Traduttore automatico - Read this site in another language

giovedì 28 febbraio 2019

Updating F-35 Electronic Warfare Systems

Press release 28 Feb 2019

AN/ASQ-239 system updates improve warfighters’ ability to conduct critical missions in contested airspace
BAE Systems, a leader in electronic warfare (EW) technology, today announced a critical program milestone with the successful insertion of new technology into its EW systems for the global fleet of fifth-generation F-35 Lightning II fighter aircraft. Upgrades to the AN/ASQ-239 system position it to meet future capability requirements and improve warfighters’ ability to conduct critical missions in contested airspace.
The improved EW system delivers the world-class functionality of the previous system in a smaller footprint, reducing volume and power requirements – creating space for Block IV modernization upgrades. The system update also resolves issues with manufacturing obsolescence that would have otherwise required costly redesign work.
The company’s capacity expansion strategy – including a $100 million investment in 80,000 square feet of state-of-the-art manufacturing space, process automation, and the growth of its highly skilled electronic warfare workforce by more than 23 percent – enabled BAE Systems to become the first F-35 supplier to insert updated technology into its systems at full production speeds – delivering 11 systems monthly and ramping production to match aircraft production. The Digital Channelized Receiver/Techniques Generator and Tuner Insertion Program (DTIP) technology was introduced into BAE Systems’ manufacturing process in 2018, with the first deliveries starting in July. The team is consistently providing 11 shipsets per month, enabling the company to continue on-time delivery to its customer.
“We’ve delivered almost 400 EW systems to date, and now we’ve updated the architecture and are manufacturing it at a high rate of production. This technology insertion gives the EW system room to grow, and will help the F-35 maintain its dominance of the electromagnetic spectrum,” said Deborah Norton, VP of F-35 Solutions at BAE Systems. “The successful insertion of DTIP was the result of the outstanding focus, dedication, and teamwork of our engineering and production teams working in close coordination with our customer.”
The advanced F-35 EW system is a proven digital electronic warfare/countermeasures suite that provides pilots with real-time battlespace situational awareness and rapid-response capabilities. The ASQ-239 system provides fully integrated radar warning, targeting support, and self-protection capabilities to engage, counter, jam, or evade threats to improve survivability and mission effectiveness. The system builds on BAE Systems 60-plus years of EW experience and legacy of providing 13,500 tactical systems for more than 80 different platforms, including F-22, F-16, F-15, B-1, B-2, and classified platforms. For more information, visit:
Ref. No. /2019

Avast Threat Labs Debuts - an Intelligence-driven Threat Hunting Platform for the Security Analyst Community

Press release : 26 Feb 2019 Provides Deep Intelligence on Android Malware from Over 145 Million Devices to Aid in the Detection, Discovery, and Eradication of Threats
Mobile World Congress, Barcelona, February 26, 2019 – Avast (LSE:AVST), a leading global cybersecurity provider, today announced the launch of, a mobile threat intelligence platform (MTIP) designed to provide real-time intelligence for Android™ security researchers. is the first platform of its kind to collect and make available intelligence from Avast’s global network of over 145 million mobile users to help researchers fight the growing threat of mobile malware. uses machine learning techniques originally developed to help Avast Threat Labs better hunt and track mobile threats and is now available to external threat researchers to improve the detection, discovery, and eradication of mobile malware.
“Fighting mobile malware in today's highly connected world is a tough challenge that cannot be solved by a single company alone,” said Nikolaos Chrysaidos, Head, Mobile Threat Intelligence & Security for Avast Threat Labs. “The industry needs a coordinated approach, where security vendors and the broader security community unite in their mission to beat cybercrime, so the cost and benefit ratio stays in our favor, and that's why we're making widely available."
The insight from has already lead to the discovery and delisting of more than 130 malicious applications from the Google Play Store. For example, in the case of the BankBot Trojan, the malware family tracking feature in enabled Avast to identify and detect every sample of the virus that was being uploaded to Google Play within a matter of hours of them appearing.
Avast has developed reliable and real-time classifiers that examine every strain of malware, categorizing like with like, and creating a more complete picture of each particular malware family. The platform is designed to deliver coherent analysis of both static and dynamic flow, meaning it can study the behavior of every malware strain while it’s dormant as well as active. The platform currently analyses 20,000 samples every day.
In the last year, the Avast Threat Labs has tracked a 375 percent growth in Adware as a malware category; it now makes up more than 52 percent of all mobile threats today. Aggressive adware is malware that pushes or spams user devices with a large number of advertisements. The Avast Threat Labs saw an increase of 78 percent year over year growth in the category of mobile banking threats that try to trick the user into giving up their bank account details by pretending to be a legitimate banking application.
Qualified researchers, analysts, and incident response professionals are all eligible to apply for access to the platform - all applications to join the platform are individually reviewed to maintain the integrity of the platform. The data feeding the platform comes from the devices that Avast protects as well as third parties and partners. These sources generate file samples which feed the platform, whose first task is to assess if they are suspect or not.

