News
27 Novembre 2024
Pegasus spyware is a surveillance tool developed by the israeli company NSO Group. This highly sophisticated spyware is designed to infiltrate mobile phones without leaving a trace, allowing full remote access to infected devices. Pegasus has been described as one of the most invasive digital surveillance tools ever developed. It [...]
Guides
26 Novembre 2024
In the increasingly connected world of mobile devices, cybersecurity has become a top priority. One of the most striking examples of threats targeting Apple users is KeyRaider. KeyRaider is a type of ransomware designed to specifically attack jailbroken iPhones. A jailbreak is a procedure that allows users to remove restrictions [...]
25 Novembre 2024
Alternate data streams (ADS) represent an advanced feature of the NTFS file system that allows additional information to be associated with each file without changing its external appearance. This feature, introduced with the Windows operating system starting with Windows 2000, offers interesting opportunities for storing hidden data, but also opens [...]
22 Novembre 2024
The Mark of the Web (MOTW) is a security label automatically applied by the Windows operating system to files downloaded from the internet. This feature was introduced to alert users of potentially malicious files that might contain malicious payloads or other security risks. The MOTW appears for most files [...]
21 Novembre 2024
Script kiddies are a category of inexperienced hackers who use pre-made tools and scripts to carry out cyber attacks without possessing real technical skills. Also known as script kiddy or novice hackers, they venture into the world of hacking by using software that is easily available on the internet or [...]
20 Novembre 2024
In the world of cyber security, threat actors represent one of the main threats to organizations and individuals. But what is a threat actor, or rather who are threat actors? They are individuals or groups that exploit vulnerabilities and weaknesses in digital systems for often malicious purposes. Their main [...]
19 Novembre 2024
The security bug known as Use-After-Free is one of the most severe vulnerabilities in modern programming environments, compromising memory management and opening doors to dangerous arbitrary code execution exploits. This type of vulnerability arises when a program continues to use a block of memory that has already been freed, or [...]
18 Novembre 2024
Jailbreak is a common practice among those who want greater control over their Apple or Android devices, bypassing the restrictions imposed by operating systems. With jailbreak, the user gains access to the “root” of the system, allowing the installation of apps and customizations otherwise unavailable through official stores like the [...]
15 Novembre 2024
News pages frequently mention cases of hackers intercepting emails and altering attachments, such as invoices, by modifying the IBAN details. This is just one example of a common phenomenon known as "man-in-the-mail" fraud. The man-in-the-mail scam is a fraudulent scheme that exploits email communications to infiltrate business transactions, alter payment [...]
14 Novembre 2024
The term sharenting originates from the combination of the words "share" and "parenting". This phenomenon refers to the tendency of many parents to share online content, such as photos and videos, about their children on social media. The phenomenon of sharenting has gained prominence with the rise of social media, [...]
13 Novembre 2024
In recent years, social media has amassed millions of pieces of content related to daily life, including private snapshots of families and children. It's not uncommon to hear news stories warning about the dangers of sharing children's photos online: parents find their children's images stolen, misused for inappropriate purposes, or, in [...]
12 Novembre 2024
In recent years, cyberattacks using ransomware as a service (RaaS) have become one of the most concerning phenomena in cybersecurity. Among the most notable recent cases was the attack on Colonial Pipeline, a U.S. energy infrastructure company. Here, a group of threat actors used malware obtained from RaaS operators to [...]
11 Novembre 2024
In recent years, cyber security has become a central issue, particularly due to the rise in sophisticated phishing attacks. Recently, there have been numerous reports of attacks on popular platforms where hackers successfully extract users' sensitive data without them immediately realizing it. Among these threats, tabnabbing has emerged—a sneaky form of [...]
8 Novembre 2024
Dossiering and information security: how to protect and prevent illegal activities. Recently, Italy has witnessed numerous cases of dossiering involving prominent figures, including politicians and VIPs. One of the most notable cases, the Perugia investigation into dossiering, has attracted the attention of the national anti-mafia directorate and the Milan prosecutor's office. [...]
7 Novembre 2024
Clone phishing is a sophisticated cyberattack that aims to compromise access credentials and other sensitive data of its victims. It is an advanced variant of traditional phishing attacks, where the cybercriminal almost identically replicates a previous phishing email or other legitimate communication, but changes links or attachments to trick the [...]
6 Novembre 2024
The NIS2 Directive is part of the European Union's strategy to protect its digital infrastructure and enhance cyber security. Published as an evolution of the first NIS Directive from 2016, NIS2 sets even more ambitious goals and came into effect on January 17, 2023. In Italy, NIS2 took effect on October [...]
5 Novembre 2024
Money muling is becoming increasingly common in cyber fraud and money laundering. But what exactly is money muling? Money muling refers to an illegal activity where a person, called a "money mule," agrees to transfer or deposit funds on behalf of others, often unaware they’re participating in criminal activity. In practice, [...]
4 Novembre 2024
In recent years, with the rise of mobile devices, a new cyber threat has emerged: quishing. This term refers to a specific type of phishing that uses QR codes to deceive users, encouraging them to scan a fraudulent QR code that redirects them to malicious websites. What is quishing and how [...]
31 Ottobre 2024
Table of contents The SPID (Public System for Digital Identity) is a digital authentication system that allows Italian citizens to securely and quickly access online services offered by public administrations and participating private entities. With a digital identity, you can manage numerous activities without having to physically visit offices or [...]
30 Ottobre 2024
Table of contents In an increasingly digital world, knowing how to verify the authenticity of a website is essential for protecting your personal data and sensitive information. The threat of fraudulent websites is real, and thousands of people fall victim to online scams every day. However, by following the correct [...]
29 Ottobre 2024
Session fixation is a type of cyberattack that occurs when a malicious actor forces a session identifier (session ID) onto a user before they log into a web application. This technique allows the attacker to gain access to the user's session once the user has authenticated. Although it is often [...]
The Man in the Browser (MITB) attack represents a sneaky and increasingly prevalent threat in the world of cyber security.This type of attack occurs within web browsers, where a malicious actor manages to compromise the web pages viewed by the user, altering them without the user realizing it. The primary [...]
28 Ottobre 2024
Peer-to-peer connections (often abbreviated as P2P) represent a type of network in which computers, known as nodes, communicate directly with each other without the need for a central server. This distributed model offers numerous advantages but also presents some challenges, especially in terms of security. The peer-to-peer model is different [...]
Session hijacking is one of the most insidious threats in the world of cybersecurity. This type of attack allows a malicious actor to take control of a user's web session, granting unauthorized access to sensitive data and restricted functionalities of a website or application. Session hijacking is particularly concerning for [...]
