Guardian newspaper columnist [Dawn Foster](https://twitter.com/DawnHFoster) posted images on Twitter this weekend showing how she was able to login to the official Conservative party conference app as Boris Johnson, until recently the UK Foreign Secretary. Not only was there no password required to login to the app, all that was required was an email address, but once in all the details of user registration were accessible. So, in the case of Alexander Boris de Pfeffel Johnson (yes, that is his real name) that meant contact details such as his mobile phone number. It also meant that the logged in user could …

Member Avatar
Member Avatar
+0 forum 6

I've been writing about various security risks in the health sector for many years now. Usually my articles cover patient privacy, data protection and health provider network insecurity issues. Occasionally, they spill over into darker territory where the cyber risk morphs into a very real one as far as the health of the patient is concerned. Take my story at SC Magazine a couple of years ago which reported how researchers at Rapid7 had uncovered vulnerabilities in an insulin pump that had the potential to change the dosage supplied. Sure, the actual risk of exploit was low given that an …

Member Avatar
Member Avatar
+1 forum 1

Following the recent ransomware attacks that leveraged the WannaCrypt0r malware and NSA-developed EternalBlue vulnerability exploit, there was [plenty of advice](https://happygeek.com/?p=812) that backup, backup, backup was the best mitigation. Data backups are, of course, an important part of any business continuity strategy. However, what happens when your backups are also encrypted by ransomware? There are variants out there, in the wild, that will target shared network drives, that will use cloud backup desktop sync clients to encrypt that data as well. There are variants that will not declare themselves and post the ransom demands until they have been successfully encrypting backups …

Member Avatar
Member Avatar
+0 forum 7

The UK's National Crime Agency (NCA) has said that it has dealt a "major blow to dark web markets." In a [statement](http://www.nationalcrimeagency.gov.uk/news/news-listings/483-international-law-enforcement-deals-major-blow-to-dark-web-markets) issued on the 7th November the NCA says that a coordinated operation between law enforcement agencies in Europe and the US has "targeted market places for illegal commodities on the dark web" and as part of this six people in the UK were arrested. Amongst those arrested in strikes closely coordinated with international partners in the US were the suspected administrators of Silk Road 2.0, the Tor accessed drugs and firearms market place. The NCA statement also claims …

Member Avatar
Member Avatar
+1 forum 7

Although it took eBay itself an absolute age to disclose that a serious breach had taken place, and then [completely screwed up the process of ensuring users change their passwords](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/479152/more-ebay-security-stupidity-exposed), this should come as no real surprise. Happygeeks' Law states: the larger the corporate, the longer it takes to admit anything and the bigger the chance it will handle it badly. What is surprising is that it has taken so long for the stolen database of user credentials to go up for sale on the dark market. If you consider that the breach itself happened a couple of months ago, …

Member Avatar
Member Avatar
+1 forum 4

The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach …

Member Avatar
Member Avatar
+1 forum 2

My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the …

Member Avatar
Member Avatar
+3 forum 5

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of [a zero day exploit kit by the name of Angler](http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html). The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release. There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player …

Member Avatar
Member Avatar
+1 forum 8

A couple of decades ago, in another life, I wrote a little script which would capture keystrokes and then store that data within the 'white space' of an image file. It was pretty crude, but it was also twenty years ago and to be honest nobody was really looking for stuff which was effectively hidden in plain sight that way. That way being the use of something called steganography, from the Greek steganos which means covered and graphie which means writing; so literally covered writing. I used it to good effect during my period as an explorer of networks belonging …

Member Avatar
Member Avatar
+3 forum 1

Chinese computer manufacturer [Lenovo has admitted](http://support.lenovo.com/us/en/product_security/superfish) that it installed an adware component called Superfish on 16 million PCs shipped between September 2014 and February 2015 in order to "help customers potentially discover interesting products while shopping" according to an official statement made by the company. Although there is some argument to be had as to the validity of the 'helping customers' idea regarding software which injects third party adverts into Google searches and websites without the explicit permission or knowledge of the user, where there is no debate to be had at all is in the bloody great security hole …

Member Avatar
Member Avatar
+6 forum 7

Ever wondered why the bad guys continue throwing malware in your direction? The obvious answer is the correct one: because they make money from doing it. On Thanksgiving Day, as all others across the year it would seem, they can be thankful for the high profit to be raked in from using readily available malware purchased within the dark market. Kaspersky Lab researchers have been doing the math, and their figures suggest that when comparing the cost of the most common hacker tools with the cold cash stolen using them the profit is around 20 times greater than the outlay. …

Member Avatar
+2 forum 0

You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal. Cross-Site Request Forgery (CSRF) is an attack mode that forces the end user to execute an unwanted action on a web application in which they are currently authenticated. Cross-Site Scripting (XSS) involves the insertion of malicious code into webpages in order to manipulate website visitors. …