mercoledì 27 febbraio 2019

Wipro to offer Advanced Cybersecurity Services layered with Microsoft Security Capabilities

Press Release Wipro, Bangalore, India – February 26, 2019

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting and business process services company, is announcing the expansion of its global relationship with Microsoft Corp. to offer digital security services to their clients across the globe. As part of this relationship, Wipro will offer integrated digital security services, including Microsoft Azure and Microsoft 365 based security services.
Wipro is helping global clients in their journey of digital innovation, optimization and transformation, and enabling business to be more secure and compliant to regulatory requirements. This initiative will focus on various security services integrating Microsoft Azure and Microsoft advanced security capabilities, including Identity and Access Management, Data Protection and Threat Protection.
Sheetal Mehta, Senior Vice President and Global Head, Cybersecurity & Risk Services, Wipro Limited said, "Wipro has been investing in building security capabilities for the cloud and digital areas and we have seen a good amount of success. We have bet big on cloud security and digital risk management capabilities to secure our clients' business. Our innovative Cyber Defense Platform, that integrates with multiple cloud environments can assist customers with security operations, security monitoring and risk governance in their cloud migration journey. This relationship with Microsoft will offer a unique value proposition for our customers, as it will provide differentiated digital security capabilities coupled with unmatched risk governance-based digital services."
“Customers tell us they need security solutions that offer deeper technical expertise, greater flexibility and the ability to stay ahead of emerging threats as the marketplace evolves,” said Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group, Microsoft Corp. “By extending our relationship with Wipro, customers can better secure their environment with integrated, end-to-end protection, through new options in security that combine Microsoft’s advanced cybersecurity capabilities with Wipro’s extensive IT services.”

Press Release

Red Hat Launches New Certification Program to Support the Future of Telecommunications Innovations

Press release RALEIGH, N.C.   — Red Hat, Inc. 

Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced a new training and certification program emphasizing the next-generation of telecommunications innovation. The Red Hat Certified Architect Program in Telco Cloud focuses on the skills that telecommunications engineers need to build network functions virtualization (NFV) clouds, critical technologies that can help drive advanced services like 5G. Used by Rakuten Mobile Network, Inc., as part of their collaboration with Red Hat in building a fully virtualized core-to-edge NFV cloud, the program is designed to help Red Hat Certified Engineers and Red Hat Certified Architects gain the knowledge needed to effectively use virtualized and cloud-native functions in building telecommunications infrastructure and services.
Through the Red Hat Certified Architect Program in Telco Cloud, our engineers have been able to develop the skills to build and maintain the network, bringing us one step closer to making our vision of creating the world’s first fully-virtualized, end-to-end cloud-native network a reality.
Red Hat Certified Architect in Infrastructure and Red Hat Certified Architect in Enterprise Applications are Red Hat’s highest certifications, representing both depth and breadth of skills and knowledge. The Telco Cloud Program consists of a certification path specifically recommended for professionals in the telecom industry that will lead to RHCA in Infrastructure. Available now, engineers taking the program can gain the skills needed to build open, innovative next-generation infrastructure that covers core to edge processes and technologies, enabling them to more effectively create full-scale NFV clouds.
Participants must first become certified as Red Hat Certified Engineers, and then must earn the following additional certifications:
Supporting Quotes
Red Hat Certified Architect Program in Telco Cloud
Red Hat offers training aligned to all these certifications, available worldwide in a variety of self-paced and instructor-led options and languages. The Red Hat Learning Subscription provides the most flexible, cost-effective means of achieving RHCA.
Randy Russell, director, Certification, Red Hat
"To deliver the future of telco innovation, engineers and architects need the proper skillsets to use emerging technologies like cloud-enabled NFV and Linux containers to their fullest. The Red Hat Certified Architect Program in Telco Cloud is designed to help these individuals gain a greater understanding of the technologies and processes underpinning next-generation telecommunications infrastructure and provide them with the knowledge to bring these advancements to their respective organizations. We’re pleased to have Rakuten Mobile Network as the first organization taking advantage of this program as they work to launch a fully virtualized, end-to-end cloud-native mobile network."
Tareq Amin, CTO, Rakuten Mobile Network, Inc.
"The infrastructure of our new, innovative mobile network leverages complete virtualization of network functions across a telco cloud. This differs dramatically from traditional networks, and requires an entirely new set of skills and knowledge. Through the Red Hat Certified Architect Program in Telco Cloud, our engineers have been able to develop the skills to build and maintain the network, bringing us one step closer to making our vision of creating the world’s first fully-virtualized, end-to-end cloud-native network a reality."
Press release

Immagine tratta da :

lunedì 25 febbraio 2019

Après Daech, un nouvel Irak

Qualche minuto dopo le 18 ha inizio la conferenza dal titolo: "Après Daech, un nouvel Irak". Conferenziere d'eccezione il Presidente dell'Irak Barham Saleh.

