Cyware Daily Threat Intelligence, February 10, 2021

New attack techniques and vulnerabilities driving malicious intentions of cybercriminals have caught the attention of researchers in the last 24 hours. Microsoft has published details of a new attack technique, called dependency confusion or substitution attack, that can be a potential threat for organizations. Threat actors can leverage the technique to poison the app-building process.

Millions of IoT and OT devices are also at the risk of MiTM attacks due to a newly discovered vulnerability called Number:Jack. A collection of nine new flaws, it affects multiple TCP/IP stacks embedded in devices. Two new malware—BendyBear and a variant of LodaRAT—have also been found to be deployed in the wild.

A web hosting company No Support Linux Hosting announced the shutdown of its systems following a cyberattack. The attack occurred after a hacker breached its internal systems and compromised its entire operation.

A new update on the Oldsmar water treatment facility attack reveals that the hackers had remotely accessed the TeamViewer software to perform their malicious activities.

CD Projekt has its source code for GWENT leaked on a popular hacking forum in what appears to be a double extortion strategy. Labeled as CDProjekt Leak#1, the archive includes a readme file claiming that the next part of the leak will appear a day later.

Microsoft has published details about a new obfuscation attack that can be used to poison the app-building process inside corporate environments. Called dependency confusion or substitution attack, the attack relies on threat actors sneaking the malicious code inside private code repositories by registering internal library names on public package indexes.

A ransomware attack has targeted the Ness Digital Engineering Company in Israel. The details of the cyberattack remain unclear but initial reports indicate that the attack may have begun in Israel and then spread to other branches around the world.

BendyBear is a new, highly sophisticated malware potentially linked to a BlackTech hacking group. The malware has features and behavior that strongly resembles the WaterBear malware family that has been active since 2009. It leverages the existing Windows registry key that is enabled by default on Windows 10.

A newly discovered variant of the LodaRAT malware is targeting Windows and Android devices in a new espionage campaign. Linked to the Kasablanca threat actor group, the malware is used to spy on users in Bangladesh.

A set of nine new vulnerabilities, collectively known as Number:Jack, has been identified in multiple TCP/IP stacks used by millions of IoT and OT devices. These flaws could allow attackers to intercept and manipulate data. The affected stacks include uIP. FNET, picoTCP, Nut/Net, cycloneTCP, uC/TCP-IP, Nucleus NET, NDKTCPIP, and MPLAB Net.

Microsoft has addressed 56 security vulnerabilities, 11 of which are critical. A zero-day vulnerability (CVE-2021-1732) that is being actively exploited in the wild is also a part of the flaws fixed as part of the February Patch Tuesday. It carries a severity rating of 7.8 on the CVSS scale.

Adobe is warning of a critical buffer overflow vulnerability being exploited in the wild. The flaw, tracked as CVE-2021-21017, is being used to target Adobe Reader users on Windows. It can lead to arbitrary execution of code on affected systems.