On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Iran’s atomic energy agency confirms hack after stolen data leaked online
October 24, 2022
The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries’ email servers was hacked after the ”Black Reward’ hacking group published stolen data online. AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos. The agency ...
- Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
October 21, 2022
Symantec’s Threat Hunter Team has discovered that at least one affiliate of the BlackByte ransomware (Ransom.Blackbyte) operation has begun using a custom data exfiltration tool during their attacks. The malware (Infostealer.Exbyte) is designed to expedite the theft of data from the victim’s network and upload it to an external server. BlackByte is a ransomware-as-a-service operation that ...
- #StopRansomware: Daixin Team
October 21, 2022
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...
- Wholesale giant METRO hit by IT outage after cyberattack
October 21, 2022
International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack. The company’s IT team is currently investigating the incident with the help of external experts to discover the cause of this ongoing outage. IT outages have been affecting stores in Austria, Germany, and France since at least October 17, according to ...
- From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
October 20, 2022
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and ...
- CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
October 19, 2022
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A ...