ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths SealSign integration with the Azure Key Vault ElevenPaths and Microsoft, thanks to Gradiant technology, have integrated the Azure Key Vault into the SealSign platform. This partnership provides a server-based digital signature and certificate safekeeping service, based...
ElevenPaths Telefonica’s ElevenPaths Expands its Collaboration with Fortinet to Improve Industrial Sector Security ElevenPaths and Fortinet partner to improve cybersecurity in industrial processes by delivering comprehensive OT, IT and IoT solutions to its customers.
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing It This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was...
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths ElevenPaths Radio English #1 – Skills of a Cybersecurity Professional In this first episode, our CSA Deepak Daswani discusses what a true cybersecurity professional must have to be valuable to companies.
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
Trend Report: State of Cybersecurity in Spanish companiesElevenPaths 20 October, 2017 The team of analysts at ElevenPaths has carried out a study that aims to show the state of cybersecurity of both Spanish companies in general and those included in the IBEX 35. This analysis has shown that more work is needed to integrate cybersecurity into the core of all businesses to prevent very basic errors from leading to the increased risks and incidents we see on a daily basis. In this sense, the conclusions obtained by this report are: “The level of security for Spanish companies is below the European average.” Despite having very mature and sophisticated organizations in terms of cybersecurity, the results of the study place Spanish companies slightly below the European average. While countries such as Germany or France lead this ranking, Spain remains at a lower level along with other countries such as Italy, Portugal, Croatia or Slovenia. “The two IBEX 35 companies with the highest rating belong to the Financial and Energy / Resources sectors.” One third of the companies analyzed present an intermediate or advanced level of security, according to their rating. Among them, the two companies that stand out for having the best rating belong to the Financial and Energy / Resources sectors. “Over 85% of IBEX 35 companies are vulnerable to POODLE, Logjam, DROWN and FREAK.” Spanish organizations do not manage vulnerabilities effectively and lack adequate update and patching policies. The report’s findings reveal that a large number of the organizations analyzed are exposed to these four cryptographic vulnerabilities. The problem acquires a bigger dimension since most of the vulnerabilities detected have been published for more than a year in the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST), and have public exploits to exploit them. “Threats targeting the mobile channel have made their way to the third place in the ranking of the most widespread infections within Spanish companies.” Furthermore, it is confirmed that, with the increasing use of mobile devices, the risks associated with their use continue to grow. Risks not only affect companies because of their employees’ use of mobile applications, but also affect the relationships that companies have with their end customers through the impersonation of mobile applications. “Only 6 IBEX 35 companies did not present any system compromises in the last year.” More than 80% of the companies analyzed have been affected by some type of malware in the last year. Standing out from this figure, several malware families especially targeted at certain sectors, such as Multiplug in the Aerospace / Defense sector. It is also remarkable that the most widespread infection, Conficker, which affects more than 60% of IBEX 35 companies, has had a patch for several years. In order to carry out this report we have relied on the information provided by our partner BitSight, which calculates the security ratings of companies based on information external to the organizations themselves. The data set covered by the report includes around 1 000 000 IP addresses allocated to a total of 850 organizations. » Download the full report about the “State of Cybersecurity in Spanish companies”. DOWNLOAD THE REPORT #CyberSecurityPulse: The Attack Against the WPA2 Encryption that Poses a Threat to Our Wireless SecurityWhitepaper “Windows Malicious Events Detection With Security Monitoring”
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...