John Leyden
Burp Suite
Campo de Salamanca, CL, Spain
Contact John
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by John:
Secure development: New and improved Linux Random Number Generator ready for testing
Proposed replacement for /dev/random promises to double performance and add flexibility → Read More
Making Mr. Robot: Jeff Moss on the push for authenticity in award-winning hacker show
Technical experts ensure security exploits are grounded in reality → Read More
City of York calls in the cops over mobile app breach
Hot fuzz UPDATE (Nov 27; 09:40 UTC) North Yorkshire Police’s Digital Investigation & Intelligence Unit has defended the actions of the security researcher in dismissing the City of York’s data breach report. “We are aware of the York ‘data breach’ but please be reassured we don’t regard this incident as criminal,” it said in an update to its official Twitter account. “We recognise the… → Read More
UK.gov teams up with Five Eyes chums to emit spotters' guide for miscreants' hack tools
The UK's National Cyber Security Centre and its western intel pals have today put out a report spotlighting the most commonly wielded hacking utilities. The study sets out five categories of publicly available hacking tools used by crims, spies and hacktivists worldwide. The list won't come as too much of a surprise to penetration testers but is nonetheless valuable for its intended audience of… → Read More
In the two years since Dyn went dark, what have we learned? Not much, it appears
The majority (72 per cent) of FTSE 100 firms are vulnerable to DNS attacks, nearly two years after the major Dyn outage. A similar three in five of the top 50 companies listed in the Fortune 500 are also ill-prepared for an attack similar to the Mirai botnet-powered assault against Dyn that left much of the web unreachable in late October 2016. A large minority (44 per cent) of the top 25 SaaS… → Read More
Mozilla grants distrusted Symantec certs a stay of execution, claims many sites yet to make switch
Delay 'in the overall best interest' of Firefox users → Read More
China's clampdown on Tor pushes its hackers into foreign backyards
Comparing Middle Kingdom's hacker forums to Russia's? Apples and pears → Read More
Worker perks flinger Sodexo pulls Engage website after malware smackdown
Employee benefits firm Sodexo has suffered a data breach exposing personal info believed to include names, email addresses and home addresses after its UK Engage unit’s internal IT systems were hit by malware. In the wake of the breach, Sodexo pulled Engage's staff-facing retail discount and perks website lifestylehub.co.uk offline "after receiving some reports that users of this platform have… → Read More
Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites
Customer ratings plugin treated to a malicious rewrite to swipe entered banking info → Read More
It's a cert: Hundreds of big sites still unprepared for starring role in that Chrome 70's show
Hundreds of high-profile websites are still unprepared for the total disavowal of legacy Symantec-issued digital certificates that will kick in with the release of Chrome 70 next week. Chrome 70, out on 16 October, will no longer recognise Symantec-issued certificates including legacy-branded Equifax, GeoTrust, RapidSSL, Thawte and VeriSign. Next week's deadline completes a withdrawal of support… → Read More
Which? That smart home camera? The one with the vulns? Really?
Security experts confounded by consumer org's assessment → Read More
Dutch cheesed off with Russians, expel four suspects over chemical weapons Wi-Fi spying
Russia hits back: Do not 'swallow these provocations' → Read More
UK pins 'reckless campaign of cyber attacks' on Russian military intelligence
The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government's National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia was breaking international norms… → Read More
Sendgrid blurts out OWN customers' email addresses with no help from hackers
Along came some spiders and saw the unsubscribers... → Read More
VirusTotal slips on biz suit, says Google's daddy will help the search for nasties
Alphabet-owned VT upgraded for corporate threat hunters → Read More
Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)
A UEFI rootkit, believed to have been built by Kremlin spies from an anti-thief software program to snoop on European governments, has been publicly picked apart by researchers. A rootkit is a piece of software that hides itself on computer systems, and uses its root or administrator-level privileges to steal and alter documents, spy on users, and cause other mischief and headaches. A UEFI… → Read More
Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is 'insecure'
Researchers check bootstrap enrolment tech, suck teeth, whistle → Read More
Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'
A Linux kernel vulnerability that can only be exploited locally is nonetheless proving a bit of a nuisance. It's a classic local privilege escalation bug, dubbed CVE-2018-14634, and lets an intruder or logged-in rogue user obtain root-level control over the machine. Eggheads at cloud security biz Qualys discovered the programming blunder, which stems from an integer overflow in the open-source… → Read More
Can't read my, can't read my... broker face: Premium Credit back online a week after cyber attack
UK-based insurance services firm Premium Credit has hauled itself back online following a malware-based attack that struck the business more than a week ago. Premium Credit underwrites insurance premiums for a network of brokers, business and personal customers and has 400 staffers across the UK and Ireland. In a statement on its website yesterday that accompanied its return after nine days… → Read More
Open-source software supply chain vulns have doubled in 12 months
Use of vulnerable open source components has doubled over the last year despite their role in the high profile Equifax mega-breach. Sonatype’s fourth annual Software Supply Chain Report, published on Tuesday (available here, registration required), revealed a 120 per cent rise in the use of vulnerable open source components over the last 12 months. Miscreants have even started to inject (or… → Read More