S2 Grupo

Spanish Company Specialized in Cybersecurity

|
en arrow down
© 2023 S2 Grupo

admin

S2 Grupo expects to close 2022 with a turnover of 30 million euros.

  • The company has opened a new cybersecurity center in Madrid, which was inaugurated today by the Minister of Local Administration and Digitalization of the Community of Madrid, Carlos Izquierdo Torres.
  • S2 Grupo has assured that at this time it is essential for our country to pursue the goal of digital sovereignty in order to be more technologically independent and to be one of the world leaders in the field of cybersecurity.
  • The company has achieved that the technology of a Spanish company is presented to the world as an essential part of the Spanish security model promoted and defended by the National Cryptologic Center under the National Intelligence Center.

Valencia, October 4, 2022 – The company S2 Grupo announced today that it plans to close this year with a turnover of around 30 million euros. This information was offered at the inauguration of its new cybersecurity facilities in Madrid, which was attended by the Councilor for Local Administration and Digitalization, Carlos Izquierdo Torres, and the managing-partners of S2 Grupo Miguel A. Juan and José Rosell, among other personalities.

The growth we have experienced in recent years is mainly due to the fact that since the pandemic there has been a very high increase in cyber-attacks both in quantity and impact, they are becoming increasingly sophisticated and complex. This has forced companies and Public Administrations to do their homework in this area and demand to work with cybersecurity specialists, such as the people who are part of the S2 Grupo team, because they are aware of the risks we face“, said José Rosell, managing partner of S2 Grupo.

Importance of digital sovereignty for Spain’s cybersecurity.

In this context, one of the points where attention has been focused, as far as our country’s cybersecurity is concerned, is on the importance of pursuing the goal of digital sovereignty.

To continue advancing a cybersecure world and minimize the risks of cyber espionage, among others, we need to stop being technologically dependent on other countries such as the US, China or Israel. We need to have digital sovereignty. Therefore, at S2 Grupo we will continue to invest in R&D+i and in the development of our own technology, because this is the only way to create solutions that will allow Europe to be technologically independent in the field of cybersecurity,” said Miguel A. Juan, managing partner of S2 Grupo.

In addition to its center in Madrid, S2Grupo has facilities in Valencia, Seville, Barcelona, San Sebastian, Brussels, Bogotá, Brindisi, Santiago Chile, Mexico, Rotterdam and Lisbon.

Since its inception in 2004, S2 Grupo has become a benchmark company in the security environment on an international scale and has experienced continuous growth. The company closed 2021 with a turnover of around 25 million euros, which represented a growth of more than 30% over the previous year. It is also committed to the creation of quality employment and currently has a workforce of more than 580 people.

Its clients include most of the leading companies in the distribution, energy, banking and insurance, healthcare, industry and Public Administration sectors.

S2 Grupo, a world reference in cybersecurity

S2 Grupo has achieved that the technology of a Spanish company is presented to the world as the cornerstone of the Spanish security model promoted and defended by the National Cryptologic Center under the National Intelligence Center. In this sense, the technology developed by S2 Grupo is currently deployed in private companies all over the world, in more than 200 agencies of the General State Administration, in different Autonomous Communities and is also starting to be deployed in local entities.

This same technology is also being used to guarantee security in electoral processes in municipalities, Autonomous Communities and the Spanish State, as well as to guarantee cybersecurity in international electoral processes. GLORIA and CARMEN are the star products of cyber-surveillance and cyber-intelligence developed in Valencia with national and international projection.

The objective of S2 Grupo is to continue growing, opening different work centers in other parts of Spain, Europe and Latin America, and investing in R&D+i, with the aim of developing solutions that allow Europe to be technologically independent in cybersecurity and cyberintelligence. In this sense, S2 Grupo is committed to working so that Spain becomes one of the world leaders in this field and Madrid becomes the world capital of cyberintelligence.

More information:

patricia.berzosa@ext.s2grupo.es

Vulnerabilidad en el core de Drupal

INTRODUCCIÓN

La vulnerabilidad conocida como CVE-2022-39261, fue encontrada y corregida en Twig, una librería de terceros que es usada tanto por el diseñador como por el desarrollador al utilizar los principios de PHP y agregar una funcionalidad útil para los entornos de plantillas.

ANÁLISIS

Drupal advierte que los errores pueden afectar a algunos proyectos contribuidos o al código personalizado de los sitios Drupal. La vulnerabilidad CVE-2022-39261 fue causada por la validación inadecuada de la entrada del usuario por el cargador del sistema de archivos. Un atacante podría utilizar una plantilla especialmente diseñada que contenga una declaración source o include en el nombre para leer archivos arbitrarios desde fuera del directorio de plantillas cuando se utiliza un espacio de nombres como @somewhere/../some.file (en tal caso, la validación se omite).

Versiones afectadas:

Drupal >= 8.0.0 < 9.3.22 Drupal >= 9.4.0 < 9.4.7

RECOMENDACIONES

Instalar las últimas versiones:

  • Si se está usando Drupal 9.4, actualizar a Drupal 9.4.7.
  • Si se está usando Drupal 9.3, actualizar a Drupal 9.3.22.
REFERENCIAS

https://www.drupal.org/sa-core-2022-016
https://securityonline.info/cve-2022-39261-twig-directory-traversal-flaw-affects-drupal-core/?utm_source=dlvr.it&utm_medium=twitter
https://nvd.nist.gov/vuln/detail/CVE-2022-39261

Nueva vulnerabilidad en Cisco SD-WAN vManager

INTRODUCCIÓN

Vulnerabilidad en la configuración de enlace de los contenedores del software Cisco SD-WAN vManage podría permitir a un atacante adyacente no autenticado que tenga acceso a la red lógica VPN0 acceder también a los puertos del servicio de mensajería en un sistema afectado.(CVE-2022-20696)

ANÁLISIS

Un atacante podría explotar esta vulnerabilidad conectándose a los puertos del servicio de mensajería del sistema afectado. Para explotar esta vulnerabilidad, el atacante debe ser capaz de enviar tráfico de red a interfaces dentro de la red lógica VPN0. Esta red puede estar restringida para proteger las redes lógicas o físicas adyacentes, dependiendo de la configuración del despliegue del dispositivo. Un exploit exitoso podría permitir al atacante ver e inyectar mensajes en el servicio de mensajería, lo que puede causar cambios en la configuración o hacer que el sistema se recargue. CVSS Score: 8.8

Versiones afectadas:

  • Anteriores 18.4
  • 18.4
  • 19.2
  • 19.3
  • 20.1
  • 20.3
  • 20.4
  • 20.5

RECOMENDACIONES

Los administradores pueden utilizar listas de control de acceso (ACL) para bloquear los puertos TCP 4222, 6222 y 8222, utilizados por los servicios de mensajería de Cisco SD-WAN vManage Software. Además Cisco ha publicado actualizaciones de software que abordan esta vulnerabilidad.

REFERENCIAS

https://nvd.nist.gov/vuln/detail/CVE-2022-20696 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-msg-serv-AqTup7vs

Vulnerabilidad en Redis ACE

INTRODUCCIÓN

Una nueva vulnerabilidad en Redis podría dar lugar a ataques de ejecución de código arbitrario (CVE-2022-35951).

ANÁLISIS

Redis podría permitir a un atacante local autentificado ejecutar código arbitrario en el sistema, el fallo es causado por un desbordamiento de enteros al ejecutar un comando XAUTOCLAIM en una clave de flujo en un estado específico. Utilizando un argumento COUNT especialmente diseñado, un atacante podría ejecutar código arbitrario en el sistema.CVSS Score: 9.8

Versiones afectadas:

Redis versions>=7.0.0

RECOMENDACIONES

Actualizar a la Versión 7.0.5

REFERENCIAS

https://securityonline.info/cve-2022-35951-redis-flaw-could-lead-to-execute-arbitrary-code-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2022-35951
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/

Vulnerabilidad de ejecución remota de código en Apache InLong

INTRODUCCIÓN

Fallo cuando los parámetros de la URL de la conexión MySQL JDBC son deserializados por Apache InLong, un atacante podría explotar esta vulnerabilidad para deserializar y así lograr la ejecución remota de código (CVE-2022-40955).

