ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths New Capabilities for the Future of Cybersecurity: Security Innovation Days 2020 (Day 2) Second day of the Security Innovation Days 2020, focusing on the new capabilities we have acquired as a cybersecurity company from Telefónica Tech. A few weeks ago, we announced...
Carmen Dufur Our Story With Govertis Since José Mª Álvarez-Pallete announced the creation of Telefónica Tech last November, ElevenPaths has accelerated its pace to get the complicated yet exciting mission that was entrusted to us...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Carlos Ávila The Dark Side of WebAssembly Nowadays, the technologies for developing software for webs are multiplying rapidly, while introducing, in some cases, new ways of attack or unexpected advantages for attackers. Let’s see what WebAssembly...
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Gonzalo Álvarez Marañón DataCOVID-19: Fighting the Coronavirus by Using the Approximate Location Data of Your Smartphone Find the answers to your questions about how the Spanish Government is using Big Data to improve research on the COVID-19 pandemic.
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Cyber Security Weekly Briefing February 6-12ElevenPaths 12 February, 2021 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the chemical levels to dangerous levels. The intrusion reportedly took place on Friday 5 February, when the attacker gained access on two occasions to a computer system that was configured to allow remote control of water treatment operations. During his second intrusion, which lasted about five minutes, an operator monitoring the system reportedly detected the intruder by moving the mouse cursor on the screen and accessing the software responsible for water treatment, changing the sodium hydroxide (bleach) from approximately 100 parts per million to 11,100 parts per million. City of Oldsmar staff have indicated that the attacker disconnected as soon as the bleach levels were changed and that a human operator immediately reverted these chemical levels back to normal, preventing contaminated water from being delivered to local residents. Authorities have not attributed the attack to any specific group or entity, although it is important to note that the city of Oldsmar is located near the urban centre of Tampa, which hosted Sunday’s Super Bowl. More information: https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/ Microsoft Security Newsletter Microsoft has published its monthly security newsletter in which it has fixed 56 vulnerabilities, 11 of them classified as critical, two as moderate and 43 as important. Among the flaws addressed is the one of the 0-day type in Windows, classified as CVE-2021-1732, which was being exploited before the publication of yesterday’s patches and which would allow an attacker or malicious programme to obtain administrative privileges. Among the other flaws fixed, there are two critical flaws (CVE-2021-24074 and CVE-2021-24094) in the Windows TCP/IP stack, which could enable remote code execution, as well as a third flaw (CVE-2021-24086), which could be used in DoS attacks to crash Windows devices. In addition, a critical remote code execution flaw in the Windows DNS server component (CVE-2021-24078) has also been fixed, which could be exploited to hijack domain name resolution operations within corporate environments and redirect legitimate traffic to malicious servers. Finally, Microsoft also reportedly fixed 6 previously disclosed vulnerabilities (CVE-2021-1721, CVE-2021-1727, CVE-2021-1733, CVE-2021-24098, CVE-2021-24106 and CVE-2021-26701). All the information: https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb SAP Security Update Newsletter SAP has published its monthly security update newsletter in which it has addressed a critical vulnerability in SAP Commerce, among others. The critical flaw, listed as CVE-2021-21477 and with a CVSS of 9.9, affects SAP Commerce product versions 1808, 1811, 1905, 2005 and 2011, and could allow remote code execution (RCE). The company reportedly fixed the flaw by changing the default permissions for new installations of the software, but additional manual remediation actions would be required for existing installations. Such actions, according to security firm Onapsis, could be used as a complete workaround, provided that the latest patches cannot be installed. In addition, updates to six other previously released security advisories have been included, including a fix for flaws in Chromium browser control, which is provided with the SAP enterprise client, which has a CVSS score of 10 and affects version 6.5 of the SAP client. Finally, a critically important flaw (CVE-2021-21465), previously published and updated, which would include multiple flaws in SAP Business Warehouse, a data warehousing product based on the SAP NetWeaver ABAP platform, has been fixed. Users are strongly advised to upgrade to the latest versions of the affected products. More information: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 Microsoft warns of increase in Webshell attacks Microsoft has warned that the volume of monthly Webshell attacks has doubled since last year. Webshells are tools that threat actors deploy on compromised servers to gain and/or maintain access, as well as to remotely execute arbitrary code or commands, move laterally within the network or deliver additional malicious payloads. The latest data from Microsoft 365 Defender shows that this steady increase in the use of Webshells has not only continued but accelerated. In addition, every month from August 2020 through January 2021, they recorded an average of 140,000 of these malicious tools found on compromised servers, nearly double the monthly average seen the previous year. In its publication, Microsoft also provides some advice on how to harden servers against attacks that attempt to download and install a Webshell. Likewise, it is worth recalling that the US National Security Agency, in a joint report issued with the Australian Signals Directorate (ASD) in April 2020, also warned that attacks on vulnerable web servers to deploy Webshell backdoors would be intensifying. It should also be added that the NSA has a repository of tools that organisations and administrators can use to detect and block this type of threats. More details: https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/ If you want to receive more information in real time, subscribe to our cybersecurity news and reflections channel created by the ElevenPaths Innovation and Lab team. Visit the CyberSecurityPulse page. Triki: Cookie Collection and Analysis Tool26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...