Security

CIS Controls and Vulnerability Assessment: practical guide to adopting best practices
Critical Security Controls, also known as CIS Controls, are a series of cybersecurity actions and technologies developed to protect organizations from common and effective cyber attacks. This article explains what CIS is, the benefits of adopting CIS Controls and how to integrate them into the Vulnerability Assessment process to improve your security posture. What is CIS (Center for Internet Security)?…

Kerberoasting: a threat to cybersecurity and how to mitigate it with Security Posture analysis
Introduction Cyber security is a crucial aspect for companies and organizations of all sizes. One of the most insidious attacks in the IT security landscape is Kerberoasting. This type of attack exploits weaknesses in the Kerberos protocol, used to authenticate users in network systems. In this article, we will explore in detail this threat, its consequences and how to mitigate…

Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
Cybersecurity has become crucial for businesses of all sizes and industries. The growing complexity of cyber threats has made it necessary to use increasingly advanced tools and services to protect networks and devices. In this article, we will look at the differences between traditional antivirus software and a Security Operations Center (SOC) service with Endpoint Detection and Response (EDR) that…

CSIRT and SOC: Differences between incident management and security monitoring
Introduction The protection of corporate information has become an essential necessity for any organization. To achieve this goal, having teams specialized in IT security is essential. But what are the differences between a CSIRT and a SOC? And how can they complement each other? In this article we will analyze CSIRT and SOC in detail, highlighting similarities and differences between…

Security posture analysis: Complete guide to strengthening cybersecurity
The analysis of the security posture: how to evaluate the protection of the IT infrastructure Security posture analysis is a fundamental process for assessing the protection of an organization’s IT infrastructure against cyber threats. Knowing the strengths and weaknesses of IT security allows you to implement targeted controls to reduce cyber risks. What is Security Posture Analysis Security posture analysis,…

Deception vs EDR: What’s the Best Threat Defense Strategy?
Introduction Cybersecurity is a daily challenge for businesses, with threats constantly evolving. Two approaches that are emerging to strengthen your security posture are Deception technology and Endpoint Detection and Response (EDR) tools. But what are the differences and advantages of each? This article compares Deception and EDR to help choose the best strategy. What is Deception Technology? Deception technology uses…

Deception: Tricking Hackers to Secure Your Network
Deception: Comparison with Hackers on Their Ground “We pay hackers their own coin by using the same defenses and techniques that malware uses against computer systems by modeling the attackers’ decision-making process.” Introduction to Deception Deception is a proactive cybersecurity approach that uses traps or decoys to trick attackers into revealing their presence. By transforming the computer system into a…

Active Defense Deception: cybersecurity that beats hackers with their own weapons
We pay hackers their own coin by using the same defenses and techniques that malware uses against computer systems by modeling the attackers’ decision-making process. What is Active Defense Detection The Active Defense Deception is an innovative cybersecurity service offered by the Secure Online Desktop company to protect companies from the most sophisticated cyber attacks. It is a deception technology…

Deception: what it is, how it works and why it is essential for cybersecurity
Deception: what is it and what is it for? Cyberdeception, also known as “decemption“, is an emerging cybersecurity technique that is increasingly popular among companies. In this article we will see in detail what it is, how it works and what advantages it offers for protection against advanced cyber threats. What is deception? Cyberdeception or “decemption” is the deliberate distribution…

CSIRT: respond to IT incidents to protect the business
Introduction In recent years, cybersecurity has become a priority for all companies of all sizes. Cyber attacks are increasingly sophisticated and can cause serious damage, both economic and reputational. To protect themselves from attacks, companies must adopt 360-degree cybersecurity solutions, which include not only prevention tools but also incident detection and response tools. In this context, the CSIRT (Computer Security…

The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth
Introduction Ransomware attacks are becoming more common and lucrative for cybercriminals. In particular, the “double extortion” variant involves not only encrypting the victim’s data, but also stealing and threatening to publish it online for ransom. It is commonly believed that stolen data is not actually disclosed publicly, but remains confined to the dark web. In reality, things are not like…

False IT security myths: because backup, cloud, firewall and antivirus alone are no longer enough
Introduction Cyber security has become a major concern for businesses and individuals. With cyberattacks and data breaches on the rise, many still believe that solutions like data backup, cloud storage, firewalls, and antivirus are enough to protect their digital assets. However, these solutions alone are no longer enough to deal with today’s threats. In this article we will analyze why…

