Feeds
The Register Columnists

John Leyden

Contact Mail Follow Twitter RSS feed
android malware mobile iphone

New software nasty encrypts Android PHONE files and demands a ransom

Miscreants have brewed the first file-encrypting strain of ransomware that infects Android smartphones. The malware, dubbed Android/Simplocker by ESET, scans the SD card in a handset for certain types of file, encrypts them, and demands a ransom to decrypt the data. The ransom message is written in Russian, with payment …
John Leyden, 04 Jun 2014

CONFIRMED: Sophos shifting threat response work to India

Sophos has confirmed it is moving the "majority of its [computer security] threat response work" to India. The Register got wind of the change from an anonymous tipster who told us SophosLabs is shifting away all of its frontline operations to India after it acquired Cyberoam there in February this year. In a statement, Sophos …
John Leyden, 04 Jun 2014
Remy from Ratatouille

Snooping, RAT-flinging, hack-happy crew targeting governments worldwide – researchers

The Middle East-based Molerats hacker crew are even more active than first suspected, according to a report by researchers who claim the team has launched attacks against an unnamed US financial institution and multiple European governments. FireEye said it had identified the expanded list of targets after putting the command- …
John Leyden, 03 Jun 2014

Feds hunt 30-year-old alleged to be lord of Gameover botnet

The FBI has released a wanted notice for 30-year-old Russian national Evgeniy Mikhailovich Bogachev, whom they allege to be the mastermind behind both the Gameover ZeuS and the even more infamous CryptoLocker ransomware. A US indictment has been unsealed against the suspect following an FBI-led takedown operation that disrupted …
John Leyden, 03 Jun 2014
Iranian flag flying

Hackers pose as hacks: Iranian crew uses Facebook to spy on US defence bods – report

An Iran-based hacking network used fake Facebook and other social media profiles to "befriend" and spy on US lawmakers and defence contractors in the US and Israel, among other targets, according to a new report. According to the study, the hackers attempted to get "friendly" with US lawmakers, defence contractors and "at least …
John Leyden, 30 May 2014
Bruce Schneier

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead

The TrueCrypt project abruptly imploded on Wednesday – leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on …
John Leyden, 29 May 2014

ICO raps UK Student Loans Co for leaking MEDICAL files and more

The Information Commissioner’s Office (ICO) has criticised Blighty's Student Loans Company for handing students' medical reports and other private files over to the wrong people. In various blunders, records including medical notes and a psychological assessment were accidentally leaked to an unnamed outside organisation, sent …
John Leyden, 28 May 2014

iDevice ransomware stalks OZ, demands payoff

Apple fans across Australia are finding their iPad and iPhones held for ransom by miscreants demanding $50 and more for unlock fee. The extortionate demands appeared in messages claiming the device had been "hacked by Oleg Pliss" – but it'd be highly unlikely that the cybercrooks behind the scam, which appears to be localised to …
John Leyden, 27 May 2014

PC-infecting chat demon quotes THE BIBLE to summon malware plague

A new Trojan that distributes itself through Facebook instant messaging and Yahoo! Messenger has claimed hundreds of victims. Computer systems have been infected by the software nasty in the UK, Germany, France, Denmark, Romania, the US and Canada during the past week or so, according to Romanian antivirus firm Bitdefender. …
John Leyden, 27 May 2014
PCS with a red X in front of them

Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
John Leyden, 27 May 2014
Targeted Spam

Authorities swoop on illicit Wolverhampton SPAM FARM

UK data privacy experts have raided an SMS spam farm blamed for spewing out more than 350,000 nuisance messages to mobiles. The Information Commissioner’s Office (ICO) seized hundreds of SIM cards on Thursday, after raiding a SIM farm in offices in Wolverhampton. Initial estimates suggest the impounded kit could have been used …
John Leyden, 27 May 2014
BMW Left-turn Assistant

DUDE, WHERE'S MY CAR? New leccy BMWs have flimsy password security – researcher

New BMW cars have security shortcomings that could allow thieves to pop open a victim's flash motor from a smartphone. Ken Munro, a partner at Pen Test Partners, uncovered security issues in the systems that pair the latest generation of beamers with owners' mobiles. By stringing together the flaws, a crook could open doors, …
John Leyden, 27 May 2014
hands waving dollar bills in the air

eBay says database leak dump offers are fake

Cybercrooks are offering to sell "stolen copies" of the leaked eBay database through an advert posted through Pastebin. However eBay says the sale is fake. "We have checked all published data and so far none are authentic eBay accounts," eBay's press office told El Reg. Security experts, although far from certain, seem inclined …
John Leyden, 22 May 2014
A hash

