On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Boeing confirms ‘cyber incident’ after ransomware gang claims data theft
November 2, 2023
Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” days after the company was listed on the leak site of the LockBit ransomware gang. In a statement given to TechCrunch, Boeing spokesperson Jim Prolux confirmed that attackers had targeted “elements of our parts and safety business.” The spokesperson added: “This issue does ...
- New Zealand: Money-motivated cyber attacks outnumber those carried out by nation-states
November 2, 2023
Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time, and AI looms as an ever-greater weapon, a new report says. In its latest annual threat report, the National Cyber Security Centre said the potential impact was growing – though the number of major attacks dropped slightly, to ...
- Do government sanctions against ransomware groups work?
November 2, 2023
Earlier this year, the U.S. government imposed sanctions against Russian national Mikhail Matveev, an FBI most-wanted cybercriminal, who authorities accuse of being a “prolific ransomware affiliate” involved in cyberattacks in the United States and overseas. Authorities say Matveev played a major role in the development and deployment of the Hive, LockBit and Babuk ransomware variants, ...
- Forty Countries Agree Not to Pay Cybercrime Ransoms
November 1, 2023
Dozens of US allies have signed an agreement never to pay digital extortionists, in a sign of the growing impact ransomware is having on their national security and economies. The pledge was made at the second annual meeting of the International Counter Ransomware Initiative and reported by attendant media, although there is no official word yet ...
- Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604
November 1, 2023
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to ...
- Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)
October 31, 2023
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023 as well as n-day exploitation after Citrix’s publication. Mandiant is investigating multiple instances of successful exploitation of ...