benefici soar cover Giacomo Lanzi

The SOAR benefits: simplifying investigation and response

The growing impact of cyber threats, on private or corporate operating systems, leads more and more users to use third-party applications to protect work information. Fortunately, the implementation of new technologies improves this condition. Among the most interesting solutions, aimed at protecting corporate systems, is the SOAR technology with its benefits. What are the potential and the advantages that a…

security code review cover Giacomo Lanzi

Security Code Review: How the service works

The Security Code Review (SCR) service is increasingly used by companies looking for effective solutions for cyber security . The large number of programming languages require well-defined security parameters to benefit from thorough control. Thanks to our dedicated service for Security Code Review it is possible to identify critical defects and serious data breaches without necessarily investing a significant budget….

automated response integration cover Giacomo Lanzi

Integration of the automated response: the automations in SOCaaS

The issue of information security is very topical in this historical period characterized by digitization. To protect themselves, businesses and individuals can use a variety of tools that can prevent an attack, but also help manage it. In this article we talk about Automated Response Integration and the automations in the SOCaaS offered by SOD . Although the systems used…

Giacomo Lanzi

Coordination between CTI and SOC: how to further raise the defenses

The Cyber Threat Intelligence (CTI) and a Security Operations Center (SOC) are two important parts in a company’s security process. They help identify and mitigate the risks involved in the digital world. CTI is a proactive measure that helps identify potential threats, while SOC is a reactive measure that helps detect and mitigate an attack. Together, CTI and SOC are…

Certificato di qualità Giacomo Lanzi

Quality certificate for the SOCaaS of SOD

The technology we use to deliver our SOCaaS has been awarded a quality certificate . Today we want to talk about this, explaining again what a SOC is and why a SOCaaS is an ideal solution for companies. Of course, we will also explain what it is about when we talk about the quality certificate and how this ensures excellent…

Managed Detection and Response cover Giacomo Lanzi

Managed Detection and Response: a new preventive approach

The constant use of communications over the network in a corporate context makes it essential to take precautions for computer security. As we have seen on other occasions, the dangers can come from different fronts: phishing , ransomware , data breach , etc. The implementation of new strategies such as Managed Detection and Response allows to mitigate risks and identify…

CLUSIT e il team Giacomo Lanzi

CLUSIT: our collaboration for better services

Cyber security is an important point for all companies that use the network as a communication tool. This is why we have decided to carry out a fundamental operation that allows us to offer a better service to our customers . We have partnered with CLUSIT to make our services even more professional. A fundamental-collaboration to improve and improve The…

intelligenza artificiale monitoring chip Giacomo Lanzi

The use of artificial intelligence in monitoring

When we refer to artificial intelligence, we often refer to the great technologies that could control the world, with an obvious streak of science fiction. The reality is very different and is characterized by a technology with great potential, which is able to ensure countless advantages . Today we talk about how artificial intelligence can be implemented in monitoring. The…

certificazioni red team cover Giacomo Lanzi

The certifications of the SOD Red Team

In order to keep the eye on your IT infrastructure, hire a Red Team with certifications it is the ideal choice . The analyzes carried out by a certified Red Team are aimed at the protection and prevention of attacks and data losses. Obviously, an in house Red Team would require hefty hiring costs and a constant financial effort to…

Log Management Cover Giacomo Lanzi

The benefits of good log management

When we talk about log management we refer to a precise process which consists of the centralized collection of data that comes from different operating environments such as: devices, databases, applications and much more. Logs are produced by various system events , many of which are particularly important in the business environment. So let’s see some important details regarding log…

Ransomware novità mani con guanti Giacomo Lanzi

Ransomware: recent news 2020/21

As we know, a ransomware is a malware that aims to extort money from victims . The means it uses is encryption to encrypt victim data, both local and in the cloud, and make it inaccessible. The ransomware is therefore a real cyber blackmail : if the victim refuses to pay the requested sum, not only would he be denied…

Giacomo Lanzi

CTI (Cyber Threat Intelligence): how does it work?

