Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105, 000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named “Archive Poster, ” the extension is advertised as a mod for Tumblr that allows users an easier way to “reblog, queue, draft, and like posts right from another blog’s archive.” According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code. Read more of this story at Slashdot.
Taken from:
Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner
An anonymous reader shares a report: An influential website linked to violence at the Group of 20 summit meeting in Hamburg last month has been ordered to shut down, in the first such move against left-wing extremists in the country (alternative source), the authorities in Germany said on Friday. Thomas de Maiziere, the interior minister, said that the unrest in Hamburg, during which more than 20, 000 police officers were deployed and more than 400 people arrested or detained, had been stirred up on the website and showed the “serious consequences” of left-wing extremism. “The prelude to the G-20 summit in Hamburg was not the only time that violent actions and attacks on infrastructural facilities were mobilized on linksunten.indymedia, ” he said, referring to the website. The order on Friday was the latest move in a long battle against extremism in Germany. It comes in the wake of the violence in Charlottesville, Va., this month and amid worries about “antifa” factions that use violence to combat the far-right in the United States. Read more of this story at Slashdot. 
According to MSPoweruser, the London Metropolitan Police are still using around 18, 000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What’s more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the “most secure version of Windows right now.” From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: “The Met is working towards upgrading its software, but in its current state it’s like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications.” Read more of this story at Slashdot. 
Bell, Canada’s largest telecommunications company, said a hacker had accessed customer information containing about 1.9 million active email addresses and about 1, 700 names and active phone numbers. The breach was not connected to the recent global WannaCry malware attacks, the company added. From a report: The information appears to have been posted online, but the company could not confirm the leaked data was one and the same. “There is no indication that any financial, password or other sensitive personal information was accessed, ” the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200, 000 computers in more than 150 countries late last week. It is not clear when the breach occurred, how the data was accessed, or how long the attacker had access to Bell’s systems. Read more of this story at Slashdot.