ANÁLISIS

En las versiones de Apache InLong anteriores a la 1.3.0, un atacante con privilegios suficientes para especificar los parámetros de la URL de conexión JDBC de MySQL y escribir datos arbitrarios en la base de datos de MySQL, podría hacer que estos datos fueran deserializados por Apache InLong, lo que podría conducir a la ejecución remota de código en el servidor de Apache InLong. CVSS Score: 8.8

Versiones afectadas:

  • Versiones de Apache InLong anteriores a la 1.3.0

RECOMENDACIONES

Se recomienda a los usuarios que actualicen a Apache InLong 1.3.0 o más reciente.

REFERENCIAS

https://securityonline.info/cve-2022-40955-apache-inlong-remote-code-execution-vulnerability/
https://cve.report/CVE-2022-40955
https://nvd.nist.gov/vuln/detail/CVE-2022-40955

Vulnerabilidad de Spoofing en Microsoft Endpoint Configuration Manager

INTRODUCCIÓN

Vulnerabilidad de spoofing en Microsoft Endpoint Configuration Manager descubierta por el investigador Brandon Colley, en colaboración con Trimarc Security con una puntuación CVSS de 7.5 puntos.

ANÁLISIS

El investigador, Brandon Colley, en colaboración con Trimarc Security, ha descubierto una vulnerabilidad crítica en Microsoft Endpoint Configuration Manager. Ha sido publicada en un aviso fuera de ciclo por parte del fabricante. Un atacante podría aprovechar esta vulnerabilidad para suplantar la identidad de un trabajador y obtener información sensible.

La vulnerabilidad se encuentra aun bajo análisis.

Versiones afectadas:
Microsoft Endpoint Configuration Manager versiones 2103, 2107, 2111, 2203 y 2207.

RECOMENDACIONES:

Instalar el hotfix KB15498768. Esta actualización impide cualquier intento de autenticación NTLM para la instalación push del cliente cuando la opción “Permitir reserva de conexión a NTLM” está desactivada.

  La deshabilitación de la opción "Permitir reserva de conexión a NTLM" en "Propiedades de instalación de inserción de cliente" no se respeta cuando:

Hay errores de autenticación en Kerberos, la cuenta de inserción de cliente intentará una conexión NTLM en su lugar.

La cuenta de equipo del servidor intentará una conexión mediante NTLM si se produce un error en la autenticación de Kerberos para todas las cuentas de instalación de inserción de cliente definidas.

Los administradores también pueden deshabilitar el uso de los métodos de instalación push automática y manual del cliente para eliminar el riesgo de exposición a esta vulnerabilidad.

REFERENCIAS:

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-spoofing-microsoft-endpoint-configuration-manager
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
https://nvd.nist.gov/vuln/detail/CVE-2022-37972

Nuevas Vulnerabilidades en Trend Micro Apex One

INTRODUCCIÓN

Trend Micro ha publicado un nuevo Service Pack para Trend Micro Apex One (On Premise) y parches críticos para Apex One as a Service (SaaS) que resuelven múltiples vulnerabilidades del producto.

ANÁLISIS

Se han resuelto las siguientes vulnerabilidades:


CVE-2022-40139 (CVSS 7.2): La validación inadecuada de algunos componentes utilizados por el mecanismo de reversión en los clientes de Trend Micro Apex One y Trend Micro Apex One as a Service podría permitir a un administrador del servidor Apex One indicar a los clientes afectados que descarguen un paquete de reversión no verificado, lo que podría conducir a la ejecución remota de código. Un atacante debe obtener primero el acceso a la consola de administración del servidor Apex One para poder explotar esta vulnerabilidad.

CVE-2022-40140 (CVSS 5.5): Una vulnerabilidad de error de validación de origen en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local causar una denegación de servicio en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad.

CVE-2022-40141 (CVSS 5.6): Una vulnerabilidad en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante interceptar y descifrar ciertas cadenas de comunicación que pueden contener algunos atributos de identificación de un servidor Apex One concreto.

CVE-2022-40142 (CVSS 7.8):  Una vulnerabilidad de escalada de privilegios local en los agentes Trend Micro Apex One y Trend Micro Apex One as a Service podría permitir a un atacante local crear una carpeta con capacidad de escritura en una ubicación arbitraria y escalar privilegios en las instalaciones afectadas.