Il dibattito è guidato da Thierry de Montbrial, presidente dell'ifri, uno dei più influenti think tank al mondo.

Il Presidente Barham Saleh, eletto lo scorso 2 ottobre 2018, si presenta come una persona pacata, paziente, convinto delle sue idee ma aperto alla discussione.
Il suo paese, dice, è un paese che sta uscendo dalla distruzione dell'ultima guerra, mettendo davanti a tutto la voglia di creare qualcosa da lasciare ai giovani, mettendo da parte odio e risentimenti. Dalla sua elezione ha iniziato a visitare i suoi vicini, l'Iran, l'Afghanistan, la Russia... e con tutti si è parlato della volontà di cambiare corso, della necessità che l'Irak torni un paese stabile e sicuro, perché dalla stabilità e dalla sicurezza possono guadagnare tutti, non solo gli iracheni ma anche tutti coloro che hanno dei legami con l'Irak. 
Un esempio colpisce il nostro immaginario di occidentali, la distruzione delle due guerre mondiali, rievocata dal Presidente  Barham Saleh per paragonarla alla distruzione subita dal suo popolo. Se l'Europa è riuscita a risollevarsi dopo un simile massacro, beh, dice allora possiamo essere ottimisti e dire che possiamo riuscirci anche noi iracheni...
La politica è importante, afferma, ma anche il lavoro per i giovani, la crescita della popolazione, i guadagni, l'industria, la lotta alla corruzione, la cultura...
Ci sono ancora tante cose da fare, dice, tante sfide non da poco, sfide difficili, ma vogliamo tutti dare un segnale forte, che si può tornare alla normalità.
Un segnale di speranza dal Presidente di una terra distrutta dalla guerra ma che, almeno così si spera, ha voglia di andare avanti, superando gli ostacoli che ha davanti e ritornare a vivere.
Questi, in breve, i concetti espressi nella serata e per i quali mi sento di augurare al Presidente i migliori auguri per il futuro.

Alessandro RUGOLO

domenica 24 febbraio 2019

Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says

Oracle Press release 

Oracle and KPMG study finds that confusion over cloud security responsibilities, lack of visibility and shadow IT complicate corporate security

REDWOOD SHORES, Calif. and NEW YORK—Feb 20, 2019

Companies continue to move business critical workloads and their most sensitive data to the cloud, yet security challenges remain, according to the second annual Oracle and KPMG Cloud Threat Report 2019 released today. The report found that 72 percent of respondents feel the public cloud is more secure than what they can deliver in their own data center and are moving data to the cloud, but visibility gaps remain that can make it hard for businesses to understand where and how their critical data is handled in the cloud.
The survey also found a projected 3.5 times increase in the number of organizations with more than half of their data in the cloud from 2018 to 2020, and 71 percent of organizations indicated that a majority of this cloud data is sensitive, up from 50 percent last year. However, the vast majority (92 percent) noted they are concerned about employees following cloud policies designed to protect this data.
The report found that the mission-critical nature of cloud services has made cloud security a strategic imperative. Cloud services are no longer nice-to-have tertiary elements of IT—they serve core functions essential to all aspects of business operations. The 2019 report identified several key areas where the use of cloud service can present security challenges for many organizations.
  • Confusion about the shared responsibility security model has resulted in cybersecurity incidents. Eighty-two percent of cloud users have experienced security events due to confusion over the shared responsibility model. While 91 percent have formal methodologies for cloud usage, 71 percent are confident these policies are being violated by employees, leading to instances of malware and data compromise.
  • CISOs are too often on the cloud security sidelines. Ninety percent of CISOs surveyed are confused about their role in securing a Software as a Service (SaaS) versus the cloud service provider environment.
  • Visibility remains the top security challenge. The top security challenge identified in the survey is detecting and reacting to security incidents in the cloud, with 38 percent of respondents naming it as their top challenge today. Thirty percent cited the inability of existing network security controls to provide visibility into cloud-resident server workloads as a security challenge.
  • Rogue cloud application use and lack of security controls put data at risk. Ninety-three percent of respondents indicated they are still dealing with “shadow IT”—in which employees use unsanctioned personal devices and storage or file share software for corporate data. Half of organizations cited lack of security controls and misconfigurations as common reasons for fraud and data exposures. Twenty-six percent of organizations cited unauthorized use of cloud services as their biggest cybersecurity challenge today.

