ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
ElevenPaths SealSign integration with the Azure Key Vault ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based...
ElevenPaths Security Innovation Days 2020: The New Era Cyber Security in the Digital Transformation Era There is no doubt about it, we are living times of constant changes at all possible levels. There are so many that we are talking about a change of...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
Diego Samuel Espitia Detecting the Indicators of An Attack We always choose to implement prevention and deterrence rather than containment mechanisms in security. However, the implementation of these mechanisms is not always effective or simple to set up...
Gonzalo Álvarez Marañón 2019 Won’t Be the Year When Quantum Computers Replace the Cryptography That We All Use What would happen if a fully error corrected quantum computer of several thousands of logical qubits started working today? Public key infrastructures would fall down. The secrets of the...
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
Samuel Bonete Redefining Cloud Security with SASE Stop for a moment and think: what percentage of your Internet traffic ends up on websites or traditional browsing and what proportion on SaaS services? If we analyse it...
ElevenPaths Cybersecurity Weekly Briefing August 22-28 Conti ransomware distributed after Trickbot Conti is a relatively new ransomware that appeared in isolated attacks in December 2019 but started to become a relevant threat in June 2020, when...
#CyberSecurityReport20H2: Microsoft Corrects Many More Vulnerabilities, But Discovers Far FewerInnovation and Laboratory Area in ElevenPaths 26 January, 2021 There are many reports on security trends and summaries, but at ElevenPaths we want to make a difference. From the Innovation and Laboratory team, we have just launched our own cyber security report that summarises the highlights of the second half of 2020. Its philosophy is to offer a global, accurate and useful overview of the most relevant data and facts about cyber security, and it is designed to be consumed by both professionals and amateurs in a simple and visually appealing way. The purpose of this report is to summarise the cyber security information of the last few months, taking a perspective that covers most aspects of cyber security, in order to help the reader understand the risks of the current situation. The information gathered is largely based on the compilation and synthesis of internal data, cross-checked with public information from sources we consider to be of high quality. The following are some of the points that are important to us. #CyberSecurityReport20H2: General Data Regarding Microsoft, the total number of flaws discovered and fixed is more than 600 during this half-year, the same as the previous one. We understand that most of the non-credited flaws may come from vulnerabilities found in 0-days or other circumstances where the author is not known and has not been reported anonymously. In these cases, Microsoft does not credit anyone in particular. This difference between credited and ” non-credited ” vulnerabilities, which is not the same as anonymous, is reflected in the following chart: Compared to the previous half-year, the data on who discovers vulnerabilities at Microsoft looks very different. The long queue of “others” leads the list. This means that they are discovered by researchers with less than 5 cumulative flaws. The ZDI initiative remains (increasingly) the favourite formula for researchers. This trimester, Zhiniang Peng is a very relevant actor with 66 flaws. It is also striking that Qihoo, responsible for hundreds of flaws discovered regularly in previous years, has completely disappeared from the list this semester. Interesting comparison with the previous semester: Vulnerabilities in Mobile Phones 2020 has closed with 187 vulnerabilities patched in the iOS operating system, 37 of which are considered high-risk, with the possibility of executing arbitrary code. Some of them affect the kernel of the system itself. On Android, this was the second year with the highest number of reported vulnerabilities. With respect to this year’s Apple transparency report, there are some interesting facts. For example, these requests occur when law enforcement agencies act on behalf of clients who require assistance related to fraudulent activity involving credit cards or gift cards that have been used to purchase Apple products. In this sense, Spain is one of the most active countries requesting data from the company. Regarding the number of vulnerabilities per manufacturer, Microsoft, Google and Oracle continue to lead. However, this number has to be seen in the perspective of criticality, number of products, etc. Other Conclusions In mobile phone security, the number of IOS vulnerabilities continues to trend upwards since the downturn in 2018. For Android, 2020 was the second year with the most reported vulnerabilities, after the historic 2017. In comparison with last semester, CWE-89 based on SQL injection, and CWE-287, which explains poor authentication, sneak into the list. These are problems that have been around for years and never quite disappear from the list of the most serious known vulnerabilities. The top of the list remains intact compared to the first half of the year. APT groups, meanwhile, have not stopped their activity. Kimsuky (Aka “Velvet Chollima”) and Fancy Bear are still active, while the OceanLotus Group has been unmasked by Facebook. In a half-year period where again almost every month Microsoft has exceeded 100 vulnerabilities fixed, this time Qihoo does not appear in the list of manufacturers that have found the most flaws. ZDI is still the favourite formula for communicating (and rewarding) serious flaws. You can access the full report on our website. Laboratory Information Management System (LIMS) and its Mobile Applications4 Tips to Secure Your Data
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...
ElevenPaths A Trillion-Dollar on Offer to the Puzzle Solver Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths What is VPN and What is It For? VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made...
