open data Giacomo Lanzi

Hadoop Open Data Model: “open” data collection

With the advent of big data platforms, IT security companies can now make guided decisions on how to protect their assets. By recording network traffic and network flows, it is possible to get an idea of the channels on which company information flows. To facilitate the integration of data between the various applications and to develop new analytical functionalities, we…

pass the ticket laptop Giacomo Lanzi

Pass the Ticket: how to mitigate it with a SOCaaS

Every year the number of attacks that threaten the security of devices, computer systems, servers and network infrastructures is growing steadily. This is done by taking advantage of the vulnerabilities present in these systems. Among the many types of attacks, particular attention must be paid to the pass the ticket (PTT) attack. With a pass the ticket attack it is…

Uso di un socaas cover Giacomo Lanzi

Use cases of a SOCaaS for companies part 2

In the previous article we have seen the most common use cases of a SOCaaS , explaining how it can be useful for companies to use this tool to prevent cyber attacks and also explaining which are the most common Threat Models . In this article, however, we will take a closer look at some of the more common indicators…

Le applicazioni di Cyber Threat Analytics monitorano i log di sicurezza e il network per rilevare in maniera tempestiva eventuali infezioni malware (per esempio, gli attacchi zero day e i ransomware), la compromissione del sistema, le attività di “lateral movement”, pass-the-hash, pass-the-ticket e altre tecniche avanzate d’intrusione. L’uso di un SOCaaS permette di estrapolare dati da sorgenti come firewalls, proxy, VPN, IDS, DNS, endpoints, e da tutti i dispositivi connessi alla rete con lo scopo di identificare modelli dannosi come il “beaconing”, connessioni a domini generati digitalmente, azioni eseguite da robot e tutti i comportamenti anomali. Il nostro sistema SOCaaS è dotato di intelligenza artificiale che arricchisce e trasforma gli eventi SIEM, in modo da identificare le minacce nell'intero ambiente IT, includendo anche le applicazioni aziendali critiche.   ##Quali sono i vantaggi a livello aziendale? L’uso di un SOCaaS. Qui sotto è riportata una lista con soltanto alcuni dei vantaggi che l’uso di un SOCaaS può comportare:  •	Rilevamento delle violazioni più rapido •	Riduzione dell'impatto delle violazioni •	Risposte e indagini complete sulle minacce •	Minori costi di monitoraggio e gestione •	Costi di conformità inferiori •	Ricevere segnalazioni quantificate e non soggettive su minacce e rischi  ##Casi d’uso SOCaaS Dopo una panoramica generale sui vantaggi che potrebbe offrire all’azienda l’uso di un SOCaaS, vediamo in quali contesti viene normalmente impiegato: •	Esecuzione anomala del programma  •	Schema di traffico robotico indirizzato verso un sito Web dannoso, non classificato o sospetto •	Connessioni a domini generati digitalmente •	Query DNS insolite •	Possibile attività di comando e controllo •	Spike in byte verso destinazioni esterne •	Modello di traffico insolito (applicazione/porta) •	Rilevamenti di exploit •	Agenti utente rari •	Durata insolita della sessione •	Connessioni a IP o domini nella blacklist •	DDOS / attività di scansione delle porte •	Numero anomalo di richieste non riuscite o reindirizzate •	SPAM mirato/tentativi di phishing ##Threat Models Analizzando gli indicatori di minaccia è possibile rilevare comportamenti correlati su più origini di dati, per rilevando anche tutte quelle minacce che solitamente passano inosservate. Molteplici indicatori di minaccia che si verificano in uno schema e che coinvolgono entità simili tendono a presentare un maggior rischio di costituire una minaccia reale.  