Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gabriel Bergel ¿Ransomware in Pandemic or Ransomware Pandemic? No one imagined what could happen in the field of cyber security during the Covid-19 pandemic. Perhaps some colleagues were visionary, or others were basically guided by the statistics...
ElevenPaths Security Innovation Days 2020: The New Era Cyber Security in the Digital Transformation Era There is no doubt about it, we are living times of constant changes at all possible levels. There are so many that we are talking about a change of...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Diego Samuel Espitia When Preventing a Cyberattack Becomes a Vital Decision In recent years, the number of incidents in critical infrastructure networks and industrial systems has increased significantly. There have been attacks with a high degree of complexity and knowledge...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths The base rate fallacy or why antiviruses, antispam filters and detection probes work worse than what is actually promised Before starting your workday, while your savoring your morning coffee, you open your favorite cybersecurity newsletter and an advertisement on a new Intrusion Detection System catches your attention: THIS IDS...
ElevenPaths Dumpster diving in Bin Laden’s computers: malware, passwords, warez and metadata (I) What would you expect from a computer network that belongs to a terrorists group? Super-encrypted material? Special passwords? The Central Intelligence Agency (CIA) on 1 November 2017 released...
ChainLock, A Linux Tool for Locking Down Important FilesInnovation and Laboratory Area in ElevenPaths 2 October, 2020 Let’s say you have a valuable file on your computer, such as a bitcoin wallet file (“wallet.dat”), or some other file with sensitive information, and you decide put a password on it to keep it safe. If you use MS Windows maybe you’ve taken steps to protect yourself from clipboard hijacking malware, and now you’re wondering what to do next in the constant arms race against attackers. We know about some malware that try to target and steal your wallet.dat file so the attacker can crack your password offline and then transfer the funds to an account they control, so from Innovation and Laboratory we wanted to create something for Linux users. We wanted the tool to be accessible, so it could be used to protect sensitive files without doing things like recompiling the kernel or configuring SELinux. We ended up with a new tool, dubbed ChainLock. ChainLock can lock any file on your Linux computer such that it can only be opened by a specific application. For example, it can ensure your wallet.dat file can only be accessed by your bitcoin core application and can’t be opened or copied by malware. How does it work? First, we onboard a file with the ChainLock command line program. This encrypts the target file with a strong password, and then a QR code pops up on screen which we can scan with the companion application for smartphones. Now the key to unlock the protected file is only stored on your phone and can’t be found on your computer. An attacker must compromise both devices to unlock your file without permission. That takes care of protecting the file at rest, but locked files aren’t very helpful when you’re trying to use them. We can ask ChainLock to unlock the file, and a QR code pops up. With the companion app we can select the file we want to unlock, then scan the QR code. The app will send the information necessary to unlock the file to your computer using a Tor hidden service. ChainLock now starts a daemon to watch over the file and only allow access from the authorized binary, and then decrypts the file so it can be used. Now the wallet can only be used with the specified application. Nothing else works! ChainLock also supports upgrading or changing the authorized program, so you can always upgrade your wallet application without fear, or migrate to another device. Where do I get it? You can download ChainLock and the companion application at the ChainLock site. If you want a deeper look at how it works, check out the accompanying walkthrough. The walkthrough will guide you through installing and using ChainLock. You can check this video to see Chainlock in action: With this tool we want to give to the community a new technique to ensure their important files are kept safe. We hope you find it useful. DIARIO Already Detects “Stomped” Macros, But What Are They Exactly?Cybersecurity Weekly Briefing 26 September – 2 October
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...