Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Cory Doctorow 9:53 am Sun Feb 11, 2018

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers.

Helme argues that the Report URI tool he developed can interdict this kind of attack, and advises security teams and IT departments to roll this — or similar "content security policy" frameworks on their site to prevent this kind of attack.

Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ? pic.twitter.com/xQhspR7A2f

— Scott Helme (@Scott_Helme) February 11, 2018

Facebook takes down 2 foreign influence operations going head to head in Central African Republic, targeting other nations

"Facebook just took down two foreign influence ops that it discovered going head to head in the Central African Republic, as well as targeting other countries," says Graphika's Ben Nimmo. "More-troll Kombat, you might say." From the introduction to the Graphika report MORE TROLL KOMBAT: On December 15, Facebook announced that it had taken down… READ THE REST
DHS, State, and NIH join list of 5 (and counting) federal agencies confirmed hacked in massive Russian cyberespionage campaign

Washington Post reporter Ellen Nakashima writes late Monday night, "The State Department and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign. And their number is expected to grow." Weird how Donald Trump has said nothing about this massive and growing hack of the United States government, right?… READ THE REST
HACKED: U.S. cybersecurity firm FireEye discloses breach and theft of internal hacking tools, blames state-sponsored attack

Prominent U.S. cybersecurity firm FireEye disclosed on its corporate blog Tuesday it was hacked, possibly by a foreign nation, and the breach included the theft of internal hacking tools the firm normally uses to privately test the network defenses of their own clients. Excerpt from FireEye Shares Details of Recent Cyber Attack, Actions to Protect… READ THE REST
Launch your Amazon side hustle with this awesome training bundle

Back in the infancy of Amazon, third party sellers were just a tiny facet of the company's growing eCommerce power. In fact, those small retailers affiliated with Amazon only accounted for 3% of their sales back in 1999. Of course, the company's growth and the emergence of more FBA (Fulfilled by Amazon) businesses brought thousands… READ THE REST
Get a MagSafe Wireless Charging Cable and a 20-watt adapter for your iPhone 12

Just like the Lightning cable that came before it, manufacturers are now chasing Apple's latest step in ever-evolving charging technology, the MagSafe. If you haven't purchased an iPhone 12 yet, then you should know it can be charged with that old trusty Lightning connector like past models, or with the use of the new wireless… READ THE REST
All of these holiday gift ideas require no shipping – and your giftee can have them in minutes

Look, we're gonna level with you…you may have already blown Christmas. The problem is, is you haven't purchased gifts already AND if they aren't already en route, there's a decent chance they won't get there in time for the big day. And with the high volume and COVID delays happening…well, there's no guarantee anything is… READ THE REST