Self-Replicating Worm Hits 180+ Software Packages

source: krebsonsecurity.com  |  image: pexels.com

 

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub repository that includes the name “Shai-Hulud.”

“When a developer installs a compromised package, the malware will look for a npm token in the environment,” said Charlie Eriksen, a researcher for the Belgian security firm Aikido. “If it finds it, it will modify the 20 most popular packages that the npm token has access to, copying itself into the package, and publishing a new version.”

At the center of this developing maelstrom are code libraries available on NPM (short for “Node Package Manager”), which acts as a central hub for JavaScript development and provides the latest updates to widely-used JavaScript components.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaignthat spoofed NPM and asked developers to “update” their multi-factor authentication login options. That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

Image: aikido.dev

In late August, another compromise of an NPM developer resulted in malware being added to “nx,” an open-source code development toolkit with as many as six million weekly downloads. In the nx compromise, the attackers introduced code that scoured the user’s device for authentication tokens from programmer destinations like GitHub and NPM, as well as SSH and API keys. But instead of sending those stolen credentials to a central server controlled by the attackers, the malicious nx code created a new public repository in the victim’s GitHub account, and published the stolen data there for all the world to see and download. Continue reading “Self-Replicating Worm Hits 180+ Software Packages”

Dark Web Threats Put Bullseye on US Businesses

source: technewsworld.com  |  image: pexels.com

 

When it comes to threats from the dark web, the U.S. is a prime target.

A new report by threat intelligence company SOCRadar found that more than four out of five (82%) threats from the dark web aimed at North America targeted the United States over the last 12 months. “The high percentage in the United States suggests a larger digital footprint and more attractive targets,” the report noted.

The 26-page report also found that Uncle Sam is a popular target for ransomware extortionists, with 88% of those attacks aimed at U.S.-based organizations. “High-value businesses, extensive digital networks, and larger financial opportunities likely attract attackers to the U.S. market,” it reasoned.

While Canada (9.7%) and Mexico (1.8%) were targeted substantially less, the report warned, “All countries must stay vigilant and actively strengthen cybersecurity defenses against ransomware threats.” Continue reading “Dark Web Threats Put Bullseye on US Businesses”

A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

source: wired.com  |  image: dhs.gov

A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people.

THE DEPARTMENT OF Homeland Security’s mandate to carry out domestic surveillance has been a concern for privacy advocates since the organization was first created in the wake of the September 11 attacks. Now a data leak affecting the DHS’s intelligence arm has shed light not just on how the department gathers and stores that sensitive information—including about its surveillance of Americans—but on how it once left that data exposed to thousands of government and private sector workers and even foreign nationals who were never authorized to see it. Continue reading “A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users”

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds

source: wired.com (contributed by Artemus founder, Bob Wallace)  |  Image: pixabay.com

 

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics—that are sold with Securam Prologic locks.

 

About two years ago, security researchers James Rowley and Mark Omo got curious about a scandal in the world of electronic safes: Liberty Safe, which markets itself as “America’s #1 heavy-duty home and gun safe manufacturer,” had apparently given the FBI a code that allowed agents to open a criminal suspect’s safe in response to a warrant related to the January 6, 2021, invasion of the US Capitol building.

Politics aside, Rowley and Omo were taken aback to read that it was so easy for law enforcement to penetrate a locked metal box—not even an internet-connected device—that no one but the owner ought to have the code to open. “How is it possible that there’s this physical security product, and somebody else has the keys to the kingdom?” Omo asks. Continue reading “Hackers Went Looking for a Backdoor in High-Security Safes…”

 

Have You Turned Off Your Virtual Oven?

sosurce: thehackernews.com  |  image: pixabay.com

 

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse.

Your external-facing IT infrastructure deserves the same methodical attention. External Attack Surface Management (EASM) and Digital Risk Protection (DRP) tools provide that same peace of mind for your digital “home,” automating the everyday safety checks that prevent costly incidents. Continue reading “Have You Turned Off Your Virtual Oven?”

Driving to Mexico or Canada? US Will Snap Pics of Everyone in Your Car

source: pcmag.com  |  image: pexels.com

 

Photographs will be matched to images in passengers’ passports, visas, or travel documents.

US Customs and Border Protection (CBP) plans to begin collecting photographs of everyone leaving the US for Mexico or Canada by car. The photographs will then be matched to the images in the passengers’ passports, visas, or travel documents. Continue reading “Driving to Mexico or Canada? US Will Snap Pics of Everyone in Your Car”

Countries shore up their digital defenses as global tensions raise the threat of cyberwarfare

source: apnews.com  |  image: pexels.com

 

WASHINGTON (AP) — Hackers linked to Russia’s government launched a cyberattack last spring against municipal water plants in rural Texas. At one plant in Muleshoe, population 5,000, water began to overflow. Officials had to unplug the system and run the plant manually.

The hackers weren’t trying to taint the water supply. They didn’t ask for a ransom. Authorities determined the intrusion was designed to test the vulnerabilities of America’s public infrastructure. It was also a warning: In the 21st century, it takes more than oceans and an army to keep the United States safe.

A year later, countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes — and the chances that a cyberattack could cause significant economic damage, disrupt vital public systems, reveal sensitive business or government secrets, or even escalate into military confrontation. Continue reading “Countries shore up their digital defenses…”

Critical Vulnerability Found in Canon Printer Drivers

source: securityweek.com  |  image: pixabay.com

Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. 

According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. Continue reading “Critical Vulnerability Found in Canon Printer Drivers”

A New Era of Attacks on Encryption Is Starting to Heat Up

source: wired.com  |  image: pixabay.com

 

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

OVER THE PAST decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption. Continue reading “A New Era of Attacks on Encryption Is Starting to Heat Up”

Cybersecurity officials warn against potentially costly Medusa ransomware attacks

source: apnews.com  |  image: pexels.com

 

LOS ANGELES (AP) — The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme.

In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people. Medusa uses phishing campaigns as its main method for stealing victims’ credentials, according to CISA. Continue reading “Cybersecurity officials warn…”