In recent days, a fake version of Salesforce has been exploited to carry out a particularly sophisticated vishing attack. Cybercriminals, posing as internal operators or company technicians, contacted victims by phone with the aim of…
10 June 2025
Tech Blog
CERT Posts
In recent years, the use of tools known as sandboxes has grown significantly. These platforms offer a secure, isolated environment in which suspicious files, emails and potentially harmful links can be examined without risking compromise…
3 June 2025
The Chinese-linked APT group UNC5174 has been observed deploying an advanced malware toolkit targeting Linux systems, combining a custom downloader known as SNOWLIGHT with a stealthy and powerful remote access trojan called VShell. What…
6 May 2025
In recent times, the “E-crime as a service” phenomenon has radically changed the cybercrime landscape, opening the door to “low-skill” criminals. Thanks to an increasingly accessible ecosystem and the availability of turnkey criminal tools, today…
29 April 2025
Since 2024, a new cybercriminal group has been targeting various companies with sophisticated and evasive techniques. Our Incident Response team has intervened several times to neutralise it, and in this article we provide an analysis…
8 April 2025
The dark web hosts a complex ecosystem where licit and illicit activities intertwine, offering anonymity but also exposing to significant risks. The main communication between criminal hackers takes place in specialised forums that serve as…
25 March 2025
We often hear about BEC, an acronym that stands for Business Email Compromise, a threat we all face every day in our mailbox. But in fact, what are we talking about? How to avoid falling…
11 February 2025
In recent days, DeepSeek, a new artificial intelligence model of Chinese origin, has rapidly gained popularity and sparked discussions both economically and in terms of cybersecurity. On one hand, many observers note how DeepSeek has…
30 January 2025
For a long time, the main mode of software development has globally rested on the concept of ‘as long as it works’, and most applications (particularly web applications) developed over the last two decades have…
21 January 2025
On 19 December 2024 at 00:03 UTC, ransomware group LockBit announced the release of LockBit 4.0 on its leak site (DLS). Known for its aggressive tactics and frequent updates, LockBit introduces an even more advanced…
14 January 2025
Tech Updates
Network Intrusion Detection Systems (NIDS) are fundamental tools in contemporary computer security, designed to identify malicious activity and security policy violations through continuous monitoring of network traffic. The primary objective of a NIDS is to…
18 March 2025
In the cybersecurity landscape, the focus has often been on identifying threats, which is crucial but not sufficient to ensure a comprehensive defence. The Cyberoo team has observed a growing need to improve remediation management,…
28 November 2024
In recent months CYBEROO has launched Cypeer Agent X: an advanced agent designed to enhance the Cypeer MDR (Managed Detection and Response) with an in-depth analysis of the company’s security posture. In this article, we…
23 October 2024
In recent months, we have released a new module for the MDR Cypeer: CypeerPOT. This new functionality further enriches the capabilities of our Managed Detection and Response (MDR), offering an advanced way to identify ongoing…
13 September 2024
Realized a new Dashboard for immediate horizontal correlation of alerts The introduction of the new alert management dashboard represents a significant step forward in the way companies monitor and manage internal security. In fact, this…
11 March 2024
CSI (Cyber Security Intelligence) is CYBEROO’s Threat Intelligence service, based on Open Source Intelligence. Its goal is to detect, collect and analyze sensitive information and data found in the Deep and Dark Web to protect…
18 January 2024
CYBEROO’s continuous investment in R&D has made possible the release of important updates to the Cypeer module, with the implementation of advanced Adaptive AI and Machine Learning technologies that enable improved analysis and stronger security…
29 November 2023
Incident Response Reports
In the world of cybersecurity, incident response is a crucial process that requires precision and expertise. A significant example of an effective intervention by Cyberoo Incident Response Team is the case of a well-known consultancy…
15 November 2024
Infostealers: silent thieves in the digital world Infostealers are a particularly insidious type of malware, designed to steal personal and sensitive information stealthily and often unnoticed. These malicious programmes operate in the background, collecting data…
9 October 2024
Knowing how to read a log and recognizing a behavioral anomaly, especially on non-working days and times, will inevitably reduce the risk of impairment. Recently, Cyberoo’s Incident Response team was engaged after a total Ransomware…
17 June 2024
We often talk about data protection and how to protect against exfiltration as malware and ransomware attacks of different types continue to proliferate. Nevertheless, the reality is that companies are still doing too little. Cyberoo’s…
27 May 2024
The statistics speak for themselves: the increase in ransomware attacks turns out to be across different organizations, regardless of their industry. This phenomenon can be attributed to several factors, including lack of adequate investment in…
24 April 2024
It often happens to work with companies that have signed contracts with ICT service providers that turn out to be inefficient when needed. In today’s business environment, Cybersecurity management must be configured as a multidimensional…
25 March 2024
It is common to have to deal with IT incidents and be faced with undesirable situations, not because of the type or severity of the incident, but rather because of the lack of organization of…
8 March 2024
Recently, a company in northern Italy was victim of a serious cyber attack that resulted in the compromise of its infrastructure and the interruption of operations. The perpetrators of the malicious attack gained unauthorized access…
25 May 2023
