Tag Archives: Cisco Talos

The famous infostealer “Agent Tesla” has an unusual dropper

Unusual dropper of Agent Tesla

Cisco Talos discussed a malicious campaign aimed at stealing user credentials and other important information. They reported that the Agent Tesla infostealer had an unusual dropper. The malware, whose attacks began in January, uses the original bootloader to bypass anti-virus protection and inject its code into a legitimate process on an infected machine. The payload is Agent Tesla, a well-known …

Read More »

Attackers actively use the fresh Checkm8 jailbreak for their own purposes

Attackers use Checkm8 jailbreak

Cisco Talos experts warned users that attackers are actively using Checkm8 jailbreak. At the end of September 2019, an information security researcher known as axi0mX published an exploit, suitable for jailbreaking of virtually any Apple device with A5 to A11 chips released between 2011 and 2017. The development was called Checkm8 and is very significant, as it exploits a vulnerability …

Read More »

Nodersok’s new malware (aka Divergent) infected thousands of Windows-based computers

New Nodersok or Divergent malware

Thousands of Windows-based computers around the world over the past few weeks have been infected with a new type of malware. A new malware called Nodersok (in a Microsoft report) and Divergent (in a Cisco Talos report) was first detected this summer. The malware downloads and installs a copy of the Node.js infrastructure to convert infected systems to proxies and …

Read More »

Cisco Talos: Cybercriminals like Dr. Frankenstein collect malware for attacks from disparate components

Cisco Talos Frankenstein

The cybercrime group that stands behind series of targeted attacks in January-April 2019 uses malicious tools collected from accessible, free components to steal credentials. Researchers at Cisco Talos called this malware campaign “Frankenstein” because the group skillfully puts together unrelated components and used four different techniques during the operation. “We assess that this activity was hyper-targeted given that there was …

Read More »

Keylogger HawkEye reborn in other version and again attacks enterprises

hawkeye reborn

Researchers from X-Force, IBM department on cybersecurity – reported about malware spam-campigns, in frames of which criminals send keylogger HawkEye on employees of industrial enterprises emails worldwide. For two months attackers spread software among employees of companies that work in logistics, healthcare, marketing and agriculture. “In the cybercrime arena, most financially motivated threat actors are focused on businesses because that …

Read More »

Researchers told about new instruments of MuddyWater cybercriminal group


Specializing on espionage Muddywater group, also known as SeedWorm and TEMP.Zagros, included in its set of techniques, tactics and procedures new methods that allow having remote access to infected systems and remain unnoticed at the same time. First time group became famous in 2017, when it attacked Middle Eastern organizations, however, later it included governmental and military companies in Central …

Read More »

Alpine’s Docker-images were supplied with empty password of “root” user

Docker Alpine

Security researches from Cisco company disclosed data about vulnerability CVE-2019-5021 in the assemblies of Alpine distributive for Docker container isolation system. The essence of identified problem is that for “root” user was by default set by empty password without blocking of direct entrance under “root”. “Due to the nature of this issue, systems deployed using affected versions of the Alpine …

Read More »

Researchers from Cisco Talos found vulnerability in DBMS SQLite


In DBMS SQLite detected vulnerability CVE-2019-5018 that allows performing code in the system if it is possible to execute a SQL query, prepared by an attacker. Problem arises from the SQLite 3.26 branch. “SQLite implements the Window Functions feature of SQL, which allows queries over a subset, or “window,” of rows. This specific vulnerability lies in that “window” function”, — …

Read More »

Cybercriminals that conducted DNSpoinage campaign, armed now with new malware software


Cybercriminal group that is responsible for DNSpionage operation became more selective in choosing victims and armed themselves with new malware Karkoff to improve effectiveness of their cyberattacks. According to FireEye, DNSpionage campaing began in the end of April 2017 and for it responsible cybercriminals that act in interests of Iranian government. In the previous attacks, with the use of fake …

Read More »