John Leyden

Contact Mail Follow Twitter RSS feed
casino_security_648

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak …
John Leyden, 23 Oct 2017

'We've nothing to hide': Kaspersky Lab offers to open up source code

Russian cybersecurity software flinger Kaspersky Lab has offered to open up its source code for third-party review. The firm's Global Transparency Initiative is in response to moves to ban the use of its technology on US government systems by the Department of Homeland Security over concerns of alleged ties with the Russian …
John Leyden, 23 Oct 2017

Sarahah anonymous feedback app told: 'You're riddled with web app flaws'

The web-based version of anonymous feedback app Sarahah is riddled with security flaws, according to a researcher. Sarahah is a well established mobile app that allows people to receive anonymous feedback messages from friends and co-workers. Flaws in the technology make it vulnerable to web-based attacks including cross-site …
John Leyden, 23 Oct 2017

Do fear the Reaper: Huge army of webcams, routers raised from 'one million' hacked orgs

Miscreants are right now assembling a massive army of hacked Internet of Things devices – and at a far faster rate than the powerful Mirai botnet swelled its ranks last year. This new cyber-militia of compromised gadgets, dubbed IoT_reaper or Reaper by experts at Qihoo 360 Netlab, can be instructed by its masters to attack …
John Leyden, 20 Oct 2017

Make America late again: US 'lags' China in IT security bug reporting

The US is starting to fall well behind China in terms of the speed at which organizations are alerted to reported security vulnerabilities, according to a study out this week by threat intel biz Recorded Future. The US government's National Vulnerability Database (NVD) lags China’s National Vulnerability Database (CNNVD) in …
John Leyden, 20 Oct 2017
youtube_648

YouTube sin-bins account of KRACK WPA2 researcher

The YouTube account of the researcher behind the KRACK WPA2 Wi-Fi vulnerability was restored early on Thursday hours after it was shut down for violating "community guidelines". Mathy Vanhoef‏ was told that his YouTube account had been sin-binned late on Wednesday. The move provoked criticism from security pros. Around two …
John Leyden, 19 Oct 2017
sad kids

Hackers can track, spoof locations and listen in on kids' smartwatches

Tests on smartwatches for children by security firm Mnemonic and the Norwegian Consumer Council have revealed them to be riddled with flaws. The Oslo-based company teamed up with the trading standards body to investigate several smartwatches aimed at kids, specifically the Xplora (and associated mobile application Xplora T1), …
John Leyden, 18 Oct 2017

BoundHook: Microsoft downplays Windows systems exploit technique

Features of the Intel MPX designed to prevent memory errors and attacks might be abused to launch assaults on Windows systems, security researchers claim. Windows 10 uses Intel to secure applications by detecting boundary exceptions (common during a buffer overflow attack). An exploit technique by CyberArk Labs uses the …
John Leyden, 18 Oct 2017
Banned

uBlock Origin ad-blocker knocked for blocking hack attack squawking

Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks. At the heart of the matter is a fairly new technology called content security policy reporting, or CSP reporting. It's …
John Leyden, 17 Oct 2017

Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA …
John Leyden, 16 Oct 2017

Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Iran has been blamed for the brute-force attack on UK Parliament earlier this year. An unpublished assessment by British intelligence obtained by The Times fingers Iran for the high-profile hack. The revelation comes as the US president has refused to continue signing off the 2015 Iran nuclear deal, to which the UK is a party …
John Leyden, 16 Oct 2017
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks. …
John Leyden, 16 Oct 2017
lock

Android ransomware DoubleLocker encrypts data and changes PINs

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs. DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims. "Its payload can change the device's PIN, preventing the victim …
John Leyden, 13 Oct 2017
A handful of euro 1 cent coins

More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

Updated Sketchy websites are increasingly using cryptocurrency mining as a source of income. CoinHive – the most prevalent cryptocurrency mining code provider – and its clones are becoming an alternative to dodgy advertising affiliate programs and survey scams in many cases. More than 220 websites – mostly porn sites and torrent …
John Leyden, 13 Oct 2017

OnePlus privacy shock: So, the cool Chinese smartphones slurp an alarming amount of data

OnePlus mobiles are phoning home rather detailed information about handsets without any obvious permission or warnings, setting off another debate about what information our smartphones are emitting. Software engineer Christopher Moore discovered that the information collected included the phone's International Mobile …
John Leyden, 12 Oct 2017

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach. Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …
John Leyden, 12 Oct 2017

North Korean hackers allegedly probing US utilities for weaknesses

Hackers believed to be from North Korea are casing out US electric companies in preparation for a possible cyber attack – so says security firm FireEye. "FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to US electric companies by known cyber threat actors likely affiliated with the North …
John Leyden, 11 Oct 2017

When Irish data's leaking: Supermarket shoppers urged to check bank statements

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave. Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its …
John Leyden, 11 Oct 2017

Hackers in Arab world collaborate more than hoodie-clad Westerners

Cybercriminals in the Arab states are some of the most cooperative in the world, according to Trend Micro this week. The infosec biz's latest study, Digital Souks: A glimpse into the Middle Eastern and North African underground, identifies the most popular kinds of hacking tools and commodities, and the most active countries …
John Leyden, 10 Oct 2017
Spam

Brit bank fined £75k over 1.5 MEEELLION text and email spamhammer

A Bradford-based bank has been fined by the UK's data privacy watchdog for sending illegal marketing texts and emails. Vanquis Bank Limited spammed 870,849 text messages and 620,000 emails to promote its credit cards without the recipients' consent, which is against the law. The bank obtained the marketing lists used to send …
John Leyden, 10 Oct 2017
bank robbery

Overdraft-fiddling hackers cost banks in Eastern Europe $100m

Hybrid cyber attacks on banks in former Soviet states has already resulted in estimated losses of $100m. Security researchers at Trustwave report today that cybercriminals are using mules to open accounts with counterfeit documents while hackers compromise the bank's systems to obtain unauthorised privileged access and break …
John Leyden, 10 Oct 2017
MANCHESTER, UK - Cristiano Ronaldo reacts prior to the UEFA Champions League semi-final game between Manchester City and Real Madrid

Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows

Cryptojacking is well on its way to becoming a new menace to internet hygiene. On some sites, internet publishers are making money by using the spare processor cycles of visiting surfers to mine cryptocurrency, using scripts running in the background on pages to mine coins. In other cases, hackers have planted JavaScript on …
John Leyden, 10 Oct 2017

Fending off cyber attacks as important as combatting terrorism, says new GCHQ chief

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said. Jeremy Fleming, director of the signals intelligence service, said increased funding for GCHQ was being spent on making it a "cyber-organisation" as much as an intelligence and counter-terrorism unit. Fleming, who …
John Leyden, 9 Oct 2017

Video games used to be an escape. Now not even they are safe from ads

VB2017 Poor disclosure and intrusive advertising are becoming a bête noire for gamers who increasingly find themselves getting fragged by promos. Adverts in gaming or advergaming systems are becoming more complex as marketeers resort to techniques that embed advertising deep enough so that earlier ad-blocking attempts no longer work …
John Leyden, 9 Oct 2017
PHP, image via Shutterstock

Avast urges devs to secure toolchains after hacked build box led to CCleaner disaster

VB2017 Avast staffers spoke at the Virus Bulletin International Conference in Madrid, Spain, on Thursday to shed more light on their postmortem of the CCleaner fiasco – and urge developers to protect their software's toolchain and distribution systems from hackers. The widely used utility, which removes unwanted temporary files and …
John Leyden, 6 Oct 2017

Biting the hand that feeds IT © 1998–2017