A hack of a popular plug-in infected thousands of websites with crypto-mining software.
Thousands of sites, including those in the UK healthcare system, numerous universities, as well as UK, US, and Australian authorities, had unnoticed crypto-miners. These use the computing power of the website visitors to calculate crypto currencies. Like many other attackers, the Monero script was used on the Coinhive platform.
The numerous prominent victims are due to a hack of the popular plug-in Browsealoud, which is developed by the British company Texthelp. Browsealoud reads the content of websites for people with visual disabilities. The attackers smuggled the code into the plug-in and were suddenly represented on thousands of websites.
Developer promises investigation
How much the attackers could capture is unclear. However, the code was apparently inserted between 4 o’clock and 12:45 o’clock on Sunday. At 17 o’clock the faulty code was removed, the service was also offline for security reasons. Texthelp promised a comprehensive investigation of the incidents, but customer data had never been in danger.
The incident was first discovered by IT security expert Scott Helme, The Register reported a little later. Helmets recommends that Web sites should use a technique called SRI (Subresource Integrity) to protect against such attacks. The browser can use a hash value to check whether the downloaded script has been manipulated by third parties. The 4200 Web sites affected by the text-hack hack had not implemented this technology.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise