John Leyden

Contact Mail Follow Twitter RSS feed

Why waste away in a cubicle when you could be a goddamn infosec neuromancer on £50k*?

The UK government is expanding a programme that aims to get more Brits to consider careers in information security. The Cyber Skills Immediate Impact Fund (CSIIF) pilot, launched in February 2018, resulted in the selection of seven schemes that intend to increase diversity and widen the net in recruiting for the field. The …
John Leyden, 19 Sep 2018

Oh Smeg! Hacked white goods maker resurfaces after system shutdown

The Brit limb of unfortunately named and reassuringly expensive domestic appliance maker Smeg is up on its feet again after being hacked. The firm said yesterday it was "back up and running" after an "unfortunate cyber attack" that hit Wednesday 12 September. Important notice for Smeg UK customers: pic.twitter.com/XbBfWuZGHz …
John Leyden, 18 Sep 2018
couple watches tv.

TV Licensing admits: We directed 25,000 people to send their bank details in the clear

The UK's TV Licensing agency has admitted that 25,000 viewers were induced into sending their bank details over an insecure connection. tv television cable cableco entertainment netflix hbo HTTPS crypto-shame: TV Licensing website pulled offline READ MORE The organisation ran transactional pages for bank debits through an …
John Leyden, 18 Sep 2018
Composite image. Image by Syda Productions https://www.shutterstock.com/g/Syda+Productions

Check out this link! It's not like it'll crash your iPhone or anything (Hint: Of course it will)

Apple iPhones, iPads, and Mac computers that stray onto websites with malicious CSS code, while using Safari, can crash or fall over – due to a flaw in the web browser. The WebKit rendering engine vulnerability can be triggered by just a few lines of code in a cascading style sheet (CSS). On iOS devices, at least, it all …
John Leyden, 17 Sep 2018
Suitcases

Brit airport pulls flight info system offline after attack by 'online crims'

Bristol Airport deliberately yanked its flight screens offline for two days over the weekend in response to a cyberattack. Techies took down computer-based flight information systems at the airport in provincial England between Friday morning and the wee hours of Sunday morning. The electronic screens were replaced by …
John Leyden, 17 Sep 2018
university students hanging out

Who's hacking into UK unis? Spies, research-nickers... or rival gamers living in res hall?

Who's hacking into university systems? Here's a clue from the UK higher education tech crew at Jisc: the attacks drop dramatically during summer break. A new study from Jisc (formerly the Joint Information Systems Committee) has suggested that rather than state-backed baddies or common criminals looking to siphon off academic …
John Leyden, 17 Sep 2018
Sceptic wears an incredulous expression, scrunches eyes

Veeam holds its hands up, admits database leak was plain 'complacency'

Veeam has blamed "human error" for the exposure of a marketing database containing millions of names and email addresses. The unencrypted MongoDB resource was left open for anyone to view after a migration between different AWS systems, Peter McKay, co-CEO and president at Veeam, told The Register. The resource – which wasn't …
John Leyden, 14 Sep 2018
three execs worried in office

Kernel sanders: Webroot vuln creates route to root Macs

Details of a locally exploitable but kernel-level flaw in Webroot's SecureAnywhere macOS security software were revealed yesterday, months after the bug was patched. panic Webroot antivirus goes bananas, starts trashing Windows system files READ MORE The fact that the memory corruption bug (CVE-2018-16962) is locally …
John Leyden, 14 Sep 2018

You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it

Video If you can steal someone's laptop, leave it switched on in sleep mode, crack it open, hook up some electronics to alter settings in the BIOS firmware, restart it, and boot into a custom program... you can swipe crypto keys and other secrets from the system. When computers are restarted, the motherboard firmware can wipe the …
John Leyden, 14 Sep 2018
Man vs paperwork. Paper-pusher loses control. Photo by Shutterstock

Back up a minute: Veeam database config snafu exposed millions of customer records

A misconfigured server at data recovery and backup firm Veeam exposed millions of email addresses. Close up of tangled tape Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum READ MORE Security researcher Bob Diachenko discovered the 200GB cache of email addresses, names and …
John Leyden, 12 Sep 2018
Photo by Kaspars Grinvalds / Shutterstock

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Video Boffins have sprung the bonnet on the weak crypto used in the keyless entry system in Tesla's Model S car. Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive …
John Leyden, 12 Sep 2018

Law firm seeking leak victims to launch £500m suit at British Airways

British Airways faces a £500m lawsuit over its recent mega-breach that exposed payment card details of 380,000 customers. The airliner last week apologised and offered to compensate customers for any direct financial loss for the attack that took place between 21 August and 5 September via its website and app. However, an …
John Leyden, 11 Sep 2018
British Airways website

British Airways hack: Infosec experts finger third-party scripts on payment pages

