John Leyden

Contact Mail Follow Twitter RSS feed
(c) Rama, Cc-by-sa-2.0-fr

Government regulation will clip coders' wings, says Bruce Schneier

Infosec 2016 Government regulation of the Internet of Things will become inevitable as connected kit in arenas as varied as healthcare and power distribution becomes more commonplace, according to security guru Bruce Schneier. “Governments are going to get involved regardless because the risks are too great. When people start dying and …
John Leyden, 10 Jun 2016
hand with thumb up

Crysis creeps: Our ransomware locks network drives and PCs. Bargain

Cybercrooks have put together a new strain of ransomware that lifts corporate data as well as encrypting files on compromised computers. Crysis grabs admin privileges, collects the victim computer's name and some encrypted files before uploading them to a remote command and control server. The ransomware encrypts files on …
John Leyden, 10 Jun 2016

Surveillance forestalls more 'draconian' police powers – William Hague

Infosec 2016 Lord Hague has predicted that Western societies will enact laws and regulations against unbreakable encryption – while conceding that the technology has always existed. The former UK foreign secretary, who is also a historian and author of a biography of Prime Minister William Pitt the Younger, told delegates at the Infosec …
John Leyden, 08 Jun 2016
Chinese fence

Millions of 'must be firewalled' services are open to the entire internet – research

Millions of services that ought to be restricted are exposed on the open internet, creating a huge risk of hacker attack against databases and more. Infosec firm Rapid7’s researchers took a close look at the millions and millions of individual services that live on the public IP network, one of the most fundamental components …
John Leyden, 08 Jun 2016
Burglar sits in kitchen with stolen tablet. Photo by Shutterstock

Cyber burglars love to pillage Euro businesses they've pwned before

Traditional methods including spear phishing and social engineering still account for more than a third of hacker attacks. A new study by Mandiant reports that many hacked European organisations are re–compromised within months of an initial attack, in a similar way to how burglars revisit homes and offices they’ve already …
John Leyden, 08 Jun 2016

Oh snap! Facebook zaps crap yap gap in web chat, natter app flap

A vulnerability in Facebook's web chatrooms and its Messenger app would have let miscreants surreptitiously tamper with messages after they had been sent. The flaw was discovered by eggheads at security biz Check Point, who reported it to the social network giant. We're told attackers would have needed only a basic knowledge …
John Leyden, 08 Jun 2016

The Fog of Cyberwar: Now theft and sabotage instead of just spying

Infosec 2016 Cyber-conflict between nations has entered a new phase with a switch from espionage to sabotage and theft, according to infosec guru Mikko Hyppönen. The BlackEnergy-related attacks on the electricity grid last December and the more recent attack on at least four international banks have upped the ante in the sphere of cyber- …
John Leyden, 06 Jun 2016
Man reading newspaper with glasses on his head

Anons sock stock exchange

Anonymous has claimed responsibility for a web attack against the London Stock Exchange (LSE) last week. LSE's website was rendered inaccessible for two hours on Thursday. Elements of the Anonymous hacktivist collective said the assault was part of an ongoing operation targeting financial institutions, codenamed Operation …
John Leyden, 06 Jun 2016
Captain Mainwaring

Will you get reimbursed if you're a bank fraud victim? Brits think not

Bank customers worldwide are often in the dark about whether or not they’ll be reimbursed for fraudulent transactions. Customers’ understanding of bank terms and conditions is often sketchy, according to a international study by academics. The researchers found that there is significant variation worldwide, and even within …
John Leyden, 06 Jun 2016
Zuckerberg

Mark Zuckerberg's Twitter and Pinterest password was 'dadada'

Mark Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend. The breach apparently happened after the Facebook boss’s login details were exposed via the recent LinkedIn password dump. This implies Zuckerberg reused passwords across multiple sites or perhaps that the format of the password he chose for other …
John Leyden, 06 Jun 2016
Broken car window: Credit: Brian Drew

Wi-Fi hack disables Mitsubishi Outlander's theft alarm – white hats

Security weaknesses in the set-up of Mitsubishi Outlander leave the hybrid car exposed to hack attacks – including the potential for crooks to disable theft alarms. The Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV) is a top-selling family hybrid SUV. More than 100,000 of them have been sold worldwide, around 22, …
John Leyden, 06 Jun 2016
Taylor Swift

SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …
John Leyden, 03 Jun 2016

Air-gapping SCADA systems won't help you, says man who knows

Hoping to keep industrial control systems out of reach of hackers by keeping them air-gapped is a hopeless mission that’s bound for failure, according to a SCADA guru. Isolating SCADA systems as a means of protection has been suggested by some as a defensive tactic after hackers briefly took out elements of the power grid in …
John Leyden, 03 Jun 2016
Mobile banking, image via Shutterstock

