Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
ElevenPaths New Capabilities for the Future of Cybersecurity: Security Innovation Days 2020 (Day 2) Second day of the Security Innovation Days 2020, focusing on the new capabilities we have acquired as a cybersecurity company from Telefónica Tech. A few weeks ago, we announced...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths The Framing Effect: you make your choices depending on how information is presented You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have...
ElevenPaths #CyberSecurityPulse: Changing stereotypes in the security sector Ripples of outrage spread across the cybersecurity industry last week after women in red evening gowns were seen promoting a product at the Infosecurity Europe 2018 conference. The event’s...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Gonzalo Álvarez Marañón China Leads the Race Towards an Attack-Proof Quantum Internet We are one step closer to reaching the Holy Grail of cryptography. Discover the details in this article.
#CyberSecurityPulse: From the bug bounties (traditional) to the data abuse bountiesElevenPaths 19 April, 2018 Social networks image The Internet giants are going to great lengths to be transparent with their communication about the information they are gathering from their users. In the case of Facebook, they pay millions of dollars every year to investigators and bug hunters to detect security flaws in their products and infrastructure, in order to minimize the risk of being subject to specific attacks. Though, after the Cambridge Analytica scandal, the company has launched a new type of bug bounty to compensate those that report “data abuse” on their platform. Through the new program ‘Data Abuse Bounty’, Facebook will ask third parties to help them find application developers who are misusing their data. “Certain actors can maliciously gather and abuse Facebook user’s data even when security vulnerabilities do not exist. This program has the intention of protecting us against abuse”, according to the publication carried out by the company. This program is the first of its class in the industry, where the focus is on the misuse of the users’ data by application developers. The report submitted to Facebook by the analysts should involve at least 10,000 Facebook users and explain not only how the data was collected, but also how it was abused, and additionally about the fact that the problem was not known about by other means beforehand. On the other side, Facebook has also facilitated a platform where it offers social network users all of the information which they have been collecting about a particular user; measures which without a doubt are necessary in a moment where many people are distrusting the internet giants. More information available at Facebook Highlighted news Russia wants to block Telegram after the denial of an encryption key Anti-doping imagen The Russian media and internet regulator has asked a court to block the Telegram encrypted messaging application after the company refused to give their encryption keys to the state authorities. The regulator, known as Roskomnadzor, filed the suit in Moscow district court. The suit, which still has not been issued, contains a “request to restrict access to the information services in the Russian territory” from the application, they said in a statement. In other words, the government wants to block the application so that it does not work in the country. The suit comes after the Russian State security service, the FSB (before known as the KGB) called for the Dubai-based application developer to hand over their encryption keys, of which Russia claims is a legal suit. The entrepreneur and founder of the company, Pavel Durov refused to do so and thus, the Russian government took Telegram to court. More information available at the ZDNet The GCHQ director from the United Kingdom has confirmed an important cyberattack against the Islamic State According to the head of GCHQ, the attack was launched in collaboration with the ministry of defense from the United Kingdom and has disrupted Islamic State operations. The British Intelligence believes that this is the first time that “they have systematically and persistently degraded an opponent’s online efforts as part of wider military campaign”. Fleming explained that the cyber-experts from the United Kingdom have taken action to disrupt the online activities and networks from the Islamic State, and to discourage individuals or groups. “These operations have made a significant contribution to the coalition’s efforts to suppress the Daesh propaganda, they have obstructed their ability to coordinate attacks and have protected the coalition forces in the battlefield”, said the head pf GCHQ to the audience in the conference in Manchester. More information available at Security Affairs News from the rest of the week Microsoft adds anti-ransomware protection and recovery tools to Office 365 Microsoft has launched a series of new tools to protect their Office 365 Home and 365 Personal clients from a large range of cyber-threats, which includes ransomware. Kirk Koenigsbauer, Microsoft Office Corporate Vice President, said that the underwriters of these two Office suites will receive additional measures in order to protect against ransomware, threats based upon email addresses, greater password protection and the advanced link verification of Office products. More information available at SC Magazine A bug in Microsoft Outlook allows Windows’ passwords to be stolen easily The Microsoft Outlook (CVE-2018-0950) vunerability could allow attackers to steal confidential information, including the credentials of the user’s Windows login screen, simply convincing the victims to preview an email with Microsoft Outlook, without the need from additional interaction from the user. The vuneralbility would reside in a form in which Microsoft Outlook shows the content of the remotely located OLE when you preview a RTF email (enriched text formatting) and which automatically starts the SMB connections. More information available at CMU Your Windows could be compromised only by just visiting a website Microsoft has patched up five critical vulnerabilities in Windows Graphics Component which reside in the improper handling of embedded sources within the library of Window sources and which affect all of the versions from the operating Windows systems so far. An attacker can trick a user in order to open up a malicious archive or a website specifically deisgned with a maliscious source, and that if you open it in a web browser, it would give control of the affected system to the attacker. More information available at The Hacker News Other news Threat actors search for the Drupalgeddon2 vulnerability More information available at Security Affairs 3.3 million dollars stolen from the Coinsecure’s main base More information available at Security Affairs New code injection technique utilized by APT33 is named Early Bird to avoid detection through antimalware tools More information available at Security Affairs Register to the newsletter! Monero says goodbye to the ASIC miners (at least for now)AMSI, one step further from Windows malware detection
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...