If you’re passionate about signal processing and retro tech, you’ll want to check out the Createc SC 01, a quirky handheld oscilloscope that recently caught the eye of [Thomas Scherrer] from OZ2CPU Teardown. This device, cheekily dubbed a “signal computer,” promises to be both intriguing and, perhaps, frustrating. You can view [Thomas]’ original teardown video here.

This device is packed with buttons and a surprisingly retro aesthetic that can make even the most seasoned hacker feel nostalgic. With a sample rate of 20 MHz and a bandwidth of up to 10 MHz, it’s a digital oscilloscope with a twist. Users may find its setup challenging, thanks to a somewhat convoluted manual that boasts numerous errors. However, beneath the confusion lies the potential for creative exploration: this signal computer can analyse analog signals, perform calculations, and even store data.

Despite its quirks, the SC 01 is sure the experience. Imagine troubleshooting a circuit while grappling with its unpredictable user interface—an adventure in itself for those who like a techy challenge.

The Createc SC 01 is not just another tool; it’s an invitation to embrace the imperfections of vintage tech. If you enjoy the hands-on learning process and don’t shy away from a few hiccups, this device might be something you’ll enjoy. Hackaday featured an article on similar devices last year. Check out the full teardown video to see this fancy but quirky pocket oscilloscope in action.

youtube.com/embed/e7dJ74M055w?…

hackaday.com/2024/10/23/signal…

[Chris Borge] has spent the last few years creating some interesting 3D printed tools and recently has updated their 3D printable lathe design to make a few improvements. The idea was to 3D print the outer casing of the lathe in two parts, adding structural parts where needed to bolt on motors and tool holders, and then fill the whole thing with concrete for strength and rigidity.
Only a few parts to print
The printed base is initially held together with two lengths of studding, and a pile of bolts are passed through from below, mating with t-nuts on the top. 2020 extrusion is used for the motor mount. The headstock is held on with four thread rods inserted into coupling nuts in the base. The headstock unit is assembled separately, but similarly; 3D printed outer shell and long lengths of studding and bolts to hold it together. Decent-sized tapered roller bearings make an appearance, as some areas of a machine tool really cannot be skrimped. [Chris] explains that the headstock is separate because this part is most likely to fail, so it is removable, allowing it to be replaced.

Yes, that’s right. We’re filling it with lovely runny concrete.Not a bad job on aluminium for a DIY lathe!
Once together, the whole assembly is filled with runny concrete and set aside to cure. Before fully curing, the top surfaces are scraped flat to remove excess concrete so the top covers will fit. A belt-driven motor is fitted, with associated control electronics, and then it’s time to talk tooling. The first tool shown is a simple T-shaped rest, used with a hand tool known as a ‘graver.’ This is more likely to be used on a wood lathe, but we reckon you could about get away with it if you’re really careful with aluminium or perhaps brass. An adjustable rest was made using a few simple pieces (in steel!) and held in a short length of 2020 extrusion in a manner that makes it adjustable, albeit not shown in this video. Finally, a reasonable torture test is demonstrated, comprising a rough-cut aluminium disk screwed to a threaded carrier. This was tidied up to make it nice and round and clean up its surfaces. The lathe survived, only melting the 3D printed motor pulley, which, as they say, should not have been a 3D printed part when metal parts are so easy to acquire! If you want to build one for yourself, then everything you need is here, but like with projects of this type, more development is still needed to overcome a few shortcomings. Check out [Chris]’s channel for many more interesting ideas!

We’ve seen a few of [Chris]’s other 3D-printed tools, like this neat fractal vice for odd-shaped objects. We like tiny tool hacks; after all, when you’re making small things, you don’t need full-sized tools.

youtube.com/embed/6Js8erWbsDQ?…

Thanks to [CJay] for the tip!

hackaday.com/2024/10/23/a-3d-p…

Character.AI è stato oggetto di un procedimento legale dopo il suicidio di un adolescente di 14 anni della Florida (USA), la cui madre sostiene che fosse ossessionato da un chatbot sulla piattaforma.

Mesi passati ad interagire con un Chatbot

Secondo il New York Times, un ragazzo delle medie di Orlando ha passato mesi interagendo con chatbot sull’app Character.AI.

Il giovane si è particolarmente affezionato al bot “Dany” (ispirato a Daenerys Targaryen), con cui manteneva conversazioni continue, tanto da isolarsi progressivamente dalla vita reale. Preoccupati dal suo comportamento, i genitori lo hanno portato in terapia, dove è emerso che soffriva di un disturbo d’ansia.

In una delle sue interazioni, l’adolescente ha confidato al bot di avere pensieri suicidi e, poco prima di togliersi la vita, ha inviato un messaggio a “Dany” in cui esprimeva il suo amore per lei e il desiderio di “tornare a casa”.

Il 28 febbraio 2024, il ragazzo si è suicidato utilizzando una pistola.

In risposta all’accaduto, Character.AI ha annunciato oggi il rilascio di nuove funzionalità di sicurezza. Queste includeranno strumenti di “rilevamento, risposta e intervento potenziati” per le conversazioni che violano i termini di servizio, oltre a notifiche per gli utenti che trascorrono più di un’ora in una chat.

Un gruppo di legali sta preparando una causa contro la società, ritenendo che l’incidente avrebbe potuto essere evitato con misure di sicurezza più rigorose.

Secondo il New York Times, l’industria delle applicazioni basate sull’intelligenza artificiale sta crescendo rapidamente, ma l’impatto di queste tecnologie sulla salute mentale rimane in gran parte inesplorato.

Concludendo

L’incidente con Character.AI solleva importanti questioni etiche riguardo alla responsabilità delle aziende che sviluppano intelligenze artificiali. Queste tecnologie, che interagiscono direttamente con persone vulnerabili, devono essere progettate con strumenti di monitoraggio avanzati per prevenire rischi psicologici. Serve una maggiore trasparenza sulle capacità e i limiti dei chatbot per garantire che gli utenti comprendano che stanno interagendo con sistemi automatizzati e non con esseri umani.

La regolamentazione dell’intelligenza artificiale è una priorità urgente. Attualmente, le leggi non tengono il passo con l’innovazione tecnologica, lasciando le persone esposte a potenziali danni psicologici. È essenziale che i governi collaborino con esperti del settore per creare normative che proteggano gli utenti, con particolare attenzione a chi è più vulnerabile, come adolescenti e persone con disturbi mentali.

Infine, l’impatto dell’AI sulla salute mentale richiede studi più approfonditi per capire come queste tecnologie influenzino il benessere delle persone. Le aziende devono lavorare con psicologi ed esperti per progettare sistemi che supportino la salute mentale piuttosto che metterla a rischio, promuovendo al contempo una maggiore consapevolezza pubblica sull’uso sicuro dell’intelligenza artificiale.

L'articolo AI Mortale! Un Ragazzo di 14 anni si Toglie la vita dopo mesi di dialogo con un Chatbot proviene da il blog della sicurezza informatica.

This week Jonathan Bennett and David Ruggles chat with James Smith about Manyfold, the self-hosted 3D print digital asset manager that’s on the Fediverse! Does it do live renders? Does it slice? Listen to find out!

• floppy.org.uk/
• manyfold.app/feed/
• github.com/manyfold3d/manyfold

youtube.com/embed/lePFVuZvY08?…

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

hackaday.com/2024/10/23/floss-…

If you want to deliver the maximum power to a load — say from a transmitter to an antenna — then both the source and the load need to have the same impedance. In much of the radio communication world, that impedance happens to be 50Ω. But in the real world, your antenna may not give you quite the match you hoped for. For that reason, many hams use antenna tuners. This is especially important for modern radios that tend to fold their power output back if the mismatch is too great to protect their circuitry from high voltage spikes. But a tuner has to be adjusted, and often, you have to put a signal out over the air to make the adjustments to match your antenna to your transmitter.

There are several common designs of antenna tuners, but they all rely on some set of adjustable capacitors and inductors. The operator keys the transmitter and adjusts the knobs looking for a dip in the SWR reading. Once you know the settings for a particular frequency, you can probably just dial it back in later, but if you change frequency by too much or your antenna changes, you may have to retune.

It is polite to turn down the power as much as possible, but to make the measurements, you have to send some signal out the antenna. Or do you?

Several methods have been used in the past to adjust antennas, ranging from grid dip meters to antenna analyzers. Of course, these instruments also send a signal to the antenna, but usually, they are tiny signals, unlike the main transmitter, which may have trouble going below a watt or even five watts.

New Gear

However, a recent piece of gear can make this task almost trivial: the vector network analyzer (VNA). Ok, so the VNA isn’t really that new, but until recently, they were quite expensive and unusual. Now, you can pick one up for nearly nothing in the form of the NanoVNA.

The VNA is, of course, a little transmitter that typically has a wide range coupled with a power detector. The transmitter can sweep a band, and the device can determine how much power goes forward and backward into the device under test. That allows it to calculate the SWR easily, among other parameters.

In Practice

This sounds good, but how does it work? Well, to find out, I took a long wire connected to an MFJ Versa Tuner II and fed the NanoVNA’s TX port to the tuner. With the tuner in bypass, the screen looked like the first image. It actually had a pretty low SWR near 14 MHz, but everywhere else was not going to work very well at all.
The antenna happened to have a natural dip on 20 meters. The range of measurement is 1 to 30 MHz.
The next step was to switch the tuner into the circuit. Ideally, you could infinitely vary the inductor and both capacitors, but making roller inductors is a cost, so many tuners — including this one — have switches that select taps on the inductor, meaning you can only change it in fixed steps. That isn’t usually a problem, though, because you can adjust the capacitors to make up for it.

Since you aren’t transmitting, there’s no rush, and you can easily switch things around and turn knobs until you can find a null. If you were using the actual transmitter, you’d want to avoid switching the inductor “hot” because the switch contacts won’t appreciate any high-power RF.
The tuner created a few dips, one on the 40 meter band
I centered the frequency range around 7 MHz and found the lowest setting I could on the tuner. Then, I zoomed back out to the entire HF band. Not bad.

I went through and found null spots for all the ham bands. It was also possible to measure the SWR for bands I can’t transmit on (for example, 15 MHz, to listen to WWV).

Once I had jotted down all the settings, it was time to reconnect the transmitter. Well, technically, a transceiver — in this case, an Icom IC-7300. Even without transmitting, having the knobs adjusted correctly definitely helped with receiving, often strikingly so.

But Did It Really Work?

My first attempt was to use the frequency exactly where I had tuned before switching in the transmitter. As you’d expect, the transmitter saw a low SWR and had no issues, but changing frequencies was a little different.

The knobs on the tuner are not especially precise. Some high-end devices have multi-turn knobs with counters to help you get exactly back to some setting, but this tuner has no such thing. So when the dot on the knob is on, say, “2,” it is hard to know for sure if it is exactly where you had it last time it was in the same position.
A quick CQ on 15 meters with questionable propagation conditions
However, you can get close. Changing frequencies and tuner settings would sometimes give me a great SWR, but sometimes it was a little high (never any more than, maybe, 1.5:1). A minor tweak of the two capacitors on the tuner would resolve it quite easily.

A quick CQ on 15 meters resulted in the map you can see from the reverse beacon network. The furthest away I was heard was a bit more than 1,800 miles away. Not bad for a fairly short wire hung over a tree. Subsequent testing on several bands resulted in many contacts across four continents in a few hours.

Takeaway

Do you need to use a VNA to tune? No, but it sure is handy. Sure, it generates a tiny signal, but nothing like your transmitter. I like tuning very quietly and precisely without risking the expensive final amplifiers in my station. A good tuner can load up almost anything, and while you won’t get the performance you would get out of a proper antenna, you can still get on the air and have a lot of fun.

Of course, the VNA can do other things too. It can characterize components and modules like filters. You can even use them as time domain reflectometers to troubleshoot cables. It is worth noting that while I took pictures of the VNA so you could see what it would look like, it is actually better to use one of several programs on your PC that can create graphs and data that would be easy to work with. For example, I often use this one.

Want more things to do with your VNA? You can even map antenna patterns with one.

hackaday.com/2024/10/23/silent…

Le gare di hacking “Capture the Flag” (CTF), che si tengono durante le conferenze sulla sicurezza informatica, hanno generalmente due scopi: permettere ai partecipanti di affinare le loro competenze e offrire ai datori di lavoro l’opportunità di scoprire nuovi talenti. Tuttavia, una competizione in Cina sembra aver portato questi eventi a un livello più controverso, con sospetti di utilizzo per operazioni di spionaggio.

Due ricercatori occidentali hanno studiato la “Zhujian Cup”, una competizione di hacking organizzata dalla Northwest University of Technology, e hanno notato particolari condizioni insolite che suggeriscono un possibile utilizzo dei partecipanti per attacchi su obiettivi reali.

A differenza delle tradizionali CTF che avvengono in ambienti simulati, questa competizione potrebbe essersi svolta su una rete reale.

Ai partecipanti è stato richiesto di firmare accordi di riservatezza che proibivano loro di discutere il lavoro svolto durante il concorso o di condividere informazioni sulle vulnerabilità scoperte. Inoltre, dovevano eliminare ogni traccia dei loro interventi sui sistemi attaccati, inclusi backdoor e dati acquisiti, una pratica inconsueta per i CTF.

L’università organizzatrice, nota per collaborare con il governo cinese e l’esercito, non ha risposto alle richieste di chiarimenti. Questo, insieme alle clausole di responsabilità legale per i partecipanti, ha sollevato ulteriori dubbi sui reali obiettivi della competizione.

I ricercatori Dakota Carey ed Eugenio Benincasa, che hanno presentato il loro rapporto alla conferenza LABScon, ritengono che ci sia un’alta probabilità che gli studenti abbiano partecipato a un attacco reale, anche se non ci sono prove concrete. Il contesto temporale del concorso, svolto durante le festività, potrebbe aver facilitato l’attacco approfittando della ridotta vigilanza delle reti di sicurezza.

La Cina, dal 2015, ha intensificato gli sforzi per formare specialisti in sicurezza informatica, utilizzando i CTF come strumento per migliorare le capacità offensive e difensive. Con oltre 540 competizioni organizzate dal 2014, ha creato uno degli ecosistemi di hacking più potenti al mondo.

I partecipanti di spicco vengono inseriti in un database nazionale, e i ricercatori sottolineano come la partecipazione a queste competizioni sia fortemente regolamentata, con la necessità di ottenere permessi governativi per partecipare a eventi all’estero.

L'articolo Il Lato Oscuro delle Gare di Hacking in Cina! 540 CTF all’anno, Gare o Autentico Spionaggio? proviene da il blog della sicurezza informatica.

These days, not only are oscilloscopes very common, but even a cheap instrument today would have been the envy of the world’s greatest labs not that long ago. But back in the day, the home experimenter basically had two choices: buy a surplus scope that a big company was getting rid of or build a Heathkit. [Radiotvphononut] bought an old Heathkit OL-1 scope at an estate sale and set about putting it back in service.

If you are used to a modern scope, you’ll be amazed at how simple a scope like this can be. A handful of tubes and a CRT is the bulk of it. Of course, the OL-1 is an analog scope with a 400 kHz bandwidth. It did, however, have two channels, which was a rarity at the time.

The OL-1 was sold for a few years up to 1956 and cost about $30 as a kit. There was a version with a larger screen (five whole inches) that cost an extra $40, so you can bet there were more OL-1s sold since $40 was a big ask in 1956. While they don’t seem like much today, you were probably the envy of the ham club in 1956 when you lugged this in for show and tell.

This is a long video, but it pays off at the end. Overall, this was a more capable scope than the $66 scope from 10 years earlier we looked at. Did you ever wonder how people visualized signals before the CRT? Funny, we did too.

youtube.com/embed/pg3CfM-5Vx8?…

hackaday.com/2024/10/23/classi…

The Domain Name System (DNS) is a major functional component of the modern Internet. We rely on it for just about everything! It’s responsible for translating human-friendly domain names into numerical IP addresses that get traffic where it needs to go. At the heart of the system are the top-level domains (TLDs)—these sit atop the whole domain name hierarchy.

You might think these TLDs are largely immutable—rock solid objects that seldom change. That’s mostly true, but the problem is that these TLDs are sometimes linked to real-world concepts that are changeable. Like the political status of various countries! Then, things get altogether more complex. The .io top level domain is the latest example of that.

A Brief History

ICANN is the organization in charge of TLDs.
Before we get into the current drama, we should explain some background around top level domains. Basically, as the Internet started to grow out of its early nascent form, there was a need to implement a proper structured naming system for online entities. In the mid-1980s, the Internet Assigned Numbers Authority (IANA) introduced a set of original top level domains to categorize domain names. These were divided into two main types—generic top-level domains, and country code top-level domains. The generic TLDs are the ones we all know and love—.com, .org, .net, .edu, .gov, and .mil. The country codes, though, were more complex.

Initially, the country codes were based around the ISO 3166-1 alpha-2 standard—two letter codes to represent all necessary countries. These were, by and large, straightforward—the United Kingdom got .uk, Germany got .de, the United States got .us, and Japan got .jp.

Eventually, management of TLDs was passed from IANA to a new organization called ICANN—Internet Corporation for Assigned Names and Numbers. Over time, ICANN has seen fit to add more TLDs to the official list. That’s why today, you can register a domain with a .biz, .info, or .name registration. Or .horse, .Dad, .Foo, or so many others besides.
Wikipedia maintains an interactive decoding table that covers the full ISO 3166-1 alpha-2 code space, as used to designate ccTLDs. Credit: Wikipedia

What’s With .io?

The official logo of the .io ccTLD. The Internet Computer Bureau Ltd. is the registry organization in charge of it.
Over the past 20 years or so, the .io domain has become particularly popular with the tech set—the initialism recalls the idea of input/output. Thus, you have websites like Github.io or Hackaday.io using a country-code TLD for vanity purposes. It’s pretty popular in the tech world.

This was never supposed to be the case, however. The domain was originally designated for the British Indian Ocean Territory, all the way back in 1997. This is a small overseas territory of the United Kingdom, which occupies a collection of islands of the Chagos Archipelago. Total landmass of the territory is just 60 square kilometers. The largest island is Diego Garcia, which plays host to a military facility belonging to the UK and the United States. Prior to their removal by British authorities in 1968, the island played host to a population of locals known as Chagossians.
The flag of the British Indian Ocean Territory. Not even kidding.
The territory has been the subject of some controversy, often concerning the Chagossians and their wish to return to the land. More recently, the Mauritian government has made demands for the British government to relinquish the islands. The East African nation considers that the islands should have been handed back when Mauritius gained independence in 1968.

Recent negotiations have brought the matter to a head. On October 3, the British and Mauritius governments came to an agreement that the UK would cede sovereignty over the islands, and that they would hence become part of Mauritius. The British Indian Ocean Territory would functionally cease to exist, though the UK would maintain a 99-year lease over Diego Garcia and continue to maintain the military facility there.

The key problem? With the British Indian Ocean Territory no longer in existence, it would thus no longer be eligible for a country-code TLD. According to IANA, ccTLDs are based on the ISO 3166-1 standard. When a country ceases to exist, it is removed from the standard, and thus, the ccTLD is supposed to be retired in turn. IANA states protocol is to notify the manager of the ccTLD and remove it after five years by default. Managers can ask for an extension, limited to another five years for a total of ten years maximum. Alternatively, a ccTLD manager may allow the domain to be retired early at their own discretion.

However, as per The Register, the situation is more complex. The outlet spoke to ICANN, which is the organization actually in charge of declaring valid TLDs. A spokesperson provided the following comment:

ICANN relies on the ISO 3166-1 standard to make determinations on what is an eligible country-code top-level domain. Currently, the standard lists the British Indian Ocean Territory as ‘IO’. Assuming the standard changes to reflect this recent development, there are multiple potential outcomes depending on the nature of the change.

One such change may involve ensuring there is an operational nexus with Mauritius to meet certain policy requirements. Should ‘IO’ no longer be retained as a coding for this territory, it would trigger a 5-year retirement process described at [the IANA website], during which time registrants may need to migrate to a successor code or an alternate location.

We cannot comment on what the ISO 3166 Maintenance Agency may or may not do in response to this development. It is worth noting that the ISO 3166-1 standard is not just used for domain names, but many other applications. The need to modify or retain the ‘IO’ encoding may be informed by needs associated with those other purposes, such as for Customs, passports, and banking applications.

The Chagos Archipelago is, genuinely, a long way from everywhere. Credit: TUBS, CC BY-SA 3.0
Basically, ICANN passed the buck, putting the problem at the feet of the International Standards Organization which maintains ISO 3166-1. If the ISO standard maintains the IO designation for some reason, it appears that ICANN would probably follow suit. If ISO drops it for some reason, it could be retired as a ccTLD.

The Register notes that the .io record in ISO 3166-1 has not changed since a minor update in 2018. Any modification by ISO would be unlikely before the treaty between the UK and Mauritius is ratified in 2025. At that point, the five year clock could start ticking.

