Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Cory Doctorow 9:53 am Sun Feb 11, 2018

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers.

Helme argues that the Report URI tool he developed can interdict this kind of attack, and advises security teams and IT departments to roll this — or similar "content security policy" frameworks on their site to prevent this kind of attack.

Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ? pic.twitter.com/xQhspR7A2f

— Scott Helme (@Scott_Helme) February 11, 2018

security.txt is like robots.txt, but for security policies

Many websites have a robots.txt, a plain-text file that tells search engines to ignore certain files and folders on the site. Security.txt is a proposed standard to do likewise with security policies. "When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the… READ THE REST
Russian hackers used Microsoft vendors to breach customers: Report

"The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds," Joseph Menn and Raphael Satter at Reuters report: While updates to SolarWinds' Orion software was previously the only known point of entry, security company CrowdStrike… READ THE REST
Trump weirdly defensive of Russia in his first comments on Russian hack of U.S. government

So, this two-part Trump tweet today was weird. The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of…. ….discussing the possibility… READ THE REST
This 2-quart mini air fryer from Yedi is on sale for only $40 right now

Maybe it was your parents, or maybe, it was a friend. It could've even been with a co-worker over Zoom. But in all likelihood, you've probably had a recent conversation about the ease, efficiency, and health benefits of that buzz-worthy kitchen appliance of the moment: the air fryer. You had that conversation because, well, almost everybody… READ THE REST
This rugged Bluetooth speaker can play music and charge your wireless devices

The biggest concern when shopping for a Bluetooth speaker is often whether it's got the oomph to serve music at the volume you're looking for. On its own or looking in tandem with some friends (more on that later), the Altec Lansing BoomJacket Jolt Portable Bluetooth Speaker should more than satisfy the listening tastes of… READ THE REST
Got what it takes to write a novel? Here's what you should know before you start

More than 4 out of every 5 Americans — 81 percent — say they feel they have a book in them and that they should write it. That's almost 200 million people who want to be writers. And while each and every one of those budding scribes might have a compelling tale to tell, you… READ THE REST