Blog Entries

04. 01. 2024 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | Second Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
30. 10. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

Adding SOAR Features to the SOC – Part 1: Vulnerability Management

Security Orchestration, Automation and Response (SOAR) is a set of functionalities used by the SOC team to automate security activites, improve workflow management and share threat intelligence data. Security Operation Centres (SOCs) can leverage SOAR to gain in-depth knowledge of the threats they face, trigger automatic responses to security issues and achieve better efficiency. In this…

Read More
26. 10. 2023 Luca Zeni Blue Team, SEC4U

From Chaos to Case: How SLAs Make Life Better!

One of the primary responsibilities of a Security Operation Center (SOC) is to effectively manage issues related to monitoring the security perimeter. This involves the meticulous analysis of alerts, the creation of subsequent cases, and if necessary, the escalation of incidents to the client through ticketing systems or, in some cases, the closure of incidents…

Read More
28. 09. 2023 Massimo Giaimo Blue Team, SEC4U

Ransomware Negotiation: Dos and Don’ts!

Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this…

Read More
28. 08. 2023 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | First Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
23. 06. 2023 Massimo Giaimo Blue Team, SEC4U

SOC vs. MDR: Understanding the Key Differences for Comprehensive Cybersecurity

Introduction In today’s increasingly complex cybersecurity landscape, it is crucial for organizations to adopt effective solutions to protect their data and digital assets from ever-evolving threats. Two commonly used services in this regard are SOC (Security Operations Center) and MDR (Managed Detection and Response). While both aim to ensure cybersecurity, there are important differences that…

Read More
13. 06. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

The New .zip Domains do More Harm Than Good

In this article we’ll discuss the security concerns caused by Google’s introduction of .zip domains. First things first, let’s understand what a domain is and how it’s structured. What is a domain? A domain is a text string that allows a user to access the specified web site once typed into a browser. This string…

Read More
07. 02. 2023 Massimo Giaimo Blue Team, SEC4U

Ransomware Attack ESXi Servers with (to confirm) CVE-2021-21974

These days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on the ESXiArgs ransomware on February 3, 2023. Other important information regarding the attack was published…

Read More
18. 01. 2023 Massimo Giaimo Blue Team, SEC4U

Interview with a Member of the GhostSec Group

The Initial Message The last few days have been quite hectic with regard to cyber security in the industrial systems sector. The frenzy of these days began on January 11 with this message that appeared on the Telegram channel (https://t.me/GhostSecc) of the GhostSec group: The message was accompanied by a couple of screenshots: So are…

Read More
10. 01. 2023 Francesco Pavanello Blue Team, SEC4U

Spam Trap Box – A Powerful Method to Detect Phishing Attempts

It’s more and more common to receive emails asking for credentials. They usually say that there’s some kind of issue that can only be solved by accessing the involved service using the link inside the message text. In most cases these emails are malicious, intended to steal users’ or employees’ credentials and gain access to…

Read More
21. 12. 2022 Mirko Ioris Blue Team, SEC4U

Meet the SOC Weekly Reports, a New Way to Inform Customers

One of the most comprehensive services offered by Wuerth-Phoenix’s Cyber Security team is the Security Operation Center (SOC). An SOC is capable of monitoring an IT environment, scanning all messages sent within the internal network, and all operations performed on corporate devices. Through the use of detection rules, the SOC is able to identify anomalies…

Read More
21. 12. 2022 Massimo Giaimo Blue Team, SEC4U

Protected: Some Insight into the Differences between AV and EDR

There is no excerpt because this is a protected post.

Read More
20. 12. 2022 Massimo Giaimo Blue Team, SEC4U

Risepro: A New Infostealer Malware

The daily monitoring activities that we carry out within our Security Operation Center Attacker Centric have allowed us to identify the spread of a new infostealer type malware. Log (or information) stealer malware is a type of Trojan that gathers data in order to send it to the attacker. Typical targets are credentials saved in…

Read More
05. 08. 2022 Elena Valgoi Blue Team, Events, Exposure Assessment, Red Team

BLUE or RED TEAM? #makeyourchoice ~HACKINBO EDITION

Ever heard of HackInBo? HackInBo is the main event in Italy for the cyber security community, bringing together (for almost 10 years now!) hundreds of passionate attendees for two days in Bologna…. We were there on May 27th and 28th… and it was an amazing experience! This year, and for the first time, the event…

Read More
18. 05. 2022 Massimo Giaimo Blue Team

Correlation Between the Most Exploited CVEs and Detection Rules

On May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…

Read More

Archive