Cyware Daily Threat Intelligence, April 14, 2020

Share Blog post

With the newly adopted ‘Name and Shame’ tactic, ransomware operators have gone to great lengths to tarnish the reputation of organizations that fail to pay ransoms. Visser Precision became the latest victim organization to be listed on the ‘Doppel Leaks’ website operated by DoppelPaymer operators. The leaked data included non-disclosure agreements between Visser and both Tesla and SpaceX. Apart from this, there were also some confidential industrial documents belonging to Boeing and Lockheed Martin.

On the other hand, the foreign currency exchange firm, Travelex, reportedly paid a ransom of $2.3 million to recover from a ransomware attack that had occurred early this year. The Sodinokibi operators had exfiltrated nearly 5 GB of data from the company’s network.

In a major security update reported in the last 24 hours, Oracle has released patches for a record of 405 security flaws found across its different products. Around 286 of these flaws are remote code execution vulnerabilities.

Top Breaches Reported in the Last 24 Hours

Data of 1.41 million US doctors on sale
A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. The database was stolen from qa.findadoctor[.]com and included details like full names, genders, locations, mailing addresses, country, phone numbers, and license numbers of doctors.

Data of Quidd users on sale
Account details of 4 million Quidd users have been shared for free on underground hacking forums. The data included usernames, email addresses, and hashed account passwords of users. A hacker named PROTAG has taken the credit for the breach and had earlier put the Quidd data for sale.

DoppelPaymer operators release files
The operators of DoppelPaymer ransomware have now released confidential industrial documents related to three aerospace companies as a part of the new ‘Name and Shame’ tactic. The files were siphoned from Visser Precision, a precision parts maker for military and aerospace companies, including Lockheed Martin, Tesla, SpaceX, and Boeing. The published documents included non-disclosure agreements between Visser and both Tesla and SpaceX.

Travelex pays $2.3 million in ransom
Travelex has paid $2.3 million in Bitcoin to hackers to recover from the Sodinokibi ransomware attack and data theft. The currency exchange platform had suffered the attack on New Year’s eve, during which the attackers had exfiltrated nearly 5 GB of data.

Top Malware Reported in the Last 24 Hours

New Speculoos backdoor
Researchers have uncovered a new cyberespionage campaign that delivered a new Speculoos backdoor malware. Operated between January 20 and March 11, the campaign was carried out by exploiting CVE-2019-19781, a vulnerability affecting the Citrix ADC, Citrix Gateway, and Citrix SD-WAN. Believed to be a work of the APT41 threat actor group, the campaign had targeted several organizations in North America, South America, and Europe.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle patches 405 bugs
Oracle has released security patches for a total of 405 vulnerabilities as part of its quarterly ‘Critical Patch Update Advisory.’ Around 286 of these vulnerabilities are remotely exploitable across nearly two dozen product lines including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications, and Oracle Support Tools. Oracle’s Fusion Middleware alone is reportedly affected by 49 flaws.

Vulnerable TikTok app
Security researchers have found a security weakness in the highly popular TikTok app that can allow attackers to plant videos in users’ feeds that appear to come from official sources. The flaw can be exploited through a user’s router, Internet Service Provider (ISP), or Virtual Private Network (VPN).

Top Scams Reported in the Last 24 Hours

Tax fraud
In a recent incident, scammers posed as clients of Weber and Company with an aim to obtain large tax refunds from the Internal Revenue Service (IRS). They had accessed clients’ personal data, including Social Security numbers and bank account information to claim the fraudulent returns. The firm has notified California’s attorney general and the issue is currently being investigated by the IRS and FBI.

 Tags

travelex
weber and company
speculoos backdoor
quidd
oracle mysql server
tiktok app

Posted on: April 14, 2020

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!