Magniber Ransomware Adopts JavaScript to Attack Individual Users
Consumers should protect themselves by using least-privilege principles
JavaScript is a scripting language used in web pages and applications, where flaws in code or dependencies can enable attacks and data theft.
Search across headline titles and summaries.
Background for this topic.
JavaScript is a programming language used to add behavior to web pages and to build applications that run outside the browser, including server-side services and tooling. In browsers, scripts can read and modify a page’s content and interact with available web APIs, subject to the browser’s security boundaries.
Its main security risks include cross-site scripting (XSS), in which attacker-controlled input is executed as page code, and DOM-based flaws caused by unsafe handling of data in client-side code. Third-party scripts and package dependencies also expand the code supply chain and may expose user data or introduce vulnerable behavior. Practical controls include context-aware output encoding, avoiding unsafe DOM sinks, restrictive Content-Security-Policy rules, and reviewing, pinning, and monitoring dependencies for vulnerabilities.
Consumers should protect themselves by using least-privilege principles
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. [...]
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository. [...]
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine