ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths Cybersecurity Weekly Briefing 30 May-5 June Security Breach in 8Belts vpnMentor researchers discovered in mid-April a data breach in the 8Belts language learning platform due to an improper configuration on an Amazon Web Services S3 bucket....
ElevenPaths Cybersecurity Weekly Briefing 13-19 June Ripple 20 Vulnerabilities in TCP/IP Software JSOF researchers have discovered 19 0-day vulnerabilities, collectively called Ripple 20, in the TCP/IP software library developed by Treck that would affect more than...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
Innovation and Laboratory Area in ElevenPaths New TheTHE Version with URLScan and MalwareBazaar Plugins The first time an IoC lay on your hands. Let’s say it is a hash, URL, IP or a suspicious domain. You need to know some basic information. Is...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths ElevenPaths Radio English #4 – Privacy and Personal Data Protection Privacy and personal data protection are two of the greatest concerns today due to the large amount of information leaking out to the media every day. Practically all big...
WhatsApp Terms and Conditions Update: A Cheeky Move?Carlos Ávila Diego Samuel Espitia 11 January, 2021 Surely by now many have already accepted the new terms and privacy policies without really knowing what they were about or their impact on the privacy of their data, and many others have even decided to switch to Telegram and start abandoning the green messenger… Why so much fuss about this new policy update? To explain briefly, with the acceptance (Figure 1) of this update of the conditions and privacy policy – mandatory from 8 February – you will allow your WhatsApp data to be shared with the rest of the Facebook services, which was optional a few years ago where the user could decide directly what to share and what not to share between the Facebook companies. Notification of update of conditions and privacy policy Users are talking a lot about this controversial topic because if you do not accept this update you will not be able to continue using the application. In recent days several articles have been written about these giving details, so we decided to focus this entry on what are the alternatives we have to the manifest intentions of Facebook on using our data. Considerations on acceptance of the new terms and conditions We are interested in analysing what will happen to users who accepted these new terms by mistake or in a hurry and want to revoke this acceptance, even if this means that on 8 February this year they will have to stop using the platform if they do not agree. Will they be able to do so? Is there any place where this acceptance can be revoked? The answer is currently simply NO. Nevertheless, we thought about verifying some actions that users might try to execute in order to reverse this “unconscious” acceptance, especially after reading so many articles or messages on Twitter about the subject, and we decided to start with the most obvious one: Search for an option in the account settings… of course there is no such option… The second option we thought was harder, to delete the user and then create it again or even load another user into the application and see if the policy acceptance sign appeared again. However, when running WA, the application takes the last update (version 2.20.206.24) and accepts the new policy. To be more incisive, the third option the user has is to uninstall the application completely and reinstall everything with previous versions from the official shop. However, when carrying out this procedure we verify that it is not possible to install a previous version since it is not available as an alternative in an official way (of course, if we already have the installer of a previous downloaded version or we download it from an unofficial shop, which we do not recommend, there we could install another version with the previous policy). More details It is also interesting to highlight that for the European community, the new privacy policy does not fully apply (sic), generating an exclusive policy for users resident in this area of the world and this is due to the GDPR regulations, which prevent both Facebook and any other company from sharing their users’ data with their other companies, or from being used for various interests, without the explicit and clear approval of the user involved. Thanks to this, WhatsApp users in the European community have now won the battle over the control of their privacy. In short, we can say that WhatsApp users who have already accepted the privacy policy, without reading or considering what it implies for the handling of their data, only have two options: Delete the account and leave this messaging service by migrating to another of the many similar services that have emerged in recent years. For those who choose this option, they can select from several services that have taken off recently.Continue with the use of this service taking into account that it is not possible to revoke the new privacy policy and accepting that your data will be shared among all the companies on Facebook, for purposes that as indicated in the policy are intended to “operate, provide, improve, understand, customize, support and promote our services“. Cyber Security Weekly Briefing January 2-846% Of the Main Spanish Websites Use Google Analytics Cookies Before the Consent Required by The Spanish Data Protection Agency (AEPD)
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...