ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
Andrés Naranjo Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America “It is not the strongest of the species that survives, not the most intelligent that survives. It is the one that is the most adaptable to change”.Charles Darwin One of...
ElevenPaths Cyber Security Weekly Briefing March 20-26 Analysis of the new cyber-espionage group SilverFish The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Nikolaos Tsouroulas Looking for a MDR partner? Beware, not all MDRs are the same Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of...
ElevenPaths New tool: Neto, our Firefox, Chrome and Opera extensions analysis suite In the innovation and laboratory area at ElevenPaths, we have created a new tool which is used to analyze browser extensions. It is a complete suite (also extensible with...
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths The Framing Effect: you make your choices depending on how information is presented You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have...
Andrés Naranjo Secure Homeworking, Applying Cybersecurity from Home Working from home makes it easier to reconcile these difficult days, but safety should not be overlooked. Telework safely with these tips.
Cybersecurity Weekly Briefing 30 May-5 JuneElevenPaths 5 June, 2020 Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket. This breach has exposed the data of more than 150,000 individual and corporate users worldwide. This data (the oldest dating back to 2017) includes private information such as names, email addresses, phone numbers, birth dates, IDs, country of residence and Skype usernames. In addition, the records also included 8Belts’ technical information that could be exploited by threat actors to gain even more access to the platform. On their website, 8Belts claims to have several large multinationals as clients, from sectors such as the automotive, banking, retail or sports, some of them based in Spain. More info: https://es.vpnmentor.com/blog/report-8belts-leak/ Expiration of Sectigo/Comodo Root Certificate On May 30th, the root certificate “AddTrust External CA Root” issued by Comodo CA (now Sectigo) and operational since 2000 expired. The measure mainly affected the access to services, websites and APIs via legacy systems such as Windows XP and Internet Explorer 6, since these systems do not recognize more recent certificates such as “COMODO RSA CA” & “USERTrust RSA CA”. Despite this, during the weekend several entities such as Namecheap or Proximus indicated that they were having issues arising from the incident. The confusion was partly caused by the fact that the company apparently did not warn its users individually of the revocation, although it did publish a statement on its website. As a result, users who tried to connect to the affected websites found issues to establish secure connections, so providing the service would be impossible. More info: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 RCE Exploit for SMBGhost Released A proof of concept to exploit the critical flaw (CVE-2020-0796) on Microsoft’s SMBv3 protocol has been released. While PoCs to perform denial of service and privilege escalation attacks by exploiting this vulnerability had already been released, this new exploit would allow remote code execution on vulnerable systems. It is expected that in the coming days other researchers will publish a refined version of this exploit. More info: https://github.com/chompie1337/SMBGhost_RCE_PoC Details on Vulnerabilities in SAP Adaptive Server Enterprise Trustwave researchers have published the details of 6 vulnerabilities in SAP Adaptive Server Enterprise: The first critical bug (CVE-2020-6248) is an arbitrary code execution issue that would allow corruption of the Backup Server configuration file.The second (CVE-2020-6252) is an information disclosure bug affecting the Cockpit component in default installations of SAP ASE on Windows.The third vulnerability (CVE-2020-6241), a high-severity one, is a SQL injection in global temporary tables handling routine, that would allow standard users to connect to the server and elevate their privileges to administrator.The fourth one (CVE-2020-6243), with 8.0 CVSS, would allow arbitrary code execution.The fifth (CVE-2020-6253), a high-severity one as well, is a privilege escalation vulnerability via SQL injection in WebServices.The last one (CVE-2020-6250), a medium-severity vulnerability, is a bug where cleartext passwords were found in the installation logs. These vulnerabilities were already fixed by the company in mid-May. More info: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ New Version of Metamorph Banking Trojan Bitdefender security researchers have published an analysis of a new malicious campaign carried out by the banking Trojan Metamorph. This malicious software is mainly targeted at Brazilian users and its main attack vector is office documents containing malicious macros and sent via email as part of phishing campaigns. This time, it has been reported that the technique used is DLL hijacking − with the aim of hiding its presence on the infected system and escalating privileges. In addition, the methodology used is to force a legitimate application to execute third-party code by replacing a code string with a malicious one. By doing so, threat actors are replacing the legitimate DLL with a DLL containing malicious code, so the application loads and runs the malicious code. In this new campaign, they have employed legitimate software such as Avira, AVG, Avast, Daemon Tools, Steam and NVIDIA. This way, if any of these products request higher privileges, the victim will not be suspicious and will consider them legitimate. However, since their DLLs have been modified, they will be used to steal victim’s bank credentials or other data. More info: https://www.bitdefender.com/files/News/CaseStudies/study/333/Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en-EN-GenericUse.pdf #CyberSecurityPulse: Non-Headlined Technical News with RSS and WebsiteAMSIext: Our Extension That Detects Malware in the Browser Memory
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
