June 10, 2020

Cryptomining criminals under the spotlight – a SophosLabs report

By Paul Ducklin

Remember cryptojacking?

That’s where websites would insert JavaScript software that mined cryptocurrency into web pages that you visited so that as long as you stayed on the page, your computer would be churning away, mining cryptocoins…

…on behalf of someone else.

Cryptojackers didn’t need to hack thousands of computers and install malware on every one of them – they could hack one web server and potentially run their money-making JavaScript software in thousands or even millions of browsers as innocent visitors visited that website.

In short, cryptojacking was a surprisingly simple, cross-platform, cloud-based way to steal other people’s processing power.

There was even a short-lived attempt to commercialise (and therefore to legitimize) cryptojacking, where websites could invite you to opt in to receive cryptomining JavaScript as you browsed in lieu of paying a subscription fee or as an alternative to ads.

But the system never worked out and has almost entirely been abandoned now by cybercrooks and legitimate websites alike.

Read more at https://nakedsecurity.sophos.com/2020/06/09/cryptomining-criminals-under-the-spotlight-a-sophoslabs-report/

Facebook labels ‘state-controlled’ Russian, Chinese, Iranian media

By Lisa Vaas

Facebook last week began slapping “state controlled” labels on media outlets that it’s determined are under the thumb of a government.

With the labels, Facebook is enacting a policy it announced in October. That’s when the platform introduced new election security measures, including a promise to increase transparency by showing the confirmed owner of a Page and by labeling state-controlled media on their Page and in the platform’s Ad Library.

This is just one of many efforts it’s taken in the run-up to the 2020 US presidential election, as it tries to stem a renewed onslaught of the foreign tinkering that was seen in 2016. Not that the meddling has gone anywhere, mind you. Within days of the October announcement, Facebook said that it had pulled fake news networks linked to Russia and Iran.

According to NPR, as of Thursday’s announcement, Pages and posts from at least 18 media outlets had been labelled “state-controlled media,” including Russia Today, Russia’s Sputnik News, China’s People’s Daily, China Xinhua News, and Iran’s Press TV. The Facebook Pages for all of the outlets are now carrying transparency notices that advise users that they’re “wholly or partially under the editorial control of a state,” as determined by factors including funding, structure and journalistic standards.

Read more at https://nakedsecurity.sophos.com/2020/06/09/facebook-labels-state-controlled-russian-chinese-iranian-media/

Brave CEO apologizes for adding affiliate links to URLs

By John E Dunn

The Brave browser has provoked unhappiness among some of its users after being caught redirecting searches to affiliate links that earned it commission.

The first user to notice the issue was Cryptonator 1337, who tweeted the following observation on 6 June:

So, when you are using the @brave browser and type in ‘binance.us’ you end up getting redirected to ‘binance.us/en?ref=35089877’ – I see what you did there mates.

What this means is that Brave users searching for Binance, a cryptocurrency exchange, would have had their query autocompleted so that they ended up on a special version of the Binance homepage that lets the company know that Brave’s address bar was the origin of that visit.

Autocomplete, of course, is a feature all web browsers offer and is intended as a time-saving and normally uncontroversial convenience (in Brave, ‘Autocomplete searches and URLs’ can be turned on or off by typing ‘brave://settings/autofill’ into the address bar).

But not long after, a second user discovered a GitHub page containing code used to embed rival cryptocurrency exchanges, Coinbase, Trezor, and Ledger in the same way.

At that point, Brave found itself fielding unhappy comments from users asking whether this behavior was consistent with the company’s idealistic motto ‘Brave for a better internet’ and general championing of privacy (the latter being a virtue it recently lived up to in an independent University study).

Read more at https://nakedsecurity.sophos.com/2020/06/09/brave-ceo-apologises-for-adding-affiliate-links-to-urls/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation