ElevenPaths ElevenPaths approaches the cyber security paradigm shift and the new era’ s digital transformation in the SID 2020 Telefónica Tech’s cyber security company is holding its 8th Security Innovation Days, this time in a virtual format and extending from one to three half-days, on October 20th, 21st...
Alejandro Maroto Steps to move security solutions forward in the face of current world challenges Palo Alto Networks founder Nir Zuk recently addressed the Telefónica Global Security Summit with some thoughts to share on the direction of security and implications of the COVID-19 pandemic....
ElevenPaths Cyberintelligence Report: Global Banking Cyber Report As the world becomes more digital, new opportunities and threats arise and we tend to focus more on our daily business. As a result, when we are trying to...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
Gonzalo Álvarez Marañón Encryption That Preserves The Format To Ensure The Privacy Of Financial And Personal Data Your personal information swarms through thousands of databases of public and private organizations. How do you protect its confidentiality so that it does not fall into the wrong hands?...
ElevenPaths ElevenPaths approaches the cyber security paradigm shift and the new era’ s digital transformation in the SID 2020 Telefónica Tech’s cyber security company is holding its 8th Security Innovation Days, this time in a virtual format and extending from one to three half-days, on October 20th, 21st...
ElevenPaths Cybersecurity Weekly Briefing July 11-17 Combining Citrix vulnerabilities to steal user sessions On July 7th, Citrix published a security bulletin to correct up to 11 vulnerabilities. A few days later, a report was released with...
ElevenPaths Download for Free Our New Book: ‘Irrational Decisions in Cybersecurity: How to Overcome Thinking Errors That Bias Your Judgements’ In the transmedia universe of Blade Runner, replicants are artificial human beings manufactured by bioengineering by Tyrell Corporation. They are physically indistinguishable from a human, except for one detail: their lack of...
Gonzalo Álvarez Marañón Encryption That Preserves The Format To Ensure The Privacy Of Financial And Personal Data Your personal information swarms through thousands of databases of public and private organizations. How do you protect its confidentiality so that it does not fall into the wrong hands?...
ElevenPaths ElevenPaths approaches the cyber security paradigm shift and the new era’ s digital transformation in the SID 2020 Telefónica Tech’s cyber security company is holding its 8th Security Innovation Days, this time in a virtual format and extending from one to three half-days, on October 20th, 21st...
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
Innovation and Laboratory Area in ElevenPaths New Version of Our SIEM Attack Framework, Now With 7 Manufacturers For some time now, the ElevenPaths Innovation and Laboratory team has been working on different projects and research related to the security aspects of SIEM (Security Information and Event...
Vendetta Group and the COVID-19 Phishing EmailsMiguel Ángel de Castro 15 June, 2020 In April 2020, a new player came on the cybercrime scene: the group called Vendetta. It has been observed that they are a prolific group focused on email campaigns mainly based on the Covid-19. Their targets are distributed all over the world and their attacks have been detected in countries such as Australia, Mexico, Egypt, Romania, Austria or China. Vendetta chooses targets from the technological, business and government sectors that handle sensitive information. They have showed remarkable skills during this phase, since they select and analyse their targets. Their standard attack