Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 18 – 24 March HinataBot: new botnet dedicated to DDoS attacks Researchers at Akamai have published a report stating that they have identified a new botnet called HinataBot that has the capability to perform...
ElevenPaths Cybersecurity Weekly Briefing July 11-17 Combining Citrix vulnerabilities to steal user sessions On July 7th, Citrix published a security bulletin to correct up to 11 vulnerabilities. A few days later, a report was released with...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Sergio de los Santos Windows 11 security improves and joins Zero Trust We look at the security features included in Windows 11. Some of them are familiar but receive substantial changes and improvements.
Gonzalo Álvarez Marañón What Is Wrong with Quantum Cryptography That the World’s Largest Intelligence Agencies Discourage Its Use Quantum cryptography does not exist. What everyone understands when the term “quantum cryptography” is mentioned is actually the quantum key distribution (QKD). And this is precisely what I want...
Telefónica Tech Attacking login credentials An access credential is basically a username and password associated with a person and the access permissions granted to that person for an application, service or system. An access...
Telefónica Tech Cyber Security Weekly Briefing, 13 – 17 June Hertzbleed. New side-channel attack on AMD and Intel processors Security researchers at several US universities have discovered a new side-channel attack affecting Intel and AMD processors, called Hertzbleed. What is remarkable...
Nacho Palou We have a brand-new website! Get to know the new Telefónica Tech Cyber Security & Cloud website Telefónica Tech is constantly growing and working to be the technological partner of companies in their digital transformation process. As part of this purpose, Telefónica Tech Cyber Security & Cloud...
Alberto Sempere XDR, the cybersecurity trend that dominated the RSA Conference 2022 After a two-year break, I am back at the RSA Conference in San Francisco, the international key event for the cybersecurity industry. Having overcome the typical hurdles of a trip...
Roberto García Esteban Cloud Computing, the great ally for the digitalisation of the sports sector (and for athletes) Data analytics has become fundamental to sport. Gone are the days of coaches and trainers taking notes with their pen in a notebook during matches or training sessions. Everything from...
Telefónica Tech Cyber Security Weekly Briefing, 6 – 10 June LockBit threatens Mandiant after linking them to Evil Corp The LockBit 2.0 ransomware group announced on its dark web publishing page afternoon, 6 May, the alleged compromise of cybersecurity firm...
Telefónica Tech Cyber Security Weekly Briefing, 28 May – 3 June Rapid evolution of the EnemyBot botnet Since its discovery last March by Securonix researchers, the botnet known as EnemyBot, focused on carrying out DDoS attacks, has continued to expand, thanks...
Cristina del Carmen Arroyo Siruela Differences between encryption, hashing, encoding and obfuscation There is currently a lot of confusion about the terms encryption, encoding, cryptography, hashing and obfuscation techniques. These terms are related to computer security, specifically to the confidentiality and...
Telefónica Tech Cyber Security Weekly Briefing, 21–27 May Unpatched vulnerability in PayPal Security researcher H4x0r-DZ has disclosed an unpatched vulnerability in PayPal’s money transfer service that could allow attackers to trick victims into stealing money by completing targeted...
Diego Samuel Espitia Vulnerabilities, threats and cyber-attacks on industrial systems Cybercriminals have increasingly targeted industrial environments
ElevenPaths Squeezing the numbers and facts of Google’s annual Android security report Last month Google published its third annual security report on Android’s security protections, aiming to send a clear message to the world about mobile malware (or Potentially Harmful Applications...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
