John Leyden

Contact Mail Follow Twitter RSS feed
A dog wearing glasses, on a park bench reading the news paper

Middle East hackers exposed

A hacking group is running a wide ranging cyber-espionage campaign against targets in the Middle East. Security firm Vectra Networks says it has identified over 200 samples of malware generated by the group over the last two years. The assaults are not technically sophisticated but nonetheless tricksy in their use of social …
John Leyden, 26 Oct 2016
Activity tracking wristbands for all comers

'Every step your anti-theft tracker takes – I'll be watching you'

Tracking widgets that you stick on your keys and wallet so you don't lose them are riddled with security vulnerabilities, we're told. These tracker devices allow folks to locate valuable items and find them again. They communicate over Bluetooth with iOS and Android handhelds, so if they go out of range of each other, a little …
John Leyden, 25 Oct 2016
Man shouting the news from a rolled up newspaper

Avira debuts freebie VPN

Avira began bundling VPN technology with the latest edition of its security scanner suite. Avira's Free Security Suite (FSS), released on Tuesday, combines free antivirus (with protection against ransomware) with Phantom VPN, System Speedup, and Browser Safety technologies. Consumer VPN technology normally comes with a paid …
John Leyden, 25 Oct 2016
Cast of '90s show ER, from L to R: Julianna Margulies, Eriq La Salle, George Clooney, Anthony Edwards, Sherry Stringfield and Noah Wyle. Credits, images, characters and others all belong to Constant c Productions, NBC Universal, Amblin Television and Warner Bros. Television.

Paging 1994: Crap encryption still rife in devices

Pager communications in industrial environments often run over unencrypted channels, creating a hacker risk in the process. Industries such as energy, manufacturing, and transportation still make extensive use of pager technologies that have been superseded in other sectors of the economy. Researchers at Trend Micro warn that …
John Leyden, 25 Oct 2016
CSIRO Parkes Radio Telescope

FireMon buys FortyCloud

Security firm FireMon has signed a deal to buy FortyCloud, a cloud infrastructure security broker. Terms of the deal, announced Tuesday, were undisclosed. In a statement, FireMon said the acquisition would allow it to expand its enterprise security management platform across all major cloud platforms. FireMon’s technology …
John Leyden, 25 Oct 2016

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …
John Leyden, 24 Oct 2016
stack of newspapers view from the side

Wi-Fi commuter fears

Wi-Fi on UK trains could leave commuters vulnerable to hackers. Next year free Wi-Fi will be rolled out across a number of rail operators, fruits from a £50m Department for Transport’s (DfT) scheme to increase Wi-Fi on trains. The technology creates a means for commuters to make more productive use of their journey to and from …
John Leyden, 24 Oct 2016
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

Hacktivist crew claims it launched last week's DDoS mega-attack

A group called New World Hackers has claimed responsibility for a DDoS attack that rendered significant portions of the web unreachable last Friday. A series of assaults carefully targeted at Dyn, the managed DNS provider, knocked the service offline for much of the day, causing disruption to multiple sites that rely on its …
John Leyden, 24 Oct 2016
shutterstock_197065211

Ageing GSM crypto cracked on commodity graphics rig

The crypto scheme applied to second generation (2G) mobile phone data can be hacked within seconds, security researchers have demonstrated. The work by researchers from the Agency for Science, Technology and Research (A*STAR), Singapore shows that breaking the A5/1 stream cipher used by 2G is possible using commodity hardware …
John Leyden, 24 Oct 2016

Dyn dinged by DDoS: US DNS firm gives web a bad hair day

A denial of service attack against managed DNS provider Dyn restricted access to many US-based websites on Friday. The ongoing attack is affecting Dyn’s managed DNS customers on the US East Coast, according to the provider, which adds on its status page that its “engineers are continuing to work on mitigating this issue”. …
John Leyden, 21 Oct 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. Miscreants took to Discord and distributed malicious programs including NanoCore, njRAT, SpyRAT to gamers using the chat servers, but that was just one aspect of a wider pattern of abuse. Symantec discovered some groups were …
John Leyden, 21 Oct 2016

Banks don’t give a 2FA

The online security of a majority of UK banks is failing customers. Tests by consumer group Which? found that only five out of the 11 providers it tested offered two-step authentication for logins. Lloyds and Santander were among the banks faulted for not doing enough to protect consumers from ID theft and banking fraud. In …
John Leyden, 21 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016