procedure consists of sending malicious email attachments containing a malware that allows full control and theft of information from the victim’s system. The highly-accurate design of phishing emails, including details as well and a well-studied and targeted message, takes into account the global context on which the deception is based. The malware used is not entirely self-developed, but it contains commercial software as well. It is versatile and with a low detection rate thanks to the use of packers and final payloads in memory. Malware weapon installs access point (usually .NET samples) using unknown and known packers in multiple layers that injects different modular RATS in memory. Finally, malware enables the intruder to gain total control and persistent access to target network via C2C. This group also performs additional delivery using hacked websites and proprietary infrastructure. Vendetta Covid-19 Campaign We have analysed the campaign of attacks carried out by this group during the period 03-05-2020 to 09-05-2020 and within the Covid-19 context. Below, we describe the analysis of a phishing email attack impersonating the director of the Taiwanese CDC. As a result of the analysis, we discovered more than 134 malware samples, multiple URLs and domains with strong links related to the Vendetta group. Initial Discovery: Taiwan CDC Director Impersonation Attack The email was first analysed 2020-05-03T22:43:15 from Taiwan. Antivirus detections over the email were very low. As we can read in the mail, the letter appears to be signed by Chou Jih-haw, General Director of the Taiwan Centers for Disease Control and Prevention. Within the text we observe that it is an attack aiming citizens of Taiwan, given the language used and the content. They are urged to carry out a Covid-19 tests at a Taiwan Centers for Disease. Given the behaviour of this group when selecting their victims, it may be thought that it was targeted against the Taiwanese CDC itself. Translated the email, we can read: It must be noted the quality and attention to detail of the email, a characteristic feature of the Vendetta group that it is quite unusual in regular phishing campaigns, usually with typographical errors, grammar mistakes, etc. This proves how specifically the attack was targeting Taiwan CDC and the effort the Vendetta group made to perform its attacks. Within the attachments, we get a cdc.pdf.iso file containing the malware that the attackers used to infect the victims. TYPEINDICATORNAMEDESCRIPTIONSHA2560aa87ed22e193e1c6aa9944cf1b9e88ec4ae6a5b3f975e3fb72c0f5b06b864f21349628.emlEmail with malware attachmentSHA25651B0165FBA9CF8E0B7BFEBDC33E083ECC44D37CDBB15B5159B88B71E52B0255Bcdc.pdf.isoZipped file containing malware Malicious Content Analysis Once the malicious file cdc.pdf.iso has been decompressed, we obtain the file cdc.exe, a file developed in .NET and packed using an unknown packer. This threat is called RoboSki. As we can see in the following screenshot, the malware uses a section of the binary to hide other components used by this threat. This is a method commonly used by Vendetta for creating its threats. Once the sample is executed, the malware creates in memory a .DLL file containing a .png image, which in turn contains the shellcode encrypted in the pixels of the image. When the shellcode has been executed, the malware will drop in memory the next payload. We can see ReZer0 Malware, packed using Eazfuscator. After a series of memory dumps of different obfuscated payloads and after being unpacked and analysed, we concluded that the final payload contains the malware Nanocore RAT, as you can read on the project name. TYPEINDICATORNAMEDESCRIPTIONSHA2560aa87ed22e193e1c6aa9944cf1b9e88ec4ae6a5b3f975e3fb72c0f5b06b864f21349628.emlEmail