Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Nikolaos Tsouroulas Looking for a MDR partner? Beware, not all MDRs are the same Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of...
ElevenPaths Cybersecurity Weekly Briefing October 17-23 New banking trojan called Vizom IBM Security Trusteer’s research team has published a report analysing the new “Brazilian family” banking Trojan called Vizom. This malicious software uses similar techniques to...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Innovation and Laboratory Area in ElevenPaths DIARIO: Our Privacy-Friendly Document Malware Detector DIARIO makes possible to scan and analyse documents for malware detection with no need to know the content of those files.. Find out more in this post.
Nacho Brihuega IoT Device Search Engines: Why Choose if We Can Use All of Them? Nacho Brihuega explains how to use IoT device search engines to detect vulnerabilities and the functioning of a script that will make your research easier.
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
Gonzalo Álvarez Marañón Encryption That Preserves The Format To Ensure The Privacy Of Financial And Personal Data Your personal information swarms through thousands of databases of public and private organizations. How do you protect its confidentiality so that it does not fall into the wrong hands?...
Cybersecurity Weekly Briefing August 22-28ElevenPaths 28 August, 2020 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when it increased its attacks against corporate targets. This ransomware follows the Ransomware-as-a-Service bussiness model that recruits experienced hackers as affiliates to distribute the payloads in exchange for a large share of the ransom payment. In addition, Conti adheres to two main trends in ransomware these days, human-operated campaigns and extortion of the victims by leaking sensitive stolen data (there are currently 26 companies listed in Conti website in the Dark Web). Now, Conti has adapted the distribution methods once used by Ryuk ransomware -whose activity began to decline until it completely disappeared in July- and has become the final payload distributed in malware infections carried out by Trickbot. More information: https://www.bleepingcomputer.com/news/security/ryuk-successor-conti-ransomware-releases-data-leak-site/ New Grandoreiro and Mekotio Trojan campaigns in Spain In recent days, several e-mail campaigns have been detected in Spain distributing banking Trojans of Brazilian origin, Grandoreiro and Mekotio. On the one hand, Grandoreiro is making use of the same email template already used in previous campaigns, in which it impersonates the Spanish Tax Office in order for the victim to download a file hosted on recently created domains. In addition, this malware is also supplanting the telecom company Vodafone in this campaign. As for the Mekotio Trojan, it should be noted that it is also supplanting the Spanish Tax Agency, as well as the Spanish Ministry of Labor, with the malware download link pointing to an address hosted in the Microsoft Azure cloud. This focus on Spain is an indicator of the success that the campaigns are achieving in Spain, therefore, it is recommended to check the e-mails received, not to open files or access links, and always use the official website of the company or organization that has been supplanted. Full news: https://blogs.protegerse.com/2020/08/25/oleadas-de-correos-propagan-los-troyanos-bancarios-grandoreiro-y-mekotio-en-espana/ SunCrypt new member of the Maze cartel SunCrypt is the latest malware to join the ransomware cartel formed by Maze, LockBit and Ragnar Locker. According to SunCrypt’s operators, they joined the cartel since Maze “can’t handle all the available field of operations”. In this way Maze would be sharing its infrastructure in exchange for a shared revenue for each ransom payment. As for SunCrypt ransomware, it is known to have begun operating in October 2019, and is distributed as a DLL. When executed, it encrypts the system files by adding a hexadecimal hash to the end of each file, and creating a rescue note that contains a link to the Tor payment site, as well as to the SunCrypt data leak website. It is noteworthy that when the ransomware is executed, it connects to an IP address to transmit information about the victim and the attack, which is one of the IPs frequently used by Maze in its operations. More details: https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-sheds-light-on-the-maze-ransomware-cartel New Qbot Campaign To Steal Mail Threads Check Point researchers have published a report claiming that the Qbot Trojan, also known as QakBot, is stealing email threads again for future use in phishing campaigns and malware distribution. Qbot is a banking Trojan that has been infecting victims and exfiltrating passwords, cookies, credit cards, banking credentials and mails from their computers for over 10 years. Stolen threads are used for phishing and malspam campaigns, which are very effective as they are more likely when malicious mails are included in the conversation of an existing thread. Researchers highlight one of the features added to Qbot, which is the ability to assemble malware from two separate halves, thus avoiding detection when it is downloaded onto the victim computer. More information: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/ SASE: The Future of Networks and Security Is Now HereCybersecurity Weekly Briefing 29 August-4 September
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...