Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Trend Report: Hacktivist CyberThreats Report 2019 An analytical report that includes the periodic scanning of the hacktivist threat’s behavior in five observation rings: Europe and the United Kingdom, North America, Latin America, MENA / Asia...
Andrés Naranjo The Challenge of Online Identity (I): Identity Is the New Perimeter We often find ourselves in situations where we are faced with a mission and, as the mission goes on, we realise that the first choices we made were not...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep technical...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Sergio de los Santos Ripple20: Internet Broken Down Again Billions of IoT devices have been affected. However, this is not the first time a catastrophe of this magnitude has occurred.
Telefónica Tech Cyber Security Weekly Briefing 10-16 July Kaseya VSA Incident Update After news of the attack by the REvil ransomware group using Kaseya VSA on July 2nd, on Sunday July 11th, Kaseya released the patch for its...
Susana Alwasity Cybersecurity: “black swan“ events in a connected world In today’s society, technology has transformed the way we live, work and interact. A greater risk of cyber threats has arisen with the increased use of internet-connected devices and...
Telefónica Tech Cyber Security Weekly Briefing, 11 – 17 March A new version of the Xenomorph banking trojan ThreatFabric researchers have detected a new variant of the Android banking trojan Xenomorph. This malware family was first detected in February 2022...
Gonzalo Álvarez Marañón Mathematics against cyber-crime: how to detect fraud, manipulation and cyber-attacks using Benford’s Law In the early 20th Century, when calculators, computers and smartphones did not yet exist, scientists and engineers used tables of logarithms compiled in thick volumes for their calculations. For...
Javier Herrero My experience as a volunteer in the ‘AulaCibersegura’ initiative to protect minors on the Internet What is the AulaCibersegura (Cyber Secure Classroom) initiative I have long had the desire and personal need to contribute in some real and direct way to Telefónica’s family of volunteers....
Telefónica Tech Cyber Security Weekly Briefing, 4 – 10 March FBI and ICSA Launch Advisory to Combat Royal Ransomware The FBI and ICSA launched the #StopRansomware: Royal Ransomware Cyber Security Advisory on 2 March to help combat this type of...
Nacho Palou Meet #LadyHacker Jess Woods, Cloud expert at Telefónica Tech Today, March 8th, International Women’s Day, we start a series of interviews with #LadyHackers from Telefónica Tech. Through their work and effort, these women are helping us become a...
Telefónica Tech Cyber Security Weekly Briefing, 25 February – 3 March Vulnerabilities in WordPress Houzez A security researcher from Patchstack has recently discovered two critical vulnerabilities in Houzez, a WordPress theme and plugin that allows easy and seamless list management for...
Nacho Palou MWC: All the innovations and expertise we shared Following four intense days, Mobile Word Congress (MWC) 2023 bids farewell today until next year. Since opening its doors last Monday, attendees have had the opportunity to see the...
Roberto García Esteban Cloud Computing as a key player in the future of the logistics sector Why cloud computing is key for logistics companies to meet the growing demand in e-commerce.
Telefónica Tech Cyber Security Weekly Briefing, 18 – 24 February Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb Fortinet has issued a security advisory fixing two critical vulnerabilities affecting its FortiNAC and FortiWeb products. The security flaws have been registered...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