However, history is a great educator in this regard. There’s another grand example of a country that functionally ceased to exist. In 1991, the Soviet Union was no longer a going concern. And yet, the .su designation remains “exceptionally reserved” in the ISO 3166-1 standard at the request of the Foundation for Internet Development. However, the entry notes it was “removed from ISO 3166-1 in 1992” when the USSR broke up into its constituent states. Those states were all given their own country codes, except for Ukraine and Belarus, which had already entered ISO 3166 before this point.
.su domains are still very much a going concern, 33 years after the fall of the Soviet Union.
But can you still get a .su domain? Well, sure! Netim.com will happily register one for you. A number of websites still use the TLD, like this one, and it has reportedly become a popular TLD for cybercriminal activity. The current registry is the Russian Institute for Public Networks, and .su domains persist despite efforts by ICANN to end its use in 2007.

Given .io is so incredibly popular, it’s unlikely to disappear just because of some geopolitical changes. Even if it were to be designated for retirement, it would probably stick around for another five to ten years based on existing regulations. More likely, though, special effort will be made to officially reserve .io for continued use. Heck, even if ISO drops it, it could become a regular general TLD instead. If .pizza can be a domain, surely .io can be as well.

Long story short? There are questions around the future of .io, but nothing’s been decided yet. Expect vested interests to make sure it sticks around for the foreseeable future.

hackaday.com/2024/10/23/will-i…

Un disservizio al sito 112.gov.itha bloccato l’accesso degli utenti, mostrando vari avvisi di sicurezza. Inizialmente, i browser avvertono che “la connessione non è privata”, segnalando rischi per i dati sensibili.

Successivamente, viene riportato un certificato SSL del sito è scaduto, impedendo una connessione sicura. Questo errore è dovuto alla mancata validità del certificato SSL, scaduto, mettendo in evidenza una falla nella sicurezza e richiedendo un’urgente risoluzione.

Per ripristinare il servizio, è necessario rinnovare il certificato SSL e installarne uno di nuova validità. Questo garantirà nuovamente la sicurezza della connessione, eliminando gli avvisi di pericolo dai browser.

Il 112 è il numero unico di emergenza europeo, attivo in molti paesi per contattare le forze dell’ordine, i vigili del fuoco o i soccorsi medici. Funziona 24/7 per gestire situazioni critiche come incidenti o calamità naturali, facilitando un intervento rapido ovunque.

L’inaccessibilità di un sito come 112.gov.it può ritardare l’informazione e il supporto emergenziale, rendendo fondamentale risolvere il disservizio in tempi rapidi per non compromettere l’efficienza del sistema di emergenza.

L'articolo Down per il 112, il Numero Unico Europeo per le Emergenze. Si tratta di un certificato scaduto proviene da il blog della sicurezza informatica.

L’account ufficiale della Juventus su X (precedentemente noto come Twitter) è stato recentemente hackerato, generando una serie di post falsi, tra cui l’annuncio non autorizzato dell’acquisto di Arda Güler dal Real Madrid.

Questi tweet, scritti anche in turco, citavano il Fenerbahçe, vecchio club del calciatore, in una mossa chiaramente orchestrata per ingannare i fan.

In risposta, il club bianconero ha rapidamente avvisato i suoi sostenitori tramite il proprio account italiano, confermando l’attacco hacker e invitando alla prudenza. Questo attacco sottolinea l’importanza di mantenere un alto livello di sicurezza anche per gli account social delle principali società sportive, che rappresentano obiettivi attraenti per gli hacker a causa della loro grande visibilità e dell’enorme base di fan.

Non è la prima volta che un club di calcio viene preso di mira dai cybercriminali. Attacchi simili hanno colpito in passato altre squadre di alto livello, creando confusione tra i tifosi e minando la reputazione digitale dei club. Gli hacker spesso sfruttano la notorietà delle squadre per diffondere disinformazione o promuovere contenuti falsi, come successo nel caso della Juventus.

In particolare, l’annuncio fittizio riguardante Arda Güler ha creato scalpore, considerando il trasferimento del giocatore dal Fenerbahçe al Real Madrid nel luglio 2023. Molti fan, inizialmente ingannati dal post, hanno espresso stupore e confusione prima che la Juventus confermasse la natura fraudolenta dei tweet.

Gli attacchi informatici contro le squadre di calcio rappresentano una sfida crescente per la gestione della reputazione e della sicurezza online. Con sempre più squadre che utilizzano i social media come principale canale di comunicazione con i fan, la protezione di queste piattaforme diventa cruciale per evitare episodi simili.

In conclusione, l’incidente serve come monito sull’importanza di strategie di difesa adeguate contro le minacce digitali. La Juventus, come molti altri club, dovrà continuare a investire in soluzioni di cybersecurity per prevenire ulteriori violazioni.

Anche se non sappiamo se l’account della Juventus avesse abilitato la MFA, tu che stai ridendo perché sei di una squadra avversaria, hai attivato la Multi Factor Authentication?

L'articolo L’Account X della Juventus è stato Hackerato! Ma la Multi Factor Authentication (MFA)? proviene da il blog della sicurezza informatica.

Introduction

Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our research, Lazarus has been employing this malware since at least 2013 and we’ve documented its usage in 50+ unique campaigns targeting governments, diplomatic entities, financial institutions, military and defense contractors, cryptocurrency platforms, IT and telecommunication operators, gaming companies, media outlets, casinos, universities, and even security researchers — the list goes on.

On May 13, 2024, our consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. Since Lazarus rarely attacks individuals, this piqued our interest and we decided to take a closer look. We discovered that prior to the detection of Manuscrypt, our technologies also detected exploitation of the Google Chrome web browser originating from the website detankzone[.]com. On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version. But that was just a disguise. Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim’s PC. Visiting the website was all it took to get infected — the game was just a distraction.

We were able to extract the first stage of the attack — an exploit that performs remote code execution in the Google Chrome process. After confirming that the exploit was based on a zero-day vulnerability targeting the latest version of Google Chrome, we reported our findings to Google the same day. Two days later, Google released an update and thanked us for discovering this attack.

Acknowledgement for finding CVE-2024-4947 (excerpt from the security fixes included into Chrome 125.0.6422.60)

Having notified Google about the discovered vulnerability, we followed responsible vulnerability disclosure policy and refrained from sharing specific details in public, giving users sufficient time to apply the patch. This approach is also intended to prevent further exploitation by threat actors. Google took additional steps by blocking detankzone[.]com and other websites linked to this campaign, ensuring that anyone attempting to access these sites — even without our products — would be warned of their malicious nature.

While we respected Google’s request for a set disclosure period, on May 28, 2024, Microsoft published a blog post titled “Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks,” which partially revealed our findings. According to the blog, Microsoft had also been tracking the campaign and associated websites since February 2024. However, their analysis overlooked a key point in the malicious campaign: the presence of the browser exploit and the fact that it was a high-severity issue — a zero-day. In this report, we explore in great detail the vulnerabilities exploited by the attackers and the game they used as bait (spoiler alert: we had to develop our own server for this online game).

The exploit

The website used by the attackers as a cover for their campaign was developed in TypeScript/React, and one of its
index.tsx files contained a small piece of code that loads and executes the Google Chrome exploit.

Website facade and the hidden exploit loader

The exploit contains code for two vulnerabilities: the first is used to gain the ability to read and write Chrome process memory from the JavaScript, and the second is used to bypass the recently introduced V8 sandbox.