How to manage the “right boom” after a security incident with Log Management, IT monitoring and SOCaaS services
The “right boom” refers to the frenetic situation that occurs in the immediate aftermath of a major cybersecurity incident such as a data breach or ransomware attack. When a business suffers a breach, it’s critical to act quickly to contain the damage, restore systems, assist affected customers, and initiate a forensic investigation. This intense phase of activity is known as…

What is Threat Hunting activity and why is it included in SOCaaS services
In today’s digital world, cybersecurity has become a priority for companies of all sizes and industries. Cyberthreats are constantly evolving, and to stay ahead, organizations need to implement a variety of tactics and strategies. One of these is Threat Hunting, which has become a key component of SOCaaS (SOC as a Service). In this article, we’ll explore what exactly threat…

Protect your company with a continuous vulnerability assessment service: the perfect solution to integrate VA and PT
Cybersecurity has become a fundamental pillar of modern businesses, and with the increase of threats and risks, it is imperative to adopt ever more advanced protection measures. In this context, the Vulnerability Assessment (VA) and the Penetration Test (PT) play a crucial role. However, it is also necessary to consider the importance of an ongoing vulnerability assessment service to guarantee…

Advanced Persistent Threat (APT): because they make the backup system useless and the false perception of security
Index Introduction Cybersecurity is an area of growing importance to businesses, due to the increase in frequency and complexity of cyberattacks. One of the more insidious threats are Advanced Persistent Threats (APTs), which can penetrate computer systems and remain hidden for long periods, causing long-term damage. In this article, we’ll look at APTs and why they render your backup system…

Ethical Phishing: the key to protecting your business from cyber threats
Index Introduction In the digital age, cyber security has become a priority for all businesses. One of the most insidious threats is phishing, a social engineering technique used to steal sensitive information by sending fraudulent emails. To combat this threat, it is imperative that companies implement effective security measures, including Ethical Phishing campaigns. In this article, we’ll explore why every…

Why it is essential to carry out the Internal Penetration Test as well as the external one: a complete guide to IT security
In an increasingly connected and digitized world, cyber security has become a major concern for businesses. An effective protection system must provide for the implementation of both external and internal measures to ensure maximum security of data and company resources. In this article, we will explore the importance of performing Internal as well as external Penetration Testing and how Secure…

The SOAR benefits: simplifying investigation and response
The growing impact of cyber threats, on private or corporate operating systems, leads more and more users to use third-party applications to protect work information. Fortunately, the implementation of new technologies improves this condition. Among the most interesting solutions, aimed at protecting corporate systems, is the SOAR technology with its benefits. What are the potential and the advantages that a…

Security Code Review: How the service works
The Security Code Review (SCR) service is increasingly used by companies looking for effective solutions for cyber security . The large number of programming languages require well-defined security parameters to benefit from thorough control. Thanks to our dedicated service for Security Code Review it is possible to identify critical defects and serious data breaches without necessarily investing a significant budget….

Integration of the automated response: the automations in SOCaaS
The issue of information security is very topical in this historical period characterized by digitization. To protect themselves, businesses and individuals can use a variety of tools that can prevent an attack, but also help manage it. In this article we talk about Automated Response Integration and the automations in the SOCaaS offered by SOD . Although the systems used…
Coordination between CTI and SOC: how to further raise the defenses
The Cyber Threat Intelligence (CTI) and a Security Operations Center (SOC) are two important parts in a company’s security process. They help identify and mitigate the risks involved in the digital world. CTI is a proactive measure that helps identify potential threats, while SOC is a reactive measure that helps detect and mitigate an attack. Together, CTI and SOC are…

Quality certificate for the SOCaaS of SOD
The technology we use to deliver our SOCaaS has been awarded a quality certificate . Today we want to talk about this, explaining again what a SOC is and why a SOCaaS is an ideal solution for companies. Of course, we will also explain what it is about when we talk about the quality certificate and how this ensures excellent…

Managed Detection and Response: a new preventive approach
The constant use of communications over the network in a corporate context makes it essential to take precautions for computer security. As we have seen on other occasions, the dangers can come from different fronts: phishing , ransomware , data breach , etc. The implementation of new strategies such as Managed Detection and Response allows to mitigate risks and identify…

CLUSIT: our collaboration for better services
Cyber security is an important point for all companies that use the network as a communication tool. This is why we have decided to carry out a fundamental operation that allows us to offer a better service to our customers . We have partnered with CLUSIT to make our services even more professional. A fundamental-collaboration to improve and improve The…

