recentpopularlog in

Cryptominer

Hackers exploit Jenkins servers, make $3 million by mining Monero | CSO Online
Over the past 18 months, the hackers have accumulated 10,800 Monero, which is currently worth $3,436,776.

With an estimated 1 million users, the Jenkins Continuous Integration server, an open-source automation server written in Java, has been called “the most widely deployed automation server.” Check Point referred to Jenkins as “the ‘go to’ CI and DevOps orchestration tool. Unfortunately, though, due to its incredible power, often hosted on large servers, this also makes it a prime target for crypto-mining attacks.”

The attackers are leveraging CVE-2017-1000353, a flaw disclosed in a Jenkins security advisory issued in April 2017.
jenkins  cybersecurity  cryptominer 
july 2018 by bwiese
Protect your site from cryptojacking – with csp sri • Scott Helme
Helme noticed that thousands of sites, including government sites, were running a cryptominer via a hacked Javascript file. As he points out, to hack 2,000 sites you don’t hack 2,000, you hack one:
<p>
This is not a particularly new attack and we've known for a long time that CDNs [content delivery networks] or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. The thing is though, there's a pretty easy way to defend yourself against this attack. Let's take the ICO as an example, they load the affected file like this:

[script src="//www.browsealoud.com/plus/scripts/ba.js" type="text/javascript"][/script]

That's a pretty standard way to load a JS file and the browser will go and fetch that file and include it in the page, along with the crypto miner... Want to know how you can easily stop this attack?

[script src="//www.browsealoud.com/plus/scripts/ba.js" integrity="sha256-Abhisa/nS9WMne/YX dqiFINl JiE15MCWvASJvVtIk=" crossorigin="anonymous"][/script]

That's it. With that tiny change to how the script is loaded, this attack would have been completely neutralised. What I've done here is add the SRI Integrity Attribute and that allows the browser to determine if the file has been modified, which allows it to reject the file. You can easily generate the appropriate script tags using the SRI Hash Generator and rest assured the crypto miner could not have found its way into the page. To take this one step further and ensure absolute protection, you can use Content Security Policy and the require-sri-for directive to make sure that no script is allowed to load on the page without an SRI integrity attribute. In short, this could have been totally avoided by all of those involved even though the file was modified by hackers.</p>

Sure, he’s selling a service. But it’s a useful service.
Cryptominer  hacking 
february 2018 by charlesarthur
Thousands of UK and US government websites hijacked by hidden crypto-mining code after popular plugin hacked • The Register
Chris Williams:
<p>Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.

The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

A list of 4,200-plus affected websites can be found <a href=“https://publicwww.com/websites/browsealoud.com%2Fplus%2Fscripts%2Fba.js/“>here</a>: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe…

The Monero miner was added to Browsealoud's code some time between 0300 and 1145 UTC…Coinhive's code is mostly detected and stopped by antivirus packages and ad-blocking tools.</p>

Adblocking as the easy way to avoid malware, pt 943.
Cryptominer  malware  malvertising 
february 2018 by charlesarthur
keraf/NoCoin: No coin is a tiny browser extension aiming to block coin miners such as Coinhive.
Anti-miner browser addon to block cryptocurrency miners from operating in a browser tab. Sadly necessary these days...
chrome  browser  addon  plugin  extension  antiminer  security  cryptocurrency  javascript  tab  miner  cryptominer  bitcoin  monero  coinhive 
september 2017 by asteroza

Copy this bookmark:





to read