On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US rejecting dialogue on cyber sphere with Russia undermines information security
May 4, 2024
The US administration rejecting dialogue with Moscow on the cyber sphere undermines international information security, Russian Ambassador to Washington Anatoly Antonov said on the embassy’s Telegram channel. “We regard such statements as another example of megaphone diplomacy and evidence of Washington’s irrepressible desire to accuse Russia of all mortal sins. We have repeatedly told the US: ...
- U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems
May 3, 2024
The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...
- Ukrainian man sentenced for extorting $700m in REvil ransomware attacks
May 2, 2024
A Ukrainian man has been sentenced to 13 years and seven months in prison for his role in conducting more than 2,500 ransomware attacks across the globe. Yaroslav Vasinskyi, 24, demanded more than $700 million in ransom payments for data he stole from his victims, or he would publicly release it. He was also ordered to ...
- Watch out for tech support scams lurking in sponsored search results
May 2, 2024
A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. ...
- Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data
May 2, 2024
Dropbox has confirmed that a hacker has accessed customer information including emails and usernames, phone numbers and hashed passwords, OAuth tokens and multi-factor authentication information. Dropbox has issued a statement confirming that it became aware of unauthorized access to the production environment of the Dropbox Sign platform on April 24. That statement confirms that customer information ...
- Australia: Cybercrime detectives arrest man following alleged 1 million NSW clubs customer records data breach
May 2, 2024
A Sydney man has been arrested by police over an alleged data breach of personal information of members and patrons from at least 17 licensed clubs in New South Wales and the ACT. An unauthorised website claimed to have published online the personal details of many customers, with a threat to publish those of more than ...