The use of artificial intelligence in monitoring
When we refer to artificial intelligence, we often refer to the great technologies that could control the world, with an obvious streak of science fiction. The reality is very different and is characterized by a technology with great potential, which is able to ensure countless advantages . Today we talk about how artificial intelligence can be implemented in monitoring. The…

The certifications of the SOD Red Team
In order to keep the eye on your IT infrastructure, hire a Red Team with certifications it is the ideal choice . The analyzes carried out by a certified Red Team are aimed at the protection and prevention of attacks and data losses. Obviously, an in house Red Team would require hefty hiring costs and a constant financial effort to…

The benefits of good log management
When we talk about log management we refer to a precise process which consists of the centralized collection of data that comes from different operating environments such as: devices, databases, applications and much more. Logs are produced by various system events , many of which are particularly important in the business environment. So let’s see some important details regarding log…

Ransomware: recent news 2020/21
As we know, a ransomware is a malware that aims to extort money from victims . The means it uses is encryption to encrypt victim data, both local and in the cloud, and make it inaccessible. The ransomware is therefore a real cyber blackmail : if the victim refuses to pay the requested sum, not only would he be denied…
CTI (Cyber Threat Intelligence): how does it work?
Today we are talking about the CTI update of our services. Data security is an aspect that must always be taken into consideration to prevent data from being stolen in any way. Network problems When you have a presence connected to the network, especially if it contains sensitive data, the potential threats to which you are exposed are manifold. The…
Autonomous Threat Sweeper: the news of SOCaaS
Today we see one of the latest additions to our SOCaaS, the Autonomous Threat Sweeper (ATS) . A system able to support SOC in an innovative way and protect against the most innovative threats. The Privacy Guarantor, through the provision dated May 27, 2021, has introduced some changes regarding the violation of sensitive and personal data. A particular reference was…

What is really a cyber threat
Cyberattacks are numerous and do not distinguish between companies and individuals when targeting a target. You’ve most likely heard the term “cyber threat” in the media before, but what exactly are we talking about? Other ways you may have heard this are “cyberthreat”, “cyberattack” or similar. What is a Cyber Threat? Today the term “cyber threat” is used predominantly in…

Hadoop Open Data Model: “open” data collection
With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we…

Pass the Ticket: how to mitigate it with a SOCaaS
Every year the number of attacks that threaten the security of devices, computer systems, servers and network infrastructures is growing steadily. This is done by taking advantage of the vulnerabilities present in these systems. Among the many types of attacks, particular attention must be paid to the pass the ticket (PTT) attack. With a pass the ticket attack it is…

Use cases of a SOCaaS for companies part 2
In the previous article we have seen the most common use cases of a SOCaaS , explaining how it can be useful for companies to use this tool to prevent cyber attacks and also explaining which are the most common Threat Models . In this article, however, we will take a closer look at some of the more common indicators…

Use cases of a SOCaaS for companies part 1
Cyber Threat Analytics applications monitor security logs and the network to promptly detect any malware infections (for example, attacks zero day ei ransomware ), the compromise of the system, the activities of “ lateral movement ”, pass-the-hash , pass-the-ticket and other advanced intrusion techniques. The use of a SOCaaS allows to extrapolate data from sources such as firewalls, proxies, VPN,…

NIST Cybersecurity Framework
The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management. Written by the National Institute of…

“Left of boom” and “right of boom”: having a winning strategy
When we talk about “left of boom” or “right of boom” we are referring to a concept that may appear superficial. Instead, it is a powerful tool that offers the ability to analyze security conflicts from both a offensive and a defensive perspective. In a hypothetical timeline of an attack, what is left of boom refers to what happens first….

Smishing: a fraud similar to phishing
Cybercrime is increasingly targeting mobile devices and is constantly evolving. On social networks and through our personal contacts we increasingly receive scam attempts disguised as simple invitations. From the reports and press releases of the postal police we can see how in recent years the cases of Smishing have been increasing , which every year cause substantial economic damage to…

Network Traffic Analyzer: an extra gear for the Next Gen SIEM
Businesses today have a hard time detecting hackers’ sophisticated intrusion techniques. To stem security problems, you need to use the combination of several elements. These elements are: accurate monitoring of network traffic, user actions and system behavior. The Network Traffic Analyzer tools can analyze and monitor traffic in order to detect anomalies, even the most difficult to identify. At SOD,…

The importance of Cyber Threat Intelligence
L’importanza della cyber threat intelligence è evidente quando si capisce che cosa sia e quali rischi un’azienda corre se la trascura.

