ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
Pablo Alarcón Padellano ElevenPaths recognized by Check Point Software Technologies as a CloudGuard Specialized Partner After developping a wide portfolio of Cloud Security Services, ElevenPaths has been recognized by its Strategic Partner Check Point as a CloudGuard Specialized Partner.
ElevenPaths Carrier Level Immutable Protection (CLIP): secure and trusted technology to empowering carriers. A year ago, we were signing our partnership agreement with Rivetz, where we set the stage for the creation of a new decentralized model to enhance data security and...
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths #CyberSecurityPulse: The Boom of JavaScript Miners The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there...
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
Sergio De Los Santos Apple introduces up to 14 signatures in XProtect given the malware flood for Mac What is Apple doing about Shlayer malware? We analyze the main tools that MacOS is using to face this threat.
ElevenPaths 2019 won’t be the year when quantum computers replace the cryptography that we all use What would happen if a fully error corrected quantum computer of several thousands of logical qubits started working today? Public key infrastructures would fall down. The secrets of the...
#CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address?ElevenPaths 23 January, 2018 As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80 bytes) that is usually used to timestamp information taking advantage of the fact that the Bitcoin network is distributed and replicated throughout the network. Numerous projects are used to create use cases to certify that something has happened as the Proof of Existence project, validate academic certificates or even publish the orders to execute the infected nodes inside a botnet. However, did you know what was the technique used before 2013 to store information in the blockchain? In this sense, the Bitcoin addresses were used (and still are used). At the end, an address does not stop being a text string encoded in Base58Check that contains useful data of up to 20 bytes in length relative to the hash of the public key associated with the address. Knowing this, small quantities were sent to these arbitrarily generated addresses, and therefore, no known private key. This has the consequence that the balance sent to those addresses for which the private key is not available will not be able to be spent, but at least it guaranteed that the operations will be stored in the chain of blocks. Knowing this, we propose a challenge. Go to the next transaction and try to identify the address that starts with ’15g’. Next, check if it is a valid address (it should be because it is in the blockchain of Bitcoin!). And then try to decode it from Base58 to hexadecimal. And finally, decode it from hexadecimal to ASCII characters. Would you know what information was stored in that transaction issued five years ago? The way to store information in a blockchain has evolved over time based on the needs of developers. But also here many times the debate goes from being technical to philosophical. The new functionalities have also generated much debate about the way forward since the adoption of these new features have implications that may question the original meaning of some projects. Consensus is not always possible. Top Stories The US Global Surveillance Bill Has Been Signed by President Trump The U.S. legal framework related to the domestic surveillance has been signed by President Trump one day after the Senate approved it with 65 votes against 34. Privacy advocates and civil rights have a long criticized the Section 702 of the Foreign Intelligence Surveillance Act (FISA) that allows US intelligence agencies to conduct domestic surveillance under certain conditions without a warrant. The Section 702 allows the NSA to conduct warrantless spying of foreigners located abroad, including any communications with US citizens. More information at House.gov Russia-linked hackers targeting US Senate Russian hackers from the group known as Fancy Bear are targeting the U.S. Senate, according to Trend Micro. Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, they could uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt. More information at TrendMicro Rest of the Week´s News Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. Zyklon has been observed in the wild since early 2016 and provides myriad sophisticated capabilities. Zyklon is a publicly available, full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal. More information at FireEye Skype Finally Adds End-to-End Encryption for Private Conversations Dubbed Private Conversations, the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. Private Conversations is already available to the Skype Insider program—a platform that allows Skype users to test new features before they rolled out to the rest of its over 300 million of users worldwide. More information at Microsoft Triton Malware Exploited a Zero-Day Flaw in Schneider Triconex SIS Controllers In December 2017, a new malicious code dubbed Triton malware was discovered by researchers at FireEye. The industrial giant Schneider discovered that the Triton malware exploited a zero-day vulnerability in Triconex Safety Instrumented System (SIS). Initial analysis conducted by Schneider excluded that hackers may have leveraged any vulnerabilities in the target products, but now the vendor has discovered that Triton malware exploited a flaw in older versions of the Triconex Tricon system. More information at Security Affairs Further Reading Nearly Half of the Norway Population Exposed in HealthCare Data Breach More information at The Hacker News Flaw in Popular Transmission BitTorrent Client Lets Hackers Control Your PC Remotely More information at Chromium A Hospital Victim of a New SamSam Ransomware Campaign Paid $55,000 Ransom More information at Security Affairs Sign up for our newsletter! #CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone’s BusinessTackling Cybercrime: Three Recommendations for 2018
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths How to Detect and Protect Yourself from Phishing Attacks in Times of Coronavirus The overinformation caused by the huge amount of news we receive about coronavirus makes it harder to distinguish true from fake emails. This poses a great risk to people’s security, since it...
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