“The world’s most important workloads are moving to the cloud, heightening the need for a coordinated, integrated and layered security strategy,” said Kyle York, vice president of product strategy, Oracle Cloud Infrastructure. “Starting with a cloud platform built for security and applying AI to safeguard data while also removing the burden of administrative tasks and patching removes complexity and helps organizations safeguard their most critical asset—their data.”
“As organizations continue to transition their cyber security thinking from strictly risk management to more of a focus on business innovation and growth, it is important that enterprise leaders align their business and cyber security strategies,” said Tony Buffomante, U.S. Leader of KPMG LLP’s Cyber Security Services. “With cloud services becoming an integral part of business operations, there is an intensified need to improve the security of the cloud and to integrate cloud security into the organization’s broader strategic risk mitigation plans.”
Oracle Press release

sabato 23 febbraio 2019

ExxonMobil to increase Permian profitability through digital partnership with Microsoft

Microsoft News Center

  • Permian application to generate billions of dollars in value over the next decade and drive capital efficiency
  • Potential to expand production by as much as 50,000 oil-equivalent barrels a day by 2025
  • Largest-ever oil and gas acreage to use cloud technology
IRVING, Texas — February 22, 2019 — ExxonMobil said today a new partnership with Microsoft Corp. will make its Permian Basin operations the largest-ever oil and gas acreage to use cloud technology and is expected to generate billions in net cash flow over the next decade through improvements in analyses and enhancements to operational efficiencies.
The application of Microsoft technologies by ExxonMobil’s XTO Energy subsidiary – including Dynamics 365, Microsoft Azure, Machine Learning and the Internet of Things – is anticipated to improve capital efficiency and support Permian production growth by as much as 50,000 oil-equivalent barrels per day by 2025.
“The combination of Microsoft’s technologies with our unique strengths in oilfield technologies, production efficiency and integration will help drive growth in the Permian and serve as a model for additional implementation across the U.S. and abroad,” said Staale Gjervik, senior vice president, Permian Integrated Development for XTO. “The unconventional business is fast moving, complex and data rich, which makes it well suited for the application of digital technologies to strengthen our operations and help deliver greater value.”
ExxonMobil’s partnership with Microsoft includes an integrated cloud environment that securely and reliably collects real-time data from oil field assets spanning hundreds of miles. The data will enable ExxonMobil to make faster and better decisions on drilling optimization, well completions and prioritization of personnel deployment. Importantly, leak detection and repair response times could be further reduced with enhanced access to emissions data, strengthening XTO’s voluntary actions to manage methane emissions.
ExxonMobil’s application of these technologies in its Permian Basin acreage, which covers a 9.5 billion oil-equivalent barrel resource base and more than 1.6 million acres, represents industry’s largest acreage position using cloud technology.
Alysa Taylor, corporate vice president of Microsoft Business Applications and Industry, said ExxonMobil is taking a leadership approach in its digital strategy.
“ExxonMobil is leading the way for industry, grounding its goals in making data-driven decisions that will result in safer operations for its employees and more profitable activities for the company,” said Taylor. “Our cloud infrastructure and business applications will continue to support ExxonMobil as it fully realizes its strategy across the Permian.”
Microsoft’s platforms, including Azure Data Lake, will enable ExxonMobil to rapidly incorporate third-party solutions at scale across the Permian. Examples include mobile field data apps to optimize well performance, and AI algorithms for analyzing drilling and completions data to improve performance.
With the additional layer of Microsoft’s intelligent business applications, such as Dynamics 365, ExxonMobil and XTO will have a complete, end-to-end view of the Permian operations.
“Digital technology is a fundamental enabler for our Permian development,” said Gjervik. “Through our partnership with Microsoft, we’re combining our technical and engineering expertise with cloud and data analytics capabilities to develop the Permian resource in the most capital-efficient manner. Collaboration with Microsoft is key to our future development efforts, which include predictive maintenance capacities, innovative tools for employees, and artificial intelligence and machine learning integration.”
Press release

venerdì 22 febbraio 2019

Sophos Central Management Platform Now Features All Next-Gen Cybersecurity Protection from Sophos

