On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- British Library suffering major technology outage after cyber-attack
October 31, 2023
The British Library is suffering a technology outage after it was hit by a cyber-attack, which is affecting services online and its sites in London and Yorkshire. Access to the website, as well as the catalogue and digital collections, is temporarily unavailable. The collection of items ordered on or after 27 October, new collection item orders ...
- India: What you need to know about the Apple and Aadhaar attacks
October 31, 2023
October 31 was a big day for data protection, privacy and surveillance. First, reports poured in about a massive breach of Aadhaar information, with estimates that the data of 815 million Indians had been put up for sale on the ‘dark web’. Soon after, many opposition leaders and civil society members began sharing messages they ...
- Step-by-step through the Money Message ransomware
October 30, 2023
In August 2023, the Sophos X-Ops Incident Response team was engaged to support an organization in Australia infected with Money Message ransomware. This attack vector, known for its stealth, does not append any file extensions to the encrypted data, making it harder for victims to identify the encrypted files simply by spotting such extensions. In ...
- CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
October 30, 2023
Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging ...
- TA571 Delivers IcedID Forked Loader
October 30, 2023
Proofpoint researchers identified TA571 delivering the Forked variant of IcedID in two campaigns on 11 and 18 October 2023. Both campaigns included over 6,000 messages, each impacting over 1,200 customers in a variety of industries globally. Emails in the campaigns purported to be replies to existing threads. This is known as thread hijacking. The emails contained ...
- ING CISO says data sharing is key to financial cybersecurity
October 30, 2023
Compliance has been the traditional focus of IT departments in financial institutions, but as cyber threats continue to evolve, the financial industry needs to look to each other to help protect the wider ecosystem. Finextra spoke with Beate Zwijnenberg, chief information security officer at ING, about some of the challenges the bank is facing across ...