Go to listing page

Cyware Daily Threat Intelligence, March 02, 2021

Cyware Daily Threat Intelligence, March 02, 2021

Share Blog Post

Attackers are steadfast in adopting new attack techniques and one such that has come to the notice is related to the recently discovered Dependency Confusion attack. It was just a few weeks back that Microsoft had released a whitepaper to demonstrate the new attack technique and unfortunately attackers have started executing the same against Amazon, Zillion, Lyft, and Slack NodeJs apps.

Moreover, a new jailbreaking tool that exploits a kernel vulnerability in iPhones has been uncovered after hackers were found using it actively last month. Adding more troubles for organizations, a new trojan called ObliqueRAT has been found to be associated with a massive cyberespionage campaign in South Asia. 

Top Breaches Reported in the Last 24 Hours

JFC International affected
A ransomware attack on JFC International has disrupted its IT systems. The company has notified relevant authorities and reported the security incident to employees and business partners. It is still unclear which ransomware family is behind the attack and whether any information is stolen by the attackers.

Mariana Tek exposes user records
The U.S.-based Mariana Tek company had exposed more than 1.5 million user records due to an unsecured Amazon AWS bucket. The records included full names, email addresses, phone numbers, postal codes, and account balances of users.

Lactalis discloses a breach
Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors breached some of the company’s systems. Following the attack, the firm took immediate action by shutting down the IT systems on all impacted company sites.

Attacks on Tether and Polecat    
Confidential data associated with Tether and Polecat has been held for ransom following cyberattacks. While the attack on Tether is due to ransomware, Polecat’s Elasticsearch database was targeted in a Meow attack.

Oxfam Australia’s data breach
Oxfam Australia has confirmed a data breach after a database containing supporters’ information was unlawfully accessed by attackers. The database included information about supporters who may have signed a petition, taken part in a campaign, or made donations or purchases through shops.

Top Malware Reported in the Last 24 Hours

Oblique RAT’s terror
Researchers have traced a cyberespionage campaign that distributes ObliqueRAT malware. The trojan is distributed as benign image files on hijacked websites and used against organizations in South Asia. The capabilities of the malware include pilfering files and terminating existing processes, among others. Discovered first in 2020, the trojan has four variants to date. 

Top Vulnerabilities Reported in the Last 24 Hours

New jailbreak tool released
A new jailbreak tool that exploits a kernel vulnerability CVE-2021-1782 in iPhones was actively used by hackers last month. The tool works on iOS versions from 11 to 14.3. By exploiting the flaw, hackers were able to get deep hooks into the underlying operating system. Apple has fixed the vulnerability in iOS 14.4, which also works on later versions.    

New Dependency Confusion flaw exploited
Threat actors are targeting Amazon, Zillion, Lyft, and Slack NodeJs apps using a new Dependency Confusion vulnerability to steal Linux/Unix password files and open reverse shells. Attackers abuse the flaw by creating packages utilizing the same names as a company's internal repositories or components.

Spectre exploits found on VirusTotal
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found on VirusTotal. The flaw was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. If successfully exploited on vulnerable systems, it can be used by attackers to steal data, including passwords, documents, and any other data available in privileged memory.


oxfam australia
lactalis dairy group
mariana tek
jfc international

Posted on: March 02, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite