Cybersecurity: “black swan“ events in a connected world

Susana Alwasity    21 March, 2023

In today’s society, technology has transformed the way we live, work and interact. A greater risk of cyber threats has arisen with the increased use of internet-connected devices and networks. As a result, cyber security has become a concern across all sectors, especially for critical infrastructures, ranging from financial, energy, healthcare or government institutions.

As the frequency of serious cyber-attacks against companies, governments, utilities and hospitals increases, as we have seen in recent months (even bringing operations to a halt and affecting business continuity), it is clear that organisations must have two effective action plans and strategies in place:

  • First, one to deal with common and known cyber threats, such as phishing, malware, data theft or denial-of-service (DDoS) attacks, after, for example, Microsoft broke the record of stopping the largest DDoS attack in 2022.
  • And second, prepare for other disasters or “black swan” events that can occur suddenly, dealing with serious cyber-attacks that can cripple not only their operations, but even spread to other industries.

What is a “black swan” in Cyber Security?

A “black swan” is an unpredictable and highly striking event or occurrence that can have significant and far-reaching consequences. It is used as a metaphor to describe events that cannot be predicted but may have consequences that can affect a wide range of people, industries, or countries

The term has gained popularity since the publication in 2007 of the book The Black Swan: The Impact of the Highly Improbable, written by Nassim Taleb, a Lebanese mathematician and researcher. He argues that highly improbable and high-impact events, such as the 2008 financial crisis, are more common than is commonly thought and are often underestimated and misunderstood by most people.

Examples of black swan events include the Spanish flu, the terrorist attack of 11 September 2001 in the United States, or even the recent COVID-19 pandemic worldwide from 2020. It is relevant to mention that the coronavirus pandemic, although it has had a major impact, is generally considered a foreseeable event.

Where is your company on the cybersecurity journey?

At the digital level, some examples considered as black swans are the following attacks:

  1. SolarWinds in 2020, where cybercriminals compromised the company’s software and were able to access the systems of several US government agencies as well as private sector companies.
  2. The Log4Shell exploit in 2021, which affected millions of devices and servers and allowed attackers to take remote control.
  3. Massive data breaches, such as the one that affected Facebook in 2021, where the personal data of more than 533 million users was exposed.
  4. The attack by a ransomware group on the Colonial Pipeline in 2021, which brought oil supplies to a standstill and exposed the vulnerability of critical infrastructure, and led to the declaration of a state of emergency in the US.

These events were not an isolated occurrence, as they highlighted how cyber-attacks can have a major impact on society and the economy, so it is important to be prepared to deal with and mitigate the effects of Cyber Security black swan events.

Cyber-attacks can be sudden or spread slowly like a developing pandemic.

It is worth noting that cyber-attacks can be sudden, like a natural disaster, or spread slowly like a developing pandemic, so businesses must be prepared to prevent and detect extreme and emerging threats.

What is the Fifth Domain and what is its strategic importance?

How to prevent a “black swan” event in Cyber Security

In the digital realm, Cybersecurity attacks are evolving exponentially and highlighting the lack of preparedness on the part of organisations, where risks are unclear and there is no certainty that they have all been assessed.

In the event of a cyber-attack, organisations must be prepared to meet the evolving challenges of cyberspace and take proactive measures to protect their critical assets. To mitigate these events, entities must adopt a proactive mindset and consider all possible scenarios in their Cyber Security action plans.

In today’s ever-changing world, it is not enough to analyse what is already known, but also to investigate risks in the digital realm. This means that companies need to spend time examining what types of cyber crises they might face, no matter how unlikely.

Conclusion

In conclusion, organisations need to be proactive: be prepared for any eventuality; continuously monitor their systems and networks for unusual activity; have a clearly defined incident response plan and test it regularly to ensure it is up-to-date and effective; invest in cyber intelligence and prevention, as well as train and raise awareness among employees in identifying and preventing cyber threats; analyse risks; have tools and technologies that enable them to quickly detect and respond to any security threats; and collaborate with other entities.

Collaboration can help identify threats faster and take action to prevent them.

By following these recommendations, organisations can be better prepared to deal with cybersecurity “black swan” events and minimise their impact, so that their business or service continuity is not compromised.

Artificial Intelligence, ChatGPT, and Cyber Security

Featured photo: Holger Detje / Pixabay

Cyber Security Weekly Briefing, 11 – 17 March

Telefónica Tech    17 March, 2023

​​A new version of the Xenomorph banking trojan

ThreatFabric researchers have detected a new variant of the Android banking trojan Xenomorph. This malware family was first detected in February 2022 and is attributed to Hadoken Security Group.

Xenomorph V3 or Xenomorph.C, which is how this new variant has been classified, is being distributed via the Zombinder platform, in the Google Play store, appearing as a supposed currency converter, which downloads an update to an application posing as Google Protect.

One of the main new features of this version is the introduction of an ATS (Automated Transfer Systems) framework used to automatically extract credentials, account balance, initiate transactions, obtain MFA tokens and finalise fund transfers.

It has also added Cookie stealer capabilities. Xenomorph V3 is capable of attacking more than 400 banking and financial institutions, including cryptocurrency wallets, a very significant increase in the volume of victims, as in its first version it only targeted 56 European banks. It should also be noted that Spanish banking institutions are the main targets, followed by Turkey, Poland and the United States.

Researchers point out that this is one of the most advanced and dangerous trojans in circulation, and that it could become more so as it is likely to start being distributed as MaaS.

More info

* * *

Microsoft Patch Tuesday includes two actively exploited 0-days

In its latest security update, Microsoft has fixed a total of 83 vulnerabilities affecting several of its products, including Microsoft Windows, Office, Exchange and Azure.

Nine of these vulnerabilities are reported to have received a critical severity score, and another 69 are reported to have been rated as “important”. Among them, two of these security bugs are reported to be 0-day actively exploited, CVE-2023-23397, a privilege escalation vulnerability in Outlook with a CVSSv3 score of 9.8 and CVE-2023-24880, a security feature bypass vulnerability in Windows SmartScreen with a CVSSv3 score of 5.4.

In relation to vulnerability CVE-2023-23397, Microsoft has also published a script for this vulnerability. It should be noted that according to the research, this vulnerability has been exploited as a 0-day since at least April 2022, with fifteen organisations known to have been attacked using this vulnerability.

The vulnerability was discovered by the Ukrainian Computer Emergency Response Team (CERT-UA), which informed Microsoft. This vulnerability could be exploited by an attacker to send a specially crafted email against an Outlook client, which is automatically triggered when Outlook retrieves and processes it, leading to exploitation before the email is seen in the preview pane, and thus stealing NTLM credentials.

