Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Diego Samuel Espitia Business Continuity Plan: From Paper to Action How many Business Continuity Plans considered a global pandemic among the possible causes of business blockage?
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
Innovation and Laboratory Area in ElevenPaths Most Software Handling Files Overlooks SmartScreen in Windows We analyse how this protection component of Windows Defender works with downloaded files.
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
ElevenPaths You are less rational than you think when you take decisions under uncertain conditions I propose you the following game of luck: Option A: I give 1,000 € to you with a probability of 100%. Option B: Let’s leave it to heads or tails: if...
Analysis of APPs Related to COVID19 Using Tacyt (I)Andrés Naranjo Amador Aparicio 15 September, 2020 Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android, has already limited the publication and search of terms such as “covid” or “coronavirus”: Google has declared war against those who try to take advantage of fear to win downloads. Currently, only those belonging to official government bodies remain on Google Play. For this rapid analysis we will use ElevenPaths’ Tacyt tool, the mobile cyberintelligence ecosystem, where its Big Data structure monitors, stores, analyses and correlates thousands of new applications every day. In addition to collate or compare information which we have access to through easy and simple queries. One of the advantages that Tacyt offers is that we can have all applications accessible regardless of location. Since Google Play can only offer results based on our country of origin according to the availability proposed by the developer. We go to the Official Google Play repository in Spain and search for those apps related to COVID19. Official Apps in Spain accessible in Google Market (10 altogether) Nothing to do with the amount of applications found in any unofficial market: Apps found in APTOIDE, an alternative market using the term: “coronavirus” As with other markets, Aptoide, for example, does not directly download the app we have requested but the “downloader” through which the actual download will be requested. This can easily be guessed by checking that the file size is exactly the same: Downloaded Apps through APTOIDE In fact, we easily check it out at Tacyt when uploading these applications. It detects them as one, with identical hash: This is due to Tacyt not only including its own application discovery drivers and applications downloading, but also, using the upload function (either via web or API) the user can upload the applications to be analysed. These can be seen labelled as “userUpload” and can also be tagged with our own identification labels (as in the image: the author of the upload or the market from which it was downloaded). This upload function can be very useful to detect altered versions of our legitimate applications in unofficial markets, for example, from a bank. Tacyt includes a button on the interface to compare applications. In any case, we do not miss the opportunity to totally discourage the installation of applications from unofficial sources. Google Play Search Using Tacyt for COVID19 Related Apps Since the Beginning of the Pandemic We will focus the research on Google Play. The filters are used to form the next search in Tacyt. As you can see these usual composite queries (dorks) in Google search, for example, are easy to read: ((packageName:*covid19*) OR (packageName:*coronavirus*)) AND (origin:"GooglePlay") AND (createDate:"2020-03-14 00:00:00 - today") “Dorking” to search using Tacyt apps in Google Play related to COVID-19 published since the beginning of the alarm state Tacyt’s respond to the previous search: Apps related to COVID-19 published overseas in Google Play We now search for unofficial apps related to COVID19 using Tacyt from the official date of the start of the pandemic. For this task, we can use the parameter ORIGIN indicating the exclusion of all those whose origin is not the official one. For example -origin:GooglePlay. ((packageName:*covid19*) OR (packageName:*coronavirus*)) AND (-origin:GooglePlay) AND (createDate:"2020-03-14 00:00:00 - today") Unofficial apps published since the beginning of the pandemic For example we have a look at the permissions of the app with “coronavirus.tracker.news” package name and do a quick scan. The following permissions are suspicious: (we only comment on permissions different to the “normal” official apps that violate privacy or security) android.permission.CHANGE_WIFI_STATE: allows the APP to change the state of Wi-Fi connectivity.android.permission.INTERNET: allows the APP to open network connections.android.permission.WRITE_EXTERNAL_STORAGE: allows the APP to write in the external storage of the device.android.permission.READ_EXTERNAL_STORAGE: allows the APP to read on the external storage of the device.android.permission.WAKE_LOCK: allows you to use PowerManager WakeLocks to prevent the processor from going into sleep mode or the screen from getting dark. For any research, we can load the apps in batches into Tacyt and then search for them using a custom label and locating, for example, as we said, suspicious permissions: Likewise, we could have used the expiry date of the certificate (sometimes suspiciously long), apikeys, text or emails chains associated with malware, and a long etc… We will see in the next part some more information about the findings. What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You?ElevenPaths Radio English #3 – Why is Cybersecurity So Necessary Today?
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...