ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Hiding Keys Under the Mat: Governments Could Ensure Universal Insecurity The doorbell rang. “Who will be ringing now?” asked Brittney Mills, as she struggled to get off the couch. Her eight months of pregnancy were beginning to hinder her...
ElevenPaths Security and electronic signature for any enterprise ElevenPaths, Microsoft and Gradiant have collaborated to allow companies to benefit from an advanced platform for electronic signatures and digital certificate safekeeping, integrated with a cloud service for HSM...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Innovation and New Cybersecurity Tools: Security Innovation Days 2020 (Day 3) This was the 8th edition of the Security Innovation Days 2020 so far. Three intense days in which innovation in cybersecurity and the digital transformation have been the essence...
Franco Piergallini Guida Adversarial Attacks: The Enemy of Artificial Intelligence (II) In Machine and Deep Learning, as in any system, there are vulnerabilities and techniques that allow manipulating its behaviour at the mercy of an attacker. As we discussed in...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths Curiosities About Windows XP Code Leak A few days ago, attention was focused on Reddit, within a community that is characterised by its conspiracy theories. According to the news it consisted of filtering 43 GBs...
ElevenPaths New Call: ElevenPaths CSE Programme If you are passionate about cybersecurity, join the ElevenPaths CSE programme and enjoy all its benefits. Don't miss it!
Cyber Security Weekly Briefing December 5-11ElevenPaths 11 December, 2020 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of the fixed vulnerabilities are critical, 48 are of significant severity and two are of moderate risk. Among the total number of patches published, 22 updates stand out which refer to remote code execution (RCE) failures, affecting products such as Exchange Server or SharePoint, among others. Among the CERs, the one affecting Hyper-V (CVE-2020-17095) is noteworthy, as it is exploitable through a malicious SMB package and could compromise the security of virtual machines created with the application. More information: https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec Exploitation of Vulnerabilities by Russian Threat Agents in Virtualized Environments The National Security Agency (NSA) has issued a cyber security advisory detailing how Russian threat agents may have exploited a command injection vulnerability in VMware products (CVE-2020-4006), thereby gaining access to protected data and affecting systems. Exploiting this vulnerability requires the attacker to have access to the device’s management interface, which would allow him to forge credentials by sending apparently authentic requests with SAML (Security Assetion Markup Language) and thus gain access to protected data. Vulnerable products include VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. The NSA recommends that NSS, DoD and DIB system administrators apply the patch issued by the supplier as soon as possible. If an immediate patch is not possible, system administrators should apply the following mitigations: detection of indicators in the activity logs, deactivation of the configuration service, correct configuration of authentication measures on servers and services, as well as configuration of unique and strong passwords. More details: https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195976_20.PDF Pharmaceutical Companies Admit to Unauthorized Access EMA, the European regulatory body in charge of approving vaccines against COVID-19, has announced that it has fallen victim to a cyber-attack and has begun an investigation to clarify the violation of its systems. In this sense, the companies BioNTech and Pfizer have confirmed the detection of unauthorized access to confidential documentation related to the vaccine they have developed. The pharmaceutical company Sinopharm International Corporation, whose vaccine for COVID-19 is currently in phase three of the clinical analyses, has also been impersonated for the distribution of a new version of the Zebrocy malware, written in Go. This malware has been linked primarily to government institutions and commercial organizations involved in foreign affairs. In recent months, we have been seeing pharmaceutical companies developing vaccines against COVID-19 being compromised by state-backed up threat agents (Fancy Bear APT28, Lazarus Group or Cerium, among others). Most of these attacks begin with phishing campaigns with malicious files attached, aimed at collecting credentials and then compromising the systems of these companies. All the information: https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agency Total System Services (TSYS) Victim of Conti Ransomware On December 8, the operators of Conti ransomware made public on its blog in the Dark Web the compromise of the financial sector company Total System Services (TSYS), publishing 15% of the information stolen. The company has confirmed that they stopped the attack as soon as they became aware of it, determining that no interruptions in the payment service would have been generated and that cards data would not have been extracted. Fabian Wosar, CEO of the IT security company Emsisoft, says that Conti operators only post the information on their blog when, having urged the victim to make the payment, the victim refuses. It is estimated that the group of cybercriminals behind the Conti compromise could be the same ones that operate Ryuk, who were linked by the cybersecurity company CrowdStrike to the WIZARD SPIDER group from Russia. More information: https://krebsonsecurity.com/2020/12/payment-processing-giant-tsys-ransomware-incident-immaterial-to-company/ What Is Wrong with Quantum Cryptography That the World’s Largest Intelligence Agencies Discourage Its UseElevenPaths Radio English #5 – The Path After a Security Audit
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...