L’Unione Europea ha approvato una nuova legislazione che amplia le norme sulla responsabilità del prodotto. Ora copre anche i prodotti digitali come software e piattaforme online. L’innovazione dovrebbe rendere più semplice per gli utenti richiedere il risarcimento dei danni causati.

Il 10 ottobre 2024 il Consiglio dell’UE ha approvato la direttiva sulla responsabilità per prodotti difettosi, includendo nel suo concetto i prodotti digitali. Le uniche eccezioni sono i programmi open source. In precedenza, le regole si applicavano solo agli oggetti materiali e all’elettricità.

Secondo le nuove regole, gli importatori o i rappresentanti dei produttori nell’UE saranno responsabili per i danni causati da prodotti forniti da paesi extra UE. Ciò vale anche per le piattaforme online, che avranno la stessa responsabilità di qualsiasi altro operatore economico se svolgono le loro funzioni.

La legge ora si applica a sistemi operativi, firmware, applicazioni e sistemi di intelligenza artificiale che possono causare danni se utilizzati. Ciò vale per il software, sia locale che disponibile tramite tecnologie cloud e modelli SaaS.

Ora sarà più semplice per gli utenti interessati chiedere un risarcimento in tribunale richiedendo l’accesso alle prove al produttore. Se è difficile dimostrare un difetto e il suo rapporto di causa-effetto con il danno, il tribunale può richiedere solo la prova della probabilità di questi fatti. Se il prodotto è stato modificato da terzi fuori dal controllo del produttore originale, tali soggetti saranno ritenuti responsabili dei difetti.

La legge regola anche il risarcimento per danni fisici, danni alla proprietà e perdita di dati laddove il recupero è costoso. Ma la perdita di dati non sarà compensata se sarà possibile ripristinarli gratuitamente.

La Direttiva esclude la responsabilità per la fuga di dati, poiché questa è regolata da altri atti. Tuttavia, i produttori saranno ritenuti responsabili della sicurezza informatica del prodotto se il prodotto non soddisfa i requisiti di sicurezza. Il ministro della Giustizia ungherese Bence Tuzson ha osservato che la nuova legge avvantaggia sia i consumatori che i produttori fornendo regole chiare per i prodotti digitali e i modelli di economia circolare. La direttiva è già entrata in vigore e ai paesi dell’UE sono stati concessi due anni per recepirla nella legislazione nazionale.

Lo stesso giorno, tra l’altro, l’UE ha approvato anche il Cyber ​​Resilience Act, che rafforza i requisiti di sicurezza per i dispositivi IoT come telecamere IP, frigoriferi intelligenti e aspirapolvere robot.

L'articolo Si volta pagina! L’UE introduce la Responsabilità Digitale sui prodotti Software Closed Source proviene da il blog della sicurezza informatica.

A common criticism we hear of cyberdecks is that functionality too often takes a backseat to aesthetics — in other words, they might look awesome, but they aren’t the kind of thing you’re likely to use a daily driver. It’s not an assessment that we necessarily disagree with, though we also don’t hold it against anyone if they’re more interested in honing their build’s retro-futuristic looks than its computational potential.

That said, when a build comes along that manages to strike a balance between style and function, we certainly take notice. The vecdec, built by [svenscore] is a perfect example. We actually came across this one in the Desert of the Real, also known as the outskirts of Philadelphia, while we stalked the chillout room at JawnCon 0x1. When everyone else in the room is using a gleaming MacBook or a beat-up ThinkPad, its wildly unconventional design certainly grabs your attention. But spend a bit of time checking the hardware out and chatting with its creator, and you realize it’s not just some cyberpunk prop.

vecdec connected to the JawnCon modem badge
It all started when [svenscore] caught the ergonomic split keyboard bug awhile back. After getting used to the layout on his desktop, he found going back to the standard keyboard on his laptop was rather unpleasant. Carrying an external keyboard wherever you go is pretty much a non-starter when doing any serious traveling, so he decided his best bet was to build a portable machine that integrated his keyboard layout of choice.

The size and shape of said keyboard ultimately dictated the outline of the vecdec, leaving little room for luxuries. Still, [svenscore] managed to sneak a few surprises into this Raspberry Pi 4 powered cyberdeck: a SX1262 LoRa transceiver allows for experimenting with Meshtastic on the go, and a I2C connected PAJ7620U2 gesture sensor located between the keyboard halves allows the user to navigate through documents with a literal wave of the hand.

We’ve seen some ergonomic cyberdecks before, but the fit and finish on the vecdec certainly helps it stand out from the pack. With machines like this out in the wild, perhaps it’s time for another Cyberdeck Contest?

hackaday.com/2024/11/19/the-ve…

Remember Redbox? Those bright red DVD vending machines that dotted every strip mall and supermarket in America, offering cheap rentals when Netflix was still stuffing discs into paper envelopes? After streaming finally delivered the killing blow to physical rentals, Redbox threw in the towel in June 2024, leaving around 34,000 kiosks standing as silent monuments to yet another dead media format.

Last month, we reported that these machines were still out there, barely functional and clinging to life. Now, a company called The Junkluggers has been tasked with the massive undertaking of clearing these mechanical movie dispensers from the American retail landscape, and they’re doing it in a surprisingly thoughtful way. I chatted to them to find out how it’s going.

Redbox vending machines weigh anywhere up to 850 pounds, and are often displayed along with additional promotional signage as seen here. Moving them isn’t the easiest. Credit: The Junkluggers, supplied
In a symbolic end to the DVD rental era, thousands of distinctive red kiosks are being methodically removed from storefronts across America. The Junkluggers, a specialized removal company, has been tasked with the final chapter of the Redbox story – dismantling and responsibly disposing of these once-ubiquitous machines that changed how we consumed movies.

When Redbox filed for bankruptcy in June this year, thousands of kiosks still stood sentinel outside grocery stores, malls, and big box store locations nationwide. Now, The Junkluggers is orchestrating what amounts to a massive logistics operation to clear these remnants of the physical media age. The company operates nationwide—and thus was able to offer a one-stop shop for disposing of these machines across the nation.

“We’ve successfully removed thousands of Redbox units nationwide, including servicing major retailers in all major metropolitan areas,” explains Justin Waltz, Brand President of The Junkluggers. The company has been working at remarkable speed, completing their first phase of removals from major retailers like Dollar General, McDonald’s, Walmart, and various grocery chains in less than three weeks. “When Redbox shut down in October, there were about 34,000 kiosks still in operation,” says Waltz. “However, most of these have been defunct, removed, and broken down for parts nationwide.”
The main phase of the removal job is easy: grab the boxes, and throw ’em on the truck. From there, they’re disassembled to have their discs redistributed and their components recycled. Credit: The Junkluggers, supplied
But what happens to these decommissioned movie dispensers? Rather than simply scrapping the machines, The Junkluggers has implemented a methodical process to maximize recycling and reuse. “Sustainable junk removal” is the ethos of the company, and that’s guided what happens to the Redbox hardware. “For the Redbox units being handled by The Junkluggers, we help to recycle the metal components and return them to the production supply chain,” explains Waltz. “There are multiple types of Redbox units out there and each must be handled differently… for each unit that comes into our possession, we carefully evaluate its components to identify what parts can be recycled or donated.”

Media enthusiasts will be most keen to know what’s happening to the discs inside these machines. Redbox vending machines are capable of holding up to 630 DVDs each. If we imagine the fleet is around half full, at an average of 300 discs per unit, that would have left over 10,000,000 DVDs to be disposed of. Some might think it a shame for all these to end up in landfill. Thankfully, that’s not the case, as the company has found creative ways to give the DVD libraries within these machines a second life.
Shortly after bankruptcy (and later liquidation) was declared, these sad notices started appearing on Redbox machines. TaurusEmerald, CC BY-SA 4.0
“The majority of the DVDs we’ve collected from removals are being rehomed,” says Waltz. “We’ve donated DVDs to local artists, assisted living facilities, homeless shelters, veterans’ clinics, and other community organizations nationwide.” The goal is to see as many discs as possible go to new homes.

The Redbox removal project serves as a case study in responsible corporate dismantling. While the red kiosks may be disappearing from our streets, their components are being recycled into new products, and their content continues to serve communities that can benefit from them. It’s a fitting epilogue for a service that democratized movie rentals, ensuring that even in its sunset, Redbox continues to make entertainment accessible to those who seek it out.

Seasons Changing

As streaming services dominate our viewing habits, the disappearance of these kiosks marks more than just a business transition – it’s the end of an era in how we consumed entertainment. Physical media has long been on the decline as far as mainstream consumption goes. At the same time, we’ve see it bounce back time and again in the music space, first with vinyls, then cassettes, and now CDs. With Redbox collapsing in on itself, we’re either witnessing the true final days of the DVD, or the lull before it becomes retro and hip again. We’ll find out soon enough.

It’s one of those times where technology has made an existing business obsolete. Traditional video rentals went the way of the dodo because nobody wanted to drive to pick up a movie when they could just stream one at home. Redbox perhaps lasted longer than most if only for the fact that its overheads were so much lower by using vending machines instead of staffed retail locations. Even then, it wasn’t enough to survive. It seems that the Redbox rental concept is now definitively consigned to history.

hackaday.com/2024/11/19/the-gr…

Gli hacker hanno trovato un nuovo metodo ingegnoso per bypassare le difese di sicurezza: l’uso della concatenazione dei file ZIP. Questo trucco avanzato consente di mascherare i payload malevoli all’interno di archivi compressi, rendendoli invisibili ai software di sicurezza.

