John Leyden

Contact Mail Follow Twitter RSS feed
A Chinese laundry on the back streets of Shanghai

China ALTERED its public vuln database to conceal spy agency tinkering – research

China has altered public vulnerability data to conceal the influence of its spy agency in the country's national information security bug reporting process. The damning finding from threat intel firm Recorded Future follows months of research examining the publication speed for China’s National Vulnerability Database (CNNVD …
John Leyden, 12 Mar 2018
Car crash

DVLA denies driving licence processing site is a security 'car crash'

A UK government agency has disputed complaints from security pros that its website involved in the processing of driving licence applications is insecure and otherwise unfit for purpose. Reader Andy, who asked to remain anonymous, alerted us to what he described as a "disgraceful web server configuration" at https://motoring. …
John Leyden, 9 Mar 2018

Your entire ID is worth £820 to crooks on dark web black market

Fraudsters operating on the dark web could buy a person's entire identity ("fullz" in the cybercrook lingo) for just £820. Bank account details, Airbnb profiles and even Match.com logins are worth money to bidders that reside on the murkier side of the internet, a study by virtual private network comparison site Top10VPN.com …
John Leyden, 8 Mar 2018
server

Buffer overflow in Unix mailer Exim imperils 400,000 email servers

Researchers have uncovered a critical buffer overflow vulnerability in all versions of the Exim mail transfer agent. The flaw (CVE-2018-6789) leaves an estimated 400,000 email servers at potential risk to remote code execution-style attacks. Fortunately a patched version (Exim version 4.90.1) is already available. The bug …
John Leyden, 7 Mar 2018

CryptoLurker hacker crew skulk about like cyberspies, earn $$$

A sophisticated mystery hacker group is using tactics more familiar to the world of cyber espionage to earn millions through mining malware. Kaspersky Lab researchers report that cybercrooks have begun using infection methods and techniques borrowed from targeted attacks in order to install mining software. The most …
John Leyden, 6 Mar 2018
rain on an umbrella

Spring break! Critical vuln in Pivotal framework's Data parts plugged

Pivotal Labs' Spring Data REST project has a serious security hole that needs patching. Pivotal's Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These …
John Leyden, 5 Mar 2018
blood splatter

RedDrop nasty infects Androids via adult links, records sound, and fires off premium-rate texts

A newly discovered strain of Android malware makes live recordings of ambient audio around an infected device. The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the …
John Leyden, 2 Mar 2018
Broken chain graphic

23,000 HTTPS certs will be axed in next 24 hours after private keys leak

Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours. This is allegedly due to a security blunder in which the private keys for said certificates ended up in an email sent by Trustico. Those keys are …
John Leyden, 1 Mar 2018
Jigsaw puzzle of a desktop box

Got that itchy GandCrab feeling? Ransomware decryptor offers relief

White hats have released a free decryption tool for GandCrab ransomware, preventing the nasty spreaders of the DIY malware from asking their victims for money. GandCrab has been spreading since January 2018 via malicious advertisements that lead to the RIG exploit kit landing pages or via crafted email messages impersonating …
John Leyden, 28 Feb 2018
I think I'm a clone now

XM-Hell strikes single-sign-on systems: Bugs allow miscreants to masquerade as others

Various single-sign-on systems can be hoodwinked to allow miscreants to log in as strangers without their password, all thanks to bungled programming. Specifically, the vulnerable authentication suites mishandle information submitted in the XML-like Security Assertion Markup Language (SAML). These weaknesses can be potentially …
John Leyden, 28 Feb 2018

Use of HTTPS among top sites is growing, but weirdly so is deprecated HTTP public key pinning

The adoption of HTTPS among the top million sites continues to grow with 38.4 per offering secure web connections. A study by web security expert Scott Helme, published on Tuesday, found that HTTPS adoption by the web's most-visited sites had grown more than 7 percentage points from 30.8 per cent over the last six months since …
John Leyden, 27 Feb 2018
shutterstock_56353756-band

Fender's 'smart' guitar amp has no Bluetooth pairing controls

Updated Guitar amp manufacturer Fender's recently-introduced Mustang GT 100 guitar amplifier can be made to play whatever audio an attacker fancies, security researchers have discovered. The amp allows Bluetooth connections, but without pairing security. Anyone within range could therefore "stream arbitrary audio to it and hijack your …
John Leyden, 27 Feb 2018
miner

Opt-in cryptomining script Coinhive 'barely used' say researchers

Few sites are bothering to use the opt-in version of Coinhive, the controversial ride-along JavaScript crypto-mining package that requires end-users' consent to run. So said security firm Malwarebytes in an analysis emitted on Monday, but Coinhive developers disputed those findings and argued that a third of cryptomining-using …
John Leyden, 27 Feb 2018
women laughing

