Does the metaverse put personal data protection regulations in check?

Some people may be wondering what the metaverse is, or even that it goes unnoticed in their daily lives.

Avoiding technicalities, and in order to provide a simple explanation, we can say that the purpose of the metaverse is “the creation of an immersive digital world“.

That is, a world through which users, using convergent technology such as virtual reality glasses, haptic garments, etc. can perform the same activities they do in real life (going to the movies, meeting friends, studying, working, shopping, …) and that, in turn, what happens in this digital world has repercussions in their lives. For example, it could be the case of making a purchase of a product through this digital world and it arrives at your home as if you had ordered it “in the real world”.

Although the metaverse seems somewhat novel, it is a term that appeared in the 1992 play Snow Crash, where people could interact in a virtual world through avatars. This concept was also seen years later in the video game Second Life or, more recently, in the Decentreland platform where you can even buy virtual plots of land as if it were a reality.

[Read more…]

10 tips for securing data hosted on Amazon S3

The use of Amazon Simple Storage Service S3 is becoming more and more widespread, being used in a multitude of use cases: sensitive data repositories, security log storage, integration with backup tools…, so we must pay special attention to the way we configure our buckets and how we expose them to the Internet.

In this post we will talk about 10 good security practices that will allow us to manage our S3 buckets correctly.

Let’s get started.

1 – Block public access to S3 buckets across the organization

By default, the buckets are private and can only be used by the users of our account, provided that they have set the correct permissions.

Additionally, the buckets have an “S3 Block Public Access” option that prevents the buckets from being considered public. This option can be enabled or disabled for each bucket in your AWS Account. To prevent a user from deactivating this option, we can create an SCP policy in our organization so that no AWS Account member of the organization can do so.

[Read more…]

Blockchain to secure healthcare environments

The increasing number of data breaches in the healthcare sector is causing serious problems in management and storage. In addition, traditional security methods being used to protect healthcare applications are proving ineffective. This is why emerging technologies such as blockchain are offering new security approaches and processes for healthcare applications, providing data confidentiality and privacy.

Data breaches are one of the main cybersecurity issues in the healthcare sector. Figure 1 shows how the amount of health record data leakage has been increasing, highlighting a large change between 2018 and 2019, a date coinciding with the start of the COVID-19 pandemic.

Figure 1. Number of data breaches of 500 or more health records in the healthcare sector from 2009 to 2021. Source:
[Read more…]

Hunting with Artificial Intelligence: Detection of malicious domains (III)

This post and the full series has been elaborated jointly with Ana Isabel Prieto, Sergio Villanueva and Luis Búrdalo.

In previous articles of this series (see part I and part II) we described the problem of detecting malicious domains and proposed a way to address this problem by combining various statistical and Machine Learning techniques and algorithms.

The set of variables from which these domains will be characterized for their subsequent analysis by the aforementioned Machine Learning algorithms was also described. In this last installment, the experiments carried out and the results obtained are described.

The tests have been carried out against a total of 78,661 domains extracted from the a priori legitimate traffic of an organization, from which 45 lexical features belonging to the categories described above have been calculated.

[Read more…]

Attacks on Cryptocurrency Exchanges

This post has been written jointly with Álvaro Moreno.

Cryptocurrencies have grown so much in recent years in terms of economic volume and relevance that they have become an important target for cybercriminals. Given that exchanges, platforms where users can buy and sell these cryptocurrencies, bring together a large number of transactions and users of these assets, they have become an important target for cybercriminals, who seek to get as much money as possible by exploiting their vulnerabilities.

In this article we will cover some of the most recent attacks on these Exchange platforms and conclude with a table on other major attacks on cryptocurrency exchanges.

On January 17, 2022, the Exchange platform  discovered that a small number of users were making unauthorized withdrawals of cryptocurrencies from their accounts worth approximately 4800 ETH and 440 BTC, plus about $66,200 in other currencies.

The response from the platform was to suspend withdrawals of any tokens while an investigation was conducted. In the end, no customers of the platform suffered any loss of funds, as the 483 affected users received a full refund.

[Read more…]

Exploiting Leaked Handles for LPE

The inheritance of object handles between processes in a Microsoft Windows system can be a good source to identify local privilege elevation (LPE) vulnerabilities. After introducing the basic concepts around this type of security weaknesses, a tool capable of identifying and exploiting them will be presented, providing Pentesters and Researchers with a new point to focus their intrusion and research actions respectively, read on!

Within a Microsoft Windows operating system, processes are able to interact with securable system objects such as files, PIPES, registry keys, threads or even other processes. To do this and through the use of the WINAPI the source process requires the O.S. of a handle to perform a certain action on the object in question.

