John Leyden

Contact Mail Follow Twitter RSS feed

Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide

A strain of Chinese browser-hijacking malware dubbed Fireball has infected 250 million computers. The malware takes over web browsers and turns them into zombies, security firm Check Point warns. Fireball is capable of executing any code on the infected machines, resulting in a wide range of actions from stealing credentials …
John Leyden, 02 Jun 2017

Crapness of WannaCrypt coding offers hope for ransomware victims

Mistakes in the WannaCrypt ransomware worm might allow files to be restored after infection. A crack team of security researchers at Kaspersky Lab has discovered that WannaCrypt/WannaCry, which infected hundreds of thousands of victims at the beginning of May, contains several coding errors. Most of the whoopsies make it …
John Leyden, 01 Jun 2017

Healthcare tops UK data breach chart – but it's not what you're thinking

The UK health sector accounts for nearly half (43 per cent) of all data breaches, according to new research. A study of figures from the Information Commissioner's Office (ICO) by data security firm Egress found that human error, rather than external threats, was the main cause of breaches across every sector of the UK economy …
John Leyden, 01 Jun 2017
china_future_648

China cyber-security law will keep citizens' data within the Great Firewall

China's new cyber-security laws, which come into effect on Thursday, may make it harder for foreign businesses to trade in the country. Under the regulations, data on Chinese citizens – including personal information, salary details and more – can only be kept within China. The law would also prevent the transmission of any …
John Leyden, 01 Jun 2017

Plastic surgery patients face extortion in wake of clinic data breach

Thousands of private photos have been leaked by cybercriminals following the hack of a Lithuanian cosmetic surgery clinic. A hacking group, using the nickname "Tsar Team", leaked images it claims came from the Grozio Chirurgija clinic servers. The group spaffed the data after targeted health facility's customers failed to meet …
John Leyden, 31 May 2017

UK surveillance law raises concerns security researchers could be 'deputised' by the state

Provision in the UK's controversial surveillance laws create a potential means for the UK government to press-gang "any" UK computer expert into working with GCHQ. Computer scientists and researchers are concerned about the provision - even though the consensus is that it is unlikely to be applied in practice because it would …
John Leyden, 31 May 2017

NORK spy agency blamed for Bangladesh cyberheist, Sony Pictures hack

A fresh analysis, from a slightly different perspective, once again fingered North Korea as the likely culprit behind hacks against Sony Pictures and the $81m heist from an account held by the Central Bank of Bangladesh. Moscow-based threat intelligence firm Group-IB has "no doubt" that Lazarus Group – a cybergang that …
John Leyden, 30 May 2017
hacker

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

Shadow Brokers, the group that leaked stolen NSA hacking tools including the vulnerability that proved key to the WannaCrypt outbreak, has launched a new exploit subscription service. Subscriptions for the zero-day feed will cost 100 ZEC (Zcash cryptocurrency) or $21,000 per month. The group emptied its Bitcoin wallet on …
John Leyden, 30 May 2017

Pirates hack was a hoax, says Disney boss

The supposed "Pirates hack" was only ever a hoax, according to Disney chief exec Bob Iger. Earlier this month the Disney's boss said that hackers were threatening one of its movies unless it paid a ransom. This film was widely assumed to be Pirates of the Caribbean: Dead Men Tell No Tales. Hackers had supposedly obtained the …
John Leyden, 26 May 2017
ransomware

‪WannaCry‬pt ransomware note likely written by Google Translate-using Chinese speakers

The ‪WannaCry‬pt extortion notes were most likely written by Chinese-speaking authors, according to linguistic analysis. WannaCry samples analysed by security outfit Flashpoint contained language configuration files with translated ransom messages for 28 languages. All but three of these messages were put together using Google …
John Leyden, 26 May 2017
Mark Wahlberg and his come-to-life teddy bear in bed in the movie Ted. Copyright: Universal Pictures

Domains tainted by RoughTed malvertising reap half a billion hits

A strain of adblocker-aware malvertising is responsible for a range of scams, exploits and general skulduggery. RoughTed can deliver a variety of payloads including exploit kits and malware. Hackers are leveraging fingerprinting and adblocker-bypassing techniques in a bid to ensure that marks are served content from RoughTed- …
John Leyden, 25 May 2017

'Cloak and dagger' vuln rolls critical hit against latest Android versions

Updated A distinct class of Android vulnerability has been unearthed by computer scientists at the Georgia Institute of Technology in Atlanta. "Cloak and dagger" is a new kind of attack vector affecting Android devices (including the latest version, 7.1.2). "Attacks allow a malicious app to completely control the UI feedback loop and …
John Leyden, 25 May 2017
Liam Neeson, Taken

