SOCaaS
Giacomo Lanzi
Advanced persistent threats (APTs): what they are and how to defend yourself
An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or a group of intruders, establishes an illicit and long-term presence on a network in order to extract highly sensitive data. The targets of these assaults, which are chosen and studied with great care, typically include large corporations or government networks. The…
Piergiorgio Venuti
SOC vs MDR: Complete Guide to Comparing Security Operations Center and Managed Detection and Response
The comparison between SOC and MDR is crucial when evaluating options for threat monitoring and response. But what are the key differences between an internal Security Operations Center and an external Managed Detection and Response service? This guide provides a detailed analysis of SOC vs MDR. What is a SOC? A Security Operations Center (SOC) is an internal facility dedicated…
Giacomo Lanzi
Data Loss Prevention: definition and uses
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users. DLP software classifies regulated, confidential and business-critical data and identifies violations of policies defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliances such as HIPAA, PCI-DSS,…
Giacomo Lanzi
XDR as an approach to security
Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response . XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense . What exactly is XDR? XDR is an alternative to traditional responsive approaches that only provide layer…
Giacomo Lanzi
What is threat intelligence?
I dati di threat intelligence forniscono alle aziende approfondimenti rilevanti e tempestivi necessari per comprendere, prevedere, rilevare e rispondere alle minacce alla sicurezza informatica. Le soluzioni di intelligence sulle minacce raccolgono, filtrano e analizzano grandi volumi di dati grezzi relativi a fonti esistenti o emergenti di minacce. Il risultato sono feed di threat intelligence e rapporti di gestione. I data…
Giacomo Lanzi
What is it for? Hadoop Security Data Lake (SDL)
New cybersecurity threats continue to emerge every day and hackers develop new intrusion techniques to access sensitive data and breach IT systems. This is why it is necessary to collaborate with high-level experts who keep track of new developments in the field of IT security. With the birth and continuous evolution of Big Data, the concept of Data Lake and…
Piergiorgio Venuti
Protect Your Business: Antivirus vs. SOC Service with EDR and Next Generation Antivirus (NGA)
Cybersecurity has become crucial for businesses of all sizes and industries. The growing complexity of cyber threats has made it necessary to use increasingly advanced tools and services to protect networks and devices. In this article, we will look at the differences between traditional antivirus software and a Security Operations Center (SOC) service with Endpoint Detection and Response (EDR) that…
Piergiorgio Venuti
CSIRT and SOC: Differences between incident management and security monitoring
Introduction The protection of corporate information has become an essential necessity for any organization. To achieve this goal, having teams specialized in IT security is essential. But what are the differences between a CSIRT and a SOC? And how can they complement each other? In this article we will analyze CSIRT and SOC in detail, highlighting similarities and differences between…
Piergiorgio Venuti
CSIRT: respond to IT incidents to protect the business
Introduction In recent years, cybersecurity has become a priority for all companies of all sizes. Cyber attacks are increasingly sophisticated and can cause serious damage, both economic and reputational. To protect themselves from attacks, companies must adopt 360-degree cybersecurity solutions, which include not only prevention tools but also incident detection and response tools. In this context, the CSIRT (Computer Security…
Piergiorgio Venuti
False IT security myths: because backup, cloud, firewall and antivirus alone are no longer enough
Introduction Cyber security has become a major concern for businesses and individuals. With cyberattacks and data breaches on the rise, many still believe that solutions like data backup, cloud storage, firewalls, and antivirus are enough to protect their digital assets. However, these solutions alone are no longer enough to deal with today’s threats. In this article we will analyze why…
Piergiorgio Venuti
How to manage the “right boom” after a security incident with Log Management, IT monitoring and SOCaaS services
The “right boom” refers to the frenetic situation that occurs in the immediate aftermath of a major cybersecurity incident such as a data breach or ransomware attack. When a business suffers a breach, it’s critical to act quickly to contain the damage, restore systems, assist affected customers, and initiate a forensic investigation. This intense phase of activity is known as…
Piergiorgio Venuti
What is Threat Hunting activity and why is it included in SOCaaS services
In today’s digital world, cybersecurity has become a priority for companies of all sizes and industries. Cyberthreats are constantly evolving, and to stay ahead, organizations need to implement a variety of tactics and strategies. One of these is Threat Hunting, which has become a key component of SOCaaS (SOC as a Service). In this article, we’ll explore what exactly threat…
Piergiorgio Venuti
Advanced Persistent Threat (APT): because they make the backup system useless and the false perception of security
Index Introduction Cybersecurity is an area of growing importance to businesses, due to the increase in frequency and complexity of cyberattacks. One of the more insidious threats are Advanced Persistent Threats (APTs), which can penetrate computer systems and remain hidden for long periods, causing long-term damage. In this article, we’ll look at APTs and why they render your backup system…