Flash. Bang. Wallet: Marcher crooks target UK Android users

Miscreants behind the Marcher mobile malware have begun targeting UK banking customers. The trojan - which already targets banks in other countries, including Germany, Austria, France, Australia and Turkey - has added nine major UK bank brands onto its roster, IBM's X-Force security research team warns. Marcher is an Android- …
John Leyden, 02 Jun 2016
Error

Trouble originating between chair and keyboard caused most UK breaches

UK data breaches caused by good old human error rose again early this year, accounting for 62 per cent of all data breaches reported to UK data protection watchdogs in the first quarter of 2016. This far outstrips other causes of breaches, such as insecure webpages and hacking, which stands at nine per cent combined. The …
John Leyden, 02 Jun 2016

Recycled malware code 'links' SWIFT bank heist to Sony ransackers

Five additional pieces of malware suggest there is a stronger tie between North Korea's Lazarus Group of hackers and last month's run of cyber-attacks on banks. A study by Anomali Labs' senior security researcher Aaron Shelmire expands upon Symantec's earlier findings. According to Symantec, two pieces of malware were used to …
John Leyden, 02 Jun 2016

Microsoft mops up after Outlook.com drowns in tsunami of penis pills, Russian brides etc

Microsoft's Outlook and Hotmail spam filters went off piste on Wednesday, dumping an avalanche of unwanted bumf in inboxes. The snafu was resolved by early afternoon, here in Western Europe. "Some users may be receiving excessive spam mail," read a warning that briefly popped up on Microsoft's Outlook.com service status page …
John Leyden, 01 Jun 2016
Doctor Who in Listen

Your WordPress and Drupal installs are probably obsolete

Many of the UK's biggest firms are running outdated versions of their Drupal and Wordpress Content Management Systems (CMSes). Threat management company RiskIQ conducted research across the top 30 organisations in the UK (FTSE-30), looking specifically at Wordpress and Drupal instances visible on the open web. At least three …
John Leyden, 01 Jun 2016
A view from Babbage's eye-mounted Picam

TFTP abused by DDoSsers

Crooks have come up with a new technique for swamping websites with junk traffic. Miscreants have begun using a DDoS reflection and amplification method that abuses TFTP (Trivial File Transfer Protocol), Akamai reports. TFTP is mostly a LAN service used for configuration of devices such as phones and initial installations of …
John Leyden, 01 Jun 2016
Q in James Bond

Corporates can learn from criminals and spies. No, no, we're talking about OPSEC

Corporate IT managers ought to pick up tricks from spies and place Operations Security (OPSEC) at the heart of their security policies and practices, cyber intelligence outfit Digital Shadows argues. Operations Security (OPSEC) is a term originating in the military, which refers to the tactics that are used to protect privacy …
John Leyden, 01 Jun 2016
Laptop user, photo via Shutterstock

These big-name laptops are infested with security bugs – study

Computers from many of the biggest PC makers are riddled with easy-to-exploit vulnerabilities in pre-loaded software, security researchers warn. The research from Duo Security shows that bloatware is not just a nuisance that causes a lag in system boot-up, but a security risk. Laptops from Acer, Asus, Dell, HP and Lenovo all …
John Leyden, 31 May 2016
Myspace logo

MySpace confirms 427m hack

MySpace has confirmed that some of its users' passwords and account records have been swiped by hackers – who have been hawking millions of username and password combos online. As many as 427 million stolen MySpace login IDs are on offer for $2,800. "The compromised data is limited to a portion of Myspace usernames, passwords …
John Leyden, 31 May 2016
Group of young people yawning/looking bored. Photo by shutterstock

65 million millennial blog bores' Tumblr logins ... for! sale! on! darknet!

More than 65 million sets of login credentials for users of Yahoo-owned Tumblr have appeared up for sale through the darknet. The illicit sale stems from a leak that dates back to February 2013, one which was only disclosed by Tumblr earlier this month. "Peace", the same black hat behind the sale of 117 million leaked …
John Leyden, 31 May 2016
Computer mouse  connected to a rolled up newspaper with the headline Tech News

Saudis under trojan attack

The Saudi Arabian financial and technology sectors are under attack by trojan-slinging cybercriminals. The latest run of the OilRig campaign features malware used to target the defence industry in the kingdom last year, reports Palo Alto Networks. In the latest run of attacks crooks are posing as legitimate service providers …
John Leyden, 27 May 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …
John Leyden, 27 May 2016