As technology continues to advance at an unprecedented pace, the financial sector faces increasing risks and challenges in safeguarding sensitive data and ensuring the security of critical systems. In response to this evolving threat landscape, the European Central Bank (ECB) and the European Union Agency for Cybersecurity (ENISA) introduced a groundbreaking framework known as TIBER-EU…
Read MoreThese days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on the ESXiArgs ransomware on February 3, 2023. Other important information regarding the attack was published…
Read MoreThe Initial Message The last few days have been quite hectic with regard to cyber security in the industrial systems sector. The frenzy of these days began on January 11 with this message that appeared on the Telegram channel (https://t.me/GhostSecc) of the GhostSec group: The message was accompanied by a couple of screenshots: So are…
Read MoreThere is no excerpt because this is a protected post.
Read MoreThe daily monitoring activities that we carry out within our Security Operation Center Attacker Centric have allowed us to identify the spread of a new infostealer type malware. Log (or information) stealer malware is a type of Trojan that gathers data in order to send it to the attacker. Typical targets are credentials saved in…
Read MoreOn December 2 we participated, as platinum sponsors, in the second edition of the HackInBo Business event. For 10 years, HackInBo has been one of the most important IT security conferences in Italy, and for this edition too we wanted to give our contribution by participating with a 40-minute talk. The formula of the event…
Read MoreOn May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…
Read MoreStarting from a static analysis done by Cyble Research Lab (https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/) of ransomware called Dark Angels, we gained evidence about the activities of the Dark Angels ransomware group. An OSINT analysis carried out by our Würth Phoenix team helped to reach the Ransom Operator blog and one of the victim pages. Based on the evidence…
Read MoreWe decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…
Read MoreIn this second post on the Exposure Assessment topic we’ll start from the end! We’ve just put into production, within our OSINT & Cyber Threat Intelligence SATAYO platform, an internal search engine that aims to simplify the search for evidence within the platform itself. This is a development that has been particularly requested by those…
Read MoreThis is the first in a series of articles that aims to technically describe the various objects collected within our Exposure Assessment activity, based on our OSINT & Cyber Threat Intelligence SATAYO platform. Its functionalities and the elements make it a fundamental tool for all organizations wishing to continuously monitor their exposure within public domain…
Read MoreIn this article we will see together how to perform an analysis of a site present on the Dark Web and more precisely of a site present within the Tor network. Our point of reference will be the site of the Avos ransomware gang, which has just started its cyber criminal activity a few weeks…
Read MoreThe goal of this article is to present the point of view of the Red Team SEC4U at Würth Phoenix regarding the ominous PrintNightMare vulnerability that has been talked about so much in recent days. A summary for those who did not receive hardly any information about this: it’s a weakness in the Microsoft Windows…
Read MoreI’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…
Read MoreIntroduction In this article I will show you how to use phpIPAM (https://phpipam.net/), an open source IP address management project, as an import source database for NetEye. The goal is to use hosts you have already configured separately in phpIPAM and import them into NetEye. This allows you to take advantage of the powerful and…
Read More