Concatenazione ZIP: un inganno ben studiato

La tecnica sfrutta il modo in cui diversi software di estrazione gestiscono i file ZIP concatenati. Un team di ricerca di Perception Point ha scoperto questo stratagemma analizzando un attacco di phishing che sfruttava una falsa notifica di spedizione per trarre in inganno le vittime. Nel caso analizzato, l’archivio ZIP celava un trojan, utilizzando il linguaggio di scripting AutoIt per eseguire azioni malevole in automatico.

Malware nascosto in ZIP “corrotti”

Ma come si articola l’attacco? Per prima cosa, i cybercriminali creano due o più file ZIP separati: uno contiene il payload malevolo, mentre gli altri sono innocui. Successivamente, questi file vengono concatenati, cioè uniti in un unico archivio con una semplice aggiunta di dati binari. Così facendo, il file finale appare come un singolo ZIP, ma in realtà è una combinazione di strutture ZIP multiple.

Sfruttamento delle vulnerabilità delle app ZIP

Il successo di questo attacco dipende da come i software di estrazione gestiscono i file ZIP concatenati:

• 7Zip: legge solo il primo archivio, che potrebbe sembrare innocuo, e segnala eventuali dati aggiuntivi, che però gli utenti spesso ignorano.
• WinRAR: riconosce entrambi gli archivi e mostra tutti i file, rivelando quindi anche quelli malevoli.
• Esplora File di Windows: può fallire nell’apertura del file concatenato o, se rinominato in formato .RAR, mostra solo il secondo archivio, nascondendo il contenuto pericoloso.

Gli hacker modulano l’attacco proprio in base al comportamento delle diverse app, scegliendo se nascondere il malware nel primo o nel secondo file ZIP concatenato per passare inosservati.

Difendersi contro i file ZIP concatenati

Gli esperti di sicurezza consigliano alcune misure per contrastare questi attacchi:

1. Usare soluzioni di sicurezza avanzate con supporto per l’analisi ricorsiva, in grado di esaminare i file ZIP concatenati.
2. Trattare con sospetto qualsiasi email con allegati ZIP o archivi compressi, specialmente se arrivano da mittenti sconosciuti o sospetti.
3. Implementare filtri rigorosi per bloccare le estensioni di file legate agli archivi compressi in ambienti critici.

Conclusioni

Questo attacco dimostra ancora una volta la creatività e la perseveranza dei cybercriminali, pronti a sfruttare ogni vulnerabilità o comportamento ambiguo dei sistemi di gestione file. La concatenazione dei file ZIP è solo l’ultima trovata per sfuggire ai controlli di sicurezza, rendendo più evidente l’importanza di adottare misure difensive robuste, aggiornate e capaci di andare oltre le apparenze.

L'articolo Cyber minaccia nascosta: Gli Hacker raggirano i sistemi di difesa con la nuova tecnica della Concatenazione ZIP! proviene da il blog della sicurezza informatica.

[CentyLab]’s PocketPD isn’t just adorably tiny — it also boasts some pretty useful features. It offers a lightweight way to get a precisely adjustable output of 0 to 20 V at up to 5 A with banana jack output, integrating a rotary encoder and OLED display for ease of use.

PocketPD leverages USB-C Power Delivery (PD), a technology with capabilities our own [Arya Voronova] has summarized nicely. In particular, PocketPD makes use of the Programmable Power Supply (PPS) functionality to precisely set and control voltage and current. Doing this does require a compatible USB-C charger or power bank, but that’s not too big of an ask these days.

Even if an attached charger doesn’t support PPS, PocketPD can still be useful. The device interrogates the attached charger on every bootup, and displays available options. By default PocketPD selects the first available 5 V output mode with chargers that don’t support PPS.

The latest hardware version is still in development and the GitHub repository has all the firmware, which is aimed at making it easy to modify or customize. Interested in some hardware? There’s a pre-launch crowdfunding campaign you can watch.

hackaday.com/2024/11/19/power-…

Intro

The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by the year. Globally, according to eMarketer, e-commerce sales are to reach $6.9 trillion by the end of 2024.

At Kaspersky, we closely monitor the evolving landscape of shopping-related cybersecurity threats. Each year, we track how cybercriminals target this rapidly expanding sector and the challenges they pose to consumers, especially during peak shopping seasons. As shoppers seek the best deals in the run-up to major sales events like Black Friday, cybercriminals and fraudsters gear up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures.

This report continues the series of annual analyses we’vewe published on Securelist in 2023, 2022 and 2021, which track the evolving landscape of shopping-related cybersecurity threats. In it, we present our findings on the dynamic nature of shopping threats, with a particular focus on the tactics used by cybercriminals during Black Friday, and offer insights into how consumers can stay safe in the face of the growing risks.