Giacomo Lanzi
The SOAR benefits: simplifying investigation and response
The growing impact of cyber threats, on private or corporate operating systems, leads more and more users to use third-party applications to protect work information. Fortunately, the implementation of new technologies improves this condition. Among the most interesting solutions, aimed at protecting corporate systems, is the SOAR technology with its benefits. What are the potential and the advantages that a…
Giacomo Lanzi
Integration of the automated response: the automations in SOCaaS
The issue of information security is very topical in this historical period characterized by digitization. To protect themselves, businesses and individuals can use a variety of tools that can prevent an attack, but also help manage it. In this article we talk about Automated Response Integration and the automations in the SOCaaS offered by SOD . Although the systems used…
Giacomo Lanzi
Quality certificate for the SOCaaS of SOD
The technology we use to deliver our SOCaaS has been awarded a quality certificate . Today we want to talk about this, explaining again what a SOC is and why a SOCaaS is an ideal solution for companies. Of course, we will also explain what it is about when we talk about the quality certificate and how this ensures excellent…
Giacomo Lanzi
Managed Detection and Response: a new preventive approach
The constant use of communications over the network in a corporate context makes it essential to take precautions for computer security. As we have seen on other occasions, the dangers can come from different fronts: phishing , ransomware , data breach , etc. The implementation of new strategies such as Managed Detection and Response allows to mitigate risks and identify…
Giacomo Lanzi
The use of artificial intelligence in monitoring
When we refer to artificial intelligence, we often refer to the great technologies that could control the world, with an obvious streak of science fiction. The reality is very different and is characterized by a technology with great potential, which is able to ensure countless advantages . Today we talk about how artificial intelligence can be implemented in monitoring. The…
Giacomo Lanzi
The benefits of good log management
When we talk about log management we refer to a precise process which consists of the centralized collection of data that comes from different operating environments such as: devices, databases, applications and much more. Logs are produced by various system events , many of which are particularly important in the business environment. So let’s see some important details regarding log…
Giacomo Lanzi
Ransomware: recent news 2020/21
As we know, a ransomware is a malware that aims to extort money from victims . The means it uses is encryption to encrypt victim data, both local and in the cloud, and make it inaccessible. The ransomware is therefore a real cyber blackmail : if the victim refuses to pay the requested sum, not only would he be denied…
Autonomous Threat Sweeper: the news of SOCaaS
Today we see one of the latest additions to our SOCaaS, the Autonomous Threat Sweeper (ATS) . A system able to support SOC in an innovative way and protect against the most innovative threats. The Privacy Guarantor, through the provision dated May 27, 2021, has introduced some changes regarding the violation of sensitive and personal data. A particular reference was…
Giacomo Lanzi
Hadoop Open Data Model: “open” data collection
With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we…
Giacomo Lanzi
Pass the Ticket: how to mitigate it with a SOCaaS
Every year the number of attacks that threaten the security of devices, computer systems, servers and network infrastructures is growing steadily. This is done by taking advantage of the vulnerabilities present in these systems. Among the many types of attacks, particular attention must be paid to the pass the ticket (PTT) attack. With a pass the ticket attack it is…
Giacomo Lanzi
Use cases of a SOCaaS for companies part 2
In the previous article we have seen the most common use cases of a SOCaaS , explaining how it can be useful for companies to use this tool to prevent cyber attacks and also explaining which are the most common Threat Models . In this article, however, we will take a closer look at some of the more common indicators…
Giacomo Lanzi
Use cases of a SOCaaS for companies part 1
Cyber Threat Analytics applications monitor security logs and the network to promptly detect any malware infections (for example, attacks zero day e i ransomware), the compromise of the system, the activities of “ lateral movement ”, pass-the-hash , pass-the-ticket and other advanced intrusion techniques. The use of a SOCaaS allows to extrapolate data from sources such as firewalls, proxies, VPN,…
Giacomo Lanzi
NIST Cybersecurity Framework
Il NIST Cybersecurity Framework è un insieme di linee guida sviluppato per ridurre i rischi legati alla sicurezza informatica. Elenca delle attività specifiche associate alla gestione del rischio di sicurezza informatica basandosi su standard e linee guida già esistenti. È uno dei più popolari framework dedicati alla sicurezza informatica ed è impiegato in modo diffuso perché fornisce un aiuto sotto…
Giacomo Lanzi
“Left of boom” and “right of boom”: having a winning strategy
Quando parliamo di “left of boom” o “right of boom” ci riferiamo ad un concetto che all’apparenza può sembrare superficiale. Invece, è un potente strumento che offre la possibilità di analizzare i conflitti di sicurezza sia da un punto di vista offensivo che da uno difensivo. In una ipotetica linea temporale di un attacco, ciò che si trova alla sua…