CVE-2022-40143 (CVSS 7.3):  Una vulnerabilidad de escalada de privilegios local en los servidores Trend Micro Apex One y Trend Micro Apex One as a Service podría permitir a un atacante local abusar de un directorio inseguro que podría permitir a un usuario con pocos privilegios ejecutar código arbitrario con privilegios elevados.

CVE-2022-40144 (CVSS 8.2):  Una vulnerabilidad en Trend Micro Apex One y Trend Micro Apex One as a Service podría permitir a un atacante eludir la autenticación de inicio de sesión del producto falsificando los parámetros de solicitud en las instalaciones afectadas.

Versiones afectadas:

  • Apex One 2019 (On-prem)
  • Apex One SaaS

RECOMENDACIONES:

  • Actualizar a la versión Apex One SP1 (b11092/11088)
  • instalar el parche de seguridad Apex One (SaaS) August 2022 Monthly Patch (202208)

REFERENCIAS:

https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US

11% of online vacation bookers have been victims of cyber scams

  • According to a survey conducted by the cybersecurity company S2 Grupo, 16% of the people who participated in this study said that although they have not experienced this situation, they do know someone who has.
  • Along with this, 16% said that they love to share their vacation photos in real time, 5.5% more than in 2020. This data shows that, although there is a growing awareness of the importance of cyberprotection on social networks, there is still work to be done.

Valencia, July 27, 2022 – The Valencian company S2 Grupo, specialized in cybersecurity as well as cyberintelligence and critical systems management, has conducted a survey on cybersecurity on vacations. One of the main findings is that 11% of those surveyed claim that they have been victims of cybercrime by having booked their vacations online.

In addition, 16% say that, although they have not suffered this type of incident, they have people in their close circle who have fallen into the traps of online criminals.

In this area, cybercrime has focused mainly on vacation rental accommodations and car rentals. To avoid falling into their nets, it is important that we follow some good habits such as doubting a lot of bargains, this can already give us a clue that something is wrong. Or other recommendations are to detect many spelling mistakes on the web, make sure there is a contact phone number or do a Google search with that accommodation or car rental company to detect if there are negative opinions or complaints about it“, explained José Rosell, managing partner of S2 Grupo.

Another essential point in relation to cybersecurity and vacations is the issue of sharing photos when we are away, as this can give a lot of information that we are not at home that can be used by cybercriminals.

In relation to this, 16% of respondents answered that they do like to share photos on their social networks in real time when they are traveling. However, to the same question, the response in the 2020 survey was 21.5%. 18% prefer to wait until they return home to share them.

These data are relatively positive because they show an increase in cybersecurity awareness and culture in families. However, there is still work to be done in this area to safely use technology. It is important to remember to be careful when using public Wi-fis and not to access personal pages of banks or even social networks because these could be manipulated by cybercriminals who would have direct access to our data“, said Miguel A. Juan, managing partner of S2 Grupo.

In addition, other recommendations are not to activate geopositioning in social networks, if we install tourist apps, check the permissions they request and monitor those that may be suspicious such as sending SMS messages, or reinforce the security of our devices by installing protection measures to prevent the thief from accessing the data in the event of theft and facilitate its recovery. For example, a complex unlocking key can be used. Any device has these capabilities and although they are not usually used, vacations are a good time to do so. In addition, it is advisable to install an application that facilitates recovery in case of theft or loss. Most manufacturers have such applications that allow, in addition to locating it, to remotely erase the data and perform many other actions.

More information:

prensa@s2grupo.es

S2 Grupo opens new headquarters in Rotterdam

  • Régis Cazenave, with extensive experience in the field of cybersecurity and Industry 4.0, has been appointed delegate of S2 Grupo in France and the Netherlands.
  • S2 Grupo’s aim in opening this new office is to increase its presence in the European OT cybersecurity field.
  • S2 Grupo’s presence in Europe is reinforced by its role as one of the founding members of ECSO (European Cybersecurity Association) and by being part of the Partnership Board of this association, which is the body in charge of collaborating with the European Commission for the definition of the R&D strategy in cybersecurity for the coming years.