Today we are talking about the CTI update of our services. Data security is an aspect that must always be taken into consideration to prevent data from being stolen in any way. Network problems When you have a presence connected to the network, especially if it contains sensitive data, the potential threats to which you are exposed are manifold. The…

Giacomo Lanzi

Autonomous Threat Sweeper: the news of SOCaaS

Today we see one of the latest additions to our SOCaaS, the Autonomous Threat Sweeper (ATS) . A system able to support SOC in an innovative way and protect against the most innovative threats. The Privacy Guarantor, through the provision dated May 27, 2021, has introduced some changes regarding the violation of sensitive and personal data. A particular reference was…

open data Giacomo Lanzi

Hadoop Open Data Model: “open” data collection

With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we…

pass the ticket laptop Giacomo Lanzi

Pass the Ticket: how to mitigate it with a SOCaaS

Every year the number of attacks that threaten the security of devices, computer systems, servers and network infrastructures is growing steadily. This is done by taking advantage of the vulnerabilities present in these systems. Among the many types of attacks, particular attention must be paid to the pass the ticket (PTT) attack. With a pass the ticket attack it is…

Uso di un socaas cover Giacomo Lanzi

Use cases of a SOCaaS for companies part 2

In the previous article we have seen the most common use cases of a SOCaaS , explaining how it can be useful for companies to use this tool to prevent cyber attacks and also explaining which are the most common Threat Models . In this article, however, we will take a closer look at some of the more common indicators…

Le applicazioni di Cyber Threat Analytics monitorano i log di sicurezza e il network per rilevare in maniera tempestiva eventuali infezioni malware (per esempio, gli attacchi zero day e i ransomware), la compromissione del sistema, le attività di “lateral movement”, pass-the-hash, pass-the-ticket e altre tecniche avanzate d’intrusione. L’uso di un SOCaaS permette di estrapolare dati da sorgenti come firewalls, proxy, VPN, IDS, DNS, endpoints, e da tutti i dispositivi connessi alla rete con lo scopo di identificare modelli dannosi come il “beaconing”, connessioni a domini generati digitalmente, azioni eseguite da robot e tutti i comportamenti anomali. Il nostro sistema SOCaaS è dotato di intelligenza artificiale che arricchisce e trasforma gli eventi SIEM, in modo da identificare le minacce nell'intero ambiente IT, includendo anche le applicazioni aziendali critiche.   ##Quali sono i vantaggi a livello aziendale? L’uso di un SOCaaS. Qui sotto è riportata una lista con soltanto alcuni dei vantaggi che l’uso di un SOCaaS può comportare:  •	Rilevamento delle violazioni più rapido •	Riduzione dell'impatto delle violazioni •	Risposte e indagini complete sulle minacce •	Minori costi di monitoraggio e gestione •	Costi di conformità inferiori •	Ricevere segnalazioni quantificate e non soggettive su minacce e rischi  ##Casi d’uso SOCaaS Dopo una panoramica generale sui vantaggi che potrebbe offrire all’azienda l’uso di un SOCaaS, vediamo in quali contesti viene normalmente impiegato: •	Esecuzione anomala del programma  •	Schema di traffico robotico indirizzato verso un sito Web dannoso, non classificato o sospetto •	Connessioni a domini generati digitalmente •	Query DNS insolite •	Possibile attività di comando e controllo •	Spike in byte verso destinazioni esterne •	Modello di traffico insolito (applicazione/porta) •	Rilevamenti di exploit •	Agenti utente rari •	Durata insolita della sessione •	Connessioni a IP o domini nella blacklist •	DDOS / attività di scansione delle porte •	Numero anomalo di richieste non riuscite o reindirizzate •	SPAM mirato/tentativi di phishing ##Threat Models Analizzando gli indicatori di minaccia è possibile rilevare comportamenti correlati su più origini di dati, per rilevando anche tutte quelle minacce che solitamente passano inosservate. Molteplici indicatori di minaccia che si verificano in uno schema e che coinvolgono entità simili tendono a presentare un maggior rischio di costituire una minaccia reale.  I Threat Models definiscono questi schemi e combinano le policy e gli indicatori di minaccia per rilevare i comportamenti correlati su più sorgenti di dati, identificando le minacce che potrebbero passare inosservate. In seguito sono riportati alcuni dei Threat Models più comuni. ###Rilevamento dei Lateral Movement Questo Threat Model rileva i possibili scenari di “lateral movement”, impiegati dagli aggressori per diffondersi progressivamente in una rete alla ricerca di risorse e dati chiave. Autenticazione anomala •	Account che accede ad un host mai raggiunto prima •	Enumerazione di host •	Uso di credenziali di account esplicite su più host •	Rilevato un tipo/processo di autenticazione sospetto Uso sospetto di privilegi •	Rilevata attività di provisioning anomala •	Rilevata escalation sospetta dei privilegi •	Accesso anomalo agli oggetti della condivisione della rete Processo anomalo •	Processo/MD5 inconsueto rilevato •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ###Rilevamento di host compromessi Questo modello viene impiegato per rilevare gli host che mostrano segni di infezione e compromissione mettendo in relazione le anomalie basate su host e rete sulla stessa entità Anomalie nel traffico in uscita •	Traffico verso domini generati casualmente •	Traffico verso host noti come malevoli rilevato •	Numero anomalo di domini contattati •	Possibile comunicazione C2 Anomalie nell’endpoint •	Raro processo o MD5 rilevato •	Rilevato un uso sospetto di porte/protocolli da parte del processo •	Raro agente utente rilevato ###Rilevazione APT Rileva gli attacchi alle reti informatiche sanitarie, in cui lo scopo dell’aggressore solitamente è quello di ottenere un accesso non autorizzato a una rete con l'intenzione di rimanere inosservato per un periodo prolungato. Recon •	Possibili tentativi di phishing •	Rilevata scansione ed enumerazione della rete •	Rilevata elusione dei controlli Delivery •	Traffico verso domini generati in modo casuale •	Rilevata anomalia del traffico DHCP •	Rilevato traffico verso host notoriamente dannosi Exploit •	Rilevata attività di account terminati •	Rilevato traffico DNS anomalo •	Rilevato un tipo/processo di autenticazione sospetto •	Account che accede a un host mai visitato prima •	Rilevata anomalia di velocità Esegui •	Rilevato processo raro •	Possibile comunicazione C2 rilevata •	Amplificazione DNS anomala Exfiltration •	Rilevata infiltrazione di canali nascosti •	Rilevato uploads di dati su rete vianetwork ###Phishing Questo modello è in grado di rilevare possibili tentativi di phishing verso utenti all'interno dell'organizzazione. E-mail sospette in entrata •	Campagne di target e di spear phishing •	Possibili tentativi di phishing •	Campagne di phishing persistenti •	Email da mittenti/domini/indirizzi IP noti nella blacklist •	Allegati e-mail sospetti Anomalie del traffico in uscita •	Traffico verso domini generati casualmente •	Traffico verso host maliziosi noti •	Numero anormale di domini rari acceduti •	Possibile comunicazione C2 rilevata •	Rilevati proxyredirect sospetti Anomalie nei processi •	Processo o MD5 insolito rilevato •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ###Enumerazione di Host/Account su LDAP Utilizzato, solitamente, per identificare potenziali asset o enumerazioni di account sulla rete da parte di entità maligne. Esecuzione di processi sospetti •	Processo/MD5 anomalo rilevato •	Uso di possibili set di strumenti di enumerazione AD •	Rilevato l'uso di strumenti e utilità malevoli Scansione della rete •	Possibili account AD/privilegi di enumerazione •	Conteggio dei servizi LDAPo SMB •	Numero anomalo di richieste di ticket di servizio Kerberos •	Port scanning Anomalie di autenticazione •	Account che accedono a un host per la prima volta •	Uso di account mai visti prima sulla rete •	Numero anormale di richieste di autenticazione fallite ###Ricognizione seguita da un potenziale sfruttamento Questo modello di minaccia mira a identificare i tentativi di ricognizione della rete che hanno avuto successo, seguiti da indicatori di sfruttamento. Scansione esterna •	Scansione delle porte da host esterni •	Enumerazione di host da host esterni Scansione della rete •	Possibile conteggio di account/privilegi AD •	Enumerazione di servizi LDAP •	Numero insolto di richieste di ticket di servizio Kerberos •	Picchi nel traffico LDAP •	Enumerazione di servizi SMB Anomalie nei processi •	Rilevamento dei processi o MD5 anomali •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ##Conclusioni Abbiamo visto quali sono i maggiori casi d’uso SOCaaS, dando uno sguardo su alcuni dei modelli di minaccia più comuni che include nel suo sistema di protezione. Per avere informazioni sui modelli di minaccia relativi ai malware e sugli identificatori di minaccia visitate questo articolo.  Per qualsiasi informazione noi di SOD siamo pronti a rispondere a qualsiasi domanda. Giacomo Lanzi

