Tag - GARR

The human side of password security

By Andrea Pinzani, IT security expert at the Consortium GARR On average, each of us owns from 20 to 40 accounts. Unfortunately, however, we are not very good at creating strong passwords. We prefer short ones, often using personal information, common words, predictable strategies and composition or replacement schemes. We’re not even very careful at keeping them safe either. Despite being informed about password good practices, we do not make the right choices to protect ourselves, due to...

Read More

7 quick questions about password managers

The use of password managers is increasing. No surprise, as they simplify password security and are user friendly. Why do you need one and what are the benefits? We asked Stefano Zanero, Associate Professor at the Politecnico di Milano University. Stefano, what exactly is a password manager? A password manager is a tool that stores in a secure way all your logins and passwords. In addition to this, most modern password managers can automatically fill the login fields, to automatically keep...

Read More

Uncovering Android Ransomware with Explainable AI

By Michele Scalas, Davide Maiorca and Giorgio Giacinto, University of Cagliari Ransomware represents a serious threat that acts by locking the compromised device and encrypting its data (along with exfiltrating private information), forcing the device owner to pay a ransom to restore the device functionality or to avoid that the stolen data is publicly available. Attackers typically develop such dangerous apps so that normally legitimate functionalities (e.g. encryption) perform malicious...

Read More

We got ransomware! Where is the backup?

By Leonardo Lanzi, coordinator of the GARR CERT Once upon a time… In March 2016, I had the chance to be near enough a ransomware infection to be able to examine how it functions and its effects and, as I was not being the real target, I was able to keep calm and give some help to colleagues, who were almost overwhelmed with fear. It was a variant of a crypto-ransomware, today considered a classic, in the shape of an attached file of a supposedly official email. By being open it encrypted...

Read More

Immune to ransomware? With a collaborative approach, you can

By Francesco Palmieri, professor of Computer Science at the University of Salerno Ransomware, considered today an important emergency from the cyber security point of view, is from malware agents who limit access to a device or to the data stored on it, typically using robust cryptographic techniques, and offer the possibility of unlocking only after the payment of a ransom. This type of threat began to acquire notoriety in 2013, following the massive spread of the Cryptolocker worm, associated...

Read More

Ransomware and beyond

By Pier Luca Montessoro, University of Udine One day, one very bad day, you open your laptop and a red screen informs you that all your files have been encrypted and you have to pay a ransom in bitcoin to get them back. And what is worse, you know (or you should know) that maybe your data has been stolen too, and maybe you will never receive the key to decrypt it, even after the payment. Ransomware is a sad reality, currently the most prominent malware threat, and every user, from large...

Read More

Phishing in the COVID emergency: corporate defence strategies

By Nicla Ivana Diomede, Chief Information Security Officer at the University of Milan What is Phishing? Phishing is a type of fraud aimed at illegally stealing confidential information such as login credentials (username and password), credit card numbers and so on. Email is the main attack vector, but text messages, chat and social media can also be used. In general, the fake sender presents himself/herself as an authoritative subject (e.g. bank, Administration, IT Service Managers, Directors)...

Read More

Simulating phishing to raise user awareness

By Maria Sole Scollo, IT security expert at Consortium GARR Even if phishing has been for many years now a well-known illegal practice, asking people for their sensitive information is still the most effective way for cyber criminals to get them. A good part of the spam we receive is still today sent by compromised addresses through phishing campaigns, which more often than not are customised to better fit the intended target, and still today security experts are asked about the possible...

Read More

How to recognise phishing emails

By Roberto Cecchini (INFN – GARR) What is phishing? Phishing is one of the many social engineering techniques used to deceive users. It is a type of fraud used to obtain sensitive information from a person or a firm, such as passwords and credit card details. The perpetrators, using electronic communication – typically email, instant messaging or text messaging – disguise themselves as a trustworthy entity, like a bank, a lawyer or a colleague and invites the users to give their personal...

Read More

Hacking humans is easier than hacking machines

By Francesco Ficarola, Università La Sapienza, Rome Warning: picture ahead showing animal in distress  If you are reading this, then chances are that you have heard of Social Engineering (SE) at least once in your life. Perhaps, right now, you are thinking “how do I influence my boss to get a raise?”. Yes, don’t worry, I won’t tell him about your plans. Many of us are not satisfied with our salaries. So, that could be a good reason to “hack” a person, right? Seriously, you shouldn’t, just ask...

Read More
Skip to content