ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Innovation and Laboratory Area in ElevenPaths TheTHE: The Threat Hunting Environment, our tool for researchers TheTHE, a unique tool within its category that allows analysts and hunters to carry out their research tasks in a more agile and practical way.
Diego Samuel Espitia When Preventing a Cyberattack Becomes a Vital Decision In recent years, the number of incidents in critical infrastructure networks and industrial systems has increased significantly. There have been attacks with a high degree of complexity and knowledge...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Gonzalo Álvarez Marañón China Leads the Race Towards an Attack-Proof Quantum Internet We are one step closer to reaching the Holy Grail of cryptography. Discover the details in this article.
ElevenPaths Expanding Neto capabilities: how to develop new analysis plugins In previous posts we have introduced Neto as a browser extension analyzer. The first version we released, 0.5.x included a CLI, a JSON-RPC interface and could be used directly...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Gonzalo Álvarez Marañón Zoom Seeks to Be More Secure and Purchases Keybase The most downloaded video call app during the quarantine responds to criticism for its serious security and privacy issues.
ElevenPaths Cyber Security Weekly Briefing January 23-29 Attack against SonicWall by exploiting a possible 0-day in its VPN appliances Firewall manufacturer SonicWall has issued a security alert warning that it has detected a sophisticated attack against...
Cyber Security Weekly Briefing 30 January – 5 FebruaryElevenPaths 5 February, 2021 Chrome will reject Camerfirma’s certificates Google plans to ban and remove Chrome’s support for digital certificates issued by the certification authority (CA) Camerfirma, a Spanish company that is widely deployed in different public administrations of all kinds, including the Tax Agency. The restriction will come into force with the launch of Chrome 90, scheduled for mid-April this year. With the new version of the browser, all websites that use TLS certificates issued by Camerfirma to secure their HTTPS traffic will display an error and will not load in Chrome. The decision to ban Camerfirma’s certificates was announced after the company took more than six weeks to explain a series of 26 incidents related to its certificate issuing process. So far, the other major browser suppliers (Apple, Microsoft and Mozilla) have not indicated taking similar action but are expected to do so in the coming weeks. More details: https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/ Google and Qualcomm patch critical Android vulnerabilities The February security newsletter issued by Google fixes, among others, two vulnerabilities considered to be of critical severity. Both bugs, CVE-2021-0325 and CVE-2021-0326, allow remote execution of arbitrary code (RCE) within the context of a privileged process by sending a specially crafted packet or broadcast. The same newsletter also includes references to several vulnerabilities in Qualcomm components, reported by Qualcomm in its own security newsletter. Three of them are of critical severity: CVE-2020-11272, affecting the WLAN component with a CVSS score of 9.8 out of 10; CVE-2020-11163 and CVE-2020-11170 affecting proprietary software components present in the operating system. All of them have been fixed and no evidence of active exploitation is available. More information: https://source.android.com/security/bulletin/2021-02-01 Google fixes a 0-day in Chrome Yesterday, 4 February, Google released the 88.0.4324.150 version of Chrome for Windows, Mac and Linux, which will be progressively implemented in the user base over the next few days. This new update follows the recent release of version 88.0.4324.146, which fixed six other vulnerabilities in the same browser (CVE-2021-21142/21147). This time the new version is released to fix a 0-day, identified as CVE-2021-21148, reported on 24 January by researcher Mattias Buelens. The bug involves a stack overflow in the v8 JavaScript engine, and can be exploited by attackers to execute arbitrary code on systems running previous versions of Chrome. In its publication, Google confirms the existence of functional exploits for this vulnerability. Zdnet points out the coincidence between the report of the vulnerability on 24 January and the publication, days after the findings by Google on 25 January and by Microsoft on 28 January of a campaign of attacks against security researchers. Within the two articles, the firms mention the exploitation of 0-day vulnerabilities in browsers to execute malware on the researchers’ systems. Google has not confirmed this speculation, as it has not confirmed that the vulnerability fixed in this new version (CVE-2021-21148) is the one used in the attacks. All the information: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html SonicWall fixes an actively exploited 0-day vulnerability SonicWall has released an update that fixes a 0-day vulnerability in the SMA 100 series firmware. On 22 January, the company reported that it was the victim of a coordinated attack against its internal systems through the possible exploitation of 0-day vulnerabilities. The internal investigation identified the flaw in the Secure Mobile Access (SMA) product, version 10x, and recommended that clients should enable multi-factor authentication on affected devices as a mitigation measure. On 31 January, NCC Group informed SonicWall of details of the identified vulnerability, listed as CVE-2021-20016, which could allow an unauthenticated attacker to remotely exploit the vulnerability via an SQL query that would provide the username password and other session-related data. At this time, no detail about the actor behind the attacks against SonicWall has yet been identified. More details: https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/ CacheFlow – Malicious Chrome and Edge extensions steal and manipulate user data Security researchers at Avast have published a new blog post with more details on the threat known as CacheFlow, which was unveiled last December 2020 by researchers at CZ.NIC and which has been active since at least October 2017. In the new article, Avast describes a campaign involving a wide network of malicious extensions for Chrome and Edge browsers, with more than three million installations in total. The CacheFlow attack is carried out in several steps, starting when a user downloads one of the extensions. A few days after installation, a new payload is downloaded from a covert channel, which eventually downloads the CacheFlow payload. At this point, every time the browser is launched, CacheFlow tries to steal information from the user’s Google account, injects malicious code into all new tabs opened and hijacks users’ clicks to modify search results. According to Avast’s research, the most affected countries by the attack are Brazil, Ukraine and France, although downloads of these extensions from Spain have also been detected. More information: https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/ Snitch Cryptography: How to Crack Tamper-Proof DevicesDigital Zombies and Social Engineering
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...