Valencia, June 13, 2022-The Valencian company S2 Grupo, specialized in cybersecurity as well as cyberintelligence and critical systems management, is committed to the development of its activity in Europe by opening new headquarters in Rotterdam. In addition to this and its different centers in Spain, the company also has offices in Brussels and Lisbon.

S2 Grupo has become an international benchmark in the field of cybersecurity and currently works for leading companies in the Distribution, Energy, Banking and Insurance, Healthcare, Industry and Public Administration sectors. In addition, its presence in Europe is reinforced by its role as one of the founding members of ECSO (European Cybersecurity Association) and by being part of the Partnership Board of this association, which is the body in charge of collaborating with the European Commission in the definition of the R&D strategy in cybersecurity for the coming years.

The new headquarters in Rotterdam will be managed by Régis Cazenave, a Frenchman who has spent a large part of his career in Spain. He has been appointed delegate of S2 Grupo in France and Holland. Régis has extensive professional experience in the field of cybersecurity, both in IT and OT, and Artificial Intelligence, Software as a Service (SaaS), Internet of Things (IoT) and Industry 4.0, among other areas.

In addition, Règis Cazenave has a solid track record in developing new business, scaling up operations and geographically expanding blue-chip companies around the world.


One of S2 Grupo’s objectives is to continue our growth process by increasing our presence in the OT field, i.e. in cybersecurity in control systems both in industry and other sectors in Europe. And this is precisely the purpose of the commitment to this new headquarters in Rotterdam,” explained José Rosell, managing partner of S2 Grupo.

S2 Grupo’s engagement with the growth of cybersecurity on this continent is one of the company’s main axes because achieving technological independence from other large companies is essential. Even more so, in a context in which we have seen how cyber espionage and cyber wars between countries are a fact of life. For this reason, our commitment is also reflected in our continuous participation in the development of important R&D+i projects in the sector in Europe“, said Miguel A. Juan, managing partner of S2 Grupo.

Más información: prensa@s2grupo.es

How do cybercriminals act on Linkedin?

  • S2 Grupo has pointed out that organized international cybercrime groups use this social network to obtain money or data through cyber espionage.
  • Experts from the cybersecurity company have warned that there are currently numerous cases of phishing through LinkedIN.
  • The modus operandi of cybercriminals in this environment usually follows four steps: study of the victim, tailored approach, generation of trust and delivery of the malware.

Valencia, July 12, 2022.- The Valencian company S2 Grupo, specialized in cybersecurity as well as cyberintelligence and critical systems management, has warned that cybercriminals are increasingly active in social networks, such as Linkedin, which puts people and the environments in which they work in a vulnerable situation.

The goal of cybercriminals is always the same, to get money or obtain data, because information is worth a lot of money. Many people think that phishing cases can only happen through phishing email, spoofing and malicious links, but this is not the case. This has become more sophisticated and we also find cases of phishing on LinkedIN, for example“, explained José Rosell, managing partner of S2 Grupo.

There are cybercrime groups such as the Korean Lazarus that, precisely, make intensive use of networks such as LinkedIN to generate a first contact with their victims. This requires us to take extreme precautions in the use of these social networks to avoid falling into their trap, which is often oriented towards cyber espionage“, said Miguel A. Juan, managing partner of S2 Grupo.

The cybersecurity company’s team of experts has pointed out that the modus operandi of these cybercrime groups is usually as follows:

  1. First, they make a study of the target profile. They analyze the victim in order to approach them “without suspicion”. In this way, they study their interests, their environment, contacts, the company they belong to, etc.
  • The second step is to make a tailor-made approach. “With the victim studied, a message is sent or an initial tailored contact is made. For example, if my interests are X or my job is Y, depending on my profile, the approach will be appropriate to that job, interests, profile, etc. This will increase the chances of success,” assured José Rosell.
  • Thirdly, trust is key. Cybercriminal groups initiate an exchange of seemingly innocuous messages to gain the victim’s trust.
  • The fourth step is the delivery. Once contact has been established, and there is a certain degree of trust and confidence in the conversation, they take the opportunity to send a malicious code. This message may include attachments or links that allow the cybercriminal to take full control (for example, by deploying a RAT, software capable of spying on and monitoring the infected computer) or partial control (for example, by capturing valid credentials) of the victim.

More information: prensa@s2grupo.es