Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum
A threat actor is selling an unverified npm vulnerability for account takeover on BreachForums. npm has not confirmed the vulnerability. The dark web forum's reputation for cybercrime raises doubts. npm Registry is a prime target for attacks, emphasizing the need for security measures like enabling 2FA and code review.
Read original article
A threat actor on BreachForums is selling an unverified npm vulnerability for account takeover, claiming to inject undetectable backdoors into packages. However, npm has not confirmed this vulnerability. The dark web forum is known for cybercriminal activities, raising skepticism about such claims. The npm Registry is a prime target for attacks due to its large attack surface, attracting malicious actors to compromise accounts and introduce malicious code. Tools like hijagger facilitate account takeover by checking for hijackable packages. GitHub's bug bounty program covers vulnerabilities related to account takeover and private package access. To secure npm accounts, enabling 2FA is recommended, with npm conducting checks on email accounts associated with expired domains. Socket offers protection by analyzing package code for suspicious additions. The current threat emphasizes injecting undetectable backdoors, highlighting the importance of thorough code review and threat detection. Subscribing to security updates and monitoring account activity are crucial steps for package authors and organizations using npm.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
5 WordPress Plugins Compromised; Millions of Websites at Risk
Millions of WordPress sites face security risks from hacked plugins allowing unauthorized access. Owners urged to check, deactivate compromised plugins, update regularly, use strong passwords, two-factor authentication, and security plugins.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
384k sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites linked to a code library in a supply-chain attack by a Chinese firm. Altered JavaScript code redirected users to inappropriate sites. Industry responses included suspensions and replacements.
4 commentsFrom a zero rep user too…
If ShinyHunters reposts it then I will take it serious.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
5 WordPress Plugins Compromised; Millions of Websites at Risk
Millions of WordPress sites face security risks from hacked plugins allowing unauthorized access. Owners urged to check, deactivate compromised plugins, update regularly, use strong passwords, two-factor authentication, and security plugins.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
384k sites pull code from sketchy code library recently bought by Chinese firm
Over 384,000 websites linked to a code library in a supply-chain attack by a Chinese firm. Altered JavaScript code redirected users to inappropriate sites. Industry responses included suspensions and replacements.