Logic time bomb Giacomo Lanzi

Logic Bomb: what they are and how to prevent them

A logic bomb, also called slug code , is a piece of code inserted into an application, virus or malware that implements a malicious function after a certain time limit or under conditions specifications. These “bombs” are often used via viruses, worms and Trojans to better manage your time and do maximum damage before you are noticed . They perform…

Pass the hash Giacomo Lanzi

Pass the hash: how to gain access without password

Since the Internet has become widespread, tremendous progress has been made in awareness of the use of passwords. By now everyone knows what best practices are for setting a password (avoid standard passwords, use letters and numbers, avoid dates of birth, etc.). However, there is not much to rest assured, because hackers have another trick that could put your accounts…

Giacomo Lanzi

Ransomware and NAS: a risk that is not considered

Despite some seasonal declines, ransomware is still a serious security threat, especially for those who underestimate it . It is often thought that to protect yourself from ransomware it is enough to have a backup copy of your data. This point of view does not take into consideration various aspects. One of them is the relationship between ransomware and NAS…

Monitoring SIEM Analisi dati Giacomo Lanzi

SIEM monitoring: best practices

As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect. This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects…

cyber threat hunting IT specialist Giacomo Lanzi

Cyber Threat Hunting: on the hunt for security threats

Cyber Threat Hunting is a proactive security search across networks, endpoints and datasets to hunt down malicious, suspicious or risky activities that have escaped detection by existing tools. Definition There is a distinction between malware detection and cyber threat hunting . Threat detection is a passive approach to monitoring data and systems to identify potential security problems. However, it is…

Ethical Hacking Matrix Giacomo Lanzi

Ethical hacking: defending knowing how to attack

Ethical hacking means the application for good of hacking techniques. The term “hacker” was coined in the 1960s at the Massachusetts Institute of Technology (MIT) to describe experts who used their skills to re-develop mainframe systems, increasing their efficiency and allowing them to perform more tasks. Nowadays, the term normally describes experienced programmers who gain unauthorized access to computer systems…

Cyber Security Cover Giacomo Lanzi

What is Cyber Security? Definition and proposals

Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as Information Technology Security and Electronic Information Security . The term applies in a wide variety of contexts, from business to mobile computing and can be divided into a few common categories. We can divide cyber security…

Tecniche spammer cover Giacomo Lanzi

Spammer techniques: how do they exploit e-mail?

Spam seems to reach every single email account we use , no matter how careful we are or what the address provider is. How do spammers get all of our email addresses? Can we do something to hide our email address from common spammer techniques? Unfortunately, there’s not much you can do to stop spammers from bombarding you with emails….

ransomware ddos Hacker Giacomo Lanzi

The threat of DDoS ransomware

Is the threat of a large-scale DDoS attack enough to convince organizations to bow to a ransomware attack? It might be a good time for companies to invest in DDoS protection , as hackers have begun to use the threat of large-scale DDoS attacks to carry out ransomware attacks on organizations . According to a new blog post from Cloudflare,…

Piergiorgio Venuti

Procedural Security Analysis – Thank you for contacting us!

Here is some useful information FAQ Knowledge-base Document Support

Zombie Phishing  protezione Giacomo Lanzi

Zombie phishing: beware of emails, it could be zombies

Out of nowhere, someone replies to an email conversation dated months ago. This is a real conversation that actually happened. Maybe it’s about a meeting, a job opportunity. This email seems very relevant, but beware, it could be zombie phishing . Indeed, something is wrong, the topic discussed has been over for months and now there is a strange error…

ingegneria sociale email Giacomo Lanzi

Social engineering: how hackers scam their victims

Social engineering is the term used for a wide range of malicious activities performed through human interactions. It uses psychological manipulation to trick users into making security mistakes or provide sensitive information. Then, with that information, the hacker is able to successfully carry out targeted attacks, such as data theft, a ransomware or a ‘ interruption of services. Social engineering…

Cos'e' il phishing - Cover Giacomo Lanzi

What is phishing? Understanding and identifying social engineering attacks

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers . Occurs when an attacker, disguised as a trusted entity , tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking on a malicious link, which can lead to malware…

