Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Diego Samuel Espitia Business Continuity Plan: From Paper to Action How many Business Continuity Plans considered a global pandemic among the possible causes of business blockage?
Diego Samuel Espitia Using Development Libraries to Deploy Malware Cybercriminals seek strategies to achieve their objectives: in some cases, it is users’ information; in others, connections; sometimes they generate networks of computers under their control (botnets), etc. Any...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
Innovation and Laboratory Area in ElevenPaths Most Software Handling Files Overlooks SmartScreen in Windows We analyse how this protection component of Windows Defender works with downloaded files.
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths Cybersecurity Weekly Briefing July 4-10 RCE Vulnerability in F5’s BIG-IP (CVE-2020-5902) Last Wednesday a new critical Remote Code Execution vulnerability (CVE-2020-5902 CVSSv3 10) was published for F5’s Traffic Management User Interface (TMUI). This vulnerability allows...
ElevenPaths You are less rational than you think when you take decisions under uncertain conditions I propose you the following game of luck: Option A: I give 1,000 € to you with a probability of 100%. Option B: Let’s leave it to heads or tails: if...
Winner of the #EquinoxRoom111 ContestInnovation and Laboratory Area in ElevenPaths 2 June, 2020 We already have a winner of TheTHE‘s plugin contest. What is TheTHE? This is our collaborative IoC analysis and research all-in-one tool. TheTHE is a simple, shareable, expandable and team-focused Threat Hunting environment. Anyone can develop a plugin to increase the capabilities of this tool, and now we have more and better plugins thanks to those who took part in our #EquinoxRoom111 contest. What is TheTHE for? A given IoC comes to your hands, for instance a hash, URL, IP or suspicious domain. You need to find out some basic information: Is it malware? Is it in any repository? Since when? Whois? Source country? Is it in pastebin? You start to open tabs, enter passwords in the different services and launch queries. Hopefully, you have an API shared with a co-worker and, after checking several systems, you open a TXT to recopy the data to the intelligence platform. Your co-worker, who you share those APIs and passwords with but who is on your computer elsewhere in the world, does the same because the same IoC has also reached his or her hands. This is over with TheTHE. Contest Winner The winner is Santiago Rocha, who has developed a plugin for TheTHE that connects to our sandbox and intelligence service Dinoflux. The information added by Dinoflux to any IoC is very rich, since it is based on the detonation and cross enrichment of the samples. Thanks to Santiago’s plugin we will be able to gather more and better information about the analyses performed on the binaries. Although it is also possible to apply any type of IoC, such as an IP address, and check if it is connected to any malware. Congrats, Santiago! As we already posted, all the other plugins received will be included in TheTHE’s GitHub. Thank you all very much for your participation. Developing a Tool to Decrypt VCryptor Ransomware (Available on NoMoreRansom.org)The Security behind Apple’s and Google’s API for Tracing COVID-19 Infections
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...