ROOM ZKE
Translation Page | USAComment.com
USAComment.com
Zicutake USA Comment | Search Articles



#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
PROXY LIST
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML  Smiley face Conversion to JavaScript 
 Smiley face Mining Satoshi | Payment speed 
 Smiley face
CREATE ADDRESS BITCOIN
Online BitTorrent Magnet Link Generator
JOURNAL WORLD:

SEARCH +8 MILLIONS OF LINKS ZICUTAKE STATE

#Security

#Security


Thousands of websites worldwide hijacked by cryptocurrency mining code due Browsealoud plugin hack

Posted: 11 Feb 2018 02:46 PM PST

Thousands of websites worldwide hijacked by a cryptocurrency mining code due to the hack of the popular Browsealoud plugin.

A massive attack hit thousands of websites around the world, crooks deployed Coinhive scripts forcing them to secretly mine cryptocurrencies on visitors’ browsers.

The list of compromised websites (4275) includes the UK’s NHS, Information Commissioner’s Office (ICO) (ico.org.uk), the UK’s Student Loans Company (slc.co.uk), The City University of New York (cuny.edu), and the US government’s court system.

Once discovered the hack some sites web down, the ICO also took its website down.

The compromised websites use the Browsealoud plugin which makes their content accessible for blind or partially sighted people by reading it.

In a time-window of roughly seven hours (between 0300 and 1145 UTC), all the websites using Browsealoud inadvertently ran the Monero cryptocurrency mining code.

The attackers injected an obfuscated version of the mining code in the plugin that once converted from hexadecimal back to ASCII allowed to load the mining code in the webpage.

cryptocurrency mining script obfuscated_mining_code

The alarm was thrown by the security expert Scott Helme who was contacted by a friend who sent him antivirus software warnings received after visiting a UK ICO website.

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.said Helme.

“Someone just messaged me to say their local government website in Australia is using the software as well.”

The expert suggests using the Subresource Integrity (SRI) technique to block unwanted code injected in affected websites.

Texthelp, the company that developed the Browsealoud plugin, has removed its Browsealoud code from the web to stop the cryptocurrency mining operation.

"In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away," said Texthelp’s chief technology officer Martin McKay in a statement.

"Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline."

Texthelp confirmed that “no customer data has been accessed or lost,” and “customers will receive a further update when the security investigation has been completed.”

The malicious code was removed by 1600 UTC today, the UK’s ICO is currently in a minimal “maintenance” mode as a precaution.

 

 

Pierluigi Paganini

(Security Affairs – Browsealoud plugin, cryptocurrency mining script)

The post Thousands of websites worldwide hijacked by cryptocurrency mining code due Browsealoud plugin hack appeared first on Security Affairs.

Security Affairs newsletter Round 149 – News of the week

Posted: 11 Feb 2018 06:42 AM PST

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Once again thank you!

·      GandCrab, a new ransomware-as-a-service emerges from Russian crime underground
·      More than 1 million worth of ETH stolen from Bee Token ICO Participants with phishing emails
·      Security Affairs newsletter Round 148 – News of the week
·      UK Government Advices Industry Sectors To Comply With Guidance Or Pay $17 Million Fine
·      Almost all WordPress websites could be taken down due to unpatched CVE-2018-6389 DoS flaw
·      Cisco and FireEye Pointing Finger at North Korea Hacking Group For Adobe Flash 0-Day In The Wild
·      Cybersecurity week Round-Up (2018, Week 5)
·      Hacking Amazon Key – Hacker shows how to access a locked door after the delivery
·      Leaked memo suggest NSA and US Army compromised Tor, I2P, VPNs and want to unmask Monero users
·      Abusing X.509 Digital Certificates to establish a covert data exchange channel
·      ADB.Miner, the Android mining botnet that targets devices with ADB interface open
·      Crime ring linked to Luminosity RAT dismantled by an international law enforcement operation
·      Popular British hacktivist Lauri Love will not be extradited to US, UK Court Ruled
·      9 Tips to Prevent WordPress Hacks in this Dangerous Digital World
·      Adobe rolled out an emergency patch that fixed CVE-2018-4878 flaw exploited by North Korea
·      Automated Hacking Tool Autosploit Cause Concerns Over Mass Exploitation
·      Hackers can remotely access adult sex toys compromising at least 50.000 users
·      Researchers ported the NSA  EternalSynergy, EternalRomance, and EternalChampion to Metasploit
·      For the second time CISCO issues security patch to fix a critical vulnerability in CISCO ASA
·      Intel releases new Spectre security updates, currently only for Skylake chips
·      Joomla 3.8.4 release addresses three XSS and SQL Injection vulnerabilities
·      Meet PinME, A Brand New Attack To Track Smartphones With GPS Turned Off.
·      US authorities dismantled the global cyber theft ring known as Infraud Organization
·      A Flaw in Hotspot Shield VPN From AnchorFree Can Expose Users Locations
·      fail0verflow hackers found an unpatchable flaw in Nintendo Switch bootROM and runs Linux OS
·      Researcher found multiple vulnerabilities in NETGEAR Routers, update them now!
·      Swisscom data breach Hits 800,000 Customers, 10% of Swiss population
·      The source code of the Apple iOS iBoot Bootloader leaked online
·      UDPOS PoS malware exfiltrates credit card data DNS queries
·      Lenovo patches critical flaws that affect Broadcoms chipsets in dozens of Lenovo ThinkPad
·      Online Auction Safety Tips for Buyers and Sellers
·      VMware releases temporary mitigations for Meltdown and Spectre flaws

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 149 – News of the week appeared first on Security Affairs.

Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild

Posted: 11 Feb 2018 01:57 AM PST

Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild and a Proof-of-concept exploit code is available online.

This week, Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software.

This is the second the tech giant issued a security patch to fix the critical vulnerability in CISCO ASA, the first one released in January. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition causing the reload of the system.

The affected models are:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

Now the company confirmed that attackers are trying to exploit the vulnerability CVE-2018-0101 in attacks in the wild.

"The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory," reads the security advisory published by CISCO. the update states. "Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory."

The vulnerability was discovered by Cedric Halbronn and received a CVSS base score of 10.0, the highest one.

This week Halbronn presented its findings at the REcon conference in Brussels, in its speech titled ‘Robin Hood vs CISCO ASA Anyconnect.’ he highlighted that the vulnerability could be present up to seven years old because the AnyConnect Host Scan is available since 2011.

The new attack scenario covered with the new update sees an attacker exploiting the vulnerability by sending specially crafted XML packets to a webvpn-configured interface.

CISCO ASA attack

A “Cisco ASA CVE-2018-0101 Crash PoC” was already published by some users on Pastebin.

 

Pierluigi Paganini

(Security Affairs – CISCO ASA, CVE-2018-0101)

The post Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild appeared first on Security Affairs.

FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins

Posted: 11 Feb 2018 01:05 AM PST

Russian authorities have arrested some employees at the Russian Federation Nuclear Center facility because they are suspected for trying to using a supercomputer at the plant to mine Bitcoin.

The peaks reached by the values of principal cryptocurrencies is attracting criminal organizations, the number of cyber-attacks against the sector continues to increase, and VXers are focusing their efforts on the development of cryptocurrency/miner malware.

In a few days, security firms have spotted several huge botnets that were used by crooks to mine cryptocurrencies.

This week, security experts at  Radiflow, a provider of cybersecurity solutions for critical infrastructure, have discovered in a water utility the first case of a SCADA network infected with a Monero cryptocurrency-mining malware.

Radiflow, a provider of cybersecurity solutions for critical infrastructure, today announced that the company has revealed the first documented cryptocurrency malware attack on a SCADA network of a critical infrastructure operator.” reads the press release published by the company.

The Radiflow revealed that the cryptocurrency malware was designed to run in a stealth mode on a target system and even disable security software.

“Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator,” explained Yehonatan Kfir, CTO at Radiflow. “While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time.”

A cryptocurrency malware infection could have e dramatic impact on ICS and SCADA systems because it could increase resources consumption affecting the response times of the systems used to control processes in the environments.

While the story was making the headlines, the Russian Interfax News Agency reported that several scientists at the Russian Federation Nuclear Center facility (aka All-Russian Research Institute of Experimental Physics) had been arrested by authorities charged for mining cryptocurrency with “office computing resources.”

The nuclear research plant is located in Sarov, in 2011, the Russian Federation Nuclear Center deployed on a new petaflop-supercomputer.

The scientists are accused to have abused the computing power of one of Russia’s most powerful supercomputers located in the Federal Nuclear Center to mine Bitcoins.

Russian Federation Nuclear Center facility

The supercomputer normally isolated from the Internet, but the researchers were discovered while attempting to connect it online. the Federal Security Service (FSB) has arrested the researchers.

“There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” Tatyana Zalesskaya, head of the Institute’s press service, told Interfax news agency.

“Their activities were stopped in time. The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them,”

 

Pierluigi Paganini

(Security Affairs – Russian Federation Nuclear Center facility, Mining)

The post FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins appeared first on Security Affairs.