Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
ElevenPaths #CyberSecurityPulse: Google’s project to fight election attacks On the night of the primary elections in May, the residents from the county Knox, Tennessee, did not know who had won for about an hour. They did not...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep...
ElevenPaths ElevenPaths further strengthens its reputation as a cybersecurity services provider Today was the fifth edition of the Security Day event, organized by ElevenPaths, the Telefónica Cybersecurity Unit, which took place in Madrid, under the slogan “Cybersecurity On Board“. This...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
#CyberSecurityPulse: From the bug bounties (traditional) to the data abuse bountiesElevenPaths 19 April, 2018 Social networks image The Internet giants are going to great lengths to be transparent with their communication about the information they are gathering from their users. In the case of Facebook, they pay millions of dollars every year to investigators and bug hunters to detect security flaws in their products and infrastructure, in order to minimize the risk of being subject to specific attacks. Though, after the Cambridge Analytica scandal, the company has launched a new type of bug bounty to compensate those that report “data abuse” on their platform. Through the new program ‘Data Abuse Bounty’, Facebook will ask third parties to help them find application developers who are misusing their data. “Certain actors can maliciously gather and abuse Facebook user’s data even when security vulnerabilities do not exist. This program has the intention of protecting us against abuse”, according to the publication carried out by the company. This program is the first of its class in the industry, where the focus is on the misuse of the users’ data by application developers. The report submitted to Facebook by the analysts should involve at least 10,000 Facebook users and explain not only how the data was collected, but also how it was abused, and additionally about the fact that the problem was not known about by other means beforehand. On the other side, Facebook has also facilitated a platform where it offers social network users all of the information which they have been collecting about a particular user; measures which without a doubt are necessary in a moment where many people are distrusting the internet giants. More information available at Facebook Highlighted news Russia wants to block Telegram after the denial of an encryption key Anti-doping imagen The Russian media and internet regulator has asked a court to block the Telegram encrypted messaging application after the company refused to give their encryption keys to the state authorities. The regulator, known as Roskomnadzor, filed the suit in Moscow district court. The suit, which still has not been issued, contains a “request to restrict access to the information services in the Russian territory” from the application, they said in a statement. In other words, the government wants to block the application so that it does not work in the country. The suit comes after the Russian State security service, the FSB (before known as the KGB) called for the Dubai-based application developer to hand over their encryption keys, of which Russia claims is a legal suit. The entrepreneur and founder of the company, Pavel Durov refused to do so and thus, the Russian government took Telegram to court. More information available at the ZDNet The GCHQ director from the United Kingdom has confirmed an important cyberattack against the Islamic State According to the head of GCHQ, the attack was launched in collaboration with the ministry of defense from the United Kingdom and has disrupted Islamic State operations. The British Intelligence believes that this is the first time that “they have systematically and persistently degraded an opponent’s online efforts as part of wider military campaign”. Fleming explained that the cyber-experts from the United Kingdom have taken action to disrupt the online activities and networks from the Islamic State, and to discourage individuals or groups. “These operations have made a significant contribution to the coalition’s efforts to suppress the Daesh propaganda, they have obstructed their ability to coordinate attacks and have protected the coalition forces in the battlefield”, said the head pf GCHQ to the audience in the conference in Manchester. More information available at Security Affairs News from the rest of the week Microsoft adds anti-ransomware protection and recovery tools to Office 365 Microsoft has launched a series of new tools to protect their Office 365 Home and 365 Personal clients from a large range of cyber-threats, which includes ransomware. Kirk Koenigsbauer, Microsoft Office Corporate Vice President, said that the underwriters of these two Office suites will receive additional measures in order to protect against ransomware, threats based upon email addresses, greater password protection and the advanced link verification of Office products. More information available at SC Magazine A bug in Microsoft Outlook allows Windows’ passwords to be stolen easily The Microsoft Outlook (CVE-2018-0950) vunerability could allow attackers to steal confidential information, including the credentials of the user’s Windows login screen, simply convincing the victims to preview an email with Microsoft Outlook, without the need from additional interaction from the user. The vuneralbility would reside in a form in which Microsoft Outlook shows the content of the remotely located OLE when you preview a RTF email (enriched text formatting) and which automatically starts the SMB connections. More information available at CMU Your Windows could be compromised only by just visiting a website Microsoft has patched up five critical vulnerabilities in Windows Graphics Component which reside in the improper handling of embedded sources within the library of Window sources and which affect all of the versions from the operating Windows systems so far. An attacker can trick a user in order to open up a malicious archive or a website specifically deisgned with a maliscious source, and that if you open it in a web browser, it would give control of the affected system to the attacker. More information available at The Hacker News Other news Threat actors search for the Drupalgeddon2 vulnerability More information available at Security Affairs 3.3 million dollars stolen from the Coinsecure’s main base More information available at Security Affairs New code injection technique utilized by APT33 is named Early Bird to avoid detection through antimalware tools More information available at Security Affairs Register to the newsletter! Monero says goodbye to the ASIC miners (at least for now)AMSI, one step further from Windows malware detection
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
Sergio De Los Santos New App to Clean Metadata More Easily We are not going to repeat the dangers of metadata, since it has been discussed for quite some time now. However, we can try to make its management and cleaning simpler. Some...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
