ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths #CyberSecurityReport19H2: Qihoo is the company that most collaborates in the reporting of vulnerabilities in Microsoft products Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release...
Gonzalo Álvarez Marañón Rock, Paper, Scissors and Other Ways to Commit Now and Reveal Later Have you ever played rock, paper, scissors? I bet you have. Well, let’s put the tin lid on it: how would you play through the phone? One thing is...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 10-16 0-days in Chrome and Edge Security researcher Rajvardhan Agarwal has discovered a 0-day vulnerability in the current versions of Google Chrome and Microsoft Edge, which he has made public via his...
Sergio De Los Santos Pay When You Get Infected by Ransomware? Many Shades of Grey The Internet is full of articles explaining why ransomware should not be paid. And they are probably right, but if you don’t make a difference between the type of ransomware and...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport20H2: Microsoft Corrects Many More Vulnerabilities, But Discovers Far Fewer There are many reports on security trends and summaries, but at ElevenPaths we want to make a difference. From the Innovation and Laboratory team, we have just launched our...
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
Gonzalo Álvarez Marañón Nonces, Salts, Paddings and Other Random Herbs for Cryptographic Salad Dressing The chronicles of the kings of Norway has it that King Olaf Haraldsson the Saint disputed the possession of the Hísing island with his neighbour the King of Sweden....
Diego Samuel Espitia Detecting the Indicators of An Attack We always choose to implement prevention and deterrence rather than containment mechanisms in security. However, the implementation of these mechanisms is not always effective or simple to set up...
Triki: Cookie Collection and Analysis ToolJuan Elosua Tomé 12 February, 2021 In July 2020, the Spanish Data Protection Agency, following the entry into force of the European General Data Protection Regulation and several consultations with the European Data Protection Committee (EDPC), updated its user guide, giving website owners until 31 October 2020 to comply with it. As a result of this new regulation, from TEGRA, the cyber security innovation centre promoted by ElevenPaths and Gradiant in Galicia, we decided to launch an investigation to analyse the use of cookies of the most visited websites in Spain after the regulation came into force in order to contrast its adequacy. A month ago, we published on this blog the results of a piece of research on the use of cookies and a full report on it as well. During the course of the research and with the aim of being able to systematise the analysis and collection of cookies, we began to generate the foundations of what ended up becoming the Triki tool, which we will go into in more detail in this post and which has been released to the community on Github. Triki allows automated navigation to a configurable set of websites and performs extraction of the cookies used and generates high-level statistics on the main characteristics of the cookies. It is strongly based on Selenium’s web browser automation capabilities. To further facilitate more comprehensive analysis, Triki also provides an auxiliary script that allows all the information collected to be loaded into an SQLite database. Following its release, we invite the readers of our research and of this post to check how their websites of interest manage cookies and whether or not they comply with the current legislation. All the information about its use is included in the README of the tool in Telefónica’s Github. Still not convinced? We have prepared this video summary of its functionalities to help you take the plunge and try it out. TEGRA cybersecurity centre is part of the joint research unit in cyber security IRMAS (Information Rights Management Advanced Systems), which is co-financed by the European Union, within the framework of the Galicia ERDF Operational Programme 2014-2020, to promote technological development, innovation and quality research. CNCF’s Harbor (cloud native registry) fixes an information disclosure bug discovered by ElevenPaths (CVE-2020-29662)Cyber Security Weekly Briefing February 6-12
ElevenPaths Tips to Download Apps Securely The arrival of smartphones brought about a paradigm shift in the way we use and consume content through mobile devices. So much so that, from that moment on, they...
ElevenPaths Cyber Security Weekly Briefing May 1-7 Apple fixes four 0-day vulnerabilities in WebKit Apple released yesterday a security update to fix four 0-day vulnerabilities that could be actively exploited, according to Apple itself. These four flaws...
ElevenPaths Cyber Security Weekly Briefing April 24-30 BadAlloc – Critical Vulnerabilities in Industrial IoT and OT Devices Microsoft security researchers have discovered 25 critical remote code execution (RCE) vulnerabilities, collectively referred to as BadAlloc, affecting a wide...
ElevenPaths Do I Really Need an Antivirus? How can standard users protect themselves? In this article we explain what an antivirus is for and how you can be (more) protected.
Gonzalo Álvarez Marañón NFT Fever: The Latest Cryptocurrency Killing It Online In May 2007, the digital artist known as Beeple decided to create and publish a new piece of artwork on the Internet every day. True to his word, he...
Pablo Alarcón Padellano Telefónica Tech, recognized with Palo Alto Networks’ SASE, Cloud and Cortex Specializations We are the first partner in Spain awarded with Prisma SASE, Prisma Cloud and Cortex XDR/XSOAR specializations.
