• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Cryptojacking Hits Over 4,000 Websites Including Government Pages

R

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,942
Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was comprimised, and one of their hosted script files changed, spreading the malware to all websites using it.

The crypto-jacking stuff is getting a little too common for my liking. Perhaps now that government websites have been attacked we will see some regulation. I won't hold my breath though.

This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.
 
Government is reactive, not proactive - Everyone knows this.

Perfect example is TSA security.
 
And all I keep hearing is how this is the secure Fiat of the future..
;)
 
rgMekanic said:
Security researcher Scott Helme is reporting that a Cryptojacking event happened over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration included a mining script that landed on over 4,000 websites, many of which were Government sites. It turns out that Text Help, an assistive technology provider was compromised, and one of their hosted script files changed, spreading the malware to all websites using it.

The crypto-jacking stuff is getting a little too common for my liking. Perhaps now that government websites have been attacked we will see some regulation. I won't hold my breath though.

This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack.
Click to expand...
A good analogy would be as far back as you can imagine thieves have been doing evil along the roadways, digital or real. I hope it can be at least minimized soon, it's not bothered me yet, I would not want it mining on my dime!
 
You must log in or register to reply here.
Back
Top