Use cases of a SOCaaS for companies part 1

Cyber ​​Threat Analytics applications monitor security logs and the network to promptly detect any malware infections (for example, attacks zero day ei ransomware ), the compromise of the system, the activities of “ lateral movement ”, pass-the-hash , pass-the-ticket and other advanced intrusion techniques. The use of a SOCaaS allows to extrapolate data from sources such as firewalls, proxies, VPN,…

NIST Cybersecurity Framework Giacomo Lanzi

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management. Written by the National Institute of…

Left of boom cover Giacomo Lanzi

“Left of boom” and “right of boom”: having a winning strategy

When we talk about “left of boom” or “right of boom” we are referring to a concept that may appear superficial. Instead, it is a powerful tool that offers the ability to analyze security conflicts from both a offensive and a defensive perspective. In a hypothetical timeline of an attack, what is left of boom refers to what happens first….

Smishing Giacomo Lanzi

Smishing: a fraud similar to phishing

Cybercrime is increasingly targeting mobile devices and is constantly evolving. On social networks and through our personal contacts we increasingly receive scam attempts disguised as simple invitations. From the reports and press releases of the postal police we can see how in recent years the cases of Smishing have been increasing , which every year cause substantial economic damage to…

Network Traffic Analyzer Giacomo Lanzi

Network Traffic Analyzer: an extra gear for the Next Gen SIEM

Businesses today have a hard time detecting hackers’ sophisticated intrusion techniques. To stem security problems, you need to use the combination of several elements. These elements are: accurate monitoring of network traffic, user actions and system behavior. The Network Traffic Analyzer tools can analyze and monitor traffic in order to detect anomalies, even the most difficult to identify. At SOD,…

importanza cyber threat intelligence cover Giacomo Lanzi

The importance of Cyber Threat Intelligence

L’importanza della cyber threat intelligence è evidente quando si capisce che cosa sia e quali rischi un’azienda corre se la trascura.

purple team cover Giacomo Lanzi

Red Team, Blue Team and Purple Team: what are the differences?

When it comes to cyber security and is on the side of the attackers, we often just think in terms of defense, protection and containment of threats. However, the best approach is one in which you put yourself in the shoes of the attackers and see your infrastructure as the target of your actions. Only in this way is it…

Attacco Magecart Hacker Giacomo Lanzi

Magecart attack: what it is and how to protect yourself

Every day we hear about some new technology threats or vulnerabilities. Lately we talk about the data collection attack known as “Magecart”. Let’s try to understand what it is and how we can do to defend ourselves. Magecart is a large group of hackers as well as a typical attack that mainly targets online shopping carts. This type of attack…

phishing con pdf cover Giacomo Lanzi

The latest PDF phishing trends of 2020

There was a dramatic 1160% increase in malicious PDF files in 2019-2020. It went from 411,800 malicious files to 5,224,056. PDF files are an enticing vector of phishing as they are cross-platform and allow attackers to engage more users, making their scam schemes more credible than a text email with a simple link. To lure users to click on links…

cybersecurity predittiva Giacomo Lanzi

Predictive cybersecurity with our SOCaaS

Today, facing an attack in a corporate SOC is very similar to being under attack without knowing which direction the blow is coming from. The threat intelligence can keep you informed of security issues. However, in many cases, this information is only provided when you are already under attack, and is rarely very useful except in retrospect. It would take…

Air-fi Rete locale Giacomo Lanzi

Air-Fi: attacking computers that are disconnected and without network hardware is possible

To keep secret information out of reach of attackers, organizations place it on devices that are not connected to any network. This is to avoid any possibility of communication with the Internet. These machines are called air-gapped . As safe as it may seem, infecting such a machine or network segment isn’t actually that difficult. Extracting the information obtained is…

esempi di phishing cover Giacomo Lanzi

Examples of phishing: the latest campaigns mentioned by the CSIRT

Successful phishing attacks are increasing rapidly and so is the variety of forms they come in. Today I want to bring a couple of examples of phishing reported in the last period on the Italian territory by the CSIRT ( Computer Security Incident Response Team ). Millions of users around the world are put at risk every day, statistically, one…

event overload code Giacomo Lanzi

Event Overload? Our SOCaaS can help!

