Skip to content
Think Big
Countries / Global
  • Global
  • España
  • Ecuador
  • Español
  • Portugues
  • IoT
    • Drones in Precision Farming Telefónica Tech was Present at Advanced Factories 2021 With Its Proposal For The Industrial Sector
  • Big Data
    • Millennials want to use data for social good, but will privacy stop them? Join us for the first Big Data for Social Good in Action event
  • Cybersecurity
    • Anti-Coronavirus Cryptography Cyber Security Weekly Briefing January 2-8
Think Big / Business
  • AI of Things
  • Cloud
  • Cybersecurity
  • Blockchain

Vulnerabilities

Detected an extension in Chrome Web Store, active from February, that steals credit cards
ElevenPaths

Detected an extension in Chrome Web Store, active from February, that steals credit cards

We have detected an extension for Google Chrome, still active, that steals data from web site forms visited by the victims. This extension, which is still available on Chrome...
ElevenPaths

m33tfinder: a vulnerability on Cisco Meeting Server detected by ElevenPaths

On November 7th, while we were holding our Security Innovation Day, Cisco published a security advisory with CVE-2018-15446 associated to a vulnerability on the software Cisco Meeting Server reported by our Innovation and Labs...
ElevenPaths

You are less rational than you think when you take decisions under uncertain conditions

I propose you the following game of luck:   Option A: I give 1,000 € to you with a probability of 100%. Option B: Let’s leave it to heads or tails: if...
ElevenPaths

A story about two minds: the vast difference between real and perceived risk

“In our society it is generally not considered justifiable to make a decision purely on an emotional response. We want to be considered scientific and rational, so we come up with...
ElevenPaths

You’ve got mail? You’ve got malware

A few weeks ago I was ‘compromised’. A well-known vulnerability was exploited and I was left financially exposed, with my reputation potentially at risk. “What happened?” I hear you...
Florence Broderick

Studying the trojan apps for Android used in Hacking Team leak

Between the information leaked these days about #HackingTeam, several trojan Android APK files have been found. A first approach with Tacyt shows interesting relations with legitimate apps, the ones leaked a...
Florence Broderick

Faast already detects "Logjam": Imperfect Forward Secrecy

Faast teams have been working all day long to add a new plugin to our list of detected vulnerabilities. There has been found a new security problem in TLS...
Florence Broderick

ElevenPaths finds a XSS problem in Play Framework

Play Framework is defined as “The high velocity Web Framemork for Java and Scala”. We use it internally in some of our products. Ricardo Martín from our QA team...
Florence Broderick

5.500 apps potentially vulnerable to Man in the Middle attacks in Google Play

It has been discovered than AppsGeyser, an app creator “with just a few clicks”, deactivates the SSL certificate validation in its apps. An attacker on the same network as...
Florence Broderick

PhpMyAdmin fixes a XSS detected by ElevenPaths (CVE-2014-9219)

On November 28th, while our Faast team was developing an intrusion module for PhpMyAdmin MySQL manager, we detected a new cross site scripting vulnerability not known so far in this...

Navegación de entradas

Previous articles
1 … 21 22 23
More articles
  • Telefónica Tech

Popular

Innovation Marketing Team
Partnerships that escalate entrepreneurship and innovate the corporation: Ten Wayra startups that do business with Vivo
With 10 years of operations, Wayra has transformed the entrepreneurial ecosystem in Brazil and worldwide. Since its launch in 2011, when it was created to support entrepreneurship, Wayra has...
Florence Broderick
Quick and dirty script in Powershell to check certificate fingerprints
Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick
How to bypass antiXSS filter in Chrome and Safari (discovered by ElevenPaths)
Modern browsers usually have an antiXSS filter, that protects users from some of the consequences of this kind of attacks. Normally, they block cross site scripting execution, so the...
Florence Broderick
How does blacklisting work in Java and how to take advantage of it (using whitelisting)
Oracle has introduced the notion of whitelisting in its latest version of Java 7 update 40. That is a great step ahead (taken too late) in security for this...
Florence Broderick
Showing certificate chain without validating with Windows "certificate store" (C#)
Java has its own independent certificate store. If you wish to view natively in Windows a certificate extracted from an APK or JAR file Windows may not find the...
Think Big
  • Facebook de Telefónica
  • Linkedin de Telefónica
  • Twitter de Telefónica
  • Canal YouTube Telefónica

© Telefónica S.A.

    • Cookies Policy
    • Privacy Policy
    • Accesibility
    • Cookies configuration