Boffins exploit Intel CPU weakness to run rings around code defenses

US researchers have pinpointed a vulnerability in Intel chips – and possibly other processor families – that clears the way for circumventing a popular operating-system-level security control. ASLR (address space layout randomization) is widely used as a defense against attempts by hackers to exploit software vulnerabilities …
John Leyden, 20 Oct 2016

NCC stirs in 'lumpy' bits of Fox, produces sales gravy. But market still chokes

UK-based infosec outfit NCC Group has weathered a tricky summer period that involved some contract deferrals and cancellations while still managing to post a profit. Group revenues for the four month till the end of September increased £79.6m compared to £58.5m in the same June to September period last year. The increased …
John Leyden, 20 Oct 2016
shutterstock_184661174

IoT botnet swells

The Mirai botnet has swollen to nearly 500,000 IoT compromised devices since source code for the malware was released at the start of October. The figures, taken from a new analysis by telco Level3, are a particular concern because Mirai was made up of only around 125K devices when it was abused to direct a 620 Gbps flood at …
John Leyden, 20 Oct 2016
A view from Babbage's eye-mounted Picam

Malwarebytes eats upstart

Anti-malware biz Malwarebytes has acquired French anti-adware startup AdwCleaner. AdwCleaner, which boasts 200 million downloads, was founded in 2011 by three 17-year-old French students. Its technology offers protection against potentially unwanted programs (PUPs). Jérôme Boursier and Corentin Chepeau – two of AdwCleaner’s …
John Leyden, 19 Oct 2016

Donald Trump running insecure email servers

US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him. Security researcher Kevin Beaumont discovered the Trump organisation uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization' …
John Leyden, 19 Oct 2016
man reads tablet on the toilet. Photo by Shutterstock

It's finally happened: Hackers are coming for home routers en masse

Cybercrooks are increasingly targeting routers in consumers’ homes. Fortinet reports that attacks of this type have regularly figured as entries in its daily top 10 IPS (intrusion prevention system) detection list over the last three months since July. The security vendor reckons that home routers have become a favoured target …
John Leyden, 19 Oct 2016
Man reading newspaper with glasses on his head

Hack suspect hospitalised

Czech cops have arrested an unnamed Russian man suspected of launching hacking attacks against the US. The suspect is reportedly in hospital after collapsing at the time of his arrest. Czech courts will decide whether he will be extradited over as-yet unspecified crimes. ® Man reading newspaper with glasses on his head
John Leyden, 19 Oct 2016

Democralypse Now? US election first battle in new age of cyberwarfare

Hacking attempts against more than 10 US state election databases have increased fears about Russian efforts to disrupt or influence the 2016 presidential election. Cyberattacks against voting databases in Arizona, Illinois and at least eight other states have only heightened concerns in the wake of the hack and subsequent …
John Leyden, 18 Oct 2016
cable

China blamed in drone hack

China-based hackers have broken into the systems of a European drone company and a US subsidiary of a French energy management company. The attacks are both likely to be economically motivated and designed to help Chinese firms in the targeted sectors, according to security intelligence firm ThreatConnect. It alleges that …
John Leyden, 18 Oct 2016
Spock

You work so hard on coding improvements... and it's all undone by a buggy component

Nearly all (97 per cent) of Java applications contain at least one component with a known vulnerability, according to a new study by app security firm Veracode. Veracode reports year-over-year improvements in the code organisations write, a positive finding somewhat undone by the increasing proliferation of risk from open …
John Leyden, 18 Oct 2016
Bank vault

It's good to talk, UK banks told after massaging cyberattack figures

Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators. According to the UK's Financial Conduct Authority, only five attacks were reported in 2014, a figure that has soared to 75 so far this year. But …
John Leyden, 18 Oct 2016
DDOS

Sweet, vulnerable IoT devices compromised 6 min after going online

The unpatched Windows XP problem that spawned the Blaster and Sasser worm a decade ago is being replicated on a different platform by hackers exploiting IoT devices to launch denial of service attacks. Two Internet of Things-powered packet floods took down the websites of cybersecurity journalist Brian Krebs and French hosting …
John Leyden, 17 Oct 2016