An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.

An anonymous reader writes from a report via BetaNews: The notification tray in Android serves a very specific purpose. There's a clue in the name -- and it's nothing to do with advertising. Android user Thom Holwerda was upset this week when Microsoft Office for Android started to spam him with ads for apps he already had installed. There are many questions here, one of which is why is Microsoft ignoring Google's guidelines and using the notification tray to display ads? Thom, from the website OSnews, found that the copy of Word he had installed on his Nexus 6P was spamming him with ads for Excel and Powerpoint -- which he was already using. Mark Wilson from BetaNews contacted Microsoft and they said, "Our team is actively investigating the occurrences of these notifications." After pressing further into the issue, a Microsoft spokesperson said, "Microsoft is deeply committed to ensuring that we maintain the best possible experience for our customers in addition to complying with all applicable policies. We have taken the action to turn off these notifications. This update will be reflected in the coming days." In other semi-related news, users can now remove the 260-character path length limit in the Windows 10 build 14352.

An anonymous reader writes: Dyson has a launched a hair dryer with a design language similar to that of its bladeless fans. The $399 hair dryer is four years in the making, involving 103 engineers, over 1,000 miles of test hair, and a $71 million investment -- the Dyson Supersonic is being touted as "the hairdryer rethought" by its inventor Sir James Dyson. "We realized that hair dryers can cause extreme heat damage to hair," said Dyson in a press release. "So I challenged Dyson engineers to really understand the science of hair and develop our version of a hair dryer, which we think solves these problems." The hair dryer can be reserved online and will be sold exclusively at Sephora for $399 this fall.

Reader itwbennett writes: Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard drive's master boot record (MBR), leaving infected computers unable to boot into the operating system. Now, security experts have devised a method that, while not exactly straightforward, allows users to recover data from computers infected with the ransomware without paying money to cyber criminals. Folks over at BleepingComputer have confirmed that the aforementioned technique works.

An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."

An anonymous reader cites a report on VentureBeat: Microsoft today announced that Xamarin is now available for free for every Visual Studio user. This includes all editions of Visual Studio, including the free Visual Studio Community Edition, Visual Studio Professional, and Visual Studio Enterprise. Furthermore, Xamarin Studio for OS X is being made available for free as a community edition and Visual Studio Enterprise subscribers will get access to Xamarin's enterprise capabilities at no additional cost. The company also promised to open source Xamarin's SDK, including its runtime, libraries, and command line tools, as part of the .NET Foundation 'in the coming months.' Plenty of developers will find this announcement exciting. Xamarin being free is a big deal.

An anonymous reader writes: CloudFlare's co-founder Matthew Prince has publicly appealed to work with the Tor Project on implementing a solution that will stop the high incidence of Tor users being challenged by CAPTCHAs whilst browsing. Prince proposes the implementation of a Tor plugin that would communicate with CloudFlare servers to provide temporary, anonymous identification to bypass the CAPTCHAs, and has presented the code on GitHub. Other possibilities mooted include the adoption of higher-level encryption, which would be likely to adversely influence a network which already has native (and inevitable) latency issues. CloudFlare's public post on the matter comes after five turbulent weeks of comments-section debate between CloudFlare and Tor, and seems to be an appeal for public arbitration on the matter.Prince further noted that 94% of the traffic CloudFlair sees is "per se malicious." From his blog post: That doesn't mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network.

An anonymous reader shares a report on VentureBeat: Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. Using this, anyone can create a text program that they can chat with. A BotBuilder software-development kit (SDK) is available on GitHub under an open-source MIT license. These bots can be implemented into a variety of applications, including Slack or Telegram or even email. "Bots are like new applications," Microsoft chief executive Satya Nadella said. "And digital assistants are meta apps, or like the new browsers. And intelligence is infused into all of your interactions. That's the rich platform that we have." Microsoft will want to tread carefully.

At its developer conference, Build 2016, Microsoft announced on Wednesday that Windows 10, the latest version of its desktop version which it released on July 29 last year, is now being used on over 270 million active computers worldwide. "Windows 10 is off to the fastest adoption of any release ever," said Terry Myerson, executive vice president for Microsoft's Windows and Devices Group. The company also announced that it will be releasing Windows 10 Anniversary Update this summer for all Windows 10 users free of charge.

Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries. Update: 03/30 16:16 GMT by M : At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.

