ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Sergio De Los Santos What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You? We all know the security recommendations offered by professionals on malware protection. Frequently: use common sense (personally, one of the least applicable and abstract pieces of advice that can...
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
Cytomic Team, unit of Panda Security Indicators of Compromise, Key to Detecting and Solving Incidents in an Agile Way Quick and agile response to incidents is a basic aspect of a good cybersecurity strategy. Little by little, more and more companies are becoming aware of this, and this...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
ElevenPaths New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Christian F. Espinosa Velarde FaceApp and Personal Data, Hadn´t We Talked About This Already? Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being...
ElevenPaths New Call: ElevenPaths CSE Programme If you are passionate about cybersecurity, join the ElevenPaths CSE programme and enjoy all its benefits. Don't miss it!
Sergio De Los Santos More and Shorter Certificates with a Lower Lifetime: Where Is TLS Going to? Cryptography is undergoing a renewal of all that is established. Know about all the events that are transforming the way the web works in this article.
Secure Homeworking, Applying Cybersecurity from HomeAndrés Naranjo 17 March, 2020 Sometimes changes occur in society and bring us new ways of addressing daily tasks, cultural, social or other changes that establish a new practice as a way of life to solve or ease a new reality. That way, with the arrival of coronavirus in Spain, the terms ‘teleworking’ or ‘home working’ are on everyone’s lips to try to maintain work activity while minimizing interpersonal contact to prevent further spread of the virus. However, this ability to work remotely is not new, teleworking is very positive both for society and for the individual himself, as almost all studies on it show. As a case in point, teleworking involves fewer trips and emissions. In a few weeks, China has reduced its environmental pollution by more than 25%. Similarly, accidents on the way to work are also avoided. Another great advantage is that home working is family-friendly. If we can adapt working hours to other family-related responsibilities, worker’s quality of life is increased, and stress reduced. Resources Required to Enable Teleworking and Its Risks It is obvious that nothing happens for its own sake. For a change of this size you must be prepared, particularly at the technological level. Mainly, secure access to all company’s resources must be ensured, have a way to hold online meetings with the appropriate connections and tools, as well as a synchronization method of all this that allows managing the meeting agenda. Also access to corporate mail, network or cloud folders to share data and, of course, the devices to be used remotely. But, like any change, there are drawbacks as well. When we work from home using our own technological means in terms of both network and devices, the company no longer has control over the cybersecurity measures applied if the company did not have this contingency planned. Working from Home Securely To begin with, the use of our own connection may generate a technological security risk for the company if it is not properly secured, both in terms of passwords and network segmentation. The work device should be isolated from other devices at home, potentially more insecure, particularly if they are managed by minors. In the same way, the system provided by the company must include the appropriate connection tools to transfer that connection to the company and, from there, secure the connections by using the usual perimeter security, for example. Let’s focus on those essential solutions to ensure security when working from home: Secure Connection to the Corporate Network: These conveniently-encrypted Virtual Private Network (VPN) services guarantee us, on the one hand, a point-to-point encryption of the connection, so that if someone ‘listens’ when penetrating into the communication, this would be illegible. These attacks, called man-in-the-middle, are usually more common than people might think (for example when using public Wi-Fi), and everything that happens through HTTP traffic, which is not encrypted, may be accessed. By the way, by connecting to the corporate network and “going out” to the Internet by its security measures we will be more protected and, if necessary, we will be allowed to access the Intranet or necessary network folders. Robust Identity Management: Any remote access must imperatively avoid delegating access to the username / password pair. It must be avoided at all costs since a potential theft or leakage of them will surely end up with unauthorized access to the company’s resources. Here, two-factor authentication systems or adaptive authentication play a major role and that’s why cybersecurity companies have identity services that, in short, guarantee that users are who they claim to be. Device Protection Tools or EDR tools, the evolution of old ‘antivirus softwares’ that perform a comprehensive and centralized management of the company’s security policy locally on the employees’ devices. Awareness about the Responsible Use of Technology: There is no science that advances at a faster pace than technology, so its use must be considered continuous training since every day more aspects of companies are related with the use of technologies. It is highly recommended that all companies train their employees in the appropriate use of technological means. Currently, more than 90% of successful cyberattacks are related with human errors. In short, whether due to the threat of coronavirus or not, your company may be considering allowing telework at least partly. This requires a study of the feasibility and risks in this regard. ElevenPaths has products and services to secure this digital transformation of the world of work. More and Shorter Certificates with a Lower Lifetime: Where Is TLS Going to?Cybersecurity Trends Report for 2020 from ElevenPaths
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Christian F. Espinosa Velarde FaceApp and Personal Data, Hadn´t We Talked About This Already? Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being...
ElevenPaths ElevenPaths Radio English #3 – Why is Cybersecurity So Necessary Today? In this episode, Gabriel Bergel, our CSA in Chile, explains that nowadays there is no excuse for not being interested in cybersecurity. At a personal level, the use of...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Sergio De Los Santos What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You? We all know the security recommendations offered by professionals on malware protection. Frequently: use common sense (personally, one of the least applicable and abstract pieces of advice that can...
ElevenPaths Cybersecurity Weekly Briefing September 5-11 Microsoft Patch Tuesday Microsoft published on Tuesday its newsletter with updates for the month of September. In this new bulletin a total of 129 vulnerabilities have been corrected in 15...
