Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Cybersecurity Weekly Briefing August 22-28 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Nacho Palou Cybercrime, a constant threat to all types of companies Cyber threats have existed since technology began to be used in companies and organizations. But the evolution of the technology world in the 21st century has changed the landscape:...
Carlos Ávila The Pharmaceutical Retail Industry and Their Mobile Applications Are users of pharmaceutical applications safe in terms of data security and privacy? Discover this analysis from our CSA Carlos Ávila.
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Telefónica Tech Cyber Security Weekly Briefing, 28 October – 4 November Vulnerabilities fixed in new OpenSSL version The new 3.0.7 version of OpenSSL, announced last week by the developers of the project, was made public this past Wednesday. The expectation around this...
Pablo Alarcón Padellano Managed Detection & Response: Prevention is Not Enough, You Need to Become Cyber-Resilient You want your organization to be cyber-resilient but you have no means? You have advanced security solutions in place, but you lack skilled staff trained to take advantage of them? You...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
ElevenPaths #CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone’s Business The new year has started with a story that has taken the covers of specialized and generalist media all around the world. The vulnerabilities named as Meltdown and Spectre...
ElevenPaths Come to Create Technology at Telefónica’s Chief Data Office Unit Hi Hacker! Technology is in a constant evolution and so are we. Therefore, from Telefónica, throughout the Chief Data Office (CDO) led by Chema Alonso, which includes Aura -Cognitive Intelligence-, ElevenPaths -Cybersecurity-, LUCA -Big Data-...
ElevenPaths #CyberSecurityPulse: The Boom of JavaScript Miners The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there...
ElevenPaths #CyberSecurityPulse: Army Launches Direct Commissioning Program for Civilian Cybersecurity Experts The Army has approved a program to recruit experienced cybersecurity experts directly into the service as cyber officers in an attempt to bolster a growing field that military leaders...
ElevenPaths Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and (possibly) Chrome. Our Black Hat research We have been for a long time researching about HSTS, HPKP, certificate pinning and TLS technologies in general. As a collateral effect of this work, we have found some...
ElevenPaths #CyberSecurityPulse: Injection and XSS, the Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) has just updated the top ten list of web app vulnerabilities for the first time since 2013 but not much has actually...
ElevenPaths SealSign integration with the Azure Key Vault ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based...
ElevenPaths Dumpster diving in Bin Laden’s computers: malware, passwords, warez and metadata (II) What would you expect from a computer network that belongs to a terrorists group? Super-encrypted material? Special passwords? The Central Intelligence Agency (CIA) on 1 November 2017 released additional...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
