ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
Gabriel Bergel ¿Ransomware in Pandemic or Ransomware Pandemic? No one imagined what could happen in the field of cyber security during the Covid-19 pandemic. Perhaps some colleagues were visionary, or others were basically guided by the statistics...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Amador Aparicio CVE 2020-35710 or How Your RAS Gateway Secure Reveals Your Organisation’s Intranet Parallels RAS (Remote Application Server) is a virtual desktop infrastructure (VDI) and application delivery solution that enables an organisation’s employees and clients to access and use applications, desktops and...
Javier Provecho CNCF’s Harbor (cloud native registry) fixes an information disclosure bug discovered by ElevenPaths (CVE-2020-29662) On December 2nd, ElevenPaths’ CTO SRE team discovered an unauthenticated API within Harbor, a cloud native registry part of the CNCF. It is commonly used as an agnostic Docker...
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
Cybersecurity Weekly Briefing August 22-28ElevenPaths 28 August, 2020 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when it increased its attacks against corporate targets. This ransomware follows the Ransomware-as-a-Service bussiness model that recruits experienced hackers as affiliates to distribute the payloads in exchange for a large share of the ransom payment. In addition, Conti adheres to two main trends in ransomware these days, human-operated campaigns and extortion of the victims by leaking sensitive stolen data (there are currently 26 companies listed in Conti website in the Dark Web). Now, Conti has adapted the distribution methods once used by Ryuk ransomware -whose activity began to decline until it completely disappeared in July- and has become the final payload distributed in malware infections carried out by Trickbot. More information: https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/ New Grandoreiro and Mekotio Trojan campaigns in Spain In recent days, several e-mail campaigns have been detected in Spain distributing banking Trojans of Brazilian origin, Grandoreiro and Mekotio. On the one hand, Grandoreiro is making use of the same email template already used in previous campaigns, in which it impersonates the Spanish Tax Office in order for the victim to download a file hosted on recently created domains. In addition, this malware is also supplanting the telecom company Vodafone in this campaign. As for the Mekotio Trojan, it should be noted that it is also supplanting the Spanish Tax Agency, as well as the Spanish Ministry of Labor, with the malware download link pointing to an address hosted in the Microsoft Azure cloud. This focus on Spain is an indicator of the success that the campaigns are achieving in Spain, therefore, it is recommended to check the e-mails received, not to open files or access links, and always use the official website of the company or organization that has been supplanted. Full news: https://blogs.protegerse.com/2020/08/25/oleadas-de-correos-propagan-los-troyanos-bancarios-grandoreiro-y-mekotio-en-espana/ SunCrypt new member of the Maze cartel SunCrypt is the latest malware to join the ransomware cartel formed by Maze, LockBit and Ragnar Locker. According to SunCrypt’s operators, they joined the cartel since Maze “can’t handle all the available field of operations”. In this way Maze would be sharing its infrastructure in exchange for a shared revenue for each ransom payment. As for SunCrypt ransomware, it is known to have begun operating in October 2019, and is distributed as a DLL. When executed, it encrypts the system files by adding a hexadecimal hash to the end of each file, and creating a rescue note that contains a link to the Tor payment site, as well as to the SunCrypt data leak website. It is noteworthy that when the ransomware is executed, it connects to an IP address to transmit information about the victim and the attack, which is one of the IPs frequently used by Maze in its operations. More details: https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel New Qbot Campaign To Steal Mail Threads Check Point researchers have published a report claiming that the Qbot Trojan, also known as QakBot, is stealing email threads again for future use in phishing campaigns and malware distribution. Qbot is a banking Trojan that has been infecting victims and exfiltrating passwords, cookies, credit cards, banking credentials and mails from their computers for over 10 years. Stolen threads are used for phishing and malspam campaigns, which are very effective as they are more likely when malicious mails are included in the conversation of an existing thread. Researchers highlight one of the features added to Qbot, which is the ability to assemble malware from two separate halves, thus avoiding detection when it is downloaded onto the victim computer. More information: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/ SASE: The Future of Networks and Security Is Now HereCybersecurity Weekly Briefing 29 August-4 September
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
