On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 200 million Twitter users’ email addresses allegedly leaked online
January 4, 2023
A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large ...
- Cook EBITDA slumps £2m following Christmas 2021 cyber-attack
January 4, 2023
A cyber-attack in December 2021 wiped an estimated £2m from Cook’s EBITDA, according to its latest financial results. The attack ground manufacturing systems at its Sittingbourne site to a halt and prevented Cook from making and delivering food. Consequently, the business was forced to shut down its website in the lead-up to Christmas, its busiest period of ...
- Hackers abuse Windows error reporting tool to deploy malware
January 4, 2023
Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system’s memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable. The new campaign ...
- Rackspace confirms Play ransomware was behind recent cyberattack
January 4, 2023
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company’s hosted Microsoft Exchange environments. This follows a report last month by cybersecurity firm Crowdstrike, which detailed a new exploit used by the ransomware group to compromise Microsoft Exchange servers and gain access to a ...
- Ransomware gang apologizes, gives SickKids hospital free decryptor
January 1, 2023
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children. On December 18th, the hospital suffered a ransomware attack that impacted internal ...
- Cyber attack leaves six North Carolina counties locked out of their online records
December 30, 2022
They’re responsible for keeping and protecting your most important records, but Thursday, a company that works with local governments across North Carolina has been paralyzed by a cyber attack with no end in sight. Cott Systems said they work with 300 local offices in 21 states, but right now that work is on hold and local ...