Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
Sergio de los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 15 – 21 April Google fixes two new actively exploited 0-day vulnerabilities Google has issued new security advisories on the identification of 0-day vulnerabilities affecting the Chrome browser that are being actively exploited. The...
ElevenPaths Innovation and New Cybersecurity Tools: Security Innovation Days 2020 (Day 3) This was the 8th edition of the Security Innovation Days 2020 so far. Three intense days in which innovation in cybersecurity and the digital transformation have been the essence...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing, 9 — 15 July Rozena: backdoor distributed by exploiting Follina vulnerability Fortinet researchers have published an analysis of a malicious campaign in which they have detected the distribution of a new backdoor exploiting the...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
Florence Broderick ElevenPaths acquires Gesconsultor (Gesdatos), the leading Governance, Risk & Compliance platform Spain GesConsultor will be offered internationally as part of Telefónica’s security services portfolio. The platform enables organisations to support business strategy, improve operating performance, mitigate operational risks and ensure regulatory compliance. GOVERTIS...
Florence Broderick Introducing Mobile Connect – the new standard in digital authentication The Mobile Operators hold the future of digital authentication in our hands, and so do our customers. The consumers will no longer need to create and manage multiple user...
Florence Broderick Trend Ransomware Report 21st Century ExtortionThe scourge of crypto-ransomware malware featured prominently in threat predictions for 2015, and the 165% increase reported in Q1 2015 indicate that these fears were well founded....
Florence Broderick Top of the app charts. Shuabang: automated malware made in China Have you ever wondered how some apps rocket up the charts so quickly? Sometimes you’ll spot one that seems like a curveball, like a pub rock covers band hitting...
Florence Broderick The Turkish behind pr0nClicker, uploads badware to Google Play for the fourth time During last week, the Turkish (maybe a gang, maybe just a person) behind the pr0nClickers malware got to avoid Google Play defenses and upload again dozens of fake apps...
Florence Broderick Studying the trojan apps for Android used in Hacking Team leak Between the information leaked these days about #HackingTeam, several trojan Android APK files have been found. A first approach with Tacyt shows interesting relations with legitimate apps, the ones leaked a...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick Telefónica Trend Report: The PoS Malware threat in 2015 A few weeks ago in the United Kingdom, cashless payments overtook the use of notes and coins for the first time. This is the latest demonstration that, while worldwide...
Florence Broderick "Incident Response Management": Attitudes of European Enterprises We have recently sponsored a new research study conducted by Pierre Audoin Consultants, PAC, focused on “Incident Response Management”. The results detailed are compiled from a survey conducted among...
Florence Broderick "Alarmware" in Google Play: will not stop an alarm until you install another malicious app In ElevenPaths, we have spotted a few samples of downloaders in Google Play that work in a very special way. The app hides its icon and installs a service...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
