On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Capita IT breach gets worse as Black Basta claims it’s now selling off stolen data
April 18, 2023
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. A spokesperson for the London-based corporation, which has UK government contracts totaling £6.5 billion ($8 billion), said it hasn’t ...
- State-sponsored campaigns target global network infrastructure
April 18, 2023
Recently, the UK’s National Cyber Security Center (NCSC) released a report on a sustained campaign by a Russian intelligence agency targeting a vulnerability in routers that Cisco had published a patch for in 2017. This campaign, dubbed “Jaguar Tooth,” is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance ...
- New QBot email attacks use PDF and WSF combo to install malware
April 17, 2023
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices. Qbot (aka QakBot) is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors. This initial access is done by dropping additional payloads, such as Cobalt Strike, Brute ...
- Ex-Conti members and FIN7 devs team up to push new Domino malware
April 17, 2023
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named ‘Domino’ in attacks on corporate networks. Domino is a relatively new malware family consisting of two components, a backdoor named ‘Domino Backdoor,’ which in turn drops a ‘Domino Loader’ that injects an info-stealing malware DLL into the memory ...
- Australians lose record $3.1 billion to scams in 2022
April 16, 2023
Doris McAllister spent her whole life working hard to support herself. So, last year, when the 75-year-old saw an international bank offering a good return on deposits, she decided to transfer her life’s savings of $260,000 across to help secure her retirement. Six weeks later, when she needed to make a withdrawal, she realised she had been ...
- Uncommon infection methods – part 2
April 13, 2023
Although ransomware is still a hot topic on which Kaspersky will keep on publishing, they also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, Kaspersky researchers provide excerpts from the recent reports that focus on uncommon infection methods and describe ...