On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Top yacht retailer MarineMax says cyberattack led to major online data breach
April 2, 2024
MarineMax has confirmed suffering a cyberattack, thought to be ransomware, in which threat actors stole sensitive customer information. In an 8-K form, filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the leading yacht sellers worldwide, said a third party “gained unauthorized access to portions of our information environment.” Read more… Source: ...
- Scottish law firm Scullion Law suffers cyber attack
March 31, 2024
Scullion Law, which has offices on George Street Edinburgh, as well as in Glasgow, Hamilton and Madrid, had 155GB of data stolen in the attack by Black Basta. A spokesperson for the award-winning firm said: “We can confirm that we were recently the victim of a cyberattack. “We promptly notified the ICO and The Law Society ...
- AT&T data breach: Millions of customers’ data found on dark web
March 30, 2024
AT&T announced on Saturday it is investigating a data breach involving the personal information of more than 70 million current and former customers leaked on the dark web. According to information about the breach on the company’s website, 7.6 million current account holders and 65.4 million former account holders have been impacted. An AT&T press release ...
- Massachusetts healthcare provider warns patients of data breach
March 29, 2024
A Massachusetts healthcare provider is warning patients of a recently discovered data breach that compromised some personal information. Brigham and Women’s Physician Organization, a Mass General Brigham Incorporated member, is notifying individuals of an incident it became aware of on Jan. 29, 2024, involving some patients’ personal information. Read more… Source: MSN News
- The impact of compromised backups on ransomware outcomes
March 29, 2024
There are two main ways to recover encrypted data in a ransomware attack: restoring from backups and paying the ransom. Compromising an organization’s backups enables adversaries to restrict their victim’s ability to recover encrypted data and dial-up the pressure to pay the ransom. This analysis explores the impact of backup compromise on the business and operational ...
- Phishing Attack Targets Apple Users With Password Resets
March 27, 2024
If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users. The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs. One of the targeted users, tech entrepreneur Parth Patel, documented ...