More info

* * *

YoroTrooper: new threat actor focused on cyber espionage

Researchers at Cisco Talos have detected a new threat actor focused on executing cyberespionage campaigns. YoroTrooper, as the researchers have named it, has been active since at least June 2022, although it was not until February 2023 that it gained popularity.

YoroTrooper campaigns have so far been detected targeting government and energy organisations in Commonwealth of Independent States (CIS) countries, as well as the World Intellectual Property Organisation (WIPO) and a European Union healthcare agency.

The entry vector for the attacks is via phishing emails with a malicious attachment. YoroTrooper uses several remote access trojans such as AveMaria/Warzone RAT, LodaRAT and a custom Python implant. It also uses stealers such as Stink Stealer, and the Nuitka or PyInstaller frameworks. Telegram is also used as C2 for communications between the operators and the installed malware.

More info

* * *

CISA warns of 0-day exploit in Adobe and urges patch application

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of 0-day exploitation of vulnerability CVE-2023-26360 in Adobe ColdFusion and has given all government agencies a three-week deadline to apply the patch released Wednesday by Adobe.

Although Adobe’s Patch Tuesday stated that the vulnerability had been exploited in a very limited way, CISA raised the alert level by calling the need for patching urgent and mandatory, confirming the words of Charlie Arehart, who discovered the vulnerability and criticised Adobe for the lack of importance given to the vulnerability, which allows the execution of arbitrary code.

More info

* * *

0-day vulnerabilities in Samsung’s Exynos chipsets

Google’s security team, Project Zero, disclosed in a publication the existence of 18 0-day vulnerabilities in Samsung’s Exynos chipsets, used in mobile devices, laptops and cars.

Four of these flaws are the most serious; this would be the case of the vulnerability identified as CVE-2023-24033 and three others that have not yet been assigned a CVE, whose exploitation would allow remote code execution from the Internet to the baseband and for which the attacker would not need the interaction of the victim, only their phone number.

On the other hand, the rest of the vulnerabilities, some of them identified as CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, have not been scored as serious as they require a malicious mobile network operator or the attacker to have local access to the device.

As for the affected devices, Samsung has issued a security update indicating which devices are affected. Finally, in terms of patches, Pixel devices have received a fix for one of the vulnerabilities, while other affected users are advised to disable Wi-Fi and Voice-over-LTE calling.

More info

Mathematics against cyber-crime: how to detect fraud, manipulation and cyber-attacks using Benford’s Law

Gonzalo Álvarez Marañón    16 March, 2023

In the early 20th Century, when calculators, computers and smartphones did not yet exist, scientists and engineers used tables of logarithms compiled in thick volumes for their calculations.

For example, a shortcut for multiplying two large numbers is to look up their logarithms in the tables, add them together (adding is easier than multiplying, isn’t it?) and then look up the anti-logarithm of the result in the tables.

In the 1930s, physicist Frank Benford worked as a researcher at General Electric. One day, Benford noticed that the first pages of the logarithm books were more worn than the last ones. This mystery could only have one explanation: his colleagues were looking for numbers starting with smaller digits more often than those starting with larger digits. [1]

As a good scientist, he asked himself: why did he and his colleagues find such a distribution of numbers in his work? Intuitively we think that the first digit of any number should follow a uniform distribution, i.e. the probability of any number starting with 1, 2, 3, … Up to 9 should be the same and equal to 1/9 = 11,111…%. But no!

Frequency of digit occurrence

Benford was puzzled to see how the frequency of occurrence of digits in the numbers of many natural phenomena follows a logarithmic distribution. Intrigued by this discovery, Benford sampled data from various sources (from river lengths to population censuses) and observed that the probability of the first digit of any number being equal to d is given by the following logarithmic law:

Pr) = log( d + 1 ) – log( d ) = log ( ( + 1 ) / ) = log( 1 + 1 / )

The following table lists all the values of P( d ) from 1 to 9.

Probabilities (in percent) of the first significant digit of numbers that follow Benford’s Law.

On the Testing Benford’s Law page you will find numerous examples of datasets that follow this law, such as the number of followers on Twitter or the user reputation on Stack Overflow.

Screenshot of Testing Benford’s Law page.

Why digits form this distribution

The explanation of why they form this distribution is (relatively) simple. Look at the following logarithmic scale bar. If you pick random points on this bar, 30.1% of the values will fall between 1 and 2; 17.6% will fall between 2 and 3; and so on, until you find that only 4.6% of the values will fall between 9 and 10.

Therefore, in a numerical series following a logarithmic distribution, there will be more numbers starting with 1 than with another higher digit (2, 3, …), there will be more numbers starting with 2 than with another higher digit (3,4, …), and so forth.

Logarithmic sacale bar.

But we are not going to stop here, are we? The next interesting question that arises is: how can one identify data sets that normally conform to Benford’s law?

To understand the answer, we need to travel with our imagination to two very different countries: Mediocreland and Extremeland.

Women who changed Mathematics

In Extremeland, Benford’s law rules

Lining up all the employees in your organisation and measuring their heights, you will get a normal distribution: most people will be of average height; a few will be rather tall and a few will be rather short; and a couple of people will be very tall and a couple of people will be very short.

If an employee arrives late to the measurement session, when we add his or her height to the rest, it will not significantly alter the group average, regardless of how tall or short he or she is. If instead of measuring height you record weight or calories consumed each day or shoe size, you will get similar results. In all cases, you will get a curve similar to the following one.

Normal distribution.

Now that you have them all together, you could write down the wealth of each one. What a difference! Now the majority will have rather meagre total capital, a much smaller group will have accumulated decent capital, a small group will have a small fortune and a very few will enjoy outrageous fortunes.

And if the CEO arrives late and we add his wealth to that of the group, his impact is likely to be brutal on the average. And if you measure the number of Instagram followers of your colleagues and there is a celebrity among them, you will get similar results. Graphically represented, all these results will have a shape similar to the following.

Potential distribution

As you can see, not all random distributions are the same. In fact, there is a great variety among them. We could group them into two broad categories: those following (approximately) normal distributions and those following (approximately) potential distributions.

Nicholas Nassim Taleb describes them very graphically in his famous book The Black Swan as two countries:

  • Mediocristan, where individual events do not contribute much when considered one at a time, but only collectively.
  • Extremistan, where inequalities are such that a single observation can disproportionately influence the total.