Methodology

To assess the current state of the shopping threat landscape, we conduct an annual analysis of various threat vectors. These include financial malware, phishing sites impersonating major global retailers, banks and payment systems, and spam emails that may lead to fraudulent websites or spread malware. This year, we also specifically analyzed the rise of fake mobile applications designed to steal shopping data. The threat data we rely on is sourced from Kaspersky Security Network (KSN), which processes anonymized cybersecurity data shared consensually by Kaspersky users. This report draws on data collected from January through October 2024.

Alongside this, with the help of Kaspersky Digital Footprint Intelligence, we explored what happens to all the stolen information, and specifically, how scammers offload it on dark web forums.

Key findings

• In the first ten months of 2024, Kaspersky identified more than 38 million phishing attacks targeting users of online stores, payment systems, and banks.
• As many as 44.41% of these attacks targeted banking service users.
• We detected 198,000 Black Friday-themed spam messages in the first two weeks of November.
• More than 13 million banking trojan-related attacks were detected in 2024.
• Despite the high number, the overall activity of PC banking trojans continues to decline.
• Credit card data is widely offered on the dark web, alongside shopping accounts.
• Dark web sellers offer Black Friday discounts, just like regular shops.

Shopping fraud and phishing

Phishing and scams are among the top threats for online shoppers. Fraudsters often create fake websites, emails or ads that closely resemble those of legitimate retailers. Given that shoppers are often busy or distracted, they may not take the time to carefully review links or emails, which makes them more vulnerable to these threats.

Kaspersky’s automated technologies are designed to detect and prevent various forms of financial phishing and scams that fraudsters run during the Black Friday season, including fake pages that mimic bank websites, payment systems such as PayPal, Visa or Mastercard, and online stores such as Amazon, eBay or AliExpress. These pages may target victims’ login credentials and payment information or trick users into transferring money to the scammers. Additionally, they may also steal other personal details from unsuspecting shoppers.

From January through October 2024, Kaspersky products successfully blocked more than 38,473,274 attempts to access phishing links targeting users of online shopping platforms, payment systems and banks. This represents a significant increase of 24.9% over the same period last year, when 30,803,840 phishing attacks were recorded.

If we break this down, 44.41% of these phishing attempts targeted users of banking services, 18.01% mimicked payment systems, and 37.5% attempted to impersonate e-shops. Notably, there has been a shift in the types of targets. While last year online store impersonation accounted for the largest share (43.47%), this year, attacks targeting banking users became prevalent, increasing slightly from 35.19%.

Financial phishing attacks by category, January–October 2024 (download)

Although the share of online store phishing and scams dropped insignificantly against 2023, the overall number of detected attempts to follow a phishing link grew slightly from roughly 13 million to 14,428,512. The top brands mimicked by the scammers remained the same as in the previous year, however, our analysis revealed that the overall number of phishing attacks per examined platform in 2024 appeared somewhat lower than in 2023. Given the growth in the number of all online store-themed phishing attempts, this may mean that the attacks have become more targeted and region-specific or that the number of platforms mimicked by the fake sites has increased.

TOP 5 popular online stores mimicked by the scammers, January–October 2024 (download)

In 2024, Kaspersky products detected and blocked 3,807,116 phishing attempts, primarily those distributing Amazon-related scam and phishing pages that were designed to steal personal and banking data from users, or trick them into buying non-existent goods.

Phishing attempts were also widespread across other major e-commerce platforms. In 2024, eBay was mimicked in 512,107 phishing attempts we blocked, while Walmart was used as a lure in 31,638, and MercadoLibre, the Latin American marketplace, in 214,834 cases. Phishing pages mimicking Alibaba Group stores were accessed 919,770 times.

Major scam campaigns preying on Black Friday 2024

Black Friday scams commonly spread through social media, search engine ads and, most frequently, mass email campaigns. Since many retailers rely on email to promote upcoming sales ahead of the holiday season, cybercriminals often exploit this by sending fraudulent messages with links to scam websites. Starting at the beginning of September, Kaspersky’s telemetry detected a week-by-week increase in spam emails containing the term “Black Friday”. As the shopping event approached, the volume of these emails surged, reaching a total of more than 198,428 spam messages just in the first two weeks of November.

Scammers often impersonate major retailers like Amazon, Walmart or Etsy with deceptive emails to lure unsuspecting victims. These emails typically claim to come from the companies themselves and promote exclusive discounts, especially during high-traffic shopping periods like Black Friday. For example, one spam campaign circulating this year falsely claimed that Amazon’s “special buyers team” had handpicked top items not to miss, offering an exclusive sale of up to 70% off. Emails like this are designed to exploit the urgency and excitement of seasonal sales to trick consumers into clicking potentially dangerous links.

