On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- German Banking Regulator BaFin’s Website Hit by Cyber Attack
September 4, 2023
German banking regulator BaFin said its website has only been partially accessible since Friday after a so-called distributed denial of service attack. BaFin took security and defensive measures after the attack which also restrict access to the website, according to a spokeswoman. All of BaFin’s other systems are working without disruption, she said. Read more… Source: Yahoo! News
- Sweden: Significant increase in cyberattacks and they’re more advanced
September 4, 2023
Cyberattacks against Swedish authorities have increased in number and are more protracted and advanced, according to an investigation by Swedish Radio News. The Social Insurance Agency, Försäkringskassan, has seen such attacks double over three years, it says. Read more… Source: Radio Sweden
- Half of large Swiss firms have faced cyberattacks
September 4, 2023
A full 45 percent of companies in Switzerland counting 250 employees or more have already been hit by at least one cyberattack, according to the report. Based on a survey of 400 board members from both larger, listed companies and small and medium enterprises (SMEs), the study found that only 18 percent of firms with under ...
- Russia linked hackers hit UK Ministry of Defence as security secrets leaked
September 2, 2023
Top secret security information on British military and intelligence sites has been leaked online by hackers linked to Russia. They released thousands of pages of data which could help criminals get into the HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab and a GCHQ listening post. Information about high-security prisons and a military ...
- Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink
August 31, 2023
A hacking group called Anonymous Sudan took X, formerly known as Twitter, offline in more than a dozen countries on Tuesday morning in an attempt to pressurise Elon Musk into launching his Starlink service in their country. X was down for more than two hours, with thousands of users affected. “Make our message reach to Elon ...
- SapphireStealer: Open-source information stealer enables credential and data theft
August 31, 2023
SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional attacks, including operations related ...