ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths Why you are late delivering all your projects and what you can do to address it Anyone who causes harm by forecasting should be treated as either a fool or a liar. Some forecasters cause more damage to society than criminals. —Nassim Taleb, The Black Swan, 2007 In 1957,...
ElevenPaths Security Innovation Days 2020: The New Era Cyber Security in the Digital Transformation Era There is no doubt about it, we are living times of constant changes at all possible levels. There are so many that we are talking about a change of...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Diego Samuel Espitia How to Protect Yourself from Pandemic Cyberattacks Using Free Tools Find out which free tools you can use to protect your computer from common cyberthreats and how to configure them correctly.
Cyber Security Weekly Briefing 28 November – 4 DecemberElevenPaths 4 December, 2020 New version of the TrickBot malware TrickBot botnet operators have added a new capability that allows them to interact with the BIOS or UEFI firmware of an infected computer. This new TrickBot module would increase the persistence of malware and make TrickBot survive even reinstallations of operating systems. Other applications of this new module would be to remotely block a device at the firmware level, avoid security controls such as BitLocker, configure tracking attacks by exploiting Intel CSME vulnerabilities or reverse updates that patch CPU vulnerabilities, among others. So far, the TrickBot module would only be checking the SPI driver to verify whether the BIOS write protection is enabled or not and has not been seen to be modifying the firmware itself. However, the malware already contains code to read, write and delete firmware, suggesting that its creators plan to use it in certain future scenarios. More details: https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ Advantech chip manufacturer ransomware victim Operators of Conti ransomware claim to have compromised Advantech, one of the world’s largest manufacturers of chips for industrial environments (IIoT) and would be demanding a $14 million ransom to decrypt the affected systems and stop the leakage of stolen internal data. On November 26th, the group began publishing part of this internal data on its Deep Web site, with a 3.03GB file that corresponds to the 2% of the data they claim to possess. The Conti operators also claim that they have backdoors implemented in the company’s network that they will eliminate once the ransom is paid. Advantech has made no public statement about this attack so far. All the info: https://www.bleepingcomputer.com/news/security/iiot-chip-maker-advantech-hit-by-ransomware-125-million-ransom/ Sale of access to high level executive email accounts A threat agent has put passwords to access email accounts of senior executives on sale at a well-known underground forum. The credentials give access to Office 365 and Microsoft and their prices range from $100 to $1,500, depending on the size of the company and the user’s charge. Among the accounts marketed are those of CEOs, CFOs, presidents, vice presidents and other similarly qualified managers. A cyber security researcher, who prefers to remain anonymous, has confirmed the validity of the data offered for sale by acquiring several credentials belonging to the CFO of a European retail company and the CEO of a US software company. The origin of the credentials is not known with certainty, but it is possible that they could come from data recovered from AZorult infections, as the same threat agent had previously expressed an interest in accessing this type of information. Learn more: https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/ Crutch, Turla’s cyber espionage tool ESET security researchers have discovered a new malware with infostealer and backdoor capabilities linked to the Russian-speaking cyber espionage group APT Turla. The malware is actually a set of tools called “Crutch” that can elude security measures by abusing legitimate platforms, including the Dropbox file sharing service, to hide behind normal network traffic. This malware, used from 2015 to early 2020, was reportedly designed to exfiltrate confidential documents and other files to different Dropbox accounts controlled by Turla operators. Moreover, Crutch seems to be deployed not as a backdoor entry but after the attackers have already compromised the network of their victims. Researchers claim to have found this malware on the network of a Foreign Ministry in an EU country, suggesting that Crutch is being used for very specific purposes. All the info: https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/ Critical vulnerability, firewalls and ZYXEL’s VPN Zyxel’s security teams have confirmed the finding of a critical vulnerability affecting their firewall and VPN access point solutions that would allow threat agents to run remote code on the victim’s system. Identified as CVE-2020-25014, this is a buffer overflow flaw that can lead to memory corruption problems by sending a specially designed Http packet. The vulnerability has been assigned a criticality of 8.5/10 based on CVSSv3. Experts consider it to be highly exploitable, although further details are unknown. All Zyxel products affected by the bug are compatible with Facebook’s WiFi feature. The bugs have been fixed in the V4.39 versions of the ZLD firmware and in the V6.10 and later versions of the Unified and Standalone series. More: https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml Tell Me What Data You Request from Apple and I Will Tell You What Kind of Government You AreWhat Is Wrong with Quantum Cryptography That the World’s Largest Intelligence Agencies Discourage Its Use
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths What is VPN and What is It For? VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made...
ElevenPaths Cyber Security Weekly Briefing March 20-26 Analysis of the new cyber-espionage group SilverFish The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....