ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
Cytomic Team, unit of Panda Security Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better Protection The Cytomic team, a unit of Panda Security, explains what the MITRE ATT&CK matrix is based on in order to standardise the behaviour of opponents.
Juan Elosua Tomé Triki: Cookie Collection and Analysis Tool In July 2020, the Spanish Data Protection Agency, following the entry into force of the European General Data Protection Regulation and several consultations with the European Data Protection Committee...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Carlos Ávila Your MacOS System Is Also A Target for Cybercrime – Protect It! According to statcounter, Apple’s operating system, macOS (formerly OSX) in particular, has a market share of around 17%, making it the second most widely used desktop operating system. This...
Nacho Brihuega IoT Device Search Engines: Why Choose if We Can Use All of Them? Nacho Brihuega explains how to use IoT device search engines to detect vulnerabilities and the functioning of a script that will make your research easier.
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
#CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft productsElevenPaths 28 January, 2020 Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release of our own cybersecurity report, summarizing the most significant information from the second half of 2019. The report’s philosophy is providing a global, targeted and useful vision on the most relevant data and facts on cybersecurity. It is addressed to cybersecurity professionals and enthusiasts, in a simple and visually-appealing format. Given all the above, this report aims to summarize latest information on cybersecurity (ranging from security on mobile phones to cyber risk, from the most relevant news to the most technical ones and the most common vulnerabilities), while covering most aspects of the field, in order to help the readers to understand the risks of the current outlook. The information here presented is mostly based on the collection and synthesis of internal data that have been contrasted with public information from sources considered to be of quality. Let’s examine below some points that we consider important. #CyberSecurityReport19H2: some data After analyzing Apple’s transparency data, we may conclude that some governments request “too often” access to data, but also argue that justice may work in a more agile manner in these countries, or that fraud is based more on these locations. Interpretation is free. What does seem clear are some conclusions based on these data. For instance, the interest of the Arab Emirates in removing applications that they consider illegal, even if no removal request has been granted. Moreover, it is curious that Australia, Germany, the US and South Korea are the countries that request the most personal data. Between 2% and 3% of the apps removed by Google Play are for malware Over this period, Google Play has removed around 250,000 apps from the market. Every month, between 2% and 3% of them are detected by two or more OPSWAT Metadefender antivirus engines. Qihoo is undoubtedly the company that most collaborates in the reporting of vulnerabilities in Microsoft products: they report over 20% of the flaws Around 23% of the flaws found in Microsoft products are reported by the category ‘other’, which includes small companies that do not usually report, or freelance analysts. The third position is for Microsoft, since they detect more than 12% of their own flaws. Google finds 9% of the flaws. The engineering sector, lagging behind Europe in general According to BitSight, the European engineering sector need about 9 days on average to neutralize a threat, while in Spain they need about 25. More conclusions During this second half of the year, 198 CVEs for iOS have been patched. 13 were critical and 6 of them allow arbitrary code execution. A total of 463 vulnerabilities for Android have been published. 15 of them with a base CVSS score equal to or greater than 9, together with the possibility of executing arbitrary code. Conficker goes down but remains, according to BitSight, one of the most aggressive threats detected in all sectors. Download the full report here: ElevenPaths #CyberSecurityReport19H2 (EN) from ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpageApple introduces up to 14 signatures in XProtect given the malware flood for Mac
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
