivial path for DDoS amplification attacks found by infosec bods

Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have …
John Leyden, 09 Mar 2016
Rose and Jack drowning scene Titanic. Pic: Fox pictures

Cloud sellers who acted on Heartbleed sink when it comes to DROWN

Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects …
John Leyden, 08 Mar 2016
Mobile banking, image via Shutterstock

NatWest tightens online banking security after hacks' 'hack' exposé

NatWest is tightening up its internet banking systems after security shortcomings were exposed by journalists. BBC hacks were able to hijack a colleague's NatWest online bank account and transfer money without knowing her password. The UK bank's parent, Royal Bank of Scotland (RBS) Group, is also shoring up its security. …
John Leyden, 08 Mar 2016

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …
John Leyden, 07 Mar 2016

BlackEnergy malware activity spiked in runup to Ukraine power grid takedown

Fresh research has shed new light on the devious and unprecedented cyber-attack against Ukraine's power grid in December 2015. A former intelligence analyst has warned that launching similar attacks is within the capabilities of criminals, or perhaps even hacktivist groups, since most of the key components are readily …
John Leyden, 04 Mar 2016
phishing_648

If NatWest texts you about online banking fraud, don't click the link

British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns. The spoofed texts being sent out by fraudsters “could catch you out if it appears in an existing message thread,” the UK's national fraud & cyber reporting centre advised on Wednesday. …
John Leyden, 04 Mar 2016
Container meltdown

Backup bods at Microsoft lose CA audit data after server crash

Microsoft is asking its certificate authority (CA) affiliates to send it their own copies of audit data after a MS system crash resulted in data loss. Microsoft lost audit data for about 147 roots after a system crash. The incident had the knock-on effect of generating query emails to scores of affected (temporarily disavowed …
John Leyden, 04 Mar 2016
Mobile banking, image via Shutterstock

Third of US banks OK with passwords even social networks reject

Six of 17 major US banks have weaker password enforcement procedures than most social networking websites, according to a new study by an American university. The banks ask users to set up passwords that include letters and special symbols, but a study by researchers at the University of New Haven shows that in around a third …
John Leyden, 03 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016

SSL's DROWN not as bad as Heartbleed, still a security ship wreck

Security experts are split on how easy it is for hackers to exploit the high-profile DROWN vulnerability on insecure systems. One-third of all HTTPS websites are potentially vulnerable to the DROWN attack, which was disclosed on Tuesday. DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious …
John Leyden, 02 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016
Archer cracks the ISIS mainframe's password

Hackers rely on weak passwords when brute-forcing PoS terminals

New research takes a fresh perspective on the passwords hackers use while scanning the web rather than the weak login credentials users often pick. Security analysts Rapid7’s results come from a year’s worth of opportunistic credential-scanning data collected from Heisenberg, the MetaSploit firm’s public-facing network of …
John Leyden, 02 Mar 2016

HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto

The discovery of a HTTPS encryption vulnerability, dubbed DROWN, again proves that supporting tired old protocols weakens modern crypto systems. DROWN (aka Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects HTTPS websites and other network services that rely on SSL and TLS – which are …
John Leyden, 01 Mar 2016

One-third of all HTTPS websites open to DROWN attack

Security researchers have discovered a new technique for deciphering the contents of supposedly secure communications. The DROWN attack - it has already got a name, like recent high profile crypto attacks Lucky13, BEAST, and POODLE - is a “cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date …
John Leyden, 01 Mar 2016

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital …
John Leyden, 01 Mar 2016
Laurel and Hardy on the phone

ICO fined cold-call firm £350k – so directors put it into liquidation

A Brighton-based robo-call spam operation has been hit by a record £350,000 fine by data privacy watchdogs. Since the firm has been closed down and entered liquidation, however, even the Information Commissioner admits the fine is unlikely to be paid. Prodial Ltd, a lead generation firm responsible for more than 46 million …
John Leyden, 29 Feb 2016
classroom_shutterstock_648

Mathletics promises security upgrades after parents' security gripes

Mathletics, an e-learning platform for mathematics that is used by millions of school kids across the English speaking world, has admitted a coding error that meant kids’ login details were transmitted in the clear. Developers Australia-based 3P Learning said that the security snafu was down to a coding error, which it has …
John Leyden, 29 Feb 2016

