Fortgale | Cybersecurity and Cyber Threat Intelligence Blog

May 24, 2021 ·Emerging Threats

Protected: DARKSIDE – Il gruppo e l’evoluzione

There is no excerpt because this is a protected post.

May 21, 2021 ·Emerging Threats

Agent Tesla del 2021-05-20

Agent Tesla Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold. The spyware is created using .Net software framework. It is aimed at stealing personal data and transmitting … Read more

Read the analysis

May 19, 2021 ·Featured

REvil Ransomware Operator: A time zone analysis

In April 2021, an unidentified Gold Southfield operator carried out a Ransomware attack against a European company. The initial access is performed by Gold Cabin, an access broker, that deploys IceID (Bokbot), a Remote Access Tool (RAT) malware[link]. Once inside the company, the access broker passes privileges to the main operator who deploys the REvil ransomware. This threat actor … Read more

Read the analysis

May 17, 2021 ·Emerging Threats

Vendita di accessi a server di virtualizzazione aziendali

Ultime Attività Note Access Broker Coinvolti Stato Attuale delle compravendite Le vulnerabilità sfruttate CVE-2021-21972 – vSphere Client (HTML5) Questa vulnerabilità permette l’esecuzione di codice arbitrario con privilegi illimitati sul sistema operativo che ospita il server vCenter a chiunque abbia accesso alla porta 443. Le versioni vulnerabili del server sono: VMware vCenter Server 7.x precedenti a … Read more

Read the analysis

May 17, 2021 ·Emerging Threats

DarkSide Ransomware: Colonial Pipeline hack

Read the analysis

May 17, 2021 ·Emerging Threats

REvil Ransomware: disponibile la versione per cifrare Server Linux

Read the analysis

April 14, 2021 ·Emerging Threats

Report Italia: Microsoft Exchange

Nel Mese di Marzo, Microsoft ha pubblicato un bollettino di sicurezza per l’applicazione di patch di Microsoft Exchange. L’urgenza della patch era dovuta all’evidenza che il gruppo criminale Hafnium stesse sfruttando certe vulnerabilità per compromettere i server di diverse società nel mondo (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 e CVE-2021-27065). Proprio in questi giorni sono state identificate nuove vulnerabilità del … Read more

Read the analysis

March 30, 2021 ·Emerging Threats

Cyber Threat Intelligence – Attacchi Hacker Aziende Italiane

Questo accesso iniziale può essere sfruttato dai criminali con un ulteriore evoluzione delle attività offensive, in particolar modo in attacchi: Ransomware Esfiltrazione dati aziendali Movimenti laterali all’interno delle reti aziendali I nostri servizi Difensivi Per maggiori informazioni: contatti

Read the analysis

March 30, 2021 ·Uncategorized

Malware Ursnif – Tema Agenzia delle Entrate

Il dropper Comportamento del Malware I nostri servizi Difensivi Per maggiori informazioni: contatti

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy