John Leyden

Contact Mail Follow Twitter RSS feed
phone burn

And that's now all three LTE protocol layers with annoying security flaws

Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves. The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower's radio cell …
John Leyden, 29 Jun 2018

Adidas US breach may have exposed millions of customers' personal info

Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial …
John Leyden, 29 Jun 2018
Musician Lotte on stage in Germany

Startup bank Monzo: We warned Ticketmaster months ago of site fraud

Online bank Monzo said it warned Ticketmaster that something weird was going on in early April, two months before the ticket-slinging giant revealed its payment pages had been hacked. Monzo detected an abnormal number of customers who had both bought tickets from Ticketmaster since December and had fraudulent activity on their …
John Leyden, 28 Jun 2018
Doctors run to save patient. Photo by Shutterstock

NHS systems fell offline for 1,300+ hours over 36 months, cyber-nasties fingered – FoI study

NHS trusts across England experienced more than 1,300 hours of downtime in the last three years, according to results from Freedom of Information (FoI) requests. Nearly a third of the trusts (25 out of 80) that responded to an FoI request from Intercity Technology admitted they had experienced outages across their IT systems …
John Leyden, 28 Jun 2018
Someone playing an instrument

Ticketmaster gatecrash: Gig revelers' personal, payment info glimpsed by support site malware

Updated Ticketmaster UK has warned punters that malware infected one of its customer support systems – and may have siphoned off their personal information and payment details. Anyone in Britain who bought, or tried to buy, a ticket from the biz between February and June 23 this year, and international customers who purchased, or …
John Leyden, 27 Jun 2018
Burning money

A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod

Today (27 June) marks the first anniversary since the NotPetya ransomware ravaged a range of businesses from shipping ports and supermarkets to ad agencies and law firms. Once in a system, the code sought to encrypt files and destroyed master boot records, leaving infected Windows machines useless. The malware spread using the …
John Leyden, 27 Jun 2018
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA3 is the magic number? Protocol refresh promises tighter Wi-Fi security

The Wi-Fi Alliance has taken the wraps off the latest generation of Wi-Fi security, WPA3. Delivered on Monday, the security protocol brings new and improved authentication and encryption to wireless networks. Both home and enterprise networks stand to benefit from the upgrade. The revamp includes Simultaneous Authentication …
John Leyden, 26 Jun 2018
Dirty men's underwear

Israel cyber chief's 'pants' analogy for password security deemed, well, 'pants'

Israel's newly appointed cyber chief has raised eyebrows by offering questionable password advice during a high-profile presentation. Yigal Unna, Director General, Israel National Cyber Directorate, joked that passwords should be treated like underpants: changed often and never shared. His point was contained in a slide …
John Leyden, 26 Jun 2018
Electronic Trojan horse

'No questions asked' Windows code cert slingers 'fuel trade' in digitally signed malware

Trusted code-signing certificates are being sold to miscreants by allegedly unscrupulous vendors, fueling a growth in digitally signed Windows malware, a study has claimed. Security researchers at Masaryk University in the Czech Republic, and Maryland Cybersecurity Center (MCC) in the US, identified and monitored four …
John Leyden, 26 Jun 2018
Java microservice, photo via Shutterstock

Misconfiguration of Java web server component Jolokia puts orgs at risk

Misconfiguration of a commonly used Java web server component puts websites at risk of attack, web dev and security researcher Mat Mannion has warned. Shortcomings in Jolokia's Java Management Extensions (JMX) open the door to information disclosure, denial of service, and other potential attacks against Java web servers. The …
John Leyden, 25 Jun 2018

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

Israel Cyber Week With insecure computers in charge, the healthcare and transportation sectors have become a nexus of security problems, infosec veteran Bruce Schneier warned delegates at Israel Cyber Week. Schneier said that confidentiality attacks, such as leaks of personal information, are being replaced by more dangerous integrity and …
John Leyden, 22 Jun 2018

MOS-SAD: Israeli govt weighs in on Facebook privacy, promises action

Israel Cyber Week Facebook – already kicked around the block by politicians in the US and Europe over privacy in the wake of the Cambridge Analytica scandal – has come under fire from Israel. Both government ministers and visiting dignitaries waded into the fray at the Cyber Week conference in Tel Aviv on Thursday. “We must ensure that global …
John Leyden, 21 Jun 2018
Image by Maksim Kabakou

