On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI Claws Back Millions of DarkSide’s Ransom Profits
June 7, 2021
United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice (DOJ) and FBI announced in a joint press conference on Monday. “Today we turned the tables on DarkSide,” FBI Deputy Director Paul Abbate said in live-streamed remarks. They seized the money ...
- REvil Ransomware Gang Spill Details on US Attacks
June 4, 2021
Cybercriminals behind the JBS Foods ransomware attack claim they had no intent to target United States-based firms. The group, identified as the Sodinokibi REvil ransomware gang, also said it was not afraid of being labeled a cyber-terrorist group. A spokesperson for REvil shared its positions in an interview on a YouTube and Telegram channel called Russian ...
- TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
June 4, 2021
TeamTNT has been evolving their cloud-focused cryptojacking operations for some time now. TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters and created new malware called Black-T that integrates open source cloud native tools to assist in their cryptojacking operations. TeamTNT operations are now using compromised AWS credentials to enumerate AWS cloud ...
- Necro Python bot revamped with new VMWare, server exploits
June 3, 2021
A recent Necro Python bot campaign has shown that the developer behind the malware is hard at work ramping up its capabilities. On Thursday, researchers from Cisco Talos published a report on Necro Python, a bot that has been in development since 2015. The botnet’s development progress was documented in January 2021 by both Check Point ...
- Chinese threat actors hacked NYC MTA using Pulse Secure zero-day
June 3, 2021
Chinese-backed threat actors breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory, and CISA published an alert ...
- Email spoofing: how attackers impersonate legitimate senders
June 3, 2021
In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it ...