So to answer the question of which data sets fit Benford’s law, we are clearly talking about data in the country of Extremistan: large data sets comprising multiple orders of magnitude in values and exhibiting scale invariance.

The latter concept means that you can measure your data using a range of different scales: feet/metres, euros/dollars, gallons/millilitres, etc. If the digit Frequency Law is true, it must be true for all scales. There is no reason why only one scale of measurement, the one you happen to choose, should be correct.

A couple of additional restrictions for a dataset to follow Benford’s Law are that it consists of positive numbers, that it is free of minimum or maximum values, that it is not composed of assigned numbers (such as telephone numbers or postcodes), and that the data is transactional (sales, refunds, etc.). Under these conditions, it is possible, but not necessary, for the dataset to follow this law.

OK, so you have a dataset that is perfectly in line with Benford’s law. What good does it do you? Well, it is useful, for example, to detect fraud, manipulation and network attacks. Let’s see how.

Artificial Intelligence, ChatGPT, and Cyber Security

How to apply Benford’s Law to fight cybercrime

The pioneer of anti-fraud law enforcement was Mark Nigrini, who recounts in his book Benford’s Law: Applications for Forensic Accounting, Auditing, and Fraud Detection a multitude of fascinating examples of how he caught fraudsters and scammers.

Nigrini explains, for example, that many aspects of financial accounts follow Benford’s Law, such as:

  • Expense claims.
  • Credit card transactions.
  • Orders.
  • Loans.
  • Customer balances.
  • Journal entries.
  • Stock prices.
  • Inventory prices.
  • Customer refunds.
  • And so on.

It proposes special tests, which it calls digital analysis, to detect fraudulent or erroneous data that deviates from the law when it has been fabricated. I found it particularly revealing how it unmasks Ponzi schemes such as the Madoff scam because of financial results that, when fabricated, did not follow Benford’s Law and set off all the alarm bells.

The method is not infallible, but it works so well that these tests have been integrated into the audit software used by auditors, such as Caseware IDEA o ACL.

Screenshot of the Benford analysis of the Caseware IDEA program.

In another paper, the authors showed that images in the Discrete Cosine Transform (DCT) domain closely follow a generalisation of Benford’s law and used this property for image steganalysis, i.e. to detect whether a given image carries a hidden message.

Benford’s law can also be used to detect anomalies in:

In the Benford Online Bibliography you will find a non-commercial, open-access database of articles, books and other resources related to Benford’s law.

Another use case of Benford’s law is the detection of Internet traffic anomalies, such as DDoS attacks. It has been known for many years that packet inter-arrival times exhibit a potential distribution, which follows Benford’s law.

In contrast, DDoS attacks, being flooding attacks, break any normality of traffic behaviour in a network. In particular, packet inter-arrival times are not long enough and appear as noticeable deviations from Benford’s law, as can be seen in the following figure.

Benford’s analysis of packet inter-arrival times reveals four DDoS attacks.

The best thing about this anomaly-based DoS attack detection method is that, unlike other approaches, “it requires no learning, no deep packet inspection, it is hard to fool and it works even if the packet content is encrypted.

Benford’s future in cyber security

Biometrics, steganalysis, fraud, network attacks,… The world of cybersecurity is beginning to incorporate the analysis of the probability distribution of logarithmic laws with very promising results.

It is a flexible technique, consumes hardly any resources, is very fast and requires no training. It does require, however, that the normal data set meets sufficient conditions to conform to Benford’s law.

Next time you are faced with a dataset, ask yourself if the first digit of each number follows Benford’s law. You may find unexpected anomalies.

___
[1] In fact, this same observation was made in 1881 by the astronomer and mathematician Simon Newcomb. He published a paper on it, but it went unnoticed.

Featured photo: This is Engineering RAEng / Unsplash

5 free online courses to learn IoT (Internet of Things) in 2023

Nacho Palou    15 March, 2023

Internet of Things (IoT) is one of the new generation digital technologies with significant impact in multiple sectors, from industry to agriculture, health, and energy. IoT creates new business opportunities and is changing the way companies, industries, administrations, and also people, interact with the world.

An IoT device is one that has the ability to capture or generate data (for example, a temperature sensor) and has internet connectivity to transfer that information. In this way, IoT allows capturing, processing, and exchanging information efficiently and effectively.

Among other applications, IoT allows monitoring and optimizing from traffic to resources such as energy, water, or people’s health, and is enabling the development of smart cities, autonomous vehicles, precision agriculture, or smart industry, among many other possibilities.

Today, knowing the principles of IoT technology is essential for both students and professionals in the technology sector.

But how to get started in IoT technology? Where to begin?

In this post, we compile a selection of free and online courses that you can follow at your own pace to learn about this technology. Knowing IoT technology not only opens up new professional opportunities, but also allows understanding how technology works and how it influences people’s lives and the environment.

  • Introduction to the Internet of Things IoT (Curtin University): This free course (with the option to acquire a certification) explores the IoT concept and physical devices (‘things’) that make the Internet of Things possible, including how components communicate with each other, how to extract value from the data they generate, and some considerations related to IoT Cybersecurity and privacy. Requires 1.5 months dedicating 2-3 hours per week.
  • Introduction to the Internet of Things and Embedded Systems: This 11-hour course, offered by the University of California and available on Coursera, is part of a specialized program ‘An Introduction to Programming the Internet of Things (IoT)’, which consists of a total of 6 courses with level advances. This first course explains the role of IoT, what are the most common devices, and trends for the future. It also deals with topics related to the components, both software and hardware of the devices, and their interface with the physical world. Finally, the key components of interconnection are explained.
  • Introduction to IoT (Cisco Networking Academy): This free course (optional certification) of 20 hours addresses how digital transformation is creating economic opportunities and how IoT is changing the way companies operate and manage their processes and systems, without forgetting the Cybersecurity considerations that must be addressed when implementing IoT solutions.
  • AWS IoT: Developing and Deploying an Internet of Things: Free (optional certification). 4 weeks. This Amazon (AWS) course covers general content such as “What is the Internet of Things and how does it work?” to more specific content about AWS services. To take this course, it is recommended to have at least one year of software development experience and basic knowledge of AWS services and console.
  • Introduction to Azure IoT: This course is the first module of the Microsoft Certified AI Edge engineer. The first course in the program provides an introduction to the different services that can be configured in Azure to design large-scale IoT solutions. All modules and courses are available for free on Microsoft Learn, excluding the certification.
How to start programming in Artificial Intelligence: languages, tools and recommendations

Conclusion

It’s worth noting that, except for some cases, most of these courses are introductory. However, they provide knowledge of this technology and its components and practical applications.

