ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Sergio De Los Santos What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You? We all know the security recommendations offered by professionals on malware protection. Frequently: use common sense (personally, one of the least applicable and abstract pieces of advice that can...
ElevenPaths Cybersecurity Weekly Briefing August 8-14 Hackers attempt to exploit critical vulnerability in F5 BIG-IP ADC The FBI has issued a Private Industry Notification warning that a group of Iranian hackers have been trying to exploit...
Cytomic Team, unit of Panda Security Indicators of Compromise, Key to Detecting and Solving Incidents in an Agile Way Quick and agile response to incidents is a basic aspect of a good cybersecurity strategy. Little by little, more and more companies are becoming aware of this, and this...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
ElevenPaths New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Christian F. Espinosa Velarde FaceApp and Personal Data, Hadn´t We Talked About This Already? Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being...
ElevenPaths New Call: ElevenPaths CSE Programme If you are passionate about cybersecurity, join the ElevenPaths CSE programme and enjoy all its benefits. Don't miss it!
Sergio De Los Santos More and Shorter Certificates with a Lower Lifetime: Where Is TLS Going to? Cryptography is undergoing a renewal of all that is established. Know about all the events that are transforming the way the web works in this article.
Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org)Innovation and Laboratory Area in ElevenPaths 1 June, 2020 ElevenPaths is one of the main members of the NoMoreRansom.org partnership, as an associated entity. This renowned status is achieved when a decryption tool for a ransomware variant is provided. In 2016, we managed to create a simple tool to decode PopCorn ransomware without paying a ransom. This time, we have provided another simple tool to decode VCryptor ransomware. By the end of 2016, a very interesting ransomware became popular, not in technical terms, but because of its “extortion” formula. It offered two ways to decrypt content: The “standard” way (that is, the ransom is paid), and the “nasty” way (how they named it) where if a link to an executable is sent to two people and they get infected and pay, they will be given a “free” code to be able to decrypt the content. A “friendly” spread plan where the attacker ensures two infections for the price of one, and a more effective method of spreading. From ElevenPaths, we analysed it and found out that we could discover the password and decrypt the files. This led us to join NoMoreRansom. The platform www.nomoreransom.org has the clear objective of, on the one hand, assisting and enabling ransomware victims to recover their encrypted content without having to pay the criminals. On the other hand, they aim to legally pursue those responsible for these scams by sharing information among the security forces. ElevenPaths brings its expertise in this field developing and offering a free tool to this initiative. Thanks to the joint work of the Innovation and Laboratory Area, ElevenPaths is part of the consortium, as one of the seven associated entities, together with Avast, Bitdefender, CERT (Poland), Check Point, Emsisoft and Kasperksy. VCryptor Malware This time, we have contributed by creating a simple tool to decrypt files encrypted by VCryptor malware. Discovered by several antivirus companies, the malware encrypts user files (desktops, documents, images and so on) in a password-protected zip and creates with .vcrypt extension the files for which the ransom is requested. The ransom note is as follows: After verifying that the obfuscated password was stored within its code and that it was easy to decrypt, we developed a simple (though very heavy, since it uses pyQT) tool that allows users to recover their files without having to pay the ransom. The default password is the one corresponding to the best-known variant, which is also identifiable by a characteristic process name. We create a quick script to decrypt the files, but to display it on NoMoreRansom.org it was necessary to accompany it with an interface. Finally, the tool can be found in the most useful repository for malware-infected users. Cybersecurity Weekly Briefing 23-29 MayWinner of the #EquinoxRoom111 Contest
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Christian F. Espinosa Velarde FaceApp and Personal Data, Hadn´t We Talked About This Already? Hadn’t we already talked about this? The comeback of applications like FaceApp and the fuss caused by the photos generated, in which their users can appear as women being...
ElevenPaths ElevenPaths Radio English #3 – Why is Cybersecurity So Necessary Today? In this episode, Gabriel Bergel, our CSA in Chile, explains that nowadays there is no excuse for not being interested in cybersecurity. At a personal level, the use of...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Sergio De Los Santos What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You? We all know the security recommendations offered by professionals on malware protection. Frequently: use common sense (personally, one of the least applicable and abstract pieces of advice that can...
ElevenPaths Cybersecurity Weekly Briefing September 5-11 Microsoft Patch Tuesday Microsoft published on Tuesday its newsletter with updates for the month of September. In this new bulletin a total of 129 vulnerabilities have been corrected in 15...
