ElevenPaths further strengthens its reputation as a cybersecurity services provider

Tuesday, May 29, 2018

Security Day - Cybersecurity On Board imagen

Today was the fifth edition of the Security Day event, organized by ElevenPaths, the Telefónica Cybersecurity Unit, which took place in Madrid, under the slogan "Cybersecurity On Board". This important event brought together more than 400 people, and served as a framework to present the new technological integrations carried out with strategic partners, with the aim of helping companies to combat cyber-attacks against their technological infrastructures. The company's cybersecurity unit works to accompany its clients on their digital journeys, providing end-to-end protection and peace of mind.

#CyberSecurityPulse: Google's project to fight election attacks

social networks image On the night of the primary elections in May, the residents from the county Knox, Tennessee, did not know who had won for about an hour. They did not have access to the website which was following the county’s elections, as the page was blocked at 8pm when they had just closed the polls. The county IT director, Dick Moran, said that the website had seen “extremely unusual and heavy network traffic”. Their mayor asked for an investigation in regards to the attack, whose signs showed that it was most likely an attack by DDoS.

Expanding Neto capabilities: how to develop new analysis plugins

Monday, May 28, 2018

In previous posts we have introduced Neto as a browser extension analyzer. The first version we released, 0.5.x included a CLI, a JSON-RPC interface and could be used directly from your scripts. In the 0.6.x series we have gained stability and added some interesting features like the interactive console which makes the analyzer a tool to interact with. However, we have not yet discussed how we can extend Neto's functionality to suit our needs.

A system of plugins to gain flexibility

Despite the research needs that we may have from ElevenPaths, it may happen that other security analysts also want to carry out other tasks that we have not thought about. In order to make its use as flexible as possible, we have thought of a system of plugins that allows you to design your own modules. Remember at this point that we can always install the latest version from PyPI with:

$ pip3 install neto --user --upgrade

Analyzing browser extensions with Neto Console

Monday, May 21, 2018

Fifteen days ago we published the first version of Neto, our extensions analyzer in Github. It was published under a free license, also during this time we have worked on a series of features which allow the analysts to have a better interaction with each one of the tool’s uses, in addition to improving their settings. In this post we will see some of the new changes which we have included in this version whilst highlighting their interactive interface.

#CyberSecurityPulse: The eternal dispute: backdoors and national security

Wednesday, May 16, 2018

social networks image A bipartisan group of legislators from the house of representatives has introduced a piece of legistation which will prevent the federal government of the United States from demanding companies to design technology with backdoors to ensure law enforcement can have access to certain information. This bill represents a last effort from legislators in Congress to eliminate the battle between the federal officials in charge of making them comply to the law and the technology companies’ which are for the encryption. It reached a boiling point in 2015 when the FBI fought with Apple in regards to a blocked iPhone which was linked to the terrorist attack case in San Bernadino.

Technically analysing a SIEM… are your logs secure?

Monday, May 14, 2018

The SIEMs are usually utilized within highly secure of regulated environments, where regular log monitoring and analysis is required to search for security incidents. They help to make the web safer, even so, we question it a bit more; are the logs in our system infrastructure adequately protected? We are going to address this within this entry, by showing the minimum steps which you should take into account in order to secure a SIEM; using the particular investigation of Splunk as an example and case study, which is one of the most well-known SIEMs.

New report: Malware attacks Chilean banks and bypasses SmartScreen, by exploiting DLL Hijacking within popular software

Thursday, May 10, 2018

ElevenPaths has spotted an enhanced and evolving Brazilian banking trojan (probably coming from KL Kit,) through using a new technique to bypass the SmartScreen reputation system and avoid detection in Windows. It targets mainly Chilean banks, and this Trojan downloads legitimate programs and uses them as a "malware launcher" injecting itself inside, in order to take advantage of "dll hijacking" problems in the software. In this way, the malware can be launched "indirectly", and bypass the SmartScreen reputation system and even some antiviruses.

New tool: Neto, our Firefox, Chrome and Opera extensions analysis suite

Monday, May 7, 2018

In the innovation and laboratory area at ElevenPaths, we have created a new tool which is used to analyze browser extensions. It is a complete suite (also extensible with its own plugins) for the extensions analysis; it is easy to use and provides useful information about extension features of both Firefox and Chrome or Opera.

Neto herramienta imagen

You’ve got mail? You’ve got malware

Wednesday, May 2, 2018

You’ve got mail? You’ve got malware imagen
A few weeks ago I was ‘compromised’. A well-known vulnerability was exploited and I was left financially exposed, with my reputation potentially at risk. “What happened?” I hear you cry? Well, my debit card was cloned. Not necessarily the end of the world, but a big inconvenience.

Rogue transactions were credited back into my account, a new card issued and no real harm was done. But then the ‘payment declined’ messages started to occur. Certain services I use keep my card details on record for repeat use – my Amazon account, a razor blade subscription, eBay, etc. Basically anything that isn’t a Direct Debit or Standing Order. So it was whilst in this frame of mind – willingly adding new card details to various provider websites – that I was nearly caught out by something which could have been far more damaging.

#CyberSecurityPulse: Monero and EternalRomance, the perfect formula

Tuesday, May 1, 2018

social networks image Last year's release by ShadowBrokers about tools belonging to the National Security Agency continues to be a talking point. A new malware which utilizes the EternalRomance tool has appeared on the scene along with Monero-mining. According to the FortiGuard of Fortinet laboratory, the malicious code has been called PyRoMine as it was written in Python, and it has been discovered for the first time this month. The malware can download it as an executable compiled file with PyInstaller, thus, there is no need to install Python in the machine where PyRoMine will be run. Once installed, it silently steals CPU resources from the victims with the aim of obtaining Monero’s profits.