On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data of 33 million people in France stolen in its largest ever cyberattack
February 8, 2024
Over 33 million people in France – nearly half of its population – have been impacted by the country’s biggest-ever cyberattack. Two French service providers for medical insurance companies were targetted, with the companies admitting that millions of people’s data were exposed to the hackers. Read more… Source: MSN News
- Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store
February 7, 2024
LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal ...
- Cyber-hacking victims ‘paid out record $1.1bn in ransoms last year‘
February 7, 2024
Ransomware gangs staged a “major comeback” last year, according to research, with victims of hacking attacks paying out a record $1.1bn to assailants. Cyber criminals stepped up their global operations in 2023 after a lull in 2022, with victims including hospitals, schools and major corporations. Payments to criminal gangs in the wake of attacks doubled compared ...
- Surprising 3 Million Hacked Toothbrushes Story Goes Viral – Is It True?
February 7, 2024
A news story about the hacking of three million smart toothbrushes to create a massive botnet used to launch a distributed denial of service cyberattack against a Swiss organization has gone viral. However, many in the information security industry, including the author, have trouble finding evidence to support the story. Searching Google reveals that everything from ...
- Every tenth Russian faced cybercriminals in 2023 – Bank of Russia
February 7, 2024
Every tenth Russian respondent experienced cybercrime, with losses not exceeding 20,000 rubles (around $220), according to the published results of a survey conducted by the Bank of Russia in 2023. “Last year, there were more people who faced cybercriminals, with every tenth person becoming a victim. Typically, the loss was less than 20,000 rubles. Victims usually ...
- Known ransomware attacks up 68% in 2023
February 6, 2024
Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the ...