An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

Reuters has built an algorithm called News Tracer that flags and verifies breaking news on Twitter. The algorithm weeds through all 500 million tweets that are posted on a daily basis to "sort real news from spam, nonsense, ads, and noise," writes Corinne Iozzio via Popular Science: In development since 2014, reports the Columbia Journalism Review, News Tracer's work starts by identifying clusters of tweets that are topically similar. Politics goes with politics; sports with sports; and so on. The system then uses language-processing to produce a coherent summary of each cluster. What differentiates News Tracer from other popular monitoring tools, is that it was built to think like a reporter. That virtual mindset takes 40 factors into account, according to Harvard's NiemanLab. It uses information like the location and status of the original poster (e.g. is she verified?) and how the news is spreading to establish a "credibility" rating for the news item in question. The system also does a kind of cross-check against sources that reporters have identified as reliable, and uses that initial network to identify other potentially reliable sources. News Tracer can also tell the difference between a trending hashtag and real news. The mix of data points News Tracer takes into account means it works best with actual, physical events -- crashes, protests, bombings -- as opposed to the he-said-she-said that can dominate news cycles.

New submitter petersike writes: If you're using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday 'deals' coming from Chinese users. If you're looking for cheap Ray-Ban or Louis Vuitton knockoffs, you might find these invites useful. Otherwise, you might be wondering: why is this a thing? If you use your calendar for work, you already rely on calendar invites to invite other people to meetings and events. All major calendar backends support this feature -- Google Calendar, Microsoft Exchange and Apple's iCloud. And it's quite a convenient feature as you only need to enter an email address to send these invitations. You don't need to be in the same company or even in your recipient's address book. But it's also yet another inbox -- and like every inbox out there, it can get abused.

An anonymous reader quotes a report from Ars Technica: A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn. According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers. Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin for the key. Previously, it had relied on a malicious macro in Word documents and spam e-mails, but Check Point says that in the past week there has been a "massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign." Users are advised not to open any file that has automatically downloaded, especially any image file with an unusual extension such as SVG, JS, or HTA -- though benign-looking images could exploit the way Windows hides file extensions by default.

"A number of popular Twitter accounts suddenly wanted to help you add more followers," joked Engadget. An anonymous reader writes: Early Saturday morning, due to a breach of the Twitter Counter analytics service, the compromised Twitter accounts started posting images touting services that sell Twitter followers. The affected accounts include @PlayStation, @Viacom, @XboxSupport, @TheNewYorker, @TheNextWeb, and @Money (Time's finance magazine) as well as @NTSB (the National Transportation Safety Board) and @ICRC (the Red Cross), and the Twitter accounts of famous individuals include astronaut Leland Melvin, Minnesota Governor Mark Dayton, and actor Charlie Sheen. "We can confirm that our service has been hacked; allowing posts on behalf of our user," Twitter Counter posted Saturday, announcing minutes later that "hackers CANNOT post on our users' behalf anymore."
"Apologies for the spam, everyone," tweeted the account for Xbox support, adding "We're cleaning things up now."

Tech news site Gizmodo reported Monday that Facebook planned a News Feed update that would have identified fake or hoax news stories, but "disproportionately impacted right-wing news sites by downgrading or removing that content from people's feeds" so it chose to never release the update. Facebook has denied the claims in the report. A spokesperson told Slate: "The article's allegation is not true. We did not build and withhold any News Feed changes based on their potential impact on any one political party. We always work to make News Feed more meaningful and informative, and that includes examining the quality and accuracy of items shared, such as clickbait, spam, and hoaxes. Mark himself said, "I want to do everything I can to make sure our teams uphold the integrity of our products." This includes continuously review updates (sic) to make sure we are not exhibiting unconscious bias.

An anonymous Slashdot reader writes: Look at this contradiction in the government's story about their secret scans on hundreds of millions of Yahoo emails. "Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages." But three former Yahoo employee have now said that actually the court-ordered search "was done by a module attached to the Linux kernel -- in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled... They said that made it hard to detect and also made it hard to figure out what the program was doing."
Slashdot reader Trailrunner7 writes: Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. "If the reports about the Yahoo order are accurate -- including requiring the company to custom build new software to accomplish the scanning -- it's hard to imagine a better candidate for declassification and disclosure under Section 402," Aaron Mackey of the EFF said.

The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a "poorly designed" and "buggy" piece of malware, according to two sources closely familiar with the matter, reports Motherboard. From the article: Last year, the US government served Yahoo with a secret order, asking the company to search within its users' emails for some targeted information, as first reported by Reuters this week. It's still unclear what was the information sought, but The New York Times, citing an anonymous official source, later reported that the government was looking for a specific digital "signature" of a "communications method used by a state-sponsored, foreign terrorist organization." Anonymous sources told The Times that the tool was nothing more than a modified version of Yahoo's existing scanning system, which searches all email for malware, spam and images of child pornography. But two sources familiar with the matter told Motherboard that this description is wrong, and that the tool was actually more like a "rootkit," a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.