Red Team, Blue Team and Purple Team: what are the differences?
When it comes to cyber security and is on the side of the attackers, we often just think in terms of defense, protection and containment of threats. However, the best approach is one in which you put yourself in the shoes of the attackers and see your infrastructure as the target of your actions. Only in this way is it…

Magecart attack: what it is and how to protect yourself
Every day we hear about some new technology threats or vulnerabilities. Lately we talk about the data collection attack known as “Magecart”. Let’s try to understand what it is and how we can do to defend ourselves. Magecart is a large group of hackers as well as a typical attack that mainly targets online shopping carts. This type of attack…

The latest PDF phishing trends of 2020
There was a dramatic 1160% increase in malicious PDF files in 2019-2020. It went from 411,800 malicious files to 5,224,056. PDF files are an enticing vector of phishing as they are cross-platform and allow attackers to engage more users, making their scam schemes more credible than a text email with a simple link. To lure users to click on links…

Predictive cybersecurity with our SOCaaS
Today, facing an attack in a corporate SOC is very similar to being under attack without knowing which direction the blow is coming from. The threat intelligence can keep you informed of security issues. However, in many cases, this information is only provided when you are already under attack, and is rarely very useful except in retrospect. It would take…

Air-Fi: attacking computers that are disconnected and without network hardware is possible
To keep secret information out of reach of attackers, organizations place it on devices that are not connected to any network. This is to avoid any possibility of communication with the Internet. These machines are called air-gapped . As safe as it may seem, infecting such a machine or network segment isn’t actually that difficult. Extracting the information obtained is…

Examples of phishing: the latest campaigns mentioned by the CSIRT
Successful phishing attacks are increasing rapidly and so is the variety of forms they come in. Today I want to bring a couple of examples of phishing reported in the last period on the Italian territory by the CSIRT ( Computer Security Incident Response Team ). Millions of users around the world are put at risk every day, statistically, one…

Event Overload? Our SOCaaS can help!
The data that a corporate IT infrastructure generates every day has always been a lot, but never as in recent years has there been an event overload (event overload) of such vast proportions. This is due to the increasing number of applications used by companies and employees for routine operations. Each of the applications used, in fact, generates a certain…

Business email compromise (BEC) schemes
Over the years, scammers have stolen millions of dollars from businesses by compromising their official email accounts and using them to request fraudulent wire transfers . Technically these schemes, which are in effect scams, are called Business Email Compromise . There has been an increase in cyber intrusions related to Business Email Compromise schemes, involving scammers posing as executives ….

XDR as an approach to security
Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response . XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense . What exactly is XDR? XDR is an alternative to traditional responsive approaches that only provide layer…

What is threat intelligence?
threat intelligence data provides companies with relevant and timely insights they need to understand, predict, detect and respond to cybersecurity threats . Threat intelligence solutions collect, filter and analyze large volumes of raw data related to existing or emerging sources of threats. The result is threat intelligence feeds and management reports. Data scientists and security teams use these feeds and…

Data Loss Prevention: definition and uses
data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA,…

Prevent shoulder surfing and theft of corporate credentials
The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is…
Machine learning and cybersecurity: UEBA applications and security
The cost of cybercrime has now outstripped the ability to keep up. Gartner, a multinational security and analytics company in the field of technology, predicted that world spending on cybersecurity will be 16 times lower than damage caused. To address this challenge, organizations are now turning to machine learning and artificial intelligence for cybersecurity, trying to fill in the gaps….

Logic Bomb: what they are and how to prevent them
A logic bomb, also called slug code , is a piece of code inserted into an application, virus or malware that implements a malicious function after a certain time limit or under conditions specifications. These “bombs” are often used via viruses, worms and Trojans to better manage your time and do maximum damage before you are noticed . They perform…

Pass the hash: how to gain access without password
Since the Internet has become widespread, tremendous progress has been made in awareness of the use of passwords. By now everyone knows what best practices are for setting a password (avoid standard passwords, use letters and numbers, avoid dates of birth, etc.). However, there is not much to rest assured, because hackers have another trick that could put your accounts…

SIEM monitoring: best practices
As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…

