Tag: known-security

Cryptojacking craze that drains your CPU now done by 2,500 sites

Enlarge / A music streaming site that participated in Coinhive crypto mining maxes out the visitor’s CPU. (credit: Malwarebytes ) A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks ago. Willem de Groot, an independent security researcher who reported the findings Tuesday, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors’ payment card details. “Apparently, cyberthieves are squeezing every penny out of their confiscated assets,” he said. Read 6 remaining paragraphs | Comments

More:
Cryptojacking craze that drains your CPU now done by 2,500 sites

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

Enlarge (credit: Raimond Spekking ) A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday. The unidentified attackers exploited weaknesses in Signalling System No. 7 , a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train. The same functionality can be used to eavesdrop on conversations, track geographic whereabouts, or intercept text messages. Security researchers demonstrated this dark side of SS7 last year when they stalked US Representative Ted Lieu using nothing more than his 10-digit cell phone number and access to an SS7 network. Read 6 remaining paragraphs | Comments

Continue Reading:
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol