Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths Tackling Cybercrime: Three Recommendations for 2018 In 2017 we saw ransomware variants such as Wannacry wreak havoc across computer networks in the UK. Not only were these variants of malware almost impossible to remove from...
ElevenPaths #CyberSecurityPulse: Private enterprise’s sad contribution to sharing threat intelligence in the United States After just over two years of Congress passed a major bill that encouraged businesses to share with the government how and when threat actors were trying to get into...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths Come to Create Technology at Telefónica’s Chief Data Office Unit Hi Hacker! Technology is in a constant evolution and so are we. Therefore, from Telefónica, throughout the Chief Data Office (CDO) led by Chema Alonso, which includes Aura -Cognitive Intelligence-, ElevenPaths -Cybersecurity-, LUCA -Big Data-...
ElevenPaths New tools: Metashield Bots, analyzing and cleaning metadata for everyone, from everywhere You all know Metashield. Basically, it is a technology from our own to analyze and clean metadata, that is used in several of our own products. Although metadata seems...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (II) Over the last entry we focused on analyzing the content of these files from a critical point of view, this is: on clarifying that when a massive leak freeing...
ElevenPaths If you want to change your employees’ security habits, don’t call their will, modify their environment instead You’re in a coffee bar and you need to connect your smartphone to a Wi-Fi, so you check your screen and see the following options. Imagine that you know...
New tool: SKrYPtEd, your Skype conversations local database protectorElevenPaths 6 November, 2017 Did you know your Skype conversations are stored in plaintext in your hard drive? Did you know anyone could just grab them with some kind of malware and upload it to a server of his own with a simple malware in just a second. Literally. SKrYPtEd is a service that runs in your Windows and keeps your database encrypted with a password. You do not need to enter your password every time Skype is used. SKrYPtEd encrypts the messages every time Skype is closed, and do not decrypt them when Skype runs unless you decide it with your password. So, unless you need to check for old messages on a daily basis, it is quite transparent for you. And if you do, it is just about typing a password to get your old messages back. Skype stores database in plaintext in your profile. It is a SQLite database with lots of data. SKrYPtEd just encrypts the text of the messages so every metadata is kept. It protects from local or remote attacks if an attacker would be interested in conversations by grabbing or sending this database somewhere. Functionality Just install it. It will ask for a password that is not stored in your system. Everytime Skype starts up, it will ask for the password, but introducing it is not required. Just use it when you need to get your old messages back. SKrYPtEd allows you to keep your database transparently encrypted while you use the program and comunicate with your contacts. With SKrYPtEd, meesages are encrypted The Skype database is stored locally in whatever device Skype is used, so take into account that this program only provides protection for a local storage of the database and conversations. It allows to decrypt as many days back as you want to, but it will always allow to use Skype “normally” if no password for SKrYPtEd is provided. It does not work for Skype for Business version. This video shows an example of how an attacker could just grab the Skype database using a simple malicios document with a specially crafted macro and how SKrYPtEd could help. You can download SKrYPtEd (there is a 32 and 64 bit version) from here. Innovación y laboratorio #CyberSecurityPulse: Last Update About Bad Rabbit Ransomware#CyberSecurityPulse: The Last Disaster of Ethereum’s Most Important Wallets
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
Sergio De Los Santos A government is known by the Apple data it requests Sometimes, governments need to be underpinned by huge corporations to carry out their work. When a threat depends on knowing the identity or gaining access to a potential attacker...
