Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence October 24, 2018 - Featured Image

Daily Threat Briefing Oct 24, 2018

Top Malware Reported in the Last 24 Hours

Ramnit malware

The prolific Ramnit banking trojan is now being distributed by a new malware downloader called sLoad. The malware downloader is capable of gathering system information such as a list of the processes running, and whether Outlook and Citrix-related files are present on the system. sLoad can also take screenshots and check the DNS cache for specific domains, and load external binaries. The new campaign has targeted Canada, Italy and the UK.

Triton malware

The powerful Triton malware, which was first discovered in 2017 targeting industrial control systems, has been linked to a Moscow-based research facility. Researchers discovered that the TRITON deployment was carried out by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). Triton was previously used to target a Saudi petrochemical plant, which had to temporarily shut down after the malware almost caused an explosion.

Top Breaches Reported in the Last 24 Hours

Pocket iNet

The Washington-based Internet service provider Pocket iNet inadvertently exposed 93GB of sensitive data online. The ISP leaked data such as passwords, sensitive files, and network schematics. The data was stored in an S3 bucket that contained no passwords. The database also contained the password information of firewalls, wireless points, and switches. It included a list of the priority customers of the company. The exposed data is believed to have been publicly available for six months.

Adult sites hacked

A database belonging to the adult site Wife Lovers was hacked and around 1.2 million users' email addresses were exposed. The database was protected by an easy-to-crack and outdated hashing technique known as ‘DEScrypt algorithm’. Wife Lovers was one of eight adult websites that relied on the database in question. All of these adult sites were compromised thanks to an attack on the 98MB database. Exposed information includes email addresses, IDs, IP addresses used to register on the sites, and encrypted passwords.

Related Threat Briefings