ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths Come to Create Technology at Telefónica’s Chief Data Office Unit Hi Hacker! Technology is in a constant evolution and so are we. Therefore, from Telefónica, throughout the Chief Data Office (CDO) led by Chema Alonso, which includes Aura -Cognitive Intelligence-, ElevenPaths -Cybersecurity-, LUCA -Big Data-...
ElevenPaths Introducing the New ElevenPaths Chief Security Envoys (CSEs) for 2020 For several years now, in ElevenPaths there is a CSAs (Chief Security Ambassadors) figure. These are experts in cybersecurity, ambassadors of our brand around the world whose mission is to promote the culture of security...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
Carlos Ávila The Dark Side of WebAssembly Nowadays, the technologies for developing software for webs are multiplying rapidly, while introducing, in some cases, new ways of attack or unexpected advantages for attackers. Let’s see what WebAssembly...
ElevenPaths Don’t confuse the frequency of an incident with the ease you remember it Imagine that there have been a few robberies in two parks of your town that have got all the attention for days. This afternoon you would like to go...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
Sergio De Los Santos Apple introduces up to 14 signatures in XProtect given the malware flood for Mac What is Apple doing about Shlayer malware? We analyze the main tools that MacOS is using to face this threat.
ElevenPaths Cyber Security Weekly Briefing December 5-11 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of...
The Dark Side of WebAssemblyCarlos Ávila 8 October, 2020 Nowadays, the technologies for developing software for webs are multiplying rapidly, while introducing, in some cases, new ways of attack or unexpected advantages for attackers. Let’s see what WebAssembly (WASM) is and what potential benefits can have for attackers. This relatively new open standard (announced in 2015 but started to be used in 2017) allows us to execute binary code, compiled with languages such as C, C++ or Rust in modern web browsers, with all the new functionalities and performance that it can involve. General architecture of WebAssembly Application WASM was not created as a replacement for JavaScript, but to complement it. In fact, it is the JavaScript engine that runs it. This standard enjoys multiple use cases, as indicated in its website: development/execution of games, CAD applications, simulation platforms, intelligent contracts (blockchain), among others. If you want to have a look at how they run a binary of a game in WASM you can visit this website that emulates the famous Gameboy or how AutoCAD starts running from any browser. Just as new technologies and programming languages offer multiple improvements, it is a matter of time before attackers find the attack vectors and use them to their advantage, and WebAssembly applications are no exception. Let’s see, through the example below, how a simple malicious code could be compiled to simulate a social engineering cyberattack. Example of WASM compilation and execution (PoC Fraude) This type of simulated attack is known as a “tech support scam,” where a scammer impersonates a technician from a technology company using intimidation tactics and social engineering to trick people into paying for unnecessary support services. When the victim calls the tech support number, the scammers ask for money to fix the problem or request access to install malware (backdoor) on the victim’s device. This Twitter Thread by Sergio de los Santos is a good example of the sophistication achieved. Technical Service Scam Case In these cases, the benefit for the attacker would be the obfuscation of the code at the time of the analysis, more speed, etc. In fact, compiled WASM code has already been used for bitcoin mining campaigns by infecting browsers with malicious code on compromised sites. Among the best-known cases are Coinhive and Cryptonight. Both attacks (using WASM-generated JavaScript) exploited the computational power to “mine” cryptocurrencies through the browser. In general, when we browse the Internet, we can find sites that have been compromised by scammers commonly with pure JavaScript or WASM code, and from here, if our browsers do not have adequate controls, the attack can be consummated. If WebAssembly is being used to support cryptoattacks, attackers may continue to profit from other fronts. Other formulas for the malicious use of WASM are the following: Redirection to malicious URLs: there are campaigns to infect devices by means of malicious redirects (via WebAssembly code) from compromised sites to the same technical support scams, mining of cryptocurrencies, etc.Keyloggers, record keystrokes to steal passwords and other confidential information from visitors to compromised websites, taking advantage of the fact that WebAssembly is generating code that evades typical detections by external controls or browsers.Browser Exploitation: Exploiting vulnerabilities in the browser almost always involves JavaScript. Therefore, WebAssembly can play an important role in exploiting the browser by obfuscating the exploitation code. Technologies offer many possibilities, WebAssembly is no exception and could be an ally or an enemy. It is very clear that it has many advantages but can provide new ways to exploit weaknesses in different cases. While developers strive to integrate security features, we as users, must be cautious, having updated, for example, our browsers with plug-ins that block dynamic execution of JavaScript, such as NoScript. ElevenPaths have contributed with tools such as AMSIext to avoid unwanted executions in browsers. New Version of Our SIEM Attack Framework, Now With 7 ManufacturersCybersecurity Weekly Briefing October 3-9
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths What is VPN and What is It For? VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made...
ElevenPaths Cyber Security Weekly Briefing March 20-26 Analysis of the new cyber-espionage group SilverFish The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
ElevenPaths Everything You Need to Know About SSL/TLS Certificates What is a digital certificate? Secure Sockets Layer/Transport Layer Security digital certificate is the most widely used security protocol that enables encrypted data transfer between a web server and a...