Security News
Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. It turns out the DMCA complaint was filed by HackerRank's outsourced contractor, WorthIT Solutions, who regularly handles such takedown requests for HackerRank.
There is a live cross-site scripting vulnerability in takedowns website DMCA-dot-com's user interface. Infosec researcher Joel Ossi, founder of Dutch security firm Websec, announced his findings after spending more than a year trying and failing to get DMCA-dot-com to take the XSS seriously.
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service attacks. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service attacks. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
The Electronic Frontier Foundation along with nearly two dozen cybersecurity companies have signed a statement regarding the use of a controversial section of the Digital Millennium Copyright Act against security researchers. One section of the DMCA, section 1201, has posed some problems for the cybersecurity community.
Today, GitHub shared more info regarding why YouTube-dl was kicked off the platform and about why GitHub handled this situation the way it did. "Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot," GitHub's Director of Platform Policy Abby Vollmer said.
The Recording Industry Association of America, Inc. has taken down YouTube-dl's GitHub repositories using a DMCA takedown notice. Today, the RIAA took down the YouTube-dl GitHub repositories by filing a DMCA infringement notice with GitHub.
On Wednesday, AMD confirmed intellectual property related to its graphics processors was stolen last year, though insisted the leaked files will not damage its business nor compromise product security. Two days ago, AMD issued two Digital Millennium Copyright Act takedown notices to GitHub, directing the Microsoft-owned code storage biz to remove five repositories - an original repo and four copies - that contained confidential internal hardware source code for its Navi family of GPUs.
It just got easier for owners of a wide range of home devices to hack and repair their software.
The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and...