Home » Tag Archives: Cisco Talos

Tag Archives: Cisco Talos

Cisco Talos: Cybercriminals like Dr. Frankenstein collect malware for attacks from disparate components

Cisco Talos Frankenstein

The cybercrime group that stands behind series of targeted attacks in January-April 2019 uses malicious tools collected from accessible, free components to steal credentials. Researchers at Cisco Talos called this malware campaign “Frankenstein” because the group skillfully puts together unrelated components and used four different techniques during the operation. “We assess that this activity was hyper-targeted given that there was …

Read More »

Keylogger HawkEye reborn in other version and again attacks enterprises

hawkeye reborn

Researchers from X-Force, IBM department on cybersecurity – reported about malware spam-campigns, in frames of which criminals send keylogger HawkEye on employees of industrial enterprises emails worldwide. For two months attackers spread software among employees of companies that work in logistics, healthcare, marketing and agriculture. “In the cybercrime arena, most financially motivated threat actors are focused on businesses because that …

Read More »

Researchers told about new instruments of MuddyWater cybercriminal group


Specializing on espionage Muddywater group, also known as SeedWorm and TEMP.Zagros, included in its set of techniques, tactics and procedures new methods that allow having remote access to infected systems and remain unnoticed at the same time. First time group became famous in 2017, when it attacked Middle Eastern organizations, however, later it included governmental and military companies in Central …

Read More »

Alpine’s Docker-images were supplied with empty password of “root” user

Docker Alpine

Security researches from Cisco company disclosed data about vulnerability CVE-2019-5021 in the assemblies of Alpine distributive for Docker container isolation system. The essence of identified problem is that for “root” user was by default set by empty password without blocking of direct entrance under “root”. “Due to the nature of this issue, systems deployed using affected versions of the Alpine …

Read More »

Researchers from Cisco Talos found vulnerability in DBMS SQLite


In DBMS SQLite detected vulnerability CVE-2019-5018 that allows performing code in the system if it is possible to execute a SQL query, prepared by an attacker. Problem arises from the SQLite 3.26 branch. “SQLite implements the Window Functions feature of SQL, which allows queries over a subset, or “window,” of rows. This specific vulnerability lies in that “window” function”, — …

Read More »

Cybercriminals that conducted DNSpoinage campaign, armed now with new malware software


Cybercriminal group that is responsible for DNSpionage operation became more selective in choosing victims and armed themselves with new malware Karkoff to improve effectiveness of their cyberattacks. According to FireEye, DNSpionage campaing began in the end of April 2017 and for it responsible cybercriminals that act in interests of Iranian government. In the previous attacks, with the use of fake …

Read More »