Come resiste il tuo business a virus, bot e attacchi informatici?

Ogni giorno i virus, bot e strumenti automatizzati cercano di sfruttare le vulnerabilità e miconfigurations più comuni come la mancanza di aggiornamenti del software, password deboli e configurazioni o vulnerabilità del codice.

Che cosa accadrebbe a sistemi e applicazioni della vostra azienda in caso di un attacco informatico? E che dire della reputazione danneggiata della società? Un test di penetrazione e di un'analisi di vulnerabilità possono prevenire i danni di un attacco informatico prima che sia troppo tardi.

CloudWALL Italia dispone di tutte le competenze individuali e di tutti gli strumenti per aiutare le Aziende ad identificare ed indirizzare le Vulnerabilità 'dei propri sistemi e di mitigrare la propria esposizione agli attacchi provenienti dall'esterno ma also dall'interno dell'azienda.

La nostra offerta prevede su  un servizio di analisi della sicurezza volta a verificare la conformità dei sistemi connessi a Internet e delle applicazioni web pubblicate per identificare potenziali minacce per la vostra attività.  La valutazione individua, violazioni rango e indirizzo e vulnerabilità sui servizi e le applicazioni a vista, fornendo un'analisi neutra e suggerimenti di bonifica per consentire agli amministratori di sistema e sviluppatori di software di risolvere rapidamente qualsiasi problema rilevato.

Per maggiori informazioni visitateci sul nostro sito www.cloudwall.tk [#cloudwall]

Read More

Il nuovo malware SoakSoak Compromette siti 100.000 Wordpress

Questa Domenica è iniziata con il botto : Google ha inserito nella lista nera oltre 11.000 domini a seguito dell'ultima campagna di malware basata sull'attacco denominato SoakSoak.ru. La nostra analisi mostra impatti dell'ordine di centinaia di migliaia di siti web WordPress. Non possiamo confermare l'esatto vettore, ma analisi preliminare mostra la correlazione con la vulnerabilità Revslider riportata dagli analisti lo scorso mese di Settembre 2014.  L'impatto sembra interessare ancora una volta la maggior parte dei siti basati sulla nota piattaforma WordPress. Questo malware durante la decodifica javascript carica un malware dal dominio SoakSoack.ru, precisamente questo file: hxxp: //soaksoak.ru/xteas/code.

Nel caso che la vostra azienda stia utilizzando la piattaforma WordPress per la pubblicazione dei propri contenuti aziendali considerateci a disposizione per un consulto.

Grazie ai servizi CloudWALL MDS | Malware Detection Service e CloudWALL WAF | Web Application Firewall siamo in grado di supportare i nostri clienti sia nella rilevazione di attacchi e infezioni all'interno del proprio sito sia di garantirne una protezione costante per prevenire il verificarsi di ulteriori attacchi.

Per maggiori informazioni visitateci sul nostro sito www.cloudwall.tk [#cloudwall]

Read More

Help your customers to undestand their threats

Surely you have a clear understanding of new generation of hidden and emergent threats, including recently discovered exploits as "shellshock", "heartbleed" and "poodle". They are just the latest threats in cyber security landscape where attacks as SQL Injection, Cross Site Scripting (XSS), Advanced Malware artifacts are in most case conducted in conjunction with "phishing" and "social engineering" tecniques to increase effectiveness.

Do your customers have a clear understanding of this landscape ?
Do they are aware of vulnerabilities they are exposed ?
Do they are correctly addressing vulnerabilities and managing risk ?

To help you and your customers to give an answer to indicated question, CloudWALL is able to supply you a comprehensive portfolio od security auditing and assessment services including Vulnerability Assessment, Penetration Testing and Application Security Testing.

Together, through a remote security auditing services portfolio we are able to detect vulnerabilities your customers are exposing on public and private subnets and application and to supply all support to understand the risk level and to address remediation activities.

CloudWALL works as an extension of your company making available for you the strong expertise of our engineers in the cyber security space as well as our industry standard approach and methodology, while the full set of reporting deliverables are customized with your logo and color frame.

Cohoperating with us in delivering security auditing services to your customers may be interesting for your company in several fields, including but not limited to :

• starting deliver a new portfolio of value added services without any investiment
• increase revenues for professional services to addresss detect vulnerabilities
• increase your brand awareness with your customers becoming a trusted advisor in security

For more details please visit our website at www.cloudwall.tk/services where you can find a catalog of our security auditing and assessment services and of course feel free to contact us for any inquiry.

Read More

CNET attacked by Russian hackers

Russian hacker group that has attacked some of the biggest news and business sites in the world claims it penetrated CNET's website over the weekend and stole a database of registered reader data.

A representative from the group calling itself W0rm told CNET News in a Twitter conversation that it stole a database of usernames, emails, and encrypted passwords from CNET's servers.

W0rm is claiming that the database of stolen information includes data on more than 1 million users.

A CBS Interactive spokeswoman said that "a few servers were accessed" by the intruder. "We identified the issue and resolved it a few days ago. We will continue to monitor," for potential impact, she said.

W0rm said it found its way into CNET's servers through a security hole in CNET.com's implementation of the Symfony PHP framework, a popular programming tool that provides a skeleton on which developers can construct a complex website.

Once again, application level attacks are demonstrating to be for hackers an effective way to have unauthorized access to published web applications and services. 

This is why CloudWALL Italia is offering CloudWALL WAF | Web Application Firewall that allow to protect your web sites and web application from application level attacks aimed to have unauthorized access to sensitive data working behind of your systems. 

CloudWALL WAF | Web Application Firewall protects Web applications at the very edge of the Internet as opposed to inside the datacenter. Our solution shields an organization’s network from the growing number of application-layer attacks and prevents the loss of valuable corporate and customer data. In addition to proven attack defenses, the CloudWALL WAF | Web Application Firewall aids in compliance with information security regulations, such as PCI-DSS.

Find more details at www.cloudwall.tk/waf .

Read More

Hotel Hippo booking site taken down

HotelHippo has been taken offline after security expert finds various flaws in its IT systems. A hotel booking site has been condemned by a security expert after leaving users personal details easily accessible to hackers. Scott Helme, an information security consultant, uncovered several flaws in the HotelHippo site while trying to book accommodation for a trip to the Lake District.

They included the presence of an SQL injection vulnerability on the site, as well as PCI compliance breaches and HTTPS configuration issues. He was able to test this out further by creating several bookings featuring fake credit card data, which he stressed was information that was irretrievable when pulling out other people’s bookings. Once a booking is made, the site then emails users confirmation of the transaction, which Helme discovered could potentially provide cyber criminals with the ammunition needed to launch a convincing phishing attack.

This is just the last case when high severity vulnerabilities are found in web applications and web sites. This is why at CloudWALL Italia we offers an innovative platform to perform automated security tests against any website as well as web and mobile applications.

CloudWALL WAS | Web Application Security is a Cloud service you use through your browser, so there’s no software to install or maintain. You can accurately and efficiently test your apps, no matter where they are – on internal networks, hosted on the Internet or in Cloud platforms such as Amazon. Relied on by leading companies with some of the most demanding web apps in the world, CloudWALL WAS | Web Application Security will help you safeguard your apps, whether you have just a few apps or many thousands.

Find more details at www.cloudwall.tk/was .

Read More

New site catalogs XSS vulnerabilities

A new online archive is gaining popularity among security researchers as a go-to source to anonymously submit cross-site scripting vulnerabilities uncovered from across the Web. In less than two weeks, the site has amassed enough reported vulnerabilities to cast doubt on the security of dozens of high-profile companies' websites.

Having only received its first confirmed submission on June 18, XSSposed.org has tallied more than 300 confirmed cross-site scripting (XSS) vulnerabilities across hundreds of sites since its inception.

A typical submission provides the vulnerable URL, information on when the vulnerability was verified by the site's as-yet-unnamed administrators, whether the flaw has been fixed since it was first disclosed and the Google and Alexa rankings of the vulnerable domain.

CloudWALL WAF | Web Application Firewall protects Web applications at the very edge of the Internet as opposed to inside the datacenter. Our solution shields an organization’s network from the growing number of application-layer attacks and prevents the loss of valuable corporate and customer data. In addition to proven attack defenses, the CloudWALL WAF | Web Application Firewall aids in compliance with information security regulations, such as PCI-DSS.

Find more details at www.cloudwall.tk/waf

Read More