Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Dependency management is one of the biggest challenges in modern software development. Large projects often rely on dozens or even hundreds of libraries. Each one can introduce new vulnerabilities or even malicious code. Attackers sometimes upload fake packages to popular open-source repositories, hoping that build systems will download these packages automatically. This problem is made worse by transitive dependencies, where a single library might include several other libraries under the hood.

Our security monitoring systems recently flagged a suspicious npm package, os-info-checker-es6, which represents a sophisticated and evolving threat within the npm ecosystem. What initially appeared as a simple OS information utility quickly unraveled into a sophisticated multi-stage malware attack. This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final payload.

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.

In Part 1 of this blog series The Ransomware Threat: Preparing Schools and Libraries for Ransomware Attacks, we discussed creating a pre-incident plan that includes a backup process, asset management, identity and access management, risk-based vulnerability management, and security awareness training to minimize the risk of ransomware attacks.

CSRF attack or Cross-site request forgery is a very dangerous and stealthy web security vulnerability that exploits trust from a user's browser for a web application. A successful CSRF attack deceives an authenticated user into performing some operations without his consent-like account modification or payment or financial transaction against his will. Most alarming in such cases is that CSRF attacks usually remain unknown for end-users that make defending against them difficult.

In light of the recent disclosure by Marks & Spencer (M&S) regarding a cyber attack that resulted in the theft of customer data, we strongly recommend that if you are affected you take immediate and proactive steps to protect your digital identity and reduce the risk of further compromise.

Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors. Specifically, the group targets “organizations with large help desk and outsourced IT functions which are susceptible to their social engineering tactics.” The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.