ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Pablo Alarcón Padellano Securing your Cloud Native Applications in AWS in the New Normal The New Cloud Adoption Reality Yes, we are facing a New Normal, and we are living a new cloud adoption reality as well. Enterprise cloud adoption accelerates in face of...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón How to Track COVID-19 Infections, Discover Contacts On WhatsApp or Share Your Genes While Keeping Your Privacy When you sign up for a new social network, such as WhatsApp, you are often asked if you want to find out who among your contacts is already part...
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
Security and Privacy on the “Internet of Health”Carlos Ávila 21 July, 2020 At the time of writing this article, there are many companies around the world that are innovating, creating and improving various applications, robots and gadgets to monitor our health. In fact, many of these are already a reality and are being sold in the application market and implemented in hospitals around the world. All these watches with sensors, chips inserted in our bodies, smart phones and other devices are fantastic and store a lot of user data but, is this data being protected? Will it be used to issue diagnoses? What about the security of the software of these devices? What do we get, for example, from surgeries performed by robots by remote control? The Digitization of the Healthcare Industry We talk about innovation, digitalisation and robotisation in the health industry and this has led mankind to carry out interesting projects such as the well-known DaVinci (the robot with the most advanced surgical system in the world) or perhaps lesser-known projects such as the microrobot called ViRob, designed to clean and drain “pipes” from the body as a necessity in operations. But if we talk about common devices and accessibility for users, we find hearing aids to monitor your overall health in real time. In terms of mobile applications, we see how a photograph taken with a mobile device and advanced image processing could detect certain types of skin cancer. So much so that GoogleLeNet project, originally designed to interpret images for smart cars, has been working on this for a long time. At present it is impossible to keep up with such a large number of devices that generate information and this is no exception for doctors. A doctor can make diagnoses from his experience with several patients, but a computer is currently doing so based on data and comparisons of results that were obtained from hundreds or millions of similar cases. Health Comes First, As Long As It’s Secure The data that is processed today by all these gadgets in the health industry needs to be reliable and secure in order to make a reliable diagnosis through analysis. Therefore, the software developments that make these technological devices work must be protected and tested. The cybersecurity community, as well as security companies in general, have been conducting research on this topic, where they have exposed attack vectors and vulnerabilities on this type of environment. Similarly, the FDA (US Food and Drug Administration) has created guidelines and makes frequent calls to the creators of medical technologies to ensure the security of their products. The health industry, like many others, depends largely on technology to understand our health status. Each new device we use is likely to share data in some way with other platforms for physician decision-making. The “Internet of Health” Just as the “Internet of Things” refers to interconnecting various devices so that in many cases they interact automatically, the “Internet of Health” will perhaps allow all our medical data to be connected together, so that through various systems they can be condensed into a comprehensive report. We are now at the point where all this data is being stored in environments that should have a level of security that is managed, evaluated and monitored frequently, because decision making will depend on it. It is really important that we get involved in this problem as a community and as users. Furthermoe, it is necessary that both governments and legal entities ensure full commitment of all actors in this industry on a permanent basis through laws and regulations. In this way, we will be able to maintain an adequate level of security that will allow us to feel a little calmer in the face of cyber threats. Challenges and Business Opportunities of Post Quantum CryptographyUniversity and Industry: Talent Is Out There (III)
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...