ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths #CyberSecurityPulse: Google’s project to fight election attacks On the night of the primary elections in May, the residents from the county Knox, Tennessee, did not know who had won for about an hour. They did not...
ElevenPaths Rock appround the clock, our research in DEFCON In the world of Threat Intelligence, determining the attacker’s geographical location of is one of the most valuable data for attribution techniques, even if not perceived like that, this...
ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Open source maintainer burnout as an attack surface Introduction Software development has evolved greatly in the last decades. It is leaning towards an scenario based in third-party modules, components and libraries that help accelerate the development of our...
ElevenPaths New plugins for FOCA: HaveIBeenPwned and SQLi Following the publication of Foca OpenSource, a lot of people are now enthusiatic about the idea of adding new plugins or improving existing ones. On...
ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths 2019 won’t be the year when quantum computers replace the cryptography that we all use What would happen if a fully error corrected quantum computer of several thousands of logical qubits started working today? Public key infrastructures would fall down. The secrets of the...
ElevenPaths ElevenPaths #CyberTricks Last Thursday, November 30th, Cybersecurity Day was celebrated internationally. At ElevenPaths we continue with commemoration, so that we have collected some #CyberTricks from our experts (Chema Alonso, Pablo San...
#CyberSecurityPulse: Tell me your social networks and you will be welcome in the United States (or maybe not)ElevenPaths 3 April, 2018 The US Department of State wants to ask visa applicants to provide details of their social networks which they have used within the last five years, as well as their phone numbers, email addresses and international trips during this period. The plan, if approved by the US Office of Management and Budget, will extend the background screening to those who have been marked for additional immigration screening; for all of the immigrant visa applicants and for all of the non-immigrant visa applicants, such as business travellers and tourists. This type of measure is not new. At the end of 2016, a new request for social networks information was approved for the ESTA application (Electronic System for Travel Authorization). The standard, approved by the US Customs and Border Protection, requested (although it is still optional) that applicants provide their user names and accounts for Facebook, Instagram, Google+, LinkedIn and Youtube. According to the DHS (Department of Homeland Security), the social networks investigation would add a new level of security, acting as additional information to that which is already available from official sources. No one questions the impact that social networks have upon the public sphere and human privacy. In reality it is used as a new space for communication and a place in which the users express their preferences and opinions; yet, it is not new that these are very valuable sources of information for certain state agencies to obtain. More information available at FederalRegister.gov Highlighted news UK anti-doping centre confirms that it was the target of a cyber-attack Ukad, the United Kingdom’s antidoping centre, possesses medical records which includes personal information from medical tests of thousands of athletes, including Premier League football players and Olympians. Last week it was made public that they had suffered an attack but that none of their systems had been compromised and that none of the data had been lost. They added “we are satisfied that we have adequate levels of cyber-security”. Ukad has not said if they know who was behind the attack. “We took the necessary measures in order to investigate and resolve the situation”, the organisation said in a statement. It is certain that in the past a group called “Fancy Bears”, based in Russia, previously stole athletes’ medical data from the World Anti-Doping Agency. More information available at the BBC Protecting voter registration sites against possible intrusions The Centre for Internet Security’s newly established “Election Infrastructure of Information Sharing and Analysis Centre” (EI-ISAC), plans to deploy intrusion detection sensors on all 50 state voter registration websites by the mid 2018 elections. The sensors project is called “Albert”, according to CIS Vice President of Operations, Brian Calkin, the CIS has been using them state wide and locally since 2010. Albert open source sensors provide automated alerts on both traditional and advanced network threats. More information available at GNC News from the rest of the week New malware family, called GoScanSSH, which compromises SSH servers The investigators from Talos Intelligence Group of Cisco have identified a new malware family, named GoScanSSH, designed to compromise SSH servers. However, the Talos investigators noted a series of unusual attributes in respect to GoScanSSH. The most surprising is that it is written using the Go programming language. It is relatively rare to see malware written in this language. In this particular case, it has also been observed that the attacker created unique malware binaries for each infected host. More information available at Talos Microsoft’s Meltdown patch made Windows 7 PCs more insecure Shortly after Spectre and Meltdown were launched, the software providers, including Microsoft, released the corresponding patches. However, a Swedish security researcher, Ulf Frisk, discovered that Microsoft’s security fixes on Windows 7 PCs for Meltdown would now allow attackers to read the same kernel memory at Gbps speed, which makes the problem even worse on PCs running Windows 7 and Server 2008 R2 boxes. More information available at The Register 23% of VPN providers filter the IP address Security investigator Paolo Stagno, also known as VoidSec, has discovered that 23% (16/70) of VPN providers filter the users’ IP address using WebRTC. WebRTC is a free and open project that offers browsers and mobile applications real-time communication (RTC) capabilities through APIs. You can consult the list of VPNs in his blog. More information available at VoidSec Other news Northern Ireland Assembly warns of an email breach More information available at SC Magazine Airbnb China will share host information with the government More information available at Security Affairs Apple macOS issues reveal passwords for APFS encrypted volumes in plain text More information available at Security Affairs Register to the newsletter! How are we preparing ourselves for the RSA Conference 2018?Accelerating European cyber security between the United Kingdom and Telefonica (Wayra) – Part one of two
ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
Sergio De Los Santos New App to Clean Metadata More Easily We are not going to repeat the dangers of metadata, since it has been discussed for quite some time now. However, we can try to make its management and cleaning simpler. Some...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
