Apr 28, 2023Honeypot: trappole per cybercriminaliNonostante il nome invitante, gli Honeypot danno filo da torcere agli hacker. Scopriamo perché queste “trappole” rappresentano un tassello fondamentale delle strategie adattive di cybersecurity di ogni azienda
Apr 07, 2023Cyber Threat Intelligence: conosci e anticipa il tuo avversarioQuali sono le nuove minacce che potresti affrontare nell’immediato futuro? La conoscenza dell’avversario è un fattore imprescindibile per aumentare le proprie difese informatiche. Scopriamo come farlo con la Cyber Threat Intelligence
Apr 28, 2023Honeypot: trappole per cybercriminaliNonostante il nome invitante, gli Honeypot danno filo da torcere agli hacker. Scopriamo perché queste “trappole” rappresentano un tassello fondamentale delle strategie adattive di cybersecurity di ogni azienda
Apr 07, 2023Cyber Threat Intelligence: conosci e anticipa il tuo avversarioQuali sono le nuove minacce che potresti affrontare nell’immediato futuro? La conoscenza dell’avversario è un fattore imprescindibile per aumentare le proprie difese informatiche. Scopriamo come farlo con la Cyber Threat Intelligence
Mar 23, 20235 motivi per affidarsi ai servizi di MDRIl panorama delle minacce alla sicurezza informatica è in continua evoluzione. Scopriamo insieme come aumentare i livelli di sicurezza grazie ai servizi di Managed Detection & Response (MDR)
Jan 05, 2023Why you need a security operation center (SOC)Companies have more cybersecurity options at their disposal than ever before. Find out how to increase your security posture
Dec 24, 2020Handling a distributed cryptominer AD wormThis and last week, the Certego Incident Response team handled a powershell based Active Directory compromise on multiple of our customer networks. Although the actors seemed to be intent on spreading a Cryptominer malware, due to some technical aspects the campaign could hide a second goal
Sep 28, 2020Introducing PcapMonkeyAn easy way to analyze pcap using the latest version of Suricata and Zeek
Jul 08, 2020Advanced VBA macros: bypassing olevba static analyses with 0 hitsOne of the most common techniques for getting a foothold on a network client is based on Office files containing a malicious VBA macro. VBA macros are still widely used in a business context and, despite the mitigations offered by security vendors and Microsoft, it is still essential to detect evasion techniques in order to catch smart attackers.
May 11, 2020Certego research at the HITB Security ConferenceSome of us are active members of the Honeynet Project and have contributed to some famous open source tools like Cuckoo Sandbox or Thug
Apr 07, 2020Certego joins the community of contributors to VirusTotalCertego joined VirusTotal, the biggest aggregator of antivirus engines and website scanners
Jan 25, 2020netscaler_threathunter.shA bash2 compatible script to digital forensic and incident response on Citrix ADC
Oct 24, 2019FTdecryptor: a simple password-based FTCODE decryptorHi there, this is Gabriele Pippi, from the Certego Purple Team. I want to share this simple password-based FTCODE decryptor
Oct 24, 2019New year, new tool: Intel OwlWe would like to open this new decade by releasing a new tool that is called Intel Owl. We hope that it could help the community, in particular those researchers that can not afford commercial solutions, in the generation of threat intelligence data, in a simple, scalable and reliable way.
Oct 02, 2019Malware Tales: FTCODEHi everyone! Today we are talking about a new ransomware we spotted being distributed in the wild dubbed as FTCODE.
Jun 14, 2019Malware Tales: SodinokibiHi everyone! Today we are looking at a threat that appeared recently: a new ransomware called Sodinokibi.
Apr 16, 2019Malware Tales: DreambotToday we are going to talk about one of the biggest threats that is spreading in these days, in particular in Italy: Dreambot, the most recent version of a malware also known as Ursnif, or Gozi.
Feb 14, 2019Malware Tales: GootkitToday we are going to start a new series of blog posts called “Malware tales”: the intent is to go deep on code-level analysis of most widespread malware to allow everyone to get a better picture of everyday cyber threats.
Nov 23, 2018Sload hits Italy. Unveil the power of powershell as a downloaderHi everyone, here is Matteo Lodi, Threat Intelligence Analyst in Certego.Recently, we saw a particular new spam campaign targeting italian users with the focus of delivering a downloader known as Sload.
Apr 20, 2018MailsnifNelle ultime settimane i sistemi di monitoraggio Certego hanno rilevato un significativo aumento nella diffusione del malware Ursnif
Jan 19, 2018New spam campaign delivering evasive malwareHi everyone, here’s Matteo Lodi, member of the Incident Response Team. Today, we want to talk about a new threat we have just detected while analyzing the alerts generated by our platform.
Jan 11, 2018Ruby RCE pushing Monero CoinminerOur threat intelligence platform has been logging a huge spike in ruby http exploiting since yesterday (10 January) at 23:00. The exploit has been trying to leverage a fairly old CVE (CVE-2013-0156) that allows remote code execution.
Dec 05, 2017Nearly undetectable Qarallax RAT spreading via spamHi everyone, here's Matteo Lodi, member of the Incident Response Team. This time i want to talk about a new threat we detected randomly while analyzing the alerts generated by our platform.
Jun 23, 2017A pesca con CedacriallDa Aprile 2017 le piattaforme di threat intelligence di Certego hanno iniziato a seguire alcune particolari campagne di spam volte a diffondere trojan bancari su target italiani.
Sep 21, 2016BadEpilogue: The Perfect EvasionStarting from May 2016, Certego Threat Intelligence platform has been detecting multiple viral spam campaigns using a new evasion technique. These attacks are able to hide malicious attachments inside a specific area of the MIME/Multipart structure and to avoid Content Filtering controls
Oct 15, 2015Italian spam campaigns using JS/Nemucod downloaderOur studies about 3 different malware that are using a JavaScript downloader called JS/Nemucod
Aug 14, 2015Nuclear Exploit Kit serving new Ransomware variantA few hours ago Certego's Incident Response Team detected a malware campaign serving a new Ransomware variant through Nuclear Pack Exploit Kit.
Feb 06, 2015Several Italian forums compromised with Exploit KitIn the last few days, Certego threat monitoring systems detected a malware distribution campaign affecting several forums hosted on italian domains.