Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Gonzalo Álvarez Marañón Blockchain, Cryptocurrencies, zkSTARKs and the Future of Privacy in a Decentralised World In the Renaissance Italy, duels between mathematicians were common, but not by crossing steels, but by solving difficult problems. One of the hardest bones to crack at the time...
ElevenPaths Securing a Cloud Environment With a Telco Cloud Provider Nowadays, nobody can deny the remarkable benefits of cloud computing, both infrastructure as a service (IaaS) and software as a service (SaaS). Cloud computing drives cost savings, agility to...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and (possibly) Chrome. Our Black Hat research We have been for a long time researching about HSTS, HPKP, certificate pinning and TLS technologies in general. As a collateral effect of this work, we have found some...
ElevenPaths New Capabilities for the Future of Cybersecurity: Security Innovation Days 2020 (Day 2) Second day of the Security Innovation Days 2020, focusing on the new capabilities we have acquired as a cybersecurity company from Telefónica Tech. A few weeks ago, we announced...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
ElevenPaths Dumpster diving in Bin Laden’s computers: malware, passwords, warez and metadata (II) What would you expect from a computer network that belongs to a terrorists group? Super-encrypted material? Special passwords? The Central Intelligence Agency (CIA) on 1 November 2017 released additional...
Franco Piergallini Guida The First Official Vulnerabilities in Machine Learning in General Today you are nobody on the market if you do not use a Machine Learning system. Whether it is a system of nested “ifs” or a model of real...
Estevenson Solano Metaverse (II): the challenge of building a virtual space that is secure, inclusive and beneficial to everyone As we learned in the previous article of this series, impact of the metaverse on disinformation, child security, its evolution and its potential to spread discrimination and inequalities will...
Aarón Jornet Evolution of Spear-Phishing Techniques of Notorious Threat Groups and malware used In recent years, different campaigns and threats have been metabolised and their entry vector has been the same, the e-mail. This initial access always seems to be the most...
Telefónica Tech Cyber Security Weekly Briefing, 8 – 14 April Apple fixes two new actively exploited 0-day vulnerabilities Apple has released new security advisories about two new actively exploited 0-day vulnerabilities affecting iPhones, Macs and iPads. First, there is the...
Estevenson Solano Metaverse (I): threats in an immersive, multi-sensory environment While the discussion and excitement around the metaverse is growing, there are also feelings of doubt, fear, concern and uncertainty about the potential risks in an environment where the...
María Riesgo Technology and the young: how to turn dangers into opportunities The technology world is moving extremely fast. If we look back, we would have never imagined the possibility of connecting to a computer without interrupting the landline phone at...
Telefónica Tech Cyber Security Weekly Briefing, 25 – 31 March GitHub exposes its RSA SSH host key by mistake GitHub announced last Friday that they had replaced their RSA SSH host key used to protect Git operations. According to the...
Roberto García Esteban Cloud terms you can’t miss It was George Favaloro and Sean O’Sullivan, managers of Compaq Computer, who first used the expression “Cloud Computing” in 1996, and since then, the term has become so popular...
Nacho Palou Cybercrime, a constant threat to all types of companies Cyber threats have existed since technology began to be used in companies and organizations. But the evolution of the technology world in the 21st century has changed the landscape:...
Telefónica Tech Cyber Security Weekly Briefing, 18 – 24 March HinataBot: new botnet dedicated to DDoS attacks Researchers at Akamai have published a report stating that they have identified a new botnet called HinataBot that has the capability to perform...
Nacho Palou 5G connectivity: Four real and practical use cases According to data from GSMA, collected by the publication Redes & Telecom, by the end of 2022, over one billion 5G connections had been surpassed worldwide; this figure will...
Florence Broderick New tool: Maltego transforms for Tacyt If you are a Maltego user, you already know how intuitive and useful it is for researching and analyzing information. You may know as well that Maltego allows to...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
