On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers
November 27, 2023
Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since then, homeowners who have mortgages and prospective buyers who are purchasing properties with FNF or one ...
- Gulf Air hit with data breach, customer data possibly affected
November 27, 2023
Gulf Air, the national air carrier for the Kingdom of Bahrain, has confirmed suffering a data breach which most likely resulted in hackers stealing sensitive customer information. The company confirmed the news via a press release shared with local media highlighting a “data breach incident” on November 24, possibly resulting in the compromise of “some information ...
- New Jersey: Montclair, Westwood Hospitals Divert Ambulances After Cyber Attack
November 27, 2023
Two hospitals in North Jersey are diverting ambulances from their emergency rooms after a cyber attack, authorities confirmed Monday. The attack impacted the computer systems at Mountainside Medical Center in Montclair, and Pascack Valley Medical Center in Westwood. Read more… Source: MSN News
- The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI
November 27, 2023
Generative artificial intelligence technologies such as OpenAI’s ChatGPT and DALL-E have created a great deal of disruption across much of our digital lives. Creating credible text, images and even audio, these AI tools can be used for both good and ill. That includes their application in the cybersecurity space. Read more… Source: Sophos
- Thousands of house purchases frozen by cyber attack
November 25, 2023
Thousands of home moves have been thrown into limbo following a cyber attack on an IT company used by property conveyancers. An outage at CTS has hit around 80 law firms, halting a series of property exchanges and completions across the country since Wednesday. Rob Hailstone, chief executive of Bold Legal Group, which runs a forum ...
- New ransomware-as-a-service caters to cybercriminals with commercial expansion
November 23, 2023
New evidence suggests that the popular Play ransomware is now being rented out to cybercriminals. Known as ransomware-as-a-service (RaaS), cybercriminals can pay to use the malware itself alongside the infrastructure needed to pull off an attack.This is a relatively new phenomenon and can provide a steady stream of revenue for malicious cyber gangs. Read more… Source: MSN News