John Leyden

Contact Mail Follow Twitter RSS feed
Johnny English

UK.gov teams up with Five Eyes chums to emit spotters' guide for miscreants' hack tools

The UK's National Cyber Security Centre and its western intel pals have today put out a report spotlighting the most commonly wielded hacking utilities. The study sets out five categories of publicly available hacking tools used by crims, spies and hacktivists worldwide. The list won't come as too much of a surprise to …
John Leyden, 11 Oct 2018
DDOS

In the two years since Dyn went dark, what have we learned? Not much, it appears

The majority (72 per cent) of FTSE 100 firms are vulnerable to DNS attacks, nearly two years after the major Dyn outage. head of 50s-style robot Today the web was broken by countless hacked devices – your 60-second summary READ MORE A similar three in five of the top 50 companies listed in the Fortune 500 are also ill- …
John Leyden, 11 Oct 2018
fox, image via shutterstock

Mozilla grants distrusted Symantec certs a stay of execution, claims many sites yet to make switch

Mozilla has postponed its plans to distrust all legacy digital certificates from Symantec, spreading dismay in security circles. The org has put off the disavowal because many well-trafficked websites have not switched – despite the execution notice going up over a year ago. Ordinary surfers will notice it once Chrome 70 lands …
John Leyden, 11 Oct 2018
hacker

China's clampdown on Tor pushes its hackers into foreign backyards

Underground hacker forums in China and Russia are as different as each country's regular shopping bazaars, according to research from Recorded Future. Both Russian and Chinese forums host a wide variety of international content. Russian forums rarely if ever feature data dumps from Russian firms. By contrast, data dumps and …
John Leyden, 10 Oct 2018
Man feels someone else's pain

Workplace services-flinger Sodexo pulls Engage website after division hit by malware smackdown

Employee benefits firm Sodexo has suffered a data breach exposing personal info believed to include names, email addresses and home addresses after UK arm Sodexo Motivation Solutions’ internal IT systems were hit by malware. In the wake of the breach, it pulled Engage's staff-facing retail discount and perks website …
John Leyden, 10 Oct 2018
card

Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites

The payment-card-skimming malware operation dubbed Magecart has turned up again, this time in Shopper Approved, a customer rating plugin for websites. Shopper Approved is a toolkit used by hundreds of e-commerce sites, and it was infected with the MageCart spyware, allowing crooks to siphon off bank card data entered into …
John Leyden, 9 Oct 2018
danger

It's a cert: Hundreds of big sites still unprepared for starring role in that Chrome 70's show

Hundreds of high-profile websites are still unprepared for the total disavowal of legacy Symantec-issued digital certificates that will kick in with the release of Chrome 70 next week. Boom across construction area with sign denying walkers access Symantec cert holdout sites told: Those Google Chrome warnings are not a good …
John Leyden, 9 Oct 2018
young woman looks through blinds

Which? That smart home camera? The one with the vulns? Really?

Which? Magazine has been called out for recommending a line of smart home cameras with known vulnerabilities. The Consumers' Association magazine has worked hard to build trust in its consumer-focused product reviews. The fact that the Samsung SmartCam SNH-P-6410 smart home security camera still has Which's "Best Buy" …
John Leyden, 8 Oct 2018

Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying

Four alleged Russian agents have been expelled from the Netherlands after they attempted to hack the chemical weapons watchdog probing the Novichok poisonings in Salisbury, England, and the chemical attack case in Douma, Syria. According to the Dutch Ministry of Defence on Thursday, the four Russians arrived at Schiphol …
John Leyden, 4 Oct 2018
A troll emerging from a nesting doll

UK pins 'reckless campaign of cyber attacks' on Russian military intelligence

The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government's National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake …
John Leyden, 4 Oct 2018
Beware awkward moments next exit

Sendgrid blurts out OWN customers' email addresses with no help from hackers

Cloud-based email marketing service SendGrid has copped to blabbing customer email addresses, chalking it up to some overenthusiastic indexing without explaining why pages were public-facing in the first place. In a breach notice sent out on Tuesday 2 October, SendGrid said that "some email addresses processed through the …
John Leyden, 4 Oct 2018
man holds magnifying glass

VirusTotal slips on biz suit, says Google's daddy will help the search for nasties

Alphabet-owned malware aggregator website VirusTotal has given itself an enterprise-focused makeover. The firm said the reboot "takes advantage of Alphabet's "increased scalability of data collection, processing, and search" to help threat intel teams work faster. Front and centre of the upgrade is the introduction of Private …
John Leyden, 28 Sep 2018

Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)