Press Release Sophos  19 feb 2019

Addition of Sophos XG Firewall provides advanced Synchronized Security capabilities for accelerated response to cyberattacks from a single cloud-based management console
OXFORD, U.K. – Feb. 19, 2019 – Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that the next-gen Sophos XG Firewall is now available through Sophos Central, bringing Sophos’ complete portfolio of cybersecurity solutions into a single, cloud-based management platform. Sophos partners and customers are now able to manage their next-gen endpoint and network protection from a single pane of glass.
In addition to the efficiency of managing multiple products through a single, cloud management platform, threat detection and response times are improved by the Security Heartbeat in Sophos’ Synchronized Security technology. This advanced approach shares security incident alerts directly between Sophos network and endpoint protection products. The XG Firewall will automatically communicate with Sophos’ endpoint products to proactively protect against threats, interrupt the attack chain by isolating machines, and take steps to remediate the attack. Sophos Central effectively creates a system of security that can leverage the artificial intelligence in Intercept X with EDR to respond faster and more effectively than individual products alone.
“IT organizations do not have the resources to respond to the volume of constant and constantly shifting cyberattacks. Sophisticated threats require intelligent security solutions that are predictive, multi-layered, and can work together as a system. With Sophos Central, partners and their customers have access to all Sophos next-generation security technologies and can benefit from the advances in Synchronized Security from one single location,” said Dan Schiappa, senior vice president and general manager, Products, Sophos. “The threat landscape has evolved and now our approach to protecting the IT infrastructure that supports our businesses must evolve. Every IT organization, large or small, needs security that is innovative, integrated and scalable. Sophos Central provides all of this, plus vital visibility into what’s happening and where.”
First launched in 2015, Sophos Central now processes more than 8 million transactions a minute for more than 82,000 customers worldwide.
In addition to XG Firewall and artificial intelligence-driven endpoint security, partners and customers can manage web, email, wireless, server, and mobile device protection through Sophos Central. A dedicated partner dashboard simplifies business management for Sophos partners and enables streamlined multi-customer management for MSPs.
“By completing its vision to unify XG Firewall and Intercept X endpoint protection in Sophos Central, Sophos is putting us ahead of our competition. The platform is now even more powerful because of the added benefits of synchronized security in an easy-to-manage cloud-based platform that seamlessly integrates with the entire Sophos security products portfolio,” said Ryan Lipschitz, vice president of engineering, Virtual Graffiti, Inc., a Sophos partner based in Irvine, Calif. “We are also excited about the lateral movement protection added to XG Firewall. We see a lot of cybercriminals trying to harvest credentials, which would allow them to move undetected through a network to steal and exfiltrate high-value data. With XG Firewall on Sophos Central, Sophos has made game-changing advancements no one else offers.”
Recent threats like Emotet and targeted ransomware, such as Matrix and SamSam, demonstrate the ways cybercriminals are constantly changing their tactics to stay effective and profitable. The next-gen advancements of XG Firewall and Intercept X, combined with the intelligence of Synchronized Security and easy management of all products within Sophos Central, are essential for maintaining protection and responding quickly to any attack.
“Our goal at Opus is to provide customers with simplicity and features that add layers of protection, so every area of their environment is secure. With XG Firewall now on Sophos Central, Sophos is providing complete ‘edge to end security’ that is managed centrally in a cloud. This is the simplicity customers are looking for, and the addition of the XG Firewall means they have the benefit of Sophos’ security heartbeat technology for bilateral communication between the endpoint and firewall,” said Mehernosh (Nosh) Chemi, senior account manager at OPUS Consulting Group Ltd., a Sophos partner in Vancouver, Canada. “Moving forward, we are focusing our customers on Intercept X with EDR and XG Firewall. The two go hand-in-hand. Having these next-gen products integrated with Sophos’ complete portfolio in Sophos Central is the protection customers need to stay secure. Conventional security doesn’t cut it anymore because today’s threat landscape is too fast-paced and complex.”
free trial of XG Firewall is available for Sophos’ customers and partners worldwide. Additional information about XG Firewall Sophos Central is available on