Evitare il Ransomware Cover Giacomo Lanzi

Avoid Ransomware: That’s why it’s best not to take any risks

ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it…

Ransomware a doppia estorsione Cover Giacomo Lanzi

Double extortion ransomware: What they are and how to defend yourself

Looking to up the ante and earn more money with the ransomware , i Cybercriminals are increasingly using a tactic known as double extortion ransomware . Not only do they encrypt data and demand a ransom from the victim to regain access. They also threaten to upload them online if their conditions are not met. Let’s take a step back,…

Zero-Day Attck Giacomo Lanzi

Zero-Day attack: what they are and how to defend yourself with SOCaaS

A Zero-Day attack (also known as 0-day) exploits a software vulnerability unknown to security officers and the software vendor. Hackers can exploit the weakness, as long as it is not mitigated, through Zero-Day exploit or, indeed, attack. The term “zero-day” originally referred to the number of days after the software was released. A “zero-day” software, therefore, meant a program obtained…

Monitoring system - Zabbix Giacomo Lanzi

Monitoring system, an overview

Zabbix is a monitoring system suitable for different IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides metrics such as network usage, CPU load, and disk space consumption. The software monitors operations on Linux, Hewlett Packard Unix (HP-UX), Mac OS X, Solaris, and other operating systems (OS);however, Windows monitoring is only possible through specific agents. SOD…

Data Exfiltration cover Giacomo Lanzi

Data Exfiltration: defense against data theft

A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device. Data exfiltration typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and cell phones, through various cyberattack methods. Failure to control information security can lead to data loss which can cause financial and reputational damage to…

Installare Certificato SSL Giacomo Lanzi

Install a Let’s Encrypt certificate on Debian based machine

Let’s Encrypt is a Certificate Authority (CA) that facilitates the obtaining and installation of free TLS / SSL certificates.This allows HTTPS encryption on web servers. It also streamlines the process by working with clients, such as Certbot, to automate the necessary steps. In this article we see how to install an SSL certificate on a server with Debian based operating…

WastedLocker Ransomware Giacomo Lanzi

WastedLocker: Next generation ransomware

WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It is known for its high ransom demands reaching millions of dollars per victim. It is the product of a group of highly skilled cyber criminals who have been operating for over a decade: Evil Corp. Who is behind WastedLocker Ransomware The group behind WastedLocker…

Proteggere Sito WordPress Giacomo Lanzi

Protecting a site in WordPress: security package

Whether it’s WordPress or not, your website is potentially vulnerable to attack. Recent reports have shown that Google blacklists thousands of websites containing malware and phishing attacks every week. Considering how serious the potential security breaches can be for your business, we hope this article informs you why you should always protect your WordPress site. Is protecting a WordPress site…

Ransomware Critici Cover Giacomo Lanzi

Critical ransomware: examples of successful attacks

There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals…

Iniziative sociali SOD Giacomo Lanzi

Secure Online Desktop Social Initiatives

2020 turned out to be a complicated year in many ways. Covid-19 has hit the whole world hard, with significant repercussions on companies which, as far as possible, have found themselves having to set up suitable infrastructures for remote work. Many social initiatives were born during the year and our field, IT and cyber security, is no different. In this…

Cos'è un MSSP Giacomo Lanzi

What is an MSSP and what are its advantages

The IT world continues to evolve and the same goes for industry acronyms. One of these is the term MSSP which, in a sense, is the evolution of MSP. The two abbreviations mean: Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). The latter, in general, could be considered as an organization that provides outsourced security services to other…

I Ransomware più pericolosi Giacomo Lanzi

The most dangerous Ransomware in 2020

The ransomware (or cyber extortion) threat is on the rise. In 2020, there was a spike in the number of reported incidents and the number of hackers attempting to extort money from organizations. It is important that every organization does all it can to combat these criminals and being informed is a key element. In this article we see the…