Giacomo Lanzi
Network Traffic Analyzer: an extra gear for the Next Gen SIEM
Businesses today have a hard time detecting hackers’ sophisticated intrusion techniques. To stem security problems, you need to use the combination of several elements. These elements are: accurate monitoring of network traffic, user actions and system behavior. The Network Traffic Analyzer tools can analyze and monitor traffic in order to detect anomalies, even the most difficult to identify. At SOD,…
Giacomo Lanzi
Predictive cybersecurity with our SOCaaS
Today, facing an attack in a corporate SOC is very similar to being under attack without knowing which direction the blow is coming from. The threat intelligence can keep you informed of security issues. However, in many cases, this information is only provided when you are already under attack, and is rarely very useful except in retrospect. It would take…
Giacomo Lanzi
Air-Fi: attacking computers that are disconnected and without network hardware is possible
To keep secret information out of reach of attackers, organizations place it on devices that are not connected to any network. This is to avoid any possibility of communication with the Internet. These machines are called air-gapped . As safe as it may seem, infecting such a machine or network segment isn’t actually that difficult. Extracting the information obtained is…
Giacomo Lanzi
Event Overload? Our SOCaaS can help!
I dati che un’infrastruttura IT aziendale genera quotidianamente sono sempre stati molti, ma mai come negli ultimi anni si è assistito a un event overload (sovraccarico di eventi) di così vaste proporzioni. Questo è dovuto alle sempre più numerose applicazioni utilizzate da aziende e dipendenti per le operazioni di routine. Ognuna delle applicazioni utilizzate, infatti, genera una certa quantità di…
Giacomo Lanzi
Prevent shoulder surfing and theft of corporate credentials
The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is…
Machine learning and cybersecurity: UEBA applications and security
The cost of cybercrime has now outstripped the ability to keep up. Gartner, a multinational security and analytics company in the field of technology, predicted that world spending on cybersecurity will be 16 times lower than damage caused. To address this challenge, organizations are now turning to machine learning and artificial intelligence for cybersecurity, trying to fill in the gaps….
Giacomo Lanzi
Logic Bomb: what they are and how to prevent them
Una logic bomb, chiamata anche slug code, è un pezzo di codice inserito in un’applicazione, virus o malware che implementa una funzione dannosa dopo un certo limite di tempo o in condizioni specifiche. Queste “bombe” sono spesso usate tramite virus, worm e Trojan per gestire al meglio il tempo a disposizione e fare il massimo danno prima di essere notati….
Giacomo Lanzi
Pass the hash: how to gain access without password
Since the Internet has become widespread, tremendous progress has been made in awareness of the use of passwords. By now everyone knows what best practices are for setting a password (avoid standard passwords, use letters and numbers, avoid dates of birth, etc.). However, there is not much to rest assured, because hackers have another trick that could put your accounts…
Giacomo Lanzi
SIEM monitoring: best practices
As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…
Giacomo Lanzi
Social engineering: how hackers scam their victims
Social engineering is the term used for a wide range of malicious activities performed through human interactions. It uses psychological manipulation to trick users into making security mistakes or provide sensitive information. Then, with that information, the hacker is able to successfully carry out targeted attacks, such as data theft, a ransomware or a ‘ interruption of services. Social engineering…
Giacomo Lanzi
Avoid Ransomware: That’s why it’s best not to take any risks
ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it…
Giacomo Lanzi
Zero-Day attack: what they are and how to defend yourself with SOCaaS
A Zero-Day attack (also known as 0-day) exploits a software vulnerability unknown to security officers and the software vendor. Hackers can exploit the weakness, as long as it is not mitigated, through Zero-Day exploit or, indeed, attack. The term “zero-day” originally referred to the number of days after the software was released. A “zero-day” software, therefore, meant a program obtained…
Giacomo Lanzi
Data Exfiltration: defense against data theft
A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device. Data exfiltration typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and cell phones, through various cyberattack methods. Failure to control information security can lead to data loss which can cause financial and reputational damage to…
Giacomo Lanzi
Critical ransomware: examples of successful attacks
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals…
Giacomo Lanzi
Long-term search: what’s new in the SOCaaS service
Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity…
Giacomo Lanzi
Shadow IT: an overview
The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services. While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due…
Giacomo Lanzi
Insider threat: identifying and fighting them
Insider threats are difficult to spot because they come from within your organization. Employees, contractors and partners require different levels of login credentials in order to perform their work. Attackers can trick these insiders into accessing them or offering them money to knowingly steal valuable information from the company. Traditional security solutions focus on protecting the organization from external attackers….
