On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Linux version of RTM Locker ransomware targets VMware ESXi servers
April 27, 2023
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. The RTM (Read The Manual) cybercrime gang has been active in financial fraud since at least 2015, known for distributing a custom banking trojan used to steal money from victims. Read more… Source: Bleeping Computer
- Ukraine ‘testing ground’ for Australian cyber defences
April 27, 2023
Ukraine’s ambassador says cyber security assistance to help combat Russian aggression would also help boost Australia’s own capabilities. Vasyl Myroshnychenko said he would welcome any further assistance with Ukraine’s defence against Russia, adding it would provide Australia with a good opportunity to stress test its own resources. Read more… Source: MSN News
- Clop, LockBit ransomware gangs behind PaperCut server attacks
April 26, 2023
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer
- Chinese Alloy Taurus Updates PingPull Malware
April 26, 2023
Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033. The first samples of PingPull malware date back to September 2021. ...
- Energy giant warns of ‘catastrophic damage’ if government bans payment of cyber ransoms
April 26, 2023
A government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage” and even lead to the loss of Australian lives, the nation’s biggest energy producer has warned. AGL Energy, whose board was recently reshuffled by Atlassian billionaire Mike Cannon-Brookes, described ransom bans as a dangerous double-edged sword. Read more… Source: 9News
- Irrigation Systems in Israel Hit With Cyber Attack That Temporarily Disabled Farm Equipment
April 25, 2023
A cyber attack that targeted irrigation systems in Israel is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The hackers targeted both farms and wastewater treatment plants. They seemingly had little success ...