On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Government Consulting Firm GMA Reports a Massive Data Breach That Revealed 341,650 Social Security Numbers
April 10, 2024
In the ever-evolving digital landscape, where data breaches seem to be more of a certainty than a possibility, the recent revelation by Greylock McKinnon Associates (GMA) marks a significant moment of concern for privacy advocates, cybersecurity professionals, and individuals alike. The breach, exposing a staggering 341,650 Social Security numbers, has cast a spotlight on the urgent ...
- Russian businesses targeted by novel ransomware gang
April 10, 2024
Attacks with a Conti ransomware code-based backdoor have been deployed by the new Muliaka ransomware operation against businesses across Russia since at least December, according to The Record, a news site by cybersecurity firm Recorded Future. Windows systems and VMware ESXi infrastructure of one Russian company had been compromised with the malware after Muliaka had infiltrated ...
- IMF: Rising Cyber Threats Pose Serious Concerns for Financial Stability
April 9, 2024
Cyberattacks have more than doubled since the pandemic. While companies have historically suffered relatively modest direct losses from cyberattacks, some have experienced a much heavier toll. US credit reporting agency Equifax, for example, paid more than $1 billion in penalties after a major data breach in 2017 that affected about 150 million consumers. As we show ...
- UK: Cyber security breaches survey 2024
April 9, 2024
Cyber security breaches and attacks remain a common threat. Half of businesses (50%) and around a third of charities (32%) report having experienced some form of cyber security breach or attack in the last 12 months. This is much higher for medium businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in annual ...
- Cybercrime on agriculture operations and businesses is on the rise
April 9, 2024
When it comes to cyberattacks, ransomware and electronic fraud, farms and ranches are attracting the interest of hackers because they see these agriculture operations as potentially lucrative targets that may not have up-to-date fraud protection tools in place. Cathy Lennon, general manager of the Ontario Federation of Agriculture, says every point along the agrifood chain has ...
- NHS board warns patients of further data leak after cyber attack
April 9, 2024
An NHS board has warned patients that further personal information could be leaked by cyber criminals who stole medical data in a major cyber attack. A large amount of confidential data was taken from NHS Dumfries and Galloway during a sustained hacking attack. Last week, INC Ransom, an extortion operation, posted a message on its dark ...