  • Thales will demonstrate its ‘Make in India’ plans and endeavors to support the modernization plans of the Indian armed forces at its stand AB2.21
  • At Aero India 2019, Thales will provide a digital experience of its cutting-edge technologies that are crucial for safeguarding the nation
  • Thales will also be present at the Aero Skills Pavillion at Hall F and share various job opportunities it is creating through its footprint in the country
Thales is all set to participate in the upcoming 12th edition of Aero India - India’s premier Aerospace and Aviation exhibition - from 20-24 February 2019 in Bengaluru. With a focus on “Make in India”, Thales will reaffirm its commitment towards the development and modernisation of the Indian Armed Forces.
Through a series of demonstrations, Thales will showcase cutting-edge capabilities across civil and defence aerospace at its booth AB2.21.
Thales ‘Makes in India’: As a major player in the Indian defence and aerospace sector, Thales has been continuously supporting the Indian armed forces and the government’s flagship ‘Make in India’ programme. Thales has a rich experience in liaising with numerous local players who are part of its global supply chain. It takes pride in onboarding Indian solutions in several worldwide product lines and creating employment opportunities for hundreds of people. The solutions being developed through several Indian companies – joint venture partners, global supply chain partners – will be under the spotlight at Thales’ stand at Aero India this year.
Digital experience at the booth: Thales’ strong innovation capabilities prepare its customers to achieve their big ambitions and master every decisive moment. The company has been on the cutting edge of connectivity and a driving force in the digitalisation of the defence, aerospace and space markets. At Aero India, the Thales stand will highlight all these efforts and provide an insight into its extraordinary high-technology solutions across airborne solutions, air defence, radars, optronics, radio communications, among others through special digital experiences.
Some of the main highlights at Aero India this year would be Thales’ optronic pod - TALIOS; latest generation mini-UAS - Spy’Ranger; high-velocity missile - STARStreak; tracking and illumination radar - STIR; airborne rockets and a range of products from Radio Communications among others.
“Aero India is a prestigious event providing us with an opportunity to showcase how our word-class technology and solutions help our customers achieve their big ambitions. This year, we would also take a step further and present our efforts supporting the “Make in India” initiative of the Indian government. We would have solutions being manufactured in the country through our local partners – global supply chain partners and joint ventures, among others. In addition, we will also be highlighting our hiring plans, and skilling and upskilling endeavours through our presence at the Aero Skills Pavillion this year.”
Emmanuel de Roquefeuil, VP and Country Director, Thales in India
Thales Press Release 12 feb 2019

Osint: una introduzione.

Cyber e Intelligence sono diventati, con gli anni, due termini strettamente correlati.
Se un tempo lo spionaggio e il monitoraggio di azioni governative o industriali veniva effettuato in modo diretto, attraverso l’utilizzo di personale vicino, in senso fisico, al soggetto di indagine, negli ultimi anni nuove branche di spionaggio e allo stesso tempo di sicurezza ( trattandosi di due facce della stessa medaglia) sono venute a crearsi.
Con OSINT si intende una delle varie metodologie di acquisizione di informazioni.
Il termine stesso è composto da due part, OS e INT. OS è l’acronimo di open source, ossia fonte aperta, pubblica, le fonti di indagini riguardanti l’OSINT non sono documenti privati, classificati e non disponibili, ma giornali, riviste, media e sopra tutti questi, l’internet.
INT è acronimo di intelligence, quindi informazione. OSINT è la branca dell’intelligence che raccoglie, analizza e filtra le informazioni che possono essere reperite da fonti pubbliche.
Il punto di partenza quando si utilizza l'OSINT consiste nel visualizzare correttamente l’obiettivo sul quale si desidera reperire informazioni. Pensiamo, per esempio, all’interesse di una società nel monitorare i suoi dipendenti con lo scopo di difendere i propri interessi e segreti industriali.
L'OSINT può essere impiegato per monitorare i software usati dai propri dipendenti, oppure monitorando le loro ricerche su browser, i loro blog, le loro attività nei social media, la loro posizione, i loro indirizzi ip ed altro ancora.
Attraverso quali strumenti possiamo ottenere informazioni pubbliche ?
Vi sono numerosi software che ci permettono di monitorare le azioni online di utenti connessi ad una rete che possono fornire preziose informazioni, per quanto riguarda invece dati personali, Internet è una fonte praticamente infinita di informazioni, se si sa dove cercare.
Motori di ricerca, social media, giornali online, siti di intelligence, wayback machine, siti di image sharing, deep web ecc… queste sono solo alcune delle fonti da prendere in considerazione.
La raccolta di informazioni è solo uno dei passi da effettuare, le informazioni devono essere analizzate e filtrate al fine di ottenere un risultato tangibile ed utile ai fini dell’investigazione.
OSINT è uno dei vari metodi di intelligence, vi sono anche altri metodi basati su altre fonti di informazione, tra i quali l’Imint ( raccolta di informazione attraverso l ‘analisi di immagini e fotografie satellitari), l’Humint ( raccolta di dati mediante contatti con persone), il Techint ( raccolta di informazioni riguardanti equipaggiamenti militari), Sigint ( raccolta di informazioni tramite l’intercettazioni di segnali) e Masint (informazioni provenienti da altre fonti).
Vi sono numerose società che attraverso l’uso di osint ed altre metodologie forniscono servizi ed informazioni a corporazioni e privati, sono le Private Intelligence agencies.