Member Avatar
Member Avatar
+3 forum 5

So, today is '[World Paper Free Day](http://www.aiim.org/events/paper-free-day)' apparently and I'm not sure whether it's appropriate to buy a card in the circumstances. Joking aside, what I am sure of is that such Hallmark days do provide an opportunity for press releases to be thrown in my general direction. And so it was that yesterday one pops into my inbox proclaiming "Paper revealed as the top threat to information security." What rot! Before even reading a word of the release itself I knew that it was going to be rubbish that, if it were on paper, I would screw into a …

Member Avatar
Member Avatar
+1 forum 1

At the start of the year, [DaniWeb reported](https://www.daniweb.com/internet-marketing/social-media-and-communities/news/470719/snapchat-plays-blame-game-after-hack) how Snapchat, the self-destruct photo messaging service, had been hacked and information regarding 4.5 million users had been stolen. Fast forward to now, and Snapchat is again in the mire: nude images have started to appear on 4chan which have been stolen from Snapchat accounts. According to new [reports](http://venturebeat.com/2014/10/10/snapchat-responds-to-nude-photo-hack-passes-blame-to-users/) images from 200,000 Snapchat accounts have been stolen and are now starting to appear online. Snapchat itself denies that its own servers have been breached, however it does confirm that accounts have been hacked. This rather confusing admission would appear to be due …

Member Avatar
Member Avatar
+1 forum 4

Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being advised to check if their accounts had been compromised, change their passwords etc. Trouble is, there appears to be absolutely no actual evidence that Gmail has been hacked at all, and plenty to suggest that this credentials list is just another composite; constructed with passwords taken from lists already published …

Member Avatar
Member Avatar
+2 forum 7

Some interesting [research](http://www.proofpoint.com/threatinsight/posts/phishing-in-europe.php) from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter. It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the …

Member Avatar
+1 forum 0

So, a bunch of US financial institutes have been hacked. Nothing new there, if we are being brutally honest. The newsworthyness in this particular case comes courtesy of one of those organisations apparently being none other than JP Morgan Chase. USA Today reported yesterday that a federal law enforcement official had told the media outlet, unofficially, that Russian hackers were behind the series of breaches which resulted in the loss of "sensitive data." JP Morgan Chase did not confirmed the accuracy of the report, but a spokesperson did tell USA Today that it uses "multiple layers of defense to counteract …

Member Avatar
+1 forum 0

SuperValu has confirmed that is has, indeed, suffered a data breach. The supermarket company [stated](http://www.supervalu.com/security.html) that what it calls a "criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores" may have resulted in "the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores." If you thought that was a bit of …

Member Avatar
+1 forum 0

It seems like forever, but actually it was only the end of last year that we were [writing about CryptoLocker](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/470427/cryptolocker-250k-infections-in-100-days-nets-300000-or-does-it) which had pretty much redefined the ransomware landscape. Now this particular threat market is morphing again with the discovery of onion crypto ransomware. Also known as Critroni, and CTB-Locker for what it's worth, the ransomware has been openly available (if you'll excuse the contradiction) on the underweb dark market for a few weeks now. However, this last week it has emerged in the wild being dropped by something called the Angler exploit kit. So why is this such a change …

Member Avatar
Member Avatar
+1 forum 2

Following on from the news that an eBay password database has been compromised, and universal advice from security experts that users should now change their passwords, one thing has been loud clear: the total lack of that password change requirement from eBay. Sign into eBay and there is nothing to say stop, change your password. There has been no email sent to registered users urging them to make the change. In fact the only I've read of it have come from news stories in which they state that eBay are 'urging users to change their passwords' but truth be told …

Member Avatar
Member Avatar
+1 forum 13

Today is another of those 'Hallmark' IT security days; in the case of Tuesday the 11th of February 2014 that means 'Safer Internet Day'. I'm not going to start yet another rant about the pointlessness of this, and why every day should be Safer Internet Day. If you want to know my feelings, go and take a look at what I said in my article '[Data Privacy Day sucks elephants through a straw, and here's why...](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/472024/data-privacy-day-sucks-elephants-through-a-straw-and-heres-why)' a couple of weeks ago. Instead, I'm going to concentrate on just what those of us who are in the business of trying to …

Member Avatar
Member Avatar
+0 forum 2

Apparently it's Data Privacy Day tomorrow (January 28th) which, if you will allow me to quote the [Stay Safe Online](https://www.staysafeonline.org/data-privacy-day/about) website blurb, is an "international effort to empower and educate people to protect their privacy and control their digital footprint". Given the Edward Snowden NSA spying revelations that broke during the course of last year, and the fallout from the recent Adobe and Target breaches which is ongoing, I don't happen to follow the flock and agree that Data Privacy Day is a timely and important event. More quotes from Stay Safe Online simply fuel my anger on the subject: …

