Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Cybersecurity and Business in the New Era: Security Innovation Days 2020 (Day 1) First day of the Security Innovation Days 2020 completed with more than 1500 people connected from all over the world. If you missed the first day of our cybersecurity...
Sergio de los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a .NET...
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing 23-29 October Google fixes two 0-days in Chrome browser Google has released a new Chrome update (95.0.4638.69) for Windows, Mac and Linux, which fixes 7 vulnerabilities, two of them being 0-days. Regarding...
Gonzalo Álvarez Marañón Nobody on The Internet Knows You Are A Dog, Even If You Use TLS Certificates You may have noticed that most websites have a little padlock on them. If you click on it, a window will pop up stating that “the connection is secure”....
Gabriel Álvarez Corrada 5G Connectivity and its Impact on Industry 4.0: Maturity and Evolution One of the factors that indicates the maturity of some branches of technology is the incorporation of improvements as this technology evolves, which are different from those considered at...
ElevenPaths ElevenPaths Radio English #4 – Privacy and Personal Data Protection Privacy and personal data protection are two of the greatest concerns today due to the large amount of information leaking out to the media every day. Practically all big...
Gabriel Bergel ¿Ransomware in Pandemic or Ransomware Pandemic? No one imagined what could happen in the field of cyber security during the Covid-19 pandemic. Perhaps some colleagues were visionary, or others were basically guided by the statistics...
ElevenPaths Cyber Security Weekly Briefing 31 October – 6 November Apple fixes 3 0-day vulnerabilities Apple, with the launch of the new iOS 14.2 version, has corrected three 0-day vulnerabilities that would be actively exploited and that would affect iPhone,...
Andrés Naranjo Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America “It is not the strongest of the species that survives, not the most intelligent that survives. It is the one that is the most adaptable to change”.Charles Darwin One of...
Carlos Ávila ZoomEye: Extending TheTHE With More Plugins Those who follow the developments carried out by the Innovation and Laboratory team will be familiar with our theTHE platform, which specialises in Threat Hunting, IoC analysis and is...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
ElevenPaths Telefónica, Gradiant and Incibe Improve Companies’ Cyber Security The agreement boosts knowledge transfer to the private sectorTEGRA continues on the path to consolidate Galicia’s position as a major player in the European field of cyber security Telefónica, Gradiant...
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Gabriel Álvarez Corrada Approaching Cybersecurity in Industry 4.0: The Age of Connected Machines Don’t run away yet! This era is not about machines enslaving humanity (at least, not yet…) but about the introduction of elements (IOT devices, cloud environments, IA, Big Data, SIEM,...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