In Europa, in particolare in Francia vi è la sede di Groupe GEOS che si occupa prevalentemente di Risk Management per grosse società in numerosi paesi.
GEOS Group ha iniziato la sua attività nel 1998 , secondo il loro sito ha un valore di 30 milioni di dollari e impiega 330 dipendenti e collaboratori.
Un'altra agenzia di intelligence privata è la Black Cube con sede a Londra, Parigi e Tel Aviv, fondata da membri dell’ intelligence Israeliano nel 2010. Nel passato si è occupata di smascherare numerose frodi e casi di corruzione in diversi paesi.
Per quanto riguarda le agenzie italiane, non esiste un albo ufficiale per cui è difficile rintracciare compagnie che si occupano di fornire servizi in questo campo, e ancora più difficili da rintracciare in caso di piccole o medie agenzie.
Vi sono istituti di ricerca italiani, come l’Alpha institute of Geopolitics and Intelligence, che si basa su attività Osint ma non possono essere definite società di intelligence ma fonti su cui basare il lavoro di intelligence.

Francesco RUGOLO


giovedì 21 febbraio 2019

19 febbraio 2019: nasce la USA SPACE FORCE

Ora è ufficiale!

Il Presidente Trump ha firmato. La Space Force Directive- 4, questo il nome, contiene l'ordine per il Pentagono per la creazione della sesta branca delle Forze Armate USA.
Dopo Army, Navy, Air Force, Marines e Coast Guard arriva la Space Force.
Certo, ci vorrà del tempo, ma la direttiva è una pietra miliare, anche se ancora non è detta l'ultima parola, che spetta infatti al Congresso.
La mia opinione in merito è che non sarà un problema. E' chiaro che le spese per creare la Space Force saranno immense ma è altrettanto vero che la recente impresa cinese (allunaggio sulla faccia oscura della Luna) e il rischio di perdere il primato mondiale nel mondo tecnologico e digitale (vedi Huawei e 5G) non sono certo passati inosservati a chi siede nel Congresso degli Stati Uniti.
Quali saranno i compiti della Space Force ce lo dice chiaro un articolo di Mike Wall pubblicato su "The main goal of the Space Force is to secure and extent American dominance of the space domain...".  
Il primo obiettivo sarà tornare sulla Luna e quindi fare il salto verso Marte, possibilmente prima di Cina, Russia e India.

Riuscirà agli americani ciò che gli riuscì negli anni '60?

Alessandro RUGOLO

Ancora l'Italia sotto attacco!

Questa volta è toccato al Ministero dell'Ambiente e della Tutela del Territorio e del Mare.


Sito irraggiungibile!

Ecco come si presentava il sito qualche ora fa

e come invece si presenta adesso

Qualche giorno fa è stata la volta di, sotto attacco DDOS dall'11 febbraio al 18 febbraio. 
Un attacco di potenza molto superiore a quelli soliti.

Che dire, ce l'hanno con noi?

Può darsi di si, può darsi di no. 
Ma noi cosa stiamo facendo per metterci al riparo?

e se non troviamo una risposta soddisfacente vuol dire che dobbiamo fare di più. 

Ecco perché scrivo questo articolo e lo pubblico, perché parlarne fa crescere!

Alessandro RUGOLO

mercoledì 20 febbraio 2019

A volte ritornano !!!

di Carlo Mauceli
Dopo un'assenza di due anni, il malware distruttivo Shamoon (W32. Disttrack. B) è riemersa il 10 dicembre in una nuova ondata di attacchi contro bersagli in Medio Oriente. Questi ultimi attacchi Shamoon sono stati doppiamente distruttivi dal momento che hanno coinvolto un nuovo “wiper” (Trojan. Filerase) che ha il compito di eliminare i file dai computer infetti prima che il malware Shamoon modifichi il Master Boot Record.
La notizia degli attacchi è emersa per la prima volta il 10 dicembre quando diverse aziende del mondo Oil&Gas hanno dichiarato di essere stati colpiti da un attacco informatico contro le loro infrastrutture in Medio Oriente.
A differenza dei precedenti attacchi Shamoon, questi ultimi attacchi coinvolgono un nuovo, secondo pezzo wiping malware (Trojan. filerase). Questo malware, come detto, elimina e sovrascrive i file sul computer infetto. Nel frattempo, Shamoon cancella il master boot record del computer, rendendolo inutilizzabile.
L'aggiunta del wiper Filerase rende questi attacchi più distruttivi rispetto all'uso del solo malware Shamoon. Mentre un computer infettato da Shamoon potrebbe essere inutilizzabile, i file sul disco rigido possono essere recuperabili. Tuttavia, se i file vengono prima cancellati dal malware Filerase, il recupero diventa impossibile.
Filerase è diffuso attraverso la rete della vittima da un computer iniziale utilizzando un elenco di computer remoti. Questo elenco è presente sotto forma di un file di testo ed è unico per ogni vittima, il che significa che gli attaccanti sono in grado di raccogliere queste informazioni durante una fase di ricognizione precedente al'intrusione. Questo elenco viene prima copiato da un componente denominato OCLC.exe e trasmesso, successivamente, a un altro strumento denominato spreader.exe.
Non va mai dimenticato che la metodologia di attacco segue, comunque, sempre la classica catena di attacco:

