John Leyden

Contact Mail Follow Twitter RSS feed
Doctors in a busy hospital

UK health service boss in the guts of WannaCry outbreak warns of more nasty code infections

The UK's National Health Service has learned from last year's WannaCry attack – and started putting in place disaster recovery measures that will allow it to maintain services in the face of an even fiercer assault. The worldwide spread of WannaCry last May hit hospital networks particularly hard and left doctors and nurses …
John Leyden, 13 Apr 2018
Woman accidentally kicks over bucket of popcorn in cinema

From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people's data

TrueMove H, the biggest 4G mobile operator in Thailand, has suffered a data breach. Personal data collected by the operator leaked into an Amazon Web Services S3 cloud storage bucket. The leaked data, which includes images of identity documents was accessible to world+dog before the mobile operator finally acted to restrict …
John Leyden, 13 Apr 2018
Smarter Wi-Fi kettle

'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer

IoT security regulations could stifle innovation without addressing the security problems at hand, a well-respected security researcher controversially argues. Compromised IoT devices were press ganged into the Mirai botnet and infamously used in a DDoS attack that left many of the world’s most famous sites unreachable back in …
John Leyden, 12 Apr 2018
illustration showing russian president vladimir putin winking

GCHQ boss calls out Russia for 'industrial scale disinformation'

GCHQ‬ boss Jeremy Fleming has hailed the success of a cyber-offensive against ISIS last year and warned of the growing threat posed by Russia. During a wide-ranging speech at the CyberUK conference in Manchester on Thursday morning, Fleming said a cyber operation last year had disrupted ISIS's [Daesh] communications. In 2017 …
John Leyden, 12 Apr 2018
Person hides face in shocked anticipation of something horrible. Photo via shutterstock

UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that

The UK government has launched a new cyber attack categorisation that is designed to improve response to incidents – sadly it doesn't go up to 11.* Categorisation into bands ranging from six down towards one (the most severe) will span the full range of incidents from localised attacks against individuals or SMEs up to " …
John Leyden, 12 Apr 2018
Amber Rudd

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

Britain's Home Secretary Amber Rudd has launched a crackdown on criminals who exploit the dark web. As part of a £9m fund, law enforcement’s response will be ramped up to tackle those who use the darker recesses of the web for illegal activities, such as the selling of firearms, drugs, malware and people. More than £5m will …
John Leyden, 11 Apr 2018

Company insiders behind 1 in 4 data breaches – study

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link... The latest edition of Verizon's Data Breach Investigations Report (DBIR) …
John Leyden, 10 Apr 2018

Botched upgrade at Belgian bank Argenta sparks phishing frenzy

Belgian bank Argenta has apologised for a botched tech plumbing upgrade that delayed transfers and confronted customers with incorrect balance data. The bank, which has 1.4 million Belgian customers, blamed the problems on post-upgrade issues with the data transfer mechanism between its two data centres, among other things. …
John Leyden, 6 Apr 2018

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

Security researchers have uncovered 1.5 billion business and consumer files exposed online – just a month before Europe's General Data Protection Regulation comes into force. During the first three months of 2018, threat intel firm Digital Shadows detected 1,550,447,111 publicly available files across open Amazon Simple …
John Leyden, 5 Apr 2018
hacker

Gosh, these 'hacker' nerds are only getting more sophisticated

Hackers have moved away from simple point-of-sale (POS) terminal attacks to more refined assaults on corporations' head offices. An annual report from security firm Trustwave out today highlighted increased sophistication of web app hacking and social engineering tactics on the part of miscreants. Half of the incidents …
John Leyden, 5 Apr 2018
radar

US spanks EU businesses in race to detect p0wned servers

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye. Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions …
John Leyden, 5 Apr 2018
still of Ian McKellan as magneto in the x-men movie

Badmins: Magento shops brute-forced to scrape card deets and install cryptominers

Hackers have compromised hundreds of e-commerce sites running the popular open-source Magento platform to scrape credit card numbers and install crypto-mining malware. The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials, threat intel firm Flashpoint has warned …
John Leyden, 3 Apr 2018
facebook_shock_648

One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools

Ad and JavaScript blocking is not enough to thwart privacy invasions by the likes of Facebook: more active countermeasures are needed. The internet ought to "route around" known privacy abusers, shifting from passive blocking of cookies, host names, and scripts to a more active deception model. Just like enterprises and other …
John Leyden, 3 Apr 2018
shutterstock_236128771