In addition, they cover topics such as network architecture, sensors, embedded systems, communication protocols, security and privacy measures, data analysis tools, cloud platforms, and an overview of Artificial Intelligence algorithms.

One advantage is that they are free (except for certification, which is usually optional and requires a fee) and open to anyone interested. They are also self-paced, allowing them to be completed at one’s own pace.

The use of IoT will continue to grow in the coming years with the adoption of an increasing number of IoT devices in all types of sectors and industries, homes and businesses, and cities.

Overall, these types of courses are an excellent way to acquire new skills and knowledge in a short amount of time, in just a few days or weeks.

These courses also serve as a complement to other related technologies, such as Cloud and Edge Computing, 5G and NB-IoT connectivity, Big Data and data analysis, Artificial Intelligence and machine learning models, industrial automation technologies, smart city infrastructures, etc.

Any of these courses is an excellent option to take the first steps in IoT.

Nacho Palou
Nacho Palou

Marketing & Comms en Telefónica Tech. Apasionado de las tecnologías disruptivas y también de las obsoletas. Cuando no escribo hago fotos.

My experience as a volunteer in the ‘AulaCibersegura’ initiative to protect minors on the Internet

Javier Herrero    14 March, 2023

What is the AulaCibersegura (Cyber Secure Classroom) initiative

I have long had the desire and personal need to contribute in some real and direct way to Telefónica’s family of volunteers. I had previously considered it, but I always had the excuse of lack of time to get involved; however, when I heard about the #AulaCibersegura initiative, I was convinced that this time the excuses and justifications were over.

This initiative, promoted by Telefónica Tech and Fundación Telefónica (Telefónica Foundation), aims to instil the importance of Cyber Security in society, placing special emphasis on children and young people, making them aware of the proper use of the Internet and other digital tools, as well as raising awareness of the importance of reducing the digital divide.

After the relevant preparation and organisation, it was definitely last week when I carried out my first volunteering action as a Telefónica Tech employee, teaching 4 sessions for a total of 100 children in this enriching initiative. The school chosen was very special for me, as it was my old elementary school 30 years ago, the CP Santiago Ramón y Cajal in Alcorcón, Madrid.

Susana Quevedo (left), principal of the Santiago Ramón y Cajal school in Alcorcón (Madrid) where Javier Herrero gives talks on cybersecurity to schoolchildren as part of the Telefónica Tech and Telefónica Foundation volunteer program.

Before holding the sessions, I held a face-to-face meeting with Susana Quevedo, the headmistress of the school, to explain the scope and dynamics of the initiative and to be able to jointly determine the number of sessions to be held and to set the corresponding dates in the agenda. To this end, we explained to the headmistress the main objectives, the topics, and the methodology with which we would develop the talks.

We also explained how we would involve and interact with the students, and how we would conduct these meetings in an open and sincere manner with respect to all the topics we would address during the hour we would be with each group.

Preventing risky behaviour in children

For the actual development of the talks, which would run through an introduction and six critical and sensitive topics such as digital security, safe gaming, grooming, sexting, cyberbulling and digital empathy, it was necessary for the students to answer a series of questions in each of the sections using a form provided to them.

The original plan was for them to answer them in real time as the session progressed, and once each block had been completed and the nuances of each issue, the associated problems and consequences had been explained, they were to do a self-reflection exercise on their answers.

The students participated and showed interest in the training session on Cyber Security given by Javier.

Together with the headmistress of the centre, we decided that they should not spend time writing during the talks, so that they could use as much time as possible to think and be self-critical of the answers they had given.

Therefore, the day before, they spent time answering the form, which was a success, as we did not have a single second to spare in any of the talks, as the children did not stop interacting and on some occasions their teachers had to calm them down because they showed a commendable interest and participation.

Once everything had been explained and discussed, the first comment from the headmistress of the centre, Susana, was: “You don’t know how good this is for us. Every year we end up having a case with some of the problems described in the initiative”.

Before leaving on that first day of contact, we took the opportunity to walk around the school. What a moment, great memories of my childhood flashed before my eyes as if I was living them at the moment. The truth is that I was very excited, because with the retrospective of age you realise how important this stage is in people’s lives, and it makes you see that through this initiative you can certainly help them to make that stage better.

What is the digital footprint and the importance of knowing it to protect children using the Internet

Technology training to protect children on the internet

Javier (left) and Susana during one of the talks on Cybersecurity at the Santiago Ramón y Cajal CP in Alcorcón (Madrid).

What can I tell you about the development of the sessions? I have had meetings with CIOs to defend less compromising offers than the situations in which some of the students had put me 😊.

And although they are very lively and agile, deep down they still really reflect the innocence of their age, and that is why these talks help them to understand many things that for them go completely unnoticed. They had to be confronted with answering and being self-critical with questions such as…:

  • Do you change your password from time to time?
  • When you access your social media accounts after you log out?
  • Do you keep your computer’s web cam hidden, and your mobile phone’s web cam hidden?
  • Have you ever accepted users on social networks that you didn’t know?
  • Have you ever sent a compromising personal photo to someone via digital media?
  • Have you ever done or do you feel that you have harassed someone through the Internet (social networks, Whatsappp, etc)?
  • Have you ever noticed how another person feels while talking to them in a chat room?

So that is how my contribution ended, offering them both the advice contained in the programme of the initiative and the advice that one personally and sincerely has in the back of one’s wardrobe accumulated from one’s own life experience.

Conclusion

My conclusion about this incredible experience is closely linked to the perception I have had about their understanding and interpretation of terms such as digital security, safe gaming, sexting, grooming, cyberbullying or digital empathy.

For them in general terms they are abstract terms that need to be grounded from a conceptual level to the level of life itself. Questions they asked me like “Why does someone want to get into my computer?” or “But why does an adult want to meet me?” are symptoms that the initiative makes all the sense in the world; because when you explain it to them, they thank you enormously with a big smile, and they also call you ‘teacher’ without having taken a competitive examination 😊.

Featured photo: Element5 Digital / Unsplash

Javier Herrero
Javier Herrero

Information and communication technologies engineer, with a list of professional certifications behind me difficult to enumerate; I have worked in SMEs, large companies and multinationals, in addition to having an experience of eight years of self-entrepreneurship. I like to help people make decisions regarding the choice and use of cutting-edge technologies. I am currently at the 'Public Clouds Center of Excellence', at Telefónica Tech, where I play the role of cloud architect in the pre-sales area. I share my passions with my wife, my seven year old daughter and my boxer dog which is basically everything that has to do with enjoying the simple things in life.

