{"id":25768,"date":"2025-02-06T15:21:16","date_gmt":"2025-02-06T23:21:16","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2025\/02\/06\/news-19491\/"},"modified":"2025-02-06T15:21:16","modified_gmt":"2025-02-06T23:21:16","slug":"news-19491","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/02\/06\/news-19491\/","title":{"rendered":"I file Scalable Vector Graphics rappresentano una nuova minaccia di phishing"},"content":{"rendered":"<p><strong>Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2025 09:59:16 +0000<\/strong><\/p>\n<div class=\"entry-content lg:prose-lg mx-auto prose max-w-4xl\">\n<p>I criminali che conducono attacchi di phishing tramite e-mail hanno intensificato l&#8217;uso di un nuovo vettore di minaccia progettato per aggirare le protezioni anti-spam e anti-phishing esistenti: Si tratta dell&#8217;impiego di un formato di file grafici chiamato SVG.<\/p>\n<p>Gli attacchi, che iniziano con messaggi di posta elettronica contenenti file .svg, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/phishing-emails-increasingly-use-svg-attachments-to-evade-detection\/\">si sono diffusi a inizio anno<\/a> e hanno iniziato a intensificarsi a partire da met\u00e0 gennaio.<\/p>\n<p>Il formato di file \u00e8 stato progettato per disegnare immagini vettoriali che possono essere ridimensionate su un computer. Per impostazione predefinita, i file SVG si aprono nel browser installato sui computer Windows. Tuttavia, a differenza dei formati JPEG, PNG o BMP, i file SVG contengono anche dati non binari. I file SVG contengono istruzioni di testo in formato XML che consentono di disegnare le immagini all&#8217;interno di una finestra del browser.<\/p>\n<figure id=\"attachment_959588\" aria-describedby=\"caption-attachment-959588\" style=\"width: 775px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-959588\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image2.png\" alt=\"The content of a legitimate SVG file source alongside a thumbnail\" width=\"775\" height=\"275\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image2.png 1499w, https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image2.png?resize=300,106 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image2.png?resize=768,273 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image2.png?resize=1024,363 1024w\" sizes=\"auto, (max-width: 775px) 100vw, 775px\" \/><figcaption id=\"caption-attachment-959588\" class=\"wp-caption-text\"><em>Qui sopra, un esempio di contenuto di un file SVG legittimo accanto a una miniatura.<\/em><\/figcaption><\/figure>\n<p>Tuttavia, poich\u00e9 le immagini SVG possono essere caricate e renderizzate in modo nativo all&#8217;interno di un browser, possono contenere anche tag di ancoraggio, script e altri tipi di contenuto Web attivo. Questo ha permesso agli aggressori di abusare del formato di file. I file SVG utilizzati negli attacchi includono istruzioni per disegnare forme molto semplici, come i rettangoli, ma contengono anche un tag di ancoraggio che rimanda a una pagina web ospitata altrove.<\/p>\n<p>Leggi tutto <a href=\"https:\/\/news.sophos.com\/en-us\/2025\/02\/05\/svg-phishing\/\">l\u2019articolo<\/a>.<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\">\n<div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\">\n<h3 class=\"sd-title\">Share this:<\/h3>\n<div class=\"sd-content\">\n<ul>\n<li class=\"share-mastodon\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-mastodon-959632\" class=\"share-mastodon sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=mastodon\" target=\"_blank\" title=\"Click to share on Mastodon\" ><span>Mastodon<\/span><\/a><\/li>\n<li class=\"share-bluesky\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-bluesky-959632\" class=\"share-bluesky sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=bluesky\" target=\"_blank\" title=\"Click to share on Bluesky\" ><span>Bluesky<\/span><\/a><\/li>\n<li class=\"share-reddit\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-reddit sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=reddit\" target=\"_blank\" title=\"Click to share on Reddit\" ><span>Reddit<\/span><\/a><\/li>\n<li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-959632\" class=\"share-linkedin sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li>\n<li><a href=\"#\" class=\"sharing-anchor sd-button share-more\"><span>More<\/span><\/a><\/li>\n<li class=\"share-end\"><\/li>\n<\/ul>\n<div class=\"sharing-hidden\">\n<div class=\"inner\" style=\"display: none;\">\n<ul>\n<li class=\"share-tumblr\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-tumblr sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=tumblr\" target=\"_blank\" title=\"Click to share on Tumblr\" ><span>Tumblr<\/span><\/a><\/li>\n<li class=\"share-pocket\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-pocket sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=pocket\" target=\"_blank\" title=\"Click to share on Pocket\" ><span>Pocket<\/span><\/a><\/li>\n<li class=\"share-print\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-print sd-button share-icon\" href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/#print\" target=\"_blank\" title=\"Click to print\" ><span>Print<\/span><\/a><\/li>\n<li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20I%20file%20Scalable%20Vector%20Graphics%20rappresentano%20una%20nuova%20minaccia%20di%20phishing&#038;body=https%3A%2F%2Fnews.sophos.com%2Fit-it%2F2025%2F02%2F06%2Fi-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing%2F&#038;share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"432dd10352\" data-email-share-track-url=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/?share=email\"><span>Email<\/span><\/a><\/li>\n<li class=\"share-end\"><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/news.sophos.com\/it-it\/2025\/02\/06\/i-file-scalable-vector-graphics-rappresentano-una-nuova-minaccia-di-phishing\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2025\/02\/202502_svgphish_image1.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Andrew Brandt| Date: Thu, 06 Feb 2025 09:59:16 +0000<\/strong><\/p>\n<p>Il formato dei file SVG pu\u00f2 ospitare codice HTML, script e malware dannosi<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[32391,129,3924,32392,10518,16771],"class_list":["post-25768","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-svg","tag-featured","tag-phishing","tag-scalable-vector-graphics","tag-spam","tag-threat-research"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25768"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25768\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}