Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Telefónica and Subex sign a global framework agreement to provide a disruptive FMaaS solution Madrid— June 18, 2017— Subex Limited, a leading telecom analytics solution provider, has been selected by ElevenPaths, Telefónica’s Cybersecurity Unit to offer a Fraud Management-as-a- Service (FMaaS) solution. Telefónica is one...
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena Attention: Data leak! (In search of lost data) We have been hearing about “data leaks” on a regular basis for years, both in the media and in our professional or even personal environment. The concept actually covers...
Nikolaos Tsouroulas Looking for a MDR partner? Beware, not all MDRs are the same Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Alexandre Maravilla Digital Identity Wallets against identity theft fraud Identity theft or impersonation is a type of fraud in which criminals manage to supplant the identity of the person being deceived, based on the theft of their personal...
Telefónica Tech Cyber Security Weekly Briefing 22–29 April New malicious RedLine distribution campaign Researchers at BitDefender have published a report on a new RedLine malware distribution campaign. According to the analysts, malicious actors are using the RIG Exploit...
Florence Broderick SmartID and SealSign on Mobile World Congress 2015 In this increasingly digital world, where users’ identity and privacy are exposed to continuous threats, from Telefónica and ElevenPaths have created a secure digital ecosystem which allows users...
Florence Broderick JSDialers: apps calling premium rate numbers (with new techniques) in Google Play During last year, a lot of “made in Spain” malware was found in Google Play. It was basically malware that tried to silently subscribe the victim to premium SMS numbers. From a while...
Florence Broderick New Tool: JavaRuleSetter for creating Devployment Rule Sets in Java Oracle introduced the notion of whitelisting in Java 7 update 40. It was called Deployment Rule Set. In Java update 51, it introduced a new feature, that was close...
Florence Broderick Winners of the Latch Plugins Contest As you know, last 16th of October 2014, as part of our annual “Security Innovation Day” event, we announced the launch of the “Latch Plugins Contest“, the first Latch...
Florence Broderick Detected some "clickers" in Google Play simulating apps and games During the last days, some apps have appeared in Google Play that work like “clickers”, between them an app simulating Talking Tom (that was online for just a few...
Florence Broderick News: ownCloud Latch plugin We have uploaded to GitHub our latest plugin for ownCloud. It makes it easier to use Latch technology with this free software similar to widely used Dropbox. You can...
Florence Broderick 5.500 apps potentially vulnerable to Man in the Middle attacks in Google Play It has been discovered than AppsGeyser, an app creator “with just a few clicks”, deactivates the SSL certificate validation in its apps. An attacker on the same network as...
Florence Broderick Latch USB Monitor: New tool to monitor PNP devices with Latch Latch USB Monitor is a tool that monitors Plug ‘n Play device (PNP) changes in Windows and gives the user the possibility of tracking incoming devices, and react accordingly...
Florence Broderick PhpMyAdmin fixes a XSS detected by ElevenPaths (CVE-2014-9219) On November 28th, while our Faast team was developing an intrusion module for PhpMyAdmin MySQL manager, we detected a new cross site scripting vulnerability not known so far in this...
Florence Broderick Shuabang botnet: BlackHat App Store Optimization (BlackASO) in Google Play ElevenPaths has detected malicious apps in Google Play (already removed by Google), aimed at performing Shuabang techniques, or BlackASO (Black Hat App Store Optimization). These malicious apps link fake...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick Latch, new ElevenPaths' service During the time we’ve been working in ElevenPaths we’ve faced many kind of events internally, buy one of the most exciting and awaited is the birth of Latch. It’s a technology of our...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
