Telefónica Tech Cyber Security Weekly Briefing 5-11 March Mozilla patches two 0-day vulnerabilities Mozilla has issued a security advisory patching two 0-day vulnerabilities that are reportedly being actively exploited and affect Firefox, Focus and Thunderbird. Both vulnerabilities were...
María Teresa Nieto Galán Understanding the concept of “rollup” for blockchain scalability In previous articles we have already discussed how important scalability is in Blockchain technology and how this ecosystem is starting to create solutions to achieve faster and more computationally...
Alexandre Maravilla Are SMS for sending verification codes secure? I recently forgot the password to access the personal area of my current bank’s online banking app. I show you the process of resetting the password, carried out from...
Telefónica Tech Cyber Security Weekly Briefing 28 February – 4 March Daxin: highly sophisticated backdoor Researchers at Symantec have published a paper reporting a new backdoor they have called Daxin, which they attribute to actors linked to China. According to Symantec,...
Telefónica Tech AI of Things(I): Multiplying the value of connected things Written by Álvaro Capell and David Bonomo The recent media explosion of the metaverse concept has overshadowed another technological trend, augmented or mixed reality, which is transforming the way we...
Telefónica Tech Cyber Security Weekly Briefing 19-25 February New privilege escalation flaw in Linux Security researchers at Qualys have discovered seven flaws in Canonical’s Snap software packaging and deployment system used in operating systems that use the Linux...
Diego Samuel Espitia A practical approach to integrating MITRE’s ATT&CK and D3FEND Businesses have become aware of the need to have mechanisms in place to ensure the protection of their information and how important it is to understand their weaknesses in...
Telefónica Tech Cyber Security Weekly Briefing 5 – 11 February Microsoft disables macros and MSIX to prevent malware distribution Microsoft has been actively mobilising against multiple malware attacks that use some of its technologies as an entry vector. The products...
Alexandre Maravilla Digital Identity Wallets against identity theft fraud Identity theft or impersonation is a type of fraud in which criminals manage to supplant the identity of the person being deceived, based on the theft of their personal...
Telefónica Tech Cyber Security Weekly Briefing 29 January – 4 February Exploits that allow privilege elevation in Windows published Security researchers have made public several exploits that leverage a known elevation of privilege vulnerability that affects all versions of Windows 10. The exploits...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
