Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Andrés Naranjo Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America “It is not the strongest of the species that survives, not the most intelligent that survives. It is the one that is the most adaptable to change”.Charles Darwin One of...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths ElevenPaths Radio English #5 – The Path After a Security Audit What is the path for a company after a security audit? It is increasingly common for companies of all sizes to decide to carry out such analyses, but what...
David García Bestiary of a Poorly Managed Memory (II) Our expert David Garcia shows what happens when the same block of reserved memory is released twice, the so-called double free.
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Cristina del Carmen Arroyo Siruela The human factor: a key element of cyber security When it is said that a server needs to be bastioned, cybersecurity personnel have an idea of what it is and what it consists of. But what about securing...
Diego Samuel Espitia TCP/IP Stack Gruyere In May 2020 during the most complicated phase of the global pandemic, we were told that the internet was broken as a result of bugs (called Ripple20) affecting millions...
Florence Broderick Heartbleed plugin, ready for FaasT There is a lot of good information about Hearbleed out there, there is little more to add. It is a extremely serious vulnerability, that has shaken the internet from...
Florence Broderick How to implement Oauth protocol in Powershell (an example with Latch) Latch already counts with lots of SDKs and plugins, so you can implement it with different languages or use it with your favorite CMS. There is an “unofficial” bash implementation,...
Florence Broderick Latch Event Monitor: New tool to integrate Latch with Windows Events Latch Event Monitor is a tool that monitors events in Windows and gives the user the possibility of tracking in a very granular way Windows logs, and react accordingly...
AI of Things Eleven Paths on "Digital Futures" video series Telefonica Digital produces a video series called Digital Futures, which are publicly available here http://youtube.com/telefonicadigital. On the latest episode, some relevant people from the world of security gives us...
Florence Broderick New tool: GmtCheck. Where does this Android App or applet come from? There are millions of malicious applets (JAR files) and Android apps (APK files) out there. Have you ever wondered where do they come from? Which country? At least, which...
Florence Broderick Detailed guides for Latch installation in WordPress, Joomla, Drupal, PrestaShop and RoundCube We are working hard in Eleven Paths for next Mobile Word Congress in Barcelona, in late February. We have updated our official apps for Android, iPhone and Windows Phone with new...
Florence Broderick Information leakages found in Google and Yahoo! (found with FaasT) A few weeks ago, Manuel Fernández, developer and security auditor in Eleven Paths, found some DS_Store files served by some Google URLs while testing FaasT. Google awarded the discovery...
Florence Broderick Eleven Paths with Latch, in Campus Party Brazil This year is the seventh edition of Campus Party Brasil, that will take place in Sao Pablo, Brazil. For Eleven Paths, it will be a very special week in the Campus:...
Florence Broderick Metashield videotutorials… now on YouTube Nowadays, most common information leaks occur through unseen channels such as metadata and unseen document information. Through these externally shared documents it is possible to obtain critical data from...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
José Luis Núñez Díaz Towards a smarter supply chain One of the recurring use cases that is always mentioned when talking about Blockchain is its application in supply chains. In fact, back in 2018, at Telefónica we were...
ElevenPaths Mum, I want to be a hacker The hacker concept is most often associated with male ‘techies’ and ‘geeks’. But why is it so difficult to find female role models in the world of technology? We...
Florence Broderick New tool: PinPatrol for Chrome. Something more than a plugin, a forensics tool Back in July, we created a new tool for improving the experience using HSTS and HPKP in Firefox. Now it’s time for Chrome. It shows this information in a...
Florence Broderick ElevenPaths Talks: The ISF Standard of Good Practice for Information Security REGISTER HERE! On Thursday, 19 May, our colleague Sebastian will give a speech about The ISF Standard of Good Practice for Information Security. The standard of good practice is...
Florence Broderick Introducing Mobile Connect – the new standard in digital authentication The Mobile Operators hold the future of digital authentication in our hands, and so do our customers. The consumers will no longer need to create and manage multiple user...
