During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others. There is no…
Read More0-day vulnerabilities are predicted to grow more and more, posing new threats for the cybersecurity. It’s hard to predict them and when their exploit occurs, since developers and vendors are unaware of the flaw until they are actually exploited. Hence, there is no ready patch available for a 0-day vulnerability. MOVEit Transfer 0-day On May…
Read MoreIn 2022, more than half of Italian companies suffered at least one email attack despite the presence of spam filters, blacklisted domains and other available solutions for blocking threats. This shows how crucial it is for companies to both test their employees’ awareness about security and invest in training. A phishing campaign includes scam emails…
Read MoreIn December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…
Read More