On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- KmsdBot botnet is down after operator sends typo in command
December 6, 2022
Somewhere out there, a botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation. Unfortunately for the typographically-challenged botnetter, it happened on the internet, so someone knows: Akamai, in this case, had been watching for some time. Even worse for the operator(s), their Golang-coded ...
- Google warns stolen Android keys used to sign info-stealing malware
December 5, 2022
Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it’s a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of ...
- French hospital cancels operations after cyberattack
December 5, 2022
A hospital complex in Versailles, near Paris, had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said. The Hospital Centre of Versailles – which consists of Andre-Mignot Hospital, Richaud Hospital and the Despagne Retirement Home – was affected by the hacking attempt, said the complex’s ...
- Crimeware trends: self-propagation and driver exploitation
December 5, 2022
If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, Kaspersky researchers highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, Kaspersky published a research about ransomware borrowing ...
- Android malware apps with 2 million installs spotted on Google Play
December 4, 2022
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app ...
- UK: Cambridge Water customers’ bank details published to dark web after cyber attack
December 3, 2022
Bank account details of Cambridge Water customers have been published to the dark web, following a cyber attack. Customers have been left alarmed and furious after learning that names and current addresses, sort codes and account numbers are among the data stolen by cyber criminals from its parent company, South Staffordshire plc, back in August. Cambridge Water ...