Ummm, so yeah, this is *bad*. I just had point out that has a cryptominer installed on their site... 😮
Conversation
Ok so this is via a 3rd party compromise, here is the script: browsealoud.com/plus/scripts/b
3
36
50
Hey you've been compromised, you need to address this ASAP. Their site also has the crypto miner running:
4
32
84
So many *government* websites in the UK are running a crypto miner *right now*...
25
803
643
I have a list of over 20 .gov.uk .nhs.uk and .ac.uk domains affected so far. Seems to have hit other government sites too including the US and Australia.
10
168
175
Here's a list of 4,275 sites that are most likely *all* victims: publicwww.com/websites/brows
These sites have neglected to deploy SRI and CSP, which would have completely mitigated this attack.
10
298
331
For those wondering if sites can protect themselves against a 3rd party compromise like this, the answer is yes, easily. I have articles on CSP and SRI which would protect you:
scotthelme.co.uk/content-securi
12
142
293
We recently launched our own library for and we never want to be an attack vector used against our customers that include our script. To protect our customers we provide script tags with SRI attributes present. report-uri.github.io/report-uri-js-
3
10
61