La storia:
Shamoon (W32.Disttrack) è emerso per la prima volta in 2012 quando è stato utilizzato in una serie di attacchi dirompenti contro il settore energetico Saudita.
Microsoft Threat Intelligence ha identificato notevoli similitudini tra questo attacco recente ed un attacco avvenuto nel lontano 2012 che colpì decine di migliaia di macchine di aziende appartenenti al settore energetico.
Dietro questi attacchi, Microsoft Threat Intelligence ha identificato un gruppo noto come TERBIUM, nome assegnato da Microsoft stessa secondo un criterio per cui la terminologia utilizzata si riferisce a nomi di elementi chimici.
Microsoft Threat Intelligence ha osservato che il malware utilizzato da TERBIUM, soprannominato "Depriz", riutilizza diversi componenti e tecniche già viste negli attacchi del 2012 ed è stato altamente personalizzato per ogni organizzazione.
I componenti del malware, in ogni caso, sono 3 e sono stati così decodificati:
  • PKCS12 – a destructive disk wiper component
  • PKCS7 – a communication module
  • X509 – 64-bit variant of the Trojan/implant
Dal momento che le credenziali sono state incorporate nel malware, ovviamente, si sospetta che le credenziali stesse siano state rubate in precedenza.

Una volta che TERBIUM ha accesso all’organizzazione, la catena di infezione inizia scrivendo un file eseguibile su disco che contiene tutti i componenti necessari per eseguire l'operazione di cancellazione dei dati. Questi componenti sono codificati negli eseguibili sotto forma di immagini false.
Anche se l'entità dei danni causati da questo attacco, a livello mondiale, è ancora sconosciuta, come per tanti altri casi è possibile mitigare il rischio di attacco utilizzando sistemi, processi e soluzioni che sfruttano nuove tecnologie e che garantiscono di alzare il livello di security e di conoscere in tempo reale cosa sta accadendo sui sistemi.

È necessario, pertanto, definire una strategia di sicurezza che copra ognuna delle aree della Kill Chain Attack e, soprattutto, non pensare di difendersi con sistemi che non sfruttino soluzioni di Threat Intelligence basate su Artificial Intelligence e Machine Learning. In uno scenario profondamente mutato in cui gli attaccanti sfruttano tecnologie nuove ed avanzate, non si può più fare a meno di difendersi utilizzando sistemi dalla potenza analoga.
Dal momento che gli attacchi sono stati effettuati su architetture basate su sistemi Microsoft, mi sento in dovere di fornire le soluzioni che come Microsoft suggeriamo in questi casi. Ovviamente, ognuno può utilizzare soluzioni analoghe di altri vendor. La cosa importante, però, è ricordarsi sempre di
  • proteggere dell’identità, abilitando almeno la multi factor authentication;
  • proteggere i servizi di autenticazione utilizzando sistemi di analisi comportamentale;
  • proteggere gli endpoint con sistemi che siano in grado di controllare i tentativi di lateral movement, di privilege escalation, di identity e ticket theft;
  • aggiornare i sistemi operativi all’ultima versione di modello Enterprise abilitando tutte le funzionalità di scurezza;
  • proteggere la mail attraverso l’utilizzo di soluzioni anti phishing basate sul concetto di sandboxing;
  • laddove ci fossero architetture ibride, utilizzare sistemi CASB (Cloud Access Broker).
Resta chiaro che non bastano le soluzioni ed i prodotti ma serve anche e soprattutto la formazione, la sensibilità ad un tema che, ormai, purtroppo, è presente nella vita di tutti i giorni e la disponibilità a cambiare un approccio al problema più consono allo scenario attuale.

Carlo Mauceli