The email typically contains a link that redirects to a fake online store website, where unsuspecting victims may make fake purchases. Such pages are typically designed to look identical to the real ones, although sometimes they feature poor spelling or minor inconsistencies in domain names. However, if the victim tries to buy something on a site like that, they usually just lose money. Moreover, any data they entered on a fake website, such as their payment details, ends up in the hands of scammers. This can lead to various harmful outcomes, such as unauthorized purchases or further exploitation of the stolen data for fraudulent purposes.

Another common scam making the rounds this year capitalizes on consumers’ inclination to try their chances. Scammers know consumers are eager to win even minor prizes, so they craft messages that offer a limited-time survey with prize draws, the prizes being valuable goods, such as a free iPhone 14. To heighten the sense of urgency, these scams emphasize that the recipient is one of only a handful of “select” users eligible for the deal.

The catch is always the same: the recipient must act quickly, or they risk missing out on the “exclusive” offer. These tactics prey on consumers’ fear of losing out, tricking them into acting impulsively. In reality, there is no deal — just a carefully designed scam aimed at manipulating victims into making small payments to the scammers, thus losing money and giving away their payment details.

A similar scheme goes for gift cards. Scammers offer a “reward” for sharing some “basic info”, such as an email address, and spending some money on a fake site.

It is not only buyers that are targeted by Black Friday scams — sellers are also at risk. For example, we have seen a fake Etsy verification scam targeting individuals registered as sellers on the platform — the scammers must have obtained a copy of the seller database. The victim receives an email claiming that their account has been temporarily locked. The message urges them to click a link to unlock it. On a fake site, they are asked to enter their bank card details, including the card number, expiration date, CVV and billing address, supposedly for identity verification. The scam page may faithfully reproduce the design of the Etsy website, with only a few minor differences in the URL or visuals. Once the victim provides the card details, the scammers can steal their financial information or use it for fraudulent transactions.

While in the West, these scams are widespread before and during Black Friday, in the APAC region, scammers often capitalize on 11.11 (Singles’ Day), taking advantage of the unique shopping culture and timing. We’ve observed phishing campaigns targeting users across the entire Asia-Pacific, with fake online store pages appearing much earlier than expected. These pages, in languages like Vietnamese and Japanese, are distributed well in advance of 11.11, highlighting how scammers are tailoring their tactics to the region’s shopping habits. For example, the page on the screenshot below was detected in September 2024. This early targeting reflects a deeper understanding of the APAC market, with scammers taking advantage of the heightened consumer activity leading up to the event.

Fake app offers

This year, we have also discovered some malicious campaigns targeting users by spreading fake mobile shopping apps. Designed to imitate official retailer apps, they seem to offer lucrative deals but ask for payment upfront or collect personal data, such as credit card numbers or login credentials. Our security solutions blocked more than 8000 attacks during this campaign, which might potentially be targeting a broad spectrum of users worldwide.

Fake closely resembling an official online store app

Banking trojans

In addition to phishing, banking trojans, or “bankers”, are a key tool for cybercriminals looking to exploit busy shopping seasons like Black Friday. These malicious programs are designed to steal sensitive data from online banking and payment systems. In this section, we analyze the activity of PC banking trojans, which, having sneaked onto the victim device, typically start monitoring their browser. Once the user opens a banking website the malware is interested in, it may use tactics such as web injection and form-grabbing to capture login credentials, credit card details and other personal information entered on the website. Some banking trojans can also monitor the victim’s clipboard in search of crypto wallet addresses. Once an address is detected, the malware substitutes it with a malicious one.

As online shopping surges during major sales events like Black Friday, cybercriminals target e-commerce sites and online marketplaces in addition to banks. Banking trojans can inject fake forms into legitimate sites, tricking users into entering sensitive data when making purchases or checking out. This increases the risk of identity theft, financial fraud and data theft, making consumers particularly vulnerable during peak shopping seasons.

Interestingly, this year, we’ve seen a continued decline in the number of PC banking trojan attacks following a sharp rise in 2022, when we observed a 92% year-over-year increase. This year, the number of attacks has dropped to 13,313,155, down from 18 million last year and representing a 46% decrease in just two years. This trend suggests a shift in cybercriminal tactics, which may be explained by the users increasingly switching to mobile banking. However, the threat of PC banking trojans remains significant, as illustrated by such families as Grandoreiro, which, in spite of the recent group member arrests, is ramping up its operations and targeting more than 1700 banks all over the globe. This underscores the necessity for users to stay vigilant, especially during high-traffic shopping events.

Overall number of banking Trojan attacks, January–October 2021–2024 (download)

Stolen shopping data on dark web forums

What do scammers do with all the stolen data? After a phishing attack, scammers who steal shopping accounts or credit card data may use it for their own profit or sell it on dark web forums or marketplaces. These platforms operate in a highly anonymous environment, allowing cybercriminals to benefit from stolen personal and financial information without revealing their identities.