Spammy follow-up email messages are turning off Amazon Marketplace shoppers. Shoppers who buy from Amazon's Marketplace typically like the convenience and prices. But many are also unhappy about the barrage of emails that sellers send them after the purchase, notes Fortune. It adds: Sellers deluge often inboxes with requests for product reviews, inquiries about how the process went, and sales pitches for more stuff. Considering the comments on social media, feedback from friends and family, and in posts in Amazon.com's customer service forum over the past two years, this problem is not getting any better. There appears to be no way to opt out of this email flood, which is odd, given Amazon's self-professed zeal for great customer service. One shopper in Amazon's customer forum thread posted a response from an Amazon service representative that apologized for the notifications and noted that the feedback had been forwarded to the company's "investigations team."

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."
Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

An anonymous reader quotes a report from WinBeta: Microsoft is making changes to SmartScreen, a spam content filter, available in Windows 10. These changes will affect Outlook and Exchange users. In Outlook and Exchange, SmartScreen analyzes each email message and rates the email according to SmartScreen's Spam Confidence Level (SCL). These emails are then sent to Outlook's junk folder. Here's a look at the changes to SmartScreen, according to Microsoft: 1. "On November 1, 2016, Microsoft will stop generating updates for the SmartScreen spam filters in Exchange Server 2016 and earlier (2013, 2010, 2007), Outlook 2016 for Windows and earlier (2013, 2010, 2007) and Outlook 2011 for Mac. The SmartScreen spam filter will be removed from future versions of Exchange Server and Outlook for Windows. (SmartScreen is not available in any other version of Outlook). This announcement does not affect the SmartScreen Filter online protection features built into Windows, Microsoft Edge and Internet Explorer browsers. While branded similarly, those features are technically distinct. These SmartScreen Filters to help people to stay protected from malicious websites and downloads." After November 1, 2016, Microsoft will no longer release spam definition updates to SmartScreen filters in Outlook and Exchange. Your existing SmartScreen spam filters will remain in place; Microsoft will simply no longer provide updates for them.

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

TorrentFreak reports: Spammers are using Harvard's educational sharing tool H2O to promote pirated movies. Thousands of links to scammy sites have appeared on the site in recent weeks. Copyright holders are not happy with this unintended use and are targeting the pages with various takedown notices. H2O is a tool that allows professors and students to share learning material in a more affordable way. It is a welcome system that's actively used by many renowned scholars. However, in recent weeks the platform was also discovered by scammers. As a result, it quickly filled up with many links to pirated content. Instead of course instructions and other educational material, the H2O playlists of these scammers advertise pirated movies. The scammers in question are operating from various user accounts and operate much like traditional spam bots, offering pages with movie links and related keywords such as putlocker, megashare, viooz, torrent and YIFY.

An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It's possible its algorithm incorrectly identified them as malicious, but it's another negative mark on the company's record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great -- but also not really the point. The fact links to the archive was blocked at all suggests there's a very tight reign on what's allowed on Facebook across the board, and that's a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.

An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.

Xochil writes: Sanford Wallace gets a two-year prison term and $310K fine on charges of fraud and criminal contempt for sending over 27 million spam messages to Facebook users. Sanford Wallace has made a name for himself over the course of the last several years. In 1998, the "Spam King" announced he would put an end to spamming on his part, instead resorting to a new scheme in which ISPs would be paid to receive the mail. Flash forward to 2004, the Associated Press reported that a judge issued a temporary restraining order against Wallace for alleged spyware distribution. Last August, Wallace admitted to compromising around 500,000 Facebook accounts, using them to send over 27 million spam messages through Facebook's servers, between November 2008 and March 2009. While he could have been sentenced to as many as 16 years in prison, he was only sentenced to two-and-a-half years in prison and five years of supervised release. In addition, Wallace was ordered to pay about one cent for every message sent or about 60 cents per account compromised, totaling $310,628.55 in restitution. The phishing scam consisted of Wallace automating the process of signing into a Facebook user's account, retrieving a list of their friends and sending them each a message that encouraged them to log into a website. The website would trick users into divulging their Facebook username and password before directing them to an affiliate website that would pay him for the traffic.

An anonymous reader writes: Researchers have uncovered an underground market selling information of over 70,000 compromised servers. Russia-based Kaspersky Lab revealed that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. Access to a compromised server can be bought for as little as $6. This kit comes with relevant tools to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.

An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.