Creaking protocols are threat to EU's telecom infrastructure security

Legacy technologies pose a threat to the European Union's telecommunications infrastructure, a study by cybersecurity agency ENISA warns. 2G/ 3G mobile networks worldwide still depend on SS7 and Diameter for controlling communications (routing voice calls and data) as well as sets of protocols designed "decades ago without …
John Leyden, 29 Mar 2018
iot_internet_of_things

Internet of insecure Things: Software still riddled with security holes

An audit of the security of IoT mobile applications available on official stores has found that tech to safeguard the world of connected things remains outstandingly mediocre. Pradeo Security put a representative sample of 100 iOS and Android applications developed to manage connected objects (heaters, lights, door-locks, baby …
John Leyden, 28 Mar 2018
The City through the Barrier, photo: Gavin Clarke

Most FTSE 100 boards kept in the dark about cyber resilience plans

Only one in five FTSE 100 companies disclose testing of online business protection plans. Most (57 per cent) of FTSE 100 companies talk about their overall crisis management, contingency or disaster recovery plans within their annual reports but few in comparison mention cybersecurity. Just 21 per cent of UK Blue Chip …
John Leyden, 28 Mar 2018

Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb

There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash. In 2017, exploit kit development declined 62 per cent, with only a few kits including AKBuilder, Disdain and Terror showing significant activity, according to a study by threat intel firm Recorded Future …
John Leyden, 27 Mar 2018
server

GCHQ's infosec crew plans to 'scale up' Web Check to improve uk.gov site security

Efforts to improve the UK.gov's secure server setup are being ramped up through an expansion of a scheme from the National Cyber Security Centre, the infosec folk at British crypto and intel agency GCHQ. Car crash DVLA denies driving licence processing site is a security 'car crash' READ MORE The web certificate set-up and …
John Leyden, 27 Mar 2018
Picture by Orlok / Shutterstock

UK surgeon suspects his PC was hacked to target Syrian hospital

A British surgeon whose instructions over the internet helped to guide operations in war-torn Aleppo fears his PC was hacked in order to target a makeshift hospital that was subsequently bombed. Consultant David Nott gave remote instructions via Skype and WhatsApp that helped doctors in Syria carry out operations. Footage of …
John Leyden, 21 Mar 2018
Boom across construction area with sign denying walkers access

Symantec cert holdout sites told: Those Google Chrome warnings are not a good look

Many high profile UK sites still use Symantec certificates just days before Google will begin the process of dropping support for them with the next and upcoming releases of its Chrome browser. Google's looming disavowal of digital certificates issued by Symantec will occur across two effective dates, April and October. …
John Leyden, 21 Mar 2018

Leading by example: UK.gov's secure server setup is patchy at best

The security of UK government websites is inconsistent, and local authorities are among the worst offenders. Ministers have for years spoken about making the UK "one of the most secure places in the world to do business in cyberspace", one component of which is making government services available online. The government also …
John Leyden, 20 Mar 2018

Coverity Scan code checker's systems crypto-jacked to run cheeky mining op

The systems of freebie open-source code scanning tool Coverity Scan were hacked and abused to run a cryptocurrency mining operation, its operator has confirmed. Synopsys, the firm behind Coverity Scan, said its corporate systems were not affected by the previously unexplained incident, which resulted in the suspension of the …
John Leyden, 19 Mar 2018
money laundering

Crooks opt for Monero as crypto of choice to launder ill-gotten gains

Crooks are increasingly turning to Monero over Bitcoin, according to a new study on the economics of cybercrime. "Platforms like Monero are designed to be truly anonymous, and tumbler services like CoinJoin can [further] obscure transaction origins," said Dr Mike McGuire, senior lecturer in criminology at Surrey University and …
John Leyden, 16 Mar 2018

Ugh, of course Germany trounces Blighty for cyber security salaries

Cyber security professionals in Germany earn on average 17 per cent more than their UK counterparts. A survey by recruitment firm Willis Towers Watson found that Germany (£56,485/€64,187) leads cyber security pay1 in Europe, followed closely by Ireland (£55,485/€63,000) and France (£51,197/€58,178). The UK ranks fifth (£48,020 …
John Leyden, 16 Mar 2018
spectre

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about. Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again. In …
John Leyden, 15 Mar 2018

Biting the hand that feeds IT © 1998–2018