Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths ElevenPaths participates in AMBER (“enhAnced Mobile BiomEtRics”) project ElevenPaths participates in the AMBER (“enhAnced Mobile BiomEtRics”) project since 1st January 2017 as an Industrial Partner. AMBER is a Marie Skłodowska-Curie Innovative Training Network under Grant Agreement No....
ElevenPaths ElevenPaths Radio English #5 – The Path After a Security Audit What is the path for a company after a security audit? It is increasingly common for companies of all sizes to decide to carry out such analyses, but what...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Cytomic Team, unit of Panda Security Indicators of Compromise, Key to Detecting and Solving Incidents in an Agile Way Quick and agile response to incidents is a basic aspect of a good cybersecurity strategy. Little by little, more and more companies are becoming aware of this, and this...
ElevenPaths Foca Files Finder, our new Chrome extension to feed FOCA Our Chrome extension is really simple. It takes advantage of the Bing technology (already used by FOCA) to perform a search of documents on the domain being visited at the moment...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths Cybersecurity and Business: ElevenPaths at the RSA Conference 2020 We are back from the RSA Conference 2020, the year when the standard ‘humanization of technology’ has been set within the sector. We already predicted it last year with our commitment under...
ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcherInnovation and Laboratory Area in ElevenPaths 4 August, 2020 The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if there are any unnoticed changes. ClipBanker malware takes this into account and tries to stop the process before infecting. The crypto clipboard hijacking technique has been common in malware for years. In 2018 we launched CryptoClipWatcher. Once installed, our tool will check whether, once a wallet or crypto address has been copied to the clipboard, it is changed before it is replaced with something else. We show here a video that explains how it works. ClipBanker Trojan, built in .NET, has been detecting our tool for some time now and trying to stop it. The last known sample we have checked is from May 2020. Let’s see how it works. How This Malware Works As we have mentioned, this malware monitors the clipboard to steal cryptocurrencies, but also exfiltrates private keys from the Wallet Import Format (WIF) through IP logger. The interesting point is how it protects itself from being analysed or stopped. To check if it is running on a virtual machine, it uses WMIC to query BIOS information, in particular it uses the command “wmic bios” and search for words like VBOX, VirtualBox, XEN, qemu, bochs and VM. To detect antiviruses, it also uses WMIC to ask Windows Security Center which products are available. The query is: ManagementObjectSearcher(‘root\\SecurityCenter2’, ‘SELECT * FROM AntivirusProduct’) And then it looks up our CCW. In the following function called CCW, it looks for whether there is a process with a specific name stored in the variable ccwProcessName. The variable is obfuscated: This is a base64 string and XOR f952db5f-fac5-4f65-8d60-db225f0c1c26 has been applied to it in base64. Once resolved: Our application runs with privileges in the system, so the process can only be stopped if the malware runs with those privileges as well. This is the sample we have analysed: 5dd16f9e2351216d683038f772ef8ca07373eb04d4e97b3a031bb98c1dca25c9 Cybersecurity and Pandemic (I): PeopleElevenPaths Joins OpenSSF to Enhance Open Source Software Security
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...
