John Leyden

Contact Mail Follow Twitter RSS feed
Teenage girl pointing away

Look, what's that over there? Sophos nips Windows DNS DLL false positive in the bud

A Windows operating system library was wrongly identified as malware by Sophos's antivirus scanner for some users on Tuesday. Security software from Sophos quarantined dnsapi.dll, provoking a modest number of complaints on the antimalware maker's support forums. The main gripe seemed to be bogus alerts generated by the …
John Leyden, 17 Jul 2018

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow

Russia's vulnerability database is much thinner than its US or Chinese counterparts – but it does contain a surprisingly high percentage of security bugs exploited by its cyber-spies. Recorded Future's Priscilla Moriuchi and Dr Bill Ladd found the database is highly focused yet incomplete, slow to update, and "likely intended …
John Leyden, 17 Jul 2018
MOSCOW, RUSSIA, JANUARY 2017: Russian traditional toy - Matryoshka with a portrait of Putin and Trump. showcase souvenir kiosk Editorial credit: dimbar76 / Shutterstock, Inc.

Trump wants to work with Russia on infosec. Security experts: lol no

Security experts have poured scorn on plans by US president Donald Trump to work more closely with Russia on cybersecurity. After the summit in Helsinki on Monday, both Trump and Russian president Vladimir Putin deflected questions related to the US intelligence community's assessment that Russia attempted to interfer in the …
John Leyden, 17 Jul 2018
hacker

IoT search engine ZoomEye 'dumbs down' Dahua DVR hijackings by spewing passwords

Login passwords for tens of thousands of Dahua digital video recorder devices have been cached by ZoomEye, an IoT search engine, and published on the web so that even the dumbest hacker could crack unpatched kit. "A new low has been achieved in the ease of hacking IoT devices," said Ankit Anubhav, principal researcher at …
John Leyden, 16 Jul 2018

Kremlin hacking crew went on a 'Roman Holiday' – researchers

Researchers have claimed the infamous APT28 Kremlin-linked hacking group was behind a new cyber-espionage campaign they believe was targeted at the Italian military. Security researchers from the Z-Lab at CSE Cybsec spent the weekend unpicking a new malware-base cyber-espionage campaign allegedly conducted by APT28 (AKA Fancy …
John Leyden, 16 Jul 2018

Two-factor auth totally locks down Office 365? You may want to check all your services...

Hackers can potentially obtain access to Microsoft Office 365 emails and calendars even if multi-factor-authentication is in place, we were warned this week. Cybercrooks are able to force their way into corporate Office 365 accounts, bypassing single sign-on or multi-factor authentication, by targeting older systems that aren' …
John Leyden, 13 Jul 2018
Woman in city street using smartphone

Bogus Mobile Device Management system used to hack iPhones in India

Business iPhone users in India have been targeted in a sophisticated and attack run through bogus Mobile Device Management (MDM) servers. Using either physical access or - more likely - social engineering trickery, certificates from a selection of two sketchy MDM servers were installed on targeted iPhones. This gave the hacker …
John Leyden, 13 Jul 2018
Buildings in Dnepr City seen from the Dnieper River, ukraine

Ukraine claims it blocked VPNFilter attack at chemical plant

A Ukrainian intel agency has claimed it stopped a cyber attack against a chlorine plant that was launched using the notorious VPNFilter malware. Ukraine's SBU Security Service said it thwarted an attack on network equipment belonging to the LLC Aulska chlorine plant in Auly, about an hour away from Dnepr City in Dnipropetrovsk …
John Leyden, 13 Jul 2018
Spectre logo jazzed up

Google's ghost busters: We can scare off Spectre haunting Chrome tabs

Google is touting the benefits of a recently rolled out browser security feature called Site Isolation. Site Isolation has been gradually introduced to users of the Chrome browser over several months, and now Google has officially unveiled this important piece of tech. With Site Isolation is enabled, Chrome runs a different …
John Leyden, 12 Jul 2018
hacker

Ransomware is so 2017, it's all cryptomining now among the script kiddies

The number of organisations affected by cryptomining malware in the first half of 2018 ramped up to 42 per cent, compared to 20.5 per cent in the second half of 2017, according to a new report from Check Point. The top three most common malware variants seen in the first half of 2018 were all cryptominers: Coinhive (25 per …
John Leyden, 12 Jul 2018
Pulling the plug

What can $10 stretch to these days? Lunch... or access to international airport security systems

Dark web shops are selling access to computers on corporate networks for less than the cost of a short cab ride. Security researchers at McAfee have uncovered a network of so-called Remote Desktop Protocol (RDP) shops on the dark web which sell access to compromised IT systems, sometimes for as little as $10 a pop – which …
John Leyden, 12 Jul 2018
ticketmaster

Ticketmaster breach 'part of massive bank card slurping campaign'