Until last week, you could pwn KDE Linux desktop with a USB stick

A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device. The security howler created a means to execute arbitrary code on KDE by simply naming a pendrive VFAT volume $() or similar, as explained in this advisory ( …
John Leyden, 12 Feb 2018
Jigsaw puzzle of a desktop box

Cryakl ransomware antidote released after servers seized

Free decryption keys for the Cryakl ransomware were released last Friday – the fruit of an ongoing cybercrime investigation. The keys were obtained during an ongoing investigation by Belgian cops, and shared with the No More Ransom project, an industry-led effort to combat the growing scourge of file-encrypting malware. The …
John Leyden, 12 Feb 2018

Ghost in the DCL shell: OpenVMS, touted as ultra reliable, had a local root hole for 30 years

Forget Meltdown and Spectre. Someone's found a local privilege escalation in the operating system world's elderly statesman OpenVMS when running it on VAX and Alpha processors. On Itanium CPUs, the same bug can be exploited to crash a process. More details on the flaw, which has been given the designation CVE-2017-17482, are …
John Leyden, 6 Feb 2018
guard dog

GCHQ unit claims it has 'objectively' made the UK a less desirable target to cybercrims

GCHQ's National Cyber Security Centre claims that its strategy of "actively defending" the UK against high-volume commodity attacks is working. The Active Cyber Defence (ACD) programme aims to "protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the …
John Leyden, 5 Feb 2018
sex work

Bluetooth 'Panty Buster' 'smart' sex toy fails penetration test

Security researchers have found multiple vulnerabilities in smart sex toys that open up the potential for all sorts of mischief by hackers. The Bluetooth and internet-connected Vibratissimo Panty Buster, and its associated online services, made by German gizmo biz Amor Gummiwaren, are riddled with exploitable privacy flaws, …
John Leyden, 2 Feb 2018
Woman in hospital (in hospital gown) covers face with hands

On the NHS tech team? Weep at ugly WannaCry post-mortem, smile as Health dept outlines plan

The WannaCry outbreak has forced the UK's national health service to overhaul its crisis planning to put new measures in place to avoid further crippling cyber attacks. A UK Department of Health and Social Care postmortem on the May 2017 WannaCry outbreak, published on Thursday, repeats the findings of previous UK government …
John Leyden, 2 Feb 2018

Hey, you know what the internet needs? Yup, more industrial control systems for kids to hack

The number of industrial control systems (ICS) connected to the internet has increased year on year – meaning more and more infrastructure is sitting on the 'net potentially open to attack. Of the 175,632 internet-accessible ICS equipment detected, approximately 42 per cent were in the US, marking a 10 per cent increase over …
John Leyden, 2 Feb 2018
boarded-up windows

Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

Hackers* have improved the reliability and potency of Server Message Block (SMB) exploits used to carry out the hard-hitting NotPetya ransomware attack last year. EternalBlue, EternalSynergy, EternalRomance and EternalChampion formed part of the arsenal of NSA-developed hacking tools that were leaked by the Shadow Brokers …
John Leyden, 31 Jan 2018
Person using a card reader

Oracle point-of-sale system vulnerabilities get Big Red cross

A vulnerability has been unearthed in Oracle MICROS point-of-sale (POS) terminals that allowed hackers to read sensitive data from devices. The flaw (CVE-2018-2636) was fixed in Oracle's January 2018 patch batch, allowing business app security firm ERPScan to go public with its findings. Left unresolved, the bug would enable …
John Leyden, 31 Jan 2018

Been bugging the boss for a raise? Now's the time to go into infosec

Cybersecurity specialists will enjoy the highest salary increases among IT professionals with rises of 7 per cent – compared to 2 per cent for devs and 3 per cent for infrastructure experts – according to a survey by recruitment consultancy Robert Walters. Infosec bods have become ever more highly sought in the wake of high- …
John Leyden, 31 Jan 2018
Putin

Kremlin social media trolls aren't actually that influential, study finds

The effect of Russian trolls influencing opinion through social media is far more minor than commonly supposed, according to a new study. It is believed Kremlin agents orchestrated efforts to manipulate public opinion on the web, often around major political events such as the US presidential election, through dedicated …
John Leyden, 30 Jan 2018

Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. Ransomware scammers have long directed victims to payment portals on the Tor network. For those who do not want to or cannot install the Tor browser necessary to pay their ransoms, operators generally direct victims to a Tor proxy …
John Leyden, 30 Jan 2018

Biting the hand that feeds IT © 1998–2018