Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths #CyberSecurityPulse: From the bug bounties (traditional) to the data abuse bounties Social networks image The Internet giants are going to great lengths to be transparent with their communication about the information they are gathering from their users. In the case...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
ElevenPaths Open source maintainer burnout as an attack surface Introduction Software development has evolved greatly in the last decades. It is leaning towards an scenario based in third-party modules, components and libraries that help accelerate the development of our...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
ElevenPaths SASE: The Future of Networks and Security Is Now Here Since Gartner published their report entitled “The Future of Security Networks is in the Cloud” in August 2019, which pointed out the concept of SASE as the key to...
Telefónica Tech Cyber Security Weekly Briefing, 27 August — 2 September Critical vulnerability in Atlassian Bitbucket Server and Data Center Atlassian has recently warned its users about a new critical vulnerability affecting the Bitbucket Server and Data Center software, which shall...
Telefónica Tech Cyber Security Weekly Briefing, 24 – 30 December LastPass confirms theft of customer passwords LastPass has announced that its cloud storage system was breached using stolen passwords in an incident last August. The attackers gained access to the...
Nacho Palou Cybersecurity: 13 posts to stay informed and protected from cyberthreats With the digitization of companies and organizations and our increasing reliance on digital technologies, data and information protection must be prioritized. The adoption of cutting-edge digital technologies is not only...
Telefónica Tech Cyber Security Weekly Briefing, 17 – 23 December SentinelOne: malicious Python package in PyPI Researchers at ReversingLabs have published an investigation in which they report having identified a Python package in PyPI that masquerades as the legitimate SDK...
Diego Samuel Espitia Cybersecurity in OT: a need with differences Cyber incidents in industrial environments have been increasing significantly since 2010, but it is undoubtedly in the 2020s that these incidents have affected the general population or made the...
Telefónica Tech Cyber Security Weekly Briefing, 10 – 16 December Microsoft fixes in its December Patch Tuesday two 0-day vulnerabilities and 49 other bugs Among the fixed vulnerabilities, two of them are 0-day, one of them actively exploited and identified...
Roberto García Esteban Cloud Computing for a more sustainable future Governments and businesses around the world have been trying to reduce the environmental impact of their activities since the Paris Climate Summit in 2015 and the subsequent implementation of...
Félix Brezo Fernández XVI STIC Conference: 5 trends in Cyber Security highlighted by our analysts for 2023 The CCN-CERT STIC Conference has been a classic security event at the end of the year for more than a decade. Held between 29 November and 1 December 2022...
Telefónica Tech Cyber Security Weekly Briefing, 3 – 9 December Ninth Chrome 0-day of the year Google has released Chrome 108.0.5359.94 for Mac and Linux, and 108.0.5359.94/.95 for Windows, which fixes a 0-day vulnerability, the ninth detected in Chrome this...
Telefónica Tech VMware Explore ’22 leverages interoperability among multiple & Cross-Cloud environments Written by Matheus BottanPartner Development at Telefonica Tech Formerly dubbed VM World (brand that stamped the first editions since 2004) suffice it to say that VMware Explore is a giant pivot in...
Telefónica Tech Cyber Security Weekly Briefing, 26 November – 2 December Urgent update to Chrome to prevent the eighth 0-day of 2022 Google has released an urgent security update for Chrome to prevent exploitation of the eighth 2022 0-day in the...
Florence Broderick New tool: Maltego transforms for Tacyt If you are a Maltego user, you already know how intuitive and useful it is for researching and analyzing information. You may know as well that Maltego allows to...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick New Tool: MicEnum, Mandatory Integrity Control Enumerator In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control (MIC) is a core security feature introduced in Windows Vista and implemented in subsequent lines...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
