Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Gonzalo Álvarez Marañón What Differential Privacy Is and Why Google and Apple Are Using It with Your Data Differential privacy allows you to know your users without compromising their privacy, but achieving it is a complex process. Here's why.
Telefónica Tech Cyber Security Weekly Briefing, 9 — 15 July Rozena: backdoor distributed by exploiting Follina vulnerability Fortinet researchers have published an analysis of a malicious campaign in which they have detected the distribution of a new backdoor exploiting the...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths DNS over HTTPS (DoH) is already here: the controversy is served Recently, the IETF has raised to RFC the DNS over HTTPS proposal. In other words, this means resolving domains through the well-known HTTPS, with its corresponding POST, GET and certifications...
Gonzalo Álvarez Marañón Unravelling the Quantum Tangle of Cybersecurity: Quantum Computers, Quantum and Post-Quantum Cryptography Do you know what’ s the difference between quantum computing, quantum cryptography and post-quantum cryptography? Because to be honest, they have (almost) nothing to do with each other. They...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing, 23-29 July New Critical Vulnerability in SonicWall Products Researchers from DBappSecurity HAT lab have discovered a critical vulnerability that affects several SonicWall Analytics On-Prem and SonicWall Global Management System products. The vulnerability, a...
Telefónica Tech Cyber Security Weekly Briefing 23-29 October Google fixes two 0-days in Chrome browser Google has released a new Chrome update (95.0.4638.69) for Windows, Mac and Linux, which fixes 7 vulnerabilities, two of them being 0-days. Regarding...
Nacho Palou Google’s Passkey is just another nail in the password coffin Google’s Passkey offers users the possibility of using an access key to identify themselves on websites or apps without typing their username and password. Google explains that the passkeys replace...
Telefónica Tech Cyber Security Weekly Briefing, 6 – 12 May Security updates vulnerabilities in Fortinet products Fortinet has announced a set of security updates that fix up to a total of 9 vulnerabilities, 2 of which are considered high severity...
Sergio de los Santos Pay When You Get Infected by Ransomware? Many Shades of Grey The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and...
Telefónica Tech Cyber Security Weekly Briefing, 29 April – 5 May Critical vulnerability in Zyxel firewalls Network equipment manufacturer Zyxel has released security patches for a critical vulnerability affecting its firewalls. The vulnerability, which was discovered and reported by the TRAPA...
David García Will Rust save the world? (I) How Rust, the security-focused open source programming language, improves the outlook for memory error-based vulnerabilities
Marina Domínguez The three revolutions of the Contact Center: apple pies, convertibles, and social media Every business relationship begins with a “match”. Since the foundation of any business, no matter how small it may be, one of its main objectives is to make itself...
Telefónica Tech Cyber Security Weekly Briefing, 22 – 28 April SolarWinds fixes high severity vulnerabilities In its latest security update, SolarWinds has fixed a total of 2 high-severity vulnerabilities, which could lead to command execution and privilege escalation. The more...
Jorge Rubio Artificial Intelligence applied to industrial Cyber Security (OT) Cyber Security in industrial or OT (Operational Technology) environments is crucial to protect critical infrastructures such as energy, transport and communication and has become an increasing concern as they...
Telefónica Tech Cyber Security Weekly Briefing, 15 – 21 April Google fixes two new actively exploited 0-day vulnerabilities Google has issued new security advisories on the identification of 0-day vulnerabilities affecting the Chrome browser that are being actively exploited. The...
Nacho Palou Industrial digitalization: we share the keys at Advanced Factories This week we are at Advanced Factories, the annual reference meeting on innovation and industrial automation, robotics, and digitalized industry or Industry 4.0. At Telfónica Tech, we are sharing our...
Florence Broderick New tool: Maltego transforms for Tacyt If you are a Maltego user, you already know how intuitive and useful it is for researching and analyzing information. You may know as well that Maltego allows to...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