The stolen data is often sold in bulk, with scammers arranging it into bundles. These bundles may include usernames, passwords, credit card details, shipping addresses and sometimes even security question answers. The more valuable the data, the higher the price. For example, full sets of stolen credit card details, known as “fullz”, often include not only the credit card number, expiration date and CVV code, but also the cardholder’s name, billing address and phone number. This makes them particularly valuable for fraudulent transactions.

An example of a dark web ad selling user shopping data, retrieved with Kaspersky Digital Footprint Intelligence

Similarly, stolen shopping account credentials for popular platforms like Amazon, eBay or Walmart are highly sought after, as these accounts often contain saved payment methods, shipping addresses and other sensitive information that can be exploited by the buyer. Whoever acquires this data can monetize it by buying goods with the victim’s credit card, use it for money laundering and other malicious purposes.

Interestingly, darknet markets often mirror the pricing strategies and marketing techniques of legitimate online stores. Some sellers even offer special Black Friday promotions, such as discounts or bundled deals, much like what you’d see during seasonal sales in common online stores. For instance, one seller we observed offered a 10% discount on stolen card details from various countries: Canada, Australia, Italy and Spain. The sets were priced between $70 and $315 per card depending on its quality and the region it was from. This competitive pricing strategy reflects the demand and supply dynamics on the dark web, with sellers adjusting their offerings to attract buyers during specific periods much like any other retail market.

Black Friday sales on the dark web, retrieved with Kaspersky Digital Footprint Intelligence

Cybercriminals who deal with stolen credit cards — including those who sell, buy or cash them out — are known as carders. These may be individual fraudsters who use the data for their own profits or members of organized groups. Carders often buy credit cards in huge volumes to resell or capitalize on by buying high-ticket items, which they then resell or ship to drop addresses. In case of organized groups, the data may be also used for more complex schemes, like creating fake identities, opening new credit accounts or laundering money.

Conclusions

As Black Friday continues to be a major shopping event, it also remains a source of profit for cybercriminals looking to exploit consumers and businesses alike. Our analysis highlights a range of growing threats, from phishing attacks to the rise of fake mobile applications, all designed to steal money and sensitive shopping data. Scammers capitalize on the urgency and high traffic surrounding Black Friday sales, with phishing campaigns harder to spot among streams of other limited time offers.

Furthermore, the dark web continues to be a marketplace where stolen data can be swiftly sold, offering fraudsters easy access to compromised accounts, payment information and personal details. Beyond bank cards, cybercriminals target stolen credentials for popular shopping platforms like Amazon and eBay, granting them direct access to victims’ financial information and facilitating widespread fraud and identity theft.

Consumers must remain vigilant, especially during peak shopping periods, and adopt stronger security measures like two-factor authentication, secure payment options, and cautious browsing habits. Additionally, a comprehensive security solution detecting and blocking malware and phishing pages and providing financial data protection features may help stay safe amid the shopping rush.

securelist.com/black-friday-re…

Un uomo di 49 anni, originario di Trieste, è stato rinviato a giudizio dal Tribunale di Latina con l’accusa di tentata estorsione. Secondo gli inquirenti, l’uomo avrebbe minacciato diverse aziende, tra cui l’azienda vinicola Casale del Giglio di Borgo Le Ferriere, chiedendo pagamenti in criptovalute per evitare l’avvelenamento dei loro prodotti. Il giudice per le indagini preliminari, Giuseppe Cario, ha accolto la richiesta del pubblico ministero Simona Gentile, fissando l’inizio del processo per dicembre del prossimo anno.

L’accusato, descritto come un esperto informatico, agiva seguendo un modus operandi ben definito. Utilizzando falsi account, registrava video in cui simulava l’iniezione di sostanze velenose, come tallio e cianuro, in bottiglie con marchi riconoscibili. Questi video venivano poi inviati alle aziende, accompagnati da richieste di denaro che potevano arrivare fino a 200.000 euro in criptovalute. Tra le vittime delle sue minacce figurano marchi noti come Ferrarelle, tre aziende di acque minerali e una casa vinicola pugliese legata alla famiglia di Bruno Vespa.

Nonostante le gravi minacce, nessuna delle aziende avrebbe ceduto al ricatto. Le sue richieste estorsive, che si sono protratte da agosto 2021 a maggio 2022, non hanno mai prodotto i risultati sperati. Le indagini, condotte dalla Polizia Postale del Lazio, hanno infine permesso di individuare e arrestare l’uomo, ponendo fine alla sua rete di intimidazioni.

Tra le azioni criminali attribuite spicca il caso di Casale del Giglio, azienda vinicola pontina. Ai titolari, aveva inviato e-mail minacciose chiedendo pagamenti in Bitcoin per evitare di contaminare le bottiglie. L’indagine su questo episodio è stata affidata ai Carabinieri della provincia di Latina. Nel frattempo, l’uomo ha già subito una condanna per tentata estorsione in un processo abbreviato a Roma e resta coinvolto in altri procedimenti penali.

