ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
ElevenPaths Telefónica Invests in Nozomi Networks, a Leading Company in OT and IoT Security The investment reinforces an earlier joint services agreement with Nozomi Networks and ElevenPaths, Telefónica Tech’s cybersecurity company
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Monero says goodbye to the ASIC miners (at least for now) Last Friday, 6th April marked an important date for the community of Monero users and developers, as one of the cryptocurrencies led the defense of anonymity for its users. As already commented...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths How to forecast the future and reduce uncertainty thanks to Bayesian inference (I) Imagine that you come back home from San Francisco, just arrived from the RSA Conference. You are unpacking your suitcase, open the drawer where you store your underwear and…...
ElevenPaths Cybersecurity and Business: ElevenPaths at the RSA Conference 2020 We are back from the RSA Conference 2020, the year when the standard ‘humanization of technology’ has been set within the sector. We already predicted it last year with our commitment under...
Vendetta Group and the COVID-19 Phishing EmailsMiguel Ángel de Castro 15 June, 2020 In April 2020, a new player came on the cybercrime scene: the group called Vendetta. It has been observed that they are a prolific group focused on email campaigns mainly based on the Covid-19. Their targets are distributed all over the world and their attacks have been detected in countries such as Australia, Mexico, Egypt, Romania, Austria or China. Vendetta chooses targets from the technological, business and government sectors that handle sensitive information. They have showed remarkable skills during this phase, since they select and analyse their targets. Their standard attack procedure consists of sending malicious email attachments containing a malware that allows full control and theft of information from the victim’s system. The highly-accurate design of phishing emails, including details as well and a well-studied and targeted message, takes into account the global context on which the deception is based. The malware used is not entirely self-developed, but it contains commercial software as well. It is versatile and with a low detection rate thanks to the use of packers and final payloads in memory. Malware weapon installs access point (usually .NET samples) using unknown and known packers in multiple layers that injects different modular RATS in memory. Finally, malware enables the intruder to gain total control and persistent access to target network via C2C. This group also performs additional delivery using hacked websites and proprietary infrastructure. Vendetta Covid-19 Campaign We have analysed the campaign of attacks carried out by this group during the period 03-05-2020 to 09-05-2020 and within the Covid-19 context. Below, we describe the analysis of a phishing email attack impersonating the director of the Taiwanese CDC. As a result of the analysis, we discovered more than 134 malware samples, multiple URLs and domains with strong links related to the Vendetta group. Initial Discovery: Taiwan CDC Director Impersonation Attack The email was first analysed 2020-05-03T22:43:15 from Taiwan. Antivirus detections over the email were very low. As we can read in the mail, the letter appears to be signed by Chou