The data that a corporate IT infrastructure generates every day has always been a lot, but never as in recent years has there been an event overload (event overload) of such vast proportions. This is due to the increasing number of applications used by companies and employees for routine operations. Each of the applications used, in fact, generates a certain…

c Giacomo Lanzi

Business email compromise (BEC) schemes

Over the years, scammers have stolen millions of dollars from businesses by compromising their official email accounts and using them to request fraudulent wire transfers . Technically these schemes, which are in effect scams, are called Business Email Compromise . There has been an increase in cyber intrusions related to Business Email Compromise schemes, involving scammers posing as executives ….

XDR laptop Giacomo Lanzi

XDR as an approach to security

Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response . XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense . What exactly is XDR? XDR is an alternative to traditional responsive approaches that only provide layer…

Threat Intelligence Virtual Giacomo Lanzi

What is threat intelligence?

threat intelligence data provides companies with relevant and timely insights they need to understand, predict, detect and respond to cybersecurity threats . Threat intelligence solutions collect, filter and analyze large volumes of raw data related to existing or emerging sources of threats. The result is threat intelligence feeds and management reports. Data scientists and security teams use these feeds and…

data loss prevention data protection Giacomo Lanzi

Data Loss Prevention: definition and uses

data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA,…

shoulder surfing cafeteria Giacomo Lanzi

Prevent shoulder surfing and theft of corporate credentials

The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is…

Giacomo Lanzi

Machine learning and cybersecurity: UEBA applications and security

The cost of cybercrime has now outstripped the ability to keep up. Gartner, a multinational security and analytics company in the field of technology, predicted that world spending on cybersecurity will be 16 times lower than damage caused. To address this challenge, organizations are now turning to machine learning and artificial intelligence for cybersecurity, trying to fill in the gaps….

Logic time bomb Giacomo Lanzi

Logic Bomb: what they are and how to prevent them

A logic bomb, also called slug code , is a piece of code inserted into an application, virus or malware that implements a malicious function after a certain time limit or under conditions specifications. These “bombs” are often used via viruses, worms and Trojans to better manage your time and do maximum damage before you are noticed . They perform…

Pass the hash Giacomo Lanzi

Pass the hash: how to gain access without password

Since the Internet has become widespread, tremendous progress has been made in awareness of the use of passwords. By now everyone knows what best practices are for setting a password (avoid standard passwords, use letters and numbers, avoid dates of birth, etc.). However, there is not much to rest assured, because hackers have another trick that could put your accounts…

Monitoring SIEM Analisi dati Giacomo Lanzi

SIEM monitoring: best practices

As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…

cyber threat hunting IT specialist Giacomo Lanzi

Cyber Threat Hunting: on the hunt for security threats

Cyber Threat Hunting is a proactive security search across networks, endpoints and datasets to hunt down malicious, suspicious or risky activities that have escaped detection by existing tools. Definition There is a distinction between malware detection and cyber threat hunting . Threat detection is a passive approach to monitoring data and systems to identify potential security problems. However, it is…

Ethical Hacking Matrix Giacomo Lanzi

Ethical hacking: defending knowing how to attack

Ethical hacking means the application for good of hacking techniques. The term “hacker” was coined in the 1960s at the Massachusetts Institute of Technology (MIT) to describe experts who used their skills to re-develop mainframe systems, increasing their efficiency and allowing them to perform more tasks. Nowadays, the term normally describes experienced programmers who gain unauthorized access to computer systems…

Cyber Security Cover Giacomo Lanzi

What is Cyber Security? Definition and proposals

Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as Information Technology Security and Electronic Information Security . The term applies in a wide variety of contexts, from business to mobile computing and can be divided into a few common categories. We can divide cyber security…

Tecniche spammer cover Giacomo Lanzi

Spammer techniques: how do they exploit e-mail?

Spam seems to reach every single email account we use , no matter how careful we are or what the address provider is. How do spammers get all of our email addresses? Can we do something to hide our email address from common spammer techniques? Unfortunately, there’s not much you can do to stop spammers from bombarding you with emails….