L'articolo Vino Avvelenato? Solo se non paghi! Il ricatto folle di un Esperto Informatico di Trieste proviene da il blog della sicurezza informatica.

Over the years we’ve featured many projects which attempt to replicate the feel of physical media when playing music. Usually this involves some kind of token representation of the media, but here’s [Bas] with a different twist (Dutch language, Google Translate link). He’s using the CDs themselves in their cases, identifying them by their barcodes.

At its heart is a Raspberry Pi Pico W and a barcode scanner — after reading the barcode, the Pi calls Discogs to find the tracks, and then uses the Spotify API to find the appropriate links. From there, Home Assistant forwards them along to a smart speaker for playback. As a nice touch, [Bas] designed a 3D printed holder for the electronics which makes the whole thing a bit neater to use.

We this approach for its relative simplicity, and because the real CDs ad the retro touch it’s a real winner. You can find all the resources in a GitHub repository, should you wish to make your own. Meanwhile, it’s certainly not the first barcode scanner we’ve seen.

hackaday.com/2024/11/19/the-ba…

È stata rilevata una vulnerabilità critica nel plugin Really Simple Security (ex Really Simple SSL) per WordPress, che potrebbe portare alla compromissione completa di 4.000.000 di siti. Gli specialisti di Defiant che hanno scoperto il bug hanno avvertito che questa è una delle vulnerabilità più gravi che abbiano identificato in tutti i loro 12 anni di storia di lavoro.

Il plugin Really Simple Security viene utilizzato su quattro milioni di siti WordPress. Con esso, gli amministratori possono aggiungere una varietà di funzionalità di sicurezza, tra cui la configurazione SSL, l’autenticazione a due fattori, ulteriore sicurezza dell’accesso, rilevamento delle vulnerabilità e altro ancora.

La vulnerabilità è stata identificata come CVE-2024-10924 (punteggio CVSS 9.8) ed è un bypass di autenticazione che consente a un utente malintenzionato non autorizzato di accedere come qualsiasi utente del sito, incluso l’amministratore.

Il CVE-2024-10924 influisce sulle versioni di Really Simple Security dalla 9.0.0 alla 9.1.1.1, interessando sia la versione gratuita che le versioni Pro e Pro Multisite.

Secondo gli analisti di Defiant, la vulnerabilità si verifica a causa di una gestione errata dell’autenticazione degli utenti e di un’implementazione non sicura delle funzioni relative all’API REST. In particolare, l’errore compare se è abilitata l’autenticazione a due fattori (2FA). Sebbene sia disabilitato per impostazione predefinita, molti amministratori ne consentono l’utilizzo per migliorare la sicurezza.

I ricercatori spiegano che la funzione check_login_and_get_user() verifica gli utenti utilizzando i parametri user_id e login_nonce. Ma nel caso in cui login_nonce non sia valido, la richiesta non viene rifiutata e viene invece chiamato authenticate_and_redirect(), che autentica l’utente solo in base a user_id. Di conseguenza, l’utente viene autenticato semplicemente in base all’ID fornito.

Gli sviluppatori di Really Simple Security sono stati informati del problema il 6 novembre e il 12 e 14 novembre hanno rilasciato correzioni per le versioni gratuita e Pro del plug-in. Data la gravità della situazione, gli sviluppatori e il team di WordPress.org stanno distribuendo forzatamente agli utenti la versione corretta di Really Simple Security 9.1.2. Si consiglia tuttavia a tutti gli amministratori dei siti che utilizzano il plug-in di assicurarsi di essere passati definitivamente alla versione sicura.

Secondo le statistiche ufficiali, circa 3.500.000 siti su cui è installato Really Simple Security potrebbero essere ancora vulnerabili agli attacchi.

L'articolo Allarme WordPress: 4 milioni di siti in pericolo a causa di un bug critico in Really Simple Security proviene da il blog della sicurezza informatica.

Il National Institute of Standards and Technology (NIST) ha annunciato di essere in grado di elaborare l’intero arretrato di vulnerabilità non ancora lavorate, ma ha ammesso che non sarà possibile eliminare completamente l’arretrato entro la fine dell’anno.

All’inizio dell’anno si è scoperto che, a causa della riduzione delle risorse del NIST, migliaia di vulnerabilità critiche non erano state analizzate e non erano state arricchite con dati aggiuntivi. L’arricchimento è il processo di aggiunta di informazioni dettagliate su una vulnerabilità all’interno del National Vulnerability Database (NVD).

Con l’aiuto della CISA e di diverse società private, il NIST dispone ora di un team completo di analisti e ha iniziato a elaborare rapidamente tutti i nuovi record di vulnerabilità non appena vengono ricevuti. Inoltre sono state analizzate tutte le vulnerabilità rimaste in coda del catalogo KEV. Ora anche tutte le nuove vulnerabilità vengono elaborate in modo tempestivo.

