Cache-poisoning caper turns TanStack npm packages toxic


An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.

The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Subdomain Reputation: Detecting Malicious Subdomains of Public Apex Domains

    March 2, 2023

    Cybercriminals regularly leverage popular dynamic domain name system (DDNS) or web hosting services to store and distribute their content. Threat actors leverage these for command and control (C2), malware distribution and phishing. This abuse has created the need for new detection methods for malicious subdomains. DDNS and web hosting services often allow people to serve content ...

  • Leveraging data science to minimize the blast radius of ransomware attacks

    March 2, 2023

    As ransomware groups continue to build on their arsenal of tactics, techniques, and procedures (TTPs), it’s essential for cybersecurity professionals to assess the levels of risk to their organizations using multiple sources of information for a comprehensive outlook on this ever-evolving threat. Common Vulnerabilities and Exposures (CVE) data, for example, can guide defenders in determining ...

  • Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

    March 1, 2023

    Iron Tiger is an advanced persistent threat (APT) group that has been focused primarily on cyberespionage for more than a decade. In 2022, we noticed that they updated SysUpdate, one of their custom malware families, to include new features and add malware infection support for the Linux platform. We found the oldest sample of this updated ...

  • “Major” cyberattack compromised sensitive U.S. Marshals Service data

    February 28, 2023

    The U.S. Marshals Service is investigating a major ransomware attack that has compromised some of its most sensitive information, including law enforcement materials, and the personal information of employees and potential targets of federal investigations. The cyberattack was considered a “major incident” by officials, impacting a “stand-alone” system (meaning it is not connected to a larger ...

  • SCARLETEEL hackers use advanced cloud skills to steal source code, data

    February 28, 2023

    An advanced hacking operation dubbed ‘SCARLETEEL’ targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. SCARLETEEL was discovered by cybersecurity intelligence firm Sysdig while responding to an incident in one of their customers’ cloud environments. Read more… Source: Bleeping Computer  

  • RIG Exploit Kit still infects enterprise users via Internet Explorer

    February 27, 2023

    The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service’s long operational history. By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. Read more… Source: Bleeping Computer