Greetings, cyber enthusiasts! This year we hacked a satellite and won $50K!! Okay, now that I’ve got your attention, that last sentence isn’t fake, but let’s go back to a few days ago… I’m Alessandro — Alemmi on the internet — and while I always enjoy playing CTFs with my workmates here at Würth Phoenix,…
Read MoreIntroduction In today’s increasingly complex cybersecurity landscape, it is crucial for organizations to adopt effective solutions to protect their data and digital assets from ever-evolving threats. Two commonly used services in this regard are SOC (Security Operations Center) and MDR (Managed Detection and Response). While both aim to ensure cybersecurity, there are important differences that…
Read MoreIn this article we’ll discuss the security concerns caused by Google’s introduction of .zip domains. First things first, let’s understand what a domain is and how it’s structured. What is a domain? A domain is a text string that allows a user to access the specified web site once typed into a browser. This string…
Read More0-day vulnerabilities are predicted to grow more and more, posing new threats for the cybersecurity. It’s hard to predict them and when their exploit occurs, since developers and vendors are unaware of the flaw until they are actually exploited. Hence, there is no ready patch available for a 0-day vulnerability. MOVEit Transfer 0-day On May…
Read More
On Friday 9 June 2023 I had the opportunity to participate as a speaker at the HackInBo Business event, one of the most important conferences on cyber security in Italy. During the talk I presented, I talked about the history of RaidForum, BreachForum and ExposedForum and the Genesis and Solomon marketplaces, recounting the seizures actions…
Read MoreOverview of discovering hostnames and IP addresses using OSINT techniques.
Read MoreWelcome, today’s blog is dedicated to data breach analyses and evaluating their reliability. In an increasingly data-centric digital landscape, it’s crucial to delve into the complexities of data breaches and develop effective methods for determining the trustworthiness of the information they contain. In this blog, we’ll explore a professional approach to data breach analysis using…
Read MoreAs technology continues to advance at an unprecedented pace, the financial sector faces increasing risks and challenges in safeguarding sensitive data and ensuring the security of critical systems. In response to this evolving threat landscape, the European Central Bank (ECB) and the European Union Agency for Cybersecurity (ENISA) introduced a groundbreaking framework known as TIBER-EU…
Read MoreIn 2022, more than half of Italian companies suffered at least one email attack despite the presence of spam filters, blacklisted domains and other available solutions for blocking threats. This shows how crucial it is for companies to both test their employees’ awareness about security and invest in training. A phishing campaign includes scam emails…
Read MoreThese days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on the ESXiArgs ransomware on February 3, 2023. Other important information regarding the attack was published…
Read MoreMassimo Giaimo will participate in the ICT Security roadshow with a speech on the Log stealer Market Place and Predictive Cyber Threat Intelligence as a tool to avoid unpleasant compromises! FIRST STAGE: AGENDA, Milan, 16 February 2023 – at 09.00 a.m.SECOND STAGE: SAVE THE DATE | Padua, 6 June 2023 Soiel International has been organising…
Read MoreThe Initial Message The last few days have been quite hectic with regard to cyber security in the industrial systems sector. The frenzy of these days began on January 11 with this message that appeared on the Telegram channel (https://t.me/GhostSecc) of the GhostSec group: The message was accompanied by a couple of screenshots: So are…
Read MoreIt’s more and more common to receive emails asking for credentials. They usually say that there’s some kind of issue that can only be solved by accessing the involved service using the link inside the message text. In most cases these emails are malicious, intended to steal users’ or employees’ credentials and gain access to…
Read MoreCybersecurity is a discipline that deals with protecting computer systems and digital data from attacks and security breaches. With the increasing use of technology and dependence on computer systems in everyday life, cybersecurity is becoming increasingly important. But what are the risks for those who don’t know how to protect themselves? Online security risks can…
Read MoreIn December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…
Read More