ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
ElevenPaths Cybersecurity Weekly Briefing 13-19 June Ripple 20 Vulnerabilities in TCP/IP Software JSOF researchers have discovered 19 0-day vulnerabilities, collectively called Ripple 20, in the TCP/IP software library developed by Treck that would affect more than...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths Open source maintainer burnout as an attack surface Introduction Software development has evolved greatly in the last decades. It is leaning towards an scenario based in third-party modules, components and libraries that help accelerate the development of our...
ElevenPaths Cybersecurity and Business: ElevenPaths at the RSA Conference 2020 We are back from the RSA Conference 2020, the year when the standard ‘humanization of technology’ has been set within the sector. We already predicted it last year with our commitment under...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Gonzalo Álvarez Marañón Snitch Cryptography: How to Crack Tamper-Proof Devices Google’s Titan Security Key or YubiKey from Yubico are the ultimate trend in multi-factor authentication security. According to Google’s own website: «The keys have a hardware chip with firmware designed...
ElevenPaths ElevenPaths at RSA Conference 2020 Once again, we return to the RSA Conference, the reference event in the cybersecurity sector. From February 24 to 27 we will be presenting our proposal under the claim...
Top 10 TED Talks to Learn about Cyber SecurityGonzalo Álvarez Marañón 8 April, 2020 The average level of professional talks is often so low that people prefer to work than listen. You’ll see this in all kinds of meetings: by the second slide, attendees are already replying to mails or finishing a report. Fortunately, it isn’t the case for all talks: for more than 20 years, TED talks have been bringing a glimmer of hope on this bleak picture. In this entry we bring you the Top 10 TED Talks to Learn about Cybersecurity as well as the guidelines and tricks on how to improve your own presentations. 1. Bruce Schneier: The Security Mirage Security is both a feeling and a reality. The feeling and the reality of security are certainly related, but it is also true that they are not the same thing. Most of the time, when the perception of security does not match with the reality of security, it is because the perception of risk does not match with the reality of risk. We do not assess security compromises mathematically by examining the relative probabilities of different events. Instead, we use shortcuts, general rules, stereotypes and biases, generally known as heuristics. These heuristics affect how we think about risks, how we assess the probability of future events, how we consider costs and how we make trade-offs. And when those heuristics fail, our sense of security moves away from the reality of security. Cryptography guru Bruce Schneier explains some of the cognitive biases behind our poor risk assessment in cybersecurity and how to overcome them. 2. Chris Domas: The 1s and 0s Behind Cyber Warfare Cybersecurity researcher Chris Domas recounts how a 30-hour session in the lab spent deciphering a binary code led to an epiphany about a better method for humans to process that kind of data. Domas breaks down how the act of translating binary information into a visual abstraction can save researchers tons of time—and potentially save lives. 3. Caleb Barlow: Where Is Cybercrime Really Coming from? The former vice president at IBM Security proposes to respond to cybercrime with the same collective effort we apply to a health crisis like Covid-19: sharing timely information about who is infected and how the disease is spreading. According to Barlow, we need to democratize risk intelligence data. We need to get public and private organizations to open up and share their private arsenal of information. Cyberattackers are moving fast, so we need to move faster. And the best way to do that is to open up and share data about what is happening. If you don’t share, then you’re part of the problem. 4. Mikko Hypponen: Fighting Viruses, Defending the Internet It’s been 25 years since the first PC virus (Brain A) hit the net spreading from diskette to diskette. What was once an annoyance has now become a sophisticated tool for crime and espionage. In this talk, Hypponen explains how the economy of cybercrime work. 5. Ralph Langnet: Cracking Stuxnet, a 21st-century Cyber Weapon When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team identified that Stuxnet was a cyberphysical attack aimed at a specific target. They identified that such target was the Iranian nuclear program (something no one wanted to believe for months) and analysed the exact details of how this attack, or more accurately these two attacks, were meant to work. In this talk you will learn how targeted attacks against critical infrastructure work. 6. Mikko Hypponen: Three Types of Online Attack There are three major groups of cyberattackers: cybercriminals (who seek to get rich by running illegal online businesses), hacktivists (who seek to protest and change political situations), and governments. Governments seek to spy on and control citizens. Yes, even in Western democracies: Your government is spying on you. 7. Avi Rubin: All Your Devices Can Be Hacked Cyberattacks go beyond computer damage and data theft. They can also kill. This talk explains how device hacking with actual impact on human lives work: medical devices, vehicles, etc. Any device with software can be vulnerable. It will contain bugs that will be exploited. We can’t forget that all technology must incorporate security. 8. James Lyne: Everyday Cybercrime and What You Can Do about It Are you aware of what your devices reveal about you? How much security and privacy do you give away in exchange for convenience and usefulness? Malware works because 99% of victims don’t take the most basic precautions. How does malware attack? What can happen to you? And how can you protect yourself? James Lyne will teach it to you over this talk. 9. Lorrie Faith Cranor: What’s Wrong with Your Pa$$w0rd? To fight against the weaknesses of text-based passwords, both inherent and user-induced, administrators and organizations often establish a set of rules -a password policy- that users must follow when choosing a password. What should a good password look like? After studying thousands of real passwords to figure out the most surprising and common user’s mistakes, Lorrie Cranor has some answers. 10. Finn Myrstad: How Tech Companies Deceive You into Giving up Your Data and Privacy What’s the point of protecting your home with a lock if anyone can get in through a connected device? Even though you never read the terms and conditions, you check the box saying you did, and Boom! You agree to have your personal information collected and used. Companies put the entire burden on the consumer. Technology will only benefit society if the most basic human rights are respected, such as privacy. COVID-19: Risk Guide and Recommendations on Cyber SecurityRisk Analysis Applied to COVID-19
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
ElevenPaths Cyber Security in Times of Pandemic: How Has Confinement Affected Our Digital Security? The pandemic has accelerated the transition to a digital life, and with it, cyber-attacks against users and businesses have risen. The most frequent attack, which is the most common...
ElevenPaths Top 4 Programming Languages for Beginners Have you set yourself new challenges this year but don’t know where to start? How would you like to become an expert in programming? We know that, at first,...