Long-term Search Cover Giacomo Lanzi

Long-term search: what’s new in the SOCaaS service

Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity…

Pannello Plesk Giacomo Lanzi

Plesk panel: available applications

On the web there are many open source applications that allow you to manage the most various situations. It is common practice for these applications to be available for installation from your hosting control panel. The Plesk panel makes no exceptions. So let’s see what are the main applications available for installation. How to install applications from the Plesk panel…

shadow IT Giacomo Lanzi

Shadow IT: an overview

The practice of shadow IT is the use of computer systems, devices, software, applications and services without the explicit approval of the IT department. In recent years, it has grown exponentially with the adoption of cloud-based applications and services. While shadow IT could improve employee productivity and drive innovation, it can also introduce serious security risks to the organization due…

Ransomware e Acronis Active Protection Giacomo Lanzi

Acronis Active Protection: defense against ransomware

Acronis Active Protection is an advanced anti-ransomware technology. It actively protects all the data on your systems: documents, data of all kinds and Acronis backup files. It is a technology available for Windows and Mac OS X operating systems and protects against the latest ransomware actions such as Petya, WannaCry, Locky and Osiris. What is Ransomware? Ransomware is a particularly…

Insider Threat, le minacce dall'interno Giacomo Lanzi

Insider threat: identifying and fighting them

Insider threats are difficult to spot because they come from within your organization. Employees, contractors and partners require different levels of login credentials in order to perform their work. Attackers can trick these insiders into accessing them or offering them money to knowingly steal valuable information from the company. Traditional security solutions focus on protecting the organization from external attackers….

PageSpeed Insight Cover Giacomo Lanzi

PageSpeed Insight: better speed with Google

If the site is slow, you are losing customers. It’s very simple and there are no kinder ways to say the same thing. The speed of a site is directly proportional to the desire of a user to visit it. To measure your portal you can use a tool made available by Google: PageSpeed Insight. You can access this service…

ClearOS cover Giacomo Lanzi

ClearOS: Linux Server for Small Business

ClearOS (formerly ClarkConnect) is a Linux distribution, with the aim of transforming any standard PC into a dedicated firewall and Internet server / gateway. The software is a solution for small businesses, home offices and networked homes. ClearOS is based on CentOS and offers a very robust set of tools organized in easy to navigate administration pages. Small business and…

UEBA Giacomo Lanzi

UEBA: Behavior Analysis Explained

Classic cyber threat defense tools and systems are rapidly becoming obsolete, and there are ways to overcome them. What remains confidently common among cyber criminals attempting an attack is the intent of the attack itself. Indeed, knowing that there are systems capable of detecting indicators of compromise (IOC), it is natural that competent hackers will try not to leave traces…

Node.js e Plesk Giacomo Lanzi

Node.js via SOD hosting panel

If you are interested in hosting Node.js apps on your web space, we have good news! The control panel offered by SOD, based on Plesk, is equipped with a Node.js extension that allows you to easily manage applications. In this article we see how it is possible to integrate Node through the control panel. Host a Node.js application from the…

SOAR Giacomo Lanzi

SOAR: coordination for cyber security

SOAR (Security Orchestration, Automation and Response) technology helps coordinate, execute and automate activities between people and tools, enabling companies to respond quickly to cyber security attacks. The aim is to improve their overall security position. SOAR tools use playbooks (strategies and procedures) to automate and coordinate workflows which may include security tools and manual tasks. How does SOAR help in…

Log file management tramite syslog-ng Giacomo Lanzi

Log File Management with the Secure Online Desktop service

IT systems produce large quantities of log files, very useful tools for guaranteeing data security and application stability. However, in a complex ecosystem, the quantity of files and their location can become two insurmountable obstacles to overcome, in case it is necessary to consult the data efficiently. This is where log management systems come into play, which thanks to technologies…

SOAR Security Orchestration Giacomo Lanzi

SOAR: what it is and how it can be useful for companies

An increasing number of companies leverage SOAR to improve the effectiveness of their cybersecurity operations. In this article, we explain how harnessing the value of SOAR could be crucial to improving the security of your organization. What is SOAR? Coined by the research firm Gartner, Security Orchestration, Automation and Response (SOAR) is a term used to describe the convergence of…

Prova gratuita servizi online Giacomo Lanzi

Free trial of internet services with Demos

The services provided by Secure Online Desktop are many and cover a large variety of needs. We realize that for the layman and the less experienced, this could be intimidating. In the midst of so much choice, how can we be sure that the service we need is exactly what we are about to request? For this reason, we provide…

Next Generation SIEM Giacomo Lanzi

Next Generation SIEM: where are we?

