ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón What Differential Privacy Is and Why Google and Apple Are Using It with Your Data Differential privacy allows you to know your users without compromising their privacy, but achieving it is a complex process. Here's why.
ElevenPaths Cyber Security Weekly Briefing January 2-8 SolarWinds Update To end the year, Microsoft published an update of its findings regarding the impact of the SolarWinds incident on its systems. In this release, it emphasizes that neither...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths How the “antimalware” XProtect for MacOS works and why it detects poorly and badly Recently, MacOS included a signature in its integrated antivirus, intended to detect a binary for Windows; but, does this detection make sense? We could think it does, as a...
ElevenPaths A story about two minds: the vast difference between real and perceived risk “In our society it is generally not considered justifiable to make a decision purely on an emotional response. We want to be considered scientific and rational, so we come up with...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
Cybersecurity Weekly Briefing November 7-13ElevenPaths 13 November, 2020 Links between Vatet, PyXie and Defray777 Researchers from Palo Alto Networks have investigated the families of malware and operational methodologies used by a threat agent that has managed to go unnoticed while compromising entities in the health, education, technology and institutional sectors. The group, active since 2018 and driven by financial motivations, would be responsible for the creation of Vatet, a loader that allows the execution of payloads such as PyXie RAT and Cobalt Strike. In some intrusions, a previous step can be observed through the use of typical banking Trojans such as IcedID or Trickbot as an entry point, to subsequently download Vatet and its payloads in order to carry out recognition and information exfiltration tasks before running ransomware Defray777 in memory. The researchers estimate that this group is responsible for the creation and maintenance of Vatet, PyXie and Defray777. Microsoft Security Newsletter Microsoft has published its monthly update newsletter, known as Patch Tuesday, in which the company has fixed 112 vulnerabilities in several of its products. 17 vulnerabilities have been classified as critical, 12 of which are related to CER flaws. Among the vulnerabilities published by the Redmond company, the CVE-2020-17087 (CVSS 7.8) stands out: local vulnerability of scalation of privileges in the Windows kernel, which was already discovered by Google Project Zero and actively exploited. Likewise, the critical vulnerabilityCVE-2020-17051 (CVSS 9.8) allows remote execution of code found in the Windows network file system (NFS). The Automox research team warns that, in the coming days, they expect an increase in the scanning of 2049 ports, as a result of this vulnerability. Finally, they highlight the vulnerabilities CVE-2020-17052 (CVSS 7.5) and CVE-2020-17053 (CVSS 7.5), which affect memory corruption that could lead to the remote execution of code found in Microsoft’s Scripting Engine and Internet Explorer. Two new 0-day in Chrome Yesterday, Google published the correction of two new 0-day vulnerabilities in its Chrome browser that would be actively exploited. The first of these (CVE-2020-16013) is due to an incorrect implementation of its JavaScript V8 engine. The second one (CVE-2020-16017) is a use-after-free memory corruption bug in the Site Isolation security component. Google indicates that they have evidence of the existence of exploits for these vulnerabilities. With the release of this new browser version (86.0.4240.198), Google has corrected five 0-day bugs in less than three weeks. Distribution of malware through fake Microsoft Teams updates According to Bleeping Computer, Microsoft is allegedly alerting its users through a private note about a campaign of fake Microsoft Teams updates carried out by ransomware operators. In this campaign, threat agents are reportedly exploiting malicious advertisements so that, when searching for the Teams application in search engines, the main results lead to a domain under the control of the attacker. By accessing the malicious link, the payload would be downloaded hidden under a legitimate Teams update. According to Microsoft, in most cases, the initial payload was the infostealer Predator the Thief, which allows the exfiltration of sensitive information from the victim. However, Bladabindi and ZLoader malware have also been detected, as well as Cobalt Strike to perform lateral movement on the infected network and subsequently launch the ransomware. New malware against hostelry sector ESET researchers have discovered a new modular backdoor, called ModPipe, which targets point-of-sale (POS) management software with the aim of stealing sensitive information stored on these devices. This backdoor affects the RES 3700 POS systems from Oracle MICROS, a software used in many restaurants, bars and other hospitality establishments worldwide. The malware consists of a dropper through which a loader is installed to gain persistence. The next step is to implement the main module in charge of establishing communications with other downloadable modules that would allow, among other actions, deciphering and stealing passwords from the databases, obtaining the running processes or scanning IP addresses. 5G Connectivity and its Impact on Industry 4.0: Maturity and EvolutionHow Traditional CA’s Are Losing Control of Certificates and Possible Reasons Why Chrome Will Have a New Root Store
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...