First vulnerability (CVE-2024-4947)

The heart of every web browser is its JavaScript engine. The JavaScript engine of Google Chrome is called V8 — Google’s own open-source JavaScript engine. For lower memory consumption and maximum speed, V8 uses a fairly complex JavaScript compilation pipeline, currently consisting of one interpreter and three JIT compilers.

V8’s JavaScript compilation pipeline

When V8 starts to execute JavaScript, it first compiles the script into bytecode and executes it using the interpreter called Ignition. Ignition is a register-based machine with several hundred instructions. While executing bytecode, V8 monitors the program’s behavior, and may JIT-compile some functions for better performance. The best and fastest code is produced by TurboFan, a highly optimizing compiler with one drawback — the code generation takes too much time. Still, the difference in performance between Ignition and TurboFan was so significant that a new non-optimizing JIT compiler was introduced in 2021 called Sparkplug, which compiles bytecode into equivalent machine code almost instantly. Sparkplug-generated code runs faster than the interpreter, but the performance gap between Sparkplug- and TurboFan-generated code was still big. Because of this, in Chrome 117 (released in Q4 2023), the developers introduced a new optimizing compiler, Maglev, whose goal is to generate good enough code fast enough by performing optimizations based solely on feedback from the interpreter. CVE-2024-4947 (issue 340221135) is the vulnerability in this new compiler.

To understand this vulnerability and how it was exploited, let’s take a look at the code the attackers used to trigger it.
import * as moduleImport from 'export var exportedVar = 23;';

function trigger() {
moduleImport.exportedVar;
const emptyArray = [1, 2];
emptyArray.pop();
emptyArray.pop();
const arrHolder = {xxarr: doubleArray, xxab: fakeArrayBuffer};

function f() {
try {
moduleImport.exportedVar = 3.79837e-312;
} catch (e) { return false; }
return true;
}

while (!f()) { }

weakRef = new WeakRef(moduleImport);
return {emptyArray, arrHolder};
}

Code used by the attackers to trigger CVE-2024-4947

We can see in this code that it first accesses the exported variable
exportedVar of the moduleImport module and then creates the emptyArray array and the arrHolder dictionary. However, it seems that no real work is done with them, they are just returned by the function trigger. And then something interesting happens – the f function is executed until it returns “true”. However, this function returns “true” only if it can set the exported variable moduleImport.exportedVar to the “3.79837e-312” value, and if an exception occurs because of this, the f function returns “false”. How could it be that executing the same expression moduleImport.exportedVar = 3.79837e-312; should always return “false” until it returns “true”?LdaImmutableCurrentContextSlot
[53]Star1
LdaConstant
[0]SetNamedProperty r1, [1], [0] // moduleImport.exportedVar = 3.79837e-312;

Bytecode produced by the Ignition interpreter for “moduleImport.exportedVar = 3.79837e-312;”

If we take a look at the bytecode produced for this expression by Ignition and at the code of the
SetNamedProperty instruction handler, which is supposed to set this variable to the “3.79837e-312” value, we can see that it will always throw an exception — according to the ECMAScript specification, storing in a module object is always an error in JavaScript.mov rax, 309000D616Dh // JS object ptr for "moduleImport"
mov edi, [rax+3]
add rdi, r14
mov rax, 309001870B5h // JS object ptr for "3.79837e-312"
mov [rdi-1], eax

JIT code produced by Maglev for “moduleImport.exportedVar = 3.79837e-312;”

But if we wait until this bytecode has been executed enough times and V8 decides to compile it using the Maglev compiler, we’ll see that the resulting machine code doesn’t throw an exception, but actually sets this property somewhere in the
moduleImport object. This happens due to a missing check for storing to module exports — which is the CVE-2024-4947 vulnerability (you can find the fix here). How do attackers exploit it? To answer this, we need to understand how JavaScript objects are represented in memory.

Structure of JS objects

All JS objects begin with a pointer to a special object called
Map (also known as HiddenClass) which stores meta information about the object and describes its structure. It contains the object’s type (stored at a +8 offset), number of properties, and so on.

Structure of the “moduleImport” JS object

The
moduleImport module is represented in memory as a JSReceiver object, which is the most generic JS object and is used for types for which properties can be defined. It includes a pointer to the array of properties (PropertyArray) which is basically a regular JS object of the FixedArray type with its own Map. If in the expression moduleImport.exportedVar = 3.79837e-312; moduleImport was not a module but a regular object, the code would set the property #0 in that array, writing at a +8 offset; however, since it is a module and there is a bug, the code sets this property, writing at a +0 offset, overwriting the Map object with the provided object.

Structure of the “3.79837e-312” number JS object

Since 3.79837e-312 is a floating-point number, it is converted to a 64-bit value (according to the IEEE 754 standard) and stored in a
HeapNumber JS object at a +4 offset. This allows the attackers to set their own type for the PropertyArray object and cause a type confusion. Setting the type to 0xB2 causes V8 to treat the PropertyArray as a PropertyDictionary, which results in memory corruption because the PropertyArray and PropertyDictionary objects are of different sizes and the kLengthAndHashOffset field of the PropertyDictionary falls outside the bounds of the PropertyArray.
Now the attackers need to get the right memory layout and corrupt something useful. They defragment the heap and perform the actions that you can see in the
trigger function.

Memory layout created by the “trigger” function

What happens in this function is the following:

1. It accesses the exported module variable moduleImport.exportedVar to allocate moduleImport’s PropertyArray.
2. It creates an emptyArray with two elements.
3. Removing elements from this array reallocates the object that is used for storing the elements and sets emptyArray’s length to 0. This is an important step because in order to overwrite emptyArray’s length with PropertyDictionary’s hash, the length/hash must be equal to 0.
4. The trigger function creates the arrHolder dictionary with two objects. This step follows the creation of the emptyArray to allow the pointers of these two objects to be accessed and overwritten when the length of emptyArray is corrupted. The first object, xxarr: doubleArray is used to construct a primitive for getting the addresses of JS objects. The second object, xxab: fakeArrayBuffer is used to construct a primitive for getting read/write access to the whole address space of the Chrome process.
5. Next, the trigger function executes the f function until it is compiled by Maglev, and overwrites the type of the PropertyArray so it is treated as a PropertyDictionary object.
6. Executing new WeakRef(moduleImport) triggers the calculation of PropertyDictionary’s hash, and the length of emptyArray is overwritten with the hash value.
7. The trigger function returns emptyArray and arrHolder containing objects that can be overwritten with emptyArray.

After this, the exploit again abuses Maglev, or rather the fact that it optimizes the code based on the feedback collected by the interpreter. The exploit uses Maglev to compile a function that loads a
double value from an array obtained using arrHolder.xxarr. When this function is compiled, the attackers can overwrite the pointer to an array obtained using arrHolder.xxarr via emptyArray[5] and use this function to get the addresses of JS objects. Similarly, the attackers use arrHolder.xxab to compile a function that sets specific properties and overwrites the length of another ArrayBuffer-type object along with the pointer to its data (backing_store_ptr). This becomes possible when the pointer to the object accessible via arrHolder.xxab is replaced via emptyArray[6] with a pointer to the ArrayBuffer. This gives the attackers read and write access to the entire address space of the Chrome process.

Second vulnerability (V8 sandbox bypass)

At this point, the attackers can read and write memory from JavaScript, but they need an additional vulnerability to bypass the newly introduced V8 (heap) sandbox. This sandbox is purely software-based and its main function is to isolate the V8 memory (heap) in such a way that attackers cannot access other parts of the memory and execute code. How does it do this? You may have noticed that all the pointers in the previous section are 32 bits long. This is not because we’re talking about a 32-bit process. It’s a 64-bit process, but the pointers are 32 bits long because V8 uses something called pointer compression. The pointers are not stored in full, but just as their lower parts, or they could also be seen as a 32-bit offset from some “base” address. The upper part (the “base” address) is stored in CPU registers and added by the code. In this case, attackers should not be able to obtain real pointers from the isolated memory and have no way to obtain addresses for the stack and JIT-code pages.

To bypass the V8 sandbox, the attackers used an interesting but very common vulnerability associated with interpreters — we have previously seen variations of this vulnerability in multiple virtual machine implementations. In V8, regular expressions are implemented using its own interpreter, Irregexp, with its own set of opcodes. The Irregexp VM is completely different from Ignition, but it is also a register-based VM.
RegisterT& operator[](size_t index) { return registers_[index]; }

BYTECODE(PUSH_REGISTER) {
ADVANCE(PUSH_REGISTER);
if (!backtrack_stack.push(registers[LoadPacked24Unsigned(insn)])) {
return MaybeThrowStackOverflow(isolate, call_origin);
}
DISPATCH();
}

BYTECODE(SET_REGISTER) {
ADVANCE(SET_REGISTER);
registers[LoadPacked24Unsigned(insn)] = Load32Aligned(pc + 4);
DISPATCH();
}

Examples of vulnerable code in Irregexp VM instruction handlers

The vulnerability is that the virtual machine has a fixed number of registers and a dedicated array for storing them, but the register indexes are decoded from the instruction bodies and are not checked. This allows attackers to access the memory outside the bounds of the register array.
PUSH_REGISTER r(REGISTERS_COUNT + idx)
POP_REGISTER r(0)
PUSH_REGISTER r(REGISTERS_COUNT + idx + 1)
POP_REGISTER r(1)
// Overwrite "output_registers" ptr
SET_REGISTER r(REGISTERS_COUNT), holderAddressLow
SET_REGISTER r(REGISTERS_COUNT + 1), holderAddressHigh
// Overwrite "output_register_count"
SET_REGISTER r(REGISTERS_COUNT + 2), 2
// MemCopy(output_registers_, registers_.data(), output_register_count_ * sizeof(RegisterT));
SUCCEED

Malicious Irregexp VM bytecode for reading the memory outside of the register array bounds

Coincidentally, the pointers to
output_registers and output_register_count are located right next to the register array. This allows the attackers to read and write the memory outside of the V8 sandbox with the help of the SUCCEED opcode. Attackers use this to overwrite JIT’ed code with shellcode and execute it.
This issue (330404819) was submitted and fixed in March 2024. It is unknown whether it was a bug collision and the attackers discovered it first and initially exploited it as a 0-day vulnerability, or if it was initially exploited as a 1-day vulnerability.

Shellcode

At this point, the attackers need additional vulnerabilities to escape the Chrome process and gain full access to the system. In the best practices of sophisticated attackers, they run a validator in the form of a shellcode that collects as much information as possible and sends it to the server to decide whether to provide the next stage (another exploit) or not. This decision is made based on the following information: CPUID information (vendor, processor name, etc), whether it’s running on a VM or not, OS version and build, number of processors, tick count, OS product type, whether it’s being debugged or not, process path, file version info of system modules, file version info of process executable, and SMBIOS firmware table.

By the time we analyzed the attack, the attackers had already removed the exploit from the decoy website, preventing us from easily obtaining the next stage of the attack. At Kaspersky, we possess technologies that have allowed us to discover and help to fix a huge number of 0-day privilege escalation vulnerabilities exploited by sophisticated attackers in various malware campaigns over the years; however, in this particular case we would have to wait for the next attack in order to extract its next stage. We’ve decided to not wait, preferring to let Google fix the initial exploit used to perform the remote code execution in Google Chrome.

List of in-the-wild 0-days caught and reported by Kaspersky over the past 10 years

Social activity

What never ceases to impress us is how much effort Lazarus APT puts into their social engineering campaigns. For several months, the attackers were building their social media presence, regularly making posts on X (formerly Twitter) from multiple accounts and promoting their game with content produced by generative AI and graphic designers.

Attackers’ accounts on X

One of the tactics used by the attackers was to contact influential figures in the cryptocurrency space to get them to promote their malicious website and most likely to also compromise them.

Attackers’ attempts to contact crypto-influencers

The attackers’ activity was not limited to X — they also used professionally designed websites with additional malware, premium accounts on LinkedIn, and spear phishing through email.

The game

Malicious website offering to download a beta version of the game

What particularly caught our attention in this attack was that the malicious website attacking its visitors using a Google Chrome zero-day was inviting them to download and try a beta version of a computer game. As big computer games fans ourselves, we immediately wanted to try it. Could the attackers have developed a real game for this campaign? Could this be the first computer game ever developed by a threat actor? We downloaded
detankzone.zip and it looked legit: the 400 MB-archive contained a valid file structure of a game developed in Unity. We unpacked the game’s resources and found “DeTankZone” logos, HUD elements, and 3D model textures. Debugging artifacts indicated that the game had been compiled by the attackers. We decided to give it a spin.

Start menu of the DeTankZone game

After an intro with the game’s logo, we are greeted with a typical online gaming start menu, asking us to enter valid account credentials to access the game. We tried to log in using some common account names and passwords, and then tried to register our own account through the game and the website — but nothing worked.

Is that really all this game has to offer? We started reverse engineering the game’s code and discovered that there was more content available beyond this start menu. We found the code responsible for communication with the game server and started reverse engineering that as well. The game was hardcoded to use the server running at “api.detankzone[.]com,” which clearly wasn’t working. But we really wanted to check this game out! What to do? We decided to develop our own game server, of course.

First, we discovered that the game uses the Socket.IO protocol to communicate with the server, so we chose the
python-socketio library to develop our own server. We then found a function with a list of all supported command names (event names) and reverse engineered how they are obfuscated. After that, we reverse engineered how the data was encoded: it turned out to be a JSON encrypted with AES256 and encoded with Base64. For the AES key it uses the string “Full Stack IT Service 198703Game”, while the string “MatGoGameProject” is used for the IV. We hoped that this information might reveal the identities of the game’s developers, but a Google search yielded no results. Finally, we reverse engineered the data format for a couple of commands, implemented them on our server, and replaced the server URL with the address of our own server. Success! After all this we were able to log into the game and play with the bots!

Screenshot from the game running with our custom server

Yes, it turned out to be a real game! We played it for a bit and it was fun — it reminded us of some shareware games from the early 2000s. Definitely worth the effort. The textures look a little tacky and the game itself closely resembles a popular Unity tutorial, but if Lazarus had developed this game themselves, it would have set a new bar for attack preparation. But no — Lazarus stayed true to themselves. It turns out that the source code for this game was stolen from its original developers.