Zombie Phishing  protezione Giacomo Lanzi

Zombie phishing: beware of emails, it could be zombies

Out of nowhere, someone replies to an email conversation dated months ago. This is a real conversation that actually happened. Maybe it’s about a meeting, a job opportunity. This email seems very relevant, but beware, it could be zombie phishing . Indeed, something is wrong, the topic discussed has been over for months and now there is a strange error…

ingegneria sociale email Giacomo Lanzi

Social engineering: how hackers scam their victims

Social engineering is the term used for a wide range of malicious activities performed through human interactions. It uses psychological manipulation to trick users into making security mistakes or provide sensitive information. Then, with that information, the hacker is able to successfully carry out targeted attacks, such as data theft, a ransomware or a ‘ interruption of services. Social engineering…

Cos'e' il phishing - Cover Giacomo Lanzi

What is phishing? Understanding and identifying social engineering attacks

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers . Occurs when an attacker, disguised as a trusted entity , tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to malware…

Evitare il Ransomware Cover Giacomo Lanzi

Avoid Ransomware: That’s why it’s best not to take any risks

ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it…

Zero-Day Attck Giacomo Lanzi

Zero-Day attack: what they are and how to defend yourself with SOCaaS

A Zero-Day attack (also known as 0-day) exploits a software vulnerability unknown to security officers and the software vendor. Hackers can exploit the weakness, as long as it is not mitigated, through Zero-Day exploit or, indeed, attack. The term “zero-day” originally referred to the number of days after the software was released. A “zero-day” software, therefore, meant a program obtained…

Data Exfiltration cover Giacomo Lanzi

Data Exfiltration: defense against data theft

A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device. Data exfiltration typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and cell phones, through various cyberattack methods. Failure to control information security can lead to data loss which can cause financial and reputational damage to…

WastedLocker Ransomware Giacomo Lanzi

WastedLocker: Next generation ransomware

WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It is known for its high ransom demands reaching millions of dollars per victim. It is the product of a group of highly skilled cyber criminals who have been operating for over a decade: Evil Corp. Who is behind WastedLocker Ransomware The group behind WastedLocker…

Ransomware Critici Cover Giacomo Lanzi

Critical ransomware: examples of successful attacks

There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals…

Cos'è un MSSP Giacomo Lanzi

What is an MSSP and what are its advantages

The IT world continues to evolve and the same goes for industry acronyms. One of these is the term MSSP which, in a sense, is the evolution of MSP. The two abbreviations mean: Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). The latter, in general, could be considered as an organization that provides outsourced security services to other…

Long-term Search Cover Giacomo Lanzi

Long-term search: what’s new in the SOCaaS service

Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity…

shadow IT Giacomo Lanzi

Shadow IT: an overview

The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services. While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due…

Insider Threat, le minacce dall'interno Giacomo Lanzi

Insider threat: identifying and fighting them

Insider threats are difficult to spot because they come from within your organization. Employees, contractors and partners require different levels of login credentials in order to perform their work. Attackers can trick these insiders into accessing them or offering them money to knowingly steal valuable information from the company. Traditional security solutions focus on protecting the organization from external attackers….

UEBA Giacomo Lanzi

UEBA: Behavior Analysis Explained

Classic cyber threat defense tools and systems are rapidly becoming obsolete, and there are ways to overcome them. What remains confidently common among cyber criminals attempting an attack is the intent of the attack itself. Indeed, knowing that there are systems capable of detecting indicators of compromise (IOC), it is natural that competent hackers will try not to leave traces…

SOAR Giacomo Lanzi

SOAR: coordination for cyber security

SOAR (Security Orchestration, Automation and Response) technology helps coordinate, execute and automate activities between people and tools, enabling companies to respond quickly to cyber security attacks. The aim is to improve their overall security position. SOAR tools use playbooks (strategies and procedures) to automate and coordinate workflows which may include security tools and manual tasks. How does SOAR help in…

SOAR Security Orchestration Giacomo Lanzi

SOAR: what it is and how it can be useful for companies

An increasing number of companies leverage SOAR to improve the effectiveness of their cybersecurity operations. In this article, we explain how harnessing the value of SOAR could be crucial to improving the security of your organization. What is SOAR? Coined by the research firm Gartner, Security Orchestration, Automation and Response (SOAR) is a term used to describe the convergence of…

Next Generation SIEM Giacomo Lanzi

Next Generation SIEM: where are we?

SIEM has existed for quite some time, but it is not yet well understood. Also, the fact that technology has evolved significantly in recent years doesn’t help shed some light. Today we see where we are, trying to understand the Next Generation SIEM and the managed systems offered as services that make use of the latest generation SIEM (SOCaaS, for…

Standard ISO 27001 Giacomo Lanzi

Does ISO 27001 standard require a Pentest?