If the appropriate permissions and/or privileges are available, the O.S. authorizes this access by delivering the aforementioned object handle to the process that requires it. From that moment on it is possible to interact with it within the limits of the requested permissions. Let’s see the following example where a source process would make use of the WinApi OpenProcess function to try to open a target process (spoolsv.exe) in order to obtain information remotely from it (PROCESS_QUERY_INFORMATION).

[Read more…]

OWASP Top 10 2021 News (III)

After discussing in the first post of the series some details about the new version of OWASP Top 10, and in the second one the new category A08, software and data integrity flaws, in this third and last post we are going to analyze the category A10: Server-Side Request Forgery (SSRF), as well as the possibilities of mitigating these types of vulnerabilities.

A10: (Server-Side Request Forgery, SSRF)

SSRF attacks are possible when an application allows a remote resource to be obtained without validating the URL provided by the user. This type of attack can bypass the protection provided by the firewall, VPN or access controls.

For example, when an application allows you to specify a URL to which the initial request will be redirected, if we do not filter the URL to which it will be redirected, the attacker could take advantage of this to enter a random address.

[Read more…]

Hunting with Artificial Intelligence: Detection of malicious domains (II)

This post and the full series has been elaborated jointly with Ana Isabel Prieto, Sergio Villanueva and Luis Búrdalo.

In the previous article we commented on the difficulty faced by Threat Hunting analysts as a result of the high number of domains registered daily by an organization. This makes it difficult to analyze and locate potentially malicious domains, which may go unnoticed among so much traffic. For this reason, in an attempt to facilitate the analyst’s task, the use of alternative techniques based on Machine Learning is proposed. Before presenting the different tests performed, the article introduces the algorithms to be used for the detection of anomalies in the domains.

To begin with, it is necessary to comment that having a large and varied database is fundamental for a model to be able to detect potentially malicious domains reliably, since its parameters are going to be adjusted in an environment that must be similar to the real one.

However, there is great difficulty in identifying patterns in high-dimensional data, and even more difficulty in representing such data graphically and expressing them in a way that highlights their similarities and differences. This is where the need arises to use a powerful data analysis tool such as PCA (Principal Components Analysis).

[Read more…]

Hunting with Artificial Intelligence: Detection of malicious domains (I)

This post and the full series has been elaborated jointly with Ana Isabel Prieto, Sergio Villanueva and Luis Búrdalo.

Internet brings a world of possibilities for personal development and the realization of many of the daily activities, being an indispensable piece in today’s society. On this network there are hundreds of millions of domains to access, although unfortunately not all of them are safe. Malicious domains are those used by cybercriminals to connect to command and control servers, steal credentials through phishing campaigns or distribute malware.

In many cases, these domains share certain lexical characteristics that at first glance may attract attention. For example, in phishing campaigns, domains with TLD xyz, top, space, info, email, among others, are relatively common. Similarly, attackers use DGA (Domain Generation Algorithm) techniques to create random domains to exfiltrate information, such as istgmxdejdnxuyla[.]ru. Other striking properties can be excessive hyphens, multi-level domains or domains that attempt to impersonate legitimate organizations such as amazon.ytjksb[.]com and amazon.getfreegiveaway[.]xyz.

With digitization on the rise, organizations surf to thousands of different domains, making it difficult to detect malicious domains among so much legitimate traffic. In a medium-sized organization, between 3,000 and 5,000 domains of traffic are logged daily. This volume makes it unfeasible to analyze them manually. Traditionally, part of this detection process is automated using pattern search rules, for example, rules to find domains with TLDs (Top Level Domain) used in phishing campaigns, containing the name of large companies that are not legitimate or have more than X characters.

[Read more…]

Hacking DICOM: the hospital standard

Have you ever thought that radiographs were just JPG images? Do you remember hearing the name DICOM? In this article we expect to resolve all your doubts about the protocol for sending medical images and show you its implications for cybersecurity.

Quick introduction to DICOM

Figure 1. DICOM logo

Medical images that are transmitted within hospitals, such as X-rays or ultrasounds, are not in the common image formats, but are in DICOM (Digital Imaging and Communications in Medicine) format. However, they can be converted to JPG or PNG.

Although at first glance it looks like a simple image format, DICOM is much more: it is the standard for transmission, storage, retrieval, printing, processing and visualization of medical images and their information. Thanks to the implementation of this standard, technology in the health field was revolutionized, replacing physical radiographs with digital radiographs with all the implied data. Today, DICOM is recognized as the ISO 12052 standard.

[Read more…]