ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths #CyberSecurityPulse: Private enterprise’s sad contribution to sharing threat intelligence in the United States After just over two years of Congress passed a major bill that encouraged businesses to share with the government how and when threat actors were trying to get into...
ElevenPaths Cyberintelligence Report: Global Banking Cyber Report As the world becomes more digital, new opportunities and threats arise and we tend to focus more on our daily business. As a result, when we are trying to...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
ElevenPaths New tools: Metashield Bots, analyzing and cleaning metadata for everyone, from everywhere You all know Metashield. Basically, it is a technology from our own to analyze and clean metadata, that is used in several of our own products. Although metadata seems...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Curiosities About Windows XP Code Leak A few days ago, attention was focused on Reddit, within a community that is characterised by its conspiracy theories. According to the news it consisted of filtering 43 GBs...
Cybersecurity Weekly Briefing 13-19 JuneElevenPaths 19 June, 2020 Ripple 20 Vulnerabilities in TCP/IP Software JSOF researchers have discovered 19 0-day vulnerabilities, collectively called Ripple 20, in the TCP/IP software library developed by Treck that would affect more than 500 vendors worldwide. The millions of devices affected by these flaws are present everywhere, including homes, hospitals, industries, nuclear power plants and the retail sector, among others. An unauthenticated remote attacker could use specially-designed network packets to cause a denial of service, leak information, or execute arbitrary code. Of the 19 vulnerabilities, there are 4 critical ones with CVSS scores over 9 (two of them, CVE-2020-11896 and CVE-2020-11897 scored 10). They would allow an attacker to remotely execute arbitrary code on the compromised devices. Some vulnerabilities have already been patched by Treck in version 6.0.1.67. However, many devices will not be patched, so it is recommended to minimize their exposure to the Internet. More info: https://www.jsof-tech.com/ripple20/ Adobe Fixes 18 Critical Bugs Adobe has released an out-of-band security update patch to fix 18 critical flaws that could allow attackers to execute arbitrary code on systems running vulnerable versions of Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition on Windows and MacOS devices. The vulnerabilities found in these five Adobe products were caused by out-of-bounds reading and writing, stack overflow, and memory corruption errors. Adobe also fixed a “critical” severity vulnerability (CVE-2020-9666) that allowed disclosure of information and affected Adobe Campaign Classic. Adobe advises users to update vulnerable applications to the latest versions using the Creative Cloud update mechanism in order to block attacks that might attempt to exploit unpatched installations. More details: https://helpx.adobe.com/security.html RCE Vulnerability Analysis on Microsoft SharePoint Server Zero Day Initiative researchers have published a remote code execution vulnerability analysis on Microsoft SharePoint Server CVE-2020-1181, fixed this month. The bug would allow an authenticated user to execute arbitrary .NET code on the compromised server. For the attack to be successful, the attacker should have “add and customize pages” permissions on the target SharePoint site. However, the default configuration of SharePoint servers allows authenticated users to perform this function. Therefore, the threat actor could create the malicious site directly from the SharePoint web editor, and it would be considered a legitimate site. More: https://www.zerodayinitiative.com/blog/2020/6/16/cve-2020-1181-sharepoint-remote-code-execution-through-web-parts AWS Shield Mitigates the Greatest DDoS Attack to Date Following the AWS Shield Theat Landscape report, it has been announced that this Amazon service has managed to mitigate the biggest DDoS attack ever experienced, with a volume of 2.3 Tbps. The target of this attack is unknown, but it has been detailed that this incident was carried out by using CLDAP (Connection-less Lightweight Directory Access Protocol) web servers and was ongoing for three days. This protocol is an alternative to LDAP and is used to connect, search and modify shared directories on the Internet. It is also well documented that CLDAP servers amplify DDoS traffic by 56 to 70 times their initial size, making it a highly sought-after protocol to support DDoS services made available on the market for threat actors. It’s worth mentioning that the previous record for the highest volume of DDoS attack was detected in March 2018, with a total of 1.7 Tbps. More information: https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf Vulnerability in Pulse Secure Client Timmy Security Network researchers have discovered a privilege escalation vulnerability in the Pulse Secure Client for Windows systems. By exploiting this flaw, threat actors could abuse PulseSecureService.exe to run an arbitrary Microsoft Installer file (.msi) with SYSTEM privileges, granting them admin permissions. The vulnerability is present in the dsInstallerService component, that gives users without admin privileges the ability to install new components or update them using the installers provided by Pulse Secure. This bug has been successfully tested in versions prior to 9.1.6. More: https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/ Popular Docker Images under Security ScrutinyMost Software Handling Files Overlooks SmartScreen in Windows
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...