On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware actor exploits unsupported ColdFusion servers – but comes away empty-handed
October 19, 2023
Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the network easily achievable. Sophos X-Ops has observed a wide variety of threats being delivered to ...
- Another InfoStealer Enters the Field, ExelaStealer
October 19, 2023
In 2023, the InfoStealer market is a reasonably crowded affair. The likes of RedLine, Raccoon, and Vidar own a significant market share, with new entrants such as SaphireStealer appearing frequently. The latest entry, ExelaStealer has now taken the field. Very little backstory is available on ExelaStealer, with the earliest public mentions FortiGuard Labs could locate ...
- Top crypto firms named in $1bn fraud lawsuit
October 19, 2023
US prosecutors have accused three high-profile cryptocurrency firms of defrauding investors of more than $1bn. New York Attorney General Letitia James said Gemini, a crypto exchange, had lied to customers about the risks of an investment account it offered, which paid high interest rates on crypto. Genesis, a crypto lender, and its parent company Digital Currency ...
- Hacker leaks millions more 23andMe user records on cybercrime forum
October 18, 2023
The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records. On Tuesday, a hacker who goes by Golem published a new dataset of 23andMe user information containing records of four million users on the known cybercrime forum ...
- Government-backed actors exploiting WinRAR vulnerability
October 18, 2023
In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still ...
- Updated MATA attacks industrial companies in Eastern Europe
October 18, 2023
In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. The actors ...