ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Gonzalo Álvarez Marañón Rock, Paper, Scissors and Other Ways to Commit Now and Reveal Later Have you ever played rock, paper, scissors? I bet you have. Well, let’s put the tin lid on it: how would you play through the phone? One thing is...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Sergio De Los Santos Pay When You Get Infected by Ransomware? Many Shades of Grey The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport20H2: Microsoft Corrects Many More Vulnerabilities, But Discovers Far Fewer There are many reports on security trends and summaries, but at ElevenPaths we want to make a difference. From the Innovation and Laboratory team, we have just launched our...
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
Diego Samuel Espitia Detecting the Indicators of An Attack We always choose to implement prevention and deterrence rather than containment mechanisms in security. However, the implementation of these mechanisms is not always effective or simple to set up...
Cybersecurity Weekly Briefing 29 August-4 SeptemberElevenPaths 4 September, 2020 Red Dawn, new attached document from Emotet The use of a new attached document template by Emotet has been identified over the past week. The name given by security researcher Joseph Roosen to this malicious Word file (.doc) attached to spam campaign emails is Red Dawn. When opened, it is indicated that the document “is protected” and the preview is therefore not available, so it is necessary to “enable editing” and “enable content” in order to view it. If the victim follows these steps, malicious macros that download and install the Emotet malware on the system will be executed. Previously this summer, Emotet has been making use of a similar template in which it indicated that the document had been created in iOS, thus being necessary to “enable editing” and “enable content” in order to view it. It is important to note the importance of detecting these emails from Emotet since it is the gateway to Trojans such as TrickBot and QBot, and these, in turn, to ransomware such as Conti or ProLock. More: https://www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ Vulnerability in EMV, bank card communication protocol Researchers have discovered techniques to bypass PIN-code authentication in contactless Visa bank card transactions. This is an EMV protocol flaw, specifically in the bank card verification method, which lacks cryptographic protection and allows a threat agent to carry out a Man-In-The-Middle (MITM) attack. Researchers have allegedly proved that the PIN can be bypassed in the payment process due to the fact that the device does not require entering the code as it believes the consumer has authenticated. To do so, they used a proof of concept based on an Android application called Tamarin . The proof of concept, carried out in shops and other establishments, was successful in evading the PIN on Visa Credit, Visa Electron and VPay cards. More info: https://arxiv.org/pdf/2006.08249.pdf Epic Manchego: obfuscation in maldoc delivery NVISO researchers have revealed new techniques for obfuscation of maldocs that elude detection by some surveillance systems. These are malicious Excel documents that disseminate malware through VBA code, which are created without the use of Microsoft Office. An analysis by researchers has disclosed the use of tools such as EPPlus, software used for producing documents with a .NET library that creates Office Open XML (OOXML) worksheets. This technique provides files with uncompiled VBA code, a feature that can be achieved only by Office, which is delivered in plain text without encryption, but protected by a password that does not need to be entered for the macros to be executed. Once the macros have been enabled and their process completed, a payload is obtained that initiates a second phase of infection, identify by security venders as Tesla Agent. After the dynamic loading of a DLL, as a third phase of the attack, an infostealer is downloaded to exfiltrate sensitive data from the victim’s computer. More: https://blog.nviso.eu/2020/09/01/epic-manchego-atypical-maldoc-delivery-brings-flurry-of-infostealers/ European ISPs suffer DDoS attacks More than a dozen Internet Service Providers (ISPs) in Europe have reported DDoS attacks targeting their DNS infrastructure. The list of ISPs that were attacked during the last week includes Belgian operator Edpnet, France’s Bouygues Telecom, FDN, K-net, SFR and the Dutch Caiway, Delta, FreedomNet, Online.nl, Signet and Tweak.nl. The attacks did not last more than a day and all were eventually mitigated, but ISP services were down while the DDoS was active. NBIP, a non-profit organization founded by Dutch ISPs to collectively combat DDoS attacks and the Government´s telephone tapping attempts, has provided additional information on last week’s incidents indicating that “several attacks were directed at routers and DNS infrastructure of Benelux based ISPs”. Moreover, NBIP addresses that “most of the attacks were DNS amplification and LDAP type attacks”. “Some of the attacks took more than 4 hours and reached a volume close to 300 Gbit/s”. More: https://www.zdnet.com/article/european-isps-report-mysterious-wave-of-ddos-attacks/ Cybersecurity Weekly Briefing August 22-28We Acquire iHackLabs to Boost the Training of Our Ethical Hackers
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