Jih-haw, General Director of the Taiwan Centers for Disease Control and Prevention. Within the text we observe that it is an attack aiming citizens of Taiwan, given the language used and the content. They are urged to carry out a Covid-19 tests at a Taiwan Centers for Disease. Given the behaviour of this group when selecting their victims, it may be thought that it was targeted against the Taiwanese CDC itself. Translated the email, we can read: It must be noted the quality and attention to detail of the email, a characteristic feature of the Vendetta group that it is quite unusual in regular phishing campaigns, usually with typographical errors, grammar mistakes, etc. This proves how specifically the attack was targeting Taiwan CDC and the effort the Vendetta group made to perform its attacks. Within the attachments, we get a cdc.pdf.iso file containing the malware that the attackers used to infect the victims. TYPEINDICATORNAMEDESCRIPTIONSHA2560aa87ed22e193e1c6aa9944cf1b9e88ec4ae6a5b3f975e3fb72c0f5b06b864f21349628.emlEmail with malware attachmentSHA25651B0165FBA9CF8E0B7BFEBDC33E083ECC44D37CDBB15B5159B88B71E52B0255Bcdc.pdf.isoZipped file containing malware Malicious Content Analysis Once the malicious file cdc.pdf.iso has been decompressed, we obtain the file cdc.exe, a file developed in .NET and packed using an unknown packer. This threat is called RoboSki. As we can see in the following screenshot, the malware uses a section of the binary to hide other components used by this threat. This is a method commonly used by Vendetta for creating its threats. Once the sample is executed, the malware creates in memory a .DLL file containing a .png image, which in turn contains the shellcode encrypted in the pixels of the image. When the shellcode has been executed, the malware will drop in memory the next payload. We can see ReZer0 Malware, packed using Eazfuscator. After a series of memory dumps of different obfuscated payloads and after being unpacked and analysed, we concluded that the final payload contains the malware Nanocore RAT, as you can read on the project name. TYPEINDICATORNAMEDESCRIPTIONSHA2560aa87ed22e193e1c6aa9944cf1b9e88ec4ae6a5b3f975e3fb72c0f5b06b864f21349628.emlEmail with malware attachmentSHA25651B0165FBA9CF8E0B7BFEBDC33E083ECC44D37CDBB15B5159B88B71E52B0255Bcdc.pdf.isoZipped file containing malwareSHA256d5d3cf535b3313077956d5708225cf8029b039ed0652ee670ce25ea80d2b00c0Cdc.exe.NET packed PE file containing malware RoboSky attributed to Vendetta GroupSHA25619B5353BF8A69A64536C865A4890B69EE1DCD59445968E1CFD94C62E1A97B11ECdc.exe_unpacked.exeUnpacked .NET packed PE file containing Nanocore malwareIP172.111.188.199 C2C Links with Vendetta group The malicious attachment has been attributed to the Vendetta group due to the following factors: The tree attack observed to Vendetta group always includes the same pattern:High quality crafting phishing email.NET Malware RoboSki as first stage of malwareMemory observation of Rezer0 MalwareRezer0 drops in memory the next stage of the attack, in this case Nanocore RAT C2C IP: 172.111.188.199 used previously by this group.Pdb path that contains a username named Vendetta: Common resources in the samples used by this group. The project CxFlatUI (this project can be found on GitHub and belongs to “HuJinguang” user) is used by Vendetta group as code base to create their threats. As a result of the use of CxFlatUI project as code base, EXIF