Blog
News about cyber security,
updates and expert opinions
Topics:
2-01.webp)
Mar 23, 2023 ![5 motivi per affidarsi ai servizi di MDR]()
5 motivi per affidarsi ai servizi di MDR
Il panorama delle minacce alla sicurezza informatica è in continua evoluzione. Scopriamo insieme come aumentare i livelli di sicurezza grazie ai servizi di Managed Detection & Response (MDR)Jan 05, 2023 ![Why you need a security operation center (SOC)]()
Why you need a security operation center (SOC)
Companies have more cybersecurity options at their disposal than ever before. Find out how to increase your security postureDec 24, 2020 ![Handling a distributed cryptominer AD worm]()
Handling a distributed cryptominer AD worm
This and last week, the Certego Incident Response team handled a powershell based Active Directory compromise on multiple of our customer networks. Although the actors seemed to be intent on spreading a Cryptominer malware, due to some technical aspects the campaign could hide a second goalSep 28, 2020 ![Introducing PcapMonkey]()
Introducing PcapMonkey
An easy way to analyze pcap using the latest version of Suricata and ZeekJul 08, 2020 ![Advanced VBA macros: bypassing olevba static analyses with 0 hits]()
Advanced VBA macros: bypassing olevba static analyses with 0 hits
One of the most common techniques for getting a foothold on a network client is based on Office files containing a malicious VBA macro. VBA macros are still widely used in a business context and, despite the mitigations offered by security vendors and Microsoft, it is still essential to detect evasion techniques in order to catch smart attackers.May 11, 2020 ![Certego research at the HITB Security Conference]()
Certego research at the HITB Security Conference
Some of us are active members of the Honeynet Project and have contributed to some famous open source tools like Cuckoo Sandbox or ThugApr 07, 2020 ![Certego joins the community of contributors to VirusTotal]()
Certego joins the community of contributors to VirusTotal
Certego joined VirusTotal, the biggest aggregator of antivirus engines and website scannersJan 25, 2020 ![netscaler_threathunter.sh]()
netscaler_threathunter.sh
A bash2 compatible script to digital forensic and incident response on Citrix ADCOct 24, 2019 ![FTdecryptor: a simple password-based FTCODE decryptor]()
FTdecryptor: a simple password-based FTCODE decryptor
Hi there, this is Gabriele Pippi, from the Certego Purple Team. I want to share this simple password-based FTCODE decryptorOct 24, 2019 ![New year, new tool: Intel Owl]()
New year, new tool: Intel Owl
We would like to open this new decade by releasing a new tool that is called Intel Owl. We hope that it could help the community, in particular those researchers that can not afford commercial solutions, in the generation of threat intelligence data, in a simple, scalable and reliable way.Oct 02, 2019 ![Malware Tales: FTCODE]()
Malware Tales: FTCODE
Hi everyone! Today we are talking about a new ransomware we spotted being distributed in the wild dubbed as FTCODE.Jun 14, 2019 ![Malware Tales: Sodinokibi]()
Malware Tales: Sodinokibi
Hi everyone! Today we are looking at a threat that appeared recently: a new ransomware called Sodinokibi.Apr 16, 2019 ![Malware Tales: Dreambot]()
Malware Tales: Dreambot
Today we are going to talk about one of the biggest threats that is spreading in these days, in particular in Italy: Dreambot, the most recent version of a malware also known as Ursnif, or Gozi.Feb 14, 2019 ![Malware Tales: Gootkit]()
Malware Tales: Gootkit
Today we are going to start a new series of blog posts called “Malware tales”: the intent is to go deep on code-level analysis of most widespread malware to allow everyone to get a better picture of everyday cyber threats.Nov 23, 2018 ![Sload hits Italy. Unveil the power of powershell as a downloader]()
Sload hits Italy. Unveil the power of powershell as a downloader
Hi everyone, here is Matteo Lodi, Threat Intelligence Analyst in Certego.Recently, we saw a particular new spam campaign targeting italian users with the focus of delivering a downloader known as Sload.Apr 20, 2018 ![Mailsnif]()
Mailsnif
Nelle ultime settimane i sistemi di monitoraggio Certego hanno rilevato un significativo aumento nella diffusione del malware UrsnifJan 19, 2018 ![New spam campaign delivering evasive malware]()
New spam campaign delivering evasive malware
Hi everyone, here’s Matteo Lodi, member of the Incident Response Team. Today, we want to talk about a new threat we have just detected while analyzing the alerts generated by our platform.Jan 11, 2018 ![Ruby RCE pushing Monero Coinminer]()
Ruby RCE pushing Monero Coinminer
Our threat intelligence platform has been logging a huge spike in ruby http exploiting since yesterday (10 January) at 23:00. The exploit has been trying to leverage a fairly old CVE (CVE-2013-0156) that allows remote code execution.Dec 05, 2017 ![Nearly undetectable Qarallax RAT spreading via spam]()
Nearly undetectable Qarallax RAT spreading via spam
Hi everyone, here's Matteo Lodi, member of the Incident Response Team. This time i want to talk about a new threat we detected randomly while analyzing the alerts generated by our platform.Jun 23, 2017 A pesca con Cedacriall
Da Aprile 2017 le piattaforme di threat intelligence di Certego hanno iniziato a seguire alcune particolari campagne di spam volte a diffondere trojan bancari su target italiani.Sep 21, 2016 ![BadEpilogue: The Perfect Evasion]()
BadEpilogue: The Perfect Evasion
Starting from May 2016, Certego Threat Intelligence platform has been detecting multiple viral spam campaigns using a new evasion technique. These attacks are able to hide malicious attachments inside a specific area of the MIME/Multipart structure and to avoid Content Filtering controlsOct 15, 2015 ![Italian spam campaigns using JS/Nemucod downloader]()
Italian spam campaigns using JS/Nemucod downloader
Our studies about 3 different malware that are using a JavaScript downloader called JS/NemucodAug 14, 2015 ![Nuclear Exploit Kit serving new Ransomware variant]()
Nuclear Exploit Kit serving new Ransomware variant
A few hours ago Certego's Incident Response Team detected a malware campaign serving a new Ransomware variant through Nuclear Pack Exploit Kit.Feb 06, 2015 ![Several Italian forums compromised with Exploit Kit]()
Several Italian forums compromised with Exploit Kit
In the last few days, Certego threat monitoring systems detected a malware distribution campaign affecting several forums hosted on italian domains.
Subscribe
Sign up to our newsletter
Services
Platform
Resources
Company
Copyright © 2023 www.certego.net
Certego S.R.L. · P.I. 03517100362
Privacy/Cookie Policy
Privacy Policy Customer/Supplier
Certego S.R.L. · P.I. 03517100362
Privacy/Cookie Policy
Privacy Policy Customer/Supplier
Certego S.R.L.
Address: Via F. Lamborghini 81, 41121 Modena (MO)
Address: Via F. Lamborghini 81, 41121 Modena (MO)