Cyber Security Weekly Briefing, 4 – 10 March

Telefónica Tech    10 March, 2023

FBI and ICSA Launch Advisory to Combat Royal Ransomware

The FBI and ICSA launched the #StopRansomware: Royal Ransomware Cyber Security Advisory on 2 March to help combat this type of ransomware by disseminating TTPs and IOCs.

Many companies in different critical infrastructure sectors such as industry, telecommunications, healthcare, education, among others, have been breached with this ransomware variant since September 2022.

  • The FBI and CISA believe that Royal uses its own file encryption software, disabling antivirus when gaining access to a system and leaking data before finally deploying the ransomware.
  • They then demand ransoms of between one and eleven million dollars in Bitcoin and in the note they leave victims a .onion site for contact

Organisations are advised to implement the recommendations and mitigations in the advisory to prevent these attacks.

More info

* * *

Hiatus: worldwide campaign against business routers

The Lumen Black Lotus Labs team has identified an active campaign targeting business routers.

  • The campaign, which has been named “Hiatus”, has been active since July 2022, targeting end-of-life DrayTek Vigor 2960 and 3900 routers with an i386 architecture.
  • The entry vector is currently unknown, but once the router has been compromised, the threat actors implement a bash script that downloads and executes two malicious binaries: HiatusRAT and a variant of tcpdump for capturing packets.
  • According to the researchers, at least 100 victims have been detected and have become part of the botnet of the malicious actors, mostly located in Europe, North America and South America.

Lumen Black Lotus Labs estimates that the threat actors kept the campaign at low infection levels in order to evade detection by not attracting as much attention.

More info

* * *

SYS01stealer: new infostealer targeting critical infrastructures

The research team at Morphisec has published a report on a new infostealer targeting critical government infrastructures which they have named SYS01stealer.

The malicious actors behind this threat specifically try to target corporate Facebook accounts by using Google ads and fake Facebook profiles that provide download links promoting games, adult content, software, but are actually malicious.

It is worth noting that once the victim downloads the .zip file, and it is executed, the file will proceed to perform a DLL sideload inside the victim’s system.

Experts point out that SYS01stealer’s goal is to steal browser cookies and exploit authenticated Facebook sessions to exfiltrate information from the victim’s Facebook account. The malware can also upload files from the infected system to the Command & Control server and execute commands sent by it.

More info

* * *

PoC of polymorphic malware using Artificial Intelligence

Researchers at Hyas have built a proof-of-concept for polymorphic malware generation using an Artificial Intelligence language model.

  • The software created, which they have named BlackMamba, is a polymorphic keylogger with the ability to modify its code during execution, and without the use of Command & Control (C2) infrastructures.
  • BlackMamba uses a benign executable to communicate with the OpenAI API during execution, which provides it with the malicious code necessary to collect the user’s keystrokes. Whenever the malware executes, this capability is re-synthesised, allowing it to evade security solutions.
  • According to the researchers, their analysis with a well-known EDR solution yielded no detection of the malware.

The exfiltration of the data collected by the malware in this test is done via Microsoft Teams, which it accesses with the stolen credentials.

More info

Women who changed Mathematics

AI of Things    9 March, 2023

BY FRAN RAMÍREZ & FRAN FENOLL

Since March is also International Mathematics Day, we wanted to pay tribute to the great influence that women have had on this science from the beginnings of our civilisation to the present day.

Of course, there are many others who do not appear in this article, but we want this representation to serve as a tribute and recognition to all of them.

* * *

Pioneering women in history

Theano

Bust of Theanus. Source.

One of the first mathematicians we know of is perhaps Theano, who was born in the 6th century BC. Apart from being a mathematician, she also mastered other disciplines such as philosophy, physics and medicine.

Treatises on polyhedra are attributed to her, as well as on proportionality, specifically the golden ratio. Theano is also known for being the wife of the mathematician Pythagoras, and for belonging to the Pythagorean school.

In fact, it is thanks to Theano that we can study Pythagoras today, because when Pythagoras died there was a revolt against his school, and both Theano and her daughters saved his works, extending and spreading his study years later throughout Greece and Egypt.

Hypatia

Hypathia. Source

Moving on in history, we come across another great woman, an innovator in her time, a teacher at the Neoplatonic School of Alexandria, Hypatia.

She was born around 350 AD, the daughter of the mathematician and astronomer Theon. From an early age she was taught science, but her quest for knowledge and truth led her to travel to different parts of Athens and Rome in search of knowledge.

This eagerness led her to teaching and oratory as headmistress of Theon’s school, also known as the Musaeum.

She excelled for years as a teacher of many pupils, both Christian and non-Christian. She contributed writings in fields such as Geometry, Algebra and especially Astronomy. Unfortunately she was lynched to death by a mob of Christians in 415.

The Age of Enlightenment

Émilie du Châtelet

Gabrielle Emilie Le Tonnelier. Source.

At the beginning of the 18th century, Émilie du Châtelet , Marquise de Châtelet, was born in France. Although she could have enjoyed a life full of luxury and extravagance, she decided to devote herself to research and to the dissemination of her theories, some of which even provoked wide debate in Europe.

She stood out above all for her role in the dissemination of Newtonian theories, for her work in the Differential and Integral Calculus. Given her position, she received great mathematical knowledge from great professors of the time such as Pierre Louis Moreau de Maupertuis, Clairaut and Koenig, among others.

Voltaire‘s influence was notable on the marquise for many years, and the two made a great couple, both sentimentally and in their work.

In fact, they both came close to winning the competition in 1737 organised by the Academy of Sciences for the best scientific essay on the nature of fire and its propagation, won by the famous mathematician-physicist Leonhard Euler.

The Marquise de Châtelet was the first woman to enter the Café Gradot to discuss mathematics with Maupertuis dressed as a man, it should be remembered that at that time women were not allowed to enter such places unaccompanied. She was also the first woman to have a public scientific debate.

Maria Gaetana Agnesi

During the 18th century we also meet the Italian mathematician Maria Gaetana Agnesi, considered by many to be the first university professor, as she took charge of her father’s courses for two years in 1748.

In 1750, after publishing her work on Analytical Institutions, the Pope appointed her to the chair of Higher Mathematics and Natural Philosophy at the University of Bologna.

The magnificence of the Age of Enlightenment is spreading …

Sofya Kovalévskaya

Sofia Kovalévskaya. Source.

Other authors, however, claim that the Russian mathematician Sofya Kovalévskaya was the first university professor in Europe in 1881, in Sweden.

