On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How Pipeline Owners and Operators Can Fulfill the TSA’s Second Security Directive
August 12, 2021
Senior officials at the Department of Homeland Security (DHS), of which the TSA is a part, announced at the time of their security directive that they would soon require pipeline organizations to implement a new set of mandatory security controls or face financial penalties. In mid-July, CISA announced the rollout of at least some of those ...
- Accenture Confirms LockBit Ransomware Attack
August 11, 2021
08/13/21 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “While the perpetrators were able to acquire certain documents that reference a small number ...
- Kaseya’s universal REvil decryption key leaked on a hacking forum
August 11, 2021
The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 2nd, the REvil ransomware gang launched a massive attack on managed service providers worldwide by exploiting a zero-day vulnerability in the Kaseya VSA remote management application. This attack encrypted approximately ...
- $600m in cryptocurrencies swiped from Poly Network servers after security snafu
August 10, 2021
Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the “biggest in DeFi history.” DeFi stands for decentralised finance. Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used ...
- eCh0raix ransomware now targets both QNAP and Synology NAS devices
August 10, 2021
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic. Read more… Source: Bleeping Computer
- Nearly one million credit cards offered on underground forum
August 10, 2021
Researchers with D3Lab have discovered the data of almost one million credit card holders being sold on an underground forum, according to a blog post released this week. In a sample of 980,930 files acquired by D3Lab analysts on Monday, the batch contained names, addresses, credit card numbers, expirations and CVVs. Read more… Source: ZDNet