John Leyden

Contact Mail Follow Twitter RSS feed
malware

64-bit malware threat may be itty-bitty now, but it's only set to grow

The volume of 64-bit malware in the wild remains low even though computers running 64-bit operating systems became ubiquitous years ago. The vast majority (93 per cent) of new computers sold worldwide operate on 64-bit Windows but most nasties were written to infect 32-bit systems, according to a new study by security firm …
John Leyden, 24 May 2017

Media players wide open to malware fired from booby-trapped subtitles

Hackers have gone back to the future by attempting to infect targets with booby-trapped subtitle files. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can hope to take complete control of any device running the vulnerable platforms. Hackers have pushed trojans …
John Leyden, 23 May 2017

.Science and .study: Domains of the bookish? More like domains of the JERKS!

The .science domain has become a “hotspots” of malicious or abusive activity on the internet, according to a new study out Tuesday. DNS-based cyber threat intelligence DomainTools found that .science had the highest concentration of bad domains, followed by .study and .racing. None of the 2017's most malicious generic Top …
John Leyden, 23 May 2017
Dolphins swimming

7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Miscreants have created a strain of malware that targets the same vulnerability as the infamous WannaCrypt worm. EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn't bundle a destructive malware payload, at …
John Leyden, 22 May 2017
Wages

Quick, better lock down that CISO role. Salaries have apparently hit €1m

Salaries for chief information security officers (CISOs) at leading European firms have hit €1m (£850,000) as the threat of data breaches grows, City AM reports. An experienced CISO told El Reg that only his counterparts in merchant banks could hope for such a salary. "Outside of investment banking I think total packages of £ …
John Leyden, 22 May 2017

Comodo database glitch causes billing problems

Updated While the rest of the world had its eyes firmly on the WannaCrypt outbreak, digital certificate firm Comodo suffered an unrelated but protracted database problem that affected its billing systems. The Register learned of the issue from reader Ian Barber who came across the problem in the process of getting a new SSL …
John Leyden, 19 May 2017
phishing

Crooks use WannaCrypt hysteria as hook for BT-branded phishing emails

Scoundrels have latched on to the WannaCrypt outbreak as a theme for scam emails. Coincidentally some consumers are receiving seemingly genuine warnings from their ISPs related to suspected infection during last week's worldwide ransomware outbreak. Action Fraud warned about a dodgy email trying to trick BT customers on …
John Leyden, 19 May 2017

‪There's a ransom-free fix for WannaCry‬pt. Oh snap, you've rebooted your XP box

Windows XP PCs infected by WannaCrypt can be decrypted without paying ransom by using a new utility dubbed Wannakey. Wannakey offers in-memory key recovery for Win XP machines infected by the infamous ransomware strain. The fix can be used to dump encryption keys from memory. This RSA private key, once recovered, can be used …
John Leyden, 19 May 2017

Three home security systems found to be vulnerable – if hackers were hiding in bushes

Three home security systems were riddled with bugs, according to new research made public this week. Rapid7 found 10 vulnerabilities after putting Comcast XFINITY, ADT, and AT&T Digital Life systems through their paces. The issues range from a "fail open" condition on the external door and window sensors, to weak, pre-shared …
John Leyden, 18 May 2017

Banking association calls for end of 'screen-scraping'

The European Banking Federation (EBF) has asked the EU Commission to support a ban on "screen scraping". Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client's access credentials. The Revised Directive on Payment …
John Leyden, 18 May 2017

Great Ormond Street children's hospital still offline after WannaCrypt omnishambles

Updated The internationally famous Great Ormond Street Hospital has been taken offline as a safety measure following last week's catastrophic WannaCrypt outbreak. The London-based children's hospital was not itself hit by the ransomware but has nonetheless quarantined its computer network. This has left staff without either email or …
John Leyden, 18 May 2017

Ransomware fear-flinger Uiwix fails to light

A ransomware variant, dubbed Uiwix, that abuses the same vulnerability as WannaCrypt has turned out to be something of a damp squib. Uiwix omits the kill switch domain that was instrumental in shutting down the spread of WannaCrypt while retaining its self-replicating abilities, Danish security firm Heimdal Security warned on …
John Leyden, 17 May 2017