Member Avatar
Member Avatar
+3 forum 3

According to Dell SecureWorks Counter Threat Unit (CTU) security researcher [Keith Jarvis](http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/), the CryptoLocker ransomware that has been written about so much of late has infected as many as 250,000 computers during the first 100 days of distribution (staring on the 5th of September, 2013). What's more, Jarvis estimates, based upon independent research, that owners of at least 0.4% of the infected machines will have paid the ransom demanded in order to unlock their data. Some pretty simple maths says that the $300 ransom multiplied by 1000 users equals a net haul of $300,000. Right? Well, maybe not. Although it …

Member Avatar
+2 forum 0

US retail giant Target [has confirmed](http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores) that hackers gained access to payment card data that could mean 40 million credit and debit card accounts are at risk. An official statement says that the retailer is "aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores" and is now working with law enforcement and financial institutions having "identified and resolved the issue". The accounts in question were targeted, no excuse for the pun, between November 27th and December 15th in order to hit the increasingly busy seasonal …

Member Avatar
Member Avatar
+3 forum 2

According to a [report](http://www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf) from researchers at US security outfit FireEye, a number of computers belonging to diplomats attending the G20 summit in Russia three months ago, including at least five European foreign ministries, were successfully targeted by Chinese hackers. FireEye researchers had monitored a server, one of 23, used by the Ke3chang group in August. This enabled them to observe the malware in action, although FireEye says no data was stolen as far as they were aware during this period of observation. Naturally the security firm contacted the relevant authorities as soon as it realised what was underway. The …

Member Avatar
+1 forum 0

Exploit-based attacks are on the up (1), the majority of IT security professionals aren't sure if they can detect attackers attempting to breach the network (2), and 65% of companies let the tech support department give security training to staff. I would suggest, in order to make some sense of all of this, that you 'Go Hebrew'. By which I mean, in case you were wondering, read it from right to left. Starting at the end and working backwards provides a clue as to what is going wrong: lack of properly considered education leads to a lack of confidence in …

Member Avatar
Member Avatar
+0 forum 2

Small groups of what are best described as cyber-mercenaries, willing and able to perform surgically precise hit and run hacking operations, are offering their services for hire out of China, Japan and South Korea. That's the conclusion of security researchers at [Kaspersky Lab](http://www.kaspersky.co.uk/) who have been following the progress of a newly discovered espionage campaign, known as Icefog and targeting the supply chain in South Korea and Japan which feeds companies in the West. Icefog is an APT, or Advanced Persistent Threat, and in the words of the Kaspersky Lab [report](http://www.securelist.com/en/blog/208214064/The_Icefog_APT_A_Tale_of_Cloak_and_Three_Daggers) a "small yet energetic" one. Although it appears to …

Member Avatar
Member Avatar
+1 forum 1

A Freedom of Information request from staff at the UK offices of the Huffington Post has revealed, according to a BBC report on the story, that more than 300,000 attempts were made to access pornographic websites from the Houses of Parliament during the last 12 months. Of course, just looking at the headlines or even the figures quoted in the stories that follow them doesn't always reveal the bigger picture. Often, sadly, all you are left with is something of a blank canvas. The original Huffington Post [story](http://www.huffingtonpost.co.uk/2013/09/03/parliament-porn-websites_n_3859837.html?utm_hp_ref=uk) reported how authorities had "acknowledged that users of the Parliamentary Network servers, …

Member Avatar
Member Avatar
+2 forum 5

UK home shopping pioneers Lakeland have sent an email to all customers past and present to warn them that the retailers website has been hacked. What Managing Director Sam Rayner calls a "sophisticated and sustained attack" took place late on Friday 19th July. Measures were taken at the time to block that attack and repair the system, however the ongoing investigation has revealed that two encrypted databases were compromised. In that email to customers, Rayner states that the company has been "unable to find any evidence that the data has been stolen" but nonetheless has taken immediate action to delete …

Member Avatar
Member Avatar
+1 forum 1

Users of online banking services are at risk from a new 'in the wild' Trojan, Hesperbot, which has been discovered by the ESET malware research lab. Researchers have found that infections of users in Turkey are currently most rife, with users in the Czech Republic, Portugal, Thailand and the United Kingdom also falling victim along with smatterings elsewhere. Victims in the Czech Republic, so it would seem, have been hardest in terms of financial loss with ESET claiming that people hit by Hesperbot in this region have "lost significant amounts of money as a result". Hesperbot is spread using very …

Member Avatar
Member Avatar
+2 forum 1

The End.