with malware attachmentSHA25651B0165FBA9CF8E0B7BFEBDC33E083ECC44D37CDBB15B5159B88B71E52B0255Bcdc.pdf.isoZipped file containing malwareSHA256d5d3cf535b3313077956d5708225cf8029b039ed0652ee670ce25ea80d2b00c0Cdc.exe.NET packed PE file containing malware RoboSky attributed to Vendetta GroupSHA25619B5353BF8A69A64536C865A4890B69EE1DCD59445968E1CFD94C62E1A97B11ECdc.exe_unpacked.exeUnpacked .NET packed PE file containing Nanocore malwareIP172.111.188.199 C2C Links with Vendetta group The malicious attachment has been attributed to the Vendetta group due to the following factors: The tree attack observed to Vendetta group always includes the same pattern:High quality crafting phishing email.NET Malware RoboSki as first stage of malwareMemory observation of Rezer0 MalwareRezer0 drops in memory the next stage of the attack, in this case Nanocore RAT C2C IP: 172.111.188.199 used previously by this group.Pdb path that contains a username named Vendetta: Common resources in the samples used by this group. The project CxFlatUI (this project can be found on GitHub and belongs to “HuJinguang” user) is used by Vendetta group as code base to create their threats. As a result of the use of CxFlatUI project as code base, EXIF metadata with CompanyName and FileDescription values match with other samples belonging to this group: Analysis genetic malware database Intezer: It has been possible to identify genes and strings belonging to Vendetta group in the sample analysed. Performing the pivoting phase through the CompanyName, ProductDescription, extracted payload from memory, etc. it has been possible to detect 134 samples that could be directly related to Vendetta. The group used them initially (they have been seen for the first time) during the time range from the 3rd to the 9th May 2020. The tools used by the Vendetta group are tools such as Nanocore RAT, AgentTesla, Remcos and Formbook, ReZer0 but we can also find Azolurt, Warzone RAT (Ave Maria) or Hawkeye and also to some extent generic malware samples. They use different manual packers and known ones such as ConfuserEx, Eazfuscator, IntelliLock or iLProtector. The following picture shows the cluster graph resulting from the genetic analysis of the 134 samples related to Vendetta. We can see how this group uses of the different types of RATS that we have identified as belonging to the Vendetta arsenal. We found a sample that does not meet the usual pattern, since this time it is not an executable compiled using PE32 executable for MS Windows .Net. Instead we found a MZ for MS-DOS. The language detected in the resources of this binary includes UK English and US English, when generally that value is neutral in the samples analysed in .NET. As far as the certificate is concerned, there is a chain of certificates, but it ends in an unreliable root certificate. TYPEINDICATORNAMEDESCRIPTIONSHA256080ff06496d8b6b5e6307059e378ed7052e381a6f130d89385c778edf32ae996Vdnoenr.exePredator the ThiefSHA2569fbb3df3c9b58626be3f9e66e8b4abd811a8069839374ade15cc405eb3b4d816sr3S0CjtBE.exeVdnoenr.exe unpackedMUTEXcjF0OHM0 Mutex CreatedMUTEXIESQMMUTEX_0_208 Mutex CreatedDOMAINSbbc-news-uk1.space DNS Resolution We also found text strings related to AutoIt, a widely used trend to build the initial dropper for its anti-virus evasion features. “AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.” “AutoIt has detected the stack has become corrupt.” Once it has been analysed, we observe it has been packaged using mpress_packer 2.19 containing a large amount of the Predator the Thief malware code, a very versatile commercial infostealer both for its wide number of features and for its modular design. After the analysis of the communications made by the 