A UEFI rootkit, believed to have been built by Kremlin spies from an anti-thief software program to snoop on European governments, has been publicly picked apart by researchers. A rootkit is a piece of software that hides itself on computer systems, and uses its root or administrator-level privileges to steal and alter …
John Leyden, 28 Sep 2018

Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is 'insecure'

Hackers can blow holes in Apple's managed service technology and sneak their own rogue devices onto corporate fleets of mobile iThings. Weaknesses in Apple's Device Enrollment Program (DEP) allow the ne'er-do-wells to run targeted attacks on both the networks of the corporate shiny-shiny and the backend systems that support …
John Leyden, 27 Sep 2018

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

A Linux kernel vulnerability that can only be exploited locally is nonetheless proving a bit of a nuisance. It's a classic local privilege escalation bug, dubbed CVE-2018-14634, and lets an intruder or logged-in rogue user obtain root-level control over the machine. Eggheads at cloud security biz Qualys discovered the …
John Leyden, 27 Sep 2018
malware

Can't read my, can't read my... broker face: Premium Credit back online a week after cyber attack

UK-based insurance services firm Premium Credit has hauled itself back online following a malware-based attack that struck the business more than a week ago. Premium Credit underwrites insurance premiums for a network of brokers, business and personal customers and has 400 staffers across the UK and Ireland. In a statement on …
John Leyden, 26 Sep 2018
GHOST vulnerability

Open-source software supply chain vulns have doubled in 12 months

Use of vulnerable open source components has doubled over the last year despite their role in the high profile Equifax mega-breach. Sonatype’s fourth annual Software Supply Chain Report, published on Tuesday (available here, registration required), revealed a 120 per cent rise in the use of vulnerable open source components …
John Leyden, 25 Sep 2018
Tilted glass with milk lying on a table

Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords

Updated UK aggregator NewsNow has suffered a breach resulting in the leak of users' "encrypted" passwords. Word of the breach surfaced through reports to security consultant Troy Hunt, who runs the Have I Been Pwned service. Data breach at @NewsNowUK pic.twitter.com/6j1b03x4Fp — Troy Hunt (@troyhunt) September 24, 2018 The breach …
John Leyden, 25 Sep 2018
Ruth Bourne in front of reconstructed Bombe [photo credit: Charles Coultas]

WWII Bombe operator Ruth Bourne: I'd never heard of Enigma until long after the war

Interview El Reg had the honour of speaking with a war hero last Friday when the UK's National Museum of Computing fired up its replica Enigma code-breaker to decrypt messages sent from Poland. Ruth Bourne was among hundreds of Wrens who worked on the front line of code-breaking on 200 or so Bombe machines1 at sites in and around …
John Leyden, 25 Sep 2018
Encryption

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates. The problem, which has prompted much head-scratching in security circles, was raised by power user "kingcr" on Microsoft's technet forums back in June as part of an ongoing discussion. He …
John Leyden, 25 Sep 2018
Enigma machine Shutterstock

Enigma message crack honours pioneering Polish codebreakers

The Bombe team at The National Museum Of Computing (TNMOC) has succeeded in breaking an Enigma-encrypted message in a live Poland-to-England demo. The demonstration was described by TNMOC as a tribute to Polish cryptographers and wartime Bletchley Park staff. The reconstructed Turing-Welchman Bombe at TNMOC in Bletchley Park …
John Leyden, 21 Sep 2018

Scottish brewery recovers from ransomware attack

Updated Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack. The attack against the Isle of Arran-based Scottish beer maker appears to have been a targeted strike. Prior to the infection, adverts for an already filled finance post at the brewery were placed on recruitment sites …
John Leyden, 21 Sep 2018
You can't fight in here, this is the war room!

NSS Labs sues antivirus toolmakers, claims they quietly conspire to evade performance tests

NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing – by suing multiple vendors as well as an industry standards organisation. Its lawsuit, filed in California this week against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization ( …
John Leyden, 20 Sep 2018
Lloyd's Horse logo on building

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

A pair of IT workers have criticised banks within the Lloyds Banking Group (LBG) for substandard security. The group denies anything is amiss, maintaining it follows industry best practice on cyber-security. Each of the three LBG banks – Lloyds, Halifax, and Bank of Scotland – has implemented transport layer security by …
John Leyden, 20 Sep 2018
Network scientists

Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw

Telco EE's Mini Wi-Fi modem needs to be updated with a recently issued patch. A local privilege escalation vulnerability in the Alcatel-manufactured tech, discovered by ZeroDayLab, could be used to plant malware or steal info from Windows computers that use the kit for internet connectivity, the researchers warned. This …
John Leyden, 19 Sep 2018

Biting the hand that feeds IT © 1998–2018