Clik here to view.
Un informático en el lado del mal: SmartContrats en Blockchain: Webinar ya en...
Durante este mes, en ElevenPaths hemos tenido una sesión de nuestras ElevenPaths Talks dedicada a los SmartContracts de BlockChain. En dicho seminario, de casi una hora de duración, nuestro equipo de...
View ArticleClik here to view.
/dev/random: [SANS ISC] Malware Distributed via .slk Files
I published the following diary on isc.sans.org: “Malware Distributed via .slk Files“:Attackers are always trying to find new ways to infect computers by luring not only potential victims but also...
View ArticleClik here to view.
AlienVault Blogs: Should the US have Its Own GDPR and Other Questions...
Privacy has always had a degree of overlap with security, however, recent years has increased the dependency each has on the other. Be that with regards to protecting individual information, the use of...
View ArticleClik here to view.
ArsTechnica: Security Content: New speculative-execution vulnerability...
Intel Skylake die shot. (credit: Intel)A new attack that uses processors' speculative-execution capabilities to leak data, named Speculative Store Bypass (SSB), has been published after being...
View ArticleClik here to view.
/dev/random: The Evil Mouse Project
In March during TROOPERS’18, I discovered a very nice tiny device developed by Luca Bongiorni (see my wrap-up here): The WiFi HID Injector. Just to resume what’s behind this name, we have a small USB...
View ArticleHex blog: Deobfuscating xor’ed strings
A few days ago a customer sent us a sample file. The code he sent us was using a very simple technique to obfuscate string constants by building them on the fly and using ‘xor’ to hide the string...
View ArticleClik here to view.
Darknet - The Darkside: Acunetix v12 – More Comprehensive More Accurate & 2x...
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely...
View ArticleFortinet FortiGuard Blog: I’ve Got Trickbot Under My Screen
FortiGuard Labs spotted yet another new module being distributed by the very active Trickbot banking malware using a technique called “Hidden VNC” (virtual network computer) to stealthily take control...
View ArticleFortinet FortiGuard Blog: Defending Against the New VPNFilter Botnet
A newly reported botnet named VPNFilter targets SCADA/ICS environments by monitoring MODBUS SCADA protocols and exfiltrating website credentials.
View ArticleFortinet FortiGuard Blog: Buffer Overflow Attack Targeting Microsoft IIS 6.0...
FortiGuard Labs has been documenting a spike in new attacks targeting a buffer overflow vulnerability in the WebDAV service in Microsoft IIS 6.0, peaking on Apr 13, 2018 when we logged over 4 million...
View ArticleClik here to view.
AlienVault Blogs: A CISO Perspective on GDPR
There’s much talk about the General Data Privacy Regulation (GDPR) taking effect on May 25 and its impact on US companies with European operations. As more and more information has been collected...
View ArticleClik here to view.
Cisco Talos: New VPNFilter malware targets at least 500K networking devices...
IntroFor several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated...
View ArticleClik here to view.
Un informático en el lado del mal: Air Profiling: Cómo perfilar usuarios por...
Hoy mismo ha tenido lugar el webinar que hemos hecho en ElevenPaths dentro de nuestra serie de CodeTalks For Developers sobre Air Profiling, una Prueba de Concepto que explica cómo se pueden hacer...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Hello everyone, I'm currently seeking a investor contact regarding an upcoming security project? I can be reached at dancho.danchev@hush.com Enjoy!
View ArticleClik here to view.
SANS Internet Storm Center, InfoCON: green: 
Threat Hunting &...
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho Man" Savage said many things in his day, in his own special way,...
View ArticleClik here to view.
/dev/random: [SANS ISC] “Blocked” Does Not Mean “Forget It”
I published the following diary on isc.sans.org: “Blocked Does Not Mean Forget It“:Today, organisations are facing regular waves of attacks which are targeted… or not. We deploy tons of security...
View ArticleClik here to view.
AlienVault Blogs: Leading MSSP Delta Risk Shares Benefits of Being “Powered...
Joel Gridley, Chief Analyst with Delta Risk, contributed to this blog. Delta Risk’s managed security services (MSS), known as ActiveEye, use AlienVault USM to help our security operations center (SOC)...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, it's been several years since I last posted a quality update following my disappearance in 2010. I wanted to take the time and thank everyone including researchers and colleagues who...
View ArticleClik here to view.
Un informático en el lado del mal: Latch Cloud TOTP en Facebook sin SMS ni...
Ayer mismo Facebook anunciaba en su blog corporativo que han modificado el funcionamiento del Segundo Factor de Autenticación en sus sistemas. Hasta el momento, tal y como os habíamos explicado en un...
View Article