ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Telefónica promotes the digital transformation towards ‘Industria Conectada 4.0’ * This post was translated and originally published here (Spanish) within the framework of the I Congreso de Industria Conectada taking place in Madrid the 21st of September. The...
Innovation and Laboratory Area in ElevenPaths 4th Anniversary of No More Ransom: ElevenPaths, Partner Entity with Two Tools Discover the tools we contribute to this important initiative launched by Europol to help ransomware victims.
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths Cybersecurity Weekly Briefing November 21-27 Qbot as a prelude to Egregor ransomware infections Researchers at Group-IB security company have issued a statement claiming to have found activity linking the Qbot banking trojan (also known as...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cybersecurity Weekly Briefing November 7-13 Links between Vatet, PyXie and Defray777 Researchers from Palo Alto Networks have investigated the families of malware and operational methodologies used by a threat agent that has managed to go...
Triki: Cookie Collection and Analysis ToolJuan Elosua Tomé 12 February, 2021 In July 2020, the Spanish Data Protection Agency, following the entry into force of the European General Data Protection Regulation and several consultations with the European Data Protection Committee (EDPC), updated its user guide, giving website owners until 31 October 2020 to comply with it. As a result of this new regulation, from TEGRA, the cyber security innovation centre promoted by ElevenPaths and Gradiant in Galicia, we decided to launch an investigation to analyse the use of cookies of the most visited websites in Spain after the regulation came into force in order to contrast its adequacy. A month ago, we published on this blog the results of a piece of research on the use of cookies and a full report on it as well. During the course of the research and with the aim of being able to systematise the analysis and collection of cookies, we began to generate the foundations of what ended up becoming the Triki tool, which we will go into in more detail in this post and which has been released to the community on Github. Triki allows automated navigation to a configurable set of websites and performs extraction of the cookies used and generates high-level statistics on the main characteristics of the cookies. It is strongly based on Selenium’s web browser automation capabilities. To further facilitate more comprehensive analysis, Triki also provides an auxiliary script that allows all the information collected to be loaded into an SQLite database. Following its release, we invite the readers of our research and of this post to check how their websites of interest manage cookies and whether or not they comply with the current legislation. All the information about its use is included in the README of the tool in Telefónica’s Github. Still not convinced? We have prepared this video summary of its functionalities to help you take the plunge and try it out. TEGRA cybersecurity centre is part of the joint research unit in cyber security IRMAS (Information Rights Management Advanced Systems), which is co-financed by the European Union, within the framework of the Galicia ERDF Operational Programme 2014-2020, to promote technological development, innovation and quality research. CNCF’s Harbor (cloud native registry) fixes an information disclosure bug discovered by ElevenPaths (CVE-2020-29662)Cyber Security Weekly Briefing February 6-12
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...