Facebook bids to keep data privacy case from EU's top court

DUBLIN (Reuters) - Facebook bid on Monday to block referral of a landmark privacy case to Europe's top court by requesting a last-ditch appeal, seeking to avoid a potential ban on the legal instrument it uses to transfer users' data to the United States.

from Reuters: Technology News https://ift.tt/2r8mvYa

Paper plane protesters urge Russia to unblock Telegram app

MOSCOW (Reuters) - Thousands of people marched through Moscow, throwing paper planes and calling for authorities to unblock the popular Telegram instant messaging app on Monday.

from Reuters: Technology News https://ift.tt/2I8Byui

U.S. tech fund Andra raises $500 million for new digital coin

NEW YORK (Reuters) - Andra Capital, a U.S. technology fund, has raised $500 million in funding for a new digital currency that investors can use to back a group of late-stage venture capital (VC) firms, the firm's managing partner Haydar Haba told Reuters.

from Reuters: Technology News https://ift.tt/2vXUzuF

Publishers rebuke Google's interpretation of EU privacy law

SAN FRANCISCO (Reuters) - Google is forcing media firms that generate revenue from its advertising services to accept unreasonable responsibilities under a new European privacy law, four major publisher trade groups told the Alphabet Inc unit late Sunday in a letter seen by Reuters.

from Reuters: Technology News https://ift.tt/2raiHEF

Facebook seeks to block referral of privacy case to EU's top court

DUBLIN (Reuters) - Facebook has moved to block referral of its Irish privacy case to Europe's top court, a lawyer for the U.S. tech giant said on Monday, seeking to avoid a potential ban on the legal instrument it uses to transfer users' data to the United States.

from Reuters: Technology News https://ift.tt/2FtviYP

U.S. top court turns away Google fight over business patents

(Reuters) - The U.S. Supreme Court on Monday declined to hear Google's appeal of a lower court's ruling that narrowed the scope of patents that can be challenged before a federal tribunal whose proceedings have led to the cancellation of many patents.

from Reuters: Technology News https://ift.tt/2Kq4E74

U.S. Supreme Court to hear Google privacy settlement dispute

(Reuters) - The U.S. Supreme Court on Monday agreed to hear an internet privacy case involving Google that could put the brakes on an increasingly common form of settlement in class action suits that funnels money to unrelated third parties and charities instead of to people affected by the alleged wrongdoing.

from Reuters: Technology News https://ift.tt/2vYEe96

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a

from The Hacker News https://ift.tt/2Kpm6Z3

Broadcom says weak wireless chip demand to hurt revenue forecast

(Reuters) - Chipmaker Broadcom Inc, which counts Apple Inc among its customers, on Monday cut the top end its previously issued second-quarter revenue forecast, citing weak demand for its wireless chips.

from Reuters: Technology News https://ift.tt/2KsabcW

UK lawmakers to quiz TSB over computer systems outage

LONDON (Reuters) - Lawmakers will quiz top officials at TSB bank and its Spanish parent Sabadell on Wednesday over its computer systems outage, parliament's Treasury Select Committee said on Monday.

from Reuters: Technology News https://ift.tt/2r7vZms

Asian telecom stocks face minimal 5G risks - JP Morgan

(Reuters) - Shares of Asian telecom players have already priced in the impact of investments for setting up fifth generation (5G) mobile networks and potential monetization uncertainty, J.P. Morgan Securities analysts said on Monday.

from Reuters: Technology News https://ift.tt/2jhwPsn

Cryptomining to The Dark Side

Key Findings:

• A once legitimate video download software site, OSDSoft, has moved into crypto-mining.
• Around 6000 machines have been infected in just a few months.
• Distributed by a fraudulent Adobe Flash Player update service, the malware is mining $700 of Monero crypto currency for the perpetrator each day.

Check Point researchers have recently discovered a site that although once (almost) legitimate has now moved closer to the Dark Side.

 

Back in 2011, OSDSoft was a site offering its audience free video download software to thousands of users around the world. Registered under the name of Ivan Koslov, it also had Facebook, Twitter and YouTube accounts marketing the website’s main and only product. It was to all intents and purposes a legitimate site.

