AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/03/2022

Thousands of Malicious npm Packages Threaten Web Apps

More than 1,300 malicious packages have been identified in the most oft-downloaded JavaScript package repository used by developers, npm, in the last six months — a rapid increase that showcases how npm has become a launchpad for a range of nefarious activities. New research from open-source security and management firm WhiteSource has discovered the disturbing increase in the delivery of malicious npm packages, which are used as building blocks for web applications. Any app using a malicious code block could be serving up data theft, cryptojacking, botnet delivery and more to its users. Out of the malicious packages found, 14 percent were designed to steal sensitive information like credentials, while nearly 82 percent of those packages were performing “reconnaissance,” which involved adversaries actively or passively gathering information that can be used to support targeting, the firm said.


Anyone Can Start a Career in Cybersecurity

We read about cybersecurity in the news almost every day as organizations and governments around the world continue to get hit with ransomware, scams, and cyber attacks. There is a huge demand for people trained in cybersecurity to help defend against these growing threats. In fact, recent studies estimate that there are almost 3 million cybersecurity job openings globally. Have you considered a career as a cybersecurity professional? It is a fast-paced, highly-dynamic field with a huge number of exciting specialties to choose from. These positions include fields like forensics, awareness and training, endpoint security, critical infrastructure, incident response, secure coding, and policy. A career in cybersecurity also allows you to work almost anywhere in the world, with a variety of benefits and an opportunity to make a real difference.


North Korea Hacked Him. So He Took Down Its Internet

FOR THE PAST two weeks, observers of North Korea’s strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites—the notoriously isolated nation only has a few dozen—intermittently dropped offline en masse, from the booking site for its Air Koryo airline to Naenara, a page that serves as the official portal for dictator Kim Jong-un’s government. At least one of the central routers that allow access to the country’s networks appeared at one point to be paralyzed, crippling the Hermit Kingdom’s digital connections to the outside world. Some North Korea watchers pointed out that the country had just carried out a series of missile tests, implying that a foreign government’s hackers might have launched a cyberattack against the rogue state to tell it to stop saber-rattling. 


Crime and NFTs: Chainalysis Detects Significant Wash Trading and Some Money Laundering In this Emerging Asset Class

Non-fungible tokens (NFTs) were one of the biggest stories in cryptocurrency in 2021. NFTs are blockchain-based digital items whose units are designed to be unique, unlike traditional cryptocurrencies whose units are meant to be interchangeable. NFTs can store data on blockchains — with most NFT projects built on blockchains like Ethereum and Solana — and that data can be associated with images, videos, audio, physical objects, memberships, and countless other developing use cases. NFTs typically give the holder ownership over the data or media the token is associated with, and are commonly bought and sold on specialized marketplaces. NFT popularity skyrocketed in 2021. Chainalysis tracked a minimum $44.2 billion worth of cryptocurrency sent to ERC-721 and ERC-1155 contracts — the two types of Ethereum smart contracts associated with NFT marketplaces and collections — up from just $106 million in 2020.


KP Snacks Left with Crumbs After Ransomware Attack

KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could impact deliveries to supermarkets through the end of March – at the earliest. The British company (also the purveyor of deeply English treats such as Skips prawn cocktail snacks and Butterkist toffees) said that the Conti gang was behind the strike, which was discovered on Monday, according to reports. True to form, the cyberattackers also stole data in a classic double-extortion gambit, posting “proof” of the steal on its leak site. According to Better Retailing, which first reported the incident, the crisps connoisseur sent its merchant partners a letter on Wednesday explaining the situation, noting that it “cannot safely process orders or dispatch goods.”


GitHub outage impacts Actions, Codespaces, Issues, Pull Requests

GitHub was down today, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. The outage started at approximately 2:15 PM EST, with the website responding with HTTP 500 error codes, as shown below. Attempts to clone or commit to existing GitHub projects also failed with HTTP 500 error codes. It is unclear what caused the outage, with the GitHub status page only stating that they were investigating degraded performance for GitHub Actions, Codespaces, Issues, and Pull Requests.

Related Posts