metadata with CompanyName and FileDescription values match with other samples belonging to this group: Analysis genetic malware database Intezer: It has been possible to identify genes and strings belonging to Vendetta group in the sample analysed. Performing the pivoting phase through the CompanyName, ProductDescription, extracted payload from memory, etc. it has been possible to detect 134 samples that could be directly related to Vendetta. The group used them initially (they have been seen for the first time) during the time range from the 3rd to the 9th May 2020. The tools used by the Vendetta group are tools such as Nanocore RAT, AgentTesla, Remcos and Formbook, ReZer0 but we can also find Azolurt, Warzone RAT (Ave Maria) or Hawkeye and also to some extent generic malware samples. They use different manual packers and known ones such as ConfuserEx, Eazfuscator, IntelliLock or iLProtector. The following picture shows the cluster graph resulting from the genetic analysis of the 134 samples related to Vendetta. We can see how this group uses of the different types of RATS that we have identified as belonging to the Vendetta arsenal. We found a sample that does not meet the usual pattern, since this time it is not an executable compiled using PE32 executable for MS Windows .Net. Instead we found a MZ for MS-DOS. The language detected in the resources of this binary includes UK English and US English, when generally that value is neutral in the samples analysed in .NET. As far as the certificate is concerned, there is a chain of certificates, but it ends in an unreliable root certificate. TYPEINDICATORNAMEDESCRIPTIONSHA256080ff06496d8b6b5e6307059e378ed7052e381a6f130d89385c778edf32ae996Vdnoenr.exePredator the ThiefSHA2569fbb3df3c9b58626be3f9e66e8b4abd811a8069839374ade15cc405eb3b4d816sr3S0CjtBE.exeVdnoenr.exe unpackedMUTEXcjF0OHM0 Mutex CreatedMUTEXIESQMMUTEX_0_208 Mutex CreatedDOMAINSbbc-news-uk1.space DNS Resolution We also found text strings related to AutoIt, a widely used trend to build the initial dropper for its anti-virus evasion features. “AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.” “AutoIt has detected the stack has become corrupt.” Once it has been analysed, we observe it has been packaged using mpress_packer 2.19 containing a large amount of the Predator the Thief malware code, a very versatile commercial infostealer both for its wide number of features and for its modular design. After the analysis of the communications made by the 134 related binaries, several indicators of compromise belonging to the Vendetta’s malicious infrastructure have been obtained. The complete list of associated indicators can be found in Annex 1. Conclusions After the analysis, we can conclude that the Vendetta group stands out, not so much for the use of very new pieces of malware, since they generally work with commercial products from the malware market, but rather they place special emphasis on the recognition and preparation phases. They select targets for specific campaigns, not addressing mass distribution and allowing the context used, in this case the one caused by the Covid-19, to play in their favour. They prepare emails with great attention to the details and care, both visually and in terms of the content, using different languages and with a tone of urgency and authority that undoubtedly increases the chances of success in this type of attack. Annex 1: IOC