Cyware Daily Threat Intelligence October 24, 2018

See All
Top Malware Reported in the Last 24 Hours

Ramnit malware
The prolific Ramnit banking trojan is now being distributed by a new malware downloader called sLoad. The malware downloader is capable of gathering system information such as a list of the processes running, and whether Outlook and Citrix-related files are present on the system. sLoad can also take screenshots and check the DNS cache for specific domains, and load external binaries. The new campaign has targeted Canada, Italy and the UK. 

Triton malware
The powerful Triton malware, which was first discovered in 2017 targeting industrial control systems, has been linked to a Moscow-based research facility. Researchers discovered that the TRITON deployment was carried out by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). Triton was previously used to target a Saudi petrochemical plant, which had to temporarily shut down after the malware almost caused an explosion. 

Top Breaches Reported in the Last 24 Hours

Pocket iNet
The Washington-based Internet service provider Pocket iNet inadvertently exposed 93GB of sensitive data online. The ISP leaked data such as passwords, sensitive files, and network schematics. The data was stored in an S3 bucket that contained no passwords. The database also contained the password information of firewalls, wireless points, and switches. It included a list of the priority customers of the company. The exposed data is believed to have been publicly available for six months.

Adult sites hacked
A database belonging to the adult site Wife Lovers was hacked and around 1.2 million users' email addresses were exposed. The database was protected by an easy-to-crack and outdated hashing technique known as ‘DEScrypt algorithm’. Wife Lovers was one of eight adult websites that relied on the database in question. All of these adult sites were compromised thanks to an attack on the 98MB database. Exposed information includes email addresses, IDs, IP addresses used to register on the sites, and encrypted passwords.

  • Share this blog:
Cyware Daily Threat Intelligence October 24, 2018
Cyware Daily Threat Intelligence October 23, 2018
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.