On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities
April 16, 2019
Each country’s hackers are unique, with their own codes of conduct, forums, motives and payment methods. Recorded Future’s Portuguese-speaking analysts, with a long-standing background in the Brazilian underground, have analyzed underground markets and forums tailored to the Brazilian Portuguese audience over the past decade and discovered a number of particularities in content hosted on forums, ...
- APAC consumers have little trust in digital services
April 16, 2019
Just 31% of consumers in Asia-Pacific believe their personal information will be managed in a trustworthy way by businesses offering digital services, with only 5% willing to transact with companies that offer cheaper but less trusted digital platforms. The apparent lack of trust in digital companies is understandable, considering almost 40% have had their trust ...
- Malspam Campaigns Distribute HawkEye Keylogger, Post Ownership Change
April 16, 2019
After the HawkEye malware kit underwent an ownership change and new development, researchers are spotting the keylogger used in several malicious email campaigns. The HawkEye malware kit and information-stealer has been spotted in a newfound slew of campaigns after a recent ownership change. While the keylogger has been in continuous development since 2013, in December a thread ...
- New zero-day vulnerability CVE-2019-0859 in win32k.sys
April 15, 2019
CVE-2019-0859 is a Use-After-Free vulnerability that is presented in the CreateWindowEx function. During execution CreateWindowEx sends the message WM_NCCREATE to the window when it’s first created. By using the SetWindowsHookEx function, it is possible to set a custom callback that can handle the WM_NCCREATE message right before calling the window procedure. In win32k.sys all windows are ...
- A dozen US web servers are spreading 10 malware families, Necurs link suspected
April 4, 2019
Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. On Thursday, researchers from Bromium said they have monitored scams connected to this infrastructure during the May 2018 to March 2019 time period. Five families of banking ...
- Pharma Giant Bayer ‘Contains’ Cyber Attack
April 4, 2019
German firm detected hacker code and covertly monitored it for over a year, before clearing it from network Security officials at the German multinational pharmaceutical and life sciences giant Bayer AG seem to be on the ball after they detected and then contained a cyber attack. It is reported that the Winnti hacking group had gained access ...