A new wave of SQL injection attacks is spreading across the Internet, and Sony USA's PlayStation Web site is among the victims.

"Visiting the affected PlayStation site runs a script that pretends to do an online security scan of your computer, and presents a bogus warning message that your PC is infected with a variety of different pieces of malware," the SophosLabs blog explains. "Users frightened by the scareware 'warnings' might rush to spend money on useless software."

 SQL injection attacks involve passing malicious code to SQL databases as user input. An improperly configured or vulnerable SQL application can be made to execute that input. All that's needed is to add HTML into a Web page that calls a script on a malicious site.

Posted by Annette King at 14:59

A new chapter for the Army began this morning, July 2, when the Army Network Warfare Battalion (Provisional) was activated during a ceremony at Fort George G. Meade, Md.

The battalion's cyber mission will provide support to the Army and the Department of Defense. This support will include a variety of tasks, ranging from tactical support to Army Brigade Combat Teams in Iraq through strategic support to the other services, joint commanders, and interagency partners as required.

"We observe history this morning when this battalion activates. It is a first for INSCOM and a first for the Army," said Maj. Gen. David Lacquement, commander, U.S. Army Intelligence and Security Command. "This battalion formalizes and centralizes the Army's mission to provide rapid, increasing support to forces worldwide and will lead the Army in providing a larger and more robust network warfare capability."

Posted by Annette King in Virus & AntiVirus News at 14:58

The number of new malicious websites rose by 58 per cent in June to its highest level since April 2007, security experts warned today.

The latest MessageLabs Intelligence Report attributed the rise to a jump in the number of spyware and adware sites being blocked.

"Web-based malware has become a dangerous tool in the arsenal of cyber-criminals," said Mark Sunner, chief security analyst at MessageLabs.

"The bad guys know that web-borne attacks are uncharted territory for many computer users and are taking advantage of this in addition to vulnerabilities and weak security in web applications."

Sunner added that businesses that allow employee access to any website, and sites with webmail accounts that have not been scanned by corporate security systems, are at particular risk.

Posted by Annette King in Adware, Spyware and Trojans at 14:28

This hasn't hit too much mainstream media yet, but apparently our esteemed legislature approved a law in their last session that makes it a legal requirement for computer repair technicians to become licensed private investigators.

Apparently the PI lobby persuaded the law makers to classify the investigation of data on a hard drive to be only done by licensed private investigators.

So, let's say you take your computer into Joe's Computer Repair and ask him why your computer runs so slow. He looks on your hard drive and finds viruses in your email or spyware in your kid's IM program -- apparently that's an investigation of private data and is now against the law if Joe is not a licensed PI.

And it's also apparently illegal for YOU, the consumer to bring your computer for repair to a shop that does not employ a licensed PI.

Luckily some smart lawyers who like to fight such stupidity have already filed a lawsuit against the Texas Private Security Board.

Since I repair computers for a living I can't wait to see what happens.

Written by Jim Rossman

Original Story

Posted by Annette King at 00:03