On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests
November 3, 2021
A member of the BlackMatter (aka Darkside) ransomware gang has publicly claimed the extortionists are shutting down, causing much excitement within the infosec world. A Russian-language message reportedly posted on a forum used by ransomware criminals is said to have announced BlackMatter’s second disappearance of 2021, the gang previously pulling a disappearing act under their former ...
- ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
November 3, 2021
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, ...
- Arrests were made, but the Mekotio Trojan lives on
November 3, 2021
Despite the arrest of individuals connected with the spread of the Mekotio banking Trojan, the malware continues to be used in new attacks. On Wednesday, Check Point Research (CPR) published an analysis on Mekotio, a modular banking Remote Access Trojan (RAT) that targets victims in Brazil, Chile, Mexico, Spain, and Peru — and is now back ...
- UK Labour Party data breach: Supporters’ details affected in cyberattack
November 3, 2021
The Labour Party has confirmed that details of its members and supporters is among information affected by a “cyber incident” at a company which handles the party’s data. In a statement sent to all party members on Wednesday, Labour said the “significant” attack was on “‘a third party that handles data on our behalf” and that ...
- FBI: Ransomware targets companies during mergers and acquisitions
November 2, 2021
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to ...
- Cybercriminals sell access to international shipping, logistics giants
November 2, 2021
Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn. On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. Global supply chains have faced serious ...