John Leyden

Contact Mail Follow Twitter RSS feed
scream

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers

HPE servers running unpatched enterprise software are trivially easy to exploit with just one line of code, it has emerged. The script kiddie-friendly attack route dumbs down exploitation of a severe vulnerability dating from last year which stemmed from coding flaws in HPE's Integrated Lights-Out 4 (iLO 4), a tool for …
John Leyden, 11 Jul 2018
airplane

Thomas Cook website spills personal info – and it's fine with that

Holidaymakers who used Thomas Cook Airlines had their personal information spilled onto the internet no thanks to basic coding cockups. Norwegian programmer Roy Solberg came across an enumeration bug that leaked the full name of all travelers on a booking, the email addresses used, and flight details from Thomas Cook Airlines …
John Leyden, 10 Jul 2018

Insurers hurl sueball at Trustwave over 2008 Heartland megabreach

Security services firm Trustwave has been sued by insurers in America over the 2008 hacking of US payment processing biz Heartland. Lexington Insurance Company and Beazley Insurance Company allege Trustwave was "negligent" in failing to detect a SQLi attack, suspicious network activity, and malware associated with Heartland's …
John Leyden, 10 Jul 2018
spying

Evil third-party screens on smartphones are able to see all that you poke

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research. Boffins from Ben-Gurion University in Israel have shown it's possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they're sending emails, conducting …
John Leyden, 10 Jul 2018
Yellow land crab

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

Miscreants have developed the first strain of ransomware worm capable of infecting legacy systems, such as Windows XP and 2003. The infamous WannaCry outbreak, which severely affected the UK's NHS, showed just how much damage ransomware can do. ransomware 74 countries hit by NSA-powered WannaCrypt ransomware backdoor: …
John Leyden, 9 Jul 2018
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

Updated Police suspect that high-tech thieves may have hacked into a Detroit petrol station before stealing about 600 US gallons (+-2,300 litres) of fuel. Fox News affiliate WJBK reported that the clerk was unable to shut off a pump that dispensed free fuel for 90 minutes. Ten vehicles took advantage of the security hole to fuel up …
John Leyden, 9 Jul 2018
Making up

OK, so they sometimes push out insecure stuff, but software devs need our love and respect

AppSec EU Open Web Application Security Project (OWASP) chairman Martin Knobloch wants security people and businesses to give developers respect and love rather than slating their work. The affable and knowledgeable German also wants to refocus the industry to talking about risk – a concept already embraced in other areas, such as …
John Leyden, 7 Jul 2018
Coal miners

Japanese cryptominer slapped with suspended sentence

A Japanese man has received a suspended sentence for using a cryptominer in a failed attempt to turn an illicit profit. Masato Yasuda, 24, was told he'd be jailed for a year if he reoffended in the next three years over a scam that earned him just £34. The case is thought be the first criminal prosecution over so-called …
John Leyden, 6 Jul 2018
coders

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

AppSec EU IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …
John Leyden, 5 Jul 2018
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Windows 10's defences are pretty robust these days, so of course folk are trying to break them

Hackers have been experimenting with a newly discovered technique to commandeer Windows 10 boxes. The approach, revealed at the start of June, relies on abusing Windows Settings files (.SettingContent-ms), an XML file type introduced in Windows 10. The technology allows users to create "shortcuts" to various Windows settings …
John Leyden, 5 Jul 2018
IDF

Cyber boffins drill into World Cup cyber honeypot used to cyber lure Israeli soldiers

Security researchers have unpicked mobile apps and spyware that infected the mobile devices of Israeli military personnel in a targeted campaign which the state has claimed Hamas was behind. Earlier this week, Israeli military security officials revealed that hackers whom they claim were Hamas-affiliated* had installed spyware …
John Leyden, 5 Jul 2018
Nerd thinking, image via Shutterstock

Things that make you go hmmm: Do crypto key servers violate GDPR?

Cryptographic key servers are in "direct violation" of the EU's General Data Protection Regulation, a software developer has claimed. Michael Drahony (AKA yakamok) has written a program (on GitHub) designed to highlight the potential compliance issues posed by use of PGP as an email encryption utility. "Currently you cannot …
John Leyden, 5 Jul 2018
Clinton/Gore 1992 Buscapade campaign tour in Athens, Texas. Pic by Joseph Sohm/Shutterstock

Bill Clinton's cyber-attack novel: The airport haxploit-blockbuster you knew it would be

Book review The Register has read the The President Is Missing by Bill Clinton and James Patterson so you don't have to. Don't say we never do anything for you... Bill Clinton’s foray into co-authoring a novel is an awkward hybrid of cyber thriller and reflections on the loneliness and responsibility of high political office. The …
John Leyden, 4 Jul 2018
Chris Roberts at Cyber Week (photo: John Leyden)

'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!