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Confusion reigns over whether or not the 145 million "encrypted" user account passwords swiped from eBay can be practically cracked by crooks. A day has passed since the online tat bazaar admitted its customer database was hacked back in February, and the method of encryption is still not known. We do know what wasn't encrypted …
John Leyden, 22 May 2014
Blasphemous Password

eBay slammed for daft post-hack password swap advice

eBay has been criticised for its advice to consumers on choosing a strong password in the wake of a megabreach that prompted it to tell millions of users to change their passwords. The online tat bazaar admitted on Wednesday that a database containing "eBay customers’ name, encrypted password, email address, physical address, …
John Leyden, 22 May 2014
PayPal

PayPal Manager bug left web stores open to cyber-burglars

eBay-owned PayPal has plugged a vulnerability that potentially allowed thieves to seize control of merchants' online stores and empty the shelves. The bug – discovered by security researcher Mark Litchfield of Securatary – affected PayPal Manager, which is used to manage PayFlow accounts by people selling stuff online. PayPal …
John Leyden, 21 May 2014

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

eBay‬ has told people to change their passwords for the online tat bazaar after its customer database was compromised. Names, dates of birth, phone numbers, physical addresses, email addresses, and "encrypted" passwords, were copied from servers by attackers, we're told. Credit card numbers and other financial records were not …
John Leyden, 21 May 2014
Github octodex

US giant NBC 'leaks' PRIVATE Amazon keys in Github Glenn gaffe

A London-based developer claims he was accidentally given the keys to US broadcaster NBC Universal’s websites – thanks to a username mix up on GitHub. Glenn Shoosmith was an early adopter of Github, and thus bagged the short-and-sweet user ID Glenn in July 2008. Repositories can be public and viewable by all, or private and …
John Leyden, 20 May 2014

AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool)

It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per cent …
John Leyden, 20 May 2014
Chip-and-PIN Tetris hack

Chip and SKIM: How dodgy crypto can leave shoppers open to fraud

UK academics today describe how criminals can forge chip-and-PIN card transactions and spend other people's money for free. The team of University of Cambridge experts say their technique exploits a cryptographic weakness in some devices implementing the EMV (aka chip'n'PIN) standard. And they're confident they've found a …
John Leyden, 19 May 2014

LifeLock snaps shut Wallet mobile app over credit card leak fears

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS). In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution - not in response to …
John Leyden, 19 May 2014
Addonics NASU2 NAS adaptor

Do you use NAS drives? For work? One just LEAKED secret cash-machine blueprints

Some personal desktop storage devices are leaking top corporate secrets to the internet – in one case, the designs for a hole-in-the-wall cash machine. That's according to intelligence biz Digital Shadows, which tries to work out how proprietary and personal information accidentally escapes network boundaries. We're told one …
John Leyden, 13 May 2014
Dixons Logik Smart TV

Hey, does your Smart TV have a mic? Enjoy your surveillance, bro

NSA whistleblower Edward Snowden told lawyers he met during his sojourn in Hong Kong to put their cell phones in his fridge to thwart any eavesdroppers. But new research suggests he should have been worried about nearby TVs, too. Smart tellies with built-in microphones and storage can be turned into bugging devices by malware …
John Leyden, 10 May 2014

Point DNS blitzed by mystery DDoS assault

Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours. The size of the attack and techniques used - much less who might be behind the attack - remains unclear. Several Reg readers got in touch to notify us about the issue and the company confirmed the attack online …
John Leyden, 09 May 2014
Qualcomm Atheros hybrid home network

Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

The infamous Heartbleed bug doesn't affect home routers in practice, according to new analysis by security researchers at TripWire. The infosec vendor nevertheless warned that "critical security flaws" are "endemic" to small office/home office (SOHO) routers. TripWire came to this conclusion after revisiting earlier research on …
John Leyden, 09 May 2014
German ransomware