The original game

DeFiTankLand (DFTL) – the original game

We found a legitimate game that served as a prototype for the attacker’s version – it’s called DeFiTankLand (DFTL). Studying the developers’ Telegram chat helped us build a timeline of the attack. On February 20, 2024, the attackers began their campaign, advertising their game on X. Two weeks later, on March 2, 2024, the price of the DeFiTankLand’s currency, DFTL2 coin, dropped, and the game’s developers announced on their Telegram that their cold wallet had been hacked and $20,000 worth of DFTL2 coins had been stolen. The developers blamed an insider for this. Insider or not, we suspect that this was the work of Lazarus, and that before stealing the coins they first stole the game’s source code, modified all the logos and references to DeFiTankLand, and used it to make their campaign more credible.

Conclusions

Lazarus is one of the most active and sophisticated APT actors, and financial gain remains one of their top motivations. Over the years, we have uncovered many of their attacks on the cryptocurrency industry, and one thing is certain: these attacks are not going away. The attackers’ tactics are evolving and they’re constantly coming up with new, complex social engineering schemes. Lazarus has already successfully started using generative AI, and we predict that they will come up with even more elaborate attacks using it. What makes Lazarus’s attacks particularly dangerous is their frequent use of zero-day exploits. Simply clicking a link on a social network or in an email can lead to the complete compromise of a personal computer or corporate network.

Historically, half of the bugs discovered or exploited in Google Chrome and other web browsers have affected its compilers. Huge changes in the code base of the web browser and the introduction of new JIT compilers inevitably lead to a large number of new vulnerabilities. What can end users do about this? While Google Chrome continues to add new JIT compilers, there is also Microsoft Edge, which can run without JIT at all. But it’s also fair to say that the newly introduced V8 sandbox might be very successful at stopping bugs exploitation in compilers. Once it becomes more mature, exploiting Google Chrome with JIT may be as difficult as exploiting Microsoft Edge without it.

Indicators of Compromise

Exploit
B2DC7AEC2C6D2FFA28219AC288E4750C
E5DA4AB6366C5690DFD1BB386C7FE0C78F6ED54F
7353AB9670133468081305BD442F7691CF2F2C1136F09D9508400546C417833A

Game
8312E556C4EEC999204368D69BA91BF4
7F28AD5EE9966410B15CA85B7FACB70088A17C5F
59A37D7D2BF4CFFE31407EDD286A811D9600B68FE757829E30DA4394AB65A4CC

Domains
detankzone[.]com
ccwaterfall[.]com

securelist.com/lazarus-apt-ste…

[Sebastian Lederer] has created Tridora: an unusual stack-based CPU core intended for FPGA deployment, co-developed with its own Pascal compiler. The 32-bit word machine is unusual in that it has not one but three stacks, 16-bit instruction words, and a limited ISA, more like those of the 8-bit world. No multiply or divide instructions will be found in this CPU.

The design consists of about 500 lines of Verilog targeting the Digilent Arty-A7 FPGA board, which is based around the Xilinx Artix-7 FPGA line. [Sebastian] plans to support the Nexys A7 board, which boasts a larger FPGA array but has less RAM onboard. The CPU clocks in at 83 MHz with four clock cycles per instruction, so over 20 MIPS, which is not so shabby for a homebrew design. Wrapped around that core are a few simple peripherals, such as the all-important UART, an SD card controller and a VGA display driver. On the software side, the Pascal implementation is created from scratch with quite a few restrictions, but it can compile itself, so that’s a milestone achieved. [Sebastian] also says there is a rudimentary operating system, but at the moment, it’s a little more than a loader that’s bundled with the program image.

The Tridora Gitlab project hosts the Verilog source, an emulator (written in Golang, not Pascal) and a suite of example applications. We see quite a few custom CPUs, often using older or less popular programming languages. Here’s an FPGA-based Forth machine to get you started. Implementing programming languages from scratch is also a surprisingly common hack. Check out this from-scratch compiler for the Pretty Laughable Programming language.

hackaday.com/2024/10/23/tridor…

Milano, 23 ottobre 2024 – I dispositivi e gli account aziendali si confermano gli asset più vulnerabili agli attacchi informatici, secondo quanto rilevato da “Intercepting Impact: 2024 Trend Micro Cyber Risk Report“, l’ultimo studio condotto da Trend Micro, leader globale nella cybersecurity. Lo studio pone l’accento sull’importanza di un cambiamento di prospettiva verso un approccio alla sicurezza basato sul rischio, in un contesto di minacce in continua evoluzione.

“Con questo report vengono condivise informazioni chiave su dove le organizzazioni possono trovarsi maggiormente esposte. I cybercriminali sfruttano spesso controlli di sicurezza deboli, configurazioni errate e vulnerabilità non adeguatamente protette”. Afferma Alessandro Fontana, Country Manager di Trend Micro Italia. “Le aziende dovrebbero abbracciare un approccio olistico e proattivo alla cybersecurity, che consideri l’intera superficie di attacco. Grazie all’intelligenza artificiale, è possibile calcolare con precisione il rischio effettivo e implementare misure di mitigazione mirate, migliorando sensibilmente la postura di sicurezza. Questo approccio rappresenta un autentico punto di svolta per l’intero settore”.

Attraverso un elenco di eventi di rischio, la piattaforma Trend Vision One™ calcola un punteggio per ogni asset presente in azienda e fornisce un indice di rischio. Il calcolo avviene confrontando variabili come la possibilità di subire un attacco, l’esposizione e la configurazione di sicurezza, con l’impatto che l’asset ha nell’organizzazione. Un asset con un basso impatto aziendale e pochi privilegi ha una superficie di attacco piccola, mentre un asset di valore elevato con più privilegi, ha una superficie di attacco ampia.

Questi gli asset più a rischio:

• Dispositivi: 22,6 milioni di dispositivi totali, di cui 877.316 classificati ad alto rischio
• Account: 53,9 milioni di account totali, di cui 12.346 classificati ad alto rischio
• Asset cloud: 14,5 milioni di asset cloud totali, di cui 9.944 classificati ad alto rischio
• Asset Internet: 1,1 milioni in totale, di cui 1.661 classificati ad alto rischio
• Application: 8,8 milioni di application totali, di cui 489 classificate ad alto rischio

Il numero di dispositivi ad alto rischio è molto superiore a quello degli account, anche se il numero totale di account è maggiore. I dispositivi hanno una superficie di attacco più ampia e possono essere presi di mira da più minacce. Tuttavia, gli account sono ancora preziosi in quanto possono garantire ai cybercriminali l’accesso a svariate risorse.