related to Vendetta group bcaf5698e3d5291c284e0ea40deec27e69c4942049f1c90a4e334e066485dfa9b2bccd13743ac9153a8b731af82d6b19fa7395dd16596a3b5f783f1092419c3a92632fa88b730e2593837c7d51884384dcf8c887fd4b8d3cc6741d12ae9cd347c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a147e92a20eaa350aef112cd3110af132aa9667af4e8eb90d345d4b7da8cea95cb26960e8083466e40ebbfcc6dfe93c4080a516d6260e1a2900ce7649fc44442ec315112980543e9046f7b3167586d3a5ba25734aac85679542adaca7867f3ef7713c780c42db40b3456b797e578c889f19a915441a428277aaa8235dfecd014220eb672944019e3a3520f9c3bac67acbfff3700fa27aec05bfe96129a77b6437bbf20efcdbae1950b49b4f121f17baee19a5d638983e96a954bd6e602fb35b160f525a06128b217d0081ee6d81a2d2fe04e9ecd20cf0e0fa7c99aaa9ed83154df4f76522a5a1a8f056d53bfea97293f503b6bc703cf37ff60dd8b47f47ecaaaadcaf6aed333996a431610306d24a90e7bb27035cdeb93901c1e1b00626877e78736d65eea1acec603391ea9dc50b880c83a1ef4de69cdc6649e79dab9eeea39212025c0f03e21ce62c476f6d5a95d3de80ef8ad59fc3a552550d0c9e927458e442e7b0bc64037556ec415d6f869b09205a85d746550ad196c07d4be7ae7391552fdeeae131f4bc6dd0fb7e2ebdcc379fadf314203f0de0e2b1e4a90aabf20b1f1eda6158b488a4f6635255b406b59933d4dc6877e1cac1bb85e1d9bfd9cd7f62e4bb158234319609a3d891e08f7ae6d6deee7fac7138639a8954dae5f281eea890a9045fefcc8463e698c79a594247fa002b0badf6846b200eef6a8bf47ca53d170914b423f415bdf562a5ee3eff48808d4b0731013bcdf870bfdf2bcded8caa8e9d9d8dfe961ede4406310aefed0eab63e52f29ad2c557eed012e298e644a43e67f30ee8be83b021b5ba3ebe65e610fc1a50ce3f3cb1c081f62ada165d841867f84806700f99b46ccda77e5a87922e88cb5bf5694624455cc040324524a6f866e53e6f7bd88850c3771be189fb16601e0f2bcbf6f80a7baa7990bbc77e28491d65c09f664bfd72f66e988c6a83bb29f94ab3c22968f76977f3d30500848f6213e7e66fbf0442436122d17de23a4ff3b217edd9111c97eec4e05e22b2fe72046123d231401b30d6f5ea191832456133eba46c1d77ac5717ee4a3abe050f1664bcd41beb4d2b564bf1a91656755247e37487c7dd24d22cae84c9de2428535c7c09a09ddc92cdd2f9ef6f019b075c62ea781778ac50850b5c79dc9f5a000a2da8b148cadfe967abcc303b8deecbbb030efd3ee9b49424246b8975f8f7e54ae2c36f37fbb193f6ba57d318e7f5333fa7870282de9b3322e024c65d89977d2ec594c0360c343788f8fe1ec3e57514ee4ced37503c9271741ce3688afe5086135f8f07e9657bb8f4920565b2cbdc1add6d78026fc4e8047632ba077463e5991e105ee60ad4364f4a6c17082d929b810116a71e6730ed7ad0ca750624976b043f044994203720a4d4d988958a592e89d937e987e95fe7d8b7417a70d88ff62c5dbd77be64c94e34a8b4174fe920c0968019f46574d172bc270a424d66a80295694a7d7060a16518824101a132d9816abde0b03fec08b29beb9415c217ec0e1f2cf779320edc5b15578c2714fd64a6577a5bd1fbbb13434dc2e900e3b7c5685372060500eb506623215bfd28e3f1b9f7f34b0fc254b0a2fe8a91f5cd0a62f26bd7391691a1025e072db46f1c469e3d9758147a97a57bc33da3ab2c0e2d93c52759176bf73521003fe09aecd04a3b01d252a3c49037c35c188c8a19624fe6367a6f2cc00539900a999853a6783c7e700987248efd3307604d5ca3cc4bdc3e69cf3489e068fae14da82a6d0df4b14d205e91bb068cb57c79c8267b8a50fc12a07da395b500b44ede8d91f14918ec469990ff81f496d85fed73b744f317928f1bfb92463d1766f2988c9aae96c380e1628fefdd981c84ce9cf7fbbdd8dc03c365377443c2c286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785d5f347be26d404ab0fb1ea2eb8b2d4d3fd308306952129c871e03bd916818c8de30672336261f66449f9e3e1f7e4fd6ba381e6046cdb5c9ba0088c576aca51761d748a0cc73a641e1d10a372a2f47901527f759cbe540109068323315a2f63c0d5d3cf535b3313077956d5708225cf8029b039ed0652ee670ce25ea80d2b00c0219760dead477932b0a969b38ecc8d7ee41b2da4de72f32700f905cd705c340ff4ad5a582c73b80900d35c87421f1d6076cd4fe994b65417223aedaab76b806e2f9b92ba539de2cd1fdd35725fb144f72