Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Cory Doctorow 9:53 am Sun Feb 11, 2018

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers.

Helme argues that the Report URI tool he developed can interdict this kind of attack, and advises security teams and IT departments to roll this — or similar "content security policy" frameworks on their site to prevent this kind of attack.

Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ? pic.twitter.com/xQhspR7A2f

— Scott Helme (@Scott_Helme) February 11, 2018

Grindr hack let anyone steal email login tokens

Security researcher Troy Hunt reports on a security flaw that let attackers change the email address of Grindr accounts. All you had to do was know the account's current email address and trigger a password reset: the secret login URL was sent to the browser too, hidden in the code of the "check your email!"… READ THE REST
CISA says unnamed US federal agency got hacked using valid credentials for users' Microsoft 365 and domain admin accounts

CISA announced Thursday that an unnamed United States government agency was hacked in an unusual method. The attacker used valid credentials for multiple users' Microsoft 365 accounts, and users' domain administrator accounts. The Cybersecurity & Infrastructure Security Agency, known as CISA, was alerted to the breach by an intrusion detection system that monitors federal civilian… READ THE REST
China's Shenzhen Zhenhua Data Technology gathers info and social media posts of American VIPs and military

A small Chinese firm known as Shenzhen Zhenhua Data Technology has been systematically collecting personal data and crawling social media posts since 2017 for the stated purpose of providing intelligence to Chinese military, government and commercial clients, "according to a copy of the database that was left unsecured on the Internet and retrieved by an… READ THE REST
Fully customizable meditation app

Stress is par for the course these days. If you've found meditation helps to quiet those interior voices of doubt, fear and confusion, then you have every reason to continue that practice. But as soothing as meditation can be, it can also serve another purpose: to focus your attention, sharpen your performance and forge you… READ THE REST
Save over 25% on these 100% organic and biodegradable hair ties

When the history of Earth is ultimately told by aliens or time travelers or whoever stumbles across what's left of our planet a millennia from now, these beings will need to understand what a hair tie is and why it was created…because it's guaranteed they find them everywhere during their study. Today, hair ties are… READ THE REST
This portable Apple Watch wireless charger makes sure you have power on the go

Ask most Apple Watch users about their biggest beef with the most popular wearable in tech today and many will likely answer with the same beef had by many users of wirelessly charged devices. It just isn't so simple making sure your wireless charger is lined up properly with your device to get a steady,… READ THE REST