ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
ElevenPaths From MSS to MDR and Beyond Cybersecurity continues to evolve and, at ElevenPaths, we adapt to these changes. In our view, cybersecurity today is at a crossroads. Despite increased awareness, focus and investment, many organizations...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (II) Over the last entry we focused on analyzing the content of these files from a critical point of view, this is: on clarifying that when a massive leak freeing...
TypoSquatting: Using Your Brain to Trick YouDiego Samuel Espitia 12 May, 2020 Our brain is amazing and has evolved over thousands of years to make our lives simpler or to minimize processing time on things it considers unnecessary. One of them would be reading each letter in a written text. This can be checked by several ways, as in the following example: Why Does That Happen? This is due to the way we learn to read, since initially we only see images and it is not until after we understand them that we begin to associate sounds with words. Once we are used to reading the same words for a long time, our brain places words where they are not, or immediately replaces the numbers with their corresponding letters, or can read text when it is written backwards, among many other things. Without a doubt, this brain capacity is incredibly powerful, but it also poses some cybersecurity risks because of the possibility it offers to easily generate deception. For example, if you get a message saying “www.gooogle.com” you don’t realise that “gooogle” has three “o” instead of the two that the actual website has. What TypoSquatting Is For many years now, criminals have realised that it is possible to use this capacity against us. Phishing campaigns use these small text alterations to trick users, and they are very effective if they are associated with feelings of fear or financial distress. This type of threat has been called TypoSquatting. Due to the current health crisis caused by the Covid-19, this technique is being increasingly used. One of the institutions that has been most targeted by these hoaxes is the World Health Organization, which had to publish a cybersecurity communication intended to mitigate the damages of these hoaxes. One of the thousands of examples can be found in one of the existing pandemic tracking systems, called coronatracker.com. This is used as the basis for different typosquatting-type mutations, as we can see below: To summarise the analysis, only the second domain detected will be taken: coronatracker.info. This domain uses the technique of changing the root domain (from com to info) so that the victim, when focusing on the webpage name, does not notice any other details. In the following example below, an SMS tries to trick the user by using the domain of a bank, changing the root domain from com to one. When performing the analysis of coronatracker.info by using our TheTHE tool, it can be seen how this TypoSquatting hoax hides a dedicated phishing site and that the domain was created during the first week of the pandemic, like thousands of others that have emerged. When using the IP, we see in the first image that it has already been reported in AbuseIP for being a suspicious IP. In the second, we see how the analysis with Maltiverse detects it as malicious. Using the domain, it can be seen that this has already been reported in VirusTotal and responds to 9 different IP addresses. As you can see, criminals do not miss any opportunities to spread malware. This storm of events triggered by the pandemic is the perfect time to use all the mechanisms at their disposal to access personal, data and financial data, or simply to access machines to reach more victims. These techniques are not only applied in domains, but also in mobile applications, development software packages, e-mails, instant messaging, SMS and any other means that may be used to make victims click on the link. DIARIO: Our Privacy-Friendly Document Malware DetectorBestiary of a Poorly Managed Memory (III)
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...