Telsy partecipa all’Open Innovation challenge della Regione Lazio

Telsy partecipa all’Open Innovation challenge della Regione Lazio

Lo scorso 29 aprile Telsy ha lanciato, in collaborazione con la Regione Lazio e Lazio Innova, la challenge “Autenticazione innovativa per dispositivi mobili”. L’obiettivo della sfida è quello di promuovere la progettazione e lo sviluppo di metodi e tecnologie innovative per l’autenticazione su dispositivi mobili. Ai gruppi partecipanti viene richiesto in particolare di sviluppare un sistema di autenticazione realmente affidabile e sicuro, capace di proteggere efficacemente gli smartphone del futuro.  In particolare la challenge è rivolta a: startup e PMI innovative registrate nelle apposite sezioni del Registro delle impresemicroimprese, startup e PMIteam informali composti da almeno tre personespin off universitari e di centri di ricerca. Le iscrizioni sono aperte e […]

Telsy’s report on UniCredit’s data breach went viral worldwide

Telsy’s report on UniCredit’s data breach went viral worldwide

On the evening of April 19, Telsy denounced that the personal data of about 3000 employees of the UniCredit S.p.A. bank, one of the largest banks in Italy, had been put on sale on cybercrime forums. According to the seller, in the leak there are information about thousands of employees, including emails, phone numbers, encrypted password, last name and first name. The database was found available on at least two cyber-crime and hacking related forums. In the following hours the article published by Telsy on its blog (which can be found at the following link )has been reported by several major news agency worldwide. Telsy’s CEO, Emanuele Spoto, commented: “Yesterday […]

Unicredit employees database for sale on cyber-crime forums

On the late afternoon of 19/04/2020, a threat actor posted a new sale on a hacking and cyber-crime forum selling the database of UniCredit employees. UniCredit S.p.A. is an Italian banking and a global financial services company. It is present on 17 countries and has almost 100k employees worldwide. While currently we are not aware how this potential data loss could have occurred, according to the actor post, in the leak there are information about thousand of employees, including emails, phone, encrypted password, last name and first name. We found the database being available on at least two cyber-crime and hacking related forum. The nickname of the user selling it […]

Coronavirus: reported a new campaign of spear phishing attacks to steal personal data

Coronavirus: reported a new campaign of spear phishing attacks to steal personal data

A few days ago, on the 27th of March, industry reporting signalled a new campaign of Covid-19/ coronavirus-themed spear phishing attacks that illegitimately uses the WHO (World Health Organization) mark, to spread another variant of the info-stealer Lokibot, in order to steal personal data and confidential information from the victims of the attack. This is not the first time that this particular malware has appeared, in fact numerous versions, all derived from the original source code, have already been identified. The most disparate methods were also used for what concerns the means of distribution. This spear phishing campaign has already spread rapidly in different parts of the world, especially in […]

Cyber Security: come gestire le minacce nelle comunicazioni mobili

Cyber Security: come gestire le minacce nelle comunicazioni mobili

Il 7 aprile 2020 Telsy ha partecipato ufficialmente al webinar – Cyber Security: come gestire le minacce nelle comunicazioni mobili – organizzato da Samsung Electronics Italia e FPA -FORUM PA. Nel corso del webinar, a cui hanno partecipato più di seicento persone, sono intervenuti tre relatori: Alessio Pennasilico (Information & Cyber Security Advisor e membro del Comitato Direttivo di Clusit), Matteo Rigoni (Enterprise Program Manager di Samsung Electronics Italia) e Fabrizio Vacca (Chief Innovation Officer di Telsy). I relatori hanno discusso dei problemi emersi negli ultimi anni a causa del massiccio utilizzo di app di messaggistica istantanea, quali Whatsapp, Telegram e Messenger, per le comunicazioni aziendali e la condivisone di […]

Cybercriminals trojanized orginal SM Covid-19 awareness Android app to target Italy

Cybercriminals trojanized orginal SM Covid-19 awareness Android app to target Italy

In these days of particular sacrifices due to the spread of the COVID-19 pandemic, cyber criminals do not seem to save anyone and on the contrary, taking advantage of the emotional involvement that many people have towards this topic, they have continued and in many cases increased their hostile activities not only against normal users but also towards the health and pharmaceutical research sector. In the late evening of yesterday, within the COVID-19 CTI League, a group of about 400 experts gathered together to combat cyber threats related to the exploit of Covid-19 themed campaigns, a potentially malicious application emerged aimed at Italian users. A few moments later the same […]

Quantum challenges to cryptography: why the future is already here

Quantum challenges to cryptography: why the future is already here

More and more often, we hear rather dramatic and movie-like statements about how the quantum era will change many aspects of our life, among which also cryptography and, therefore, security. It often feels like we are about to be thrown in a sci-fi movie in which we will live an extremely high-tech life, surrounded by super intelligent machines and ultra-powerful computers. At the same time, it feels like we have been at the edge of this “brave” new world for quite a bit of time, but never really in it; as if it was just a matter of time – even though  we cannot really say how long – before […]

Telsy Cyber Security Awareness – Stay cyber safe at home

Telsy Cyber Security Awareness – Stay cyber safe at home

Il responsabile della divisone di Cyber Security e Threat Intelligence di Telsy, Emanuele De Lucia, ha stilato un documento rivolto all’utenza comune utile ad accrescere la consapevolezza dei rischi del cyber spazio in questo periodo di emergenza dovuto alla diffusione del “nuovo corona virus“. Sempre più forza lavoro del Paese infatti, si trova a dover espletare i propri obblighi professionali da reti e sistemi originariamente pensati per un esclusivo uso privato, esponendo dati ed informazioni a rischi precedentemente mitigati dalle misure di sicurezza interne ai perimetri aziendali. Tale documento contiene alcune linee guida su come proteggere la propria privacy e la confidenzialità dei dati lavorati all’interno delle proprie abitazioni. E’ […]

Strengthen Android privacy and security via Telsy free secure DNS over TLS

Strengthen Android privacy and security via Telsy free secure DNS over TLS

Starting from Android 9 Pie (https://www.android.com/versions/pie-9-0/ ), Google has released some interesting features related to the tuning of its mobile operating system and in particular the possibility of modifying some settings in order to increase its security and privacy. Indeed, anyone who has browsed the network settings tabs once obtained this release of the OS may have already noticed the possibility of setting his/her own private DNS with TLS (Transport Layer Security) support. This new feature represents a big step forward in simplifying some procedures that were previously necessary to achieve acceptable levels of privacy and security for Android devices. For example, during normal browsing, an Android device, like other […]

APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants

APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants

Very recently another custom malicious implant that seems to be related to APT34 (aka OilRig) has been uploaded to a major malware analysis platform. Since 2014, year in which FireEye spotted out this hacking group, APT34 is well-known to conduct cyber operations primarily in the Middle East, mainly targeting financial, government, energy, chemical and telecommunications sector. In this case, the threat group probably compromised a Microsoft Exchange account of a sensitive entity related to Lebanese government, and used the mail server as command-and-control of the implant. All the traffic between the compromised machine and the C2 is conveyed through legit email messages, making the implant identification harder. The victim seems […]