Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Telefónica Tech Cyber Security Weekly Briefing, 27 May – 2 June Backdoor discovered in hundreds of Gigabyte motherboards Cybersecurity researchers at Eclypsium discovered a secret backdoor in the firmware of hundreds of Gigabyte motherboard models, a well-known Taiwanese manufacturer. Every time...
Sergio de los Santos And the President Said, “Enough Is Enough”. The New Cyber Security Proposals from The White House Joe Biden has signed an Executive Order to improve national cyber security and protect federal government networks more efficiently. The attack on oil pipeline operator Colonial Pipeline, a story...
ElevenPaths #CyberSecurityPulse: Private enterprise’s sad contribution to sharing threat intelligence in the United States After just over two years of Congress passed a major bill that encouraged businesses to share with the government how and when threat actors were trying to get into...
Telefónica Tech Cyber Security Weekly Briefing, 19 – 23 June Critical vulnerabilities in Asus routers Asus has issued a security advisory addressing a total of nine vulnerabilities affecting multiple router models. Among these security flaws, the one registered as CVE-2022-26376,...
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
ElevenPaths Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and (possibly) Chrome. Our Black Hat research We have been for a long time researching about HSTS, HPKP, certificate pinning and TLS technologies in general. As a collateral effect of this work, we have found some...
Miguel Ángel de Castro Vendetta Group and the COVID-19 Phishing Emails A new threat has entered the COVID-19 scene: the Vendetta Group. How are their phishing campaigns different from others?
Telefónica Tech Cyber Security Weekly Briefing, 12 – 16 June Microsoft has fixed more than 70 vulnerabilities in its June Patch Tuesday Microsoft has released its June Patch Tuesday, addressing a number of critical, high, medium and low severity vulnerabilities....
Martiniano Mallavibarrena ‘Insiders’ in Cybersecurity: “Catch me if you can” Within companies, there is a significant window of opportunity for cybersecurity incidents: disgruntled employees, suppliers, subcontractors...
Telefónica Tech Cyber Security Weekly Briefing, 24 April – 6 May TLStorm 2 – Vulnerabilities in Aruba and Avaya switches Researchers at Armis have discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches....
Telefónica Tech Cyber Security Weekly Briefing 11 – 17 December New campaign distributing the Anubis banking trojan Researchers at Lookout have reported a malicious campaign distributing a new version of the Anubis banking trojan obfuscated in an Android mobile app...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityPulse: Non-Headlined Technical News with RSS and Website Find out all about #CyberSecurityPulse, our Telegram cybersecurity news channel.
Gonzalo Álvarez Marañón The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections How does Apple's and Google's technology developed for tracing Covid-19 infections work?
Innovation and Laboratory Area in ElevenPaths Winner of the #EquinoxRoom111 Contest We already have a winner of TheTHE's plugin contest. Discover our collaborative tool for Threat Hunting teams.
Innovation and Laboratory Area in ElevenPaths Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org) Discover how VCryptor ransomware works and the tool we have developed as part of NoMoreRansom.org to decrypt it.
ElevenPaths Cybersecurity Weekly Briefing 23-29 May Critical-Severity RCE Vulnerability in Cisco Unified CCX Cisco has fixed a critical remote code execution bug in the Java Remote Management Interface of Cisco Unified Contact Center Express (CCX). This...
Gabriel Bergel Decepticons vs. Covid-19: The Ultimate Battle Social engineering is being used more than ever by cybercriminals. What do Decepticons have to do with it?
Gonzalo Álvarez Marañón 20 Questions about Covid-19 Tracing Apps Covid-19 tracking apps may raise many questions about citizens' privacy and security. We solve some of them in this article.
Gonzalo Álvarez Marañón Zoom Seeks to Be More Secure and Purchases Keybase The most downloaded video call app during the quarantine responds to criticism for its serious security and privacy issues.
ElevenPaths ElevenPaths has achieved AWS Security Competency status Telefónica Tech’s cybersecurity company has demonstrated deep technical and consulting expertise helping large enterprises to adopt, develop and deploy complex cloud security projects that protect their environments on AWS...
David García Bestiary of a Poorly Managed Memory (IV) What happens when we use uninitialized memory? Read this article and find out about the latest developments in memory management.
ElevenPaths Mum, I want to be a hacker The hacker concept is most often associated with male ‘techies’ and ‘geeks’. But why is it so difficult to find female role models in the world of technology? We...
ElevenPaths ElevenPaths creates an addon to make Firefox compatible with Certificate Transparency Certificate Transparency will be mandatory in Chrome for new certificates in late 2017. This means that the webpages will show an alert if protected by certificates not present in...
Florence Broderick ElevenPaths Talks: The ISF Standard of Good Practice for Information Security REGISTER HERE! On Thursday, 19 May, our colleague Sebastian will give a speech about The ISF Standard of Good Practice for Information Security. The standard of good practice is...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Heartbleed plugin for FOCA By now, everyone knows about Heartbleed. Just like we did for FaasT, we have created a plugin for FOCA (final version) one of our most downloaded tools. This plugin...