Lo studio sottolinea anche che:

• Le Americhe hanno l’indice di rischio medio più alto, con un punteggio di 43,4. Questo è determinato dalle vulnerabilità del settore bancario e delle infrastrutture critiche, oltre che dall’attrazione che la regione esercita nei confronti dei cybercriminali orientati al profitto
• L’Europa è la regione che risolve le vulnerabilità più rapidamente. Questo è indice di pratiche di sicurezza robuste
• L’industria mineraria ha il punteggio di rischio più elevato tra i settori verticali, grazie alla sua posizione strategica nella supply chain globale e all’ampia superficie di attacco
• Il settore farmaceutico è il più veloce nel correggere le vulnerabilità. Questo riflette l’importanza di proteggere i dati sensibili
• Il principale evento di rischio rilevato è l’accesso alle applicazioni cloud che hanno un livello di rischio elevato a causa della loro cronologia di dati e delle funzionalità di sicurezza note
• Altri eventi ad alto rischio che capitano frequentemente sono quelli che sfruttano account vecchi e inattivi, account con controlli di sicurezza disabilitati o che hanno inviato all’esterno dati sensibili

Lo studio ha inoltre scoperto molte configurazioni deboli che potrebbero portare a delle compromissioni, in particolare per quanto riguarda le impostazioni di controllo della security.

Il panorama delle minacce continua a evolversi e la capacità delle organizzazioni di identificare e gestire i rischi è sempre più cruciale. La piattaforma Trend Vision One™, grazie alla funzione integrata di Attack Surface Risk Management (ASRM), fornisce gli strumenti necessari per una visibilità completa sulle minacce e per mitigare il rischio in maniera efficace.

Per mitigare i rischi cyber, Trend Micro suggerisce le seguenti procedure:

• Ottimizzare le impostazioni di sicurezza dei prodotti per ricevere avvisi su configurazioni errate
• Contattare il proprietario del dispositivo e/o dell’account per verificare qualsiasi evento rischioso. L’evento può essere esaminato utilizzando la funzione di ricerca di Trend Vision One™ Workbench, per trovare ulteriori informazioni o verificare i dettagli dell’evento sul server di gestione del prodotto
• Disattivare gli account rischiosi o reimpostarli con una password forte e attivare l’autenticazione a più fattori (MFA)
• Applicare regolarmente le patch più recenti e aggiornare le versioni dell’applicazione e del sistema operativo

Il report si basa sui dati di telemetria della soluzione Attack Surface Risk Management (ASRM) di Trend Micro, disponibile all’interno della piattaforma per la sicurezza informatica Trend Vision One e sugli strumenti nativi eXtended Detection and Response (XDR). Lo studio si divide in due sezioni: la prima esamina il punto di vista dell’utente e approfondisce i rischi di asset, processi e vulnerabilità, mentre la seconda mappa i comportamenti dei cybercriminali, i parametri MITRE e TTP. I dati di telemetria prendono in considerazione il periodo tra il 25 dicembre 2023 e il 30 giugno 2024.

Ulteriori informazioni sono disponibili a questo link

L'articolo Dispositivi e Account sotto Attacco: il report di Trend Micro svela le ultime Vulnerabilità proviene da il blog della sicurezza informatica.

Il regolatore irlandese di Internet e dei media Coimisiún na Meán ha adottato e pubblicato un codice di sicurezza online , che entrerà in vigore dal mese prossimo. Il documento riguarderà le più grandi piattaforme video le cui sedi si trovano nel paese, tra cui TikTok di ByteDance, YouTube di Google e Instagram e Facebook Reels di Meta.

Secondo le disposizioni del Codice, le piattaforme sono tenute a includere nelle loro condizioni di utilizzo il divieto di pubblicazione e distribuzione di una serie di contenuti dannosi, come il cyberbullismo, la promozione del suicidio o di disordini alimentari, nonché contenuti che incitano all’odio, violenza, terrorismo, contenente materiale su abusi sessuali su minori, razzismo e xenofobia.

Adam Hurley, portavoce di Coimisiún na Meán, ha spiegato che il nuovo Codice integra la legge europea sui servizi digitali (DSA). A differenza della legislazione europea, che si concentra sulla lotta ai contenuti illegali, il documento irlandese copre una gamma più ampia di materiali potenzialmente pericolosi.

Anche se tecnicamente il Codice si applica solo ai servizi video che forniscono servizi agli utenti in Irlanda, le aziende tecnologiche possono applicare misure simili in tutta la regione per semplificare il processo di conformità e prevenire problemi di standard di contenuto incoerenti.

È importante notare che la legislazione dell’UE vieta l’imposizione di obblighi generali di monitoraggio dei contenuti sulle piattaforme. Secondo Hurley, il codice irlandese non richiede l’implementazione di filtri di avvio, ma espande l’attuale approccio di notifica e rimozione consentendo agli utenti di segnalare contenuti dannosi per il follow-up.

Verifica dell’età per la pornografia

Il documento presta particolare attenzione alla tutela dei minori. Le piattaforme video che consentono la pubblicazione di contenuti pornografici o di violenza gratuita devono implementare sistemi di verifica dell’età “appropriati”. Il regolatore valuterà le tecnologie utilizzate su base individuale.

Inoltre, i siti sono tenuti a creare sistemi di classificazione dei contenuti e a fornire il controllo parentale per i materiali che possono influenzare negativamente lo sviluppo fisico, mentale o morale dei bambini sotto i 16 anni di età.

Sistemi di raccomandazione

Inizialmente l’autorità di regolamentazione aveva considerato di richiedere alle piattaforme video di disabilitare per impostazione predefinita le raccomandazioni sui contenuti basate sulla profilazione. Tuttavia, a seguito delle consultazioni dello scorso anno, la misura non è stata inclusa nella versione finale del Codice. Le questioni relative ai sistemi di raccomandazione saranno invece regolate dalla legge paneuropea sui servizi digitali.

Il Codice di sicurezza online fa parte del quadro normativo digitale generale dell’Irlanda per proteggere gli utenti dalle minacce online. Il documento opera parallelamente alla legge europea sui servizi digitali, applicata anche da Coimisiún na Meán.

Secondo il commissario irlandese per la sicurezza online Niamh Hodnett, l’adozione del codice segna la fine dell’era dell’autoregolamentazione dei social network. L’autorità di regolamentazione intende informare i cittadini sui loro diritti su Internet e ritenere le piattaforme responsabili del mancato rispetto dei requisiti stabiliti.

L'articolo L’Irlanda Contro il Cyber Bullismo! Nuove regole Per TikTok, YouTube e Meta! proviene da il blog della sicurezza informatica.

It’s likely that many Hackaday readers will have had their interest in electronics as a child honed by exposure to an electronics kit. The type of toy that featured a console covered in electronic components with spring terminals, and on which a variety of projects could be built by wiring up circuits. [Matthew North Music] has a couple of these, and he’s made a video investigating whether they can be used to make music.

The kits he’s found are a Radio Shack one from we’re guessing the 1970s, and a “Cambridge University Recording Studio” kit that looks to be 1990s-vintage. The former is all discrete components and passive, while the latter sports that digital audio record/playback chip that was the thing to have in a novelty item three decades ago. With them both he can create a variety of oscillator and filter circuits, though for the video he settles for a fairly simple tone whose pitch is controlled by an light-dependent resistor, and a metronome as a drum beat.

The result is a little avant garde, but certainly shows promise. The beauty of these kits is they can now be had for a song, and as grown-ups we don’t have to follow the rules set out in the book, so we can see there’s a lot of fun to be had. We look forward to some brave soul using them in a life performance at a hacker camp.

youtube.com/embed/4-5OS5oOVbo?…

hackaday.com/2024/10/23/75-in-…