Another mass compromise through SQL injection attack (yet again). The yet agains and anothers keep coming, right? This time, unlike its predecessors that use relatively old and known (and patched) exploits, the attack introduces a new kid on the block: in the form of what looks like a zero-day exploit taking advantage of an unknown vulnerability in Adobe Flash Player, allowing malicious users to install malware on affected PCs. Well, this one already has a lot of history in it. Mass ...

Barely recovering from the flurry of analysis surrounding the weekend compromise, Trend Micro researchers from Taiwan have yet again discovered a new attack. The nature of affected sites seem to be quite diverse, although a big chunk belongs to the Asia Pacific region. Hackers have apparently conducted another massive SQL injection attack, causing well over 160,000 Web sites to contain a certain malicious script. Figure 1. Trend Micro product in action, blocking access to sites containing this script. Trend Micro detects the script ...

Just a week after half a million Web sites were compromised, here comes another mass Web threat -- still no breathing easy for security researchers. Consider the fact that an even earlier SQL injection attack preceded the two we've just mentioned (a mere two days before the last attack, and one which also targeted Chinese users) and we have a series of mass compromises in a span of just two weeks. This time, we picked up on another script injection attack ...

May’s Patch Tuesday came earlier this week, addressing six vulnerabilities. The latest batch of Microsoft Security Bulletin consisted of four security updates, with three rated as critical and one as moderate. This batch includes a security update on the vulnerability found in Microsoft Jet Database Engine that was initially reported late March. Here is the set of security advisories for May: Risk Rating: Critical Microsoft Security Bulletin MS08-026: Vulnerabilies in Microsoft Word Could Allow Remote Code Execution (951207) Microsoft Security Bulletin MS08-027: Vulnerability in Microsoft ...

Our researchers "followed the bouncing Web threat" in this newly discovered spate of hacked legitimate Web sites. Advanced Threats Researcher Paul Ferguson posted about this mass compromise on the blog yesterday, when it was still a "developing issue originating from various locations in China for the past few days that we (security researchers) are still piecing together." It appears that several thousand Web sites have been compromised -- via SQL injection -- with embedded malicious JavaScript that redirects users to two ...