I Threat Models definiscono questi schemi e combinano le policy e gli indicatori di minaccia per rilevare i comportamenti correlati su più sorgenti di dati, identificando le minacce che potrebbero passare inosservate. In seguito sono riportati alcuni dei Threat Models più comuni. ###Rilevamento dei Lateral Movement Questo Threat Model rileva i possibili scenari di “lateral movement”, impiegati dagli aggressori per diffondersi progressivamente in una rete alla ricerca di risorse e dati chiave. Autenticazione anomala •	Account che accede ad un host mai raggiunto prima •	Enumerazione di host •	Uso di credenziali di account esplicite su più host •	Rilevato un tipo/processo di autenticazione sospetto Uso sospetto di privilegi •	Rilevata attività di provisioning anomala •	Rilevata escalation sospetta dei privilegi •	Accesso anomalo agli oggetti della condivisione della rete Processo anomalo •	Processo/MD5 inconsueto rilevato •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ###Rilevamento di host compromessi Questo modello viene impiegato per rilevare gli host che mostrano segni di infezione e compromissione mettendo in relazione le anomalie basate su host e rete sulla stessa entità Anomalie nel traffico in uscita •	Traffico verso domini generati casualmente •	Traffico verso host noti come malevoli rilevato •	Numero anomalo di domini contattati •	Possibile comunicazione C2 Anomalie nell’endpoint •	Raro processo o MD5 rilevato •	Rilevato un uso sospetto di porte/protocolli da parte del processo •	Raro agente utente rilevato ###Rilevazione APT Rileva gli attacchi alle reti informatiche sanitarie, in cui lo scopo dell’aggressore solitamente è quello di ottenere un accesso non autorizzato a una rete con l'intenzione di rimanere inosservato per un periodo prolungato. Recon •	Possibili tentativi di phishing •	Rilevata scansione ed enumerazione della rete •	Rilevata elusione dei controlli Delivery •	Traffico verso domini generati in modo casuale •	Rilevata anomalia del traffico DHCP •	Rilevato traffico verso host notoriamente dannosi Exploit •	Rilevata attività di account terminati •	Rilevato traffico DNS anomalo •	Rilevato un tipo/processo di autenticazione sospetto •	Account che accede a un host mai visitato prima •	Rilevata anomalia di velocità Esegui •	Rilevato processo raro •	Possibile comunicazione C2 rilevata •	Amplificazione DNS anomala Exfiltration •	Rilevata infiltrazione di canali nascosti •	Rilevato uploads di dati su rete vianetwork ###Phishing Questo modello è in grado di rilevare possibili tentativi di phishing verso utenti all'interno dell'organizzazione. E-mail sospette in entrata •	Campagne di target e di spear phishing •	Possibili tentativi di phishing •	Campagne di phishing persistenti •	Email da mittenti/domini/indirizzi IP noti nella blacklist •	Allegati e-mail sospetti Anomalie del traffico in uscita •	Traffico verso domini generati casualmente •	Traffico verso host maliziosi noti •	Numero anormale di domini rari acceduti •	Possibile comunicazione C2 rilevata •	Rilevati proxyredirect sospetti Anomalie nei processi •	Processo o MD5 insolito rilevato •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ###Enumerazione di Host/Account su LDAP Utilizzato, solitamente, per identificare potenziali asset o enumerazioni di account sulla rete da parte di entità maligne. Esecuzione di processi sospetti •	Processo/MD5 anomalo rilevato •	Uso di possibili set di strumenti di enumerazione AD •	Rilevato l'uso di strumenti e utilità malevoli Scansione della rete •	Possibili account AD/privilegi di enumerazione •	Conteggio dei servizi LDAPo SMB •	Numero anomalo di richieste di ticket di servizio Kerberos •	Port scanning Anomalie di autenticazione •	Account che accedono a un host per la prima volta •	Uso di account mai visti prima sulla rete •	Numero anormale di richieste di autenticazione fallite ###Ricognizione seguita da un potenziale sfruttamento Questo modello di minaccia mira a identificare i tentativi di ricognizione della rete che hanno avuto successo, seguiti da indicatori di sfruttamento. Scansione esterna •	Scansione delle porte da host esterni •	Enumerazione di host da host esterni Scansione della rete •	Possibile conteggio di account/privilegi AD •	Enumerazione di servizi LDAP •	Numero insolto di richieste di ticket di servizio Kerberos •	Picchi nel traffico LDAP •	Enumerazione di servizi SMB Anomalie nei processi •	Rilevamento dei processi o MD5 anomali •	Creazione sospetta di attività pianificate •	Rilevati cambiamenti sospetti alle impostazioni del registro di sistema ##Conclusioni Abbiamo visto quali sono i maggiori casi d’uso SOCaaS, dando uno sguardo su alcuni dei modelli di minaccia più comuni che include nel suo sistema di protezione. Per avere informazioni sui modelli di minaccia relativi ai malware e sugli identificatori di minaccia visitate questo articolo.  Per qualsiasi informazione noi di SOD siamo pronti a rispondere a qualsiasi domanda. Giacomo Lanzi

Use cases of a SOCaaS for companies part 1

Cyber ​​Threat Analytics applications monitor security logs and the network to promptly detect any malware infections (for example, attacks zero day ei ransomware ), the compromise of the system, the activities of “ lateral movement ”, pass-the-hash , pass-the-ticket and other advanced intrusion techniques. The use of a SOCaaS allows to extrapolate data from sources such as firewalls, proxies, VPN,…

NIST Cybersecurity Framework Giacomo Lanzi

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed to reduce cybersecurity risks. Lists specific activities associated with IT security risk management based on existing standards and guidelines. It is one of the most popular frameworks dedicated to cybersecurity and d is widely used because it helps in the aspect of risk management. Written by the National Institute of…

Left of boom cover Giacomo Lanzi

“Left of boom” and “right of boom”: having a winning strategy

When we talk about “left of boom” or “right of boom” we are referring to a concept that may appear superficial. Instead, it is a powerful tool that offers the ability to analyze security conflicts from both a offensive and a defensive perspective. In a hypothetical timeline of an attack, what is left of boom refers to what happens first….

Smishing Giacomo Lanzi

Smishing: a fraud similar to phishing

Cybercrime is increasingly targeting mobile devices and is constantly evolving. On social networks and through our personal contacts we increasingly receive scam attempts disguised as simple invitations. From the reports and press releases of the postal police we can see how in recent years the cases of Smishing have been increasing , which every year cause substantial economic damage to…

Network Traffic Analyzer Giacomo Lanzi

Network Traffic Analyzer: an extra gear for the Next Gen SIEM

Businesses today have a hard time detecting hackers’ sophisticated intrusion techniques. To stem security problems, you need to use the combination of several elements. These elements are: accurate monitoring of network traffic, user actions and system behavior. The Network Traffic Analyzer tools can analyze and monitor traffic in order to detect anomalies, even the most difficult to identify. At SOD,…

importanza cyber threat intelligence cover Giacomo Lanzi

The importance of Cyber Threat Intelligence

L’importanza della cyber threat intelligence è evidente quando si capisce che cosa sia e quali rischi un’azienda corre se la trascura.

purple team cover Giacomo Lanzi

Red Team, Blue Team and Purple Team: what are the differences?

When it comes to cyber security and is on the side of the attackers, we often just think in terms of defense, protection and containment of threats. However, the best approach is one in which you put yourself in the shoes of the attackers and see your infrastructure as the target of your actions. Only in this way is it…

Attacco Magecart Hacker Giacomo Lanzi

Magecart attack: what it is and how to protect yourself

Every day we hear about some new technology threats or vulnerabilities. Lately we talk about the data collection attack known as “Magecart”. Let’s try to understand what it is and how we can do to defend ourselves. Magecart is a large group of hackers as well as a typical attack that mainly targets online shopping carts. This type of attack…

phishing con pdf cover Giacomo Lanzi

9 reasons why you should consider using a VPN

Agile working and smart working are now a daily reality for many workers. Whether it is a practice within your company or an occasional event, almost everyone has to use public networks to work or surf the net. In this social situation, you cannot take the protection of your data on the net lightly. This is why the ‘ use…

phishing con pdf cover Giacomo Lanzi

The latest PDF phishing trends of 2020

There was a dramatic 1160% increase in malicious PDF files in 2019-2020. It went from 411,800 malicious files to 5,224,056. PDF files are an enticing vector of phishing as they are cross-platform and allow attackers to engage more users, making their scam schemes more credible than a text email with a simple link. To lure users to click on links…

cybersecurity predittiva Giacomo Lanzi

Predictive cybersecurity with our SOCaaS

Today, facing an attack in a corporate SOC is very similar to being under attack without knowing which direction the blow is coming from. The threat intelligence can keep you informed of security issues. However, in many cases, this information is only provided when you are already under attack, and is rarely very useful except in retrospect. It would take…

Anniversario aziendale Giacomo Lanzi

Secure Online Desktop 10 years later: our corporate anniversary

Ten years ago, on June 16, 2011, Secure Online Desktop was born. Many things have changed in ten years and we have always done our best to keep up with the times and offer cutting-edge solutions to our customers. We want to celebrate our company anniversary by retracing the key milestones of these years by sharing them with you. The…

Air-fi Rete locale Giacomo Lanzi

Air-Fi: attacking computers that are disconnected and without network hardware is possible

To keep secret information out of reach of attackers, organizations place it on devices that are not connected to any network. This is to avoid any possibility of communication with the Internet. These machines are called air-gapped . As safe as it may seem, infecting such a machine or network segment isn’t actually that difficult. Extracting the information obtained is…

esempi di phishing cover Giacomo Lanzi

Examples of phishing: the latest campaigns mentioned by the CSIRT

Successful phishing attacks are increasing rapidly and so is the variety of forms they come in. Today I want to bring a couple of examples of phishing reported in the last period on the Italian territory by the CSIRT ( Computer Security Incident Response Team ). Millions of users around the world are put at risk every day, statistically, one…

event overload code Giacomo Lanzi

Event Overload? Our SOCaaS can help!

The data that a corporate IT infrastructure generates every day has always been a lot, but never as in recent years has there been an event overload (event overload) of such vast proportions. This is due to the increasing number of applications used by companies and employees for routine operations. Each of the applications used, in fact, generates a certain…

c Giacomo Lanzi

Business email compromise (BEC) schemes

Over the years, scammers have stolen millions of dollars from businesses by compromising their official email accounts and using them to request fraudulent wire transfers . Technically these schemes, which are in effect scams, are called Business Email Compromise . There has been an increase in cyber intrusions related to Business Email Compromise schemes, involving scammers posing as executives ….

XDR laptop Giacomo Lanzi

XDR as an approach to security

Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response . XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense . What exactly is XDR? XDR is an alternative to traditional responsive approaches that only provide layer…

Threat Intelligence Virtual Giacomo Lanzi

What is threat intelligence?

threat intelligence data provides companies with relevant and timely insights they need to understand, predict, detect and respond to cybersecurity threats . Threat intelligence solutions collect, filter and analyze large volumes of raw data related to existing or emerging sources of threats. The result is threat intelligence feeds and management reports. Data scientists and security teams use these feeds and…

data loss prevention data protection Giacomo Lanzi

Data Loss Prevention: definition and uses

data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused or accessed by unauthorized users . DLP software classifies regulated, confidential and business critical data and identifies policy violations defined by organizations or within a predefined policy package. Default policies are typically dictated by regulatory compliance such as HIPAA,…

shoulder surfing cafeteria Giacomo Lanzi

Prevent shoulder surfing and theft of corporate credentials

The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is…

HTTP/3 Cover Giacomo Lanzi

HTTP / 3, everything you need to know about the latest version protocol

Security researchers have just digested the HTTP / 2 protocol, but web innovators are already publishing an update: HTTP / 3. This technology offers performance gains and security benefits, but only if we overcome the implementation problems that await us for what appears to be an evolutionary change rather than a real revolution in the way the web works. In…

Giacomo Lanzi

Machine learning and cybersecurity: UEBA applications and security

The cost of cybercrime has now outstripped the ability to keep up. Gartner, a multinational security and analytics company in the field of technology, predicted that world spending on cybersecurity will be 16 times lower than damage caused. To address this challenge, organizations are now turning to machine learning and artificial intelligence for cybersecurity, trying to fill in the gaps….

Logic time bomb Giacomo Lanzi

Logic Bomb: what they are and how to prevent them

A logic bomb, also called slug code , is a piece of code inserted into an application, virus or malware that implements a malicious function after a certain time limit or under conditions specifications. These “bombs” are often used via viruses, worms and Trojans to better manage your time and do maximum damage before you are noticed . They perform…

Pass the hash Giacomo Lanzi

Pass the hash: how to gain access without password

Since the Internet has become widespread, tremendous progress has been made in awareness of the use of passwords. By now everyone knows what best practices are for setting a password (avoid standard passwords, use letters and numbers, avoid dates of birth, etc.). However, there is not much to rest assured, because hackers have another trick that could put your accounts…

Giacomo Lanzi

Ransomware and NAS: a risk that is not considered

Despite some seasonal declines, ransomware is still a serious security threat, especially for those who underestimate it . It is often thought that to protect yourself from ransomware it is enough to have a backup copy of your data. This point of view does not take into consideration various aspects. One of them is the relationship between ransomware and NAS…

Monitoring SIEM Analisi dati Giacomo Lanzi

SIEM monitoring: best practices

As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…

cyber threat hunting IT specialist Giacomo Lanzi

Cyber Threat Hunting: on the hunt for security threats

Cyber Threat Hunting is a proactive security search across networks, endpoints and datasets to hunt down malicious, suspicious or risky activities that have escaped detection by existing tools. Definition There is a distinction between malware detection and cyber threat hunting . Threat detection is a passive approach to monitoring data and systems to identify potential security problems. However, it is…

Ethical Hacking Matrix Giacomo Lanzi

Ethical hacking: defending knowing how to attack

Ethical hacking means the application for good of hacking techniques. The term “hacker” was coined in the 1960s at the Massachusetts Institute of Technology (MIT) to describe experts who used their skills to re-develop mainframe systems, increasing their efficiency and allowing them to perform more tasks. Nowadays, the term normally describes experienced programmers who gain unauthorized access to computer systems…

Cyber Security Cover Giacomo Lanzi

What is Cyber Security? Definition and proposals

Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as Information Technology Security and Electronic Information Security . The term applies in a wide variety of contexts, from business to mobile computing and can be divided into a few common categories. We can divide cyber security…

Tecniche spammer cover Giacomo Lanzi

Spammer techniques: how do they exploit e-mail?

Spam seems to reach every single email account we use , no matter how careful we are or what the address provider is. How do spammers get all of our email addresses? Can we do something to hide our email address from common spammer techniques? Unfortunately, there’s not much you can do to stop spammers from bombarding you with emails….

ransomware ddos Hacker Giacomo Lanzi

The threat of DDoS ransomware

Is the threat of a large-scale DDoS attack enough to convince organizations to bow to a ransomware attack? It might be a good time for companies to invest in DDoS protection , as hackers have begun to use the threat of large-scale DDoS attacks to carry out ransomware attacks on organizations . According to a new blog post from Cloudflare,…

Piergiorgio Venuti

Procedural Security Analysis – Thank you for contacting us!

Here is some useful information FAQ Knowledge-base Document Support

Zombie Phishing  protezione Giacomo Lanzi

Zombie phishing: beware of emails, it could be zombies

Out of nowhere, someone replies to an email conversation dated months ago. This is a real conversation that actually happened. Maybe it’s about a meeting, a job opportunity. This email seems very relevant, but beware, it could be zombie phishing . Indeed, something is wrong, the topic discussed has been over for months and now there is a strange error…

ingegneria sociale email Giacomo Lanzi

Social engineering: how hackers scam their victims

Social engineering is the term used for a wide range of malicious activities performed through human interactions. It uses psychological manipulation to trick users into making security mistakes or provide sensitive information. Then, with that information, the hacker is able to successfully carry out targeted attacks, such as data theft, a ransomware or a ‘ interruption of services. Social engineering…

Cos'e' il phishing - Cover Giacomo Lanzi

What is phishing? Understanding and identifying social engineering attacks

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers . Occurs when an attacker, disguised as a trusted entity , tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to malware…

Evitare il Ransomware Cover Giacomo Lanzi

Avoid Ransomware: That’s why it’s best not to take any risks

ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it…

Ransomware a doppia estorsione Cover Giacomo Lanzi

Double extortion ransomware: What they are and how to defend yourself

Looking to up the ante and earn more money with the ransomware , i Cybercriminals are increasingly using a tactic known as double extortion ransomware . Not only do they encrypt data and demand a ransom from the victim to regain access. They also threaten to upload them online if their conditions are not met. Let’s take a step back,…

Zero-Day Attck Giacomo Lanzi

Zero-Day attack: what they are and how to defend yourself with SOCaaS

A Zero-Day attack (also known as 0-day) exploits a software vulnerability unknown to security officers and the software vendor. Hackers can exploit the weakness, as long as it is not mitigated, through Zero-Day exploit or, indeed, attack. The term “zero-day” originally referred to the number of days after the software was released. A “zero-day” software, therefore, meant a program obtained…

Monitoring system - Zabbix Giacomo Lanzi

Monitoring system, an overview

Zabbix is a monitoring system suitable for different IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides metrics such as network usage, CPU load, and disk space consumption. The software monitors operations on Linux, Hewlett Packard Unix (HP-UX), Mac OS X, Solaris, and other operating systems (OS);however, Windows monitoring is only possible through specific agents. SOD…

Data Exfiltration cover Giacomo Lanzi

Data Exfiltration: defense against data theft

A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device. Data exfiltration typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and cell phones, through various cyberattack methods. Failure to control information security can lead to data loss which can cause financial and reputational damage to…

Installare Certificato SSL Giacomo Lanzi

Install a Let’s Encrypt certificate on Debian based machine

Let’s Encrypt is a Certificate Authority (CA) that facilitates the obtaining and installation of free TLS / SSL certificates.This allows HTTPS encryption on web servers. It also streamlines the process by working with clients, such as Certbot, to automate the necessary steps. In this article we see how to install an SSL certificate on a server with Debian based operating…

WastedLocker Ransomware Giacomo Lanzi

WastedLocker: Next generation ransomware

WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It is known for its high ransom demands reaching millions of dollars per victim. It is the product of a group of highly skilled cyber criminals who have been operating for over a decade: Evil Corp. Who is behind WastedLocker Ransomware The group behind WastedLocker…

Proteggere Sito WordPress Giacomo Lanzi

Protecting a site in WordPress: security package

Whether it’s WordPress or not, your website is potentially vulnerable to attack. Recent reports have shown that Google blacklists thousands of websites containing malware and phishing attacks every week. Considering how serious the potential security breaches can be for your business, we hope this article informs you why you should always protect your WordPress site. Is protecting a WordPress site…

Ransomware Critici Cover Giacomo Lanzi

Critical ransomware: examples of successful attacks

There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals…

Iniziative sociali SOD Giacomo Lanzi

Secure Online Desktop Social Initiatives

2020 turned out to be a complicated year in many ways. Covid-19 has hit the whole world hard, with significant repercussions on companies which, as far as possible, have found themselves having to set up suitable infrastructures for remote work. Many social initiatives were born during the year and our field, IT and cyber security, is no different. In this…

Cos'è un MSSP Giacomo Lanzi

What is an MSSP and what are its advantages

The IT world continues to evolve and the same goes for industry acronyms. One of these is the term MSSP which, in a sense, is the evolution of MSP. The two abbreviations mean: Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). The latter, in general, could be considered as an organization that provides outsourced security services to other…

I Ransomware più pericolosi Giacomo Lanzi

The most dangerous Ransomware in 2020

The ransomware (or cyber extortion) threat is on the rise. In 2020, there was a spike in the number of reported incidents and the number of hackers attempting to extort money from organizations. It is important that every organization does all it can to combat these criminals and being informed is a key element. In this article we see the…

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • [CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack October 22, 2021
    Posted by Certitude - Advisories on Oct 22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ Certitude Securtiy Advisory - CSA-2021-003 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ PRODUCT […]
  • Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body ## Impact on Business One HTTP endpoint of the portal exposes sensitive information that could be used by an attacker with administrator privileges, in conjunction with other attacks (e.g. XSS). ## Advisory […]
  • Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service ## Impact on Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system […]
  • Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service ## Impact on Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system […]
  • Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service ## Impact on Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system […]
  • Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0016: XXE in SAP JAVA NetWeaver System Connections ## Impact on Business A high-privileged SAP JAVA NetWeaver user is able to abuse an XXE vulnerability with the goal of reading files from the OS (compromising confidentiality) and/or making system processes crash (compromising availability). […]
  • Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service October 22, 2021
    Posted by Onapsis Research via Fulldisclosure on Oct 22# Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service ## Impact on Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system […]
  • Backdoor.Win32.LanaFTP.k / Heap Corruption October 19, 2021
    Posted by malvuln on Oct 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port 1075. Third-party attackers who can reach the server can send a specially crafted sequential payload causing a heap corruption. Type: […]
  • Backdoor.Win32.LanFiltrator.11.b / Unauthenticated Remote Command Execution October 19, 2021
    Posted by malvuln on Oct 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/9f87546e667e5af59a8580ddf7fd43c7.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.LanFiltrator.11.b Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 999, 888. Third-party attackers who can reach the system can execute commands made available by the malware....
  • Virus.Win32.Ipamor.c / Unauthenticated Remote System Reboot October 19, 2021
    Posted by malvuln on Oct 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/bbf032a3aa288f02403295f0472d1f05.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Virus.Win32.Ipamor.c Vulnerability: Unauthenticated Remote System Reboot Description: The malware listens on UDP port 139. Third-party attackers can send a single uppercase char "D" datagram packet to the infected machine causing it […]

Customers

Newsletter