ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Telefónica Business Solutions Reinforces the Security of its Network with Clean Pipes 2.0 MADRID, 14 September, 2017 – ElevenPaths, Telefónica’s cyber security unit, today announced the launch of Clean Pipes 2.0, a software-based security service, to prevent known and unknown threats across...
Innovation and Laboratory Area in ElevenPaths TheTHE: The Threat Hunting Environment, our tool for researchers TheTHE, a unique tool within its category that allows analysts and hunters to carry out their research tasks in a more agile and practical way.
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths CryptoClipWatcher, our new tool against crypto clipboard hijacking techniques Since 2017, this technique is becoming quite popular. Cryptocurrency in general is a new target for malware, and mining Bitcoins is not profitable anymore in regular computers (maybe Monero...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
Franco Piergallini Guida Adversarial Attacks: The Enemy of Artificial Intelligence (II) In Machine and Deep Learning, as in any system, there are vulnerabilities and techniques that allow manipulating its behaviour at the mercy of an attacker. As we discussed in...
Redefining Cloud Security with SASESamuel Bonete 24 September, 2020 Stop for a moment and think: what percentage of your Internet traffic ends up on websites or traditional browsing and what proportion on SaaS services? If we analyse it in detail, more than 85% of the volume of traffic that moves on the Internet ends up in a SaaS service. Having said this, is a proxy or a traditional firewall, whether on-prem or in the cloud, able to understand what is happening to the cloud applications that are being consumed? Be honest with yourself… Traditional or legacy model-based security solutions are aimed at protecting the user in order to safeguard navigation and prevent the user from accessing malicious sites, downloading malware or clicking on a phishing site. These solutions also follow an “allow/deny” model, authorising the use of certain applications and blocking many others. However, at a time when the web world and SaaS have converged, this pattern no longer makes sense. Proxies and cloud firewalls are not enough to protect our information. A conventional cloud proxy is effective in crashing or enabling cloud applications and web pages, but it does not work to decode at a low level what is happening in the SaaS application. In other words, it can provide basic information (i.e. a user connecting to OneDrive and uploading X Gb of data) but not provide detailed reports such as: Which specific instance did the user connect to? Which document was uploaded to that instance? Were they protected with IRM? Were the files subsequently shared with a third party? And so on. The current situation forces us to protect not only the user’s web browsing, but also the data and, above all, to be aware of where the corporate information ends up. Beyond regulated SaaS applications, corporate information can end up on any website, unregulated SaaS service or IaaS instance. This is why the concept of the Next Generation Proxy Cloud, or NextGen Secure Web Gateway start to make their way. First Step Towards a SASE Strategy And what is this NextGen Secure Web Gateway about? Basically, it is a web browsing proxy service offered from the cloud, but unlike traditional services, it is capable of protecting browsing and controlling what users do in SaaS applications, in order to be able to read the information being transferred to them and apply controls within a context. In short, we are talking about providing intelligence to the proxy, combining proxy, CASB, DLP and Threat Protection capabilities in a 100% cloud platform through which we will pass our users’ browsing traffic, when they are in the office, in an SD-WAN connected location or on the move. In this way, the first thing that will happen when an employee opens his laptop is that he will be transparently connected to a control point on the Internet and, from there – after validation of the team’s security posture – all his SaaS activity will be monitored and his web browsing will be protected. Furthermore, if the user needs to access corporate resources located on the internal network in a safe way, this can be done through a Zero Trust Network Access model, which will provide secure remote access from that interconnected network to the internal resources. This approach of uploading security features to a new 100% cloud perimeter matches with the SASE “Secure Access Service Edge” model that is trend nowadays. But in order to provide cloud security services, it is necessary to have an Edge that supports it. Nowasays, NewEdge operates with present points in 40 regions (including Madrid, São Paulo, Buenos Aires, Santiago de Chile, Bogotá, among others), and new datacenters are added every month. NewEdge is designed to scale to over two terabits per second at each present point and is capable of handling online traffic of hundreds of millions of users. With extensive peering with cloud services, CDN, Software as a Service (SaaS), as well as Infrastructure as a Service (IaaS) representing over 300 network adjacencies, NewEdge is now the world’s best-connected network for delivering data security with a native cloud platform. Cybersecurity for Industrial Digitalisation: Keys to a Successful ApproachBlockchain, Cryptocurrencies, zkSTARKs and the Future of Privacy in a Decentralised World
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...