ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths Cybersecurity Weekly Briefing 13-19 June Ripple 20 Vulnerabilities in TCP/IP Software JSOF researchers have discovered 19 0-day vulnerabilities, collectively called Ripple 20, in the TCP/IP software library developed by Treck that would affect more than...
ElevenPaths ElevenPaths Radio English #5 – The Path After a Security Audit What is the path for a company after a security audit? It is increasingly common for companies of all sizes to decide to carry out such analyses, but what...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
ElevenPaths ElevenPaths Approaches the Cyber Security Paradigm Shift and the New Era’ s Digital Transformation in the SID 2020 Telefónica Tech’s cyber security company is holding its 8th Security Innovation Days, this time in a virtual format and extending from one to three half-days, on October 20th, 21st...
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
ElevenPaths Tackling Cybercrime: Three Recommendations for 2018 In 2017 we saw ransomware variants such as Wannacry wreak havoc across computer networks in the UK. Not only were these variants of malware almost impossible to remove from...
Cyber Security Weekly Briefing December 5-11ElevenPaths 11 December, 2020 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of the fixed vulnerabilities are critical, 48 are of significant severity and two are of moderate risk. Among the total number of patches published, 22 updates stand out which refer to remote code execution (RCE) failures, affecting products such as Exchange Server or SharePoint, among others. Among the CERs, the one affecting Hyper-V (CVE-2020-17095) is noteworthy, as it is exploitable through a malicious SMB package and could compromise the security of virtual machines created with the application. More information: https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec Exploitation of Vulnerabilities by Russian Threat Agents in Virtualized Environments The National Security Agency (NSA) has issued a cyber security advisory detailing how Russian threat agents may have exploited a command injection vulnerability in VMware products (CVE-2020-4006), thereby gaining access to protected data and affecting systems. Exploiting this vulnerability requires the attacker to have access to the device’s management interface, which would allow him to forge credentials by sending apparently authentic requests with SAML (Security Assetion Markup Language) and thus gain access to protected data. Vulnerable products include VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. The NSA recommends that NSS, DoD and DIB system administrators apply the patch issued by the supplier as soon as possible. If an immediate patch is not possible, system administrators should apply the following mitigations: detection of indicators in the activity logs, deactivation of the configuration service, correct configuration of authentication measures on servers and services, as well as configuration of unique and strong passwords. More details: https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195976_20.PDF Pharmaceutical Companies Admit to Unauthorized Access EMA, the European regulatory body in charge of approving vaccines against COVID-19, has announced that it has fallen victim to a cyber-attack and has begun an investigation to clarify the violation of its systems. In this sense, the companies BioNTech and Pfizer have confirmed the detection of unauthorized access to confidential documentation related to the vaccine they have developed. The pharmaceutical company Sinopharm International Corporation, whose vaccine for COVID-19 is currently in phase three of the clinical analyses, has also been impersonated for the distribution of a new version of the Zebrocy malware, written in Go. This malware has been linked primarily to government institutions and commercial organizations involved in foreign affairs. In recent months, we have been seeing pharmaceutical companies developing vaccines against COVID-19 being compromised by state-backed up threat agents (Fancy Bear APT28, Lazarus Group or Cerium, among others). Most of these attacks begin with phishing campaigns with malicious files attached, aimed at collecting credentials and then compromising the systems of these companies. All the information: https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agency Total System Services (TSYS) Victim of Conti Ransomware On December 8, the operators of Conti ransomware made public on its blog in the Dark Web the compromise of the financial sector company Total System Services (TSYS), publishing 15% of the information stolen. The company has confirmed that they stopped the attack as soon as they became aware of it, determining that no interruptions in the payment service would have been generated and that cards data would not have been extracted. Fabian Wosar, CEO of the IT security company Emsisoft, says that Conti operators only post the information on their blog when, having urged the victim to make the payment, the victim refuses. It is estimated that the group of cybercriminals behind the Conti compromise could be the same ones that operate Ryuk, who were linked by the cybersecurity company CrowdStrike to the WIZARD SPIDER group from Russia. More information: https://krebsonsecurity.com/2020/12/payment-processing-giant-tsys-ransomware-incident-immaterial-to-company/ What Is Wrong with Quantum Cryptography That the World’s Largest Intelligence Agencies Discourage Its UseElevenPaths Radio English #5 – The Path After a Security Audit
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths What is VPN and What is It For? VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made...
ElevenPaths Cyber Security Weekly Briefing March 20-26 Analysis of the new cyber-espionage group SilverFish The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