She was taught by the famous mathematician Weierstrass in Berlin. Her contribution to the Differential Calculus was very important, above all she managed to improve a result of the mathematician Cauchy, she enunciated and proved the theorem known today as Cauchy-Kowalevski.

This was one of the reasons why she was awarded the title of Doctor Summa Sum Laude at the University of Göttingen in 1874, becoming, together with Agnesi, one of the first women in the world to do so.

During her stay in Stockholm her study of Differential Calculus managed to solve one of the problems that had most disturbed famous mathematicians: the rotation of a solid body around a fixed point, which together with the known solutions of Euler and Lagrange solved the problem posed in 1850 by the Berlin Academy of Sciences.

Sofya Kovalevsky Day, organised by the Association for Women in Mathematics (AWM), promotes the funding of workshops in the United States to encourage girls to explore mathematics.

Sophie Germain

Towards the end of the 18th century, we meet the French mathematician, Sophie Germain. She stood out among other things for the development of the Number Theory and Elasticity, but above all in her study we can highlight Sophie Germain’s prime numbers and the attempt to prove Fermat’s theorem, which despite not succeeding she was able to draw conclusions such as the theorem that bears her name. 

During her lifetime she corresponded with the mathematicians Lagrange and Gauss. In both cases and given the times Sophie Germain passed herself off as a man, and it was only after some time that she revealed her true identity.

In 1816 she won the competition, with a paper entitled “Mémoire sur les Vibrations des Surfaces Élastiques”. She became the first woman to attend the sessions of the French Academy of Sciences. Today, the Sophie Germain Prize is awarded annually to the researcher who has carried out the most important work in mathematics.

Ada Lovelace’s inspiration

Mary Somerville

During the progress of Scottish universities against other European universities, led by the scientist Lord Kelvin, the figure of Mary Somerville emerged.

She was born in Edinburgh in 1740, and although at that time women were not allowed to join universities or mathematical societies, this did not prevent her from disseminating her acquired knowledge and winning a silver medal for the solution of a problem on Diophantine equations in William Wallace’s Mathematical Repository. 

In addition, in 1826 Mary Somerville wrote her first article The Magnetic Properties of the Violet Rays of the Solar Spectrum for the Royal Society in the Philosophical Transactions, and these were the first writings signed by a woman to date.

Among her most outstanding achievements we can highlight her work in astronomy in the study of the orbit of Uranus, something which years later led to the discovery of the planet Neptune. This work earned her the medal of honour of the Astronomical Society and various medals and awards from different European societies and universities.

Ada Lovelace

Ada Lovelace circa 1836. 
Source.

Mary Somerville was an inspiration to Ada Lovelace. Ada Augusta Byron, daughter of the poet Lord Byron and the mathematician Anne Isabella Noel Byron, was born in 1815, and is noted for her work with Charles Babagge on the construction of a differential and analytical machine (the latter was never built), possibly the forerunner of computers.

All of Ada’s contributions to the operation of Babbage’s machine had to be signed under the initials AAL and these notes have become the basis of what we now call computer algorithms.

We can therefore say that Ada Lovelace was the first female programmer in history. And despite her early death, her legacy is recognised today, with a programming language named after her as ADA.

Great injustices and modern times

Amalie Emmy Noether

One of the great injustices that have been done to female mathematicians because of their gender is undoubtedly that suffered by Amalie Emmy Noether.

Emmy was born in Germany in 1882 and was noted for her work in the field of algebra and topology, but despite her great knowledge, studies and the help of mathematicians such as David Hilbert and Felix Klein, she did not get a place at university, either during her time in Germany or in the United States at Princeton University, where she had to teach at the Bryn Mawr College for Girls.

Maryam Mirzakhani

Maryam Mirzajani. Source.

In recent years we would like to highlight the Iranian mathematician Maryam Mirzakhani, born in 1977 in Tehran, who has been teaching at Stanford until her early death at the age of 40.

She devoted herself to the study of Geometry, Topology and Differential Calculus, but above all to hyperbolic and Riemann surfaces.

Maryam has the honour of being the first woman to receive the Fields Medal, a prize awarded every four years since 1936, which has had academic recognition similar to the Abel Prize since 2003 and the Nobel Prize (Alfred Nobel did not consider awarding a mathematical Nobel Prize because of the various legends that speak of “problems” with mathematicians).

* * *

Author’s personal note

I would like to highlight a mathematician in my life who was an inspiration and role model, her name is Fuensanta Andreu (1955-2008) Professor of Applied Mathematics at the University of Valencia.

I was very lucky to have her as a teacher, not only for all her work in functional and differential analysis, but also for the closeness and simplicity with which she transmitted her classes. Thank you for your patience and help.

Featured photo: Max Fischer / Pexels

AI of Things
AI of Things

Desde la unidad de negocio de AI of Things, Telefonica Tech ayuda a sus clientes en su proceso de transformación digital unificando las capacidades de IoT, Inteligencia Artificial, Big Data y Blockchain.

Meet #LadyHacker Jess Woods, Cloud expert at Telefónica Tech

Nacho Palou    8 March, 2023

Today, March 8th, International Women’s Day, we start a series of interviews with #LadyHackers from Telefónica Tech. Through their work and effort, these women are helping us become a more creative and innovative company.

* * *

Tell us a little about yourself: who are you and what do you do?

I’m Jess Woods and I joined Telefonica Tech UK&I in October 2021 as a Senior Product Manager, which means that I’m responsible for our Cloud product strategy and roadmap.

What is your specialization and how do you acquire new knowledge on a daily basis?

I specialise in our Cloud services portfolio, comprising of Public Cloud, Private Cloud, Data Protection and Edge Computing. This is a set of broad and ever-changing technologies, so I am constantly learning through conversation, research and most importantly listening to others.

What or who motivated you to choose a technology-related profession?

I studied Sociology at university so whilst it wasn’t a STEAM subject, I did a module that focussed on the impact of the ‘Internet on Society’ and it really piqued my interest.

After I graduated, I secured a role in Customer Services at a locally headquartered MSP. An opportunity opened up to join a newly formed Product Management Team and I jumped at the chance to apply. Twelve years on, I’m passionate about the discipline of Product Management and also how technology can improve lives.

Most of my technical knowledge comes from being curious, through constant communication with internal and external stakeholders, online training and a lot of learning on the job which I think never ends if you retain that growth mindset.

Many think that not studying a STEAM subject prevents them from building careers in the technology sector but there are lots of routes available if you have the passion.

What training would you recommend to someone who wants to pursue this specialty?

