ElevenPaths Keys to Implementing a 360 Corporate Digital Identity We analyze the identity management issues and the characteristics that a comprehensive solution of this kind must have in all organizations.
Gonzalo Álvarez Marañón Anti-Coronavirus Cryptography Discover how your privacy is protected in Covid-19 infection tracing apps in this post.
Innovation and Laboratory Area in ElevenPaths Most Software Handling Files Overlooks SmartScreen in Windows We analyse how this protection component of Windows Defender works with downloaded files.
ElevenPaths Cybersecurity Weekly Briefing 13-19 June Ripple 20 Vulnerabilities in TCP/IP Software JSOF researchers have discovered 19 0-day vulnerabilities, collectively called Ripple 20, in the TCP/IP software library developed by Treck that would affect more than...
Juan Elosua Tomé Popular Docker Images under Security Scrutiny Discover the research carried out by our TEGRA cybersecurity centre on this technology's images used in the development of applications.
ElevenPaths Telefonica’s ElevenPaths Expands its Collaboration with Fortinet to Improve Industrial Sector Security ElevenPaths and Fortinet partner to improve cybersecurity in industrial processes by delivering comprehensive OT, IT and IoT solutions to its customers.
Miguel Ángel de Castro Vendetta Group and the COVID-19 Phishing Emails A new threat has entered the COVID-19 scene: the Vendetta Group. How are their phishing campaigns different from others?
Cytomic Team, unit of Panda Security Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better Protection The Cytomic team, a unit of Panda Security, explains what the MITRE ATT&CK matrix is based on in order to standardise the behaviour of opponents.
Innovation and Laboratory Area in ElevenPaths AMSIext: Our Extension That Detects Malware in the Browser Memory Given the evolution in malware propagation techniques, we need mechanisms to detect threats as soon as possible such as AMSIext.
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