Borked ESET antivirus update says entire web is too risky to browse

Surfers who rely on ESET anti-virus are having a hard time surfing the web following a misfiring anti-virus update, pushed out on Monday morning. The update is stopping people who apply it from browsing most of the internet, including ESET’s own site. Sites such as Amazon, MSN and more are falsely being labelled as …
John Leyden, 29 Feb 2016
Crop of doctor with pen and clipboard

Medical superbugs: Two German hospitals hit with ransomware

At least two hospitals in Germany have come under attack from ransomware, according to local reports. The alarming incidents follow similar ransomware problems at the US Hollywood Presbyterian Medical Center. Both the Lukas Hospital in Germany's western city of Neuss and the Klinikum Arnsberg hospital in the German state of …
John Leyden, 26 Feb 2016

90% of SSL VPNs are ‘hopelessly insecure’, say researchers

Nine in 10 SSL VPNs use insecure or outdated encryption, putting corporate data at risk in the process, according to new research. High-Tech Bridge (HTB) conducted large-scale Internet research on live and publicly-accessible SSL VPN servers. The firm passively scanned 10,436 randomly selected publicly available SSL VPN …
John Leyden, 26 Feb 2016

Google punts freebie DDoS shield to hacks, human rights worthies

Google has launched a free service to protect news websites against DDoS attacks. Project Shield will also be offered to human rights and election monitoring websites as a way of fending off increasingly commonplace site-swamping DDoS assaults. Google is offering to "reverse proxy" qualifying websites' traffic through Google's …
John Leyden, 25 Feb 2016

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes

Developers behind the widely used OpenSSL encryption library have warned that they will issue fixes for a mix of bugs next Tuesday (1 March). The patches will land right in the middle of the RSA Conference, infosec marketing's version of the Superbowl. It's understood the bugs are significant (as in, patch as soon as you can …
John Leyden, 25 Feb 2016
Tor

Tor users are actively discriminated against by website operators

Computer scientists have documented how a large and growing number of websites discriminate against people who browse them using Tor. Tor is an anonymity service that is maintained with assistance from the US State Department and designed in part to allows victims of censorship in countries like China and Iran to surf the web …
John Leyden, 25 Feb 2016
Blackhat

Operation Blockbuster security biz: We'll get you, Sony hackers

A newly created cross-industry initiative aims to pool resources in order to bring down – or, at least, disrupt – the hackers behind the infamous attack against Sony Pictures back in 2014. The Lazarus Group, which may in reality consist of several associated groups of attackers or hacking crews, started around seven years …
John Leyden, 24 Feb 2016

The other one. No, not WhatsApp. Telegram. It hit 100 million users

Secure messaging app Telegram boasted on Tuesday that it had crossed the 100 million users milestone. Developers said that Telegram was handling 15 billion messages daily from more than 100,000,000 monthly active users. Around 350,000 more users are signing up every day, it claimed. Telegram launched as an iOS app in August …
John Leyden, 24 Feb 2016
Kid nerds photo via Shutterstock

Child tracker outfit uKnowKids admits breach, kicks off row with security researcher

The developers of child-tracker app uKnowKids have responded to reports of a data breach, admitting an issue had also exposed its proprietary IP. uKnowKids goes on to accuse the security researcher who uncovered its problems of "hacking" its data. The researcher involved, Chris Vickery, maintains he was acting in the public …
John Leyden, 24 Feb 2016

Hackers aren't so interested in your credit card data these days. That's bad news

Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm Gemalto. A total of 1,673 data breaches led to 707 million data records being compromised worldwide during 2015, according to the latest edition of Gemalto’s Breach Level Index report. Not all breaches are …
John Leyden, 23 Feb 2016

iOS app that smuggled pirated software into China is booted out of Apple's walled garden

A dodgy application that evaded Apple's hardline code reviewers and made it into Cupertino's official App Store has been turfed out. The program – which featured a hidden smugglers' cove of software – was ejected after it was fingered by third-party security researchers. The team at Palo Alto Networks explained over the …
John Leyden, 22 Feb 2016

Linux Mint forums hacked: All users urged to reset passwords

A hack against Linux Mint over the weekend that meant surfers were invited to download a copy of the open source distro that came contaminated with a backdoor has also affected the organisation’s forums. As previously reported, hackers made a modified Linux Mint ISO before hacking its website with a link to the compromised …
John Leyden, 22 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Bacs corporate website still runs obsolete crypto

UK banking organisation Bacs is running a cryptographically obsolete website despite telling everyone else to upgrade before a June deadline. Earlier this week Bacs reminded UK businesses to update their systems and adopt SHA-2 before mid-June in order to avoid losing access to vital payment and money transfer services. …
John Leyden, 19 Feb 2016

