On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Credit card skimming on the rise for the holiday shopping season
November 14, 2023
As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat Malwarebytes Labs researchers are following closely and expect to increase over the next several weeks is credit card skimming. Online stores are not ...
- Advanced threat predictions for 2024
November 14, 2023
Advanced persistent threats (APTs) are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is often more at stake. In this article, Kaspersky’s Global Research and Analysis Team ...
- DHS Cybersecurity and Infrastructure Security Agency Releases Roadmap for Artificial Intelligence
November 14, 2023
WASHINGTON – Today the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released its first Roadmap for Artificial Intelligence (AI), adding to the significant DHS and broader whole-of-government effort to ensure the secure development and implementation of artificial intelligence capabilities. DHS plays a critical role in ensuring AI safety and security nationwide. Last ...
- Gang says ICBC paid ransom over hack that disrupted US Treasury market
November 14, 2023
China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify. ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on ...
- #StopRansomware: Royal Ransomware Update
November 13, 2023
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023. Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and ...
- Bitcoin ATM operator Coin Cloud suffers severe data breach
November 13, 2023
Coin Cloud, a prominent Bitcoin ATM operator, has fallen victim to a significant security breach in a recent development that has shaken the cryptocurrency world. Hackers, whose identities remain unknown, have reportedly seized control of Coin Cloud’s backend system source code and accessed sensitive customer data, including 70,000 client selfies and personal details of around 300,000 ...