ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
ElevenPaths Telefónica Invests in Nozomi Networks, a Leading Company in OT and IoT Security The investment reinforces an earlier joint services agreement with Nozomi Networks and ElevenPaths, Telefónica Tech’s cybersecurity company
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Monero says goodbye to the ASIC miners (at least for now) Last Friday, 6th April marked an important date for the community of Monero users and developers, as one of the cryptocurrencies led the defense of anonymity for its users. As already commented...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (I) Imagine that you come back home from San Francisco, just arrived from the RSA Conference. You are unpacking your suitcase, open the drawer where you store your underwear and…...
ElevenPaths Cybersecurity and Business: ElevenPaths at the RSA Conference 2020 We are back from the RSA Conference 2020, the year when the standard ‘humanization of technology’ has been set within the sector. We already predicted it last year with our commitment under...
Cybersecurity Weekly Briefing 30 May-5 JuneElevenPaths 5 June, 2020 Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket. This breach has exposed the data of more than 150,000 individual and corporate users worldwide. This data (the oldest dating back to 2017) includes private information such as names, email addresses, phone numbers, birth dates, IDs, country of residence and Skype usernames. In addition, the records also included 8Belts’ technical information that could be exploited by threat actors to gain even more access to the platform. On their website, 8Belts claims to have several large multinationals as clients, from sectors such as the automotive, banking, retail or sports, some of them based in Spain. More info: https://es.vpnmentor.com/blog/report-8belts-leak/ Expiration of Sectigo/Comodo Root Certificate On May 30th, the root certificate “AddTrust External CA Root” issued by Comodo CA (now Sectigo) and operational since 2000 expired. The measure mainly affected the access to services, websites and APIs via legacy systems such as Windows XP and Internet Explorer 6, since these systems do not recognize more recent certificates such as “COMODO RSA CA” & “USERTrust RSA CA”. Despite this, during the weekend several entities such as Namecheap or Proximus indicated that they were having issues arising from the incident. The confusion was partly caused by the fact that the company apparently did not warn its users individually of the revocation, although it did publish a statement on its website. As a result, users who tried to connect to the affected websites found issues to establish secure connections, so providing the service would be impossible. More info: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 RCE Exploit for SMBGhost Released A proof of concept to exploit the critical flaw (CVE-2020-0796) on Microsoft’s SMBv3 protocol has been released. While PoCs to perform denial of service and privilege escalation attacks by exploiting this vulnerability had already been released, this new exploit would allow remote code execution on vulnerable systems. It is expected that in the coming days other researchers will publish a refined version of this exploit. More info: https://github.com/chompie1337/SMBGhost_RCE_PoC Details on Vulnerabilities in SAP Adaptive Server Enterprise Trustwave researchers have published the details of 6 vulnerabilities in SAP Adaptive Server Enterprise: The first critical bug (CVE-2020-6248) is an arbitrary code execution issue that would allow corruption of the Backup Server configuration file.The second (CVE-2020-6252) is an information disclosure bug affecting the Cockpit component in default installations of SAP ASE on Windows.The third vulnerability (CVE-2020-6241), a high-severity one, is a SQL injection in global temporary tables handling routine, that would allow standard users to connect to the server and elevate their privileges to administrator.The fourth one (CVE-2020-6243), with 8.0 CVSS, would allow arbitrary code execution.The fifth (CVE-2020-6253), a high-severity one as well, is a privilege escalation vulnerability via SQL injection in WebServices.The last one (CVE-2020-6250), a medium-severity vulnerability, is a bug where cleartext passwords were found in the installation logs. These vulnerabilities were already fixed by the company in mid-May. More info: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ New Version of Metamorph Banking Trojan Bitdefender security researchers have published an analysis of a new malicious campaign carried out by the banking Trojan Metamorph. This malicious software is mainly targeted at Brazilian users and its main attack vector is office documents containing malicious macros and sent via email as part of phishing campaigns. This time, it has been reported that the technique used is DLL hijacking − with the aim of hiding its presence on the infected system and escalating privileges. In addition, the methodology used is to force a legitimate application to execute third-party code by replacing a code string with a malicious one. By doing so, threat actors are replacing the legitimate DLL with a DLL containing malicious code, so the application loads and runs the malicious code. In this new campaign, they have employed legitimate software such as Avira, AVG, Avast, Daemon Tools, Steam and NVIDIA. This way, if any of these products request higher privileges, the victim will not be suspicious and will consider them legitimate. However, since their DLLs have been modified, they will be used to steal victim’s bank credentials or other data. More info: https://www.bitdefender.com/files/News/CaseStudies/study/333/Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en-EN-GenericUse.pdf #CyberSecurityPulse: Non-Headlined Technical News with RSS and WebsiteAMSIext: Our Extension That Detects Malware in the Browser Memory
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths ElevenPaths Joins OpenSSF to Enhance Open Source Software Security This new Open Source Security Foundation (OpenSSF) brings together leading technology companies such as Microsoft, Google, Red Hat and IBM, among others.It combines efforts from the Core Infrastructure Initiative,...
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
Gabriel Bergel Cybersecurity and Pandemic (I): People Cybersecurity is even more important in these times of pandemic and increasing cyberattacks, yes, but in addition to being a business focus at the corporate level, it must also...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
