×
Security

Games Organizers at Pyeongchang Winter Olympics Confirm Cyber Attack, Won't Reveal Source (reuters.com) 73

Posted by msmash from the security-woes dept.
Pyeongchang Winter Olympics organizers confirmed on Sunday that the Games had fallen victim to a cyber attack during Friday's opening ceremony, but they refused to reveal the source. From a report: The Games' systems, including the internet and television services, were affected by the hack two days ago but organizers said it had not compromised any critical part of their operations. "Maintaining secure operations is our purpose," said International Olympic Committee (IOC) spokesman Mark Adams. "We are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure."
Businesses

Hackers Hijack Government Websites To Mine Crypto-Cash (bbc.com) 48

Posted by msmash from the worse-than-imagined dept.
BBC reports: The Information Commissioner's Office (ICO) took down its website after a warning that hackers were taking control of visitors' computers to mine cryptocurrency. Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected. He said the affected code had now been disabled and visitors were no longer at risk. The ICO said: "We are aware of the issue and are working to resolve it." Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website. He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web. The cryptocurrency involved was Monero -- a rival to Bitcoin that is designed to make transactions in it "untraceable" back to the senders and recipients involved. The plug-in had been tampered with to add a program, Coinhive, which "mines" for Monero by running processor-intensive calculations on visitors' computers. The Register: A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.
Security

Sandboxed Mac Apps Can Record Screen Any Time Without You Knowing (bleepingcomputer.com) 59

Posted by msmash from the security-woes dept.
Catalin Cimpanu, writing for BleepingComputer: Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image. The function is CGWindowListCreateImage, often utilized by Mac apps that take screenshots or live stream a user's desktop. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access this function and secretly take screenshots of the user's screen. Krause argues that miscreants can abuse this privacy loophole and utilize CGWindowListCreateImage to take screenshots of the screen without the user's permission.

Slashdot Top Deals