Reader Freshly Exhumed writes: Telemarketers in Canada and the USA have essentially been bypassing each nation's do-not-call registry by basing their efforts from the other or from off-shore locations, while cross border spam remains rampant. Now the CRTC, Canada's telecom and broadcast regulator, has announced it signed a partnership agreement with the Federal Trade Commission of the United States to fight against spam and calls from pesky telemarketers. The Memorandum of Understanding (MOU) consists of all unsolicited telecommunications, unsolicited commercial email (spam), and other "illegal electronic threats" that cover anti-spam laws in the United States and Canada.

itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

campuscodi writes: Google has confirmed with Search Engine Land that it is removing PageRank scores from the Google toolbar, which was the last place where someone could check their site's PageRank status. Many SEO experts are extremely happy at this point, since it seems that PageRank is responsible for all the SEO spam we see today.

MojoKid writes: A Denver-based security startup called ProtectWise has a rather interesting twist on a security as a service platform that also incorporates an innovative threat detection and management user interface. The ProtectWise security platform runs on a cloud-based infrastructure that currently utilizes Amazon AWS for storage and processing. ProtectWise is an all software solution comprised of a "Cloud Network DVR" platform made-up of virtual cameras in the cloud that record all traffic on the network. The sensors (12MB install package) record all network traffic wherever they're installed and stream it up to the ProtectWise platform where it is securely stored and the threat analysis is performed. The sensors can be configured with profiles to capture just light metadata like netflow or headers (source, destination etc.) all the way to the full payload. You can then playback the traffic from the ProtectWise cloud analytics platform, going months back if needed, and analyze the data for threats. You can go back in time and see if, where and how you've been compromised retrospectively. There's also a ProtectWise HUD that visualizes and renders network threat location and progression, allowing you to make better use of all the data recorded. It has a 'KillBox' that visually shows attack event progression across the network area. The only question has to do with compliance for financial applications since it is cloud-based. Currently, ProtectWise has 100 or so deployments of its product in the market with customers like Netflix, Hulu, Expedia, Pandora and Universal Music.

An anonymous reader writes: British telco BT is launching a free landline service for UK customers which promises to divert millions of unwanted calls. A dedicated team at BT will monitor calls made to UK numbers, across its network of over 10 million domestic landlines, to identify suspicious patterns, which could help to filter out nuisance callers. The flagged numbers will then be directed to a junk voicemail box. The company has estimated that the voicemail 'net' will catch up to 25 million cold calls every week. It explained that to achieve this success rate, it would be deploying enormous amounts of compute power to monitor and analyse large amounts of data in real-time.

Trailrunner7 writes: Robocalls are among the more annoying modern inventions, and consumers and businesses have tried just about every strategy for defeating them over the years, with little success. But one man has come up with a bot of his own that sends robocallers into a maddening hall of mirrors designed to frustrate them into surrender. The bot is called the Jolly Roger Telephone Company, and it's the work of Roger Anderson, a veteran of the phone industry himself who had grown tired of the repeated harassment from telemarketers and robocallers. Anderson started out by building a system that sat in front of his home landlines and would tell human callers to press a key to ring through to his actual phone line; robocallers were routed directly to an answering system. He would then white-list the numbers of humans who got through. Sometimes the Jolly Roger bot will press buttons to be transferred to a human agent and other times it will just talk back if a human is on the other end of the line to begin with.

broswell writes: For years we used Postini for spam filtering. Google bought Postini in 2007, operated it for 5 years and then began shutting it down. Then we moved to MX Logic. McAfee bought MX Logic, and McAfee was purchased by Intel. Now Intel is shutting down the service. Neither company chose to raise prices, or spin off the division. Anyone want to speculate on the reasons?

walterbyrd writes: The DOJ as well as Ohio, Illinois, California, and North Carolina say that Dish disregarded federal laws on call etiquette. US lawyers are asking for $900 million in civil penalties, and the four states are asking for $23.5 billion in fines, according to the Denver Post. 'Laws against phoning people on do-not-call lists and using recorded messages allow penalties of up to $16,000 per violation,' the Post added.

itwbennett writes: According to a new Google report, the search giant disabled more than 780 million "bad ads," including include ads for counterfeit products, misleading or unapproved pharmaceuticals, weight loss scams, phishing ploys, unwanted software and "trick-to-click" cons, globally last year. This marks a 49 percent increase over 2014. For perspective, it would take an individual nearly 25 years to look at the 780 million ads Google removed last year for just one second each, according to Google. If the trend continues, Google's team of more than 1,000 staffers dedicated to killing spam will be even busier in 2016, and they could disable more than a billion junky ads.

An anonymous reader writes: A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same. The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message. The attachment that the recipients are urged to download and open contains a malicious executable — a variant of the Nivdort information-stealing Trojan.