On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Awareness of Cyber Risks to Healthcare Organizations is not Always Translating to Adequate Protections
October 8, 2024
Despite growing awareness and widespread acknowledgment of the impact of cyber threats facing the healthcare industry, many within it are still struggling to keep them at bay. The third annual Ponemon Institute Report, commissioned by Proofpoint, found that 92% of US healthcare organizations surveyed experienced at least one cyber attack in the past 12 month, with ...
- File hosting services misused for identity phishing
October 8, 2024
Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to ...
- Largest water utility company in the US says it was targeted by a cyberattack
October 8, 2024
American Water Works, the nation’s largest regulated water and wastewater utility company, announced Monday that it was hit by a cyberattack earlier this month, prompting it to pause billing for its millions of customers. The Camden, New Jersey-based utility company said it became aware of “unauthorized activity” in their computer networks and systems last Thursday, which ...
- London Fire Brigade block almost 340,000 cyber attacks
October 8, 2024
The London Fire Brigade, the fire and rescue service for the UK’s capital, has been targeted by nearly 340,000 cyber-attacks over the past year. The data was collected under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of blocked email attacks by the department. In total, the ...
- Wreaking havoc in cyberspace: threat actors experiment with pentest tools
October 8, 2024
In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver. According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of ...
- Awaken Likho is awake: new techniques of an APT group
October 7, 2024
In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...