Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts’ official site to the sites of other esteemed security researchers.
Helme argues that the Report URI tool he developed can interdict this kind of attack, and advises security teams and IT departments to roll this — or similar “content security policy” frameworks on their site to prevent this kind of attack.
Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ? pic.twitter.com/xQhspR7A2f
— Scott Helme (@Scott_Helme) February 11, 2018