According to “CSO Online,”  NPM javascript registry suffers “massive” influx of malware.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 03 February 2022, 2154 UTC.

Content provided by “CSOonline.com” via https://feedly.com.

Source: https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2Ftripwire-state-of-security

Please click link or scroll down to read your selections.

https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/418bf719-5c3d-400f-86b5-d19504f2fc07

Please scroll down to read your selections.

CSO Online

13

TODAY

NPM JavaScript registry suffers massive influx of malware, report says
The popular NPM JavaScript package manager and registry has been hit with an influx of malicious packages, the most harmful of which are related to data theft, crypto mining, botnets, and remote code execution, according to research from security company WhiteSource. WhiteSource’s automated malware detection platform, WhiteSource Diffend, detected a total of 1 , 300 malicious packages on NPM, wit
Google adds Python to its differential privacy repertoire
Google has announced it’s adding Python to the languages supported by one of its open-source projects designed to bolster privacy on the internet. The project includes a library and tools for using differential privacy , a technology designed to preserve an individual’s privacy in large data sets. “Previously, our differential privacy library was available in three programming languages,” Miguel
Iranian APT group uses previously undocumented Trojan for destructive access to organizations
Researchers have come across a previously undocumented Trojan used by an APT group of Iranian origin that has been targeting organizations in Israel but also other countries since last year with the intention of damaging their infrastructure. The group, tracked as Moses Staff by researchers from security firm Cybereason, has been operating since at least September 2021 and its primary goal is to
BrandPost: Presenting the Business Case for Security to Your Board of Directors
In a landscape of evolving threats, cybersecurity is a critical discussion that must happen on a regular basis at the board level. A favorite question that nearly all board members ask is: “Are we secure?” However, that’s a trick question because it entices a less-experienced security leader into a naïve answer: yes or no . Board members want reassurance that risk is minimized, and that’s where t
Target shares its own web skimming detection tool Merry Maker with the world
Web skimming has been a major scourge for online shops over the past several years with attacks ranging from simple script injections into payment forms to sophisticated compromises of legitimate third-party scripts and services. Sometimes referred to as Magecart attacks , they have become the leading cause of card-not-present (CNP) fraud and have impacted small and big brands alike, as well as d
Apple AirTag and other tagging devices add to CISO worries
We tag content, devices and our belongings. Tagging is ubiquitous today, in early 2022, but it wasn’t always the case. Stepping back into history, the late 1990s and early 2000s saw the unsavory side of competitive intelligence in Silicon Valley, with companies having their trash dumpsters siphoned for useful information, pretext calling to elicit inside information, and the wholesale theft of el
Why buy now, pay later is the next big fraud risk for retailers
Retailers are offering customers more buy now, pay later (BNPL) finance purchasing options to drive sales across a wide range of products. Shoppers can get instant credit at the point of sale (POS) and then delay or spread payments (often at no extra cost) instead of paying outright at the time of purchase. This can appeal to consumers and has proven to be particularly popular during busy shoppin

YESTERDAY

BrandPost: Packet Data Adds Increasing Value to Next-Gen Cybersecurity
A recently published report from the SANS Institute highlighted the growing value of network-derived data for enterprise cybersecurity teams tasked with protecting increasingly distributed corporate infrastructures. Entitled “Advance Your Security Posture with Comprehensive Network Visibility,” the paper revealed a trend toward leveraging network traffic data to improve the overall cybersecurity
Managing security in hybrid Windows 11 and Windows 10 environments
You’ve been given the task for 2022 to start a pilot project for deploying and managing Windows 11. Any platform is only as secure as how well you can manage it. Microsoft has stated that managing Windows 11 will be just like managing Windows 10. However, some distinct nuances in management may make you reconsider the security management tools that you’ll use for Windows 11 and possibly even Wind