ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Cytomic Team, unit of Panda Security Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better Protection The Cytomic team, a unit of Panda Security, explains what the MITRE ATT&CK matrix is based on in order to standardise the behaviour of opponents.
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Cytomic Team, unit of Panda Security Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better Protection The Cytomic team, a unit of Panda Security, explains what the MITRE ATT&CK matrix is based on in order to standardise the behaviour of opponents.
ElevenPaths Cyber Security Weekly Briefing January 2-8 SolarWinds Update To end the year, Microsoft published an update of its findings regarding the impact of the SolarWinds incident on its systems. In this release, it emphasizes that neither...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
ElevenPaths The base rate fallacy or why antiviruses, antispam filters and detection probes work worse than what is actually promised Before starting your workday, while your savoring your morning coffee, you open your favorite cybersecurity newsletter and an advertisement on a new Intrusion Detection System catches your attention: THIS IDS...
ElevenPaths Cybersecurity and Business: ElevenPaths at the RSA Conference 2020 We are back from the RSA Conference 2020, the year when the standard ‘humanization of technology’ has been set within the sector. We already predicted it last year with our commitment under...
Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ElevenPaths 23 December, 2019 In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of empathic response. The Pavlov Institute developed the Voigt-Kampff test to trigger emotional responses in the subject that allowed it to be identified as an android because of its lack of empathy. How do humans make decisions? When we don’t have access to all the necessary data to make a perfectly informed decision or don’t have enough time to collect such data, we use thinking shortcuts, simple math, stereotypes, prejudgments and hunches. Psychologists call these shortcuts heuristics and biases. Actually, we make judgement errors that no replicant ever would. Our rationality is bounded. Maybe an irrationality test would have been better to unmask them. Download the book ‘Irrational Decisions in Cybersecurity’ In order to help ourselves to overcome thinking errors that bias our judgements, we have published a free book: Irrational Decisions in Cybersecurity. And what better time to do it than during our Security Innovation Day 2019? Our security event based this year on the Blade Runner universe and the hunting of replicants. The book illustrates the psychological concepts previously mentioned within its twelve chapters including examples from the cybersecurity world. Through its challenges, you will identify with the role of CISO and will see how you are not so rational when making decisions. Being aware of your biases and heuristics is the first line of defense against them. The chapters end with specific recommendations and easily applicable ideas to detect when you are thinking wrongly. Moreover, at the end of the book you will find a comprehensive checklist to guide you when making decisions alone or in a group. By applying the principles explained in its pages, you will improve the quality of your economic and cybersecurity decisions. You can download it for free from the book’s website, in .epub and .mobi formats, for your favorite e-Reader. Say Goodbye to Biases, Heuristics and Thinking Errors In particular, this book addresses the following twelve biases, heuristics and thinking errors: A Story about Two Minds: The Vast Difference between Real and Perceived RisksRisk Homeostasis: How Adding Security Measures May Make You UnsafeLoss Aversion: You Are Less Rational Than You Think When You Make Risk Decisions Under Uncertain ConditionsThe Framing Effect: You Make Your Choices Depending on How Information Is PresentedThe Confirmation Bias: We Seek the Information That Confirm Our Decisions, Refusing Their Opposed EvidencesThe Availability Bias: Don’t Confuse the Frequency of an Incident with How Easily You Remember ItNudges: If You Want to Change Your Employees’ Security Habits, Don’t Call on Their Will, but Modify Their Environment InsteadThe Representativeness Heuristic: In Pursuit of the Perfect Phishing That Would Trick Even YouThe Planning Fallacy (and other optimistic biases): Why You Are Late Delivering All Your Projects and Finally They Are More Expensive Than Expected (and What You Can Do to Address It)The Affect Heuristic: Your Feelings Influence Your Perception of Risk and Benefit More Than You Might ThinkThe Anchor Bias: A Cybercriminal’s Blinking in Brazil May Cause a Phishing Tsunami in RussiaThe Sunk Cost Fallacy: If It Doesn’t Work, Don’t Touch It. Let It Sink The book ends with a comprehensive checklist intended to help you make better decisions: Checklist: 12 Questions to Make Decisions Avoiding Bias Distortions Warning! After reading this book, you may not pass an irrationality test because you may start making 100% rational decisions. New App to Clean Metadata More EasilyOur Telegram channel CyberSecurityPulse has already a webpage
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...
Innovation and Laboratory Area in ElevenPaths 46% Of the Main Spanish Websites Use Google Analytics Cookies Before the Consent Required by The Spanish Data Protection Agency (AEPD) Over the past few months, many IT departments have been busy carrying out this task of adaptation in order to comply with the new regulations on cookies. Every time...
Carlos Ávila WhatsApp Terms and Conditions Update: A Cheeky Move? Surely by now many have already accepted the new terms and privacy policies without really knowing what they were about or their impact on the privacy of their data,...