Yo, patch that because scum still wanna exploit WannaCrypt-linked vuln

Vulnerable Windows Server Message Block (SMB) shares central to last week's WannaCrypt outbreak are still widely deployed and frequently hunted, security researchers warn. Rapid7 found over a million internet-connected devices that expose SMB on port 445. Of those, more than 800,000 run Windows, and – given that these are …
John Leyden, 17 May 2017
trump

Security shield slingers are loving Prez Trump's cybersecurity order

US President Donald Trump's cybersecurity executive order, signed on Thursday after a series of delays, will make federal agency heads accountable for protecting their networks. On the other side of the fence, computer security product makers have broadly welcomed the policy, which also calls on government and industry to …
John Leyden, 16 May 2017
James Franco clutches puppy alongside Seth Rogen in a still from The Interview

WannaCrypt 'may be the work of North Korea' theory floated

Security researchers are exploring the theory that the WannaCrypt ransomware might be the work of an infamous North Korean government-backed hacking crew. The crumb-trail-sniffing began on Monday after Neel Mehta, a security researcher from Google, posted an artefact on Twitter potentially pointing at a connection between the …
John Leyden, 16 May 2017

Cryptocurrency miner found armed with same exploits as WannaCrypt

The now infamous Windows vulnerability (MS17-010) exploited by the WannaCrypt ransomware has also been abused to spread another type of malware, specifically a cryptocurrency miner. The Adylkuzz campaign predates WannaCry by severals day and may even have limited the spread of last week’s WannaCry infection, according to …
John Leyden, 16 May 2017
Shadows, image via Shutterstock

Shadow Brokers resurface, offer to sell fresh 'wine of month' club exploits

The infamous Shadow Brokers hacking crew, central players in the release of the vulnerability that led to last week's WannaCrypt chaos, have returned online with a threat to release more exploits. WannaCrypt used the EternalBlue exploit and DoublePulsar backdoor developed by the NSA. These tools were dumped by the Shadow …
John Leyden, 16 May 2017

WannaCrypt outbreak contained as hunt for masterminds kicks in

A feared second wave of WannaCrypt ransomware attacks has failed to materialize, but 16 UK National Health Service Trusts are still grappling with last week's infection. WannaCrypt spread like wildfire last Friday, infecting computers and disrupting operations at 47 NHS Trusts, US firms including FedEx, Spain's Telefonica, …
John Leyden, 15 May 2017

Sophos waters down 'NHS is totally protected' by us boast

Updated Sophos updated its website over the weekend to water down claims that it was protecting the NHS from cyber-attacks following last week's catastrophic WannaCrypt outbreak. Proud website boasts that the "NHS is totally protected with Sophos" became "Sophos understands the security needs of the NHS" after the weekend scrub-up. …
John Leyden, 15 May 2017

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware. Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, …
John Leyden, 15 May 2017
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

WannaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain

Updated Workers at Telefónica's Madrid headquarters were left staring at their screen on Friday following a ransomware outbreak. Telefónica was one of several victims of a widespread file-encrypting ransomware outbreak, El Pais reports. Telefónica has confirmed the epidemic on its intranet while downplaying its seriousness, saying …
John Leyden, 12 May 2017
Image by rudall30 http://www.shutterstock.com/gallery-573151p1.html

'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes

The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff". Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM …
John Leyden, 12 May 2017
ocean_648

CyberArk splashes $42m on DevOps security whizz Conjur

Infosec firm CyberArk has bought Conjur, a provider of DevOps security software, for $42m. Israel-based CyberArk specialises in privileged account management and secrets protection. Conjur's tech for securing DevOps will allow CyberArk to dive deeper into the DevOps lifecycle to protect secrets and manage machine identities. …
John Leyden, 12 May 2017

LastPass resolves UK connectivity blooper

Cloud-based password manager LastPass has resolved an issue that left Brits unable to reliably access the service between Tuesday and Thursday this week. In response to queries from El Reg, LastPass blamed the tricky glitch on connectivity issues, which it has been able to route around and fix. A spokesperson for LogMeIn, the …
John Leyden, 12 May 2017

HP Inc ships laptops with sinister key-logger

Updated HP Inc ships a creepy key-logger on its laptops, according to security researchers. A Conexant audio driver for headphones, which is installed on the computers, records the user's keystrokes to a file on disk, we're told. This file – C:\Users\Public\MicTray.log – can be read by any malware running on or anyone logged into the …
John Leyden, 11 May 2017

Biting the hand that feeds IT © 1998–2017