On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Shape-shifting cryptominer savaging Linux endpoints and IoT
September 10, 2022
AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones. The malware was dubbed “Shikitega” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid ...
- Ransomware gangs switching to new intermittent encryption tactic
September 10, 2022
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims’ systems faster while reducing the chances of being detected and stopped. This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files’ content, which would still render the data unrecoverable without using a ...
- Russia’s Sovereign Internet Creates Security Risks With Implications for Cyber (Re)Insurance While War in Ukraine Develops
September 10, 2022
A sovereign Russian internet could lead to cyber criminal safe havens, greater confidence that large-scale attacks can be carried out without consequences, and intelligence blindspots, according to a new report published today by cyber risk analytics expert CyberCube. The research “Ukraine Cyber War Update: Spotlight on activity six months later” examines the dramatic rise in the ...
- Threat landscape for industrial automation systems for H1 2022
September 8, 2022
For the first time in five years of observations, the lowest percentage in the first half of the year was observed in March. During the period from January to March, the percentage of attacked ICS computers decreased by 1.7 p.p. Among regions, the highest percentage of ICS computers on which malicious objects were blocked was observed ...
- Criminals exploiting cost of living crisis with energy rebate scam emails
September 7, 2022
Criminals are cashing in on the energy crisis by offering bogus rebates to try and trick victims into handing over bank account details. Police say in the past fortnight they’ve had nearly 1,600 reports of suspicious emails with links to malicious websites designed to steal personal and financial information. The scam emails pretend to be from the ...
- MagicRAT: Lazarus’ latest gateway into victim networks
September 7, 2022
Cisco Talos has discovered a new remote access trojan (RAT), which we are calling “MagicRAT,” that we are attributing with moderate to high confidence to the Lazarus threat actor, a state-sponsored APT attributed to North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA). This new RAT was found on victims that had been ...