Security News

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager, said in a technical write-up published last week.

The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service attacks against targets primarily located in Europe as well as Australia, Canada, and Japan.

Infosec outfit Checkpoint says it's spotted a Chinese actor targeting diplomatic facilities around Europe. Checkpoint has dubbed the campaign "SmugX" thanks to its use of HTML smuggling to deploy the PlugX remote access trojan.

Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated files or information, such as dynamic loading of code.

In this Help Net Security video, Charl van der Walt, Head of Security Research at Orange Cyberdefense, discusses cyber extortion attacks and their expansion to new regions. A recent report revealed that cyber extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022.

Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth. Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. Threat actors are honing their focus on exploits that evade detection and remain unnoticed within systems, according to Aqua Security's 2023 Cloud Native Threat Report, which examined memory attacks in networks and software supply chains.

The U.S. Cybersecurity and Infrastructure Security Agency warned today of ongoing distributed denial-of-service attacks after U.S. organizations across multiple industry sectors were hit. "CISA is aware of open-source reporting of targeted denial-of-service and distributed denial-of-service attacks against multiple organizations in multiple sectors," the cybersecurity agency said.

Charming Kitten, the nation-state actor affiliated with Iran's Islamic Revolutionary Guard Corps, has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security measures placed in the malware to make it more difficult to analyze and collect intelligence," Volexity researchers Ankur Saini and Charlie Gardner said in a report published this week. Recent intrusions orchestrated by Charming Kitten have made use of other implants such as PowerLess and BellaCiao, suggesting that the group is utilizing an array of espionage tools at its disposal to realize its strategic objectives.

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. Analyzing ransomware attacks in June 2023, VMware found 8Base hit almost 80 victims over the past 30 days, second only to the LockBit 3 gang, which compromised almost 100 organizations.