On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ‘Why wasn’t there a back-up plan?’: After One Brooklyn Health cyber attack, community leaders demand answers
December 15, 2022
Nearly a month after a cyber attack left the One Brooklyn Health system compromised, elected officials and medical professionals gathered outside of Brookdale Hospital Medical Center to call for additional resources — and to get the healthcare system’s three hospitals back online. “I am asking for resources and answers into this cyber attack that has crippled ...
- FuboTV goes kaput during World Cup semifinals, blames “criminal cyber attack”
December 15, 2022
Sports-focused streaming-video service FuboTV said a “criminal cyber attack” was responsible for a prolonged outage that prevented subscribers from viewing most of Wednesday’s World Cup semifinal between France and Morocco. “The incident was not related to any bandwidth constraints on Fubo’s part,” the company said. “We were instead the target of a criminal cyber attack.” There was ...
- Hackers leak personal info allegedly stolen from 5.7M Gemini users
December 15, 2022
Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The notification comes after multiple posts on hacker forums seen by BleepingComputer offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users. Read more… Source: ...
- Sting op takes down 50 DDoS-for-hire domains
December 15, 2022
Police around the globe have seized as many as 50 internet domains said to be involved in tens of millions of distributed-denial-of-service (DDoS) attacks worldwide. Seven people were collared during the swoop. The so-called “booter” websites sold “some of the world’s leading DDoS-for-hire services,” allowing paying customers to launch these networking-flooding cyberattacks against chosen victims, according ...
- Attackers use SVG files to smuggle QBot malware onto Windows systems
December 14, 2022
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target’s browser. QBot is a Windows malware arriving ...
- Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
December 14, 2022
In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Trend Micro investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; Trend Micro researchers also ...