Cyber Threat Hunting: on the hunt for security threats
Cyber Threat Hunting is a proactive security search across networks, endpoints and datasets to hunt down malicious, suspicious or risky activities that have escaped detection by existing tools. Definition There is a distinction between malware detection and cyber threat hunting . Threat detection is a passive approach to monitoring data and systems to identify potential security problems. However, it is…

Ethical hacking: defending knowing how to attack
Ethical hacking means the application for good of hacking techniques. The term “hacker” was coined in the 1960s at the Massachusetts Institute of Technology (MIT) to describe experts who used their skills to re-develop mainframe systems, increasing their efficiency and allowing them to perform more tasks. Nowadays, the term normally describes experienced programmers who gain unauthorized access to computer systems…

What is Cyber Security? Definition and proposals
Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as Information Technology Security and Electronic Information Security . The term applies in a wide variety of contexts, from business to mobile computing and can be divided into a few common categories. We can divide cyber security…

Spammer techniques: how do they exploit e-mail?
Spam seems to reach every single email account we use , no matter how careful we are or what the address provider is. How do spammers get all of our email addresses? Can we do something to hide our email address from common spammer techniques? Unfortunately, there’s not much you can do to stop spammers from bombarding you with emails….

Zombie phishing: beware of emails, it could be zombies
Out of nowhere, someone replies to an email conversation dated months ago. This is a real conversation that actually happened. Maybe it’s about a meeting, a job opportunity. This email seems very relevant, but beware, it could be zombie phishing . Indeed, something is wrong, the topic discussed has been over for months and now there is a strange error…

Social engineering: how hackers scam their victims
Social engineering is the term used for a wide range of malicious activities performed through human interactions. It uses psychological manipulation to trick users into making security mistakes or provide sensitive information. Then, with that information, the hacker is able to successfully carry out targeted attacks, such as data theft, a ransomware or a ‘ interruption of services. Social engineering…

What is phishing? Understanding and identifying social engineering attacks
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers . Occurs when an attacker, disguised as a trusted entity , tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to malware…

Avoid Ransomware: That’s why it’s best not to take any risks
ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it…

Zero-Day attack: what they are and how to defend yourself with SOCaaS
A Zero-Day attack (also known as 0-day) exploits a software vulnerability unknown to security officers and the software vendor. Hackers can exploit the weakness, as long as it is not mitigated, through Zero-Day exploit or, indeed, attack. The term “zero-day” originally referred to the number of days after the software was released. A “zero-day” software, therefore, meant a program obtained…

Data Exfiltration: defense against data theft
A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device. Data exfiltration typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and cell phones, through various cyberattack methods. Failure to control information security can lead to data loss which can cause financial and reputational damage to…

WastedLocker: Next generation ransomware
WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It is known for its high ransom demands reaching millions of dollars per victim. It is the product of a group of highly skilled cyber criminals who have been operating for over a decade: Evil Corp. Who is behind WastedLocker Ransomware The group behind WastedLocker…

Critical ransomware: examples of successful attacks
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals…

What is an MSSP and what are its advantages
The IT world continues to evolve and the same goes for industry acronyms. One of these is the term MSSP which, in a sense, is the evolution of MSP. The two abbreviations mean: Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). The latter, in general, could be considered as an organization that provides outsourced security services to other…

Long-term search: what’s new in the SOCaaS service
Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity…

Shadow IT: an overview
The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services. While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due…

Insider threat: identifying and fighting them
Insider threats are difficult to spot because they come from within your organization. Employees, contractors and partners require different levels of login credentials in order to perform their work. Attackers can trick these insiders into accessing them or offering them money to knowingly steal valuable information from the company. Traditional security solutions focus on protecting the organization from external attackers….

UEBA: Behavior Analysis Explained
Classic cyber threat defense tools and systems are rapidly becoming obsolete, and there are ways to overcome them. What remains confidently common among cyber criminals attempting an attack is the intent of the attack itself. Indeed, knowing that there are systems capable of detecting indicators of compromise (IOC), it is natural that competent hackers will try not to leave traces…

SOAR: coordination for cyber security
SOAR (Security Orchestration, Automation and Response) technology helps coordinate, execute and automate activities between people and tools, enabling companies to respond quickly to cyber security attacks. The aim is to improve their overall security position. SOAR tools use playbooks (strategies and procedures) to automate and coordinate workflows which may include security tools and manual tasks. How does SOAR help in…

