ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
ElevenPaths ElevenPaths expands its cloud security solutions portfolio with Prisma Cloud by Palo Alto Networks ElevenPaths has achieved the status of Premier Public Cloud MSSP Partner with Palo Alto Networks. ElevenPaths, Telefónica Tech’s Cybersecurity Company, has expanded its Cloud Managed Security Service (Cloud MSS) by...
ElevenPaths #CyberSecurityPulse: Private enterprise’s sad contribution to sharing threat intelligence in the United States After just over two years of Congress passed a major bill that encouraged businesses to share with the government how and when threat actors were trying to get into...
ElevenPaths New report: Twitter botnets detection in sports event We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks,...
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
Innovation and Laboratory Area in ElevenPaths Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org) Discover how VCryptor ransomware works and the tool we have developed as part of NoMoreRansom.org to decrypt it.
Miguel Ángel de Castro Vendetta Group and the COVID-19 Phishing Emails A new threat has entered the COVID-19 scene: the Vendetta Group. How are their phishing campaigns different from others?
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
ElevenPaths ElevenPaths expands its cloud security solutions portfolio with Prisma Cloud by Palo Alto Networks ElevenPaths has achieved the status of Premier Public Cloud MSSP Partner with Palo Alto Networks. ElevenPaths, Telefónica Tech’s Cybersecurity Company, has expanded its Cloud Managed Security Service (Cloud MSS) by...
ElevenPaths ElevenPaths #CyberTricks Last Thursday, November 30th, Cybersecurity Day was celebrated internationally. At ElevenPaths we continue with commemoration, so that we have collected some #CyberTricks from our experts (Chema Alonso, Pablo San...
ElevenPaths New Call: ElevenPaths CSE Programme If you are passionate about cybersecurity, join the ElevenPaths CSE programme and enjoy all its benefits. Don't miss it!
DIARIO: Our Privacy-Friendly Document Malware DetectorInnovation and Laboratory Area in ElevenPaths 11 May, 2020 Let’s imagine that a user receives an Excel file containing information that is supposed to be private or confidential. The user thinks that it could be malware, but their local antivirus has not detected it (since it has arrived in their inbox or hard drive and the antivirus has not gone off). What would happen if it were really malware? How could we check it? If we send it to a multi-antivirus system on the web or via email to an administrator who can help us identify it, we could be disclosing confidential information if the file is legitimate. In such a case, we would be compromising confidential information in an attempt to protect our system. However, if you don’t use any security measures because you believe the document should not be shared, you could infect your system. In this context, we thought DIARIO could come into play. About DIARIO DIARIO is a new malware detection concept. It scans and analyses documents in a static way with no need to know the content of those files. For the analysis, it just uses the structure and formal features of the file without using any sensitive content. DIARIO extracts the features of the file and use them to create a vector impossible to attribute to a single file. This vector is employed together with standard Machine Learning techniques to detect malware. The model used is flexible and is usually trained with the latest malware samples so that it can detect and complement beyond the traditional antivirus signatures. This Machine Learning-based detection system is patented and has been built entirely by ElevenPaths Innovation & Labs. There are many Machine Learning-based solutions to detect malware, but DIARIO is different from them for the following reasons: It specialises in those documents where privacy is most critical: PDF and Office files.Intelligent: We have trained our Machine Learning model by using the least detected samples in turn by antivirus engines. This way we can bridge the gap between traditional solutions and real malware issues. DIARIO is not intended to replace antivirus, but to complement them. It has a dashboard for the analyst to validate and reinforce the system conveniently. This dashboard can be used by analysts to carry out malware research: attribution, detection, learning, analyses, research, and so on. This way we would have two user profiles: the one who wants to use the prediction service without compromising the data from the documents and the analyst who can take advantage of the database without accessing any compromising data from the documents.Analyses are really fast. We just need a minimal part of the file to upload to the server and predict the attack. The server does not discard the file. Rather, the file is simply not required. How Is It Used? DIARIO has been working for a few months now, in the following lines you will find the formulas to use it: Web: Users just need to drag the file into the scanner box in order to receive the prediction without compromising the information from the document.Email Plugin: Users can conveniently send attachments without compromising their privacy. We will give further details later.Analyst Dashboard: From where documents and features can be searched, analysed, or related to each other in order to develop new research and improve collective intelligence − while maintaining the confidentiality of the document. For now, this works under invitation.The links containing the result and the prediction can be shared in static pages. So you don’t trust the system? Well done, that’s why we offer the partial sending formulas. API: Anyone can use DIARIO through an API. Build your own client, plug it to your repositories, and so on. FOCA has already integrated it.SDK and command line tools. On our GitHub.Client for Windows, Linux, and Mac. It shows the content needed for the calculation and only the necessary is uploaded. Efficacy We have performed some tests that allow us to confirm that the level of detection (and false positives) is at the level of any other commercial solution. On the other hand, we have performed tests by using special types of macro malware, particularly those not detected by traditional signature systems. The full report is available on https://diario.elevenpaths.com Bestiary of a Poorly Managed Memory (II)TypoSquatting: Using Your Brain to Trick You
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
ElevenPaths ElevenPaths expands its cloud security solutions portfolio with Prisma Cloud by Palo Alto Networks ElevenPaths has achieved the status of Premier Public Cloud MSSP Partner with Palo Alto Networks. ElevenPaths, Telefónica Tech’s Cybersecurity Company, has expanded its Cloud Managed Security Service (Cloud MSS) by...
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths ElevenPaths Joins OpenSSF to Enhance Open Source Software Security This new Open Source Security Foundation (OpenSSF) brings together leading technology companies such as Microsoft, Google, Red Hat and IBM, among others.It combines efforts from the Core Infrastructure Initiative,...
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
