#CyberSecurityPulse: The eternal dispute: backdoors and national security

Wednesday, May 16, 2018

social networks image A bipartisan group of legislators from the house of representatives has introduced a piece of legistation which will prevent the federal government of the United States from demanding companies to design technology with backdoors to ensure law enforcement can have access to certain information. This bill represents a last effort from legislators in Congress to eliminate the battle between the federal officials in charge of making them comply to the law and the technology companies’ which are for the encryption. It reached a boiling point in 2015 when the FBI fought with Apple in regards to a blocked iPhone which was linked to the terrorist attack case in San Bernadino.

Technically analysing a SIEM… are your logs secure?

Monday, May 14, 2018

The SIEMs are usually utilized within highly secure of regulated environments, where regular log monitoring and analysis is required to search for security incidents. They help to make the web safer, even so, we question it a bit more; are the logs in our system infrastructure adequately protected? We are going to address this within this entry, by showing the minimum steps which you should take into account in order to secure a SIEM; using the particular investigation of Splunk as an example and case study, which is one of the most well-known SIEMs.

New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software

Thursday, May 10, 2018

ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection in Windows. It targets mainly Chilean banks, and this Trojan downloads legitimate programs and uses them as a "malware launcher" injecting itself inside, in order to take advantage of "dll hijacking" problems in the software. In this way, the malware can be launched "indirectly", and bypass the SmartScreen reputation system and even some antiviruses.

New tool: Neto, our Firefox, Chrome and Opera extensions analysis suite

Monday, May 7, 2018

In the innovation and laboratory area at ElevenPaths, we have created a new tool which is used to analyze browser extensions. It is a complete suite (also extensible with its own plugins) for the extensions analysis; it is easy to use and provides useful information about extension features of both Firefox and Chrome or Opera.

Neto herramienta imagen

You’ve got mail? You’ve got malware

Wednesday, May 2, 2018

You’ve got mail? You’ve got malware imagen
A few weeks ago I was ‘compromised’. A well-known vulnerability was exploited and I was left financially exposed, with my reputation potentially at risk. “What happened?” I hear you cry? Well, my debit card was cloned. Not necessarily the end of the world, but a big inconvenience.

Rogue transactions were credited back into my account, a new card issued and no real harm was done. But then the ‘payment declined’ messages started to occur. Certain services I use keep my card details on record for repeat use – my Amazon account, a razor blade subscription, eBay, etc. Basically anything that isn’t a Direct Debit or Standing Order. So it was whilst in this frame of mind – willingly adding new card details to various provider websites – that I was nearly caught out by something which could have been far more damaging.

#CyberSecurityPulse: Monero and EternalRomance, the perfect formula

Tuesday, May 1, 2018

social networks image Last year's release by ShadowBrokers about tools belonging to the National Security Agency continues to be a talking point. A new malware which utilizes the EternalRomance tool has appeared on the scene along with Monero-mining. According to the FortiGuard of Fortinet laboratory, the malicious code has been called PyRoMine as it was written in Python, and it has been discovered for the first time this month. The malware can download it as an executable compiled file with PyInstaller, thus, there is no need to install Python in the machine where PyRoMine will be run. Once installed, it silently steals CPU resources from the victims with the aim of obtaining Monero’s profits.