On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
October 13, 2022
Cisco Talos has discovered a new single-file command and control (C2) framework the authors call “Alchimist .” Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools. Cisco Talos assesses with moderate-high confidence that this framework is being used in the ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...
- Private health insurance company Medibank affected by cyber attack less than a month after telco Optus was targeted
October 13, 2022
Health insurance giant Medibank Group is the latest Australian company to become the target of a cyber attack. Last month telecommuncations company Optus was hit by a wide-scale breach which saw more than two million customers affected. Telstra was also rocked by a data breach which saw the personal details of 30,000 current and former staff leaked. Read ...
- Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
October 12, 2022
QAKBOT’s malware distribution resumed on September 8, 2022 following a brief hiatus, when our researchers spotted several distribution mechanisms on this date. The distribution methods observed included SmokeLoader (using the ‘snow0x’ distributor ID), Emotet (using the ‘azd‘ distributor id), and malicious spam that used the ‘BB’ and ‘Obama20x’ IDs. A recent case involving the QAKBOT ‘BB’ ...
- Malicious WhatsApp mod distributed through legitimate apps
October 12, 2022
Last year, Kaspersky researchers wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, they discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version 2.22.11.75. Inside it, researchers have found a malicious ...
- Two Former eBay Employees Sentenced for Aggressive Cyberstalking Campaign
October 11, 2022
BOSTON – Two former employees of eBay, Inc. were sentenced today for their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company. Stephanie Popp, 34, of Louisville, Ky., eBay’s former Senior Manager of Global Intelligence, was sentenced to one year and one ...