John Leyden

Contact Mail Follow Twitter RSS feed

Seek 'passion' and tech skills will follow, say recruiting security chiefs

Plugging the infosec skills gap with expensive consultants or by trying to hire already skilled people won't fix recruitment headaches, Thom Langford, CISO at Publicis Groupe, insisted at the #IRISSCERT conference in Dublin this week. He argued that the industry should be looking for "passionate people and inspire them", …
John Leyden, 24 Nov 2017

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical. Despite this, major security events resulting in loss of data, services, or financial loss are becoming increasingly commonplace. Brian Honan, founder and head of Ireland's first …
John Leyden, 24 Nov 2017
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

'Data is the new oil': F-Secure man on cartels, disinformation and IoT

Questions about cyber influence continue to cloud last year's US presidential elections and recently similar allegations have been levelled against the Brexit vote. Mexican armed forces are apprehensive about upcoming elections in that country but it's not the US or the Russians they are worried about – it's the cartels. Mikko …
John Leyden, 23 Nov 2017

Once more unto the breach: El Reg has a go at crisis management

Hacks played representatives of a hacked company in an incident response exercise run by F-Secure this week. The Live Security product interactive workshop was based on an actual customer experience adapted for a media audience. Around 20 members of the international media became the board members and managers of a company …
John Leyden, 22 Nov 2017
Container ship docked at port with crystal blue waters.

Container ship loading plans are 'easily hackable'

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan". The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied …
John Leyden, 20 Nov 2017
Donald trump reading fake news

Fake news ‘as a service’ booming among cybercrooks

Criminals are exploiting “fake news” for commercial gain, according to new research. Fake news is widely assumed to be political or ideological propaganda published to sway public opinion, but new research conducted by threat intel firm Digital Shadows and released on Thursday suggested fake news generation services are now …
John Leyden, 17 Nov 2017

Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach. Customers were notified of the leak on Thursday by email, samples of which have been posted on social media. Cash Converters said it had discovered that a third party gained unauthorised access to customer data within the company's UK webshop …
John Leyden, 16 Nov 2017
Trojan horse photo via Shutterstock

New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality. Built on the Zeus framework, whose code was leaked in 2011, Terdot adds a number of novel techniques to the market, such as leveraging …
John Leyden, 16 Nov 2017
A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017

Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Updated Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities. BlueBorne – described in the video below – is the collective name for eight exploitable flaws found in Bluetooth stacks used by major hardware …
John Leyden, 15 Nov 2017

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted. A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which …
John Leyden, 15 Nov 2017
Hacker

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Russia has denied that a person nabbed by Estonian local authorities was one of its spies. Estonia alleges the suspect had been intent on hacking into the Baltic country’s computer network. Alexei Vasilyev, 20, was arrested in the northeastern border city Narva on 4 November as he was about to leave Estonia by officials of the …
John Leyden, 14 Nov 2017
password

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts. The eggheads peered into online black markets where people's login details are bought and sold to get an idea of the root cause of these account takeovers and the subsequent …
John Leyden, 10 Nov 2017
UN General Assembly

Microsoft president says the world needs a digital Geneva Convention

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the growing problem of nation-state cyber attacks on Thursday. Smith, also Redmond's chief legal officer, last month publicly accused North Korea of the WannaCry ransomware attack. During the UN session on internet governance challenges, Smith made …
John Leyden, 10 Nov 2017
spies_648

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

The CIA wrote code to impersonate Kaspersky Labs in order to more easily siphon off sensitive data from hack targets, according to leaked intel released by Wikileaks on Thursday. Forged digital certificates were reportedly used to "authenticate" malicious implants developed by the CIA. Wikileaks said: Digital certificates …
John Leyden, 10 Nov 2017
shutterstock_225964027-pizz

Not even ordering pizza is safe from the browser crypto-mining scourge

A total of 2,531 of the top 3 million websites (1 in 1,000) are running the Coin Hive miner, according to new stats from analytics firm Red Volcano. BitTorrent sites and the like were the main offenders but the batch also included the Ecuadorian Papa John's Pizza website [see source code]. JavaScript-based Coin Hive crypto- …
John Leyden, 9 Nov 2017

New tech for Ops crew: Scanning containers for open-source vulns

Black Duck has launched a product that provides automatic detection of known open source vulnerabilities for containers. The release of the tech comes days after Synopsys agreed to acquire Black Duck for $565m in a deal expected to close in December. OpsSight, Black Duck’s first product specifically targeting the production …
John Leyden, 9 Nov 2017

Credential-stuffing defence tech aims to defuse password leaks

A system that aims to identify stolen passwords before breaches are reported or even detected was launched on Tuesday. Shape Security's Blackfish credential defence system is designed to detect the use of stolen usernames and passwords by criminals and in real time. The technology is a mechanism for organisations to identify …
John Leyden, 8 Nov 2017

Mirai, Mirai, pwn them all, who's the greatest botnet on the whole?

The Mirai botnet is alive and kicking more than a year after its involvement in a DDoS attack that left many of the world's biggest websites unreachable. DNS provider Dyn reckons about 100,000 Mirai-infected gadgets knocked it out back in October 2016. A study by security ratings firm SecurityScorecard, out Tuesday, found that …
John Leyden, 7 Nov 2017
Angry man yelling on phone while reading vintage printer paper report. Photo by SHutterstock

Oh Brother: Hackers can crash your unpatched printers – researchers

Updated Security researchers have said they've uncovered a new way for hackers to crash Brother printers. More specifically, they've put out an advisory saying a vulnerability in the web front-end of Brother printers (the Debut embedded http server) allows an attacker to launch a Denial of Service attack. The attack might be carried …
John Leyden, 7 Nov 2017
Tax haven

Paradise Papers were not an inside job, says leaky offshore law firm

Revelations from the Paradise Papers, a leaked set of more than 13 million financial documents, have shed light on how the rich and famous channel funds through offshore tax havens. Among early stories spawned from the leak and published over the weekend are allegations that Russia funded Facebook and Twitter investments …
John Leyden, 6 Nov 2017

ATM fees shake-up may push Britain towards cashless society

Thousands of free-to-use cash machines could be axed from Britain's high streets due to plans to cut fees that fund the network, banking industry group LINK warned last week. LINK has a strategy to minimise the impact to consumers due to a proposed reduction in fees over the next four years from around 25p to 20p per cash …
John Leyden, 6 Nov 2017
Estonia folk dancers in traditional costume

Estonia government locks down ID smartcards: Refresh or else

The Estonian government is suspending the use of the Baltic country’s identity smartcards in response to a recently discovered and wide-ranging security flaw. Residents of the Baltic country will still be able to use smartphone equivalent of the technology, which is used to access government services and online banking. Use of …
John Leyden, 3 Nov 2017

Biggest Tor overhaul in a decade adds layers of security improvements

Tor developers have taken the wraps off the next generation of onion services. The alpha release promises the biggest overhaul in the anonymizing network for the past 10 years. The opening section of the change log provides a good overview of the tweaks, some of which aim to address recently discovered security weaknesses in …
John Leyden, 3 Nov 2017

Biting the hand that feeds IT © 1998–2017