A legitimate question that often arises is whether the Penetration Test is necessary for compliance with the ISO 27001 standard. To fully understand the answer, it is necessary to clarify what is meant by these terms and to understand the relationship between all the components of the certification. ISO 27001 standard A technical standard, also incorrectly called a standard, is…

SIEM informatica Giacomo Lanzi

SIEM in computer science: history

A SIEM solution in IT is one of the essential components of a SOC (Security Operation Center). Its task is to collect information and analyze it in search of anomalies and possible breaches in the system. But the defense process hasn’t always been that simple. What we now call SIEM, Security Information and Event Management, is the union of two…

SIEM - Raccolta e analisi dei dati Giacomo Lanzi

SIEM software: what it is and how it works

Evolving beyond its roots in log file management, today’s security information and event management (SIEM) software vendors are introducing AI, advanced statistical analysis and other analytical methods into their products. . But what is SIEM software and what are its uses? SIEM software Acronym for Security Information and Event Management, it is a product that provides cyber security professionals in…

Network Lateral Movement Giacomo Lanzi

What is a Network Lateral Movement and how to defend yourself

During a cyber attack, hackers have only one goal in mind. This goal could be accessing a developer’s machine and stealing a project’s source code, analyzing emails from a particular executive, or extracting customer data from a server. All they have to do is log into the machine or system that contains the data they want, right? Not exactly. Actually,…

Mitre Att&ck cover Giacomo Lanzi

Mitre Att&ck ™: an overview

Mitre Att&ck is a global knowledge base of adversary tactics and techniques based on real observations of cyber attacks. These are displayed in arrays organized by attack tactics, from initial system access and data theft to machine control. There are arrays for common desktop platforms (Linux, macOS and Windows) and for mobile ones. What is MITRE ATT&CK ™ and what does…

SOCaaS - Post Cover Giacomo Lanzi

Is SOCaaS useful for your business?

In today’s article, we’ll explain what a Security Operations Center (SOC) is and help determine if a SOC-as-a-Service (SOCaaS) solution is right for your business. Just because you have to manage cybersecurity doesn’t mean your business has to deal with cybersecurity. In fact, your core business could be pretty much anything else. Proper management of IT security, however, is essential…

Sicurezza delle reti informatiche con il Pentest e il Vulnerability assessment Giacomo Lanzi

Computer network security: PT vs. VA

The security of computer networks is of vital importance for a company. With technologies increasingly relying on remote services, it is good to ensure that security is guaranteed. To do this, two tools are used: Vulnerability Assessment and Penetration Test. But what is the difference between them? The answer to this question is not as obvious as one might think….

pentest e sicurezza informatica Giacomo Lanzi

Security: pentest and verification of vulnerabilities

The computer security of a system is very important to avoid unpleasant inconveniences due to malicious attacks. In principle, it is not enough to set up a complete security system, you must also check that the above systems are working. To do this we turn to professionals who can carry out pentest (penetration tests) and carry out a vulnerability check….

Piergiorgio Venuti

Path traversal in Photo Gallery (WordPress plugin)

Path traversal in Photo Gallery may allow admins to read most files on the filesystem (WordPress plugin)

Piergiorgio Venuti

CVE-2017-7620 Mantis Bug Tracker

CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

Piergiorgio Venuti

WordPress Newsletter Supsystic 1.1.7

WordPress Newsletter Supsystic 1.1.7 – Cross Site Scripting Vulnerability

Piergiorgio Venuti

[CVE-2017-5868] OpenVPN Access Server

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation

Piergiorgio Venuti

Linux Kernel Privilege Escalation

SSD Advisory – Linux Kernel XFRM Privilege Escalation

Piergiorgio Venuti

SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

Piergiorgio Venuti

SSD Advisory – Webmin Multiple Vulnerabilities

Piergiorgio Venuti

SSD Advisory – PHP Melody Multiple Vulnerabilities

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities

Piergiorgio Venuti

WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts

Piergiorgio Venuti

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1

Piergiorgio Venuti

Exploit toolkit for CVE-2017-8759 – Microsoft .NET Framework RCE (Builder + listener + video tutorial)

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress PressForward Plugin Security Vulnerability

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress Podlove Podcast Publisher Plugin Security Vulnerability

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities

Piergiorgio Venuti

Stop User Enumeration allows user enumeration via the REST API (WordPress plugin)

Piergiorgio Venuti

Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?