Being a Product Manager is a diverse role and requires many skill sets so there isn’t really one single training route to become one.

As it’s a relative new profession, there are different interpretations of the role so it may be industry specific or require different skills dependent on whether you are managing physical or software products.

Personally, I really enjoyed doing a course ran by Product focus for Product Manager in Technical roles. It’s increasingly important to make sure you can adopt agile approaches so any training that you can do in that space is really beneficial.

It’s also vital that you know your product and your market so taking vendor led training, reading industry whitepapers and research and keeping an eye on tech news are all important.

Diversity encourages the search for novel information and perspectives, leading to better decision-making and problem-solving, improving the bottom line of companies. —Scientific American.

Could you explain to us what the #LadyHacker initiative means to you?

I couldn’t be more encouraging of making the role of women in the tech sector more visible —there have been too many times where I am the only women in the room or amongst a select few.

Gender stereotypes need to be broken for both, men and women. But we need society to recognise that it isn’t a level playing field out there, and there is more work to be done when it comes to equity and inclusion for women. Particularly in technology professions.

We can make a difference with initiatives like #LadyHacker to let more voices be heard.

What do women bring to STEAM professions?

Honestly, I think that women bring the same that men do to STEAM professions. We’re all humans, we’re not all the same, nor do we have the same needs. But women bring energy, expertise, dedicated and determination to drive change within any STEAM profession.

Jess Woods, Cloud expert at Telefónica Tech

We need to work harder to ensure that our society encourages this from an early age and that when we do enter these careers that we’re bought into environments that welcome inclusion and diversity. Also, we must recognise and address the need for equity.

How is your experience in the work environment?

I’ve had mixed experiences within the workplace over my career so far. Some have been not so great — one example is at a trade show one year: somebody came up to our stand and asked who the technical representative was. They were directed to me and visible scoffed in disbelieve, as I was at the time in my mid-twenties and clearly not who he was expecting to speak to.

However, I have had so many fantastic experiences in my profession. I have had some fantastic mentors, built some excellent relationships and formed many friendships over my 15 years in IT.

What advice would you give to the Jess Woods of 10 years ago?

Ten years ago, I was two years into my career as a Product Manager. I think my advice would be to trust your instincts and that everything happens for a reason. I was hard on myself when I went through university clearing and, again, when I wasn’t successful in securing a graduate role.

Hard work and determination have led to be being in the same position in my career as those who were on graduate schemes, it just meant that I needed to take a different path to get there.

* * *

“To be a hacker in life is to be a passionate, talented person who manages to influence the transformation of society”, Carmen Alonso
«We are moving towards genderless professions», María Martínez

A new financial paradigm: asset tokenization

Sergio Piorno    7 March, 2023

The digitalisation of the financial ecosystem has accelerated in recent years thanks to the widespread adoption of the internet and its consequent development.

This, together with the rise of mobile devices, allowed people to manage their finances from anywhere and access financial services and products online, where the average user is able to manage them through the bank and without intermediaries, something inconceivable until then.

Blockchain technology has also recently played an important role in the digitisation of finance, offering new opportunities for secure, transparent, and decentralised financial transactions, as well as the rise of DeFi (decentralised finance), opening up a new range of financial products and services outside the banking system.

Latest revolution driven by Blockchain and decentralised networks is the tokenisation of assets.

Tokens, NFTs, Cryptocurrencies…

As we have discussed previously in this blog, tokens are a digital representation of a physical asset through a code that is usually stored on the blockchain. The simile can be like a casino chip, where that plastic coin represents a real monetary value.

The best-known uses of tokens are cryptocurrencies and NFTs. When we talk about NFTs, we mean non-fungible tokens, i.e., they are unique and cannot be replicated or replaced by an equal.

This is not the case with cryptocurrencies, where we can replace one Bitcoin with another, and both will have the same value and utility. The logic of the tokens is programmed in a Smart Contract, where all the attributes that define it and the actions it can perform, such as the transfer of ownership, are specified.

TrustOS, the Swiss Army Knife of Blockchain Networks

Security tokens

Just as NFTs are one type of token, there is another that is the basis of asset tokenisation, security tokens.

Before defining what they are, we must understand that a security is a financial instrument that represents ownership of an underlying asset, such as a company share, a bond or real estate, and is governed by the laws of the capital markets of the country or area where it is issued and traded. An example of a traditional financial market where securities are traded is a stock exchange such as the Madrid Stock Exchange or the Nasdaq.

On the other hand, if we transfer the same concept of security to the decentralised world,

A security token is the representation of a security but created using Blockchain.

This allows the same benefits as traditional securities such as ownership and voting rights, dividends, etc., while increasing the efficiency, transparency, security, and liquidity of these assets. An example of an exchange that allows transactions with these securities is Bitfinex.

Hyperledger Besu: blockchain technology on the rise in the business environment

But what guarantees do I have if I own one of these tokens against fraud such as the recent FTX or Terra fraud?

These types of securities are subject to regulatory requirements established by the financial regulator where they are issued.

In Europe, they must comply with MiFIDII regulations and are issued through an investment vehicle with an ISIN, the international securities identification number, so they offer the same guarantees as traditional securities.

Given that “tokenising assets” can be a somewhat abstract concept, let’s look at some examples of assets that can be digitally represented by a token and converted into a security.

Telefónica Tech has already carried out a case study in which we tokenised the network of antennas and base stations managed by Atrebo, not only increasing the traceability of each of these infrastructures, but also increasing the efficiency of the management and transparency of the network. These tokens could be converted into securities so that investors can become owners of these antennas.

However, the truth is that these types of installations are very expensive, and the owners are usually large companies or institutional and professional investors, but with tokenisation we can enable the fractionalisation of these assets and make them multi-property, increasing the liquidity of the underlying asset but offering the same rights.

A security token can be purchased by an individual investor without the need for an intermediary such as a bank or broker.

Other examples can be:

  • Any kind of infrastructure or real estate
  • Art
  • Commodities
  • Financial instruments (equities, derivatives, debt…)
  • Patents and intellectual property rights.
What was traced first in Blockchain, the chicken or the egg?

How does asset tokenisation work and why it can revolutionise the financial industry and access to capital markets

Asset tokenisation has many benefits beyond those mentioned above and the inherent advantages of a security. One of the biggest use cases is the launch of a Security Token Offering (STO).

An STO is a public offering of security tokens similar to an Initial Public Offering (IPO) and an Initial Coin Offering (ICO), but with a number of fundamental differences that make it much more attractive to certain companies.