Giacomo Lanzi
UEBA: Behavior Analysis Explained
Classic cyber threat defense tools and systems are rapidly becoming obsolete, and there are ways to overcome them. What remains confidently common among cyber criminals attempting an attack is the intent of the attack itself. Indeed, knowing that there are systems capable of detecting indicators of compromise (IOC), it is natural that competent hackers will try not to leave traces…
Giacomo Lanzi
SOAR: coordination for cyber security
SOAR (Security Orchestration, Automation and Response) technology helps coordinate, execute and automate activities between people and tools, enabling companies to respond quickly to cyber security attacks. The aim is to improve their overall security position. SOAR tools use playbooks (strategies and procedures) to automate and coordinate workflows which may include security tools and manual tasks. How does SOAR help in…
Giacomo Lanzi
SOAR: what it is and how it can be useful for companies
An increasing number of companies leverage SOAR to improve the effectiveness of their cybersecurity operations. In this article, we explain how harnessing the value of SOAR could be crucial to improving the security of your organization. What is SOAR? Coined by the research firm Gartner, Security Orchestration, Automation and Response (SOAR) is a term used to describe the convergence of…
Giacomo Lanzi
Next Generation SIEM: where are we?
SIEM has existed for quite some time, but it is not yet well understood. Also, the fact that technology has evolved significantly in recent years doesn’t help shed some light. Today we see where we are, trying to understand the Next Generation SIEM and the managed systems offered as services that make use of the latest generation SIEM (SOCaaS, for…
Giacomo Lanzi
SIEM in computer science: history
A SIEM solution in IT is one of the essential components of a SOC (Security Operation Center). Its task is to collect information and analyze it in search of anomalies and possible breaches in the system. But the defense process hasn’t always been that simple. What we now call SIEM, Security Information and Event Management, is the union of two…
Giacomo Lanzi
SIEM software: what it is and how it works
Evolving beyond its roots in log file management, today’s security information and event management (SIEM) software vendors are introducing AI, advanced statistical analysis and other analytical methods into their products. . But what is SIEM software and what are its uses? SIEM software Acronym for Security Information and Event Management, it is a product that provides cyber security professionals in…
Giacomo Lanzi
What is a Network Lateral Movement and how to defend yourself
During a cyber attack, hackers have only one goal in mind. This goal could be accessing a developer’s machine and stealing a project’s source code, analyzing emails from a particular executive, or extracting customer data from a server. All they have to do is log into the machine or system that contains the data they want, right? Not exactly. Actually,…
Giacomo Lanzi
Mitre Att&ck ™: an overview
Mitre Att&ck is a global knowledge base of adversary tactics and techniques based on real observations of cyber attacks. These are displayed in arrays organized by attack tactics, from initial system access and data theft to machine control. There are arrays for common desktop platforms (Linux, macOS and Windows) and for mobile ones. What is MITRE ATT&CK ™ and what does…
Giacomo Lanzi
Is SOCaaS useful for your business?
In today’s article, we’ll explain what a Security Operations Center (SOC) is and help determine if a SOC-as-a-Service (SOCaaS) solution is right for your business. Just because you have to manage cybersecurity doesn’t mean your business has to deal with cybersecurity. In fact, your core business could be pretty much anything else. Proper management of IT security, however, is essential…
Share
RSS
More Articles…
- NIS: what it is and how it protects cybersecurity
- Advanced persistent threats (APTs): what they are and how to defend yourself
- Penetration Testing and MFA: A Dual Strategy to Maximize Security
- Penetration Testing: Where to Strike to Protect Your IT Network
- Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
- Why IT audit and log management are important for Cybersecurity
- Red Team, Blue Team and Purple Team: what are the differences?
