On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fake video conferencing apps are targeting Web3 workers to steal their data
December 9, 2024
Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry. Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS. In some examples observed by the researchers, the ...
- “Termite” ransomware group claims responsibility for the Blue Yonder attack
December 9, 2024
On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...
- Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs
December 7, 2024
The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...
- Jamaica: Police charge 6 people in connection with cyber attack on account of bank customer
December 7, 2024
The six people arrested last week in connection with a multi-million dollar cyber attack on the account of a customer of the National Commercial Bank, have been charged. This was disclosed by Dane Nicholson, Head of the Anti-Fraud Committee of the Jamaica Banker’s Association, who said the suspects were charged on Thursday and are booked to ...
- Europol: Fraudulent shopping sites tied to cybercrime marketplace taken offline
December 5, 2024
Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by law enforcement authorities across Europe, over 50 servers were seized, significant digital evidence was secured, ...
- Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
December 4, 2024
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads ...