Guides

Guides

19 December 2024

The evolution of artificial intelligence models like ChatGPT offers tremendous opportunities, but it also brings new challenges for cyber security. The use of ChatGPT for communication and data management presents some cyber security risks that cannot be underestimated.   Cyber attacks such as phishing, data theft, and manipulation of sensitive [...]

Guides

17 December 2024

Water hole phishing, also known as watering hole phishing, is a sophisticated cyber attack technique aimed at compromising the security of specific groups of users.   The target of this type of phishing attack is not an individual, but rather a group that frequently visits online sites, used as traps to [...]

Guides

13 December 2024

Cyber security in the supply chain represents a critical challenge for modern businesses, which are increasingly interconnected and dependent on a vast network of suppliers and technology partners.  Supply chain cyber security is a priority not only for large organizations but also for small and medium enterprises, as supply chain [...]

Guides

12 December 2024

Pop-up phishing is a technique used by cybercriminals to deceive people online and gain access to personal information and sensitive data. This specific form of phishing uses pop-up windows that suddenly appear on a user’s screen, often imitating legitimate security alerts from trusted companies like tech service providers or banks.  [...]

Guides

11 December 2024

SEO poisoning is a manipulation technique of search engines aimed at positioning malicious websites high in search engine results. This practice exploits search engine optimization (SEO) techniques not to promote legitimate content but to drive users to harmful sites that could compromise their security.  The most common goal of SEO [...]

Guides

10 December 2024

Search engine phishing is a phishing technique that exploits search engines to lure people into visiting malicious websites, passing them off as reliable sources or legitimate sites.  This deceptive method has become increasingly sophisticated over time and represents a growing threat to online users.  Unlike traditional phishing scams, which typically [...]

Guides

6 December 2024

The phenomenon of phishing has seen a steady increase, and certified email (PEC) has also become a target for scammers.  PEC, which ensures the authenticity and traceability of communications, is now widely used by businesses, professionals, and citizens, especially in Italy, where it is also utilized for interactions with public [...]

Guides

5 December 2024

In recent years, SocGholish malware has emerged as a significant threat in the cyber security landscape, tricking users and spreading through compromised websites. This type of malware skillfully employs social engineering techniques to convince victims to install a malicious JavaScript payload disguised as a fake browser update. Understanding how SocGholish [...]

Guides

29 November 2024

Password spraying is a widely used attack technique in cyber security that is often underestimated compared to other strategies such as brute force attack. This attack aims to compromise a large number of user accounts by using more common password combinations across a large group of accounts. Unlike the traditional [...]

Guides

28 November 2024

Deepfakes are becoming increasingly sophisticated and pose a significant threat in cyber security. But what is deepfake and what dangers can it generate in cyber security? The term deepfake refers to media content modified through machine learning, which can drastically transform or alter facial expressions, voices, and movements of people [...]

Guides

26 November 2024

In the increasingly connected world of mobile devices, cybersecurity has become a top priority. One of the most striking examples of threats targeting Apple users is KeyRaider. KeyRaider is a type of ransomware designed to specifically attack jailbroken iPhones. A jailbreak is a procedure that allows users to remove restrictions [...]

Guides

12 November 2024

In recent years, cyberattacks using ransomware as a service (RaaS) have become one of the most concerning phenomena in cybersecurity. Among the most notable recent cases was the attack on Colonial Pipeline, a U.S. energy infrastructure company. Here, a group of threat actors used malware obtained from RaaS operators to [...]

Guides

11 November 2024

In recent years, cyber security has become a central issue, particularly due to the rise in sophisticated phishing attacks. Recently, there have been numerous reports of attacks on popular platforms where hackers successfully extract users' sensitive data without them immediately realizing it.  Among these threats, tabnabbing has emerged—a sneaky form of [...]

Guides

8 November 2024

Dossiering and information security: how to protect and prevent illegal activities.  Recently, Italy has witnessed numerous cases of dossiering involving prominent figures, including politicians and VIPs. One of the most notable cases, the Perugia investigation into dossiering, has attracted the attention of the national anti-mafia directorate and the Milan prosecutor's office. [...]

Guides

7 November 2024

Clone phishing is a sophisticated cyberattack that aims to compromise access credentials and other sensitive data of its victims. It is an advanced variant of traditional phishing attacks, where the cybercriminal almost identically replicates a previous phishing email or other legitimate communication, but changes links or attachments to trick the [...]

Guides

6 November 2024

The NIS2 Directive is part of the European Union's strategy to protect its digital infrastructure and enhance cyber security. Published as an evolution of the first NIS Directive from 2016, NIS2 sets even more ambitious goals and came into effect on January 17, 2023. In Italy, NIS2 took effect on October [...]

Guides

5 November 2024

Money muling is becoming increasingly common in cyber fraud and money laundering. But what exactly is money muling? Money muling refers to an illegal activity where a person, called a "money mule," agrees to transfer or deposit funds on behalf of others, often unaware they’re participating in criminal activity. In practice, [...]

Guides

31 October 2024

Table of contents The SPID (Public System for Digital Identity) is a digital authentication system that allows Italian citizens to securely and quickly access online services offered by public administrations and participating private entities. With a digital identity, you can manage numerous activities without having to physically visit offices or [...]

Guides

30 October 2024

Table of contents In an increasingly digital world, knowing how to verify the authenticity of a website is essential for protecting your personal data and sensitive information. The threat of fraudulent websites is real, and thousands of people fall victim to online scams every day. However, by following the correct [...]

Guides

29 October 2024

Session fixation is a type of cyberattack that occurs when a malicious actor forces a session identifier (session ID) onto a user before they log into a web application. This technique allows the attacker to gain access to the user's session once the user has authenticated. Although it is often [...]

Guides

29 October 2024

The Man in the Browser (MITB) attack represents a sneaky and increasingly prevalent threat in the world of cyber security.This type of attack occurs within web browsers, where a malicious actor manages to compromise the web pages viewed by the user, altering them without the user realizing it. The primary [...]

Guides

28 October 2024

Peer-to-peer connections (often abbreviated as P2P) represent a type of network in which computers, known as nodes, communicate directly with each other without the need for a central server. This distributed model offers numerous advantages but also presents some challenges, especially in terms of security.  The peer-to-peer model is different [...]

Guides

28 October 2024

Session hijacking is one of the most insidious threats in the world of cybersecurity. This type of attack allows a malicious actor to take control of a user's web session, granting unauthorized access to sensitive data and restricted functionalities of a website or application. Session hijacking is particularly concerning for [...]

Guides

25 October 2024

End-to-end encryption has become one of the most effective solutions for protecting the privacy of online communications. But what exactly does end-to-end encryption mean, and why is it so important? This article explores in detail how this technology works, its benefits, and how it is used in everyday applications such [...]