Fortgale | Cybersecurity and Cyber Threat Intelligence Blog

March 30, 2021 ·Emerging Threats

Ursnif Malware — Italian Tax Agency lure

Ursnif campaign abusing the Italian Tax Agency (Agenzia delle Entrate) brand as social-engineering lure: Italian-language phishing templates and host indicators.

Read the analysis

March 7, 2021 ·Emerging Threats

Handling the Microsoft Exchange Server cyber attack — why it can be worse than WannaCry

Mass exploitation of ProxyLogon (CVE-2021-26855/26857/26858/27065) on Microsoft Exchange Server: web shell hunting, two distinct intrusion sets observed in Italy, defensive guidance and post-compromise containment.

Read the analysis

February 2, 2021 ·Emerging Threats

PurpleFox: analysis of the compromise chain

PurpleFox malware framework: rootkit components, MSI installer abuse, exploit-driven worm capabilities and lateral movement patterns observed in Italian intrusions.

Read the analysis

December 2, 2020 ·Emerging Threats

Security considerations — Cloud E-mail

Security trade-offs of moving corporate email to cloud platforms (Microsoft 365, Google Workspace): attack surface, account takeover patterns, MFA hardening and detection requirements.

Read the analysis

December 2, 2020 ·Emerging Threats

Mapping a cyber attack — the Italian case

Mapping a real Italian intrusion onto the MITRE ATT&CK framework: phases, techniques, telemetry sources and lessons for SOC detection-engineering.

Read the analysis

November 24, 2020 ·Emerging Threats

50 000 companies compromised, 700 Italian organisations among them

Mass compromise impacting 50 000 organisations globally with 700 Italian entities affected: scope, exploitation chain and defensive priorities.

Read the analysis

November 22, 2020 ·Emerging Threats

Cyber Defence: 3 priorities for enterprise security

Three foundational defensive activities every organisation should run continuously: monitoring, detection-engineering and incident response — paired with threat intelligence.

Read the analysis

November 19, 2020 ·Emerging Threats

Under Ransomware attack — the story of an incident response

Field account of a ransomware incident response engagement: initial scoping, eradication, recovery decisions and lessons learned about preparation gaps.

Read the analysis

November 19, 2020 ·Emerging Threats

How to reduce the likelihood of a Ransomware attack

Practical guidance to reduce ransomware risk: addressing the ‘we’re not a target’ fallacy, exposed services, weak credentials, missing backup discipline and detection gaps.

Read the analysis

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie & Privacy