Archivos mensuales: septiembre 2023

Exim has multiple critical vulnerabilities, including CVE-2023-4863, that allow attackers to run code on affected systems without authentication. Multiple vulnerabilities, one of them critical, have been revealed that affect the Exim software solution. Among the different consequences that could result from the exploitation of these vulnerabilities are remote code execution and the disclosure of sensitive information. The most critical is CVE-2023-42115, which allows remote execution over the network without authentication. Exim is a message transfer agent (MTA) developed by the University of Cambridge for use on Unix systems connected to the internet. It is an open-source software widely used as [...]

Detecting and mitigating Bluetooth vulnerabilities in smart locks is critical to securing these IoT devices A smart lock is an IoT device that facilitates access by opening a door without the need for a physical key. In this second part of the analysis of a smart lock, we will focus on evaluating Bluetooth communications. We analyze the security of Bluetooth and the communications of a Yale Linus smart lock and tell you about the identified security problems. The importance of evaluating this mechanism lies in the fact that the smart lock we are analyzing is controlled from a mobile phone [...]

We evaluate the hardware security level of the smart locks, disassembling one and analyzing the elements that make it up We got our hands on a Yale Linus smart lock, one that you can operate from your smartphone, so we thought it was an excellent opportunity to practice many of the hardware hacking concepts and IoT security testing methodologies we have seen here in the past. Over the following few articles, we will walk through the security assessment process of smart locks and tell you our conclusions. Obtaining information for hardware analysis of smart locks The existence of design flaws [...]

En la era de la digitalización, las ciudades están evolucionando rápidamente hacia modelos más inteligentes y sostenibles. Descubre cómo las innovaciones en alumbrado, conectividad y gestión de residuos están transformando nuestro entorno urbano para un futuro más brillante y eficiente.   Descubre cómo podemos implantar estas soluciones en tu ciudad     1.- Alumbrado inteligente y seguridad   Las ciudades modernas están adoptando sistemas de alumbrado inteligente que se adaptan al entorno. Estos sistemas detectan automáticamente la presencia de peatones o ciclistas y ajustan la intensidad de la luz según sea necesario. Además, pueden alertar a los conductores sobre peatones [...]

The vulnerability CVE-2023-4863 is found in the open source Libwebp library and affects browsers such as Mozilla, Chrome and Edge On September 6th, 2023 Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at the University of Toronto reported a critical vulnerability affecting an image compression library used in Chromium and other software solutions that support WebP images. WebP is an image format that offers superior lossless and lossy compression for images on the Web. Thanks to WebP, developers and webmasters have the ability to generate more compact, high-quality images, which leads to a significant improvement in the loading [...]

ENISA has developed a framework to help companies implement the best practices in cybersecurity for AI The company Worldcoin, created by the founder of ChatGPT, has made an AI system designed to differentiate humans from robots once Artificial Intelligence becomes ubiquitous. A question long imagined by literature or audiovisual culture and which is becoming more and more real every day. To do so, they need to scan people’s eyeballs. This news shows that Artificial Intelligence systems already have enormous data on citizens and companies. Therefore, companies developing AI systems and their suppliers must implement good AI cybersecurity practices to prevent [...]

OWASP has published a ranking of the top vulnerabilities in LLM applications to help companies strengthen the security of generative AI If one technology has captured the public’s attention so far this year, it is undoubtedly LLM applications. These systems use Large Language Models (LLMs) and complex learning algorithms to understand and generate human language. ChatGPT, OpenAI’s proprietary text-generative AI, is the most famous of these applications, but dozens of LLM applications are already on the market. In the wake of the rise of these AIs, OWASP has just published version 1 of its Top 10 LLM application vulnerabilities. This [...]

Artificial Intelligence is set to revolutionize our economy and way of life. But… What are the AI security risks? What literature or movies raised as a possibility for decades has become today, a tangible reality. Artificial Intelligence is already part of our lives. It has become one of the significant issues of this era in the heat of Machine Learning or generative AI, so much so that Artificial Intelligence is set to change our productive fabric and how we live. But what are the security risks of AI? In recent years, and especially in 2023, various organizations have increased their [...]

El entorno actual, basado en la conectividad entre personas y dispositivos, ha abierto la puerta a nuevas amenazas en forma de ciberataques. El sector retail no es una excepción. No se trata solo de proteger los datos de los clientes, sino de garantizar la integridad de todo el ecosistema empresarial.   Solicita asesoramiento experto en retail   En un mundo cada vez más digital, ser proactivo en lugar de reactivo puede marcar la diferencia entre el éxito y el fracaso. Los puntos de venta son verdaderos tesoros de datos sensibles, desde información de tarjetas de crédito hasta preferencias de compra [...]

El último sábado de marzo de cada año se celebra en todo el mundo “La hora del planeta”. En esta jornada se invita a ciudades de todo el mundo a apagar las luces y aparatos eléctricos que no sean imprescindibles. Así, se impulsa la concienciación de la necesidad de tomar medidas frente al cambio climático, la contaminación y el desperdicio energético.   Descubre cómo podemos ayudarte   «La hora del planeta» es una gran iniciativa, pero ¿y si te dijera que está en nuestras manos hacer que los beneficios de esa jornada se convirtieran en un hecho habitual cada día [...]