On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber crime now “generates $1.5tn per year”
April 20, 2018
Cyber crime generates $1.5tn (£1.1tn) in revenue every year, according to a groundbreaking report released at RSA Conference on Friday. The research, conducted by Surrey University criminologist Michael McGuire and commissioned by security firm Bromium, reveals that if cyber crime was a country, it would have the 13th highest GDP in the world. According to McGuire’s “conservative ...
- ID theft in UK hits record high as crooks shift to more vulnerable targets
April 18, 2018
Identity fraud in Blighty hit a record high of 174,523 incidents last year – and the vast majority of it happened online. According to the latest report by fraud prevention service Cifas, ID theft rose 1 per cent on last year. However, that is an increase of 125 per cent on 2007, the Fraudscape (PDF) report shows. Read more… Source: The ...
- Gold Galleon Hacking Group Plunders Shipping Industry
April 18, 2018
Researchers have identified the hacking group behind several widescale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers, according to a report released here at the RSA Conference Wednesday. Researchers from the Dell SecureWorks Counter ...
- Automated Bots Growing Tool For Hackers
April 17, 2018
The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeypot showed an automated bot come in and lay the groundwork – by exploiting vulnerabilities and ...
- US, UK cyber cops warn Russians are rooting around in your routers
April 16, 2018
American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world’s network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) on Monday issued a joint Technical Alert describing a global assault ...
- Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
April 15, 2018
Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals ...