Massive SQL injection attack may affect over a million sites
Security researchers are watching a mass SQL injection attack that is quickly spreading throughout the web, possibly already compromising over one million URLs by Friday afternoon. The attack injects a line of code into compromised sites than will trigger malicious pop-up ads.
Those affected may see a popup appear that informs them that there is malware on their computer and urges them to use a web-based antivirus program called "Windows Stability Center." However, first the victim is asked to pay for the scan, which obviously would do nothing more than install malware on the users computer.
Spam accounts for 124% of email, spammers complain
Editor's Note, April 2, 2011: This was an April Fools gag post
According to a new report released today from Male Bomber LLC, more than one out of every email sent is spam. I knew the number was high, but 124 percent? That's what Male Bomber claims, and the company should know. Male Bomber specializes in targeted spam, working outside the jurisdiction of law enforcement. Well, so the company claims. Executives won't reveal exactly where they operate, and Male Bomber uses sophisticated botnets, rather than its own servers, to dispatch spam.
Adobe patches critical zero-day Flash flaw
Adobe has issued an out-of-cycle patch for its Flash, Reader, and Acrobat applications which it recommends all users upgrade to immediately. The fix will close a security hole in the Authplay component, which allows for the use of Flash within PDF files.
Code to exploit the vulnerability was out in the wild, Adobe has disclosed. It had initially believed that the vulnerability was only being exploited through malformed Flash .swf files within Excel spreadsheets, but it was discovered that attackers could also possibly exploit the vulnerability through holes in the PDF file format.
WOT security browser plug-in now supports Facebook, Twitter links
Web of Trust Services has released a major new update to its free WOT browser plug-in, which provides security and privacy ratings for websites. Past versions of WOT also provided ratings for major search engine results, allowing the user to see a site's rating before attempting to visit it. The latest release extends this functionality to provide ratings for links displayed in Facebook and Twitter, as well as links that have been shortened using services such as bit.ly or t.co.
WOT rates websites for both security and privacy, based on community feedback from millions of WOT users worldwide. These ratings are displayed as clearly visible icons using traffic light colors to help identify safe sites (rated green) from potentially dangerous and hazardous ones (amber or red). The current site's rating is displayed in the browser toolbar. If a site is rated red, access will be temporarily blocked and the user clearly warned that the site in question is considered dangerous. This can be overridden by the user, but provides an additional layer of security by helping to steer users away from malware-infested and fake websites.
Stop malware at the TrafficLight
The web is a dangerous place, packed with all kinds of threats, so it's important to take steps to ensure your browsing security. Browser add-ons aren't always the answer. Many grab too many resources, and either offer too little functionality, or don't work with all the browsers you need -- a real disappointment.
BitDefender's new TrafficLight beta, however, takes a new approach, and the difference is obvious from the moment you install it. The program adds a service to your PC that filters web traffic at the protocol level, so it doesn't show up as an add-on in Internet Explorer or Firefox, or add an extra toolbar to your browser.
Tip: Use CD or USB stick to clean up malware-infected PCs
Everyone should have layered protection when it comes to malware. Unfortunately, different antivirus and antispyware programs aren't designed to sit side-by-side and play nice with each other due to the always-on nature of their protection, but that doesn't mean you can't beef up your security with the help of some free scan-and-remove tools.
The only downside with this approach is that it helps to have these installed before you become infected. The nature of malware is to make it as difficult as possible to install any new software after infection, so what can you do if you've already been infected? If you have access to another, uninfected computer and a blank CD or USB flash drive, then read on for a potential solution.
When one isn't enough, WinMHR uses the knowledge of 30 antivirus engines to protect your PC
No antivirus engine is perfect, even the market leaders will miss the occasional threat, and so installing just one security package could leave you exposed to risks. WinMHR, though, will scan your system and use the collective intelligence of more than 30 antivirus tools to identify malware, which means it's much more likely to detect even the lesser-known dangers.
We launched the program and it scanned the executables for all our running processes, calculating MD5 hashes (digital signatures) for everything it finds. These are then compared with a central Malware Hash Registry, which the authors say is aggregated from over 30 antivirus engines (though they don't name them), and you're alerted to any hits, all in just a few seconds.