Cyber Risk Insurance Piergiorgio Venuti

Cyber Risk Insurance

Cyber Risk Insurance In the light of the recent cyber attacks and the rise of ransomware (like WannaCry and Petya), Secure Online Desktop in collaboration with Broker Busani Stefano of Union Brokers (see BROKER PRESENTATION) is pleased to present the Cyber Risk Assurance Guarantee as a valuable tool to increase The security of your data. Cyber Risk Insurance – Description…

Piergiorgio Venuti

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

Piergiorgio Venuti

Joomla com_tag v1.7.6 – (tag) SQL Injection Vulnerability

Piergiorgio Venuti

Qualys Security Advisory – CVE-2017-1000367 in Sudo’s get_process_ttyname() for Linux

Piergiorgio Venuti

Defense in depth — the Microsoft way (part 48): privilege escalation for dummies — they didn’t make SUCH a stupid blunder?

Piergiorgio Venuti

Microsoft Dynamic CRM 2016 – Cross-Site Scripting vulnerability

Piergiorgio Venuti

Executable installers are vulnerable^WEVIL (case 52): escalation of privilege with Microsoft’s .NET Framework installers

Piergiorgio Venuti

Reflected XSS in WordPress Download Manager could allow an attacker to do almost anything an admin can (WordPress plugin)

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: WordPress All In One Rich Snippets Plugin Security Vulnerability

Piergiorgio Venuti

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation

Piergiorgio Venuti

Stealing Windows Credentials Using Google Chrome

Piergiorgio Venuti

WordPress EELV Newsletter v4.5 – Multiple Vulnerabilities

Piergiorgio Venuti

Ransomware & BaaS

Episodes like the one that happened yesterday remind us more and more of the importance of having a backup. Backup in Cloud can be a valuable countermeasure to Ransomware (to know more about Ransomware see the comprehensive guide about Ransomware from Cloudwards).  

Piergiorgio Venuti

DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities



More Articles…

Categories …


RSS Dark Reading

RSS Full Disclosure

  • / Unauthenticated Remote Command Execution October 3, 2022
    Posted by malvuln on Oct 03Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 7401. Third-party adversarys who can reach infected systems can issue commands made available by the...
  • Backdoor.Win32.NTRC / Weak Hardcoded Credentials October 3, 2022
    Posted by malvuln on Oct 03Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32 MD5: 273fd3f33279cc9c0378a49cf63d7a06 Vuln ID: MVID-2022-0646 Disclosure: 10/02/2022 Description: The malware listens on TCP port 6767....
  • Wordpress plugin - WPvivid Backup - CVE-2022-2863. October 3, 2022
    Posted by Rodolfo Tavares via Fulldisclosure on Oct 03=====[ Tempest Security Intelligence - ADV-15/2022 ]========================== Wordpress plugin - WPvivid Backup - Version < 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ […]
  • ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634) October 1, 2022
    Posted by Caio B on Sep 30#######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: CVE: CVE-2022-36634 Vulnerability: User privilege escalation #######################CREDIT####################### This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. #######################INTRODUCTION####################### Based on the hybrid biometric technology and...
  • ZKBiosecurity - Authenticated SQL Injection resulting in RCE (CVE-2022-36635) October 1, 2022
    Posted by Caio B on Sep 30#######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco ( Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection (with a plus: RCE) #######################CREDIT####################### This vulnerability was discovered and researched by Caio Burgardt and Silton Santos....
  • Backdoor.Win32.Augudor.b / Remote File Write Code Execution September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The malware drops an empty file named "zy.exe" and listens on TCP port 810. Third-party adversaries who can reach the infected […]
  • Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP port 8888 and requires authentication. However, the password "4174" is weak and hardcoded in cleartext within the PE...
  • Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials September 27, 2022
    Posted by malvuln on Sep 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware is packed using ASPack 2.11, listens on TCP port 22 and requires authentication. However, the password "let me in" is weak […]
  • SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon September 27, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27SEC Consult Vulnerability Lab Security Advisory < 20220923-0 > ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon (Diagnostic Log and Trace) Connected Vehicle Systems Alliance (COVESA), formerly GENIVI vulnerable version:
  • Backdoor.Win32.Hellza.120 / Authentication Bypass September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: Contact: malvuln13 () gmail com Media: Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can logon using any username/password combination....