Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
ElevenPaths Telefónica Business Solutions Reinforces the Security of its Network with Clean Pipes 2.0 MADRID, 14 September, 2017 – ElevenPaths, Telefónica’s cyber security unit, today announced the launch of Clean Pipes 2.0, a software-based security service, to prevent known and unknown threats across...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
Gonzalo Álvarez Marañón How to Track COVID-19 Infections, Discover Contacts On WhatsApp or Share Your Genes While Keeping Your Privacy When you sign up for a new social network, such as WhatsApp, you are often asked if you want to find out who among your contacts is already part...
ElevenPaths New plugins for FOCA: HaveIBeenPwned and SQLi Following the publication of Foca OpenSource, a lot of people are now enthusiatic about the idea of adding new plugins or improving existing ones. On...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
Carlos Ávila The Dark Side of WebAssembly Nowadays, the technologies for developing software for webs are multiplying rapidly, while introducing, in some cases, new ways of attack or unexpected advantages for attackers. Let’s see what WebAssembly...
Cybersecurity Weekly Briefing October 24-30ElevenPaths 30 October, 2020 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE SSMC is present in the HPE Primera and HPE 3PAR StoreServ storage platforms. The flaw has been classified by the company as highly critical because it is an easily exploitable vulnerability, which does not require user interaction and can be exploited by an unprivileged attacker. In addition, HPE has corrected 64 vulnerabilities affecting HPE Intelligent Management Center (iMC). HPE strongly recommends updating SSMC to 3.7.1.1 version or higher. More details: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04045en_us KashmirBlack Botnet attacks content management systems Imperva security researchers, after analysing the KashmirBlack botnet, have discovered that it would be infecting thousands of websites by attacking their content management systems (CMS). KashmirBlack controls hundreds of bots, each of which communicates with the C&C to receive new targets and perform brute-force attacks, install backdoors and expand the size of its network. According to researchers, the main objective of this botnet would be to infect websites and then use their servers to mine cryptocurrencies or redirect legitimate traffic to spam sites, among others. To spread, KashmirBlack looks for websites with CMSs such as WordPress, Magento or Joomla that run vulnerable software and use known exploits to exploit these bugs. All the info: https://www.imperva.com/blog/crimeops-of-the-kashmirblack-botnet-part-i/ TrickBot extends its activity to Linux devices On October 12th, Microsoft reported that a conglomerate of technology companies had participated in a joint action to eliminate the TrickBot botnet. Days later, Redmond company published that 94% of the infrastructure had been eliminated, but warned that the threat agents behind the botnet would reactivate its operations. As a result, Netscout research team has shared new findings where they explain who TrickBot authors have extrapolated parts of their code to Linux, in order to extend the reach of their victims. To do so, they are using a new TrickBot backdoor called Anchor, discovered in late 2019 by Cybereason researchers, which would now be used on Linux devices to allow communication with their Command & Control. Anchor stands out for using the DNS protocol to communicate with C2 servers in a stealthy way, and each part of the communication made to C2 follows a sequence of 3 different DNS queries, the last one being in charge of sending commands to the bot to execute a payload. According to researchers, these characteristics show great complexity in terms of communication with Anchor’s C2, and in addition, the payloads that the bot can execute reflect a constant capacity for innovation, as evidenced by its change to Linux. More: https://www.netscout.com/blog/asert/dropping-anchor Attempts to exploit a recent critical bug in Oracle WebLogic On October 20th, Oracle published its security newsletter correcting a critical bug in Oracle WebLogic servers that would allow remote code execution without authentication, CVE-2020-14882 (CVSS 9.8). Shortly after the code of exploitation of this vulnerability was made public, the SANS Institute of Technology detected attacks against its honeypots in which this bug was to be exploited. In these actions, the threat agents only verified whether the system was vulnerable. As a result, the application of the corresponding patches is strongly recommended to correct this vulnerability which would affect the following versions of Oracle WebLogic Server: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0. The attacks came from 4 IP addresses – 114,243,211[.]18 (China Unicom), 139,162,33[.]228 (Linode, USA), 185,225,19[.]240 (MivoCloud, Moldova) and 84,17,37[.]239 (DataCamp Ltd, Hong Kong) – and according to SANS, the exploit they used was based on the technical specifications of a Vietnamese blog post posted on Wednesday by security researcher @testanull. Info: https://isc.sans.edu/diary/26734 Malware campaigns lead to ransomware infection FireEye security researchers have made a publication compiling new campaigns from malware families that always work as droppers to end up with a ransomware infection. One of the characteristics is their methodology of action, since the threat agents carry out their attack within the first 24 hours of the initial compromise. It should also be noted that the different malware used, like Kegtap/Beerbot, Singlemalt/Stillbot and Winekey/Corkbot, use the same Command & Control infrastructure. The operators of these campaigns have so far targeted individuals from organisations in different sectors and geographical locations. The entry vector for these campaigns starts with the forwarding of malicious emails that simulate generic corporate communications and provide links to documents hosted on Google Docs, which include a new URL from which the malware is downloaded. Once this is executed in the host of the initial victim, the authors use useful loads such as Powetrick and/or Cobalt Strike to carry out network and host reconnaissance. In this way they can get to know the affected organisation internally and facilitate lateral movements, scale privileges, and in some cases, download and execute ransomware such as Ryuk. More: https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html Telefónica, Gradiant and Incibe Improve Companies’ Cyber SecurityZoomEye: Extending TheTHE With More Plugins
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