134 related binaries, several indicators of compromise belonging to the Vendetta’s malicious infrastructure have been obtained. The complete list of associated indicators can be found in Annex 1. Conclusions After the analysis, we can conclude that the Vendetta group stands out, not so much for the use of very new pieces of malware, since they generally work with commercial products from the malware market, but rather they place special emphasis on the recognition and preparation phases. They select targets for specific campaigns, not addressing mass distribution and allowing the context used, in this case the one caused by the Covid-19, to play in their favour. They prepare emails with great attention to the details and care, both visually and in terms of the content, using different languages and with a tone of urgency and authority that undoubtedly increases the chances of success in this type of attack. Annex 1: IOC related to Vendetta group bcaf5698e3d5291c284e0ea40deec27e69c4942049f1c90a4e334e066485dfa9b2bccd13743ac9153a8b731af82d6b19fa7395dd16596a3b5f783f1092419c3a92632fa88b730e2593837c7d51884384dcf8c887fd4b8d3cc6741d12ae9cd347c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a147e92a20eaa350aef112cd3110af132aa9667af4e8eb90d345d4b7da8cea95cb26960e8083466e40ebbfcc6dfe93c4080a516d6260e1a2900ce7649fc44442ec315112980543e9046f7b3167586d3a5ba25734aac85679542adaca7867f3ef7713c780c42db40b3456b797e578c889f19a915441a428277aaa8235dfecd014220eb672944019e3a3520f9c3bac67acbfff3700fa27aec05bfe96129a77b6437bbf20efcdbae1950b49b4f121f17baee19a5d638983e96a954bd6e602fb35b160f525a06128b217d0081ee6d81a2d2fe04e9ecd20cf0e0fa7c99aaa9ed83154df4f76522a5a1a8f056d53bfea97293f503b6bc703cf37ff60dd8b47f47ecaaaadcaf6aed333996a431610306d24a90e7bb27035cdeb93901c1e1b00626877e78736d65eea1acec603391ea9dc50b880c83a1ef4de69cdc6649e79dab9eeea39212025c0f03e21ce62c476f6d5a95d3de80ef8ad59fc3a552550d0c9e927458e442e7b0bc64037556ec415d6f869b09205a85d746550ad196c07d4be7ae7391552fdeeae131f4bc6dd0fb7e2ebdcc379fadf314203f0de0e2b1e4a90aabf20b1f1eda6158b488a4f6635255b406b59933d4dc6877e1cac1bb85e1d9bfd9cd7f62e4bb158234319609a3d891e08f7ae6d6deee7fac7138639a8954dae5f281eea890a9045fefcc8463e698c79a594247fa002b0badf6846b200eef6a8bf47ca53d170914b423f415bdf562a5ee3eff48808d4b0731013bcdf870bfdf2bcded8caa8e9d9d8dfe961ede4406310aefed0eab63e52f29ad2c557eed012e298e644a43e67f30ee8be83b021b5ba3ebe65e610fc1a50ce3f3cb1c081f62ada165d841867f84806700f99b46ccda77e5a87922e88cb5bf5694624455cc040324524a6f866e53e6f7bd88850c3771be189fb16601e0f2bcbf6f80a7baa7990bbc77e28491d65c09f664bfd72f66e988c6a83bb29f94ab3c22968f76977f3d30500848f6213e7e66fbf0442436122d17de23a4ff3b217edd9111c97eec4e05e22b2fe72046123d231401b30d6f5ea191832456133eba46c1d77ac5717ee4a3abe050f1664bcd41beb4d2b564bf1a91656755247e37487c7dd24d22cae84c9de2428535c7c09a09ddc92cdd2f9ef6f019b075c62ea781778ac50850b5c79dc9f5a000a2da8b148cadfe967abcc303b8deecbbb030efd3ee9b49424246b8975f8f7e54ae2c36f37fbb193f6ba57d318e7f5333fa7870282de9b3322e024c65d89977d2ec594c0360c343788f8fe1ec3e57514ee4ced37503c9271741ce3688afe5086135f8f07e9657bb8f4920565b2cbdc1add6d78026fc4e8047632ba077463e5991e105ee60ad4364f4a6c17082d929b810116a71e6730ed7ad0ca750624976b043f044994203720a4d4d988958a592e89d937e987e95fe7d8b7417a70d88ff62c5dbd77be64c94e34a8b4174fe920c0968019f46574d172bc270a424d66a80295694a7d7060a16518824101a132d9816abde0b03fec08b29beb9415c217ec0e1f2cf779320edc5b15578c2714fd64a6577a5bd1fbbb13434dc2e900e3b7c5685372060500eb506623215bfd28e3f1b9f7f34b0fc254b0a2fe8a91f5cd0a62f26bd7391691a1025e072db46f1c469e3d9758147a97a57bc33da3ab2c0e2d93c52759176bf73521003fe09aecd04a3b01d252a3c49037c35c188c8a19624fe6367a6f2cc00539900a999853a6783c7e700987248efd3307604d5ca3cc4bdc3e69cf3489e068fae14da82a6d0df4b14d205e91bb068cb57c79c8267b8a50fc12a