On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Department of Homeland Security to probe cyber attacks linked to Lapsus$
December 2, 2022
WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and ...
- Watch out for this triple-pronged PayPal phishing and fraud scam
December 2, 2022
My day started rough. It was 7 a.m., and I was just partially through my first cup of coffee, when I noticed a new message in my email inbox. It was from PayPal and the subject line said, “You’ve got a money request.” And so began my first look at this three-pronged PayPal phishing scam. Read more… Source: ZDNet
- #StopRansomware: Cuba Ransomware
December 1, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Note: ...
- Medibank hackers reportedly release all data on dark web
December 1, 2022
Hackers who breached Medibank’s systems have dumped another batch of data on the dark web, along with claims the files contain all of the data they took in a heist that impacted 9.7 million customers. The Australian insurance group confirms six zipped files of data have been released, while government officials reiterate the overdue need ...
- New DuckLogs malware service claims having thousands of ‘customers’
December 1, 2022
A new malware-as-a-service (MaaS) operation named ‘DuckLogs’ has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. DuckLogs is entirely web-based. It claims to have thousands of cybercriminals paying a subscription to generate and launch more than 4,000 malware builds. The ...
- Lastpass says hackers accessed customer data in new breach
November 30, 2022
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both ...