Managed Detection & Response: Prevention is Not Enough, You Need to Become Cyber-Resilient

Thursday, January 25, 2018

Managed Detection & Response cybersecurity imagen
You want your organization to be cyber-resilient but you have no means?

You have advanced security solutions in place, but you lack skilled staff trained to take advantage of them?

You are unable to detect and respond to a security breach and you fear the consequences for your business of the NIS and GDPR legislation?

If you are concerned about these issues, we are also concerned, and that is why we have been working with our skilled analysts, Test Lab and Strategic Partners strive to offer our customers a Managed Detection and Response service beyond the traditional approaches.

Tackling Cybercrime: Three Recommendations for 2018

Wednesday, January 24, 2018

Tackling Cybercrime: Three Recommendations for 2018 cybersecurity imagen

In 2017 we saw ransomware variants such as Wannacry wreak havoc across computer networks in the UK. Not only were these variants of malware almost impossible to remove from computers without causing data loss but they caused real damage – we saw awful scenes when hospitals and doctors’ surgeries had to close their doors as a result.  We know in 2016 the UK cost of cybercrime was estimated at around £29 billion and in 2017 we saw a 22% growth on that figure. It’s clear the problem is not going away anytime soon.

#CyberSecurityPulse: Guess Riddle... How Is Information Stored In a Bitcoin Address?

Tuesday, January 23, 2018

As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80 bytes) that is usually used to timestamp information taking advantage of the fact that the Bitcoin network is distributed and replicated throughout the network. Numerous projects are used to create use cases to certify that something has happened as the Proof of Existence project, validate academic certificates or even publish the orders to execute the infected nodes inside a botnet. However, did you know what was the technique used before 2013 to store information in the blockchain?

In this sense, the Bitcoin addresses were used (and still are used). At the end, an address does not stop being a text string encoded in Base58Check that contains useful data of up to 20 bytes in length relative to the hash of the public key associated with the address. Knowing this, small quantities were sent to these arbitrarily generated addresses, and therefore, no known private key. This has the consequence that the balance sent to those addresses for which the private key is not available will not be able to be spent, but at least it guaranteed that the operations will be stored in the chain of blocks.

#CyberSecurityPulse: The Transparent Resolution of Vulnerabilities Is Everyone's Business

Monday, January 8, 2018

The new year has started with a story that has taken the covers of specialized and generalist media all around the world. The vulnerabilities named as Meltdown and Spectre have put on the table that even aspects that we took for granted as the architecture of the hardware that makes operate almost all of our systems is likely to have to be reinvented. The correction of this type of failures in the future should be put to the test with new designs that prevent them, but until these new systems go on the market it is necessary to find contingency software solutions that mitigate the problem in the meantime.

The different operating systems have tried to deal with a vulnerability that was notified to several operating systems security teams on November 9, 2017. In fact, the proofs of concept included in the Meltdown paper are made on Firefox 56, which was the current stable version until the arrival of Firefox Quantum (version 57) on November 14 of that same month. According to the managers of Canonical, the company responsible for the development and maintenance of Ubuntu, this date is important providing that this was used on November 20 as a reference to establish a consensus about January 9, 2018 as the date for the publication of the details of the vulnerability by its authors.