AI of Things Data Attributes: the new Digital Identity Currency The 2018 edition of the Mobile World Congress took place in Barcelona between the 25th and 28th of February. During the event, a panel discussion took place that featured...
AI of Things How has the NFL Super Bowl evolved with the introduction of Big Data? Last year saw the 50th anniversary of the NFL Super Bowl and it is clear that it has become one of the most hotly anticipated events of the year,...
Beatriz Sanz Baños IOT Worker’s Diary 07:00 am. Daniel opens his eyes for the first time while he’s listening to his favourite song and he goes back to sleep with a big smile. “Only five minutes...
Beatriz Sanz Baños The next big battle for energy efficiency … air conditioners “The growing demand for energy from air conditioners (ACs) is one of the critical points in the debate about energy and sustainability. It is necessary to reduce their energy...
ElevenPaths #CyberSecurityPulse: Biggest-Ever DDoS Attack Hits Github Website At the end of 2016, a DDoS attack on DynDNS blocked major Internet sites such as Twitter, Spotify and PayPal. The Mirai botnet was used to take advantage of...
Andrés Naranjo Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin America “It is not the strongest of the species that survives, not the most intelligent that survives. It is the one that is the most adaptable to change”.Charles Darwin One of...
#CyberSecurityPulse: The Boom of JavaScript MinersElevenPaths 19 December, 2017 The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there are different ways to obtain cryptocurrencies and one of them is to start mining, but now it’s an expensive option. It is at this point that the picaresque of certain attackers comes to light. Security researchers from F5 Networks spotted a sophisticated malware campaign, tracked as Zealot campaign, targeting Linux and Windows servers to install Monero cryptocurrency miners. Experts observed threat actors scanning the Internet for particular unpatched servers and hack them with two exploits, one for Apache Struts (CVE-2017-5638) and one for the DotNetNuke ASP.NET CMS (CVE-2017-9822). Another recent case has been the one detected in the Starbucks of Buenos Aires where the clients’ computers were connected to their Wi-Fi and started to mine secretly. The notification to the company was made by the CEO of Stensul, Noah Dinkin, who made last December 2 a question through Twitter if they were aware of the situation. Dinkin commented in his tweet that JavaScript miner offered by Coinhive was being used to mine Monero cryptocurrency. In this sense, ElevenPaths has recently published on its blog an investigation that explains why Monero is currently betting on and not Bitcoin, as well as which are the most attractive websites for those who want to take advantage of the computing capacity of third parties. Faced with this situation, projects have recently been published, such as NoCoin extension to detect if your computer is being mined. However, these efforts are still insufficient. More information at ElevenPaths Top Stories FCC Killed Net Neutrality 3 out of 5 federal regulators voted last Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs) to treat all services and websites on the Internet equally and prohibit them from blocking sites or charging for higher-quality service. More information at The Hacker News Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect sensitive military data and weapon blueprints. By year’s end, companies must instead merely show that they have a plan in place to meet the regulations. The new regulations are meant to prevent the theft of sensitive data, which have been targeted by hackers. In October, U.S.officials acknowledged that hackers stole sensitive information about the F-35 Joint Strike Fighter from an Australian military supplier. More information at NextGov Rest of the Week´s News Suspicious Event Routes Traffic for Big-name Sites Through Russia Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional. Wednesday’s event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances. More information at Ars Technica Two Critical Zero-Day Vulnerabilities Discovered in vBulletin Forum Disclosed Publicly Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a vBulletin forum of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. The first vulnerability discovered in vBulletin is a file inclusion issue that leads to remote code execution, allowing a remote attacker to include any file from the vBulletin server and execute arbitrary PHP code. The second vulnerability discovered in the vBulletin forum software version 5 has been assigned CVE-2017-17672 and described as a deserialization issue that an unauthenticated attacker can exploit to delete arbitrary files and even execute malicious code “under certain circumstances.” More information at The Hacker News Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ permission. According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy started testing the software and took no longer to discover a critical vulnerability that leads to “complete compromise of Keeper security, allowing any website to steal any password.” More information at The Hacker News Further Reading Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure More information at FireEye Lazarus APT Group Targets a London Cryptocurrency Company More information at Security Affairs Python Script Recovers Hidden Event Logs More information at Github Sign up for our newsletter! #CyberSecurityPulse: Army Launches Direct Commissioning Program for Civilian Cybersecurity ExpertsCome to Create Technology at Telefónica’s Chief Data Office Unit
Carlos Ávila IoTM Mobile Applications and The Relevance Of Their Security Almost a year ago in the article “Internet of Health“ I described how incredible is the amount of applications and devices that the medical industry has deployed and will...
ElevenPaths DevSecOps: 7 Key Factors for Implementing Security in Devops DevSecOps, also known as SecDevOps, is a software development philosophy that advocates the adoption of security throughout the software development lifecycle (SDLC). DevSecOps is more than just a specific...
Antonio Gil Moyano Security in video call applications: Microsoft Teams, Zoom and Google Meet There is no doubt that instant messaging programmes have become an essential communication tool in our personal and professional lives. There is also no doubt that video calling applications,...
ElevenPaths Cyber Security Weekly Briefing June 5-11 Microsoft’s monthly bulletin Microsoft has released its June security bulletin, which fixes 50 vulnerabilities, including remote code execution (RCE) flaws, denial of service issues, privilege escalation and memory corruption issues....
ElevenPaths When I grow up I want to be… Engineer “What do you want to be when you grow up? A classic. So simple, yet so complex, and curiously so often asked when we are just kids… when perhaps...
Innovation and Laboratory Area in ElevenPaths We Are Taking Part in The Arsenal Black Hat USA 2021: Hybrid Pandemic Mode On Once again, the ElevenPaths Innovation and Lab team is taking part in the Black Hat USA 2021 Arsenal in Las Vegas to share a new open-source tool with the...
