Nacho Palou MWC: All the innovations and expertise we shared Following four intense days, Mobile Word Congress (MWC) 2023 bids farewell today until next year. Since opening its doors last Monday, attendees have had the opportunity to see the...
Telefónica Tech Cyber Security Weekly Briefing, 18 – 24 February Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb Fortinet has issued a security advisory fixing two critical vulnerabilities affecting its FortiNAC and FortiWeb products. The security flaws have been registered...
Innovation and Laboratory Area in ElevenPaths Cyber Security State: Top Threats, Risks and Vulnerabilities There are many reports on security trends and summaries, but at Telefónica Tech we want to make a difference. The Innovation and Lab team has just launched our own...
Telefónica Tech Cyber Security Weekly Briefing, 11 – 17 February Apple fixes actively exploited 0-day Apple has issued several security advisories to fix an actively exploited 0-day vulnerability. The security flaw, listed as CVE-2023-23529, is a type confusion in the browser’s...
Marta Mallavibarrena Artificial Intelligence, ChatGPT, and Cyber Security Artificial Intelligence (AI) has become a frequent topic on this blog. Almost all predictions of technological trends for the coming years include it as one of the key advances. In...
Nacho Palou We are now live! Discover the new Telefónica Tech website We have redesigned the Telefónica Tech website to represent who we are as a digital solutions integrator. We also want to share what we do, who is behind it...
Íñigo Echavarri The role of “Threat Hunting” as an enabler in ransomware incident response Following in the wake of the articles developed to shed light on incident response in our group, it seems clear that the actions required to deploy ransomware with the...
Telefónica Tech Cyber Security Weekly Briefing, 4 – 10 February Critical vulnerability in Atlassian Jira Atlassian has issued a security advisory in which it releases fixes to resolve a critical vulnerability in Jira Service Management Server and Data Center. According to...
Telefónica Tech How I won a Capture the Flag competition by solving challenges using my mobile phone David Soto, winner of the challenge, collecting the prize together with Humbert Ruiz, from 42 Barcelona, Fundación Telefónica’s programming campus. We organised activities aimed at the technical audience in the...
Telefónica Tech Cyber Security Weekly Briefing, 21 January – 3 February LockBit Green: new LockBit variant Researchers at vx-underground have recently detected that a new ransomware variant, called LockBit Green, is being used by the LockBit ransomware handlers. This new variant...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths) Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick Quick and dirty shellcode to binary python script https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python…...