SIEM has existed for quite some time, but it is not yet well understood. Also, the fact that technology has evolved significantly in recent years doesn’t help shed some light. Today we see where we are, trying to understand the Next Generation SIEM and the managed systems offered as services that make use of the latest generation SIEM (SOCaaS, for…

Standard ISO 27001 Giacomo Lanzi

Does ISO 27001 standard require a Pentest?

A legitimate question that often arises is whether the Penetration Test is necessary for compliance with the ISO 27001 standard. To fully understand the answer, it is necessary to clarify what is meant by these terms and to understand the relationship between all the components of the certification. ISO 27001 standard A technical standard, also incorrectly called a standard, is…

SIEM informatica Giacomo Lanzi

SIEM in computer science: history

A SIEM solution in IT is one of the essential components of a SOC (Security Operation Center). Its task is to collect information and analyze it in search of anomalies and possible breaches in the system. But the defense process hasn’t always been that simple. What we now call SIEM, Security Information and Event Management, is the union of two…

cPanel e Plesk - pannelli di controllo web Giacomo Lanzi

cPanel and Plesk the best for hosting management

Most hosting environments use an intuitive interface to help users manage their web spaces. Two very famous panels are cPanel and Plesk, widely used and offered in the SaaS formula. Without these graphical interfaces, it would be difficult to manage a hosting space and set up a site. A lot of time is usually spent managing a web space through…

SIEM - Raccolta e analisi dei dati Giacomo Lanzi

SIEM software: what it is and how it works

Evolving beyond its roots in log file management, today’s security information and event management (SIEM) software vendors are introducing AI, advanced statistical analysis and other analytical methods into their products. . But what is SIEM software and what are its uses? SIEM software Acronym for Security Information and Event Management, it is a product that provides cyber security professionals in…

Aggiornare PHP Giacomo Lanzi

Updating php: why and how

PHP is one of the most popular scripting languages on the web today. According to W3Techs, PHP is used by over 82% of all websites that use a server-side programming language. This means that 8 out of 10 sites use PHP in one form or another. Being a scripting language, it is essential to update PHP to the latest version…

Network Lateral Movement Giacomo Lanzi

What is a Network Lateral Movement and how to defend yourself

During a cyber attack, hackers have only one goal in mind. This goal could be accessing a developer’s machine and stealing a project’s source code, analyzing emails from a particular executive, or extracting customer data from a server. All they have to do is log into the machine or system that contains the data they want, right? Not exactly. Actually,…

Mitre Att&ck cover Giacomo Lanzi

Mitre Att&ck ™: an overview

Mitre Att&ck is a global knowledge base of adversary tactics and techniques based on real observations of cyber attacks. These are displayed in arrays organized by attack tactics, from initial system access and data theft to machine control. There are arrays for common desktop platforms (Linux, macOS and Windows) and for mobile ones. What is MITRE ATT&CK ™ and what does…

SOCaaS - Post Cover Giacomo Lanzi

Is SOCaaS useful for your business?

In today’s article, we’ll explain what a Security Operations Center (SOC) is and help determine if a SOC-as-a-Service (SOCaaS) solution is right for your business. Just because you have to manage cybersecurity doesn’t mean your business has to deal with cybersecurity. In fact, your core business could be pretty much anything else. Proper management of IT security, however, is essential…

Sicurezza delle reti informatiche con il Pentest e il Vulnerability assessment Giacomo Lanzi

Computer network security: PT vs. VA

The security of computer networks is of vital importance for a company. With technologies increasingly relying on remote services, it is good to ensure that security is guaranteed. To do this, two tools are used: Vulnerability Assessment and Penetration Test. But what is the difference between them? The answer to this question is not as obvious as one might think….

