ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Cytomic Team, unit of Panda Security Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better Protection The Cytomic team, a unit of Panda Security, explains what the MITRE ATT&CK matrix is based on in order to standardise the behaviour of opponents.
ElevenPaths Cyberintelligence Report: Global Banking Cyber Report As the world becomes more digital, new opportunities and threats arise and we tend to focus more on our daily business. As a result, when we are trying to...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Cytomic Team, unit of Panda Security Indicators of Compromise, Key to Detecting and Solving Incidents in an Agile Way Quick and agile response to incidents is a basic aspect of a good cybersecurity strategy. Little by little, more and more companies are becoming aware of this, and this...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Andrés Naranjo Secure Homeworking, Applying Cybersecurity from Home Working from home makes it easier to reconcile these difficult days, but safety should not be overlooked. Telework safely with these tips.
Gonzalo Álvarez Marañón DataCOVID-19: Fighting the Coronavirus by Using the Approximate Location Data of Your Smartphone Find the answers to your questions about how the Spanish Government is using Big Data to improve research on the COVID-19 pandemic.
Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org)Innovation and Laboratory Area in ElevenPaths 1 June, 2020 ElevenPaths is one of the main members of the NoMoreRansom.org partnership, as an associated entity. This renowned status is achieved when a decryption tool for a ransomware variant is provided. In 2016, we managed to create a simple tool to decode PopCorn ransomware without paying a ransom. This time, we have provided another simple tool to decode VCryptor ransomware. By the end of 2016, a very interesting ransomware became popular, not in technical terms, but because of its “extortion” formula. It offered two ways to decrypt content: The “standard” way (that is, the ransom is paid), and the “nasty” way (how they named it) where if a link to an executable is sent to two people and they get infected and pay, they will be given a “free” code to be able to decrypt the content. A “friendly” spread plan where the attacker ensures two infections for the price of one, and a more effective method of spreading. From ElevenPaths, we analysed it and found out that we could discover the password and decrypt the files. This led us to join NoMoreRansom. The platform www.nomoreransom.org has the clear objective of, on the one hand, assisting and enabling ransomware victims to recover their encrypted content without having to pay the criminals. On the other hand, they aim to legally pursue those responsible for these scams by sharing information among the security forces. ElevenPaths brings its expertise in this field developing and offering a free tool to this initiative. Thanks to the joint work of the Innovation and Laboratory Area, ElevenPaths is part of the consortium, as one of the seven associated entities, together with Avast, Bitdefender, CERT (Poland), Check Point, Emsisoft and Kasperksy. VCryptor Malware This time, we have contributed by creating a simple tool to decrypt files encrypted by VCryptor malware. Discovered by several antivirus companies, the malware encrypts user files (desktops, documents, images and so on) in a password-protected zip and creates with .vcrypt extension the files for which the ransom is requested. The ransom note is as follows: After verifying that the obfuscated password was stored within its code and that it was easy to decrypt, we developed a simple (though very heavy, since it uses pyQT) tool that allows users to recover their files without having to pay the ransom. The default password is the one corresponding to the best-known variant, which is also identifiable by a characteristic process name. We create a quick script to decrypt the files, but to display it on NoMoreRansom.org it was necessary to accompany it with an interface. Finally, the tool can be found in the most useful repository for malware-infected users. Cybersecurity Weekly Briefing 23-29 MayWinner of the #EquinoxRoom111 Contest
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...