According to recent warnings issued by Avira, CSIS Security Group, and Kaspersky Lab, a virulent spam campaign has hit Facebook Messenger during the past few days. "The Facebook spam messages contain a link to what appears to be a video," reports Bleeping Computer. "The messages arrive from one of the user's friends, suggesting that person's account was also compromised." From the report: The format of the spam message is the user's first name, the word video, and a bit.ly or t.cn short-link. Users that click on the links are redirected to different pages based on their geographical location and the type of browser and operating system they use. It's been reported that Firefox users on Windows and Mac are being redirected to a page offering a fake Flash Player installer. Kaspersky says this file installs adware on users' PCs. On Chrome, the spam campaign redirects users to a fake YouTube page pushing a malicious extension. It is believed that crooks use this Chrome extension to push adware and collect credentials for new Facebook accounts, which they later use to push the spam messages to new users.

dryriver writes: We all know the phenomenon of browsing from an internet site A to a completely unrelated internet site B, and having identical ads follow you from site A to site B. Logic suggests that some kind of advertising system is following you from site A to B, and possibly onto subsequent sites C, D and E as well. Logic also suggests that this advertising system can now put together a nice long list of whatever you are looking at online. So here's the question: How much of your online browsing is "monitored" or "logged" this way by advertisers? Can there be any realistic expectation of privacy on the internet if the default behavior of advertisers is to track you as much as they can?

An anonymous reader quotes a report from Ars Technica: U.S. intellectual property regulators are rejecting General Mills' bid to trademark the yellow background color on boxes of Cheerios cereal. The Trademark Trial and Appeal Board on Tuesday set aside the cereal maker's two-year quest to trademark "the color yellow appearing as the predominant uniform background color" on boxes of "oat-based breakfast cereal." A contrary ruling could have given the Cheerios maker an exclusive right to yellow boxes of oat cereal. General Mills argued that it deserved to be awarded the trademark status because "consumers have come to identify the color yellow" on boxes of oats cereal with "the Cheerios brand." It has been marketed in yellow packaging since 1945, with billions in sales. The board noted that "there is no doubt that a single color applied to a product or its packaging may function as a trademark and be entitled to registration under the Trademark Act." But that's only if those colors have become "inherently distinctive" in the eyes of consumers. Some of those examples include UPS "Brown;" T-Mobile "Magenta;" Target "Red;" John Deere "Green & Yellow;" and Home Depot "Orange." It goes without saying that anybody can still use those colors predominately in their marketing, but not direct competitors.

Regarding the box of Cheerios, however, the court ruled that consumers don't necessarily associate the yellow box of cereal with Cheerios, despite General Mills' assertion to the contrary. Consumers are confronted with a multitude of yellow boxes of oats cereal, the appeal board noted. By comparison, T-Mobile has only a handful of competitors, and none of them uses the magenta color as a distinctive mark, the appeal board said.

According to Reuters, a D.C. Superior Court judge on Thursday approved a government warrant seeking data from an anti-Trump website related to Inauguration Day protests, but he added protections to safeguard "innocent users." From the report: Chief Judge Robert Morin said DreamHost, a Los Angeles-based web-hosting company, must turn over data about visitors to the website disruptj20.org, which is a home to political activists who organized protests at the time of Donald Trump's inauguration as U.S. president in January. Morin, who will oversee review of the data, said the government must explain what protocols it will use to make sure prosecutors do not seize the data of "innocent users." Morin said at a hearing on Thursday that he recognized the tension between free speech rights and law enforcement's need to search digital records for evidence. He said he added safeguards to his order granting the government's request for information in an effort to balance those two concerns. Besides reviewing the prosecutors' privacy protocols, Morin also shortened the time frame for records to those generated from October to Inauguration Day and instructed the prosecutors to explain why anything they want to seize is germane to the investigation.

Taylor Hatmaker, writing for TechCrunch: Responding to privacy concerns, AccuWeather is out with a new version of its iOS app that removes a controversial data sharing behavior. Earlier this week, security researcher Will Strafach called attention to the practice in a post and users took to Twitter to announce their intention to dump the app in droves. "AccuWeather's app employed a Software Development Kit (SDK) from a third party vendor (Reveal Mobile) that inadvertently allowed Wi-Fi router data to be transmitted to this third-party vendor," the company wrote in a statement accompanying the app update. "Once we became aware of this situation we took immediate action to verify the operation and quickly disabled the SDK from the IOS app. Our next step was to update the IOS app and remove Reveal Mobile completely."

India's top court unanimously ruled on Thursday that individual privacy is a fundamental right, a verdict that will impact everything from the way companies handle personal data to the roll-out of the world's largest biometric ID card program. From a report: A nine-member bench of India's Supreme Court announced the ruling in a big setback for the Narendra Modi-led government, which argued that privacy was not a fundamental right protected by the constitution. The ruling comes against the backdrop of a large multi-party case against the mandatory use of national identity cards, known as Aadhaar, as an infringement of privacy. There have also been concerns over breaches of data. Critics say the ID cards link enough data to create a comprehensive profile of a person's spending habits, their friends and acquaintances, the property they own and a trove of other information. "This is a blow to the government, because the government had argued that people do not have a right to privacy," said Prashant Bhushan, a senior lawyer involved in the case.

SonicSpike shares a report from The Daily Beast: You can use bitcoin. But you can't hide from the taxman. At least, that's the hope of the Internal Revenue Service, which has purchased specialist software to track those using bitcoin, according to a contract obtained by The Daily Beast. The document highlights how law enforcement isn't only concerned with criminals accumulating bitcoin from selling drugs or hacking targets, but also those who use the currency to hide wealth or avoid paying taxes. The IRS has claimed that only 802 people declared bitcoin losses or profits in 2015; clearly fewer than the actual number of people trading the cryptocurrency -- especially as more investors dip into the world of cryptocurrencies, and the value of bitcoin punches past the $4,000 mark. Maybe lots of bitcoin traders didn't realize the government expects to collect tax on their digital earnings, or perhaps some thought they'd be able to get away with stockpiling bitcoin thanks to the perception that the cryptocurrency is largely anonymous.

"The purpose of this acquisition is to help us trace the movement of money through the bitcoin economy," a section of the contract reads. The Daily Beast obtained the document through the Freedom of Information Act. The contractor in this case is Chainalysis, a startup offering its "Reactor" tool to visualize, track, and analyze bitcoin transactions. Chainalysis' users include law enforcement agencies, banks, and regulatory entities. The software can follow bitcoin as it moves from one wallet to another, and eventually to an exchange where the bitcoin user will likely cash out into dollars or another currency. This is the point law enforcement could issue a subpoena to the exchange and figure out who is really behind the bitcoin.

Orome1 shares a report from Help Net Security: Security researchers have identified over 500 apps on Google Play containing an advertising software development kit (SDK) called Igexin, which allowed covert download of spying plugins. The apps in question represent a wide selection of photo editors, Internet radio and travel apps, educational, health and fitness apps, weather apps, and so on, and were downloaded over 100 million times across the Android ecosystem. Lookout researchers did not name the apps that were found using the malicious SDK, but notified Google of the problem. The latter then proceeded to clean up house, either by removing the offending apps altogether, or by forcing app developers to upload an updated version with the invasive features (i.e. the Igexin SDK) removed. "Users and app developers have no control over what will be executed on a device after the remote API request is made. The only limitations on what could potentially be run are imposed by the Android permissions system," the researchers pointed out. "It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server. Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality -- nor are they in control or even aware of the malicious payload that may subsequently execute. Instead, the invasive activity initiates from an Igexin-controlled server."