On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ubisoft apparently stopped a 900GB data breach
December 24, 2023
Just days after Insomniac suffered a horrible data breach, Ubisoft may have avoided the same fate. Security collective VX-Underground shared a report on X that, on Dec. 20, an “unknown Threat Actor” got access to Ubisoft’s internal tools, sharing screenshots online. They allegedly intended to get 900GB worth of data from the French game publisher behind ...
- The rising threat of phishing attacks with Crypto Drainers
December 22, 2023
A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated phishing attacks. These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks ...
- Rhode Island: Data breach at Wyatt steals info of detainees, staff and vendors
December 22, 2023
At least 1,454 detainees of the Donald W. Wyatt Detention Facility, 438 current and former staff members and 92 vendors have been affected by a virus in the facility’s computer system, Wyatt announced Friday. The FBI is now investigating the matter, which Wyatt discovered on November 2. “At this time, we believe that various types of ...
- Cyberattack forces First American to take some IT systems offline
December 22, 2023
First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...
- Lapsus$: GTA 6 hacker handed indefinite hospital order
December 22, 2023
An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m. The judge ...
- Indian IT services giant HCL Technologies hit by ransomware
December 22, 2023
Indian IT giant HCL Technologies apparently suffered a significant ransomware attack. Multiple media sources are claiming that the company filed a new report with the National Stock Exchange of India, in which it describes falling prey to a limited ransomware attack, stating that it “has become aware of a ransomware incident in an isolated cloud environment ...