The Ticketmaster breach was not a one-off, but part of a massive digital credit card-siphoning campaign. Threat intel firm RiskIQ reckons the hacking group Magecart hit Ticketmaster as part of a massive credit card card hacking campaign affecting more than 800 ecommerce sites. Magecart has evolved tactically from hacking …
John Leyden, 12 Jul 2018
Young man sitting in his new convertible car

Like my new wheels? All I did was squash a bug, and they gave me $72k

Vuln hunters brought home the bacon last year, according to figures released today by bug bounty platform HackerOne. The Hacker-Powered Security Report is a biannual study of vulnerability disclosure ecosystems. It found that organisations resolved 27,000 vulnerabilities, earning ethical hackers $11.7m in 2017 alone. The …
John Leyden, 11 Jul 2018
A Royal Air Force MQ-9 Reaper drone. Crown copyright

US military manuals hawked on dark web after files left rattling in insecure FTP server

Sensitive US Air Force documents have leaked onto the dark web as part of an attempted sale of drone manuals. Threat intel firm Recorded Future picked up on an auction for purported export-controlled documents pertaining to the MQ-9 Reaper drone during its regular work monitoring the dark web for criminal activities last month …
John Leyden, 11 Jul 2018
scream

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers

HPE servers running unpatched enterprise software are trivially easy to exploit with just one line of code, it has emerged. The script kiddie-friendly attack route dumbs down exploitation of a severe vulnerability dating from last year which stemmed from coding flaws in HPE's Integrated Lights-Out 4 (iLO 4), a tool for …
John Leyden, 11 Jul 2018
airplane

Thomas Cook website spills personal info – and it's fine with that

Holidaymakers who used Thomas Cook Airlines had their personal information spilled onto the internet no thanks to basic coding cockups. Norwegian programmer Roy Solberg came across an enumeration bug that leaked the full name of all travelers on a booking, the email addresses used, and flight details from Thomas Cook Airlines …
John Leyden, 10 Jul 2018

Insurers hurl sueball at Trustwave over 2008 Heartland megabreach

Security services firm Trustwave has been sued by insurers in America over the 2008 hacking of US payment processing biz Heartland. Lexington Insurance Company and Beazley Insurance Company allege Trustwave was "negligent" in failing to detect a SQLi attack, suspicious network activity, and malware associated with Heartland's …
John Leyden, 10 Jul 2018
spying

Evil third-party screens on smartphones are able to see all that you poke

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research. Boffins from Ben-Gurion University in Israel have shown it's possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they're sending emails, conducting …
John Leyden, 10 Jul 2018
Yellow land crab

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

Miscreants have developed the first strain of ransomware worm capable of infecting legacy systems, such as Windows XP and 2003. The infamous WannaCry outbreak, which severely affected the UK's NHS, showed just how much damage ransomware can do. ransomware 74 countries hit by NSA-powered WannaCrypt ransomware backdoor: …
John Leyden, 9 Jul 2018
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

Updated Police suspect that high-tech thieves may have hacked into a Detroit petrol station before stealing about 600 US gallons (+-2,300 litres) of fuel. Fox News affiliate WJBK reported that the clerk was unable to shut off a pump that dispensed free fuel for 90 minutes. Ten vehicles took advantage of the security hole to fuel up …
John Leyden, 9 Jul 2018
Making up

OK, so they sometimes push out insecure stuff, but software devs need our love and respect

AppSec EU Open Web Application Security Project (OWASP) chairman Martin Knobloch wants security people and businesses to give developers respect and love rather than slating their work. The affable and knowledgeable German also wants to refocus the industry to talking about risk – a concept already embraced in other areas, such as …
John Leyden, 7 Jul 2018
Coal miners

Japanese cryptominer slapped with suspended sentence

A Japanese man has received a suspended sentence for using a cryptominer in a failed attempt to turn an illicit profit. Masato Yasuda, 24, was told he'd be jailed for a year if he reoffended in the next three years over a scam that earned him just £34. The case is thought be the first criminal prosecution over so-called …
John Leyden, 6 Jul 2018
coders

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

AppSec EU IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …
John Leyden, 5 Jul 2018
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Windows 10's defences are pretty robust these days, so of course folk are trying to break them

Hackers have been experimenting with a newly discovered technique to commandeer Windows 10 boxes. The approach, revealed at the start of June, relies on abusing Windows Settings files (.SettingContent-ms), an XML file type introduced in Windows 10. The technology allows users to create "shortcuts" to various Windows settings …
John Leyden, 5 Jul 2018
IDF

Cyber boffins drill into World Cup cyber honeypot used to cyber lure Israeli soldiers

Security researchers have unpicked mobile apps and spyware that infected the mobile devices of Israeli military personnel in a targeted campaign which the state has claimed Hamas was behind. Earlier this week, Israeli military security officials revealed that hackers whom they claim were Hamas-affiliated* had installed spyware …
John Leyden, 5 Jul 2018

Biting the hand that feeds IT © 1998–2018