A Los Angeles Times’ website has been silently mining crypto-coins using visitors’ web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper’s IT staffers left at least one of the publication’s Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to freely change, update, and tamper. Miscreants seized upon this security blunder to slip CoinHive’s Monero-mining JavaScript code into the LA Times’ interactive county homicide map at homicide.latimes.com. People visiting this site will inadvertently start crafting alt-coins for whoever injected the code, unless they have antivirus or ad-blockers installed that prevent such scripts from loading.
View full story
ORIGINAL SOURCE: The Register