Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths ElevenPaths participates in AMBER (“enhAnced Mobile BiomEtRics”) project ElevenPaths participates in the AMBER (“enhAnced Mobile BiomEtRics”) project since 1st January 2017 as an Industrial Partner. AMBER is a Marie Skłodowska-Curie Innovative Training Network under Grant Agreement No....
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
ElevenPaths #CyberSecurityPulse: The Last Disaster of Ethereum’s Most Important Wallets It is estimated that 587 wallets with around 513,774.16 ethers have been frozen after an anomaly in one of Ethereum’s most important wallets was detected. Parity Technologies, a company...
ElevenPaths New research: Docless Vietnam APT. A very interesting malware against Vietnam Government We have detected a malware sent to some email accounts belonging to a Vietnam government domain. This email is written in Vietnamese and is dated March 13th, 2019. It seems to...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths If you want to change your employees’ security habits, don’t call their will, modify their environment instead You’re in a coffee bar and you need to connect your smartphone to a Wi-Fi, so you check your screen and see the following options. Imagine that you know...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
#CyberSecurityPulse: Tell me your social networks and you will be welcome in the United States (or maybe not)ElevenPaths 3 April, 2018 The US Department of State wants to ask visa applicants to provide details of their social networks which they have used within the last five years, as well as their phone numbers, email addresses and international trips during this period. The plan, if approved by the US Office of Management and Budget, will extend the background screening to those who have been marked for additional immigration screening; for all of the immigrant visa applicants and for all of the non-immigrant visa applicants, such as business travellers and tourists. This type of measure is not new. At the end of 2016, a new request for social networks information was approved for the ESTA application (Electronic System for Travel Authorization). The standard, approved by the US Customs and Border Protection, requested (although it is still optional) that applicants provide their user names and accounts for Facebook, Instagram, Google+, LinkedIn and Youtube. According to the DHS (Department of Homeland Security), the social networks investigation would add a new level of security, acting as additional information to that which is already available from official sources. No one questions the impact that social networks have upon the public sphere and human privacy. In reality it is used as a new space for communication and a place in which the users express their preferences and opinions; yet, it is not new that these are very valuable sources of information for certain state agencies to obtain. More information available at FederalRegister.gov Highlighted news UK anti-doping centre confirms that it was the target of a cyber-attack Ukad, the United Kingdom’s antidoping centre, possesses medical records which includes personal information from medical tests of thousands of athletes, including Premier League football players and Olympians. Last week it was made public that they had suffered an attack but that none of their systems had been compromised and that none of the data had been lost. They added “we are satisfied that we have adequate levels of cyber-security”. Ukad has not said if they know who was behind the attack. “We took the necessary measures in order to investigate and resolve the situation”, the organisation said in a statement. It is certain that in the past a group called “Fancy Bears”, based in Russia, previously stole athletes’ medical data from the World Anti-Doping Agency. More information available at the BBC Protecting voter registration sites against possible intrusions The Centre for Internet Security’s newly established “Election Infrastructure of Information Sharing and Analysis Centre” (EI-ISAC), plans to deploy intrusion detection sensors on all 50 state voter registration websites by the mid 2018 elections. The sensors project is called “Albert”, according to CIS Vice President of Operations, Brian Calkin, the CIS has been using them state wide and locally since 2010. Albert open source sensors provide automated alerts on both traditional and advanced network threats. More information available at GNC News from the rest of the week New malware family, called GoScanSSH, which compromises SSH servers The investigators from Talos Intelligence Group of Cisco have identified a new malware family, named GoScanSSH, designed to compromise SSH servers. However, the Talos investigators noted a series of unusual attributes in respect to GoScanSSH. The most surprising is that it is written using the Go programming language. It is relatively rare to see malware written in this language. In this particular case, it has also been observed that the attacker created unique malware binaries for each infected host. More information available at Talos Microsoft’s Meltdown patch made Windows 7 PCs more insecure Shortly after Spectre and Meltdown were launched, the software providers, including Microsoft, released the corresponding patches. However, a Swedish security researcher, Ulf Frisk, discovered that Microsoft’s security fixes on Windows 7 PCs for Meltdown would now allow attackers to read the same kernel memory at Gbps speed, which makes the problem even worse on PCs running Windows 7 and Server 2008 R2 boxes. More information available at The Register 23% of VPN providers filter the IP address Security investigator Paolo Stagno, also known as VoidSec, has discovered that 23% (16/70) of VPN providers filter the users’ IP address using WebRTC. WebRTC is a free and open project that offers browsers and mobile applications real-time communication (RTC) capabilities through APIs. You can consult the list of VPNs in his blog. More information available at VoidSec Other news Northern Ireland Assembly warns of an email breach More information available at SC Magazine Airbnb China will share host information with the government More information available at Security Affairs Apple macOS issues reveal passwords for APFS encrypted volumes in plain text More information available at Security Affairs Register to the newsletter! How are we preparing ourselves for the RSA Conference 2018?Accelerating European cyber security between the United Kingdom and Telefonica (Wayra) – Part one of two
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
Sergio De Los Santos The attack against OpenPGP infrastructure: consequences of a SOB’s actions What is happening with the attack against OpenPGP infrastructure constitutes a disaster, according to the affected people who maintain the protocol. Robert J. Hansen, who communicated the incident, has...
ElevenPaths Your feelings influence your perception of risk and benefit more than you might think Security is both a feeling and a reality —Bruce Schneier Daniel Gardner starts his book The Science of Fear with the shocking history of US September 11 attacks: And so in...
