The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. The supply-chain attack targeting the … [Read more...] about Popular NPM Package Hijacked to Publish Crypto-mining Malware
hijacked
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to … [Read more...] about Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
How Facebook accounts get hijacked through copyright infringement notices
The latest phishing campaign aimed at stealing Facebook accounts is gathering momentum. Users are receiving mass e-mails threatening bans for copyright violation. The aim is to steal the users’ login credentials. We explain the anatomy of the new scheme and how not to swallow the bait. Who, me? The message says something like: “Your Facebook account has been disabled for … [Read more...] about How Facebook accounts get hijacked through copyright infringement notices