Feeling Locky, punk? Ransomware grew eight-fold last year

Ransomware saw a more than eight-fold (752 per cent) increase as a mode of attack in 2016, according to Trend Micro. The infosec firm estimates file-scrambling malware families such as Locky and Goldeneye raked in $1 billion in 2016. 2016 was the year when ransomware ruled, and this danger has been maintained by recent …
John Leyden, 24 May 2017
malware

64-bit malware threat may be itty-bitty now, but it's only set to grow

The volume of 64-bit malware in the wild remains low even though computers running 64-bit operating systems became ubiquitous years ago. The vast majority (93 per cent) of new computers sold worldwide operate on 64-bit Windows but most nasties were written to infect 32-bit systems, according to a new study by security firm …
John Leyden, 24 May 2017

Media players wide open to malware fired from booby-trapped subtitles

Hackers have gone back to the future by attempting to infect targets with booby-trapped subtitle files. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can hope to take complete control of any device running the vulnerable platforms. Hackers have pushed trojans …
John Leyden, 23 May 2017

.Science and .study: Domains of the bookish? More like domains of the JERKS!

The .science domain has become a “hotspots” of malicious or abusive activity on the internet, according to a new study out Tuesday. DNS-based cyber threat intelligence DomainTools found that .science had the highest concentration of bad domains, followed by .study and .racing. None of the 2017's most malicious generic Top …
John Leyden, 23 May 2017
Dolphins swimming

7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Miscreants have created a strain of malware that targets the same vulnerability as the infamous WannaCrypt worm. EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn't bundle a destructive malware payload, at …
John Leyden, 22 May 2017
Wages

Quick, better lock down that CISO role. Salaries have apparently hit €1m

Salaries for chief information security officers (CISOs) at leading European firms have hit €1m (£850,000) as the threat of data breaches grows, City AM reports. An experienced CISO told El Reg that only his counterparts in merchant banks could hope for such a salary. "Outside of investment banking I think total packages of £ …
John Leyden, 22 May 2017

Comodo database glitch causes billing problems

Updated While the rest of the world had its eyes firmly on the WannaCrypt outbreak, digital certificate firm Comodo suffered an unrelated but protracted database problem that affected its billing systems. The Register learned of the issue from reader Ian Barber who came across the problem in the process of getting a new SSL …
John Leyden, 19 May 2017
phishing

Crooks use WannaCrypt hysteria as hook for BT-branded phishing emails

Scoundrels have latched on to the WannaCrypt outbreak as a theme for scam emails. Coincidentally some consumers are receiving seemingly genuine warnings from their ISPs related to suspected infection during last week's worldwide ransomware outbreak. Action Fraud warned about a dodgy email trying to trick BT customers on …
John Leyden, 19 May 2017

‪There's a ransom-free fix for WannaCry‬pt. Oh snap, you've rebooted your XP box

Windows XP PCs infected by WannaCrypt can be decrypted without paying ransom by using a new utility dubbed Wannakey. Wannakey offers in-memory key recovery for Win XP machines infected by the infamous ransomware strain. The fix can be used to dump encryption keys from memory. This RSA private key, once recovered, can be used …
John Leyden, 19 May 2017

Three home security systems found to be vulnerable – if hackers were hiding in bushes

Three home security systems were riddled with bugs, according to new research made public this week. Rapid7 found 10 vulnerabilities after putting Comcast XFINITY, ADT, and AT&T Digital Life systems through their paces. The issues range from a "fail open" condition on the external door and window sensors, to weak, pre-shared …
John Leyden, 18 May 2017

Banking association calls for end of 'screen-scraping'

The European Banking Federation (EBF) has asked the EU Commission to support a ban on "screen scraping". Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client's access credentials. The Revised Directive on Payment …
John Leyden, 18 May 2017

Great Ormond Street children's hospital still offline after WannaCrypt omnishambles

Updated The internationally famous Great Ormond Street Hospital has been taken offline as a safety measure following last week's catastrophic WannaCrypt outbreak. The London-based children's hospital was not itself hit by the ransomware but has nonetheless quarantined its computer network. This has left staff without either email or …
John Leyden, 18 May 2017

Ransomware fear-flinger Uiwix fails to light

A ransomware variant, dubbed Uiwix, that abuses the same vulnerability as WannaCrypt has turned out to be something of a damp squib. Uiwix omits the kill switch domain that was instrumental in shutting down the spread of WannaCrypt while retaining its self-replicating abilities, Danish security firm Heimdal Security warned on …
John Leyden, 17 May 2017

Biting the hand that feeds IT © 1998–2017