ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
Gonzalo Álvarez Marañón Post-Quantum Future Is Around the Corner and We Are Still Not Prepared Every year we have more powerful computers with a higher calculation capacity, is that fact good or bad? Think twice before giving an answer. It depends. Because if global information...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
Nacho Brihuega IoT Device Search Engines: Why Choose if We Can Use All of Them? Nacho Brihuega explains how to use IoT device search engines to detect vulnerabilities and the functioning of a script that will make your research easier.
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
ElevenPaths What Kind of Professionals Work in Our Security Operations Center (SOC)? Discover the different profiles of the SOC professionals in this post, who work day and night to provide the best security to our customers.
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
Cybersecurity Weekly Briefing 30 May-5 JuneElevenPaths 5 June, 2020 Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket. This breach has exposed the data of more than 150,000 individual and corporate users worldwide. This data (the oldest dating back to 2017) includes private information such as names, email addresses, phone numbers, birth dates, IDs, country of residence and Skype usernames. In addition, the records also included 8Belts’ technical information that could be exploited by threat actors to gain even more access to the platform. On their website, 8Belts claims to have several large multinationals as clients, from sectors such as the automotive, banking, retail or sports, some of them based in Spain. More info: https://es.vpnmentor.com/blog/report-8belts-leak/ Expiration of Sectigo/Comodo Root Certificate On May 30th, the root certificate “AddTrust External CA Root” issued by Comodo CA (now Sectigo) and operational since 2000 expired. The measure mainly affected the access to services, websites and APIs via legacy systems such as Windows XP and Internet Explorer 6, since these systems do not recognize more recent certificates such as “COMODO RSA CA” & “USERTrust RSA CA”. Despite this, during the weekend several entities such as Namecheap or Proximus indicated that they were having issues arising from the incident. The confusion was partly caused by the fact that the company apparently did not warn its users individually of the revocation, although it did publish a statement on its website. As a result, users who tried to connect to the affected websites found issues to establish secure connections, so providing the service would be impossible. More info: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 RCE Exploit for SMBGhost Released A proof of concept to exploit the critical flaw (CVE-2020-0796) on Microsoft’s SMBv3 protocol has been released. While PoCs to perform denial of service and privilege escalation attacks by exploiting this vulnerability had already been released, this new exploit would allow remote code execution on vulnerable systems. It is expected that in the coming days other researchers will publish a refined version of this exploit. More info: https://github.com/chompie1337/SMBGhost_RCE_PoC Details on Vulnerabilities in SAP Adaptive Server Enterprise Trustwave researchers have published the details of 6 vulnerabilities in SAP Adaptive Server Enterprise: The first critical bug (CVE-2020-6248) is an arbitrary code execution issue that would allow corruption of the Backup Server configuration file.The second (CVE-2020-6252) is an information disclosure bug affecting the Cockpit component in default installations of SAP ASE on Windows.The third vulnerability (CVE-2020-6241), a high-severity one, is a SQL injection in global temporary tables handling routine, that would allow standard users to connect to the server and elevate their privileges to administrator.The fourth one (CVE-2020-6243), with 8.0 CVSS, would allow arbitrary code execution.The fifth (CVE-2020-6253), a high-severity one as well, is a privilege escalation vulnerability via SQL injection in WebServices.The last one (CVE-2020-6250), a medium-severity vulnerability, is a bug where cleartext passwords were found in the installation logs. These vulnerabilities were already fixed by the company in mid-May. More info: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ New Version of Metamorph Banking Trojan Bitdefender security researchers have published an analysis of a new malicious campaign carried out by the banking Trojan Metamorph. This malicious software is mainly targeted at Brazilian users and its main attack vector is office documents containing malicious macros and sent via email as part of phishing campaigns. This time, it has been reported that the technique used is DLL hijacking − with the aim of hiding its presence on the infected system and escalating privileges. In addition, the methodology used is to force a legitimate application to execute third-party code by replacing a code string with a malicious one. By doing so, threat actors are replacing the legitimate DLL with a DLL containing malicious code, so the application loads and runs the malicious code. In this new campaign, they have employed legitimate software such as Avira, AVG, Avast, Daemon Tools, Steam and NVIDIA. This way, if any of these products request higher privileges, the victim will not be suspicious and will consider them legitimate. However, since their DLLs have been modified, they will be used to steal victim’s bank credentials or other data. More info: https://www.bitdefender.com/files/News/CaseStudies/study/333/Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en-EN-GenericUse.pdf #CyberSecurityPulse: Non-Headlined Technical News with RSS and WebsiteAMSIext: Our Extension That Detects Malware in the Browser Memory
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...
Innovation and Laboratory Area in ElevenPaths 46% Of the Main Spanish Websites Use Google Analytics Cookies Before the Consent Required by The Spanish Data Protection Agency (AEPD) Over the past few months, many IT departments have been busy carrying out this task of adaptation in order to comply with the new regulations on cookies. Every time...
Carlos Ávila WhatsApp Terms and Conditions Update: A Cheeky Move? Surely by now many have already accepted the new terms and privacy policies without really knowing what they were about or their impact on the privacy of their data,...