Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Why you are late delivering all your projects and what you can do to address it Anyone who causes harm by forecasting should be treated as either a fool or a liar. Some forecasters cause more damage to society than criminals. —Nassim Taleb, The Black Swan, 2007 In 1957,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths Cyber Security Weekly Briefing 25 September – 1 October Let’s Encrypt root certificate expires (DST Root CA X3) A few days ago, Scott Helme, founder of Security Headers, highlighted the 30 September as the date when Let’s Encrypt’s root certificate, DST...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Gonzalo Álvarez Marañón What Differential Privacy Is and Why Google and Apple Are Using It with Your Data Differential privacy allows you to know your users without compromising their privacy, but achieving it is a complex process. Here's why.
Florence Broderick Heartbleed plugin, ready for FaasT There is a lot of good information about Hearbleed out there, there is little more to add. It is a extremely serious vulnerability, that has shaken the internet from...
Florence Broderick How to implement Oauth protocol in Powershell (an example with Latch) Latch already counts with lots of SDKs and plugins, so you can implement it with different languages or use it with your favorite CMS. There is an “unofficial” bash implementation,...
Florence Broderick Latch Event Monitor: New tool to integrate Latch with Windows Events Latch Event Monitor is a tool that monitors events in Windows and gives the user the possibility of tracking in a very granular way Windows logs, and react accordingly...
AI of Things Eleven Paths on "Digital Futures" video series Telefonica Digital produces a video series called Digital Futures, which are publicly available here http://youtube.com/telefonicadigital. On the latest episode, some relevant people from the world of security gives us...
Florence Broderick New tool: GmtCheck. Where does this Android App or applet come from? There are millions of malicious applets (JAR files) and Android apps (APK files) out there. Have you ever wondered where do they come from? Which country? At least, which...
Florence Broderick Detailed guides for Latch installation in WordPress, Joomla, Drupal, PrestaShop and RoundCube We are working hard in Eleven Paths for next Mobile Word Congress in Barcelona, in late February. We have updated our official apps for Android, iPhone and Windows Phone with new...
Florence Broderick Information leakages found in Google and Yahoo! (found with FaasT) A few weeks ago, Manuel Fernández, developer and security auditor in Eleven Paths, found some DS_Store files served by some Google URLs while testing FaasT. Google awarded the discovery...
Florence Broderick Eleven Paths with Latch, in Campus Party Brazil This year is the seventh edition of Campus Party Brasil, that will take place in Sao Pablo, Brazil. For Eleven Paths, it will be a very special week in the Campus:...
Florence Broderick Metashield videotutorials… now on YouTube Nowadays, most common information leaks occur through unseen channels such as metadata and unseen document information. Through these externally shared documents it is possible to obtain critical data from...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
