Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Martiniano Mallavibarrena The New Digital Workforce and The Risks Around Robotics Process Automation (RPA) In recent years, many companies in different sectors have chosen to base their digital transformation on RPA – Robot Process Automation, which has facilitated the creation of hundreds of...
Carmen Dufur Our Story With Govertis Since José Mª Álvarez-Pallete announced the creation of Telefónica Tech last November, ElevenPaths has accelerated its pace to get the complicated yet exciting mission that was entrusted to us...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Carlos Ávila The Pharmaceutical Retail Industry and Their Mobile Applications Are users of pharmaceutical applications safe in terms of data security and privacy? Discover this analysis from our CSA Carlos Ávila.
Telefónica Tech Cyber Security Weekly Briefing, 10 – 16 December Microsoft fixes in its December Patch Tuesday two 0-day vulnerabilities and 49 other bugs Among the fixed vulnerabilities, two of them are 0-day, one of them actively exploited and identified...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing 9-15 October Microsoft Security Bulletin Microsoft has published its security bulletin for the month of October in which it has fixed a total of 81 bugs in its software, including 4 0-day...
Gabriel Bergel Cybersecurity and Pandemic (II) We continue with the second part of this article in which we analyse the current situation in its three dimensions. Let’s remember that in the first part of the...
Sergio de los Santos Tell Me What Data You Request from Apple and I Will Tell You What Kind of Government You Are We recently found out that Spain sent 1,353 government requests for access to Facebook user data in the first half of 2020. Thanks to Facebook’s transparency report for the...
ElevenPaths Cybersecurity Weekly Briefing November 21-27 Qbot as a prelude to Egregor ransomware infections Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as...
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
Sergio de los Santos A Simple Explanation About SAD DNS and Why It Is a Disaster (or a Blessing) In 2008, Kaminsky shook the foundations of the Internet. A design flaw in the DNS made it possible to fake responses and send a victim wherever the attacker wanted....
ElevenPaths Cybersecurity Weekly Briefing November 14-20 Malware distribution campaign supplants the identity of Spanish ministries ESET researchers warn of a malware distribution campaign that is impersonating Spanish ministries to distribute a malicious Android application through links...
Andrés Naranjo The Challenge of Online Identity (I): Identity Is the New Perimeter We often find ourselves in situations where we are faced with a mission and, as the mission goes on, we realise that the first choices we made were not...
Gonzalo Álvarez Marañón Rock, Paper, Scissors and Other Ways to Commit Now and Reveal Later Have you ever played rock, paper, scissors? I bet you have. Well, let’s put the tin lid on it: how would you play through the phone? One thing is...
Sergio de los Santos How Traditional CA’s Are Losing Control of Certificates and Possible Reasons Why Chrome Will Have a New Root Store It’s all about trust. This phrase is valid in any field. Money, for example, is nothing more than a transfer of trust, because obviously we trust that for a...
ElevenPaths Cybersecurity Weekly Briefing November 7-13 Links between Vatet, PyXie and Defray777 Researchers from Palo Alto Networks have investigated the families of malware and operational methodologies used by a threat agent that has managed to go...
Florence Broderick New tool: Maltego transforms for Tacyt If you are a Maltego user, you already know how intuitive and useful it is for researching and analyzing information. You may know as well that Maltego allows to...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
