An NPM package with 2 million weekly downloads had malicious code injected into it. Plus, more problems arise from the Windows 10 October 2018 Update. Credit: Getty Images Tired of maintaining code that was written to be freely distributed, an “unrepentant module giver awayer” (aka developer) handed it over after GitHub dev “right9control” volunteered to take over the popular JavaScript library. The library Event-Stream, written in Node.js, has over 2 million downloads per week. The library, which was listed in NPM’s repository, was then updated with malicious code that contains cryptocurrency-stealing malware.Put another way, Event-Stream was updated to include Flatmap-Stream as a dependency. The latter was then modified to include the bitcoin-stealing malware.Everyone using Event-Stream in their projects is urged to make sure they don’t have a tainted version and update to the latest Event-Stream version 4.0.1.An NPM package with 2,000,000 weekly downloads had malicious code injected into it. No one knows what the malicious code does yet. https://t.co/V4rdenu7Bm— Gary Bernhardt (@garybernhardt) November 26, 2018The malware “steals Bitcoin and Bitcoin Cash funds stored inside BitPay’s Copay wallet apps.” Copay issued a statement warning developers that if they are “using any Copay version from 5.0.2 to 5.1.0, you should not run or open the app.” Version 5.2.0 contains a security update. “Users should assume that private keys on affected wallets may have been compromised,” so Copay advised to immediately send all crypto funds from affected wallets to a brand-new wallet based on version 5.2.0. More cybersecurity news:Windows 10 October 2018 Update causes more issues Another day, another set of problems caused by Windows 10 October 2018 Update. This time, Windows 10 version 1809 has been blamed for breaking the seek bar in Windows Media Player, as well as breaking some Win32 defaults. The Register reported, “In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.” Microsoft hasn’t said how widespread the issue is but claimed that retrying to set the default applications “will succeed.” Given the side effects of Windows 10 Updates, it’s recommended that you wait at least seven days if not more before installing quality updates. Change your settings to control when Windows Updates are installed.Microsoft outage postmortemMicrosoft explained that a trio of bugs were responsible for knocking out Azure and Office 365 for 14 hours last week.2 hospitals hit with ransomware over the weekendTwo hospitals — Ohio Regional Hospital in Wheeling, West Virginia, and Ohio Valley Medical Center in Martins Ferry, Ohio, both of which are owned by Ohio Valley Health Services & Education Corp. — were hit with ransomware attacks on Nov. 23. No patient data was compromised, the hospitals said. Few details have been released other than the issue reportedly was expected to be resolved by Nov. 25.7 countries accuse Google of GDRP violations Consumer groups from seven European organizations will file GDRP complaints against Google for tracking the movements of millions of users even when “Location History” is turned off.As for GDRP fines, German social media platform Knuddels was hit with a GDRP fine after a data breach exposed the personal information of 330,000 users. Their email addresses and passwords had been stored in plain text.9 nations grill Facebook exec over election meddling, spread of fake news Shortly after British Parliament seized a cache of Facebook documents, one of Facebook’s European executives faced an “international grand committee” made of legislators from nine nations to answer for Facebook’s role in election meddling and the spreading of disinformation. One of the seized documents revealed, “An engineer at Facebook notified the company in October of 2014 that an entity with Russian IP addresses had been using a Pinterest API key to pull over three billion data points a day.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe