On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
March 16, 2022
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The malware’s modular nature has allowed it to be increasingly adaptable ...
- Automotive giant Denso confirms hack, Pandora ransomware group takes credit
March 14, 2022
Denso has confirmed a cyberattack impacting the firm’s German operations. The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 ...
- Spam website set up to reach millions of Russians
March 12, 2022
A Norwegian computer expert has created a website enabling anyone to send an email about the war in Ukraine to up to 150 Russian email addresses at a time, so that Russian people have a chance to hear the truth their government is hiding. All over Russia email inboxes are pinging. Millions of messages are being received ...
- Ukraine: Spam website set up to reach millions of Russians
March 12, 2022
A Norwegian computer expert has created a website enabling anyone to send an email about the war in Ukraine to up to 150 Russian email addresses at a time, so that Russian people have a chance to hear the truth their government is hiding. All over Russia email inboxes are pinging. Millions of messages are being received ...
- Bridgestone Americas confirms ransomware attack, LockBit leaks data
March 11, 2022
A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Bridgestone has tens of production units across ...
- NetWalker ransomware affiliate extradited to the US for further charges
March 11, 2022
The NetWalker ransomware gang affiliate who was sentenced to seven years in prison by Canadian courts at the end of January was extradited to the United States on Wednesday, where he will face further charges related to his participation in the gang. Sebastien Vachon-Desjardins, a Canadian citizen, received the Canadian prison sentence after he pleaded guilty ...