ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
Alejandro Maroto Steps to move security solutions forward in the face of current world challenges Palo Alto Networks founder Nir Zuk recently addressed the Telefónica Global Security Summit with some thoughts to share on the direction of security and implications of the COVID-19 pandemic....
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...
ElevenPaths Tackling Cybercrime: Three Recommendations for 2018 In 2017 we saw ransomware variants such as Wannacry wreak havoc across computer networks in the UK. Not only were these variants of malware almost impossible to remove from...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (I) Imagine that you come back home from San Francisco, just arrived from the RSA Conference. You are unpacking your suitcase, open the drawer where you store your underwear and…...
IoT Device Search Engines: Why Choose if We Can Use All of Them?Nacho Brihuega 5 May, 2020 Current IoT device search portals are widely known and used by the hacker community to make queries or to get a first picture of the services enabled in a pentesting. Due to the current situation of confinement, many organisations had to implement in a very short time the necessary infrastructure to guarantee that their employees could telework. Quickly, making use of these search engines, a high level of services enabled for this purpose was detected − most of them RDP. At the beginning of the confinement, there were 29,657. Ten hours later it increased to 29,835, and to this day (when this post was written) there are 34,753. The main cities where technological activity stands out. Bear in mind: no to public RDP, yes to VPN. This means that RDP services that may be vulnerable to BlueKeep are being released (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708) because the relevant security patches have not been applied. What Are the Implications of This? Since the beginning of the lockdown, a high number of phishing campaigns or file attachments containing malware that used the COVID-19 as bait have already been detected. In the end the same actors are always behind these threats. To detect peaks like these or to collect information from these search engines, we should not limit ourselves to one of them, but instead use as many as we can and compare the resulting data. Some search engines are: Shodan: https://www.shodan.io/ Censys: https://censys.io/ BinaryEdge: https://www.binaryedge.io/. We already talked about it here: https://empresas.blogthinkbig.com/binaryegde-portal-mas-que-un-buscador-de-activos/(Blog post only available in Spanish) Onyphe: https://www.onyphe.io/ The Heisenberg Script As automation is a must, we have collected a couple of scripts for each of the services and unified them into one that queries each service so we can quickly have a first look. I have called this script “Heisenberg”, you can find it in my github. Below we let you some questions to understand the features of the script: What does it do? Getting open ports from Shodan, Censys, BinaryEdge and Onyphe services.What is its programming language? Python3.What do we need? Free API of these services.Can we export the results? Yes, in .xlsx. Having seen this, let’s move on to the use of the tool. Through the option h the help is displayed: As you can see, the script expects to receive the IP addresses in a .txt document via the -i parameter and the necessary APIs via the -a parameter. Regarding the file containing the APIs, below you can find an example of what the file would look like: An example as a proof of concept for its use is shown below: At the end of the program, the output is obtained: You have the option to export the results in Excel, with the result of the ports according to each service: Because of the current confinement situation, we would like to take advantage of the functionalities of these services to add some additional options such as an extra column including the summary of identified ports or to develop a database connector. We hope you liked it. See you in the next one. Bestiary of a Poorly Managed Memory (I)Bestiary of a Poorly Managed Memory (II)
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...
Innovation and Laboratory Area in ElevenPaths 46% Of the Main Spanish Websites Use Google Analytics Cookies Before the Consent Required by The Spanish Data Protection Agency (AEPD) Over the past few months, many IT departments have been busy carrying out this task of adaptation in order to comply with the new regulations on cookies. Every time...
Carlos Ávila WhatsApp terms and conditions update – a cheeky move? Surely by now many have already accepted the new terms and privacy policies without really knowing what they were about or their impact on the privacy of their data,...
ElevenPaths Cyber Security Weekly Briefing January 2-8 SolarWinds Update To end the year, Microsoft published an update of its findings regarding the impact of the SolarWinds incident on its systems. In this release, it emphasizes that neither...