Oh aye, a mobe grumble-flick player? No – it's a 'droid ransomware nasty

Ransomware scumbags have widened their net with a new software nasty that infects Android smartphones and tablets. The Koler-A ransomware trojan is delivered automatically to peeps browsing malicious pornographic sites; it poses as a media player offering access to premium content. Koler-A requires the user to enable side- …
John Leyden, 09 May 2014
Printed key

Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL

Standards stewards on the Internet Engineering Task Force (IETF) are planning to drop RSA key exchanges from TLS 1.3, the next revision of SSL. The technical body is instead eying up algorithms that use short-lived encryption keys, aka ephemeral keys, that can sidestep surveillance dragnets by the likes of the NSA. Specifically …
John Leyden, 08 May 2014
The Italian Job, 1969

Traffic light vulns leave doors wide open to Italian Job-style hacks

Hackers may be able to create traffic chaos, just like Michael Caine's loveable rogue in classic Brit film The Italian Job, thanks to an alarming series of flaws discovered in traffic control systems. Cesar Cerrudo, CTO at embedded security experts IOActive Labs, discovered that traffic control systems in cities around the world …
John Leyden, 08 May 2014

Securo-borg FireEye coughs $70m to buy 'flight-recorder-for-networks' tech

Security vendor FireEye has bought network forensics firm nPulse Technologies in a $70m deal. FireEye is stumping up $60m in cash and $10m in stock to get its hands on nPulse, a privately held startup that boasts it offers the industry's fastest full packet capture and indexing technology. nPulse’s forensics will be integrated …
John Leyden, 07 May 2014
Anna Chapman, one-time Russian spy turned model

Look out, sysadmins - HOT FOREIGN SPIES are targeting you

MI5 has warned that foreign spy agencies are targeting IT workers within big organisations as a means of gaining privileged access to sensitive data. The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks, the FT (via the Daily Mail) reports …
John Leyden, 07 May 2014

Don't let hackers know Mandiant founder checks his email on an iPad. Oh.

Mandiant boss Kevin Mandia says he has cut back on email and only uses an iPad to check his inbox as he fends off counterattacks from hackers. In 2013, the company published a landmark report on the so-called APT1 espionage crew: the detailed dossier claimed Shanghai-based People's Liberation Army Unit 61398 had hacked and …
John Leyden, 06 May 2014

Hacktivists hijack BNP Twitter account, crayon over leader Griffin's too

Hacktivists from Anonymous took over the Twitter feeds of the extreme British National Party and its controversial chairman Nick Griffin over the weekend. The hack against @NickGriffinMEP's profile, which boasts 29,000 followers, was apparently mere mischief rather than a desire to make a point against a politician notorious for …
John Leyden, 06 May 2014
bamboo_bikeC

HALF of London has outdated Wi-Fi security, says roving World of War, er, BIKER

Wireless security across London remains flaky despite the well-known risks, according to an infosec bod who has been riding his bike all around town identifying insecure wireless networks and highlighting shoddy user behaviours that could be exploited by rogue hackers. James Lyne, global head of security research at Sophos, went …
John Leyden, 05 May 2014
Windows XP boot screen

Hackers ZERO IN on ZOMBIE XP boxes: Get patching, Internet Explorer 8 users

A newly uncovered attack specifically targeting out-of-support Windows XP machines running Internet Explorer 8 is being used to hack potential victims in multiple industries across Europe and North America, according to security researchers. This is the first “in the wild” attack spotted against Windows XP after Microsoft pulled …
John Leyden, 02 May 2014
snowden SXSW

Security guru: You can't blame EDWARD SNOWDEN for making US clouds LOOK leaky

Accusations that the revelations from rogue National Security Agency sysadmin whistleblower Edward Snowden have damaged the US technology industry are misplaced, according to influential security guru Mikko Hypponen. Hypponen, chief research officer at security firm F-Secure, said that the disclosure that US tech was either " …
John Leyden, 30 Apr 2014
Bloodbath!