Interview "Plane Hacker" Chris Roberts has called for countries to pressure manufacturers into improving the lamentable state of transportation security. Cars are turning into computers on wheels and airplanes have become flying data centres, but this increase in power and connectivity has largely happened without designing in adequate …
John Leyden, 4 Jul 2018
Oh no, photo via Shutterstock

Google Chrome update to label HTTP-only sites insecure within WEEKS

A looming deadline – now less than three weeks away – means that Google Chrome users who visit unencrypted websites will be confronted with warnings. Game of Thrones septa ringing bell of shame From July, Chrome will name and shame insecure HTTP websites READ MORE The changes will come for surfers once Chrome 68 stable …
John Leyden, 3 Jul 2018
Hand pulls on a latex rubber glove (disposable). Photo by shutterstock

Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

Clean-up efforts to respond to the VPNFilter malware have accelerated with the release of a free check-up tool. Even though the utility from Symantec only looks to see if traffic has been manipulated, rather than confirming an infection, third-party experts have nonetheless welcomed its release. VPNFilter, discovered by …
John Leyden, 2 Jul 2018
phone burn

And that's now all three LTE protocol layers with annoying security flaws

Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves. The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower's radio cell …
John Leyden, 29 Jun 2018

Adidas US breach may have exposed millions of customers' personal info

Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial …
John Leyden, 29 Jun 2018
Musician Lotte on stage in Germany

Startup bank Monzo: We warned Ticketmaster months ago of site fraud

Online bank Monzo said it warned Ticketmaster that something weird was going on in early April, two months before the ticket-slinging giant revealed its payment pages had been hacked. Monzo detected an abnormal number of customers who had both bought tickets from Ticketmaster since December and had fraudulent activity on their …
John Leyden, 28 Jun 2018
Doctors run to save patient. Photo by Shutterstock

NHS systems fell offline for 1,300+ hours over 36 months, cyber-nasties fingered – FoI study

NHS trusts across England experienced more than 1,300 hours of downtime in the last three years, according to results from Freedom of Information (FoI) requests. Nearly a third of the trusts (25 out of 80) that responded to an FoI request from Intercity Technology admitted they had experienced outages across their IT systems …
John Leyden, 28 Jun 2018
Someone playing an instrument

Ticketmaster gatecrash: Gig revelers' personal, payment info glimpsed by support site malware

Updated Ticketmaster UK has warned punters that malware infected one of its customer support systems – and may have siphoned off their personal information and payment details. Anyone in Britain who bought, or tried to buy, a ticket from the biz between February and June 23 this year, and international customers who purchased, or …
John Leyden, 27 Jun 2018
Burning money

A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod

Today (27 June) marks the first anniversary since the NotPetya ransomware ravaged a range of businesses from shipping ports and supermarkets to ad agencies and law firms. Once in a system, the code sought to encrypt files and destroyed master boot records, leaving infected Windows machines useless. The malware spread using the …
John Leyden, 27 Jun 2018
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA3 is the magic number? Protocol refresh promises tighter Wi-Fi security

The Wi-Fi Alliance has taken the wraps off the latest generation of Wi-Fi security, WPA3. Delivered on Monday, the security protocol brings new and improved authentication and encryption to wireless networks. Both home and enterprise networks stand to benefit from the upgrade. The revamp includes Simultaneous Authentication …
John Leyden, 26 Jun 2018
Dirty men's underwear

Israel cyber chief's 'pants' analogy for password security deemed, well, 'pants'

Israel's newly appointed cyber chief has raised eyebrows by offering questionable password advice during a high-profile presentation. Yigal Unna, Director General, Israel National Cyber Directorate, joked that passwords should be treated like underpants: changed often and never shared. His point was contained in a slide …
John Leyden, 26 Jun 2018
Electronic Trojan horse

'No questions asked' Windows code cert slingers 'fuel trade' in digitally signed malware

Trusted code-signing certificates are being sold to miscreants by allegedly unscrupulous vendors, fueling a growth in digitally signed Windows malware, a study has claimed. Security researchers at Masaryk University in the Czech Republic, and Maryland Cybersecurity Center (MCC) in the US, identified and monitored four …
John Leyden, 26 Jun 2018

Biting the hand that feeds IT © 1998–2018