  1. An ICO is not a security and is therefore not governed by the same regulations, which greatly limits investor protection against fraud.
  2. The valuation of these cryptocurrencies is very volatile and unstable, as they tend to be highly speculative, which implies large losses for investors.

According to one study, 81% of ICOs failed in 2018.

On the other hand, an IPO involves a complex and costly process both in terms of time and resources. Companies that wish to go public must disclose large amounts of information about their operations and business, and it is usually a process that is carried out by companies with a certain maturity and a stable business as a method of raising more capital, so for small companies and start-ups it is often unfeasible.

They need to seek funding through angel or seed investors, and it usually involves giving a large stake in the company to these professional investors, which makes the cost of accessing capital very high but at the same time necessary to continue to grow and keep the company afloat.

However, with an STO, you have the legal certainty of owning a security but at the same time it is a much more accessible process for small and medium sized companies.

In addition, it has a number of added advantages such as access to this type of offerings by private investors, making access to private investment much

Digital Identity, Privacy and Blockchain —Can They All Be In The Same Equation?

Advantages for companies

There are also numerous advantages from the point of view of the company wishing to launch these tokens, as the asset to be tokenised can be very varied.

  • Companies that need to raise capital to reduce investment in CAPEX and have recurring income, such as a SaaS, can issue a token that represents a share in the company with the right to a fraction of future profits for a specific time as a dividend, and by being registered in Blockchain with the Smart Contract, these operations can be automated, which are also much more traceable and transparent.
  • It can also be a mechanism for issuing corporate debt or simply represent a real estate asset such as a windmill and fractionalise its ownership among different individual investors who receive a series of rents from the activity of their windmill. One of the advantages of issuing debt or bonds on the Blockchain is that they are established immediately, whereas with traditional methods it takes 2 days from issuance.

We are facing a new revolution in the way we understand asset management and trading.

More and more institutions are launching these initiatives, such as Goldman Sachs with its DAP platform together with the EIB (European Investment Bank) which issued bonds worth 100 million euros for 2 years and were established on a private blockchain for the Venus project.

This new way of understanding digital assets could revolutionise both the methods of investment and capital acquisition by allowing private crowdfunding, but giving rights to investors, and the management, purchase and sale of real estate and infrastructures.

It will also be important to see how the regulatory environment changes with the entry into force of the MiCA (Markets in Crypto-Assets) through which the EU intends to establish a legal framework for the control of this type of asset.

Sergio Piorno
Sergio Piorno

Senior Telecommunications Engineer from the University of Comillas ICAI, MBA from ICADE Business School, and Master of Engineering Management from Dartmouth College. Currently, I work as a Product Manager in the Blockchain and Web3 team at Telefónica Tech IoT & Big Data. Enthusiastic about innovation and cutting-edge technologies to build products and services that bring value to business.

Cyber Security Weekly Briefing, 25 February – 3 March

Telefónica Tech    3 March, 2023

Vulnerabilities in WordPress Houzez

A security researcher from Patchstack has recently discovered two critical vulnerabilities in Houzez, a WordPress theme and plugin that allows easy and seamless list management for the client.

  • The first vulnerability, identified as CVE-2023-26540 and CVSS of 9.8, refers to a configuration bug affecting version 2.7.1 and earlier, and can be exploited remotely without authentication to escalate privileges.
  • On the other hand, the flaw identified as CVE-2023-26009 and CVSS 9.8, affects Houzez login in versions 2.6.3 and earlier.

In the attacks observed by Patchstack, the threat actors distributed a backdoor capable of executing commands, injecting ads into the website and redirecting to malicious sites, so researchers recommend updating as soon as possible.

More info

* * *

Digital Smoke: global investment fraud scam

The Resecurity team has identified an investment fraud ring, which is said to have operated from 2015 to early 2023.

The malicious actors behind this network, which has been named “Digital Smoke”, operated by impersonating globally known corporations, such as Verizon, BackRock, Ferrari, Shell, Barclays, among others, in order to get victims, located globally, to invest in fake investment products. Digital Smoke developed a large network of web resources and mobile applications hosted by different hosting providers and jurisdictions.

The modus operandi consisted of registering domains similar to the legitimate domains of the spoofed companies, placing the links to register new victims on messaging applications such as WhatsApp and other social networks.

Once victims registered on the website or application created by the malicious actors, they were asked to make a payment for the alleged investment.

It should be noted that investigators shared all available information with the Indian Cybercrime Coordination Centre and US authorities in late 2022, with the operation being discontinued in early 2023.

More info

* * *

Aruba fixes six critical vulnerabilities

Aruba has issued a security advisory reporting six critical vulnerabilities affecting several versions of ArubaOS. The affected products are Aruba Mobility Conductor, Aruba Mobility Controllers and WLAN Gateways and SD-WAN Gateways.

  • The vulnerabilities identified as CVE-2023-22747, CVE-2023-22748, CVE-2023-22749 and  CVE-2023-22750, all with CVSSv3 9.8 derive from a command injection flaw.
  • Vulnerabilities CVE-2023-22751  and  CVE-2023-22752 also both with CVSSv3 9.8, are buffer overflow bugs.

These vulnerabilities can be exploited by an unauthenticated attacker to send packets to the PAPI (Aruba Access Point Management Protocol) through UDP port 8211, allowing arbitrary code execution as privileged users on ArubaOS.

More info

* * *

APT-C-36: new malicious campaign against Ecuador and Colombia

BlackBerry researchers have published research uncovering a new campaign by APT-C-36, also known as BlindEagle, against geolocated targets in Ecuador and Colombia.

In this campaign, malicious actors impersonated Colombia’s National Tax and Customs Directorate and Ecuador’s Internal Revenue Service in order to launch phishing campaigns targeting key industries in both countries, including the health, financial and governmental sectors.

This information follows another discovery in January by Check Point, which warned of a campaign by the same actor, which they claimed to be interested in monetary gain. However, BlackBerry has indicated that during the most recent incidents the objectives were to steal information and spy on its victims.

More info

* * *

Cryptojacking campaign against Redis databases

Researchers at Cado Labs have discovered a cryptojacking campaign targeting misconfigured Redis database servers.

The campaign is conducted via transfer.sh, an open source file transfer service that has been breached since 2014.

The access vector takes place by exploiting an insecure Redis implementation, saving the database in a cron directory that leads to the execution of arbitrary commands.

Since the malware’s main goal is to mine cryptocurrencies with XMRig, it carries out a number of measures to ensure its effectiveness. Among these, it frees up system memory, removes any cryptominers and installs a network scanner to find other vulnerable Redis servers and spread the infection.

More info