Telefónica Tech Cyber Security Weekly Briefing, 13 – 17 June Hertzbleed. New side-channel attack on AMD and Intel processors Security researchers at several US universities have discovered a new side-channel attack affecting Intel and AMD processors, called Hertzbleed. What is remarkable...
Telefónica Tech Cyber Security Weekly Briefing, 6 – 10 June LockBit threatens Mandiant after linking them to Evil Corp The LockBit 2.0 ransomware group announced on its dark web publishing page afternoon, 6 May, the alleged compromise of cybersecurity firm...
Telefónica Tech Cyber Security Weekly Briefing, 28 May – 3 June Rapid evolution of the EnemyBot botnet Since its discovery last March by Securonix researchers, the botnet known as EnemyBot, focused on carrying out DDoS attacks, has continued to expand, thanks...
Telefónica Tech Cyber Security Weekly Briefing, 13–20 May VMware fixes critical vulnerabilities in several of its products VMware has issued a security advisory to fix a critical authentication bypass vulnerability affecting several of its products. Identified as CVE-2022-22972...
Telefónica Tech Cyber Security Weekly Briefing, 7–13 May Vulnerability in BIG-IP exploited to erase data On May 4th, F5 fixed, among others, a vulnerability affecting BIG-IP devices (CVE-2022-1388 CVSSv3 9.8), which could allow an unauthenticated attacker with network...
Telefónica Tech Cyber Security Weekly Briefing, 24 April – 6 May TLStorm 2 – Vulnerabilities in Aruba and Avaya switches Researchers at Armis have discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches....
Telefónica Tech Cyber Security Weekly Briefing 22–29 April New malicious RedLine distribution campaign Researchers at BitDefender have published a report on a new RedLine malware distribution campaign. According to the analysts, malicious actors are using the RIG Exploit...
Sergio de los Santos 0days in numbers: Chrome, Windows, Exchange… What are attackers and manufacturers looking for? Very interesting data from Google’s Project Zero, which tries to catalogue, find and disseminate 0days. They do not discover them directly, but “detect” them in any manufacturer when they...
Telefónica Tech Cyber Security Weekly Briefing 16–22 April Fodcha: new DDoS botnet 360netlab and CNCERT researchers have discovered a new botnet focused on conducting denial-of-service attacks, and which is rapidly spreading on the Internet. This new botnet has been...
Telefónica Tech Cyber Security Weekly Briefing 1–8 April Critical vulnerability in GitLab allows access to user accounts GitLab has released a security update that fixes a total of 17 vulnerabilities, including a critical vulnerability affecting both GitLab Community...
ElevenPaths ElevenPaths creates an addon to make Firefox compatible with Certificate Transparency Certificate Transparency will be mandatory in Chrome for new certificates in late 2017. This means that the webpages will show an alert if protected by certificates not present in...
Florence Broderick ElevenPaths Talks: The ISF Standard of Good Practice for Information Security REGISTER HERE! On Thursday, 19 May, our colleague Sebastian will give a speech about The ISF Standard of Good Practice for Information Security. The standard of good practice is...
Florence Broderick Mobile Connect winner of the 'Connected Life Awards' Mobile Connect is a multi-operator solution driven by GSMA for universal secure access. The user only needs to link their information to their mobile device solution to have quick...
Florence Broderick Quick and dirty script in Powershell to check certificate fingerprints Malware is using signed binaries to attack Windows systems. Malware needs it to get into the roots of the operative system. So attackers steal or create their own certificates....
Florence Broderick Heartbleed plugin for FOCA By now, everyone knows about Heartbleed. Just like we did for FaasT, we have created a plugin for FOCA (final version) one of our most downloaded tools. This plugin...