Israel cyberczar drops hints about country's new security initiative

Israel Cyber Week Israel is planning to develop a "state-level cyber-shield" to improve its resilience against hacking and malware, the country's newly appointed cyberczar said on Wednesday. Yigal Unna, director of Israel's National Cyber Directorate, said the shield would mitigate threats from both private outfits and government organisations …
John Leyden, 21 Jun 2018
Trophy. Image via Shutterstock

Private sector needs a little sumthin' sumthin' to get it sharing threat intel – US security chap

Israel Cyber Week Bigwigs mulled giving the UK's National Cyber Security Centre, the information assurance division of GCHQ, a regulatory function or even letting it charge for its services - before settling on its current role of encouraging better cybersecurity. That's what chief exec Ciaran Martin told Israel Cyber Week during a panel on …
John Leyden, 20 Jun 2018

Hot new application for blockchain: How does botnet control sound?

BSides Tel Aviv Blockchain technologies might be abused to create a takedown-resistant infrastructure for botnets. During a presentation at BSides Tel Aviv on Tuesday, security researcher Omer Zohar demonstrated proof-of-concept code for a fully functional command-and-control infrastructure built on top of the Ethereum network. Zohar was …
John Leyden, 20 Jun 2018

Um, excuse me. Do you have clearance to patch that MRI scanner?

Israel Cyber Week Healthcare regulations oblige medical equipment vendors to focus on developing the next generation of technologies rather than addressing current cybersecurity issues, according to experts presenting at the eighth Israel Cyber Week. Ophir Zilbiger, partner and head of the BDO Cybersecurity Center Israel consultancy, said …
John Leyden, 19 Jun 2018
L0pht back in the day [photo from Chris Wysopal]

'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

Interview It has been 20 years since Chris Wysopal (AKA Weld Pond) and his colleagues at the Boston-based L0pht* hacker collective famously testified before the US Senate that the internet was hopelessly insecure. Youtube Video Wysopal, now a successful entrepreneur and computer security luminary, recently went back to Capitol Hill, …
John Leyden, 18 Jun 2018
milk production line. Photo by SHutterstock

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

BSides London Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week's BSides London conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop …
John Leyden, 18 Jun 2018

Former FBI boss Comey used private email for official business – DoJ

Former FBI director James Comey was using Gmail for FBI business while overseeing the controversial probe into Hillary Clinton's use of a private email server during her tenure as US Secretary of State. A report from the US Department of Justice found Comey was "insubordinate" in his handling of the investigation while …
John Leyden, 15 Jun 2018
Photon, image via Shutterstock

Quantum cryptography demo shows no need for ritzy new infrastructure

Telefónica and Huawei have carried out a successful field trial of quantum cryptography on commercial optical networks. Other teams, notably a Toshiba Research and Cambridge University Engineering Department, have made great strides in Quantum Key Distribution (QKD), a technology that promises unprecedented secrecy. While …
John Leyden, 14 Jun 2018
Currys PC World shop sign. Pic: Shutterstock

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records. In a statement (PDF), Dixons Carphone said that "unauthorised access" of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up …
John Leyden, 13 Jun 2018

Hello, 'Apple' here, and this dodgy third-party code is A-OK with us

A recently discovered security vulnerability in how third party vendors are checking Apple's "code-signing" process potentially made it easier to trick macOS users into running malicious third-party code. Developers have been warned of the risk, but users still need to upgrade their software to guard against attacks exploiting …
John Leyden, 12 Jun 2018
OnePlus 6 product bottom up perspective

OnePlus 6 smartphone flash override demoed

The recently released ‪OnePlus 6‬ smartphone allows the booting of arbitrary images, security researchers at Edge Security have discovered. According to the researchers, the trick is possible using the fastboot boot image.img feature on the BBK Electronics phone – even when the bootloader is completely locked and in secure …
John Leyden, 12 Jun 2018

Hackers target payment transfer system at Chile's biggest bank, 'take $10m'

Banco de Chile has become the latest victim in a string of cyber attacks targeting the payment transfer systems of banks. The country's largest bank was hit on 24 May and thousands of workstations hobbled. The ransomware attack was well documented locally and the bank has apologised for disruptions, which ran into days. …
John Leyden, 11 Jun 2018
Dancers dressed as robots at rave

Deck the halls with HALs: AI steals the show at Infosec Europe

Artificial intelligence and machine learning - rather than Europe's General Data Protection Regulation – emerged as a key theme of the Infosecurity Europe Conference. Many security vendors - particularly in the field of endpoint security - have been talking up the potential for artificial intelligence for years. That’s the …
John Leyden, 8 Jun 2018

Biting the hand that feeds IT © 1998–2018