Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
ElevenPaths #CyberSecurityPulse: The eternal dispute: backdoors and national security A bipartisan group of legislators from the house of representatives has introduced a piece of legistation which will prevent the federal government of the United States from demanding companies...
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Innovation and Laboratory Area in ElevenPaths New TheTHE Version with URLScan and MalwareBazaar Plugins The first time an IoC lay on your hands. Let’s say it is a hash, URL, IP or a suspicious domain. You need to know some basic information. Is...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Christian F. Espinosa Velarde FaceApp and Personal Data, Hadn´t We Talked About This Already? Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being...
Cybersecurity Weekly Briefing 29 August-4 SeptemberElevenPaths 4 September, 2020 Red Dawn, new attached document from Emotet The use of a new attached document template by Emotet has been identified over the past week. The name given by security researcher Joseph Roosen to this malicious Word file (.doc) attached to spam campaign emails is Red Dawn. When opened, it is indicated that the document “is protected” and the preview is therefore not available, so it is necessary to “enable editing” and “enable content” in order to view it. If the victim follows these steps, malicious macros that download and install the Emotet malware on the system will be executed. Previously this summer, Emotet has been making use of a similar template in which it indicated that the document had been created in iOS, thus being necessary to “enable editing” and “enable content” in order to view it. It is important to note the importance of detecting these emails from Emotet since it is the gateway to Trojans such as TrickBot and QBot, and these, in turn, to ransomware such as Conti or ProLock. More: https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ Vulnerability in EMV, bank card communication protocol Researchers have discovered techniques to bypass PIN-code authentication in contactless Visa bank card transactions. This is an EMV protocol flaw, specifically in the bank card verification method, which lacks cryptographic protection and allows a threat agent to carry out a Man-In-The-Middle (MITM) attack. Researchers have allegedly proved that the PIN can be bypassed in the payment process due to the fact that the device does not require entering the code as it believes the consumer has authenticated. To do so, they used a proof of concept based on an Android application called Tamarin . The proof of concept, carried out in shops and other establishments, was successful in evading the PIN on Visa Credit, Visa Electron and VPay cards. More info: https://arxiv.org/pdf/2006.08249.pdf Epic Manchego: obfuscation in maldoc delivery NVISO researchers have revealed new techniques for obfuscation of maldocs that elude detection by some surveillance systems. These are malicious Excel documents that disseminate malware through VBA code, which are created without the use of Microsoft Office. An analysis by researchers has disclosed the use of tools such as EPPlus, software used for producing documents with a .NET library that creates Office Open XML (OOXML) worksheets. This technique provides files with uncompiled VBA code, a feature that can be achieved only by Office, which is delivered in plain text without encryption, but protected by a password that does not need to be entered for the macros to be executed. Once the macros have been enabled and their process completed, a payload is obtained that initiates a second phase of infection, identify by security venders as Tesla Agent. After the dynamic loading of a DLL, as a third phase of the attack, an infostealer is downloaded to exfiltrate sensitive data from the victim’s computer. More: https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/ European ISPs suffer DDoS attacks More than a dozen Internet Service Providers (ISPs) in Europe have reported DDoS attacks targeting their DNS infrastructure. The list of ISPs that were attacked during the last week includes Belgian operator Edpnet, France’s Bouygues Telecom, FDN, K-net, SFR and the Dutch Caiway, Delta, FreedomNet, Online.nl, Signet and Tweak.nl. The attacks did not last more than a day and all were eventually mitigated, but ISP services were down while the DDoS was active. NBIP, a non-profit organization founded by Dutch ISPs to collectively combat DDoS attacks and the Government´s telephone tapping attempts, has provided additional information on last week’s incidents indicating that “several attacks were directed at routers and DNS infrastructure of Benelux based ISPs”. Moreover, NBIP addresses that “most of the attacks were DNS amplification and LDAP type attacks”. “Some of the attacks took more than 4 hours and reached a volume close to 300 Gbit/s”. More: https://www.zdnet.com/article/european-isps-report-mysterious-wave-of-ddos-attacks/ Cybersecurity Weekly Briefing August 22-28We Acquire iHackLabs to Boost the Training of Our Ethical Hackers
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
Innovation and Laboratory Area in ElevenPaths New TheTHE Version with URLScan and MalwareBazaar Plugins The first time an IoC lay on your hands. Let’s say it is a hash, URL, IP or a suspicious domain. You need to know some basic information. Is...
Franco Piergallini Guida Adversarial Attacks: The Enemy of Artificial Intelligence (II) In Machine and Deep Learning, as in any system, there are vulnerabilities and techniques that allow manipulating its behaviour at the mercy of an attacker. As we discussed in...
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
