An update on cyber operations in Russia’s hybrid war. NPM compromise updates. CISA releases ICS security advisories. Free ransomware decryptors released. Disneyland's Instagram account hijacked.
CyberWire Daily
00:00
Check Marks Detects Another Attack on NPM Supply Chain
There's been another attack on the n p m supply chain, this one described by researchers at Check marks. They say check marks s c s team detected over 12 hundred n p m packages released to the registry by over a thousand different user accounts. This was done using automation which include the ability to by pass n p m two f a challenge. The operators, whom the researchers call cute boy, were using what check marks calls a fake identity as a service provider. So far, the operation seems to represent an initial experimental phase of a larger campaign.
Play episode from 05:38
Transcript
