On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Japanese insurer Tokio Marine discloses ransomware attack
August 18, 2021
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. The announcement came at the beginning of the week and contains little information about the incident outside the action taken to deal with the intrusion. Read more… Source: Bleeping Computer
- LockBit 2.0 Ransomware Proliferates Globally
August 17, 2021
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware. Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method. “In contrast to LockBit’s ...
- Conti ransomware prioritizes revenue and cyberinsurance data theft
August 17, 2021
Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. Earlier this month, a disgruntled affiliate posted to a hacking forum the IP addresses for Cobalt Strike C2 servers used by the gang and a 113 MB archive ...
- Brazilian National Treasury hit with ransomware attack
August 17, 2021
The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13). According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring ...
- Hive ransomware attacks Memorial Health System, steals patient data
August 16, 2021
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Read more… Source: Bleeping ...
- T-Mobile says hackers accessed user data but won’t confirm SSN breach of 100 million customers
August 16, 2021
T-Mobile is looking into allegations that a hacker stole 106GB of data containing the social security numbers, names, addresses and driver’s license information for more than 100 million people. In a statement to ZDNet, T-Mobile said it is “aware of claims made in an underground forum and have been actively investigating their validity.” Teams at T-Mobile ...