ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
Pablo Alarcón Padellano ElevenPaths recognized by Check Point Software Technologies as a CloudGuard Specialized Partner After developping a wide portfolio of Cloud Security Services, ElevenPaths has been recognized by its Strategic Partner Check Point as a CloudGuard Specialized Partner.
ElevenPaths Carrier Level Immutable Protection (CLIP): secure and trusted technology to empowering carriers. A year ago, we were signing our partnership agreement with Rivetz, where we set the stage for the creation of a new decentralized model to enhance data security and...
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths #CyberSecurityPulse: The Boom of JavaScript Miners The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest? However, as we know, there...
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
Sergio De Los Santos Apple introduces up to 14 signatures in XProtect given the malware flood for Mac What is Apple doing about Shlayer malware? We analyze the main tools that MacOS is using to face this threat.
ElevenPaths 2019 won’t be the year when quantum computers replace the cryptography that we all use What would happen if a fully error corrected quantum computer of several thousands of logical qubits started working today? Public key infrastructures would fall down. The secrets of the...
#CyberSecurityPulse: Tell me your social networks and you will be welcome in the United States (or maybe not)ElevenPaths 3 April, 2018 The US Department of State wants to ask visa applicants to provide details of their social networks which they have used within the last five years, as well as their phone numbers, email addresses and international trips during this period. The plan, if approved by the US Office of Management and Budget, will extend the background screening to those who have been marked for additional immigration screening; for all of the immigrant visa applicants and for all of the non-immigrant visa applicants, such as business travellers and tourists. This type of measure is not new. At the end of 2016, a new request for social networks information was approved for the ESTA application (Electronic System for Travel Authorization). The standard, approved by the US Customs and Border Protection, requested (although it is still optional) that applicants provide their user names and accounts for Facebook, Instagram, Google+, LinkedIn and Youtube. According to the DHS (Department of Homeland Security), the social networks investigation would add a new level of security, acting as additional information to that which is already available from official sources. No one questions the impact that social networks have upon the public sphere and human privacy. In reality it is used as a new space for communication and a place in which the users express their preferences and opinions; yet, it is not new that these are very valuable sources of information for certain state agencies to obtain. More information available at FederalRegister.gov Highlighted news UK anti-doping centre confirms that it was the target of a cyber-attack Ukad, the United Kingdom’s antidoping centre, possesses medical records which includes personal information from medical tests of thousands of athletes, including Premier League football players and Olympians. Last week it was made public that they had suffered an attack but that none of their systems had been compromised and that none of the data had been lost. They added “we are satisfied that we have adequate levels of cyber-security”. Ukad has not said if they know who was behind the attack. “We took the necessary measures in order to investigate and resolve the situation”, the organisation said in a statement. It is certain that in the past a group called “Fancy Bears”, based in Russia, previously stole athletes’ medical data from the World Anti-Doping Agency. More information available at the BBC Protecting voter registration sites against possible intrusions The Centre for Internet Security’s newly established “Election Infrastructure of Information Sharing and Analysis Centre” (EI-ISAC), plans to deploy intrusion detection sensors on all 50 state voter registration websites by the mid 2018 elections. The sensors project is called “Albert”, according to CIS Vice President of Operations, Brian Calkin, the CIS has been using them state wide and locally since 2010. Albert open source sensors provide automated alerts on both traditional and advanced network threats. More information available at GNC News from the rest of the week New malware family, called GoScanSSH, which compromises SSH servers The investigators from Talos Intelligence Group of Cisco have identified a new malware family, named GoScanSSH, designed to compromise SSH servers. However, the Talos investigators noted a series of unusual attributes in respect to GoScanSSH. The most surprising is that it is written using the Go programming language. It is relatively rare to see malware written in this language. In this particular case, it has also been observed that the attacker created unique malware binaries for each infected host. More information available at Talos Microsoft’s Meltdown patch made Windows 7 PCs more insecure Shortly after Spectre and Meltdown were launched, the software providers, including Microsoft, released the corresponding patches. However, a Swedish security researcher, Ulf Frisk, discovered that Microsoft’s security fixes on Windows 7 PCs for Meltdown would now allow attackers to read the same kernel memory at Gbps speed, which makes the problem even worse on PCs running Windows 7 and Server 2008 R2 boxes. More information available at The Register 23% of VPN providers filter the IP address Security investigator Paolo Stagno, also known as VoidSec, has discovered that 23% (16/70) of VPN providers filter the users’ IP address using WebRTC. WebRTC is a free and open project that offers browsers and mobile applications real-time communication (RTC) capabilities through APIs. You can consult the list of VPNs in his blog. More information available at VoidSec Other news Northern Ireland Assembly warns of an email breach More information available at SC Magazine Airbnb China will share host information with the government More information available at Security Affairs Apple macOS issues reveal passwords for APFS encrypted volumes in plain text More information available at Security Affairs Register to the newsletter! How are we preparing ourselves for the RSA Conference 2018?Accelerating European cyber security between the United Kingdom and Telefonica (Wayra) – Part one of two
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths How to Detect and Protect Yourself from Phishing Attacks in Times of Coronavirus The overinformation caused by the huge amount of news we receive about coronavirus makes it harder to distinguish true from fake emails. This poses a great risk to people’s security, since it...
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
