Telefónica Tech Cyber Security Weekly Briefing 9-15 October Microsoft Security Bulletin Microsoft has published its security bulletin for the month of October in which it has fixed a total of 81 bugs in its software, including 4 0-day...
Alexandre Maravilla Europe’s new digital identity; sovereign identity wallets Have you ever stopped to think about how many user accounts we have on the Internet? Bank accounts, utility providers, Social Networks, email, e-commerce, … Nowadays we handle an...
Telefónica Tech What have we learned about Cloud this September? This new course has come loaded with knowledge for the Telefónica Tech blog. Thanks to our experts, we continue to advance, on a daily basis, in our training on...
Telefónica Tech Cyber Security Weekly Briefing 2-8 October Apache vulnerabilities actively exploited Earlier this week, Apache fixed a 0-day (CVE-2021-41773) affecting Apache HTTP servers which was actively being exploited. However, on Thursday we learned that the patch released...
Telefónica Tech IoT, Big Data and AI convergence report The IoT and Smart Cities Cybersecurity Innovation Centre of Telefónica Tech Ciber Security & Cloud in Valencia, Spain, brings us a compilation of the potential risks related to IoT,...
David García Where does ransomware attack? Three main pillars It all starts with a tweet from a researcher (Allan Liska from RecordedFuture) announcing that he is compiling a list of vulnerabilities currently being exploited by organised groups in...
ElevenPaths Cyber Security Weekly Briefing 25 September – 1 October Let’s Encrypt root certificate expires (DST Root CA X3) A few days ago, Scott Helme, founder of Security Headers, highlighted the 30 September as the date when Let’s Encrypt’s root certificate, DST...
David García What’s new in the OWASP 2021 ranking? OWASP, the foundation focused on web application security, has recently updated its ranking of the most prominent risks. Let’s take a look at the new reorganisation of the top,...
Félix Brezo Fernández The Work of a Cyber Intelligence Unit in The Context Of Incident Response Besides the work carried out by our colleagues in the forensic analysis, malware analysis or Threat Hunting teams, which we have reviewed in the articles in this series associated...
Telefónica Tech Cyber Security Weekly Briefing 18-24 September Malware campaign using TeamViewer on websites under IIS Malwarebytes researchers have observed a malware distribution campaign since the beginning of September that makes use of previously compromised pages running on Microsoft’s...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
