ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths Cybersecurity Weekly Briefing November 7-13 Links between Vatet, PyXie and Defray777 Researchers from Palo Alto Networks have investigated the families of malware and operational methodologies used by a threat agent that has managed to go...
ElevenPaths Cybersecurity for Industrial Digitalisation: Keys to a Successful Approach Digital technologies, and in particular what has been agreed to be called IoT (Internet of Things), bring a world of possibilities that organisations of any sector cannot fail to...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
ElevenPaths Cyber Security Weekly Briefing 28 November – 4 December New version of the TrickBot malware TrickBot botnet operators have added a new capability that allows them to interact with the BIOS or UEFI firmware of an infected computer. This...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths Cybersecurity and Business in the New Era: Security Innovation Days 2020 (Day 1) First day of the Security Innovation Days 2020 completed with more than 1500 people connected from all over the world. If you missed the first day of our cybersecurity...
ElevenPaths Innovation and New Cybersecurity Tools: Security Innovation Days 2020 (Day 3) This was the 8th edition of the Security Innovation Days 2020 so far. Three intense days in which innovation in cybersecurity and the digital transformation have been the essence...
Cybersecurity Weekly Briefing July 25-31ElevenPaths 31 July, 2020 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has been named BootHole. This security flaw (CVE-2020-10713), which has received a high severity rating (CVSS of 8.2), would affect both Linux and Windows systems, and could allow attackers to install malicious bootloaders to gain almost total control over the vulnerable device. Eclypsium warns that mitigating this threat will require the release of new installers and bootloaders for all versions of Linux and Windows. Some companies, such as Microsoft, have issued a security advisory on this issue. More info: https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Doki: New Malware Targeting Docker Servers Intezer researchers have discovered a new backdoor for Docker servers running on Linux which they have named Doki and which implements a previously unknown technique. This malware uses an undocumented method to contact its operator by abusing the Dogecoin cryptocurrency blockchain in a unique way. By doing so, Doki manages to generate Command & Control domain addresses dynamically. Doki has managed to stay hidden for over six months despite samples were publicly available on VirusTotal. More details: https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/ Emotet Evolves in the Sending of Mail Emotet malware has been found to be stealing attachments to increase the authenticity of emails used in its campaigns. This is the first time this malware is using this technique, as there was no attachment stealer module in the malware code before, which was added around 13 June according to Marcus ‘MalwareTech’ Hutchins. Since its first identification in 2014 as a banking Trojan, Emotet has evolved into a malware botnet used by threat actors to infect with different malware families. After 5 months of inactivity, it has returned to life with massive mail campaigns camouflaged as payment reports, invoices or shipping information, compromising victims with TrickBot Trojan or, more recently, with QakBot malware. Learn more: https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/ Alerts on Cyberattacks and Industry Vulnerabilities The U.S. National Security Agency has warned, together with the Cybersecurity & Infrastructure Security Agency (CISA), of the possibility of imminent cyberattacks against the industrial sector. This is a trend marked by the 2017 TRITON attack that could lead to similar attacks affecting Safety Instrumented Systems (SIS), the last line of defense for OT systems. For its part, ICS-CERT has issued an advisoryabout several vulnerabilities in Schneider Triconex SIS, of which the most critical flaw stands out, classified as CVE-2020-7491, with a CVSS v3 of 10. This corresponds to improper access control that would allow unauthorized access and a potential takeover by a threat actor. Schneider Electric has already fixed these issues in the latest versions of its TriStation and Tricon Communications Module (TCM) products. However, ICS-CERT would like to emphasize the features of the OT devices, which are often not updated or provided with security standards at the level of current attacks. For more information: https://us-cert.cisa.gov/ncas/alerts/aa20-205a Cerberus Trojan Source Code Goes to Auction Cerberus Trojan development team has broken up and the source code of the malware will go to auction, according to a team’s post on a Russian underground forum. This is a Trojan mainly affecting Android and operating since 2019. It would be generating about 10,000 dollars a month in profits, according to one of Cerberus managers. After infecting a device, the Trojan acts by creating overlaps in services created by banking applications, stealing credentials and leaking this data to the Command & Control (C2) servers. There have even been cases that show its capability to intercept multi-factor authentication (MFA) mechanisms. The announcement made by the threat actor indicates that they expect to generate up to $100,000 with this sale, offering the possibility of the entire package to the highest bidder, including .apk malware and C2 servers. For more information: https://www.zdnet.com/article/cerberus-banking-trojan-team-breaks-up-source-code-goes-to-auction/ #CyberSecurityReport20H1: Microsoft Fixes Many More Vulnerabilities, but Detects Far FewerCybersecurity and Pandemic (I): People
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...