ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Andrés Naranjo The Challenge of Online Identity (I): Identity Is the New Perimeter We often find ourselves in situations where we are faced with a mission and, as the mission goes on, we realise that the first choices we made were not...
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cybersecurity Weekly Briefing August 22-28 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Cyber Security Weekly Briefing 31 October – 6 NovemberElevenPaths 6 November, 2020 Apple fixes 3 0-day vulnerabilities Apple, with the launch of the new iOS 14.2 version, has corrected three 0-day vulnerabilities that would be actively exploited and that would affect iPhone, iPad and iPod devices. These bugs were notified to Apple by Google Project Zero’s team of security analysts, who are also credited with the discovery of the recently reported 0-day vulnerabilities in Chrome and Windows. CVE-2020-27930: This is a remote code execution (RCE) bug and is due to a memory corruption flaw when the FontParser library processes a malicious source.CVE-2020-27932: This is a 0-day kernel privilege escalation vulnerability that would allow malicious applications to execute arbitrary code with those privileges.CVE-2020-27950: would allow malicious applications to access kernel memory due to a flaw initializing the kernel. It is recommended to upgrade to iOS 14.2 as soon as possible. Cyberattacks on the industrial sector through remote management systems In 2018, Kaspersky reported on a phishing campaign aimed at industrial sector entities, especially in manufacturing, which was intended to spread malware. Recently, since summer of 2019 until this autumn, they have been able to detect a new wave of this campaign which includes improved attack techniques. The threat agents use as a pretext in the phishing emails documents that detail the configuration of equipment, industrial processes, etc. all of which have been stolen from the victim company itself or from one of its collaborators. The distributed malware allows attackers to use remote administration tools, hiding their usage from the user, and even applying them as C2, as is the case with the web interface of the RMS platform in the cloud. The use of apyware and Mimikatz for the theft of credentials and lateral movement to other systems on the network has also been seen. The ultimate goal it’s still the achievement of economic benefits. Active exploitation of the 0-day vulnerability in Windows not yet corrected Google discloses Windows 0-day vulnerability (CVE-2020-17087), which is not yet patched, used as part of an exploit chain that also includes a Google Chrome 0-day (CVE-2020-15999) already patched in the 86.0.4240.111 version. The Chrome 0-day was used to allow attackers to run malicious code inside Chrome, while the Windows 0-day allows sandbox escape where threat actors could escape Chrome’s secure container and run code on the underlying operating system. The Google Project Zero team notified Microsoft and gave the company seven days to patch the bug before to disclose the vulnerability details and a proof of concept exploit. According to Google’s report, the 0-day is a bug in the Windows kernel that can be exploited to elevate an attacker’s code with additional permissions and the vulnerability impacts all Windows versions between Windows 7 and the most recent Windows 10 release. The vulnerability is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday. Windows virtual machines new RegretLocker ransomware target The new ransomware called RegretLocker, which was discovered in October by MalwareHunterTeam researchers, has the peculiarity of not using a ransom note and uses an email for communications instead of a web page in Tor. When encrypting the files, RegretLocker adds the extension .mouse to the names of the encrypted files. Although apparently simple, this ransomware has advanced features that are not common in its family of malware infections, it is able to encrypt Windows virtual machines and close open files for encryption. When ransomware encrypts files on a computer, it does not usually encrypt very large files such as virtual machines as it slows down the entire encryption process. However, RegretLocker uses the Windows Virtual Storage API, OpenVirtualDisk, AttachVirtualDisk and GetVirtualDiskPhysicalPath to encrypt virtual machines. It also uses the Windows Restart Manager API to terminate Windows processes or services that keep a file open during encryption. Data on 34 million stolen users from 17 companies for sale According to the specialist technology media BleepingComputer, a malicious player has released 34 million user records, claiming that they come from information leaks from 17 different companies. The vendor created a thread in a hacker forum on October 28th, detailing the type of information exposed in each of the databases. This information includes e-mails, passwords in different formats, user names, phone numbers, dates of birth, addresses and other sensitive data. The companies affected belong to a wide range of professional sectors and geographical locations. None of them had reported recent data leaks, and only two of them have done so after being contacted by the authors of the article: Singapore’s online supermarket RedMart and Thailand’s review page Wongai. Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America¿Ransomware in Pandemic or Ransomware Pandemic?
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...