Self-Replicating Worm Hits 180+ Software Packages

source: krebsonsecurity.com  |  image: pexels.com

 

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub repository that includes the name “Shai-Hulud.”

“When a developer installs a compromised package, the malware will look for a npm token in the environment,” said Charlie Eriksen, a researcher for the Belgian security firm Aikido. “If it finds it, it will modify the 20 most popular packages that the npm token has access to, copying itself into the package, and publishing a new version.”

At the center of this developing maelstrom are code libraries available on NPM (short for “Node Package Manager”), which acts as a central hub for JavaScript development and provides the latest updates to widely-used JavaScript components.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaignthat spoofed NPM and asked developers to “update” their multi-factor authentication login options. That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

Image: aikido.dev

In late August, another compromise of an NPM developer resulted in malware being added to “nx,” an open-source code development toolkit with as many as six million weekly downloads. In the nx compromise, the attackers introduced code that scoured the user’s device for authentication tokens from programmer destinations like GitHub and NPM, as well as SSH and API keys. But instead of sending those stolen credentials to a central server controlled by the attackers, the malicious nx code created a new public repository in the victim’s GitHub account, and published the stolen data there for all the world to see and download. Continue reading “Self-Replicating Worm Hits 180+ Software Packages”

Dark Web Threats Put Bullseye on US Businesses

source: technewsworld.com  |  image: pexels.com

 

When it comes to threats from the dark web, the U.S. is a prime target.

A new report by threat intelligence company SOCRadar found that more than four out of five (82%) threats from the dark web aimed at North America targeted the United States over the last 12 months. “The high percentage in the United States suggests a larger digital footprint and more attractive targets,” the report noted.

The 26-page report also found that Uncle Sam is a popular target for ransomware extortionists, with 88% of those attacks aimed at U.S.-based organizations. “High-value businesses, extensive digital networks, and larger financial opportunities likely attract attackers to the U.S. market,” it reasoned.

While Canada (9.7%) and Mexico (1.8%) were targeted substantially less, the report warned, “All countries must stay vigilant and actively strengthen cybersecurity defenses against ransomware threats.” Continue reading “Dark Web Threats Put Bullseye on US Businesses”

A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

source: wired.com  |  image: dhs.gov

A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people.

THE DEPARTMENT OF Homeland Security’s mandate to carry out domestic surveillance has been a concern for privacy advocates since the organization was first created in the wake of the September 11 attacks. Now a data leak affecting the DHS’s intelligence arm has shed light not just on how the department gathers and stores that sensitive information—including about its surveillance of Americans—but on how it once left that data exposed to thousands of government and private sector workers and even foreign nationals who were never authorized to see it. Continue reading “A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users”

No Time for Cybersecurity Complacency in 2025

source: cyberdefensemagazine.com  |  image: pexels.com

post-coronavirus has only made it a more difficult task for your brain to keep track of all of your various passwords, so it’s time to consider a password manager, if you don’t already have one to handle your business. A password manager will allow you to oversee and handle the login credentials of all your devices, auto-fill forms in your web browsers, and sync your data across Macs and Windows PCs, iPhones ($699 at Apple), iPads ($419 at eBay), Android phones, and more.