Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Innovation and Laboratory Area in ElevenPaths New TheTHE Version with URLScan and MalwareBazaar Plugins The first time an IoC lay on your hands. Let’s say it is a hash, URL, IP or a suspicious domain. You need to know some basic information. Is...
ElevenPaths #CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone’s Business The new year has started with a story that has taken the covers of specialized and generalist media all around the world. The vulnerabilities named as Meltdown and Spectre...
ElevenPaths SealSign integration with the Azure Key Vault ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based...
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths The base rate fallacy or why antiviruses, antispam filters and detection probes work worse than what is actually promised Before starting your workday, while your savoring your morning coffee, you open your favorite cybersecurity newsletter and an advertisement on a new Intrusion Detection System catches your attention: THIS IDS...
ElevenPaths Cybersecurity for Industrial Digitalisation: Keys to a Successful Approach Digital technologies, and in particular what has been agreed to be called IoT (Internet of Things), bring a world of possibilities that organisations of any sector cannot fail to...
Cybersecurity Weekly Briefing August 22-28ElevenPaths 28 August, 2020 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when it increased its attacks against corporate targets. This ransomware follows the Ransomware-as-a-Service bussiness model that recruits experienced hackers as affiliates to distribute the payloads in exchange for a large share of the ransom payment. In addition, Conti adheres to two main trends in ransomware these days, human-operated campaigns and extortion of the victims by leaking sensitive stolen data (there are currently 26 companies listed in Conti website in the Dark Web). Now, Conti has adapted the distribution methods once used by Ryuk ransomware -whose activity began to decline until it completely disappeared in July- and has become the final payload distributed in malware infections carried out by Trickbot. More information: https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/ New Grandoreiro and Mekotio Trojan campaigns in Spain In recent days, several e-mail campaigns have been detected in Spain distributing banking Trojans of Brazilian origin, Grandoreiro and Mekotio. On the one hand, Grandoreiro is making use of the same email template already used in previous campaigns, in which it impersonates the Spanish Tax Office in order for the victim to download a file hosted on recently created domains. In addition, this malware is also supplanting the telecom company Vodafone in this campaign. As for the Mekotio Trojan, it should be noted that it is also supplanting the Spanish Tax Agency, as well as the Spanish Ministry of Labor, with the malware download link pointing to an address hosted in the Microsoft Azure cloud. This focus on Spain is an indicator of the success that the campaigns are achieving in Spain, therefore, it is recommended to check the e-mails received, not to open files or access links, and always use the official website of the company or organization that has been supplanted. Full news: https://blogs.protegerse.com/2020/08/25/oleadas-de-correos-propagan-los-troyanos-bancarios-grandoreiro-y-mekotio-en-espana/ SunCrypt new member of the Maze cartel SunCrypt is the latest malware to join the ransomware cartel formed by Maze, LockBit and Ragnar Locker. According to SunCrypt’s operators, they joined the cartel since Maze “can’t handle all the available field of operations”. In this way Maze would be sharing its infrastructure in exchange for a shared revenue for each ransom payment. As for SunCrypt ransomware, it is known to have begun operating in October 2019, and is distributed as a DLL. When executed, it encrypts the system files by adding a hexadecimal hash to the end of each file, and creating a rescue note that contains a link to the Tor payment site, as well as to the SunCrypt data leak website. It is noteworthy that when the ransomware is executed, it connects to an IP address to transmit information about the victim and the attack, which is one of the IPs frequently used by Maze in its operations. More details: https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel New Qbot Campaign To Steal Mail Threads Check Point researchers have published a report claiming that the Qbot Trojan, also known as QakBot, is stealing email threads again for future use in phishing campaigns and malware distribution. Qbot is a banking Trojan that has been infecting victims and exfiltrating passwords, cookies, credit cards, banking credentials and mails from their computers for over 10 years. Stolen threads are used for phishing and malspam campaigns, which are very effective as they are more likely when malicious mails are included in the conversation of an existing thread. Researchers highlight one of the features added to Qbot, which is the ability to assemble malware from two separate halves, thus avoiding detection when it is downloaded onto the victim computer. More information: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/ SASE: The Future of Networks and Security Is Now HereCybersecurity Weekly Briefing 29 August-4 September
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
Innovation and Laboratory Area in ElevenPaths New TheTHE Version with URLScan and MalwareBazaar Plugins The first time an IoC lay on your hands. Let’s say it is a hash, URL, IP or a suspicious domain. You need to know some basic information. Is...
Franco Piergallini Guida Adversarial Attacks: The Enemy of Artificial Intelligence (II) In Machine and Deep Learning, as in any system, there are vulnerabilities and techniques that allow manipulating its behaviour at the mercy of an attacker. As we discussed in...
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
