ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing December 5-11 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
ElevenPaths Cybersecurity Weekly Briefing July 11-17 Combining Citrix vulnerabilities to steal user sessions On July 7th, Citrix published a security bulletin to correct up to 11 vulnerabilities. A few days later, a report was released with...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
ElevenPaths Telefónica’s ElevenPaths enhances its global IoT security capabilities with Subex This collaboration provisions the offering of IoT Threat Detection, an incident monitoring and response service for IoT environments.This solution has the capability of learning and modelling the legitimate behaviour...
#CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address?ElevenPaths 23 January, 2018 As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80 bytes) that is usually used to timestamp information taking advantage of the fact that the Bitcoin network is distributed and replicated throughout the network. Numerous projects are used to create use cases to certify that something has happened as the Proof of Existence project, validate academic certificates or even publish the orders to execute the infected nodes inside a botnet. However, did you know what was the technique used before 2013 to store information in the blockchain? In this sense, the Bitcoin addresses were used (and still are used). At the end, an address does not stop being a text string encoded in Base58Check that contains useful data of up to 20 bytes in length relative to the hash of the public key associated with the address. Knowing this, small quantities were sent to these arbitrarily generated addresses, and therefore, no known private key. This has the consequence that the balance sent to those addresses for which the private key is not available will not be able to be spent, but at least it guaranteed that the operations will be stored in the chain of blocks. Knowing this, we propose a challenge. Go to the next transaction and try to identify the address that starts with ’15g’. Next, check if it is a valid address (it should be because it is in the blockchain of Bitcoin!). And then try to decode it from Base58 to hexadecimal. And finally, decode it from hexadecimal to ASCII characters. Would you know what information was stored in that transaction issued five years ago? The way to store information in a blockchain has evolved over time based on the needs of developers. But also here many times the debate goes from being technical to philosophical. The new functionalities have also generated much debate about the way forward since the adoption of these new features have implications that may question the original meaning of some projects. Consensus is not always possible. Top Stories The US Global Surveillance Bill Has Been Signed by President Trump The U.S. legal framework related to the domestic surveillance has been signed by President Trump one day after the Senate approved it with 65 votes against 34. Privacy advocates and civil rights have a long criticized the Section 702 of the Foreign Intelligence Surveillance Act (FISA) that allows US intelligence agencies to conduct domestic surveillance under certain conditions without a warrant. The Section 702 allows the NSA to conduct warrantless spying of foreigners located abroad, including any communications with US citizens. More information at House.gov Russia-linked hackers targeting US Senate Russian hackers from the group known as Fancy Bear are targeting the U.S. Senate, according to Trend Micro. Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, they could uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt. More information at TrendMicro Rest of the Week´s News Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. Zyklon has been observed in the wild since early 2016 and provides myriad sophisticated capabilities. Zyklon is a publicly available, full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal. More information at FireEye Skype Finally Adds End-to-End Encryption for Private Conversations Dubbed Private Conversations, the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. Private Conversations is already available to the Skype Insider program—a platform that allows Skype users to test new features before they rolled out to the rest of its over 300 million of users worldwide. More information at Microsoft Triton Malware Exploited a Zero-Day Flaw in Schneider Triconex SIS Controllers In December 2017, a new malicious code dubbed Triton malware was discovered by researchers at FireEye. The industrial giant Schneider discovered that the Triton malware exploited a zero-day vulnerability in Triconex Safety Instrumented System (SIS). Initial analysis conducted by Schneider excluded that hackers may have leveraged any vulnerabilities in the target products, but now the vendor has discovered that Triton malware exploited a flaw in older versions of the Triconex Tricon system. More information at Security Affairs Further Reading Nearly Half of the Norway Population Exposed in HealthCare Data Breach More information at The Hacker News Flaw in Popular Transmission BitTorrent Client Lets Hackers Control Your PC Remotely More information at Chromium A Hospital Victim of a New SamSam Ransomware Campaign Paid $55,000 Ransom More information at Security Affairs Sign up for our newsletter! #CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone’s BusinessTackling Cybercrime: Three Recommendations for 2018
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...