Segmentados Investigación y Análisis

Managing and predicting vulnerabilities has become an essential task for cybersecurity. The Exploit Prediction Scoring System  (EPSS) is a methodology launched in 2019, which uses algorithms and threat intelligence data to predict the likelihood of a specific vulnerability being exploited by threat actors in a short space of time.In an environment where organizations are faced with an increasing number of vulnerabilities, EPSS effectively prioritizes responses to vulnerabilities based on their risk of exploitation. Through meticulous information collection and analysis, this system offers an efficient view of the threats affecting the business, allowing organizations to act proactively. This article focuses on understanding EPSS, how it improves security posture, and best practices for its implementation. 

The security gaps and issues that exist within industrial environments are sometimes unknown to many information consumers. This article aims to bring first hand some of the most interesting issues and attack trends in 2023 in the industrial sector. Different industrial cybersecurity incidents so far this year will be described at a high level and a comparison will be made with the trend presented at the beginning of the year.

The Border Gateway Protocol (BGP) is fundamental to the functioning of the Internet as we know it, as it serves to route data flows along the optimal routes, through several different hops (or IPs). However, it was not designed with security by design, which opens the door to hijacking BGP-type  threats. Through these types of attacks, malicious actors can redirect traffic, causing data loss, such as  in Man-in-the-Middle, among others. This article explores in depth these types of attacks, their impact, and the countermeasures available through mechanisms such as RPKI, IRR, and ROA. 

OSINT (Open-Source Intelligence) is a technique that focuses on the collection, evaluation and analysis of public information through different methods and techniques, with the objective of discovering vulnerabilities or collecting sensitive information that could become threats. It should be emphasized that the data collection is not called OSINT, it would be raw information. Once this information is evaluated and treated, it could be said that we are really talking about open-source intelligence (OSINT).Initially it has been used in the military and government sector. Its use in OT, with disciplines such as SIGINT (Signals Intelligence), IMINT (Imagery Intelligence) or even 'Sock Puppets' (fake profiles or intruders in technical forums) is making havoc due to the criticality of this equipment. Disinformation or the compilation of sensitive industrial technical information are some of the serious consequences that this sector is exposed to.

The  Avaddon ransomware appears as a disturbing threat that has demonstrated its ability to exploit vulnerabilities in systems, compromising the security and integrity of critical data. This article dives into the details of how Avaddon works, while also providing a comprehensive analysis of strategies to detect and mitigate the threat. 

The  Hive ransomware (especially in its v5 version) stands out for its sophistication, and for the impact caused to hundreds of companies and organizations worldwide, bypassing conventional defenses and challenging analysts with its advanced techniques.In this article, we unravel its features, from its encryption methods to its anti-analysis countermeasures, illustrating not only the threat it poses, but also how it can be combated. Through a technical analysis, it is intended to empower readers with the knowledge necessary to understand and ultimately defend against these types of threats.

The automotive sector is currently moving towards electric consumption, as society is becoming more and more aware of the problems that environmental pollution can cause.One of the big challenges of this trend is how to charge electric vehicles, for which charging points are currently used.But like most of today's technological devices, they will also need to have access to an Internet connection in order to be able to monitor in real time the use of the station, the customer's banking information, etc.For this reason, in this article we want to talk about the different risks or cyber-attacks that these charging points may suffer and the problems they may cause, as this is a very important sector for society and one that is capable of managing very sensitive information 

The presence  of Shadow IT, i.e., the unauthorized or unmanaged use of IT technologies and services by employees, poses challenges and risks of considerable magnitude.The rapid adoption of personal devices and applications, as well as accessibility to cloud services, have increased the complexity of the security landscape. This situation poses a risk that can compromise the confidentiality and integrity of the organization's information. 

The arrival of the new version of CVSS (Common Vulnerability Scoring System) covers some deficiencies related to the assessment of vulnerabilities in the industrial world. The introduction of changes in the way of scoring different vulnerabilities, the incorporation of new metrics for elements of the industrial world such as "Safety" or the service recovery of a device, are some of the new features introduced in version 4 of the CVSS.This article will analyze the new features brought by version 4.0 and its increased accuracy when assessing vulnerabilities in industrial environments for a better adequacy of the scores given. 

The Zero Trust methodology  is based on the premise that no user, device, or network can be trusted, and that access privileges and security levels must be continuously verified in all interactions. The motivation for applying the Zero Trust methodology  is the need to protect a company's sensitive data and digital resources against potential internal and external threats. 

This article introduces how ESXiArgs operates, and offers an approach to identifying and addressing the threat. Examining the characteristics and behaviours of ransomware, it provides detailed insight into the tactics it uses and how these can be detected in a vulnerable environment. It also explores strategies and best practices for cleaning and disinfecting compromised systems, restoring trust and security to the affected infrastructure.

Firmware analysis can help to uncover potential vulnerabilities that would otherwise never have been discovered.Although there are multiple types of attacks on IoT and IIoT devices, this guide focuses on the firmware of these devices to check for potential vulnerabilities, using security testing and reverse engineering to allow for an in-depth analysis of the firmware.