Segmentados Investigación y Análisis

Contenido Segmentados Investigación y Análisis

En esta sección se ofrecen contenidos de interés para los profesionales que participan en la investigación de vulnerabilidades, análisis de amenazas y eventos de ciberseguridad, forense digital, hacking ético o pentesting, investigador del fraude o analista de ciberinteligencia.

Is it secure to charge your vehicle in publics places?

Posted on 02/11/2023, by
INCIBE (INCIBE)
¿Es seguro cargar tu vehículo en lugares públicos?
The automotive sector is currently moving towards electric consumption, as society is becoming more and more aware of the problems that environmental pollution can cause.One of the big challenges of this trend is how to charge electric vehicles, for which charging points are currently used.But like most of today's technological devices, they will also need to have access to an Internet connection in order to be able to monitor in real time the use of the station, the customer's banking information, etc.For this reason, in this article we want to talk about the different risks or cyber-attacks that these charging points may suffer and the problems they may cause, as this is a very important sector for society and one that is capable of managing very sensitive information 

Shadow IT exposed: risks and best practices

Posted on 26/10/2023, by
INCIBE (INCIBE)
Shadow IT exposed: risks and best practices
The presence  of Shadow IT, i.e., the unauthorized or unmanaged use of IT technologies and services by employees, poses challenges and risks of considerable magnitude.The rapid adoption of personal devices and applications, as well as accessibility to cloud services, have increased the complexity of the security landscape. This situation poses a risk that can compromise the confidentiality and integrity of the organization's information. 

CVSS V4.0: steps for an advanced vulnerability assessment

Posted on 19/10/2023, by
INCIBE (INCIBE)
CVSS V4.0: avanzando en la evaluación de vulnerabilidades
The arrival of the new version of CVSS (Common Vulnerability Scoring System) covers some deficiencies related to the assessment of vulnerabilities in the industrial world. The introduction of changes in the way of scoring different vulnerabilities, the incorporation of new metrics for elements of the industrial world such as "Safety" or the service recovery of a device, are some of the new features introduced in version 4 of the CVSS.This article will analyze the new features brought by version 4.0 and its increased accuracy when assessing vulnerabilities in industrial environments for a better adequacy of the scores given. 

Zero Trust methodology: foundations and benefits

Posted on 09/10/2023, by
INCIBE (INCIBE)
Zero Trust Cover
The Zero Trust methodology  is based on the premise that no user, device, or network can be trusted, and that access privileges and security levels must be continuously verified in all interactions. The motivation for applying the Zero Trust methodology  is the need to protect a company's sensitive data and digital resources against potential internal and external threats. 

ESXiArgs: response and recovery actions

Posted on 02/10/2023, by
INCIBE (INCIBE)
ESXiArgs: response and recovery actions
This article introduces how ESXiArgs operates, and offers an approach to identifying and addressing the threat. Examining the characteristics and behaviours of ransomware, it provides detailed insight into the tactics it uses and how these can be detected in a vulnerable environment. It also explores strategies and best practices for cleaning and disinfecting compromised systems, restoring trust and security to the affected infrastructure.

Firmware analysis of industrial devices

Posted on 21/09/2023, by
INCIBE (INCIBE)
Firmware analysis of industrial devices
Firmware analysis can help to uncover potential vulnerabilities that would otherwise never have been discovered.Although there are multiple types of attacks on IoT and IIoT devices, this guide focuses on the firmware of these devices to check for potential vulnerabilities, using security testing and reverse engineering to allow for an in-depth analysis of the firmware.

Study of tools for recognition activity

Posted on 07/09/2023, by
INCIBE (INCIBE)
Introduction to the study of recognition tools blog image
With this study, we seek to offer a deep knowledge about the reconnaissance activity in cybersecurity, so that professionals from different fields can consider these tactics as an integral part of their security strategies. This study also aims to increase general understanding of these techniques and how they can be used to effectively protect information and systems. 

The challenges of upgrades in industrial environments

Posted on 24/08/2023, by
INCIBE (INCIBE)
Portada Antimalware en SCI
The increase of malware specifically designed to run on systems that support industrial processes creates a need in the industry that can be partly covered by different technological solutions. This article will focus on the different options available on the market to detect malicious files that aim to modify the operation of industrial environments or simply cause denials of service.Both portable and agent-deployed solutions can be an option, and this article will reflect on these and other options as well as provide guidelines on when it is best to use one solution or the other.

Secure configurations in industrial devices

Posted on 10/08/2023, by
INCIBE (INCIBE)
Secure configurations in industrial devices Blog cover
Within the industrial world, systems can be detected that do not have all their cybersecurity capabilities activated. This can occur for a variety of reasons, but if detected, each case must be analyzed to get the most out of each device. The ability to robustly configure programs, services or other nuances within industrial systems is called bastioning and allows, among other things, to prevent assets from having a large exposure to the network or the solutions deployed in the system from having vulnerabilities resulting from misconfiguration.In this article, we will begin by explaining what hardening is and how to apply it to our industrial network, along with some good practices to follow.

Maze, Egregor and Sekhmet: response and recovery actions

Posted on 03/08/2023, by
INCIBE (INCIBE)
Decorative image with skull and red background
The history of cybersecurity is marked by names that have left an indelible mark on the field of digital threats. Among them, Maze, Egregor and Sekhmet stand out as notable ransomware variants, whose similarities go beyond mere coincidence. In this article, we will unravel the tactics these ransomwares employed,  the encryption mechanisms they used, and the evasion and propagation strategies they employed. The review of these malware will offer us a deeper insight into the persistent threat of ransomware, as well as the importance and need to strengthen our cybersecurity posture.

Purple Team increases the effectiveness of the Red Team and Blue Team in SCI

Posted on 27/07/2023, by
INCIBE (INCIBE)
All about Purple Team increases the effectiveness of the Red Team and the Blue Team in SCI
The Purple Teams are exercises in which three very well differentiated teams participate: a Red Team, a Blue Team and a Purple Team. The Red Team will be in charge of carrying out attacks on the defined structure, the Blue Team will be the team in charge of defending that structure and the inclusion of the Purple Team allows the two previous teams to communicate with each other and be organized correctly thanks to the work of the purple team. This is why the Purple Teams allow a great number of advantages to be obtained with respect to carrying out the exercises separately and without coordination between them.This article presents all these advantages and much more about Purple Teams.

"Good practices for the recovery of industrial systems (II)”

Posted on 20/07/2023, by
INCIBE (INCIBE)
Decorative image notebook with headlines emergency, response and plan
When a security incident occurs in an ICS (Industrial Control System), depending on the severity of the incident, it can generate a serious problem, both at a productive and economic level, as well as in the security of the people working in the industrial system.Therefore, in this article following the one entitled "Good practices for the recovery of industrial systems (I)", response plans will be discussed from a point of view oriented to current regulations, as well as their applications and necessity in critical industrial environments, such as the energy sector.