Microsoft Word Has Mining Vulnerability, Votiro Says

According to researhers, vulnerability is caused by the new feature of Microsoft Word
22 February 2018   1488

Java mining scripts for Monero can be run inside Word documents. This became possible thanks to a new feature that appeared in the latest versions of Microsoft Office products. It allows you to add text to the video using the iframe insertion code. The file itself does not become harder, because the view is done online. This is reporte by Block Tribune.

The problem was noticed by a researcher from the Israeli company Votiro Amit Dori. He writes that the video player is actually a disguised Internet Explorer browser that operates in an offline mode. In addition, Word allows you to insert links to any site on the Internet, even if it is not in the white list.

You can protect yourself by maintaining an up-to-date machine with all security patches and updates installed. Furthermore, if you spot a serious CPU rise while watching an online video in Word, be aware it might be an in-browser miner and close the video frame.
 

Amit Dori

Security researcher, Votiro

The scammer can place the video in his own domain, adding to it a Java-script for mining. It is worth the user to click on the playback, as the crypto miner starts to mine Monero, parasitizing on the power of its processor.

Amberdata to Study Abnormal ETH Miners Rewards

As reported, unknown person mixed up the “gas price” field and “transaction cost”, left the workplace, and the bot did not work correctly
21 February 2019   55

The research startup Amberdata analyzed the activity of the Ethereum network in the last 24 hours and, like the media, found five transactions with an abnormally high commission.

It turned out that all five transfers were made from one address. Within four hours, the owner of the address paid the miners about $ 583,976 for processing transactions.

Note that the commission for block # 7,238,290 in the amount of 2103,1485 ETH, which was received by the Sharkpool pool, is the largest in the history of the network. Nevertheless, representatives of the pool temporarily froze funds in case the owner of the address made a mistake.

Amberdata is convinced that an unknown person mixed up the “gas price” field and “transaction cost”, left the workplace, and then the bot did not work correctly.