Telsy Cyber Security Awareness – Stay cyber safe at home

Telsy Cyber Security Awareness – Stay cyber safe at home

Il responsabile della divisone di Cyber Security e Threat Intelligence di Telsy, Emanuele De Lucia, ha stilato un documento rivolto all’utenza comune utile ad accrescere la consapevolezza dei rischi del cyber spazio in questo periodo di emergenza dovuto alla diffusione del “nuovo corona virus“. Sempre più forza lavoro del Paese infatti, si trova a dover espletare i propri obblighi professionali da reti e sistemi originariamente pensati per un esclusivo uso privato, esponendo dati ed informazioni a rischi precedentemente mitigati dalle misure di sicurezza interne ai perimetri aziendali. Tale documento contiene alcune linee guida su come proteggere la propria privacy e la confidenzialità dei dati lavorati all’interno delle proprie abitazioni. E’ […]

Strengthen Android privacy and security via Telsy free secure DNS over TLS

Strengthen Android privacy and security via Telsy free secure DNS over TLS

Starting from Android 9 Pie (https://www.android.com/versions/pie-9-0/ ), Google has released some interesting features related to the tuning of its mobile operating system and in particular the possibility of modifying some settings in order to increase its security and privacy. Indeed, anyone who has browsed the network settings tabs once obtained this release of the OS may have already noticed the possibility of setting his/her own private DNS with TLS (Transport Layer Security) support. This new feature represents a big step forward in simplifying some procedures that were previously necessary to achieve acceptable levels of privacy and security for Android devices. For example, during normal browsing, an Android device, like other […]

APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants

APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants

Very recently another custom malicious implant that seems to be related to APT34 (aka OilRig) has been uploaded to a major malware analysis platform. Since 2014, year in which FireEye spotted out this hacking group, APT34 is well-known to conduct cyber operations primarily in the Middle East, mainly targeting financial, government, energy, chemical and telecommunications sector. In this case, the threat group probably compromised a Microsoft Exchange account of a sensitive entity related to Lebanese government, and used the mail server as command-and-control of the implant. All the traffic between the compromised machine and the C2 is conveyed through legit email messages, making the implant identification harder. The victim seems […]

ON THE CONDITION NUMBER OF THE VANDERMONDE MATRIX OF THE nTH CYCLOTOMIC POLYNOMIAL

ON THE CONDITION NUMBER OF THE VANDERMONDE MATRIX OF THE nTH CYCLOTOMIC POLYNOMIAL

Edoardo Signorini is an undergraduate student who is currently working on various projects in Telsy, while writing his thesis about the “Post Quantum Cryptography”. Furthermore, he also published his work together with two professors of the Polytechnic of Turin, Carlo Sanna and Antonio Jose’ Di Scala, as a part of the amazing job that he is doing within the Company. Following the abstract: Recently, Blanco-Chac´on proved the equivalence between the Ring Learning With Errors and Polynomial Learning With Errors problems for some families of cyclotomic number fields by giving some upper bounds for the condition number Cond(Vn) of the Vandermonde matrix Vn associated to the nth cyclotomic polynomial. We prove […]

Webinar: ”Iranian Cyber Capabilities”

Webinar: ”Iranian Cyber Capabilities”

On March 6th at 11 am our Head of CTI Division, Emanuele de Lucia, and our CTI Analyst, Marco di Costanzo, will hold a webinar entitled ”Iranian Cyber Capabilities”.This webinar will focus on recent moves on Iran in Cyber Threat Landscape. To apply for participation leave a comment on our blog specifying Company and Corporate email to which further details will be sent (No comment will be shown on the blog).

Telsy has been involved in the organization of the seminar: “BITCOIN, LA MONETA SENZA AUTORITÀ”.

Telsy has been involved in the organization of the seminar: “BITCOIN, LA MONETA SENZA AUTORITÀ”.

The event will take place on 28 of February, at Turin University, in “Aula Buzano”. Following a short abstract: “Bitcoin is a digital currency that operates without any central authority. The key technology behind Bitcoin is the blockchain, a public and distributed register that stores coin exchanges that take place in Bitcoin. The seminar will show how Bitcoin and blockchain work. Some of the myths that have been created around this technology will also be disproved. Lastly, will be presented a research work on the problem of scalability, a problem that prevents Bitcoin from becoming a world-class payment system.”

A Password is not a Pass-Word

A Password is not a Pass-Word

From bank accounts to entertainment, our virtual life is wider than ever, and with the 4th industrial revolution is only meant to grow at an exponential rate. Within this redefined framework, the security of our virtual life will strongly depend on the passwords we choose to protect it. In 2015 the password manager app Dashlane conducted an analysis on their clients revealing that every user owns an average of 90 accounts online. Therefore the amount of data we potentially expose online is massive and the issue of how to protect them must be addressed. The question is: if you were to live in a house with 90 doors facing the […]

Meeting POWERBAND: The APT33 .Net POWERTON variant

Meeting POWERBAND: The APT33 .Net POWERTON variant

// Introduction Since the Islamic revolution, US and regional rivals have put continuos effort in containing and isolating Iran. Implementing a foreign policy generally addressed as “strategic loneliness”, Iran’s defense strategy has been designed to compensate for the country’s low level of conventional capabilities with its activity in asymmetric warfare, and especially in the cyber domain. Indeed, the implementation of the ‘maximum pressure strategy’ by the US has increased the tensions between Washington and Teheran, leading to an all-time low in the history of their relations. The combination of international and economic pressure and of asymmetric warfare is making room for further escalation in the area. Advanced Persistent Threat 33 […]

How well does my car know me?

How well does my car know me?

It is certain that our cell phones and electronic devices collect a wide variety of data about us. On top of the new technologies to which we expose our home life (like Alexa or Google Home), our cars can be thought of as smartphones with wheels. Cars are being provided with more software than ever and with built-in navigation systems that memorize where we go (e.g. office, home or favourite café), the frequency with which we go there, how long we stay, and so on. Even car-sharing services have a built-in box that collects data about our driving styles. Granted that gathering information can improve driving performance and safety, the […]

Tamper detection technologies: it takes a thief to catch a thief

Tamper detection technologies: it takes a thief to catch a thief

Tamper detection is a concept already present in our everyday life, even when we are not aware that it can be called by that name, or even that it is implemented at all. Tamper detection and tamper evidence methods are already in use in many common situations: specific tamper evidence mechanisms are used to provide proof of unauthorized access to the inner components of a device (i.e. it can void the warranty) or even just of a luxury good in department stores. We speak about tamper evidence when the goal is to reveal the unauthorized access upon examination by a human, and about tamper detection when we implement some sort […]