e4809d9c43dd79a6e2fb403ea07001c774cabba771d38532276d09fea65d562a9eac297737d74e937695877d21f19585a67dee45b2e60de47e22739c8be8614f31cdb4acbaf554f37d06ea41ddd876297b8bdb2c3d831301d68b883fea274703bd497462caa192f6a09130a0f42d10c201aab86deb0b609b895f6934d5a87b56384cdf01dbfce5e5bb2e970f91bb9194e59193170ad7a1da7d91bea0028bb8107a3a305cd91a353822e23924ceda25b2a07d219f5444c0bdf0942f2157f623efc400dcba8594d3eafa2f5dc0fd5836b5521ef291f90c10acfd6e796a6ad2cb099a14da80bd09c6e8ffe0710c8eb547cf57374520bfbf5f5afbbfe8c8cf762f95e05cf050fe959d731d49b77f4776cbae2d6119bb484c9e5f5a7107b4687553416208badbb881df4328bec5146d085090598b4ce2460676755245bad49490a9c94ae85a074c2242adfa65c52b0ad37963eeedb9932e7f8b09dfb11dd48a50cb473ec777e1c7d0cf1ce6c21623e86549ad6a03be138abc31b13e2c70092dfd8ee73e59a52c5881fe2ac477f9c9cec539ee16ba0ace7b0abc8bf1cd0d89ecb591ce94210cb2192196a756fe1c554e03d62705e6b3291082ab445e179e9e65464f3d7809f266ca5644707f67b59c531ab433996059fe34930b9d9f584bda6d7e784a2295ae3d988255e97857b9928b5c955424ffe0e02a6f89682d55c7e051538705a067dbb87ad5daa9379ac70593da268016b1bc90d2a25f17ae03f0a29bf8297dfd33fd718e02e318f4a64d192fceb605de3d93e65bc78582772de69a6663ccef69fa056f9cf7fe44cd3011d03104b59af9ff2feb141ada2c8ca807fb12326dcb0d377d372d13955c33ca6aef378b387d3ccfc7eefe685bc703f2975cde7560c851f7e28f8fac127baf54b24ede4ca91199528b69b42d1af70f525973be5e53bcd16c19b39a117cfaa27ba1a515723f8b3347d03d6ab008c67cb3c819b545ea82fd5d0eb8e92050af7daebb35c803ad45a0e68a086ea94b7601121e52f03bb29faab5d1da95ced80a11218034e8d294401c7dd686988aded4a1730159eaaa2f4ecfb9f53dc93a3f9ba0503b7698aa4542ae8f7e54b2c1568faa2071facfbab5f1f66e77cca38fd755c66c56f048abab37f98aba8439fcc1f2b54cbb1a12f1a8f4752d65e0fb8ee7fbdd206e2f0db5b996c22a397528ff1fe394044d94134af1d81ab8ef5ce82dd65283586ac6d9319c0d79ff402299dcf2d71c104beb763f0e3893eb857622cc07d8969aa08541950f915b7b01be91b632db911f41473c68e5d3d1e705f1738214aa2827b8f6b060b87cf27ba547b3b778e771324406fd4e95b992a1664826d179cf7af0d4f8dd1bc0a43ca549fc5b4e817a872ea9d53f1a17949a7a2d80d67a2b2f37907b021da818ba563a898ce1c8dcac374ef8a468e39a185ca3b010f1a41b60731a7beac23f8464c886afcf091e440b12ade502e4b8dcd2e9995cb2c10d7c0f8fd16e736d6fca62e268914ba79bc7c7ac43a39b6dc463d56e32f6e43ff8cfb4aa19e43aefd8ffb3363075fd1a09ada8858a47b099c702028f26705c5967633ee92f341817db3b314e7b4f4f4e98ecb3aad0e67857b3fbbca1d314ecdaa0b1aab122e1d97954977eddcaacc8947b326dd6998c90175846c76375ee953074668354ac72dba27ffdff9155082e1d12e318287a25bb73036feab7c75b7f0c3c1c30f457cbecaf9763a388b67c9e243a4156343e3f2c6b640df04f1803a2eed2b66ff88ee698e34888044e50aaa49e93786e5e228983b0b1daddf8ad88baacc627e7667ea749d64cdfe5b6b8e78568b828610d9d85128e14e34938614f7fc2885569995834678da14b2fe376b2372b224037d4ab183527213a3731e8a141a74cbdabd1c00eb52da6323cd9b154f848a6f37a110de136034cbf5190600da5687bb6259f19addf2e2759a82d3edc9ad7ba25feca5ef08641b0f030d92faa5dec17f3148e062b727a0240cb590b1181625df5cc62b8716449c07faf158411381babca4d22988c5d852aafabacaaa40e0f3b6cba3fc498dfbd6f2d198a767453cd8513acdbafa9fefaeed2ac1b451ce8ae3ab62b5cdfd52793c5cf4e57efbc39012c4139d1b8958b202f6d1895225b53f54d122a60d52a692acfe09a4fb64fbc2bea01746d2ec3f12e3a5640627b6c0e68d720dbeafde9231c6a2a1652a7c6e1d7b8816fc8c829e793c084726ff94fc13fe6281062a8b36abed5e25e350dd441a31b8acc910292fd67c48056ff9969b0b9d452a37be71de3c3cb1773a4ce604068bdb715ee3f2742d0e389867669c698454edaee7a64ddeb26eea619e2946939a4d71b5299b9fef7c4252a1f3eb876bdd52d2f6fb8a8dfe28fcff50129a1fd88f76b3e99c500357c36ff862bb8510a80af2965