Go to listing page

Cyware Daily Threat Intelligence, July 16, 2019

Cyware Daily Threat Intelligence, July 16, 2019

Share Blog Post

Organizations that handle and maintain user records are a lucrative target for cybercriminals. Lately, Bulgaria’s National Revenue Agency’s networks have been compromised by threat actors to steal personal data of over five million Bulgarians. The data was spread across 110 databases. Along with user data, the database also contained information related to the Department of Civil Registration and Administrative Services (GRAO), National Health Insurance Fund (NZOK) and, Bulgarian Employment Agency (AZ).

The past 24 hours also saw the emergence of DoppelPaymer, a look-alike of the notorious BitPaymer ransomware. The ransomware was first spotted in June 2019 and was used against the City of Edcouch, and the Chilean Ministry of Agriculture.  

 As a part of its Patch Tuesday Update for July 2019, Oracle has planned to release security patches for a total of 322 vulnerabilities found across its multiple products. The security updates will include seven new security fixes for the Oracle Database Server.

Top Breaches Reported in the Last 24 Hours

Bulgaria’s NRA hacked
Hackers have compromised Bulgaria’s National Revenue Agency’s networks to gain access to 110 databases that contained nearly 21 GB of people data. The incident has affected over 5 million Bulgarians. Out of 21 GB, 11 GB data has been disclosed and this contains personal identification numbers (PINs), names, home addresses and financial earnings of Bulgarians. Most of the information available in the databases dated back as far as 2007.

Update on Evite data breach
New update by Have I Been Pwned has revealed that data of almost 101 users have been compromised in the data breach that occurred at Evite in February 2019. Earlier, it was estimated to have affected approximately 10 million users - whose data was on sale in the Dream Market forum. 

MyDashWallet compromised
MyDashWallet has disclosed that hackers had compromised the site between May 13 and July 12, 2019, to obtain the private keys to wallets. It was reported that the attack started in April 2018 when MyDashWallet was modified to load a script from the script hosting website GreasyFork. Following the hack, MyDashWallet has urged its users to remove any funds from their wallets. 
Top Malware Reported in the Last 24 Hours

DoppelPaymer ransomware
DoppelPaymer is a new ransomware that shares its source code with BitPaymer ransomware. The ransomware was first spotted in June 2019. It was used against computer networks belonging to the City of Edcouch, Texas, as well as the Chilean Ministry of Agriculture. The malware combines RSA-2048 and AES-256 to encrypt victims’ files.

Sodinokibi is the new GrandCrab
The creators of GrandCrab are believed to be behind the Sodinokibi ransomware. In May, the group had announced their retirement from using GandCrab RaaS. In another incident, the FBI has released a master decryption key to unlock files encrypted by any versions (from 4 to 5.2) of GandCrab.  

Extenbro trojan
Extenbro is a new DNS-changer trojan that is delivered to systems by a bundler called Trojan.IStartSurf. Once installed, the trojan changes the DNS settings of the infected system in order to prevent the users from visiting any security vendor’s sites. The trojan disables IPV6 to force the system to use the malicious DNS servers.
Top Vulnerabilities Reported in the Last 24 Hours

Oracle to release patches for 322 flaws
Oracle is all set to release security patches to address 322 security flaws as a part of its Patch Tuesday Update for July 2019. The updates will contain 7 new security fixes for the Oracle Database Server. The other updates include fixes for vulnerabilities in Oracle’s Global Lifecycle Management Risk Matrix, Berkeley DB Executive components, and Communications Applications.

A bug in Ad Inserter WordPress plugin
A critical security issue found in the Ad Inserter WordPress plugin could allow unauthenticated attackers to remotely execute PHP code. The flaw affected versions prior to 2.4.21. WordPress admins are advised to update the plugin to version 2.4.22 to address the flaw.

Vulnerable RingCentral and Zhumu app
RingCentral and Zhumu that use Zoom’s technology have been found to be vulnerable to a security flaw. The flaw can allow attackers to control these video conferencing apps. Users are recommended to update these apps with the latest versions. 

Top Scams Reported in the Last 24 Hours

Subscription scam
A fake app known as ‘Number Finder’ on Google Play, was tricking Android users to a subscription scam. The app claimed to reveal the identities of unknown callers to its subscribers. However, it was found that it displayed the same result even when the number is invalid. It was downloaded for more than one million times and offered a monthly subscription to users. 


doppelpaymer processhacker
sodinokibi ransomware

Posted on: July 16, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.