ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing January 2-8 SolarWinds Update To end the year, Microsoft published an update of its findings regarding the impact of the SolarWinds incident on its systems. In this release, it emphasizes that neither...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Innovation and Laboratory Area in ElevenPaths Most Software Handling Files Overlooks SmartScreen in Windows We analyse how this protection component of Windows Defender works with downloaded files.
ElevenPaths #CyberSecurityPulse: Google’s project to fight election attacks On the night of the primary elections in May, the residents from the county Knox, Tennessee, did not know who had won for about an hour. They did not...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths Cybersecurity Weekly Briefing September 5-11 Microsoft Patch Tuesday Microsoft published on Tuesday its newsletter with updates for the month of September. In this new bulletin a total of 129 vulnerabilities have been corrected in 15...
Cybersecurity Weekly Briefing 6-12 JuneElevenPaths 12 June, 2020 Enel and Honda Compromised by Snake Ransomware Italian energy corporation Enel and Japanese automotive giant Honda were hit last weekend by ransomware attacks that would have impacted on their IT systems. The responsible for the compromises is Snake ransomware (also known as Ekans), according to the analyses carried out by the independent researcher @milk3am on the basis of the two malware samples uploaded to the VirusTotal platform. The research on the attack vector is inconclusive, but it is likely that it was due to public exposure of Remote Desktop Protocol (RDP) services from both companies, as suggested by other sources. Regarding Enel, only its Argentinean subsidiary, Edesur, has admitted to suffering from a computer issue that is “making it difficult to help to clients by telephone, social networks and the use of the Virtual Office”. For its part, Honda has admitted to BleepingComputer that they are experiencing issues within their computer network, while stressing that production continues smoothly and that the impact on their customers is zero. Researchers estimate that the affected networks would include both Europe and Japan. Snake is a ransomware that emerged at the end of 2019 and has among its modules specific capabilities to terminate processes associated with ICS/SCADA software. Last month, a major distribution campaign was announced, affecting at least one other large corporation in the health sector, the German company Fresenius. More info: https://twitter.com/milkr3am/status/1269932348860030979 New Campaign Impersonating the Spanish ITSS In the last few hours, a new fraudulent campaign has been detected. It is trying to impersonate the Spanish Labor and Social Security Inspectorate. This time, the e-mails come from the senders @itss.se, @itss.com, @itss.es and @itss.app, and the subject of the message is “Denuncia Oficial XXXXXX, se inició una investigación contra su empresa” [Official Complaint XXXXXX, an investigation against your company has been launched]. In these messages, they report an alleged investigation against the company for possible infringements and indicate that the complaints are attached in the Excel document included in the email. In case a victim opens this malicious document and enables its execution, he or she will be infected with a malware belonging to the Smoke-Loader family, with password theft functionalities. More info: https://s2grupo.es/es/campana-de-phishing-inspeccion-de-trabajo-seguridad-social/ SAP Bulletin – June 2020 SAP has released its June 2020 Security Patch Day with two critical vulnerabilities, four high severity and 12 medium severity. The following are particularly noteworthy: CVE-2020-1938: With 9.8 CVSSv3, this is a vulnerability in Tomcat JSP engine and servlets that exploits Tomcat trust when handling http requests from the AJP connector. This can be exploited to access arbitrary files from anywhere in the web service and process them as JSP, leading to remote code execution.CVE-2020-6265: With 9.8 CVSSv3, this is a default credential vulnerability (hard-coded credentials) in SAP Commerce and SAP Commerce Datahub that allows access control to be bypassed if the default credentials are known.Exposure is maximum for both vulnerabilities as they lack complexity, so they can be exploited without prerequisites or need for interaction. They also have maximum impact on the CIA triad. More info: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 New Vulnerabilities in the SMB Protocol Two significant publications affecting vulnerabilities in the SMB protocol have been released in the last hours: Firstly, ZecOps analysts have discovered a new vulnerability, SMBleed (CVE-2020-1206). This is a bug that allows data to be remotely extracted from kernel memory and, if used together with SMBGhost, can cause remote code execution prior to authentication. This bug affects only very recent versions of Windows and is neutralized by the same mitigations implemented for patching SMBGhost.On the other hand, a remote code execution vulnerability (CVE-2020-1301) has been detected. It exploits a bug in the SMBv1 protocol, the use of which is not recommended by Microsoft. An attacker authenticated with credentials to access a remote network folder could execute code of their choice. The discoverers of the vulnerability point out as a mitigating factor that the share must be a hard drive. It has also been speculated that there might be another path of exploitation which remains unclear. This bug affects all versions of Windows and has been included in the June update bulletin. More info: https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/ eCh0raix: Ransomware Targets QNAP NAS Devices Bleeping Computer has warned that the eCh0raix ransomware operators have launched a new campaign against storage devices connected to the QNAP network. The activity of the group started in June 2019 and was reduced in the last months due to the competition with other groups such as Muhstik and QSnatch, also targeting QNAP NAS devices. However, and possibly as a result of a publication detailing three critical vulnerabilities in these devices, it has been detected an increase in users who have been affected by a ransomware that has finally been attributed to eCh0raix. Traditionally, the group focuses its attacks on exploiting old unpatched vulnerabilities or performing brute-force attacks to guess weak passwords. Exploits for new vulnerabilities may have been incorporated, and this would explain the upsurge in group activity, so users are advised to update their devices as soon as possible. More info: https://www.bleepingcomputer.com/news/security/ongoing-ech0raix-ransomware-campaign-targets-qnap-nas-devices/ IoT arrives inside the volcanoesCybersecurity Weekly Briefing July 18-24
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...