Wednesday, October 27, 2021
Latest:




The Register 

If you’re using this hijacked NPM library anywhere in your software stack, read this

TH Author

US govt issues alert over JS package downloaded 8m times a week – plus more news from world of infosec In brief  The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has warned developers that a version of the ua-parser-js JavaScript library, available via NPM, was infected with data-stealing and cryptocurrency-mining malware.… READ MORE HERE…

Read more
The Register 

SolarWinds attacker on the move: Russia’s Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft

TH Author

Phishing and password spraying on the up Russia’s Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft’s security arm has warned.… READ MORE HERE…

Read more
Microsoft Secure 

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

TH Author

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations.
The post NOBELIUM targeting delegated administrative privileges to facilitate broader attacks appeared first on Microsoft Security Blog. READ MORE HERE…

Read more
This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Learn More