SOAR: what it is and how it can be useful for companies
An increasing number of companies leverage SOAR to improve the effectiveness of their cybersecurity operations. In this article, we explain how harnessing the value of SOAR could be crucial to improving the security of your organization. What is SOAR? Coined by the research firm Gartner, Security Orchestration, Automation and Response (SOAR) is a term used to describe the convergence of…

Next Generation SIEM: where are we?
SIEM has existed for quite some time, but it is not yet well understood. Also, the fact that technology has evolved significantly in recent years doesn’t help shed some light. Today we see where we are, trying to understand the Next Generation SIEM and the managed systems offered as services that make use of the latest generation SIEM (SOCaaS, for…

Does ISO 27001 standard require a Pentest?
A legitimate question that often arises is whether the Penetration Test is necessary for compliance with the ISO 27001 standard. To fully understand the answer, it is necessary to clarify what is meant by these terms and to understand the relationship between all the components of the certification. ISO 27001 standard A technical standard, also incorrectly called a standard, is…

SIEM in computer science: history
A SIEM solution in IT is one of the essential components of a SOC (Security Operation Center). Its task is to collect information and analyze it in search of anomalies and possible breaches in the system. But the defense process hasn’t always been that simple. What we now call SIEM, Security Information and Event Management, is the union of two…

SIEM software: what it is and how it works
Evolving beyond its roots in log file management, today’s security information and event management (SIEM) software vendors are introducing AI, advanced statistical analysis and other analytical methods into their products. . But what is SIEM software and what are its uses? SIEM software Acronym for Security Information and Event Management, it is a product that provides cyber security professionals in…

What is a Network Lateral Movement and how to defend yourself
During a cyber attack, hackers have only one goal in mind. This goal could be accessing a developer’s machine and stealing a project’s source code, analyzing emails from a particular executive, or extracting customer data from a server. All they have to do is log into the machine or system that contains the data they want, right? Not exactly. Actually,…

Mitre Att&ck ™: an overview
Mitre Att&ck is a global knowledge base of adversary tactics and techniques based on real observations of cyber attacks. These are displayed in arrays organized by attack tactics, from initial system access and data theft to machine control. There are arrays for common desktop platforms (Linux, macOS and Windows) and for mobile ones. What is MITRE ATT&CK ™ and what does…

Is SOCaaS useful for your business?
In today’s article, we’ll explain what a Security Operations Center (SOC) is and help determine if a SOC-as-a-Service (SOCaaS) solution is right for your business. Just because you have to manage cybersecurity doesn’t mean your business has to deal with cybersecurity. In fact, your core business could be pretty much anything else. Proper management of IT security, however, is essential…

Computer network security: PT vs. VA
The security of computer networks is of vital importance for a company. With technologies increasingly relying on remote services, it is good to ensure that security is guaranteed. To do this, two tools are used: Vulnerability Assessment and Penetration Test. But what is the difference between them? The answer to this question is not as obvious as one might think….

Security: pentest and verification of vulnerabilities
The computer security of a system is very important to avoid unpleasant inconveniences due to malicious attacks. In principle, it is not enough to set up a complete security system, you must also check that the above systems are working. To do this we turn to professionals who can carry out pentest (penetration tests) and carry out a vulnerability check….
Path traversal in Photo Gallery (WordPress plugin)
Path traversal in Photo Gallery may allow admins to read most files on the filesystem (WordPress plugin)
CVE-2017-7620 Mantis Bug Tracker
CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
WordPress Newsletter Supsystic 1.1.7
WordPress Newsletter Supsystic 1.1.7 – Cross Site Scripting Vulnerability
[CVE-2017-5868] OpenVPN Access Server
[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation
Linux Kernel Privilege Escalation
SSD Advisory – Linux Kernel XFRM Privilege Escalation
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
SSD Advisory – Webmin Multiple Vulnerabilities
SSD Advisory – PHP Melody Multiple Vulnerabilities
DefenseCode ThunderScan SAST Advisory: WordPress Ad Widget Plugin Local File Inclusion Security Vulnerability
DefenseCode ThunderScan SAST Advisory: WordPress Simple Login Log Plugin Multiple SQL Injection Security Vulnerabilities
WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1
Exploit toolkit for CVE-2017-8759 – Microsoft .NET Framework RCE (Builder + listener + video tutorial)
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
© 2023 Secure Online Desktop s.r.l. All Rights Reserved. Registered Office: via dell'Annunciata 27 – 20121 Milan (MI), Operational Office: via statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Tax code and VAT number 07485920966 – R.E.A. MI-1962358 Privacy Policy - ISO Certifications