Twitter enables "always on" secure connections
With security of our social networks an ever growing concern, being able to connect to these sites securely has become increasingly important to some networks. Twitter is the latest to offer this feature, introducing an "always on" HTTPS connection within the site's settings.
Previously users would access the SSL connection by surfing to the URL directly from the web browser. By checking the "Always use HTTPS" box in settings, Twitter would always connect in this manner.
Google's Android kill switch is a GOOD thing
People get so paranoid about Google! Not that Google or any other large company in this industry is especially loveable, but so-called privacy advocates are especially prone to presume the most evil motives on its part. The latest example is the "Android Kill Switch."
This issue grew out of the discovery of dozens of malicious applications in the Android Marketplace on March 1st. Google removed the apps and went a couple of steps further: The company issued a program to reverse the effects of any infections, triggering the Remote Application Removal Feature.
5 ways to protect your Android phone from malware
As most of you by now know, last week the Android Market, the official store for applications on Android mobile devices, withdrew a number of apps that had been reported as harmful.
Why is Android encountering challenges where the iPhone isn't? Apps available for download on the Android Market aren't screened as stringently as they are on other public stores such as Apple's. The policy is in keeping with Android's open-source operating system, effectively allowing anyone with programming skill to create apps for mobile devices.
Google pwns: Chrome goes untouched at hacking confab
For a third straight year, Google's Chrome browser has gone unhacked at a yearly event aimed at exposing the security flaws of today's modern browsers. The Mountain View, Calif. search company put its money where its mouth was too: last month it offered $20,000 to the first team able to hack the company's browser.
Pwn2Own is part of the CanSecWest security conference, held yearly by HP TippingPoint. Contestants are tasked with hacking each of the major browsers -- Internet Explorer, Firefox, Safari, and Chrome -- and the first teams to do so not only win a $15,000 cash prize but also the computer they hacked the browser on.
ESET SysInspector sniffs out malware but can't kill it
Your PC is unstable, behaving very strangely, and you think there's a good chance that it's been infected by malware. Yet your antivirus software hasn't noticed anything at all. So what do you do now?
ESET SysInspector provides an easy way to begin the detection process. It's portable, so there's no need to install anything -- just download the executable, run it, and SysInspector will examine your system files, startup programs, running processes, network connections and other details, before issuing a report highlighting anything it thinks is suspicious.
Google removes Android malware so you don't have to
Android handsets infected with malware are getting a cleaning job from Google. On March 2nd, Google removed 21 apps from the Android Marketplace that contained malicious code (the number of infected apps is now 58). Now Google is "remotely removing the malicious applications from affected devices" and "pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices," according to a blog post by Rich Cannings, Android security lead.
Whoa. That's scary reassuring: Knowing Google can reach down to Android handsets to swat malicious code and undo its impact and simply that Google can reach down into devices at all. I mean whoa. "This remote application removal feature is one of many security controls the Android team," Cannings writes. Last year he defended the remote removal feature after Google nixed some applications. "This remote removal functionality -- along with Android's unique Application Sandbox and Permissions model, over-the-air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging --provides a powerful security advantage to help protect Android users in our open environment."
I don't see the value in cybersecurity treaties
Bruce Schneier and other very respectable experts think we should be talking treaties with China and others about cyberattacks, even if the treaties are unenforceable. But they're not just unenforceable, they're unverifiable.
Go watch the excellent interview on searchsecurity.com with Bruce Schneier. It's less than 7 minutes. Schneier is a top guy in cryptography and has broader interests and expertise. In his blog he often takes on the real world security measures we all deal with, like surveillance cameras and ID card standards.
Review: Avast! Free Antivirus 6.0 delivers robust protection
Updates to stand-alone antivirus tools generally aren't anything to get excited about. The interface might have changed color, or maybe relocated a few buttons, and of course you'll get the standard promises about improved accuracy, or better performance, but otherwise it's often business as usual.
Avast! Free Antivirus 6.0 is an exception, though, thanks to a host of interesting and highly visible new features: automatic sandboxing, website reputation reporting, improved real-time protection, and many more. And so the end result is a package that looks rather more like a security suite than a simple antivirus engine. But is the new functionality really as effective as it looks? We put the program through some real-life tests in an effort to find out.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.