Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Innovation and Laboratory Area in ElevenPaths DIARIO: Our Privacy-Friendly Document Malware Detector DIARIO makes possible to scan and analyse documents for malware detection with no need to know the content of those files.. Find out more in this post.
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Diego Samuel Espitia TCP/IP Stack Gruyere In May 2020 during the most complicated phase of the global pandemic, we were told that the internet was broken as a result of bugs (called Ripple20) affecting millions...
ElevenPaths Cybersecurity Weekly Briefing November 21-27 Qbot as a prelude to Egregor ransomware infections Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as...
ElevenPaths Cyber Security Weekly Briefing December 12-18 Supply Chain compromise: SolarWinds Orion FireEye researchers have unveiled a major global information theft and espionage operation that takes advantage of the supply chain to gain access to the systems...
Gonzalo Álvarez Marañón Hiding Keys Under the Mat: Governments Could Ensure Universal Insecurity The doorbell rang. “Who will be ringing now?” asked Brittney Mills, as she struggled to get off the couch. Her eight months of pregnancy were beginning to hinder her...
ElevenPaths ElevenPaths Radio English #5 – The Path After a Security Audit What is the path for a company after a security audit? It is increasingly common for companies of all sizes to decide to carry out such analyses, but what...
ElevenPaths Cyber Security Weekly Briefing December 5-11 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of...
Gonzalo Álvarez Marañón What Is Wrong with Quantum Cryptography That the World’s Largest Intelligence Agencies Discourage Its Use Quantum cryptography does not exist. What everyone understands when the term “quantum cryptography” is mentioned is actually the quantum key distribution (QKD). And this is precisely what I want...
ElevenPaths Cyber Security Weekly Briefing 28 November – 4 December New version of the TrickBot malware TrickBot botnet operators have added a new capability that allows them to interact with the BIOS or UEFI firmware of an infected computer. This...
Sergio de los Santos Tell Me What Data You Request from Apple and I Will Tell You What Kind of Government You Are We recently found out that Spain sent 1,353 government requests for access to Facebook user data in the first half of 2020. Thanks to Facebook’s transparency report for the...
ElevenPaths Cybersecurity Weekly Briefing November 21-27 Qbot as a prelude to Egregor ransomware infections Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as...
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
ElevenPaths Squeezing the numbers and facts of Google’s annual Android security report Last month Google published its third annual security report on Android’s security protections, aiming to send a clear message to the world about mobile malware (or Potentially Harmful Applications...
ElevenPaths ElevenPaths creates an addon to make Firefox compatible with Certificate Transparency Certificate Transparency will be mandatory in Chrome for new certificates in late 2017. This means that the webpages will show an alert if protected by certificates not present in...
Florence Broderick Now you can use Latch with Dropbox, Facebook and others digital services Many of you have asked us which services you can use Latch with, regretting that so far it could not be used in the more common services, such as...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Heartbleed plugin for FOCA By now, everyone knows about Heartbleed. Just like we did for FaasT, we have created a plugin for FOCA (final version) one of our most downloaded tools. This plugin...
