Submission + - Equifax Stock Sales Are the Focus of US Criminal Probe (bloomberg.com)

An anonymous reader writes: The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. U.S. prosecutors in Atlanta, who the people said are looking into the share sales, said in a statement they are examining the breach and theft of people’s personal information in conjunction with the Federal Bureau of Investigation. The Securities and Exchange Commission is working with prosecutors on the investigation into stock sales, according to another person familiar with the matter. Investigators are looking at the stock sales by Equifax’s chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, said two of the people, who asked not to be named because the probe is confidential. Equifax disclosed earlier this month that it discovered a security breach on July 29. The three executives sold shares worth almost $1.8 million in early August. The company has said the managers didn’t know of the breach at the time they sold the shares. Regulatory filings don’t show that the transactions were part of pre-scheduled trading plans.

Submission + - Is AI Dangerous? Would you believe a billionaire or a hacker? (hackaday.com)

An anonymous reader writes: Hackaday says that AI isn't going to become a menace in the way that Elon Musk and other high-profile people claim--at least, not soon. Is Musk and others really saying that AI is going to take over? Or are they saying it is going to make us lazy and stupid and the media is recasting it? Or is Hackaday right and the parlor tricks being passed off as AI today really of no consequence?

Submission + - HTML5 DRM standard is a go (arstechnica.com)

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining.

EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services.

Submission + - Georgia Tech Police Kill mentally ill student holding Unopened Swiss Army Knife (myajc.com)

McGruber writes: Scout Schultz, a 21-year old Computer Engineering Major attending Georgia Tech on a full scholarship and President of the Georgia Tech Pride Alliance, died Saturday night after he was shot once in the heart by Georgia Tech Police. According to the Georgia Burea of Investigation (GBI), officers “provided multiple verbal commands and attempted to speak with Schultz who was not cooperative and would not comply with the officers’ commands. Schultz continued to advance on the officers with the knife” and was shot.

Attorney Chris Stewart, retained by Schultz’s parents, said that while Scout may not have obeyed commands, the student never rushed the officers. And he noted the blade on the knife was not extended. “The area was secured. There was no one around at risk,” he said.

Video of the incident showed Scout shouting “Shoot me!” to the officers, leading some to wonder if this was a “suicide by cop.” GBI spokeswoman Nelly Miles said Sunday she did not know whether the officer who fired at Schultz was trained in dealing with mentally ill suspects. The GBI, through its Crisis Intervention Team, has trained roughly 10,000 local, state and federal law enforcement officers since it began in 2004. Atlanta, Roswell, Henry County and now DeKalb are among the local agencies that require all of its officers to take the class. Some agencies do not require it.

Submission + - Malware fighting CCleaner infected with Malware

Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month.

Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago.


Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan.

Submission + - CCleaner Compromised to Distribute Malware for Almost a Month (bleepingcomputer.com)

An anonymous reader writes: Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

Cisco Talos security researchers detected the tainted CCleaner app last week while performing beta testing of a new exploit detection technology. Researchers believe that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. It is unclear if this threat actor breached Avast's systems without the company's knowledge, or the malicious code was added by "an insider with access to either the development or build environments within the organization."

Avast bought Piriform — CCleaner's original developer — in July this year, a month before CCleaner 5.33 was released. Avast acknowledged the incident. The company said they found the malware in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. On September 13, Piriform released CCleaner 5.34 and CCleaner Cloud version 1.07.3191 that do not contain the malicious code. DNS data suggests thousands of users got infected.

Slashdot Top Deals