Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
David García The Malware Created in Go Is A Trend And Is Here To Stay Even though it cannot be said that Go is a new programming language (it is already more than ten years old), it does belong to that new batch of...
Sergio de los Santos How Traditional CA’s Are Losing Control of Certificates and Possible Reasons Why Chrome Will Have a New Root Store It’s all about trust. This phrase is valid in any field. Money, for example, is nothing more than a transfer of trust, because obviously we trust that for a...
Telefónica Tech Cyber Security Weekly Briefing, 21-28 October Campaigns spreading ERMAC malware A team of Cyble researchers recently discovered a mass phishing campaign aimed at spreading the ERMAC banking trojan. The infection method is based on downloading fake...
Estevenson Solano What is the Fifth Domain and what is its strategic importance? In recent years, conflict and stability in cyberspace have become a growing concern for many countries and organisations that consider cyberspace as a strategic domain and have strengthened their...
Telefónica Tech Cyber Security Weekly Briefing, 15-21 October The Noname057(16) group attacks the Spanish Ministry of Defense Last Friday, threat actor Noname057(016) carried out an attack against the website of the Spanish Ministry of Defense, rendering them unavailable...
Juan Carlos Vigo López Secure Digital Workplace: chronicle of a foretold (and necessary) evolution The changes that have taken place in the Digital Workplace lately have put some technological areas under stress, as we have had to adapt to the evolutions during and...
Telefónica Tech Selecting a managed security service provider (MSSP): 5 key factors to keep in mind An Managed Security Service Provider (MSSP) offers you a team of seasoned security experts that will work for you at a fraction of the cost of building your security...
Telefónica Tech Cyber Security Weekly Briefing, 7 — 14 October Critical vulnerability in Fortinet Fortinet has issued a security advisory to its customers urging them to update their FortiGate firewalls and FortiProxy web proxy, in order to fix a critical authentication bypass...
Diego Samuel Espitia How to protect your social media accounts Companies and individuals use social networks today to generate new revenue or to sell their services and products, much more than just to communicate with other people or to...
Roberto García Esteban 6 common mistakes when quoting for a Cloud project There is no doubt that Cloud Computing technology brings with it enormous opportunities for companies, but its financial particularities need to be well understood. Traditionally, the IT model was about...
Telefónica Tech Cyber Security Weekly Briefing, 1 — 7 October Lazarus targets Dell via new FudModule rootkit ESET researchers have reported a new Lazarus campaign targeting a Dell hardware driver using a new rootkit called FudModule. The rootkit uses a...
Roberto García Esteban Cloud Computing is the future of the healthcare sector Healthcare is a sector that is continuously generating a large amount of data. To put it in numbers, every year our National Health System manages 234 million medical consultations...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick Latch, new ElevenPaths' service During the time we’ve been working in ElevenPaths we’ve faced many kind of events internally, buy one of the most exciting and awaited is the birth of Latch. It’s a technology of our...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