 

Moving to the Dark Side

In 2014 however, OSDSoft started to appear in more suspicious contexts as several Adwares and Potentially Unwanted Programs (PUPs) downloaded from it were spotted in the wild.

 

These adwares and PUPSs acted stealthily in order to evade regular anti-virus protections and performed environment checks to make sure they were not running on a virtual machine. It seems though that these PUPs and software bundles were only the beginning of this increasingly malicious campaign.

 

Ivan Darker

Towards the end of 2017, as the popularity of crypto currency miners grew, OSDSoft shifted some of its efforts toward mining the Monero crypto currency. As discussed on this blog previously, Monero cryptominers are becoming more popular due to the increased anonymity they provide and the profitability of mining Monero on regular PCs.  

 

After some analysis, the Check Point Research team estimates that around 6000 machines have so far been infected and are earning the perpetrator behind OSDSoft approximately $700 per day from this mining operation alone. This stands out from other similar operations by infecting so many machines in a matter of months and spreading these PUPs for so many years.

 

How is OSDSoft’s Cryptominer Distributed?

The miners are currently distributed by websites disguised as a legitimate Adobe Flash Player update service, telling the victim that their Flash version is outdated. Clicking anywhere on the screen would result in the malicious executable being downloaded. OSDSoft’s author does not want to waste any time in this campaign either, for while waiting for the Monerominer to download, the malignant websites additionally use the CoinHive cryptomining malware to mine through the browser and maximize his profits.

 

Fake Adobe Flash Player update service that distributes the cryptominer.

 

Furthermore, it is interesting to note that in this and other connected campaigns, it is legitimate hosting and file storage services such as AWS (Amazon Web Services), Dropbox and Github, that are being used to store and distribute the malicious cryptomining samples.

 

Victims are then directed to misleading malicious Flash Player domains such as flash2update[.]xyz, flashdownload[.]club, flashplayers[.]club and others via malvertising and referrals from shady websites.

 

Summary

Lately, security vendors are becoming more aware of the threat that PUP files pose and are increasingly treating them as malware. Dangers of a PUP can range from data theft and hijacking user traffic to possible remote code execution, as we have seen with our previous Fireball research.

 

OSDSoft, a website that started with seemingly innocent intentions serves as a case study in the need to be on constant alert. Although its author initially promoted video download software, the lure of high value crypto currencies lured him over to the dark side as the site became a PUP and cryptomining distribution platform.

 

For full technical details of this crypto-miner, please visit the Check Point Research blog.

 

The post Cryptomining to The Dark Side appeared first on Check Point Blog.

from Check Point Blog https://ift.tt/2jho1CV

Microsoft Windows NTFS Denial Of Service

A denial of service vulnerability exists in Microsoft Windows. The vulnerability is due to an error in Microsoft Windows while parsing a specially crafted NTFS image. A remote attacker can exploit this issue by enticing a victim to open a specially crafted NTFS image.

from Check Point Update Services Advisories https://ift.tt/2vWE9mn

Google Chrome Promise Bug (CVE-2018-6106)

A vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.

from Check Point Update Services Advisories https://ift.tt/2raPeLN

Microsoft Windows SNMP Denial of Service (CVE-2018-0967)

A Denial of service vulnerability exists in Microsoft Windows SNMP Service. The service fails to properly handle malformed SNMP messages. An attacker could exploit this vulnerability via a specially crafted SNMP message.

from Check Point Update Services Advisories https://ift.tt/2vWvIHG

T-Mobile, Sprint say $26 billion deal would give U.S. tech lead over China

(Reuters) - T-Mobile US Inc and Sprint Corp said on Sunday they had agreed to a $26 billion all-stock deal and believed they could win over skeptical regulators because the merger would create thousands of jobs and help the United States beat China to creating the next generation mobile network.

from Reuters: Technology News https://ift.tt/2Kmnyvz

German regulator may require cable operators to open networks to third parties - FAZ

FRANKFURT (Reuters) - Germany's regulator is considering requiring cable TV operators to provide network access to third parties, in a shift that could affect talks on a European merger between Vodafone and Liberty Global.

from Reuters: Technology News https://ift.tt/2r98EA1