Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Microsoft has advised all users of Windows 7 (and the server version, Windows Server 2008) who installed a security update on Tuesday to uninstall it, after some customers found their computers would not restart or applications would not load.
Users who experienced problems described how they saw fatal system errors like the following:
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.
The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).
In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:
We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.
Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.
According to media reports, computers in Brazil have been particularly badly hit - with machines continually rebooting.
Microsoft's knowledgebase article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consquence it may no longer provide anti-malware protection.
Microsoft has already acknowledged the issue and said that it’s working on a fix. Yes, that's right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don't update the bit that's broken.
Users are recommended to block the 2823324 security update or uninstall it if its already present. More information on how to do this is detailed in this Microsoft knowledgebase article.
Follow @gcluley
Don't be too judgmental, though.
Automattic, the company behind the wildly-popular blog hosting platform WordPress.com, has announced the immediate availability of 2FA (two-factor authentication) for WordPress.com account holders.
For WordPress, Automattic has introduced two options. 
A crafty way to throw people off our scent, and make them believe that you're a Chinese advance fee fraud scammer rather than a real member of the US military in Iraq. You may be a genius after all!
Stop me if you've heard this one: 
The proposed act would expand what the EFF calls an outdated transparency law, making it possible for consumers to find out all the myriad ways companies are profiting from the trafficking of their personal information, and updating the existing law to include digital-era data types such as location data. 
I attend a lot of conferences. I mean a LOT of conferences. There has been a growing theme at all of these events among practitioners...
If you want to present at a conference and prove how you can break any given tool, you won't have too much difficulty. 
Think your firewall is there to keep things out? Perhaps it is time for a new approach. Not only should it be used to keep things in, but the logs it generates may be one of your most valuable assets.
It's called "Breaking the chain of criminality: Fighting malware one link at a time" and will be live on GoToWebinar at 2pm EDT, 10am PDT, 6pm UTC on Thursday 11 April 2013.
San Francisco-based document sharing site Scribd has admitted to a network intrusion.
Microsoft has issued its routine advance notification for the coming week's Patch Tuesday.
With the PWN2OWN rules this year requiring responsible disclosure, meaning that winners had to reveal their attacks to the affected vendors and allow time for a considered and tested fix, it wasn't actually necessary for Microsoft to rush.
"People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them."
Oh, frailty, thy name (with apologies to [William {The Bard}] Shakespeare) is parenthesis.
When you send an email to a group of recipients who don't already know each other, you use BCC:.
Earlier today, fellow Naked Security writer Graham Cluley pointed me at a fantastic April Fool's story.
Emergency call centers in the US are suffering a rise in TDoS (telephony denial of service) attacks, according to an alert issued recently by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). 
The agencies are speculating that these businesses and emergency services in particular are being targeted because phone lines are crucial to their operations. 
Call now someone is looking for you.Call now and we will settle this.Somebody talking down on you, look for themHey y is someone calln me and lookn for u n askn me where r u at n where u live heres tha # tell then to stop calln me