Android device manager app vuln leaves millions at risk of pwnage

Flaws in a widely used Android device manager app leave users at risk of phone data hijacking and malicious code execution unless they update their smartphones, security researchers warn. Flaws in the AirDroid, a free device manager app which allows users to access their Android devices through their computers, leave an …
John Leyden, 19 Feb 2016
wham_bang by Roy Lichtenstein

Israeli military techies cook up security alerts software

Lessons from building the threat intelligence platform for the Israeli Defence Force form the technical foundations of a new security startup called Siemplify. Siemplify’s tech is designed to contextualise threat alerts from the disparate array of security technologies on enterprise networks (anti-malware, intrusion detection …
John Leyden, 18 Feb 2016

Locky ransomware is spreading like the clap

Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
John Leyden, 17 Feb 2016
Closeup of man's hands holding credit cards and using mobile phone. Pic vis SHutterstock

Web apps? It's mobile apps biz bosses should worry about – HPE

Mobile application security is beginning to eclipse that of web apps as a significant risk to enterprises, according to a new study by Hewlett Packard Enterprise. Approximately 75 per cent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non- …
John Leyden, 17 Feb 2016

Go full SHA-256 by June or get locked out, say payments bods Bacs

Online businesses in the UK will have to update their systems and adopt SHA-2 before June in order to avoid losing access to vital payment and money transfer services. Failure to change before a 13 June deadline will leave merchants unable to use Bacs Payment Schemes Limited (Bacs) to make salary or supplier payments or to …
John Leyden, 17 Feb 2016
Liam Neeson, Taken

A third of Brits would cough up £300 to ransomware peddlers

More than four in 10 ransomware victims in the UK have paid to recover their documents, with 31 per cent of users willing to pay up to £400. A poll of 500 found 44 per cent of all ransomware victims in the UK have paid to regain access to their data. Two-thirds (67 per cent) of respondents had correctly associated ransomware …
John Leyden, 17 Feb 2016
A family listening to a crystal radio set

Stray electronic-magnetic leaks used to harvest PC crypto keys

Israeli security researchers have been able to extract encryption keys from a nearby computer by analysing stray electromagnetic radiation. The attack by computer scientists from Tel Aviv University shows that TEMPEST-style side channel attacks are no longer just the preserve of Mission Impossible and three-letter spy agencies …
John Leyden, 16 Feb 2016

IP freely? Your VoIP phone can become a covert spy tool...

Updated VoIP phones running default or weak passwords can be used for secret surveillance, independent security consultant Paul Moore warns. Moore said he'd discovered that default passwords on enterprise grade Snom VoIP phones create a means for attackers to either make calls and even spy on incoming or outgoing conversations. Moore …
John Leyden, 15 Feb 2016
Mobile banking, image via Shutterstock

This Android Trojan steals banking creds and wipes your phone

A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn. The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything …
John Leyden, 15 Feb 2016

BlackEnergy trojan also hit Ukrainian mining firm and railway operator

Security researchers have linked attacks against Ukrainian power utilities in Dec 2015, which used the BlackEnergy trojan, to similar attacks against a mining company and a large railway operator in Ukraine. The new research, by Kyle Wilhoit of Trend Micro, casts fresh light on what’s arguably the most significant malware- …
John Leyden, 15 Feb 2016

Skype users were targeted by bad-ad pushing Angler crooks

Cybercrooks have been caught running booby-trapped ads on Skype to redirect users towards an Angler exploit kit trap. The tactic, part of a broader malvertising campaign, shows that users can be exposed to malicious ads pushing ransomware and other crud without even using a browser-based app, the most common exploit route. …
John Leyden, 12 Feb 2016

When it comes to spaffing your login creds, Android biz apps are the business

Business apps for Android are three times more likely to leak login credentials than the average app, according to a new study by security firm NowSecure. An analysis of more than 400,000 apps available from the Google Play store discovered that a quarter of all apps have at least one high risk security flaw, with 11 per cent …
John Leyden, 12 Feb 2016
Indian riot

Cricket can get nasty: India v Pakistan rivalry boils over into cyber-war

The continuing rivalry between India and Pakistan has spilled over into cyberspace, with activity peaking around nationalist holidays and sports fixtures. A study of recent real-world events and hacktivist operations by threat intelligence firm Recorded Future highlights the varied motives behind online malfeasance. Events …
John Leyden, 11 Feb 2016