Security experts are debating the cause of the British Airways mega-breach, with external scripts on its payment systems emerging as a prime suspect in the hack. Why infosec folk think it was the payment system Although BA hasn't disclosed the root of the breach, the unusual precision it ascribed to the hack's duration …
John Leyden, 11 Sep 2018
wifi

Register-Orbi-damned: Netgear account order irks infosec bods

Netgear has irked some security pros by demanding people register accounts before they can use a mobile app to control their Orbi mesh routers. Thus, you'll need a Netgear customer account to manage your network infrastructure, thereby "advertising to hackers everywhere that there’s a nice little honeypot on their servers, …
John Leyden, 10 Sep 2018
Monty Python's Terry Gilliam as the nude organist in Monty Python's Flying Circus

Sextortion scum armed with leaked credentials are persistent pests

Persistence pays off for crooks when it comes to sextortion-based phishing scams, research into its effectiveness suggests. One variant bombards prospective marks with threats to release non-existent footage of them watching smut unless they give in to demands. Cleverly, these threats are lent an air of authenticity by using …
John Leyden, 10 Sep 2018
THAT sand penis on BA.com. Just to the left of the L in 'Last minute deals'

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Exclusive Just weeks before being hacked in late August, British Airways' parent IAG was planning to outsource its cybersecurity to IBM, admitting it needed a "group-wide strategic and proactive approach" to counter threats. The memo in full Subject: Group IT Cyber Security Update From: John Hamilton Sent: 01 August 2018 13:56 All …
John Leyden, 7 Sep 2018
Archer cracks the ISIS mainframe's password

Vodafone hounds Czech customers for bills after they were brute-forced with Voda-issued PINs

Two crooks scammed Vodafone customers in the Czech Republic out of $26,000 thanks to weak telco-issued PIN codes. Vodafone preset the online passwords for their customers with a numerical password of 4-6 digits. A pair of chancers with no technical skills were able to launch a brute-force attack that reportedly involved trying …
John Leyden, 7 Sep 2018
Dissident walking away from burning vehicle

It looks like tech-savvy drivers will have to lead connected car data purge

The privacy issues thrown up by connected cars don't seem to be going anywhere soon. Drivers of cars from BMW, Jaguar Land Rover and Mercedes-Benz have reported that previous owners retain unfettered access to the data and controls of connected cars after resale. The problem is international and extends to hire cars due to …
John Leyden, 7 Sep 2018
tv television cable cableco entertainment netflix hbo

HTTPS crypto-shame: TV Licensing website pulled offline

The UK's TV Licensing agency has taken its website offline "as a precaution" after being blasted for running transactional pages that were not sent over HTTPS. The publicly funded outfit had been criticised for inviting folk to submit sensitive data over unencrypted links. Just a few hours after proclaiming "we will soon …
John Leyden, 6 Sep 2018
computer

Premera Blue Cross hacker victims claim insurer trashed server to hide data-slurp clues

Health-insurance biz Premera Blue Cross has been accused of deliberately knackering one of its computers to cover up details of a cyber-break-in. The organization denies any wrongdoing. The allegation was leveled last week against Premera, and is the latest twist in a long-running class-action lawsuit filed by the insurer's …
John Leyden, 6 Sep 2018
Pinky and the Brain

Silence! Cybercrime's Pinky and the Brain have nicked $800k off banks

A pair of cybercrooks who may have started out as legit infosec pros have expanded their operations outside Russia and begun attacking banks across the world. "Silence is an example of a mobile, small, and young group that has been progressing rapidly," Group-IB said, adding that the cybercrime group has shown signs of …
John Leyden, 5 Sep 2018
phishing

Cybercrooks home in on infosec's weakest link – you poor gullible people

Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 …
John Leyden, 5 Sep 2018
printer

Thousands of misconfigured 3D printers on interwebz run risk of sabotage

Internet-connected 3D printers are at risk of being tampered with or even sabotaged because users fail to apply security controls, a researcher has warned. Xavier Mertens, a senior handler for the SANS Internet Storm Center (ISC) and freelance cybersecurity consultant, found more than 3,700 3D printers directly connected to …
John Leyden, 4 Sep 2018
Child in shock in front of computer. Photo by Shutterstock

Excuse me, but your website's source code appears to be showing

An internet-wide scan on 230 million domains found 390,000 exposed source code directories. The results, obtained by security researcher Vladimír Smitka, are a problem because access to the .git folder within the file versions repository contains a lot of information about the website's structure or worse. "Sometimes you can …
John Leyden, 4 Sep 2018
scam

Google cracks down on dodgy tech support ads

Google has placed restrictions on tech support ads after admitting it's increasingly hard to tell promos for legit services from deceptions. Tech support scams come via either cold calls to unsuspecting users or bogus web pages showing made-up, fake alert messages usually about dummy virus infections. Cold-callers posing as …
John Leyden, 3 Sep 2018

Biting the hand that feeds IT © 1998–2018