On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google AMP – The Newest of Evasive Phishing Tactic
August 1, 2023
A new phishing tactic utilizing Google Accelerated Mobile Pages (AMP) has hit the threat landscape and proven to be very successful at reaching intended targets. Google AMP is an open-source HTML framework used to build websites that are optimized for both browser and mobile use. The websites that Cofense researches observed in these campaigns are hosted ...
- Capita boss quits as fine looms for huge hack of confidential data
July 31, 2023
The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator. Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon ...
- Out of the Sandbox: WikiLoader Digs Sophisticated Evasion
July 31, 2023
Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...
- Malawi: Macra Warns Public to Be On High Alert Against Heightened Cyber Attacks in Comesa Region
July 30, 2023
Malawi Computer Response Team (mwCERT) of the Malawi Communications Regulatory Authority (MACRA) announces of recent cyber-attacks that have targeted several countries in the COMESA region, resulting in severe disruptions to critical information infrastructure, across various sectors. In a statement, MACRA Director General, Daud Suleman says “these online attacks have the potential to affect anyone due to ...
- Kenya reports cyber attacks causing government system outages
July 28, 2023
Cyber attackers targeted a digital platform used by Kenya’s government to deliver services, the country’s technology minister said, highlighting the vulnerabilities of the system. The attack on the e-Citizen platform in recent days caused system outages that left users unable to access a broad range of government services, ranging from passport applications to electricity payments. Some ...
- Anomaly detection in certificate-based TGT requests
July 28, 2023
One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker ...