Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
ElevenPaths ElevenPaths has achieved AWS Security Competency status Telefónica Tech’s cybersecurity company has demonstrated deep technical and consulting expertise helping large enterprises to adopt, develop and deploy complex cloud security projects that protect their environments on AWS...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
ElevenPaths Rock appround the clock, our research in DEFCON In the world of Threat Intelligence, determining the attacker’s geographical location of is one of the most valuable data for attribution techniques, even if not perceived like that, this...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityPulse: Non-Headlined Technical News with RSS and Website Find out all about #CyberSecurityPulse, our Telegram cybersecurity news channel.
Innovation and Laboratory Area in ElevenPaths Winner of the #EquinoxRoom111 Contest We already have a winner of TheTHE's plugin contest. Discover our collaborative tool for Threat Hunting teams.
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Carlos Ávila The Pharmaceutical Retail Industry and Their Mobile Applications Are users of pharmaceutical applications safe in terms of data security and privacy? Discover this analysis from our CSA Carlos Ávila.
Gonzalo Álvarez Marañón The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections How does Apple's and Google's technology developed for tracing Covid-19 infections work?
Innovation and Laboratory Area in ElevenPaths Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org) Discover how VCryptor ransomware works and the tool we have developed as part of NoMoreRansom.org to decrypt it.
ElevenPaths #CyberSecurityPulse: Changing stereotypes in the security sector Ripples of outrage spread across the cybersecurity industry last week after women in red evening gowns were seen promoting a product at the Infosecurity Europe 2018 conference. The event’s...
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
#CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft productsElevenPaths 28 January, 2020 Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release of our own cybersecurity report, summarizing the most significant information from the second half of 2019. The report’s philosophy is providing a global, targeted and useful vision on the most relevant data and facts on cybersecurity. It is addressed to cybersecurity professionals and enthusiasts, in a simple and visually-appealing format. Given all the above, this report aims to summarize latest information on cybersecurity (ranging from security on mobile phones to cyber risk, from the most relevant news to the most technical ones and the most common vulnerabilities), while covering most aspects of the field, in order to help the readers to understand the risks of the current outlook. The information here presented is mostly based on the collection and synthesis of internal data that have been contrasted with public information from sources considered to be of quality. Let’s examine below some points that we consider important. #CyberSecurityReport19H2: some data After analyzing Apple’s transparency data, we may conclude that some governments request “too often” access to data, but also argue that justice may work in a more agile manner in these countries, or that fraud is based more on these locations. Interpretation is free. What does seem clear are some conclusions based on these data. For instance, the interest of the Arab Emirates in removing applications that they consider illegal, even if no removal request has been granted. Moreover, it is curious that Australia, Germany, the US and South Korea are the countries that request the most personal data. Between 2% and 3% of the apps removed by Google Play are for malware Over this period, Google Play has removed around 250,000 apps from the market. Every month, between 2% and 3% of them are detected by two or more OPSWAT Metadefender antivirus engines. Qihoo is undoubtedly the company that most collaborates in the reporting of vulnerabilities in Microsoft products: they report over 20% of the flaws Around 23% of the flaws found in Microsoft products are reported by the category ‘other’, which includes small companies that do not usually report, or freelance analysts. The third position is for Microsoft, since they detect more than 12% of their own flaws. Google finds 9% of the flaws. The engineering sector, lagging behind Europe in general According to BitSight, the European engineering sector need about 9 days on average to neutralize a threat, while in Spain they need about 25. More conclusions During this second half of the year, 198 CVEs for iOS have been patched. 13 were critical and 6 of them allow arbitrary code execution. A total of 463 vulnerabilities for Android have been published. 15 of them with a base CVSS score equal to or greater than 9, together with the possibility of executing arbitrary code. Conficker goes down but remains, according to BitSight, one of the most aggressive threats detected in all sectors. Download the full report here: ElevenPaths #CyberSecurityReport19H2 (EN) from ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpageApple introduces up to 14 signatures in XProtect given the malware flood for Mac
Innovation and Laboratory Area in ElevenPaths #CyberSecurityPulse: Non-Headlined Technical News with RSS and Website Find out all about #CyberSecurityPulse, our Telegram cybersecurity news channel.
Gonzalo Álvarez Marañón The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections How does Apple's and Google's technology developed for tracing Covid-19 infections work?
Innovation and Laboratory Area in ElevenPaths Winner of the #EquinoxRoom111 Contest We already have a winner of TheTHE's plugin contest. Discover our collaborative tool for Threat Hunting teams.
Innovation and Laboratory Area in ElevenPaths Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org) Discover how VCryptor ransomware works and the tool we have developed as part of NoMoreRansom.org to decrypt it.
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
