Go to listing page

Cyware Daily Threat Intelligence, February 10, 2021

Cyware Daily Threat Intelligence, February 10, 2021

Share Blog Post

New attack techniques and vulnerabilities driving malicious intentions of cybercriminals have caught the attention of researchers in the last 24 hours. Microsoft has published details of a new attack technique, called dependency confusion or substitution attack, that can be a potential threat for organizations. Threat actors can leverage the technique to poison the app-building process.

Millions of IoT and OT devices are also at the risk of MiTM attacks due to a newly discovered vulnerability called Number:Jack. A collection of nine new flaws, it affects multiple TCP/IP stacks embedded in devices. Two new malware—BendyBear and a variant of LodaRAT—have also been found to be deployed in the wild.

Top Breaches Reported in the Last 24 Hours

Web hosting provider targeted
A web hosting company No Support Linux Hosting announced the shutdown of its systems following a cyberattack. The attack occurred after a hacker breached its internal systems and compromised its entire operation.

Update on Oldsmar attack
A new update on the Oldsmar water treatment facility attack reveals that the hackers had remotely accessed the TeamViewer software to perform their malicious activities.

CD Projekt source code leaked
CD Projekt has its source code for GWENT leaked on a popular hacking forum in what appears to be a double extortion strategy. Labeled as CDProjekt Leak#1, the archive includes a readme file claiming that the next part of the leak will appear a day later.

New substitution attack
Microsoft has published details about a new obfuscation attack that can be used to poison the app-building process inside corporate environments. Called dependency confusion or substitution attack, the attack relies on threat actors sneaking the malicious code inside private code repositories by registering internal library names on public package indexes.

Ness Digital targeted
A ransomware attack has targeted the Ness Digital Engineering Company in Israel. The details of the cyberattack remain unclear but initial reports indicate that the attack may have begun in Israel and then spread to other branches around the world.

Top Malware Reported in the Last 24 Hours

BendyBear malware
BendyBear is a new, highly sophisticated malware potentially linked to a BlackTech hacking group. The malware has features and behavior that strongly resembles the WaterBear malware family that has been active since 2009. It leverages the existing Windows registry key that is enabled by default on Windows 10.

New LodaRAT variant
A newly discovered variant of the LodaRAT malware is targeting Windows and Android devices in a new espionage campaign. Linked to the Kasablanca threat actor group, the malware is used to spy on users in Bangladesh.

Top Vulnerabilities Reported in the Last 24 Hours

Firefox 85 updated
Mozilla has fixed a critical information disclosure vulnerability in Firefox 85 that could lead to arbitrary code execution when chained with other flaws. The flaw exists within the implementation of the compressedTexImage3D API method in WebGL2.

Number:Jack vulnerability
A set of nine new vulnerabilities, collectively known as Number:Jack, has been identified in multiple TCP/IP stacks used by millions of IoT and OT devices. These flaws could allow attackers to intercept and manipulate data. The affected stacks include uIP. FNET, picoTCP, Nut/Net, cycloneTCP, uC/TCP-IP, Nucleus NET, NDKTCPIP, and MPLAB Net.

Microsoft addresses 56 flaws
Microsoft has addressed 56 security vulnerabilities, 11 of which are critical. A zero-day vulnerability (CVE-2021-1732) that is being actively exploited in the wild is also a part of the flaws fixed as part of the February Patch Tuesday. It carries a severity rating of 7.8 on the CVSS scale.

Adobe warns about a flaw
Adobe is warning of a critical buffer overflow vulnerability being exploited in the wild. The flaw, tracked as CVE-2021-21017, is being used to target Adobe Reader users on Windows. It can lead to arbitrary execution of code on affected systems.

 Tags

substitution attack
lodarat malware
cd projekt
numberjack vulnerability
bendybear malware

Posted on: February 10, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.