Interweb has staunched nearly all Heartbleed wounds, says crypto bod

The Heartbleed password-leaking vulnerability in OpenSSL has almost been eradicated from the web just weeks after its discovery, according to an encryption expert. Ivan Ristic, director of engineering at cloud security firm Qualys, estimates that 25 per cent of websites worldwide were vulnerable to the data-disclosing bug on 8 …
John Leyden, 30 Apr 2014

Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead, warns top cop

Europe's top cyber-cop has called for a shift in focus from the prosecution of online crims to the disruption of their activities. This comes as crooks increasingly make use of the darknet – private peer-to-peer networks such as Tor – to stay hidden and anonymous; cops find it difficult to work out suspects' true identities and …
John Leyden, 29 Apr 2014
Adobe Flash installer

Drink me: Adobe pours Flash Player bug squash

Adobe is pushing out a cross-platform security fix for a bug in its Flash Player that miscreants are already exploiting. Windows users running Adobe Flash Player 13.0.0.182 and earlier need to update it following the discovery of a zero-day attack. "Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild …
John Leyden, 28 Apr 2014

Press release scam pelts poor PRs with volley of UNTRUE invoices

Fraudsters are targeting PR agencies that make use of newswires though a sneaky false invoicing scam. Pressat, which distributes press releases from tech PR agencies and others, put out a warning about fraudulent attempts to trick its clients into paying out on the back of false invoices that typically demand €580. The latest …
John Leyden, 28 Apr 2014
Zombie cloud

Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln

Visitors to a video distribution website were unwittingly turned into participants in a hacker's DDoS battle against a third-party site earlier this month. DDoS mitigation firm Incapsula identified the video website as Sohu.TV, after the Chinese streaming site plugged a vuln that enabled the browser-based botnet attack to happen …
John Leyden, 25 Apr 2014
balaclava_thief_burglar

UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m

A gang has been jailed after secretly installing hardware in Barclays bank branches to control PCs and steal £1.2m. The sneaky crims hooked up a hidden KVM (keyboard, video and mouse) switch and a 3G mobile dongle to computers at two London branches. This allowed the thieves to connect to the switch over the internet, access the …
John Leyden, 25 Apr 2014
sabu

LulzSec's Sabu hacked foreign gov sites while under FBI control – NYT

Ex-LulzSec chief Sabu orchestrated attacks on government computers in Iran, Syria, Pakistan and Brazil while under the control of the FBI, according to a New York Times investigation. After he was apprehended and turned to became an FBI informant, Hector Xavier "Sabu" Monsegur encouraged fellow Anonymous hackers to hit foreign …
John Leyden, 24 Apr 2014
Night scene of bank station in central london

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …
John Leyden, 24 Apr 2014

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X. Apple's " …
John Leyden, 23 Apr 2014
Oblivion, the movie comms officer desk

Sat comms kit riddled with backdoors for hackers – researcher

Security researchers claim to have uncovered myriad security problems with satellite communication systems. But while major manufacturer Iridium said the security weaknesses identified by security researchers at IOActive were in hand, Thuraya, another satellite comms service, has criticised the report as inaccurate. Ruben …
John Leyden, 23 Apr 2014

Despite your fancy-schmancy security tech, passwords still weakest link in IT defences

The use of stolen login credentials continues to be the most common way for network intruders to access sensitive information. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, according to Verizon’s latest annual Data Breach Investigations Report. The …
John Leyden, 22 Apr 2014

Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia

Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnerable to the infamous OpenSSL security flaw. Heartbleed most obviously affected secure web servers but …
John Leyden, 22 Apr 2014

OpenSSL Heartbleed bug sniff tools are 'BUGGY' – what becomes of the broken hearted?

Software that claims to detect the presence of OpenSSL's Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy. This finding is disputed by developers publishing tools that test for the vulnerability. The teams behind Nessus, …
John Leyden, 17 Apr 2014
LaCie Tank

French hard-drive maker LaCie cops to YEAR LONG card data leak

French hard drive maker LaCie has held its hands up to a year-long credit card breach. Consumers who bought technology from its ‪LaCie.com ‬site between 27 March 2013 and 10 March 2014 may have had their credit cards exposed in the process, the firm admitted in a breach advisory. The problem was NOT detected internally and only …
John Leyden, 16 Apr 2014

OpenSSL bug hunt: Find NEXT Heartbleed, earn $$$ – if enough people donate cash

An effort to raise $250,000 for an OpenSSL bug-bounty program is underway – and its organisers hope it will help ensure the Heartbleed omnishambles is never repeated. The campaign, spearheaded by computer security startup Bugcrowd, aims to raise the cash by 29 April: the money will be distributed as rewards to infosec bods who …
John Leyden, 16 Apr 2014