Ongoing typosquatting campaign impersonates hundreds of popular npm packages

November 5, 2024 at 11:32AM A typosquatting campaign is targeting developers through similar-named malicious JavaScript npm packages, leading to info-stealing malware. Originating in October, it employs Ethereum smart contracts for command and control, complicating detection. Researchers emphasize the need for stricter package management and authentication to protect development environments from these attacks. Here are the … Read more

Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

November 1, 2024 at 05:11AM LottieFiles reported a supply chain attack on Lottie-Player, aimed at stealing cryptocurrency. This breach poses risks to cryptocurrency wallets, highlighting vulnerabilities in software supply chains. **Meeting Takeaways:** 1. **Incident Confirmation**: LottieFiles has confirmed a breach involving Lottie-Player. 2. **Nature of the Attack**: The breach is classified as a supply chain … Read more

LottieFiles hacked in supply chain attack to steal users’ crypto

October 31, 2024 at 04:10PM LottieFiles’ Lotti-Player project was compromised in a supply chain attack, injecting a crypto drainer into websites, potentially costing one victim $723,000 in Bitcoin. Affected versions were quickly replaced with a secure update. Users are advised to upgrade or be cautious of fraudulent wallet connection requests amid ongoing investigations into the … Read more

LottieFiles Issues Warning About Compromised “lottie-player” npm Package

October 31, 2024 at 10:39AM LottieFiles announced that its npm package “lottie-player” was compromised in a supply chain attack, leading to unauthorized, malicious versions that prompted users to connect cryptocurrency wallets. Users of versions 2.0.5, 2.0.6, and 2.0.7 should update to 2.0.8. The company is investigating with an external team. ### Meeting Takeaways – October … Read more

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

October 2, 2024 at 02:31AM Malicious packages posing as cryptocurrency wallet recovery services were found in the Python Package Index. They targeted users of prominent wallet services, offering utility functions while secretly stealing sensitive wallet data. The attack exploited open-source trust and dynamic malicious capabilities, highlighting the need for comprehensive security measures in the cryptocurrency … Read more

Australian Police conducted supply chain attack on criminal collaborationware

September 17, 2024 at 10:43PM Australian Federal Police (AFP) apprehended a man for creating the Ghost app, a platform for criminal activities. Sold with a modified smartphone for approximately AU$2350, it allowed encrypted communication for illicit dealings. The AFP infiltrated Ghost and conducted raids, arresting 38 individuals, seizing weapons and drugs, and preventing numerous acts … Read more

‘CloudImposer’ Flaw in Google Cloud Affected Millions of Servers

September 17, 2024 at 11:33AM Google has patched a vulnerability in its Google Cloud Platform (GCP) that could have led to supply chain attacks on customer cloud servers. Researchers discovered the flaw, dubbed “CloudImposer,” in GCP’s Cloud Composer service, posing a dependency confusion risk. Google addressed the issue by fixing the vulnerable script and updating … Read more

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution

September 16, 2024 at 09:27AM A critical security flaw in Google Cloud Platform Composer, now patched, could have allowed remote code execution via a supply chain attack called dependency confusion. This could have led to a large-scale supply chain attack by tricking the package manager into downloading a malicious package. The issue was fixed by … Read more

‘Ancient’ MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks

September 11, 2024 at 09:41AM Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the … Read more

China-Linked Hackers Target Drone Makers

September 10, 2024 at 08:15AM A threat actor linked to China, known as Tidrone, has targeted military-related and satellite industries in Taiwan and focused on drone manufacturers. Using sophisticated malware, backdoors, and legitimate remote control tools, the group aims to disable system protections, steal information, and engage in espionage-related activities. These activities bear similarities to … Read more