On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cuba ransomware returns to extorting victims with updated encryptor
June 8, 2022
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. Cuba ransomware’s activity reached a peak in 2021 when it partnered with the Hancitor malware gang for initial access. By the end of the year, it had breached 49 critical infrastructure organizations in the United ...
- Microsoft seizes 41 domains tied to ‘Iranian phishing ring’
June 7, 2022
Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, ...
- Hackers are now hiding inside networks for longer. That’s not a good sign
June 7, 2022
The amount of time cyber criminals intruders are spending inside victims’ networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks. According to analysis by cybersecurity researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median ...
- New SVCReady malware loads from Word doc properties
June 7, 2022
A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. More specifically, it uses VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment. According to a new ...
- Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
June 6, 2022
The DeadBolt ransomware kicked off 2022 with a slew of attacks that targeted internet-facing Network-Attached Storage (NAS) devices. It was first seen targeting QNAP Systems, Inc. in January 2022. According to a report from attack surface solutions provider Censys.io, as of Jan. 26, 2022, out of 130,000 QNAP NAS devices that were potential targets, 4,988 ...
- Costa Rican government held up by ransomware … again
June 6, 2022
Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica’s government if a ransom wasn’t paid. This month, another band of extortionists has attacked the nation. Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica’s Social ...