- Mercedes’ Oversight Puts Company Secrets at Risk: Why Cyber Threat Intelligence is Critical
Categories …
- Backup as a Service (18)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (24)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (203)
- Cyber Threat Intelligence (CTI) (8)
- Deception (4)
- Ethical Phishing (11)
- Netwrix Auditor (2)
- Penetration Test (11)
- Posture Guard (3)
- SOCaaS (65)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
darkreading
- New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare April 26, 2024
- MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert April 26, 2024
- Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China April 26, 2024The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.
- Jason Haddix Joins Flare As Field CISO April 26, 2024
- Thousands of Qlik Sense Servers Open to Cactus Ransomware April 26, 2024The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.
- Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities April 26, 2024The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.
- Held Back: What Exclusion Looks Like in Cybersecurity April 26, 2024You can't thinking about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.
- Palo Alto Updates Remediation for Max-Critical Firewall Bug April 26, 2024Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.
- CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue April 26, 2024Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.
- Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software April 26, 2024Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.
Full Disclosure
- Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers April 24, 2024Posted by Stefan Kanthak on Apr 24Hi @ll, this post is a continuation of and With the release of .NET Framework 4.8 in April 2019, Microsoft updated the following paragraph of the MSDN article "What's new in .NET Framework" | Starting with .NET Framework 4.5, the clrcompression.dll assembly...
- Response to CVE-2023-26756 - Revive Adserver April 24, 2024Posted by Matteo Beccati on Apr 24CVE-2023-26756 has been recently filed against the Revive Adserver project. The action was taken without first contacting us, and it did not follow the security process that is thoroughly documented on our website. The project team has been given no notice before or after the disclosure. Our team has […]
- BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH) April 19, 2024Posted by malvuln on Apr 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware runs an FTP server on TCP port 10000. Third-party adversaries who can reach the server can send a specially […]
- SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app April 19, 2024Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version:
- MindManager 23 - full disclosure April 19, 2024Posted by Pawel Karwowski via Fulldisclosure on Apr 19Resending! Thank you for your efforts. GitHub - pawlokk/mindmanager-poc: public disclosure Affected application: MindManager23_setup.exe Platform: Windows Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition) Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team) Proposed mitigation:...
- CVE-2024-31705 April 14, 2024Posted by V3locidad on Apr 14CVE ID: CVE-2024-31705 Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface Affected Product : GLPI - 10.X.X and last version Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. […]
- SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue April 14, 2024Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14SEC Consult Vulnerability Lab Security Advisory < 20240411-0 > ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage: https://aws.amazon.com/glue/ found:...
- [KIS-2024-03] Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability April 11, 2024Posted by Egidio Romano on Apr 10------------------------------------------------------------------------------ Invision Community
- [KIS-2024-02] Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability April 11, 2024Posted by Egidio Romano on Apr 10-------------------------------------------------------------------- Invision Community
- Multiple Issues in concretecmsv9.2.7 April 11, 2024Posted by Andrey Stoykov on Apr 10# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 # Date: 4/2024 # Exploit Author: Andrey Stoykov # Version: 9.2.7 # Tested on: Ubuntu 22.04 # Blog: http://msecureltd.blogspot.com Verbose Error Message - Stack Trace: 1. Directly browse to edit profile page 2. Error should come up with verbose stack trace […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
{subscription_form_1}Products and Solutions
Partners
Cloud Models
News
- NIS: what it is and how it protects cybersecurity April 22, 2024
- Advanced persistent threats (APTs): what they are and how to defend yourself April 17, 2024
- Penetration Testing and MFA: A Dual Strategy to Maximize Security April 15, 2024
- Penetration Testing: Where to Strike to Protect Your IT Network March 25, 2024
- Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer. March 6, 2024
Google Reviews
Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Ottimo supportoread more
E' un piacere poter collaborare con realtà di questo tiporead more
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
About
© 2023 Secure Online Desktop s.r.l. All Rights Reserved. Registered Office: via dell'Annunciata 27 – 20121 Milan (MI), Operational Office: via statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Tax code and VAT number 07485920966 – R.E.A. MI-1962358 Privacy Policy - ISO Certifications