On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 1.1M Compromised Accounts Found at 17 Major Companies
January 5, 2022
There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes of usernames and password combinations against online accounts in an effort to take ...
- A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
January 3, 2022
Supply chain networks are frequent targets for cybercrime, as controlling a weak link in the supply chain can grant cybercriminals access to more victims – especially when the weak link is the source of the supply chain. Recently, we found a supply chain attack leveraging a cloud video platform to distribute skimmer (aka formjacking) campaigns. ...
- Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’
January 3, 2022
This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15. In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...
- Israel’s Jerusalem Post website hacked on Soleimani assassination anniversary
January 3, 2022
Israel’s Jerusalem Post newspaper said on Monday its website had been hacked, in what it said was an apparent threat to the country. Instead of displaying a main news page, the website showed an illustration that appeared to recall top Iranian general Qassem Soleimani, who was assassinated in a U.S. drone strike in Iraq on this ...
- Top 10 healthcare breaches in the U.S. exposed data of 19 million
December 31, 2021
The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than ...
- What the Rise in Cyber-Recon Means for Your Security Strategy
December 30, 2021
As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the MITRE ATT&CK framework, campaigns are frequently discussed in terms of left-hand and right-hand phases of threats. ...