[HackerNews] Malicious NPM Libraries Caught Installing Password Stealer and Ransomware

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware.
The bogus packages — named “noblox.js-proxy” and “noblox.js-proxies” — were found to

Source: Read More (The Hacker News)

You might be interested in …

[ZDNet] Google unveils results of DevOps report, finding increase in public cloud use

All posts, ZDNet

More than half of all respondents said they used a public cloud, a 5% bump compared to 2019, and 21% additionally said they deploy multiple public clouds. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2020-07-04

Hackers are trying to steal admin passwords from F5 BIG-IP devices www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/#ftag=RSSbaffb68 In an interview earlier today, [NCC group researcher] Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices. New Behave! extension warns of website port scans, local attacks www.bleepingcomputer.com/news/security/new-behave-extension-warns-of-website-port-scans-local-attacks/ A new browser […]

Read More

[TheRecord] WhatsApp hit with giant €225 million (~$267M) million GDPR fine

Ireland’s data protection agency has announced today a €225 million ($267 million) fine against Facebook’s WhatsApp for failing to comply with the European Union’s General Data Protection Regulation (GDPR). The fine represents the second-largest GDPR penalty after Amazon was fined €746 million ($887 million) in Luxembourg at the end of July. According to the Irish Data Protection Commission (DPC), […]

Read More