07da395b500b44ede8d91f14918ec469990ff81f496d85fed73b744f317928f1bfb92463d1766f2988c9aae96c380e1628fefdd981c84ce9cf7fbbdd8dc03c365377443c2c286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785d5f347be26d404ab0fb1ea2eb8b2d4d3fd308306952129c871e03bd916818c8de30672336261f66449f9e3e1f7e4fd6ba381e6046cdb5c9ba0088c576aca51761d748a0cc73a641e1d10a372a2f47901527f759cbe540109068323315a2f63c0d5d3cf535b3313077956d5708225cf8029b039ed0652ee670ce25ea80d2b00c0219760dead477932b0a969b38ecc8d7ee41b2da4de72f32700f905cd705c340ff4ad5a582c73b80900d35c87421f1d6076cd4fe994b65417223aedaab76b806e2f9b92ba539de2cd1fdd35725fb144f72e4809d9c43dd79a6e2fb403ea07001c774cabba771d38532276d09fea65d562a9eac297737d74e937695877d21f19585a67dee45b2e60de47e22739c8be8614f31cdb4acbaf554f37d06ea41ddd876297b8bdb2c3d831301d68b883fea274703bd497462caa192f6a09130a0f42d10c201aab86deb0b609b895f6934d5a87b56384cdf01dbfce5e5bb2e970f91bb9194e59193170ad7a1da7d91bea0028bb8107a3a305cd91a353822e23924ceda25b2a07d219f5444c0bdf0942f2157f623efc400dcba8594d3eafa2f5dc0fd5836b5521ef291f90c10acfd6e796a6ad2cb099a14da80bd09c6e8ffe0710c8eb547cf57374520bfbf5f5afbbfe8c8cf762f95e05cf050fe959d731d49b77f4776cbae2d6119bb484c9e5f5a7107b4687553416208badbb881df4328bec5146d085090598b4ce2460676755245bad49490a9c94ae85a074c2242adfa65c52b0ad37963eeedb9932e7f8b09dfb11dd48a50cb473ec777e1c7d0cf1ce6c21623e86549ad6a03be138abc31b13e2c70092dfd8ee73e59a52c5881fe2ac477f9c9cec539ee16ba0ace7b0abc8bf1cd0d89ecb591ce94210cb2192196a756fe1c554e03d62705e6b3291082ab445e179e9e65464f3d7809f266ca5644707f67b59c531ab433996059fe34930b9d9f584bda6d7e784a2295ae3d988255e97857b9928b5c955424ffe0e02a6f89682d55c7e051538705a067dbb87ad5daa9379ac70593da268016b1bc90d2a25f17ae03f0a29bf8297dfd33fd718e02e318f4a64d192fceb605de3d93e65bc78582772de69a6663ccef69fa056f9cf7fe44cd3011d03104b59af9ff2feb141ada2c8ca807fb12326dcb0d377d372d13955c33ca6aef378b387d3ccfc7eefe685bc703f2975cde7560c851f7e28f8fac127baf54b24ede4ca91199528b69b42d1af70f525973be5e53bcd16c19b39a117cfaa27ba1a515723f8b3347d03d6ab008c67cb3c819b545ea82fd5d0eb8e92050af7daebb35c803ad45a0e68a086ea94b7601121e52f03bb29faab5d1da95ced80a11218034e8d294401c7dd686988aded4a1730159eaaa2f4ecfb9f53dc93a3f9ba0503b7698aa4542ae8f7e54b2c1568faa2071facfbab5f1f66e77cca38fd755c66c56f048abab37f98aba8439fcc1f2b54cbb1a12f1a8f4752d65e0fb8ee7fbdd206e2f0db5b996c22a397528ff1fe394044d94134af1d81ab8ef5ce82dd65283586ac6d9319c0d79ff402299dcf2d71c104beb763f0e3893eb857622cc07d8969aa08541950f915b7b01be91b632db911f41473c68e5d3d1e705f1738214aa2827b8f6b060b87cf27ba547b3b778e771324406fd4e95b992a1664826d179cf7af0d4f8dd1bc0a43ca549fc5b4e817a872ea9d53f1a17949a7a2d80d67a2b2f37907b021da818ba563a898ce1c8dcac374ef8a468e39a185ca3b010f1a41b60731a7beac23f8464c886afcf091e440b12ade502e4b8dcd2e9995cb2c10d7c0f8fd16e736d6fca62e268914ba79bc7c7ac43a39b6dc463d56e32f6e43ff8cfb4aa19e43aefd8ffb3363075fd1a09ada8858a47b099c702028f26705c5967633ee92f341817db3b314e7b4f4f4e98ecb3aad0e67857b3fbbca1d314ecdaa0b1aab122e1d97954977eddcaacc8947b326dd6998c90175846c76375ee953074668354ac72dba27ffdff9155082e1d12e318287a25bb73036feab7c75b7f0c3c1c30f457cbecaf9763a388b67c9e243a4156343e3f2c6b640df04f1803a2eed2b66ff88ee698e34888044e50aaa49e93786e5e228983b0b1daddf8ad88baacc627e7667ea749d64cdfe5b6b8e78568b828610d9d85128e14e34938614f7fc2885569995834678da14b2fe376b2372b224037d4ab183527213a3731e8a141a74cbdabd1c00eb52da6323cd9b154f848a6f37a110de136034cbf5190600da5687bb6259f19addf2e2759a82d3edc9ad7ba25feca5ef08641b0f030d92faa5dec17f3148e062b727a0240cb590b1181625df5cc62b8716449c07faf158411381babca4d22988c5d852aafabacaaa40e0f3b6cba3fc498dfbd6f2d198a767453cd8513acdbafa9fefaeed2ac1b451ce8ae3ab62b5cdfd52793c5cf4e57efbc39012c4139d1b8958b202f6d1895225b53f54d122a60d52a692acfe09a4fb64fbc2bea01746d2ec3f12e3a5640627b6c0e68d720dbeafde9231c6a2a1652a7c6e1d