Two malicious packages on the NPM package registry use GitHub to store Base64-encrypted SSH keys stolen from developer systems. One module was downloaded 412 times, and the other was downloaded 1,281 times before being removed by the NPM maintainers. The software supply chain security company ReversingLabs, which made the discovery, noted that there were eight different versions of one module and more than 30 versions of the other. Both modules run a postinstall script after installation, with each capable of retrieving and executing a different JavaScript file.

The Black Basta ransomware gang says it hacked Southern Water, a major player in the UK's water industry. Southern Water is a private utility company that collects and treats wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex, and Kent. The company provides public water to roughly half of the area. The Black Basta ransomware group added Southern Water to the list of victims on its Tor data leak website, threatening to release the stolen data on February 29, 2024. The allegedly stolen data includes 750 gigabytes of personal documents and corporate documents.

Laurie Mercer, a security architect at HackerOne, emphasizes that no company is invulnerable to cyberattacks. However, when an attack occurs, many companies continue to stay silent. Over half of security professionals revealed that their organizations maintain a security culture through obscurity, with more than one-third confessing to being secretive about their cybersecurity activities.

The Australian government has publicly named Aleksandr Ermakov, 33, a Russian cybercriminal, as responsible for the Medibank data breach, which affected 9.7 million people.  Ekmakov has been issued a cyber sanction under the Australian Autonomous Sanctions Act 2011 for his role in the incident in 2022.  The cyberattack led to the publication of 9.7 million records on the dark web.  This contained the personal information of Australian citizens, including names, dates of birth, Medicare numbers, and other sensitive medical data.

Researchers from Aqua Security's Team Nautilus conducted a statistical analysis of the top 50,000 most downloaded packages in the NPM registry, revealing that users download deprecated packages an estimated 2.1 billion times per week. The researchers stress that deprecated, archived, and orphaned NPM packages may contain unpatched or unreported vulnerabilities, putting projects that rely on them at risk.

In October, VMware patched a critical Remote Code Execution (RCE) vulnerability in its vCenter Server and Cloud Foundation enterprise products. Researchers from the security company Mandiant have now revealed that the Chinese cyber espionage group known as UNC3886 had been exploiting the vulnerability for 1.5 years before a fix was made. UNC3886 has historically focused on technologies that cannot have Endpoint Detection and Response (EDR) deployed. The group UNC3886 is known for using zero-day vulnerabilities to achieve their objectives without being detected.

Hackers are delivering information-stealing malware to macOS users through Domain Name System (DNS) records that hide malicious scripts. The campaign targets macOS Ventura and later users, relying on cracked applications repackaged as PKG files containing a trojan. This article continues to discuss findings regarding the campaign that delivers information-stealing malware to macOS users through DNS records with hidden malicious scripts.

One Traffic Distribution System (TDS) operator with over 70,000 domains is facilitating unprecedented levels of scams, phishing, and malware infections. The group, called VexTrio, is not known for its malicious campaigns, but it occasionally dabbles in cybercrime. It runs a TDS network that connects threat actors who compromise vulnerable websites to those who host malicious content. According to Infoblox, VexTrio is the most widespread threat actor in the wild, having affected more than half of all organizations it has monitored in the last two years.

According to IT consultancy Tietoery, online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group.  The company claims that the problem could take weeks to fix.  Tietoery noted that one of its data centers in Sweden was attacked overnight Friday to Saturday, knocking out online purchases at the country’s biggest cinema chain and some department stores and shops.