ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
ElevenPaths Cybersecurity Weekly Briefing July 11-17 Combining Citrix vulnerabilities to steal user sessions On July 7th, Citrix published a security bulletin to correct up to 11 vulnerabilities. A few days later, a report was released with...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths Cyber Security Weekly Briefing 28 November – 4 December New version of the TrickBot malware TrickBot botnet operators have added a new capability that allows them to interact with the BIOS or UEFI firmware of an infected computer. This...
ElevenPaths New report: Twitter botnets detection in sports event We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks,...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
Homeworking and Pandemics: a Practical Analysis on BlueKeep Vulnerability in Spain and Latin AmericaAndrés Naranjo 5 November, 2020 “It is not the strongest of the species that survives, not the most intelligent that survives. It is the one that is the most adaptable to change”.Charles Darwin One of the greatest and most rapid changes in recent human history is this “new normality” caused by the Covid-19 pandemic since it started in March. In this change, most companies had to find a way to maintain their activity at whatever the price, at least as far as possible. This subject, which is not easy, is critical whenever we talk about technology companies: We see many companies whose previous success and strength have been of no use when having to face the current market or financial scenario. They have gone from the greatest of successes (their previous strength) to the most resounding of failures. Failure to adapt to change can mean being sentenced to death or long agony: let´s recall the case of Nokia, for example, which at the beginning of the century was comfortably established on the hegemonic throne of mobile telephony, both in terms of production and reputation, and nowadays it is no longer what it used to be, after smartphones arrived. But going back to March of this year 2020, as we were saying, companies in most countries that have suffered lockdowns had to have the means to maintain their activity. And often these urgent processes never consider the necessary protective measures. To a large extent, this adaptation has meant enabling the possibility of homeworking, which it seems has arrived to stay since governments are trying to regulate this type of work. However, as we will show down below, this capacity to manage remotely and/or to enable teleworking has meant a greater number of assets exposed to well-known vulnerabilities. BlueKeep vulnerability The study presented here is based on the CVE-2019-0708 vulnerability which is known as “BlueKeep”. A vulnerability of remote code execution in Remote Desktop Services (previously known as Terminal Services) when an unauthenticated attacker connects to the target system via RDP and sends specially designed requests. This remote code execution can mean total control and compromise of the system. The reason for studying this vulnerability in particular is because the RDP protocol enables easy remote access by simply opening the 3389 port to the desired machine. But each open port, as we know, is an entry vector, especially in the case that basic system protection measures have not been taken. Likewise, it is actually not a recent vulnerability (dating from May 2019) and we must also bear in mind that it affects obsolete Microsoft operating systems: XP, Vista, Windows Server 2008 that are not properly updated. César Farro has collaborated in this study, and in May last year he published the first exhibition study on “BlueKeep”. Public tools such as masscan and rdpscan, both written by Robert Graham, have been used for this purpose. BlueKeep Vulnerability Study – May 2019 The methodology for this work has been simple: The IP range for each country has been scanned using public sources where the IPv4 ranges assigned to each are published, such as Lacnic and RIPE.The tools described above have been used to analyse whether the asset exposed under the 3389 open port is vulnerable. It should be noted that the analysis is not decisive and there are several undiagnosable assets, which are listed as “unknown”.We establish a comparison between January 2020 and August 2020, to compare the number of assets with the open port and to draw conclusions regarding the level of exposure. Let’s see for example, data in Spain before and after the pandemic: Taking the percentages as data, we can see a clear evolution: We can draw the following conclusions for the case of Spain: While the number of assets with the 3389 port has almost doubled, the percentage of assets objectively vulnerable to this vulnerability has clearly fallen from 11% to 4% of the assets exposed.3745 devices could still be considered a very high number of easily accessible machines and therefore vulnerable to a security flaw published more than a year ago.The increase in cases labelled as unknown is mainly due to a correction of the query methods from unknown IP’s and should be attributed to a better configuration. This can be done, for example, by limiting RDP access to certain IPs, which results in a more secure access. You can check all the data for the 12 countries under study in the following table: In summary The new normality imposed by the pandemic has forced many companies and agencies to enable remote access resources to maintain their business. But like everything has changed, it must be done while maintaining our security strategy to ensure business continuity. The use of RDP or other remote access methods must always be planned and executed from security by design so that our adaptation to this change is carried out without putting our entity at risk. As a tip, it is a good idea to have our assets properly listed with their corresponding versions of operating systems and software and/or services running, always keeping an eye out for security updates. ZoomEye: Extending TheTHE With More PluginsCyber Security Weekly Briefing 31 October – 6 November
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...