Supply chain, DevSecOps

Sophisticated attack against NPM ecosystem ongoing

SC StaffJune 28, 2023

NPM is being subjected to a new ongoing attack with a novel execution chain involving package pairs that work together to facilitate additional resource retrieval and execution, reports The Hacker News. Remote server tokens stored by the first package will be passed by the second package as a parameter along with the type of operating system in an effort to secure a secondary script from the remote server, according to a Phylum report. Attackers behind the operation have not yet been identified but the campaign has been characterized as an advanced supply chain threat. "It's crucial that each package in a pair is executed sequentially, in the correct order, and on the same machine to ensure successful operation. This carefully orchestrated attack serves as a stark reminder of the ever-evolving complexity of modern threat actors in the open-source ecosystem," said Phylum researchers. The findings follow Sonatype's discovery of malicious Python Package Index packages, as well as its identification of the libiobe package that could compromise Windows and Linux systems.

SC Staff

Related

Air Gapped! The Myth of Securing OT – Thomas Johnson – CSP #172

April 30, 2024

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what nee...

Source PC website developer. Real software development code. JavaScript code in text editor. Computer interface. Abstract technology background. Java Software engineer concept.

Network Security

Supply chain attacks likely with exploitation of novel R programing bug

SC StaffApril 30, 2024

Threat actors could leverage a high-severity vulnerability impacting the R programming language, tracked as CVE-2024-27322, to enable arbitrary code execution during the deserialization of packages using the RDS format and potentially facilitate supply chain attacks, The Hacker News reports.

Third-party ransomware attack threatens Sweden’s liquor supply

SC StaffApril 25, 2024

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news