cloud per piccole imprese Giacomo Lanzi

Cloud services for small local businesses

Small and medium-sized businesses have little room for maneuver when it comes to investment. Precisely for this reason, every step that involves an expense is weighed and evaluated in every aspect before being carried out. We know the fears that underlie such reasoning, and for this reason we have decided to dedicate an article precisely to the advantages that SOD…

cloud computing Giacomo Lanzi

Cloud computing services in Reggio Emilia

Il cloud computing consente alle aziende di accedere a server, archivi, database e servizi aggiuntivi (applicativi), tramite piani di abbonamento flessibili. Ad oggi il cloud e’ onnipresente. Gia’ dal 2009, piu’ del 90% delle aziende utilizza almeno una applicazione basata sul cloud computing per gestire dati aziendali in modo sicuro. Inoltre, un numero sempre maggiore di aziende e organizzazioni non…



More Articles…

Categories …


RSS Dark Reading:

RSS Full Disclosure

  • Trojan-Downloader.Win32.Delf.nzg / Insecure Permissions April 2, 2021
    Posted by malvuln on Apr 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3c5c6f0f6f78af12d6b76119696a4074.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.nzg Vulnerability: Insecure Permissions Description: Win32.Delf.nzg creates an insecure dir named "Arquivos de Programas" under c:\ drive and grants change (C) permissions to the authenticated user group....
  • Trojan-Downloader.Win32.Delf.ur / Insecure Permissions April 2, 2021
    Posted by malvuln on Apr 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/5b63a6e730f094d182c9030e3a57bcb8.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.ur Vulnerability: Insecure Permissions Description: Win32.Delf.ur creates an insecure dir named "Messenger" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users...
  • Trojan-Downloader.Win32.Delf.oxz / Insecure Permissions April 2, 2021
    Posted by malvuln on Apr 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/373b1d95ccdbbc6531dff43bbbe43534.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.oxz Vulnerability: Insecure Permissions Description: Win32.Delf.oxz creates an insecure dir named "RECYCLER" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users...
  • Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan April 2, 2021
    Posted by malvuln on Apr 02Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Burbul.b Vulnerability: Authentication Bypass MITM Port Bounce Scan Description: The backdoor runs an FTP server that listens on TCP port 2121. Third-party adversaries can abuse the server as a man-in-the-middle machine […]
  • Backdoor.Win32.Burbul.b / Authentication Bypass MITM Port Bounce Scan March 31, 2021
    Posted by malvuln on Mar 31Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Burbul.b Vulnerability: Authentication Bypass MITM Port Bounce Scan Description: The backdoor runs an FTP server that listens on TCP port 2121. Third-party adversaries can abuse the server as a man-in-the-middle machine […]
  • IRC-Worm.Win32.Silentium.a / Insecure Permissions March 31, 2021
    Posted by malvuln on Mar 31Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/7a3c4ec00ba952207f25d1189c86ce22.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: IRC-Worm.Win32.Silentium.a Vulnerability: Insecure Permissions Description: Silentium.a creates an insecure dir named "Games" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename...
  • IRC-Worm.Win32.Jane.a / Authentication Bypass MITM Port Bounce Scan March 30, 2021
    Posted by malvuln on Mar 29Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: IRC-Worm.Win32.Jane.a Vulnerability: Authentication Bypass MITM Port Bounce Scan Description: The backdoor FTP server listens on TCP port 21, upon connecting the server responds with banner "JANE_FTP Server is ready to be […]
  • IRC-Worm.Win32.Jane.a / Authentication Bypass RCE March 30, 2021
    Posted by malvuln on Mar 29Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: IRC-Worm.Win32.Jane.a Vulnerability: Authentication Bypass RCE Description: The backdoor FTP server listens on TCP port 21, upon connecting the server responds with banner "JANE_FTP Server is ready to be hacked !!! thx […]
  • PotPlayer denial of service vulnerability March 30, 2021
    Posted by houjingyi on Mar 29PotPlayer is a multimedia software player developed for the Microsoft Windows operating system by South Korean Internet company Kakao (formerly Daum Communications). It competes with other popular Windows media players such as VLC media player, GOM Player, KMPlayer, SMPlayer and Media Player Classic. PotPlayer's reception has been positive with reviewers […]
  • APPLE-SA-2021-03-26-3 watchOS 7.3.3 March 26, 2021
    Posted by Apple Product Security via Fulldisclosure on Mar 26APPLE-SA-2021-03-26-3 watchOS 7.3.3 watchOS 7.3.3 addresses the following issue. Information about the security content is also available at https://support.apple.com/HT212258. WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a […]