The EU is considering a copyright proposal that would require code-sharing platforms to monitor all content that users upload for potential copyright infringement (see the EU Commission’s proposed Article 13 of the Copyright Directive). The proposal is aimed at music and videos on streaming platforms, based on a theory of a “value gap” between the profits those platforms make from uploaded works and what copyright holders of some uploaded works receive. However, the way it’s written captures many other types of content, including code.

…

The only tools you need are at least one finger–a nose will work too–to type the brand and model of whatever device you want to hack, and a connected web browser. Put that information into a Google search box and, within a few minutes, you will find a site or a forum post somewhere describing how to enter into that device using the manufacturer’s default administration user name and password. Any pedophile, thief, ex-spouse, or regular Peeping Tom can use this information to gain access to any of these devices installed in your home.

…

It’s hardly a secret that enterprises based in large emerging markets are clamoring to invest directly in U.S. companies—as well as in companies based in other advanced countries with hospitable economic environments—particularly through the acquisition of existing businesses. Foreign direct investment (FDI)—the ownership or control by a foreign entity of 10 percent or more of a domestic enterprise—plays a modest but growing role in the U.S. economy.

…

Traffic distribution systems act as brokers that both buy and sell traffic from one site to another. They ad value by filtering traffic based on a user’s browser, IP address, geography anduser agent data. When a user clicks on a link that is part of a TDS chain they aresilently redirected to a malicious web pagebased on their profile.

TDS systems are notorious for aiding criminals in distributing web-based malware via exploit kits and fake downloads.

…

Late last summer, I ‘Googled’ my regular diner to confirm its closing time, and was shocked to find that the site had marked it Permanently Closed. I quickly called the restaurant and learned, thankfully, that it hadn’t shut down; however, its Google presence had been hijacked. And

despite the owners’ best efforts

Source: forbes.com

…

Six months after the cyberattack shook Equifax and raised questions about suspicious trading by several executives there, the Department of Justice on Wednesday charged Ying with insider trading. Prosecutors say he searched on the internet for what might happen to Equifax stock when the news of the attack broke, then exercised all of his stock options. The move netted him more than $480,000.

…

Researchers at Kroll Cyber Security first identified PinkKite in 2017 during a nine-month investigation into a large POS malware campaign that ended in December. The campaign is believed to be the first instance of PinkKite identified, according to researchers Courtney Dayter and Matt Bromiley, who presented their findings at Kaspersky Lab’s Security Analyst Summit on Friday.

Source: threatpost.com

…

One of the biggest campaign operators using Coinhive—an in-browser cryptocurrency mining service—made a measly $7.69 USD after running Coinhive’s script on 11,000 websites for three months, according to a new report published to arXiv last week.

Source: vice.com

…

How to deal with rootkit analysis step by step: laboratory setup, Windows kernel architecture and API, Windows protection, Windows 10 64 bits

Source: sekoia.fr

…

There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.

Source: gamersnexus.net

…

A new purported military video of an unidentified aircraft has been made public, following the Pentagon’s acknowledgment last year that it had shelved an initiative devoted to identifying unknown objects in aerospace.

Source: cnn.com

…

The company is updating its financial services-related ad policies to ban any advertising about cryptocurrency-related content, including initial coin offerings (ICOs), wallets, and trading advice, Google’s director of sustainable ads, Scott Spencer, told CNBC.

Source: cnbc.com

…

In today’s day and age, when you ask a security expert about some basic tips to stay safe on the web, one of the most important things he will probably tell you is to download software only from legitimate sources. Sometimes even such a basic and obvious advice might not save you from malware encounters. We found three trojanized applications hosted on download.cnet.com, which is one of the most popular software hosting sites in the world as its Alexa rank (163th) shows.

…

The Dark Web Map is a visualization of 6,608 sites that were present on the dark web during a January 2018 crawl. This is not an exhaustive listing of all onion services, because many onion services are not easy to discover by crawling. Also, you may recall from the previous section that not all onion services are websites.

According to the Tor Project’s statistics, there are over 60,000 onion services running at the time of publication, so our sample represents about 10%.

…

There’s no such thing as the US criminal justice system. There are, instead, thousands of counties across the country, each with their own systems, made up of a diffuse network of sheriffs, court clerks, prosecutors, public defenders, and jail officials who all enforce the rules around who does and doesn’t end up behind bars. It’s hard enough to ensure that key details about a case pass from one node of this convoluted web to the other within a single county; forget about at the state or national level.

…

Unless you’ve been living under a rock for the past three years, you’ve probably heard about Kubernetes. At Handy, our infrastructure is backed by a multi-cluster Kubernetes ecosystem that drives our development, CI/CD, and production environments. You could say we are big advocates and users of Kubernetes at Handy, which is why we were both surprised and intrigued to learn that our coworker’s personal Kubernetes cluster was hacked this past weekend.

…

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users’ passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Source: samba.org

…

When the Spectre and Meltdown vulnerabilities were revealed in millions of processors earlier this year, those deep-seated vulnerabilities rattled practically the entire computer industry. Now a group of Israeli researchers is outlining a new set of chip-focused vulnerabilities that, if confirmed, would represent another collection of flaws at the core of computer hardware, this time in a processor architecture designed by AMD. But the researchers now also face their own questions: about the hype they’re piling onto those revelations, the timing of their disclosure to AMD, and even their financial motivations for their work.

…

In 2011 and 2012, the US Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement. The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate. While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the US Government had already installed it on 100,000 computers without extra compensation.

…

Three popular VPN services have been found to leak private user information, which if exploited could be used to identify users. The report, published Tuesday, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN — all of which promise to provide privacy for their users.

Source: zdnet.com

…