Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a .NET...
ElevenPaths Cyber Security Weekly Briefing May 8-14 Ransomware attack on a main US oil pipeline US energy company Colonial Pipeline was hit by a ransomware attack on Friday, causing the shutdown of around 8800km of pipelines supplying...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths #CyberSecurityPulse: Tell me your social networks and you will be welcome in the United States (or maybe not) The US Department of State wants to ask visa applicants to provide details of their social networks which they have used within the last five years, as well as...
Martiniano Mallavibarrena Attention: Data leak! (In search of lost data) We have been hearing about “data leaks” on a regular basis for years, both in the media and in our professional or even personal environment. The concept actually covers...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Telefónica Tech Cyber Security Weekly Briefing, 23-29 July New Critical Vulnerability in SonicWall Products Researchers from DBappSecurity HAT lab have discovered a critical vulnerability that affects several SonicWall Analytics On-Prem and SonicWall Global Management System products. The vulnerability, a...
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
Sergio de los Santos New App to Clean Metadata More Easily We are not going to repeat the dangers of metadata, since it has been discussed for quite some time now. However, we can try to make its management and cleaning simpler. Some...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio de los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths Squeezing the numbers and facts of Google’s annual Android security report Last month Google published its third annual security report on Android’s security protections, aiming to send a clear message to the world about mobile malware (or Potentially Harmful Applications...
Florence Broderick Evil FOCA is now Open Source We are really happy to announce that Evil FOCA is now Open Source. We have received lots of comments and feedback about how you are using Evil FOCA, or how...
Florence Broderick FOCA Final Version, the ultimate FOCA You all know FOCA. Over the years, it had a great acceptation and became quite popular. Eleven Path has killed the FOCA to turn it into a professional service,...
Florence Broderick HookMe, a tool for intercepting communications with API hooking HookMe is a tool for Windows that allows to intercept system processes when calling APIs needed for network connections. The tool, still in beta, was developed by Manuel Fernández (now...
Florence Broderick How does blacklisting work in Java and how to take advantage of it (using whitelisting) Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
