ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths Cybersecurity Weekly Briefing 26 September – 2 October The logistics giant CMA CGM affected by a cyber attack This week, the French logistics group CMA CGM, which operates in 160 different countries, reported via its website and social...
ElevenPaths How the “antimalware” XProtect for MacOS works and why it detects poorly and badly Recently, MacOS included a signature in its integrated antivirus, intended to detect a binary for Windows; but, does this detection make sense? We could think it does, as a...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Innovation and Laboratory Area in ElevenPaths DIARIO Already Detects “Stomped” Macros, But What Are They Exactly? Few weeks ago, we presented DIARIO, the malware detector that respects the privacy of users, and we continue to improve it so that it detects more and better. We...
ElevenPaths Cybersecurity Weekly Briefing October 17-23 New banking trojan called Vizom IBM Security Trusteer’s research team has published a report analysing the new “Brazilian family” banking Trojan called Vizom. This malicious software uses similar techniques to...
#CyberSecurityPulse: The Boom of JavaScript MinersElevenPaths 19 December, 2017 The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there are different ways to obtain cryptocurrencies and one of them is to start mining, but now it’s an expensive option. It is at this point that the picaresque of certain attackers comes to light. Security researchers from F5 Networks spotted a sophisticated malware campaign, tracked as Zealot campaign, targeting Linux and Windows servers to install Monero cryptocurrency miners. Experts observed threat actors scanning the Internet for particular unpatched servers and hack them with two exploits, one for Apache Struts (CVE-2017-5638) and one for the DotNetNuke ASP.NET CMS (CVE-2017-9822). Another recent case has been the one detected in the Starbucks of Buenos Aires where the clients’ computers were connected to their Wi-Fi and started to mine secretly. The notification to the company was made by the CEO of Stensul, Noah Dinkin, who made last December 2 a question through Twitter if they were aware of the situation. Dinkin commented in his tweet that JavaScript miner offered by Coinhive was being used to mine Monero cryptocurrency. In this sense, ElevenPaths has recently published on its blog an investigation that explains why Monero is currently betting on and not Bitcoin, as well as which are the most attractive websites for those who want to take advantage of the computing capacity of third parties. Faced with this situation, projects have recently been published, such as NoCoin extension to detect if your computer is being mined. However, these efforts are still insufficient. More information at ElevenPaths Top Stories FCC Killed Net Neutrality 3 out of 5 federal regulators voted last Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs) to treat all services and websites on the Internet equally and prohibit them from blocking sites or charging for higher-quality service. More information at The Hacker News Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints. By year’s end, companies must instead merely show that they have a plan in place to meet the regulations. The new regulations are meant to prevent the theft of sensitive data, which have been targeted by hackers. In October, U.S.officials acknowledged that hackers stole sensitive information about the F-35 Joint Strike Fighter from an Australian military supplier. More information at NextGov Rest of the Week´s News Suspicious Event Routes Traffic for Big-name Sites Through Russia Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional. Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances. More information at Ars Technica Two Critical Zero-Day Vulnerabilities Discovered in vBulletin Forum Disclosed Publicly Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a vBulletin forum of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. The first vulnerability discovered in vBulletin is a file inclusion issue that leads to remote code execution, allowing a remote attacker to include any file from the vBulletin server and execute arbitrary PHP code. The second vulnerability discovered in the vBulletin forum software version 5 has been assigned CVE-2017-17672 and described as a deserialization issue that an unauthenticated attacker can exploit to delete arbitrary files and even execute malicious code “under certain circumstances.” More information at The Hacker News Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy started testing the software and took no longer to discover a critical vulnerability that leads to “complete compromise of Keeper security, allowing any website to steal any password.” More information at The Hacker News Further Reading Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure More information at FireEye Lazarus APT Group Targets a London Cryptocurrency Company More information at Security Affairs Python Script Recovers Hidden Event Logs More information at Github Sign up for our newsletter! #CyberSecurityPulse: Army Launches Direct Commissioning Program for Civilian Cybersecurity ExpertsCome to Create Technology at Telefónica’s Chief Data Office Unit
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...