On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Atomic Stealer rings in the new year with updated version
January 10, 2024
Last year, Malwarebytes Labs researchers documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer (AMOS) onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty $3000/month rental fee. It looks like Atomic Stealer was updated ...
- Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data
January 10, 2024
Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were stolen. HMG Healthcare is headquartered in The Woodlands, Texas, and provides a range of services, including memory care, rehabilitation, and assisted living. HMG’s website says it ...
- Thailand: Elderly to get anti-scam education as cybercrime explodes
January 10, 2024
Alarmed by research indicating that the elderly are the most vulnerable to fraudsters, Thailand’s Ministry of Social Development and Human Security and CIB cybercrime investigators will collaborate with partners to provide digital literacy to senior people nationwide. The minister, Varawut Silpa-archa, stated that more than 13 million people, or almost 20% of the Thai population, are ...
- SEC says ‘compromised’ account to blame for tweet approving Bitcoin ETF
January 10, 2024
The Securities and Exchange Commission (SEC) said Tuesday that a post sent from the agency’s account on the social platform X/Twitter announcing the approval of a long-awaited bitcoin exchange-traded fund was “unauthorized”, and that the agency’s account had been “compromised”. The price of bitcoin briefly spiked more than $1,000 after the post on X claimed: “The ...
- AI aids nation-state hackers but also helps US spies to find them, says NSA cyber director
January 9, 2024
Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation state elements utilizing AI. They’re all subscribed to the big name companies that you would expect ...
- Fidelity National Financial says hackers stole data on 1.3 million customers
January 9, 2024
Real estate services giant Fidelity National Financial (FNF) has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that ...