ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
Innovation and Laboratory Area in ElevenPaths New Version of Our SIEM Attack Framework, Now With 7 Manufacturers For some time now, the ElevenPaths Innovation and Laboratory team has been working on different projects and research related to the security aspects of SIEM (Security Information and Event...
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (I) Imagine that you come back home from San Francisco, just arrived from the RSA Conference. You are unpacking your suitcase, open the drawer where you store your underwear and…...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths ElevenPaths #CyberTricks Last Thursday, November 30th, Cybersecurity Day was celebrated internationally. At ElevenPaths we continue with commemoration, so that we have collected some #CyberTricks from our experts (Chema Alonso, Pablo San...
Sergio De Los Santos Ripple20: Internet Broken Down Again Billions of IoT devices have been affected. However, this is not the first time a catastrophe of this magnitude has occurred.
Cyber Security Weekly Briefing 31 October – 6 NovemberElevenPaths 6 November, 2020 Apple fixes 3 0-day vulnerabilities Apple, with the launch of the new iOS 14.2 version, has corrected three 0-day vulnerabilities that would be actively exploited and that would affect iPhone, iPad and iPod devices. These bugs were notified to Apple by Google Project Zero’s team of security analysts, who are also credited with the discovery of the recently reported 0-day vulnerabilities in Chrome and Windows. CVE-2020-27930: This is a remote code execution (RCE) bug and is due to a memory corruption flaw when the FontParser library processes a malicious source.CVE-2020-27932: This is a 0-day kernel privilege escalation vulnerability that would allow malicious applications to execute arbitrary code with those privileges.CVE-2020-27950: would allow malicious applications to access kernel memory due to a flaw initializing the kernel. It is recommended to upgrade to iOS 14.2 as soon as possible. Cyberattacks on the industrial sector through remote management systems In 2018, Kaspersky reported on a phishing campaign aimed at industrial sector entities, especially in manufacturing, which was intended to spread malware. Recently, since summer of 2019 until this autumn, they have been able to detect a new wave of this campaign which includes improved attack techniques. The threat agents use as a pretext in the phishing emails documents that detail the configuration of equipment, industrial processes, etc. all of which have been stolen from the victim company itself or from one of its collaborators. The distributed malware allows attackers to use remote administration tools, hiding their usage from the user, and even applying them as C2, as is the case with the web interface of the RMS platform in the cloud. The use of apyware and Mimikatz for the theft of credentials and lateral movement to other systems on the network has also been seen. The ultimate goal it’s still the achievement of economic benefits. Active exploitation of the 0-day vulnerability in Windows not yet corrected Google discloses Windows 0-day vulnerability (CVE-2020-17087), which is not yet patched, used as part of an exploit chain that also includes a Google Chrome 0-day (CVE-2020-15999) already patched in the 86.0.4240.111 version. The Chrome 0-day was used to allow attackers to run malicious code inside Chrome, while the Windows 0-day allows sandbox escape where threat actors could escape Chrome’s secure container and run code on the underlying operating system. The Google Project Zero team notified Microsoft and gave the company seven days to patch the bug before to disclose the vulnerability details and a proof of concept exploit. According to Google’s report, the 0-day is a bug in the Windows kernel that can be exploited to elevate an attacker’s code with additional permissions and the vulnerability impacts all Windows versions between Windows 7 and the most recent Windows 10 release. The vulnerability is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday. Windows virtual machines new RegretLocker ransomware target The new ransomware called RegretLocker, which was discovered in October by MalwareHunterTeam researchers, has the peculiarity of not using a ransom note and uses an email for communications instead of a web page in Tor. When encrypting the files, RegretLocker adds the extension .mouse to the names of the encrypted files. Although apparently simple, this ransomware has advanced features that are not common in its family of malware infections, it is able to encrypt Windows virtual machines and close open files for encryption. When ransomware encrypts files on a computer, it does not usually encrypt very large files such as virtual machines as it slows down the entire encryption process. However, RegretLocker uses the Windows Virtual Storage API, OpenVirtualDisk, AttachVirtualDisk and GetVirtualDiskPhysicalPath to encrypt virtual machines. It also uses the Windows Restart Manager API to terminate Windows processes or services that keep a file open during encryption. Data on 34 million stolen users from 17 companies for sale According to the specialist technology media BleepingComputer, a malicious player has released 34 million user records, claiming that they come from information leaks from 17 different companies. The vendor created a thread in a hacker forum on October 28th, detailing the type of information exposed in each of the databases. This information includes e-mails, passwords in different formats, user names, phone numbers, dates of birth, addresses and other sensitive data. The companies affected belong to a wide range of professional sectors and geographical locations. None of them had reported recent data leaks, and only two of them have done so after being contacted by the authors of the article: Singapore’s online supermarket RedMart and Thailand’s review page Wongai. Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America¿Ransomware in Pandemic or Ransomware Pandemic?
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