7b8816fc8c829e793c084726ff94fc13fe6281062a8b36abed5e25e350dd441a31b8acc910292fd67c48056ff9969b0b9d452a37be71de3c3cb1773a4ce604068bdb715ee3f2742d0e389867669c698454edaee7a64ddeb26eea619e2946939a4d71b5299b9fef7c4252a1f3eb876bdd52d2f6fb8a8dfe28fcff50129a1fd88f76b3e99c500357c36ff862bb8510a80af2965bdca1fdb2218ebfaa2a72402c0b767c3fde6b7807baa647b50756d1e1046fc633cd6796b320ba230db24e73c238c7ceb4dd20096ff366502b246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a04e4b0f2b45295ae88dc7cd1e2846788f54a22905bf6cf289519f609e41dda2a4eceba2e6a2c1be781eaa0dd185fae4061a47c5cda10934672723f9ce06332ff47b5e89ca46752ad31a046d9b1ef6ab2ceb8289e1dcf8c68556df0a2b27f8acb1230768a8b1c1a0f8ee13a9d91a67742f3c0dac9d1bb5218a59362b6ddfd072845456f58b7112cbc0cccb10f8da3b6edb96712a08dfc09729aad2f60bd62be4fc28240d3260b1ea8df33747d3d6c9be6685f83dbc4c40d6c90b2622054dd79b4b38540db35f6786084fa896cb52297141625d5e8da335e8b539fda1683cda5f86a9d9dd9c8a720a43790c0218adfc255ef41a3b5f1be8b1e0d0e9931a2422549347dcbf01785cbe9d614186a2fa97706470ef31008ce7d09f2bbcae8d96c073f02656b3ff415a282bab5d844689e62e93e2f6ff089529bda9377bbb58cce1788059674d38de995cca06bb45e523d6c080eae1d717ec632932d28c0dd648b1086dd3db87b88e8b020f212e9707d8efb3888eccf436fd30658966e6db0e90e46f047dac4a54cfc927b195a3b35b031b7653622dc95706324122e39c6ed1f17672590245bb4c69fc027f53b3f5c41ed13a515a81c9b0bb12700df6688554ce248d70d4d23638d8c40ac1f052c82c4302aa3403378afdb65cab1bc582396c2ae7757a32ae82bfe98d50ecd5d6a7267854c8e09f353c980d4bd526de6128202b884cb2080ff06496d8b6b5e6307059e378ed7052e381a6f130d89385c778edf32ae9964791a5bcad2a0ea8e525bf24dc5c480ead507f0a888b31134fc26799167a2f941745870e72b522d26907dd2a6b9005804bf5aa390df6cc9cac32d3cd1d118cfc795f59666238d3e1d5ae55f2f43b4b85e040488444865f23f3d3d43b264512031cadbfc60a4a24b71e3024cec9bcb7a451f6dc2ac61f714e060925e927e41d2d1c964f7b4a1f588cab0f3a68eb987905b9d5b4d3121db07af0e26b291db6f1b70513703f3cdd9baff067432764336311825131de68252c8e20392e08e55c15f7 Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better ProtectionTelefonica’s ElevenPaths Expands its Collaboration with Fortinet to Improve Industrial Sector Security
Gonzalo Álvarez Marañón Encryption That Preserves The Format To Ensure The Privacy Of Financial And Personal Data Your personal information swarms through thousands of databases of public and private organizations. How do you protect its confidentiality so that it does not fall into the wrong hands?...
ElevenPaths ElevenPaths approaches the cyber security paradigm shift and the new era’ s digital transformation in the SID 2020 Telefónica Tech’s cyber security company is holding its 8th Security Innovation Days, this time in a virtual format and extending from one to three half-days, on October 20th, 21st...
Alejandro Maroto Steps to move security solutions forward in the face of current world challenges Palo Alto Networks founder Nir Zuk recently addressed the Telefónica Global Security Summit with some thoughts to share on the direction of security and implications of the COVID-19 pandemic....
ElevenPaths Cybersecurity Weekly Briefing October 10-16 Coalition of IT Companies Tries to Eliminate TrickBot Botnet A technology business conglomerate including Microsoft, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec, have participated in the removal of...
Franco Piergallini Guida Thinking About Attacks on WAFs Based on Machine Learning One of the fundamental pieces for the correct implementation of machine and deep learning is data. This type of algorithm needs to consume, in some cases, a large amount...
Nacho Brihuega Zerologon, Patch or Die! Zerologon. If you are in the IT world and haven’t heard this name yet, you should be worried. Keep reading. Zerologon is possibly the vulnerability of this “special” year and...
