ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
ElevenPaths ElevenPaths and Chronicle partner to create new advanced managed security services ElevenPaths, Telefónica’s cybersecurity company, today announced a strategic collaboration with Chronicle, a cybersecurity solutions company part of Google Cloud, aimed at bringing more powerful and flexible managed security analytics...
ElevenPaths New report: Twitter botnets detection in sports event We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks,...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
Innovation and Laboratory Area in ElevenPaths #CyberSecurityPulse: Non-Headlined Technical News with RSS and Website Find out all about #CyberSecurityPulse, our Telegram cybersecurity news channel.
ElevenPaths How the “antimalware” XProtect for MacOS works and why it detects poorly and badly Recently, MacOS included a signature in its integrated antivirus, intended to detect a binary for Windows; but, does this detection make sense? We could think it does, as a...
ElevenPaths New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
Gonzalo Álvarez Marañón The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections How does Apple's and Google's technology developed for tracing Covid-19 infections work?
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
#CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone’s BusinessElevenPaths 9 January, 2018 The new year has started with a story that has taken the covers of specialized and generalist media all around the world. The vulnerabilities named as Meltdown and Spectre have put on the table that even aspects that we took for granted as the architecture of the hardware that makes operate almost all of our systems is likely to have to be reinvented. The correction of this type of failures in the future should be put to the test with new designs that prevent them, but until these new systems go on the market it is necessary to find contingency software solutions that mitigate the problem in the meantime. The different operating systems have tried to deal with a vulnerability that was notified to several operating systems security teams on November 9, 2017. In fact, the proofs of concept included in the Meltdown paper are made on Firefox 56, which was the current stable version until the arrival of Firefox Quantum (version 57) on November 14 of that same month. According to the managers of Canonical, the company responsible for the development and maintenance of Ubuntu, this date is important providing that this was used on November 20 as a reference to establish a consensus about January 9, 2018 as the date for the publication of the details of the vulnerability by its authors. This period of “responsible disclosure” is common in the resolution of vulnerabilities. Its objective is to guarantee that the development teams of the affected products (in this case, practically all the systems that we use from Windows to MacOS through all types of Linux or Android-based systems) have a prudent period to study the problem and develop and test the necessary patches. It is true that this operating scheme places some people in an advantageous position taking into account that they will be informed of the existence of security flaws earlier than anyone else so that they could exploit this information in beforehand. However, this is a necessary toll to pay to ensure that the identification of security issues is, both, properly recognized first and quickly patched by the time it is published. For this reason, transparent and diligent action by people who have access to this information is necessary and enforceable. Regardless of whether the reasons for advancing the committed date of publication are justified or not (if the fear was a possible loss of authorship, the papers could have been timestamped in any public blockchain blockchain, for example), we have to be clear about our priorities to face problems reported with enough time to be fixed in reasonable periods of time because, unfortunately, there may not be a second chance to protect our systems. Top Stories Spear Phishing Attacks Already Targeting Pyeongchang Olympic Games Security researchers from McAfee reported hackers are already targeting Pyeongchang Olympic Games, many organizations associated with the event had received spear phishing messages. The campaigns have begun on December 22, attackers used spoofed messages that pretend to come from South Korea’s National Counter-Terrorism Center. The analysis revealed the email was sent from an address in Singapore and referred alleged antiterror drills in the region in preparation for the Olympic Games. Attackers attempt to trick victims into opening a document in Korean titled “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.” More information at McAfee Iran Infy Group MayAattempt To Target Protesters and Their Foreign Contacts According to cybersecurity firms and researchers, a nation-state actor called Infy is intensifying its attacks against anyone is in contact with protesters. The Infy malware was first submitted to VirusTotal on August 2007, meanwhile, the C&C domain used by the oldest sample spotted by the experts has been associated with a malicious campaign dated back December 2004. The malware evolved over the years, the authors improved it by implementing new features such as support for the Microsoft Edge web browser that was introduced in the version 30. Unlike other Iranian nation-state actors who target foreign organizations, the Infy group appears focused on opponents and dissidents. More information at Palo Alto Rest of the Week´s News CoffeeMiner: Hacking WiFi Networks To Mine Cryptocurrencies A developer named Arnau has published a proof-of-concept project dubbed CoffeeMiner for hacking public Wi-Fi networks to inject crypto-mining code into connected browsing sessions, an ingenious method to rapidly monetize illegal efforts. Arnau explained how to power a Man-In-The-Middle attack to inject some javascript in the html pages accessed by the connected users. In this way all the devices connected to a WiFi network are forced to be mine a cryptocurrency. More information at Security Affairs Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases A critical security vulnerability has been reported in phpMyAdmin, one of the most popular applications for managing the MySQL database, which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x (prior to 4.7.7). More information at The Hacker News Critical Unpatched Flaws Disclosed In Western Digital ‘My Cloud’ Storage Devices Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital’s My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. More information at Gulftech Further Reading Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers More information at The Hacker News PyCryptoMiner Botnet, a New Crypto-Miner Botnet Spreads Over SSH More information at Security Affairs Member of Lurk Gang Admits Creation of WannaCry for Intelligence Agencies More information at Security Affairs Sign up for our newsletter! Come to Create Technology at Telefónica’s Chief Data Office Unit#CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address?
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
Innovation and Laboratory Area in ElevenPaths #CyberSecurityPulse: Non-Headlined Technical News with RSS and Website Find out all about #CyberSecurityPulse, our Telegram cybersecurity news channel.
Gonzalo Álvarez Marañón The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections How does Apple's and Google's technology developed for tracing Covid-19 infections work?
Innovation and Laboratory Area in ElevenPaths Winner of the #EquinoxRoom111 Contest We already have a winner of TheTHE's plugin contest. Discover our collaborative tool for Threat Hunting teams.
Innovation and Laboratory Area in ElevenPaths Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org) Discover how VCryptor ransomware works and the tool we have developed as part of NoMoreRansom.org to decrypt it.
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
