On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK Government hackers made hundreds of thousands of stolen credit cards ‘worthless’ to crooks
May 10, 2022
A joint operation involving intelligence agency GCHQ and the Ministry of Defence took direct action against computer networks used by cyber criminals, helping to protect people against cyberattacks and also making hundreds of thousands of stolen credit cards worthless to the crooks who stole them. The action by the National Cyber Force – using the combined ...
- Examining the Black Basta Ransomware’s Infection Routine
May 9, 2022
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black Basta posted on underground forums known as XSS.IS and EXPLOIT.IN to advertise that it intends to buy and monetize corporate network ...
- Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
May 9, 2022
The security landscape has become increasingly challenging and complex for our customers. Threats have grown at an alarming rate over the last year, and cybercrime is now expected to cost the world USD10.5 trillion annually by 2025, up from USD3 trillion a decade ago and USD6 trillion in 2021.1 As attacks increase in scale, so must ...
- It costs just $7 to rent DCRat to backdoor your network
May 9, 2022
A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, ...
- Biden signs cybercrime tracking bill into law
May 9, 2022
US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime. The Better Cybercrime Metrics Act, which Biden signed late last week, requires the Department of Justice to work with the National Academy of Sciences to develop a taxonomy that law enforcement can use to ...
- US offers $15m reward for information about Conti ransomware gang
May 9, 2022
The US government is offering up to $15 million for information about key leaders of the notorious Conti ransomware group and any individual participating in an attack using a variant of Conti’s malware. In its notice issued May 6, the US Department of State said the Conti ransomware variant was the costliest strain of ransomware on ...