Today’s topics include a cryptocurrency miner exploiting thousands of sites through an accessibility script; Valentine’s Day dating scam emails; Microsoft System Center’s first semi-annual release; and Google beta testing Cloud Tensor Processing Units.
On Feb. 11, Texthelp reported that its Browsealoud text-to-speech extension was compromised by a third-party accessibility script, impacting thousands of websites. Browsealoud is widely deployed on sites around the world, particularly on government websites that use the tool to help enable better accessibility.
“The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate crypto-currency,” said Martin McKay, CTO and data security officer at Texthelp.
Injected into the Browsealoud code was the Coinhive Monero cryptocurrency mining code, which is an in-browser mining script that uses the CPU power of the system it is running on in an attempt to mine cryptocurrency….