Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 14, 2020

With the newly adopted ‘Name and Shame’ tactic, ransomware operators have gone to great lengths to tarnish the reputation of organizations that fail to pay ransoms. Visser Precision became the latest victim organization to be listed on the ‘Doppel Leaks’ website operated by DoppelPaymer operators. The leaked data included non-disclosure agreements between Visser and both Tesla and SpaceX. Apart from this, there were also some confidential industrial documents belonging to Boeing and Lockheed Martin.

On the other hand, the foreign currency exchange firm, Travelex, reportedly paid a ransom of $2.3 million to recover from a ransomware attack that had occurred early this year. The Sodinokibi operators had exfiltrated nearly 5 GB of data from the company’s network.

In a major security update reported in the last 24 hours, Oracle has released patches for a record of 405 security flaws found across its different products. Around 286 of these flaws are remote code execution vulnerabilities.

Top Breaches Reported in the Last 24 Hours

Data of 1.41 million US doctors on sale

A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. The database was stolen from qa.findadoctor[.]com and included details like full names, genders, locations, mailing addresses, country, phone numbers, and license numbers of doctors.

Data of Quidd users on sale

Account details of 4 million Quidd users have been shared for free on underground hacking forums. The data included usernames, email addresses, and hashed account passwords of users. A hacker named PROTAG has taken the credit for the breach and had earlier put the Quidd data for sale.

DoppelPaymer operators release files

The operators of DoppelPaymer ransomware have now released confidential industrial documents related to three aerospace companies as a part of the new ‘Name and Shame’ tactic. The files were siphoned from Visser Precision, a precision parts maker for military and aerospace companies, including Lockheed Martin, Tesla, SpaceX, and Boeing. The published documents included non-disclosure agreements between Visser and both Tesla and SpaceX.

Travelex pays $2.3 million in ransom

Travelex has paid $2.3 million in Bitcoin to hackers to recover from the Sodinokibi ransomware attack and data theft. The currency exchange platform had suffered the attack on New Year’s eve, during which the attackers had exfiltrated nearly 5 GB of data.

Top Malware Reported in the Last 24 Hours

New Speculoos backdoor

Researchers have uncovered a new cyberespionage campaign that delivered a new Speculoos backdoor malware. Operated between January 20 and March 11, the campaign was carried out by exploiting CVE-2019-19781, a vulnerability affecting the Citrix ADC, Citrix Gateway, and Citrix SD-WAN. Believed to be a work of the APT41 threat actor group, the campaign had targeted several organizations in North America, South America, and Europe.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle patches 405 bugs

Oracle has released security patches for a total of 405 vulnerabilities as part of its quarterly ‘Critical Patch Update Advisory.’ Around 286 of these vulnerabilities are remotely exploitable across nearly two dozen product lines including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications, and Oracle Support Tools. Oracle’s Fusion Middleware alone is reportedly affected by 49 flaws.

Vulnerable TikTok app

Security researchers have found a security weakness in the highly popular TikTok app that can allow attackers to plant videos in users’ feeds that appear to come from official sources. The flaw can be exploited through a user’s router, Internet Service Provider (ISP), or Virtual Private Network (VPN).

Top Scams Reported in the Last 24 Hours

Tax fraud

In a recent incident, scammers posed as clients of Weber and Company with an aim to obtain large tax refunds from the Internal Revenue Service (IRS). They had accessed clients’ personal data, including Social Security numbers and bank account information to claim the fraudulent returns. The firm has notified California’s attorney general and the issue is currently being investigated by the IRS and FBI.

Related Threat Briefings