Read on Sans PHP injection attacks have become increasingly popular lately. If you look at your web server logs I’m pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities. One of our readers, Blake, managed to capture some [...]

read full post »

Read on Help Net Security In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. These types of threats can copy themselves to any device capable of storing information such as cell phones, external hard drives, DVDs, flash memories and MP3/4 players. [...]

read full post »

Found on Security Week Think you can bust out some silly fresh rhymes on the subjects of hacking, identity theft and computer viruses? In a somewhat untraditional partnership, Snoop Dogg and Symantec’s Norton want you to show off your lyrical skills on the subject of cybercrime and enter the “Hack is Wack” cybercrime rap contest. [...]

read full post »

Found on Help Net Security. You have heard of Black Hat, Defcon, RSA Conference and Info Security, but does the name MalCon ring a bell? Probably not, since the newly started conference on malware is yet to be held for the first time and it’s only in the call-for-papers phase of its existence. But, the [...]

read full post »

Security researchers have disrupted the botnet known as Pushdo, a coup that over the past 48 hours has almost completely choked the torrent of junkmail from the once-prolific spam network. Researchers from the security inteligence firm LastLine said that they identified a total of 30 servers used as Pushdo command and control channels and managed [...]

read full post »

Microsoft Windows and about 40 applications that run on it are vulnerable to remote-code execution attacks that are “trivial” to carry out, a noted security researcher warned Wednesday. The flaw involves the way Windows loads “safe” file types from remote network locations, and is almost identical to one that Apple excised in iTunes last week, [...]

read full post »

It took only a month to compromise some 3,000 private and business accounts with one of the largest financial institutions in the U.K., warns M86 Security in its latest white paper. The criminals were able to leverage vulnerabilities found in the users’ browsers and compromised websites in order to install Eleonore and Phoenix exploit kits [...]

read full post »

A Russian accused of being one of the “most prolific” sellers of stolen credit-card data has been arrested in France, following a nine-month manhunt. Vladislav Anatolievich Horohorin, 27, was taken into custody in Nice, France, as he was attempting to board a flight bound for Moscow, federal prosecutors in Washington said. He is being detained [...]

read full post »

A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices. According to multiple security blogs, the bot compromises websites running outdated versions of phpMyAdmin. By exploiting a vulnerability patched in April, the bot [...]

read full post »

The first text message-based Trojan to infect smartphones running Google’s Android operating system has been detected in the wild. Trojan-SMS.AndroidOS.FakePlayer-A poses as a harmless media player application and has already infected a number of mobile devices, Russian security firm Kaspersky Lab warns. Prospective marks are prompted to install a “media player file” of just over [...]

read full post »