Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Cybersecurity Weekly Briefing June 20-26 Millions of User Records Exposed on an Oracle Server Security researcher Anurag Sen has found an exposed database containing millions of records belonging to the company BlueKai, owned by Oracle....
ElevenPaths Telefónica, Gradiant and Incibe Improve Companies’ Cyber Security The agreement boosts knowledge transfer to the private sectorTEGRA continues on the path to consolidate Galicia’s position as a major player in the European field of cyber security Telefónica, Gradiant...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Franco Piergallini Guida Thinking About Attacks on WAFs Based on Machine Learning One of the fundamental pieces for the correct implementation of machine and deep learning is data. This type of algorithm needs to consume, in some cases, a large amount...
Sergio de los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing 1–7 january Mail delivery failure on Microsoft Exchange on-premises servers 2 January, Microsoft released a workaround to fix a bug that interrupted email delivery on Microsoft Exchange on-premises servers. The bug is a “year...
Telefónica Tech Cyber Security Weekly Briefing 4-10 September Critical vulnerability in Zoho ADSelfService Plus The company Zoho has issued a security advisory warning of a critical vulnerability in ADSelfService Plus, an enterprise password and login management software. The...
ElevenPaths Accelerating European cyber security between the United Kingdom and Telefonica (Wayra) – Part one of two The GCHQ (Government Communications Headquarters) is not very well known outside of the United Kingdom. The governmental organization is almost a century old (it will celebrate its 100th anniversary...
ElevenPaths #CyberSecurityPulse: Tell me your social networks and you will be welcome in the United States (or maybe not) The US Department of State wants to ask visa applicants to provide details of their social networks which they have used within the last five years, as well as...
ElevenPaths The Wannacry authors also want their Bitcoin Cash The 12th of May 2017 was a day for many of us which we will not easily forget. Wannacry was one of those incidents which had a major impact...
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
ElevenPaths #CyberSecurityPulse: Biggest-Ever DDoS Attack Hits Github Website At the end of 2016, a DDoS attack on DynDNS blocked major Internet sites such as Twitter, Spotify and PayPal. The Mirai botnet was used to take advantage of...
ElevenPaths New tool: “Web browsers HSTS entries eraser”, our Metasploit post exploitation module This module deletes the HSTS/HPKP database of the main browsers: Chrome, Firefox, Opera, Safari and wget in Windows, Mac and Linux. This allows an attacker to perform man in...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep technical...
ElevenPaths #CyberSecurityPulse: Dude, Where Are My Bitcoins? Numerous types of attacks are affecting cryptocurrency users: families of malware that steal wallets, phishing attacks that try to forge platforms where users manage their bitcoins, applications that use...
ElevenPaths SandaS GRC, the best way to perform the GSMA IoT Security Assessment SandaS GRC ElevenPaths SandaS GRC allows organizations to support their business strategy, improve operational performance, mitigate operational risks and ensure regulatory compliance. Is the perfect complement with which you can...
ElevenPaths #CyberSecurityPulse: Oops, I Went Running and I Published Information From Secret Locations The popular fitness tracking app Strava proudly published a 2017 heat map showing activities from its users around the world, but unfortunately, the map revealed locations of the United...
José Luis Núñez Díaz Towards a smarter supply chain One of the recurring use cases that is always mentioned when talking about Blockchain is its application in supply chains. In fact, back in 2018, at Telefónica we were...
Florence Broderick Jam Session with Greg Day Madrid 2017 Roundup Estrenamos el mes de febrero uniéndonos a nuestros colegas de Palo Alto para celebrar nuestra primera Jam Session del año en Madrid. Este año iniciamos nuestras sesiones de visión...
Florence Broderick New tool: PinPatrol for Chrome. Something more than a plugin, a forensics tool Back in July, we created a new tool for improving the experience using HSTS and HPKP in Firefox. Now it’s time for Chrome. It shows this information in a...
Florence Broderick New tool: Maltego transforms for Tacyt If you are a Maltego user, you already know how intuitive and useful it is for researching and analyzing information. You may know as well that Maltego allows to...
Florence Broderick Eleven Paths Talks: WordPress in Paranoid Mode ¡Regístrate aquí! El próximo Jueves 30 de Junio nuestro compañero Pablo González impartirá una charla en la que se verá una prueba de concepto realizada en Eleven Paths. Pablo está en...