bdca1fdb2218ebfaa2a72402c0b767c3fde6b7807baa647b50756d1e1046fc633cd6796b320ba230db24e73c238c7ceb4dd20096ff366502b246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a04e4b0f2b45295ae88dc7cd1e2846788f54a22905bf6cf289519f609e41dda2a4eceba2e6a2c1be781eaa0dd185fae4061a47c5cda10934672723f9ce06332ff47b5e89ca46752ad31a046d9b1ef6ab2ceb8289e1dcf8c68556df0a2b27f8acb1230768a8b1c1a0f8ee13a9d91a67742f3c0dac9d1bb5218a59362b6ddfd072845456f58b7112cbc0cccb10f8da3b6edb96712a08dfc09729aad2f60bd62be4fc28240d3260b1ea8df33747d3d6c9be6685f83dbc4c40d6c90b2622054dd79b4b38540db35f6786084fa896cb52297141625d5e8da335e8b539fda1683cda5f86a9d9dd9c8a720a43790c0218adfc255ef41a3b5f1be8b1e0d0e9931a2422549347dcbf01785cbe9d614186a2fa97706470ef31008ce7d09f2bbcae8d96c073f02656b3ff415a282bab5d844689e62e93e2f6ff089529bda9377bbb58cce1788059674d38de995cca06bb45e523d6c080eae1d717ec632932d28c0dd648b1086dd3db87b88e8b020f212e9707d8efb3888eccf436fd30658966e6db0e90e46f047dac4a54cfc927b195a3b35b031b7653622dc95706324122e39c6ed1f17672590245bb4c69fc027f53b3f5c41ed13a515a81c9b0bb12700df6688554ce248d70d4d23638d8c40ac1f052c82c4302aa3403378afdb65cab1bc582396c2ae7757a32ae82bfe98d50ecd5d6a7267854c8e09f353c980d4bd526de6128202b884cb2080ff06496d8b6b5e6307059e378ed7052e381a6f130d89385c778edf32ae9964791a5bcad2a0ea8e525bf24dc5c480ead507f0a888b31134fc26799167a2f941745870e72b522d26907dd2a6b9005804bf5aa390df6cc9cac32d3cd1d118cfc795f59666238d3e1d5ae55f2f43b4b85e040488444865f23f3d3d43b264512031cadbfc60a4a24b71e3024cec9bcb7a451f6dc2ac61f714e060925e927e41d2d1c964f7b4a1f588cab0f3a68eb987905b9d5b4d3121db07af0e26b291db6f1b70513703f3cdd9baff067432764336311825131de68252c8e20392e08e55c15f7 Interpretation and Evolution of MITRE ATT&CK: More “Horizontal” Coverage Doesn’t Mean Better ProtectionTelefonica’s ElevenPaths Expands its Collaboration with Fortinet to Improve Industrial Sector Security
ElevenPaths Cybersecurity Weekly Briefing August 1-7 Database of +900 Pulse Secure VPN Enterprise Servers An underground forum post has been detected showing the existence of a database containing data collected on more than 900 Pulse Secure...
ElevenPaths ElevenPaths Radio English #2 – Secure Homeworking It is increasingly common to see companies that offer their workers the possibility of working from home, combining it with work from the office, and even companies that are...
ElevenPaths ElevenPaths Joins OpenSSF to Enhance Open Source Software Security This new Open Source Security Foundation (OpenSSF) brings together leading technology companies such as Microsoft, Google, Red Hat and IBM, among others.It combines efforts from the Core Infrastructure Initiative,...
Innovation and Laboratory Area in ElevenPaths ClipBanker Malware Tries to Stop Our Defence Tool CryptoClipWatcher The malware capable of modifying the clipboard to “switch” the crypto wallet still exists. To fight it, ElevenPaths developed CryptoClipWatcher, a tool that monitors the clipboard and alerts if...
Gabriel Bergel Cybersecurity and Pandemic (I): People Cybersecurity is even more important in these times of pandemic and increasing cyberattacks, yes, but in addition to being a business focus at the corporate level, it must also...
ElevenPaths Cybersecurity Weekly Briefing July 25-31 BootHole: Vulnerability in GRUB2 Eclypsium researchers have discovered a buffer overflow vulnerability in the GRUB2 bootloader that could be used to execute arbitrary code during the boot process. It has...
