ElevenPaths ElevenPaths at RSA Conference 2020 Once again, we return to the RSA Conference, the reference event in the cybersecurity sector. From February 24 to 27 we will be presenting our proposal under the claim...
ElevenPaths The Telco Security Alliance Bolsters Threat Detection Capabilities Through Shared Intelligence Dallas, Singapore and Madrid, February 18th, 2020 – The Telco Security Alliance today announced new collaborative efforts designed to further enhance the ability to detect and eliminate threats from customer environments. Members of the alliance —...
ElevenPaths ElevenPaths further strengthens its reputation as a cybersecurity services provider Today was the fifth edition of the Security Day event, organized by ElevenPaths, the Telefónica Cybersecurity Unit, which took place in Madrid, under the slogan “Cybersecurity On Board“. This...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
Innovation and Laboratory Area in ElevenPaths TheTHE: The Threat Hunting Environment, our tool for researchers TheTHE, a unique tool within its category that allows analysts and hunters to carry out their research tasks in a more agile and practical way.
ElevenPaths #CyberSecurityPulse: Oops, I Went Running and I Published Information From Secret Locations The popular fitness tracking app Strava proudly published a 2017 heat map showing activities from its users around the world, but unfortunately, the map revealed locations of the United...
ElevenPaths #CyberSecurityPulse: New proposal to adapt U.S. Marine Corps capabilities to the new times The head of the U.S. Marine Corps wants to remodel his team. The Marine Corps is considering offering bonuses and other benefits to attract older, more experienced Marines to...
ElevenPaths ElevenPaths at RSA Conference 2020 Once again, we return to the RSA Conference, the reference event in the cybersecurity sector. From February 24 to 27 we will be presenting our proposal under the claim...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
Sergio De Los Santos Apple introduces up to 14 signatures in XProtect given the malware flood for Mac What is Apple doing about Shlayer malware? We analyze the main tools that MacOS is using to face this threat.
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
#CyberSecurityPulse: The Boom of JavaScript MinersElevenPaths 19 December, 2017 The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there are different ways to obtain cryptocurrencies and one of them is to start mining, but now it’s an expensive option. It is at this point that the picaresque of certain attackers comes to light. Security researchers from F5 Networks spotted a sophisticated malware campaign, tracked as Zealot campaign, targeting Linux and Windows servers to install Monero cryptocurrency miners. Experts observed threat actors scanning the Internet for particular unpatched servers and hack them with two exploits, one for Apache Struts (CVE-2017-5638) and one for the DotNetNuke ASP.NET CMS (CVE-2017-9822). Another recent case has been the one detected in the Starbucks of Buenos Aires where the clients’ computers were connected to their Wi-Fi and started to mine secretly. The notification to the company was made by the CEO of Stensul, Noah Dinkin, who made last December 2 a question through Twitter if they were aware of the situation. Dinkin commented in his tweet that JavaScript miner offered by Coinhive was being used to mine Monero cryptocurrency. In this sense, ElevenPaths has recently published on its blog an investigation that explains why Monero is currently betting on and not Bitcoin, as well as which are the most attractive websites for those who want to take advantage of the computing capacity of third parties. Faced with this situation, projects have recently been published, such as NoCoin extension to detect if your computer is being mined. However, these efforts are still insufficient. More information at ElevenPaths Top Stories FCC Killed Net Neutrality 3 out of 5 federal regulators voted last Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs) to treat all services and websites on the Internet equally and prohibit them from blocking sites or charging for higher-quality service. More information at The Hacker News Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints. By year’s end, companies must instead merely show that they have a plan in place to meet the regulations. The new regulations are meant to prevent the theft of sensitive data, which have been targeted by hackers. In October, U.S.officials acknowledged that hackers stole sensitive information about the F-35 Joint Strike Fighter from an Australian military supplier. More information at NextGov Rest of the Week´s News Suspicious Event Routes Traffic for Big-name Sites Through Russia Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional. Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances. More information at Ars Technica Two Critical Zero-Day Vulnerabilities Discovered in vBulletin Forum Disclosed Publicly Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a vBulletin forum of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. The first vulnerability discovered in vBulletin is a file inclusion issue that leads to remote code execution, allowing a remote attacker to include any file from the vBulletin server and execute arbitrary PHP code. The second vulnerability discovered in the vBulletin forum software version 5 has been assigned CVE-2017-17672 and described as a deserialization issue that an unauthenticated attacker can exploit to delete arbitrary files and even execute malicious code “under certain circumstances.” More information at The Hacker News Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy started testing the software and took no longer to discover a critical vulnerability that leads to “complete compromise of Keeper security, allowing any website to steal any password.” More information at The Hacker News Further Reading Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure More information at FireEye Lazarus APT Group Targets a London Cryptocurrency Company More information at Security Affairs Python Script Recovers Hidden Event Logs More information at Github Sign up for our newsletter! #CyberSecurityPulse: Army Launches Direct Commissioning Program for Civilian Cybersecurity ExpertsCome to Create Technology at Telefónica’s Chief Data Office Unit
ElevenPaths ElevenPaths at RSA Conference 2020 Once again, we return to the RSA Conference, the reference event in the cybersecurity sector. From February 24 to 27 we will be presenting our proposal under the claim...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
ElevenPaths The Telco Security Alliance Bolsters Threat Detection Capabilities Through Shared Intelligence Dallas, Singapore and Madrid, February 18th, 2020 – The Telco Security Alliance today announced new collaborative efforts designed to further enhance the ability to detect and eliminate threats from customer environments. Members of the alliance —...
Innovation and Laboratory Area in ElevenPaths TheTHE: The Threat Hunting Environment, our tool for researchers TheTHE, a unique tool within its category that allows analysts and hunters to carry out their research tasks in a more agile and practical way.
ElevenPaths New Global DDoS Threat Report Globally, Distributed Denial of Service (DDoS) attacks have become more prevalent, powerful and sophisticated. Attackers continue to see great success from using DDoS attacks as a major attack...
Pablo Alarcón Padellano ElevenPaths recognized by Check Point Software Technologies as a CloudGuard Specialized Partner After developping a wide portfolio of Cloud Security Services, ElevenPaths has been recognized by its Strategic Partner Check Point as a CloudGuard Specialized Partner.