A settembre, gli esperti di VulnCheck hanno riferito che al 21 settembre più di 18.000 vulnerabilità non erano ancora state elaborate nel database, ovvero circa il 72,4% di tutti i record CVE. Inoltre, quasi la metà di queste vulnerabilità sono già state sfruttate in attacchi, ma non sono state ancora analizzate nel dettaglio.

Il NIST ha osservato che in precedenza prevedeva di gestire l’elaborazione di tutte le vulnerabilità entro la fine dell’anno, ma questo piano si è rivelato troppo ottimistico. Il problema è che i dati provenienti dai fornitori di dati autorizzati (ADP), come CISA, arrivano in formati che richiedono un’elaborazione aggiuntiva. Sono attualmente in fase di sviluppo nuovi sistemi che aiuteranno a elaborare tali dati più velocemente.

Quest’anno CISA è diventata il primo fornitore ufficiale di dati del NIST, consentendo all’agenzia di inserire nuove vulnerabilità direttamente nel sistema. Al momento il NIST non ha specificato se vi siano altri fornitori oltre al CISA.

Nel frattempo, NVD sta introducendo aggiornamenti di sistema a partire dal 18 novembre 2024 che gli consentiranno di raccogliere dati più granulari da fonti certificate (CNA e ADP). Le voci CVE ora includeranno più informazioni come collegamenti, CWE e CVSS, che verranno visualizzati sul sito e tramite l’API. Ciò porterà ad aggiornamenti dei record più frequenti, quindi le aziende dovrebbero essere preparate a maggiori volumi di dati.

Inoltre, NVD migliorerà la gestione dei collegamenti duplicati: i tag verranno applicati automaticamente a tutti i collegamenti duplicati. Verrà aggiornato anche l’ordine in cui gli eventi vengono visualizzati nella cronologia delle modifiche CVE. Verranno eliminati anche i parametri API deprecati come HasCertAlerts e HasOval, rendendo più semplice l’individuazione delle vulnerabilità. Il supporto per la nuova versione di CVSS v4.0 consentirà di valutare in modo più accurato i rischi sulla base di criteri aggiornati.

All’inizio di aprile, gli esperti di sicurezza informatica hanno inviato una lettera al Congresso e al segretario al Commercio degli Stati Uniti Gina Raimondo chiedendo ulteriori finanziamenti per sostenere NVD. La lettera al Congresso sottolinea che il mancato ripristino della funzionalità NVD minaccia la sicurezza di tutti, facendo riferimento a recenti incidenti come l’attacco informatico Change Healthcare che ha paralizzato il settore sanitario per settimane.

L’8 maggio CISA ha annunciato il lancio del programma Vulnrichment per aggiungere metadati alle vulnerabilità. MITRE, che amministra il programma CVE, ha inoltre approvato nuove regole per le organizzazioni che rilasciano CVE. Decine di esperti di sicurezza informatica avevano precedentemente firmato una lettera indirizzata al Congresso e al segretario al Commercio degli Stati Uniti Gina Raimondo, esortando a finanziare e proteggere NVD, definendola “infrastruttura critica per molteplici prodotti di sicurezza informatica“.

L'articolo Tsunami di CVE in Arrivo! Il NIST è in arretrato di 18.000 Vulnerabilità proviene da il blog della sicurezza informatica.

Product teardowns are great, but getting an unfiltered one from the people who actually designed and built the product is a rare treat. In the lengthy video after the break, former Formlabs engineer [Shane Wighton] tears down the Form 4 SLA printer while [Alec Rudd], the engineering lead for the project, answers all his prying questions.

[Shane] was part of the team that brought all Form 4’s predecessors to life, so he’s intimately familiar with the challenges of developing such a complex product. This means he can spot the small design details that most people would miss, and dive into the story behind each one. These include the hinges and poka-yoke (error-proofing) designed into the lid, the leveling features in the build-plate mount, the complex prototyping challenges behind the LCD panel and backlight, and the mounting features incorporated into every component.

A considerable portion of the engineering effort went into mitigating all the ways things could go wrong in production, shipping, and operation. The fact that most of the parts on the Form 4 are user-replaceable makes this even harder. It’s apparent that both engineers speak from a deep well of hard-earned experience, and it’s well worth the watch if you dream of bringing a physical product to market.

You probably know [Shane] from his YouTube channel Stuff Made Here. We’ve covered many of his ludicrously challenging projects, like the auto-aiming pool cue and golf club, a robotic hairdresser, and an “unpickable” lock.

youtube.com/embed/cbm03jtWWL0?…

hackaday.com/2024/11/18/tearin…

La Shadowserver Foundation ha scoperto una botnet che attacca utilizzando una vulnerabilità zero-day nei dispositivi GeoVision obsoleti per utilizzarli successivamente in attacchi DDoS e mining di criptovalute.

Secondo i ricercatori, la botnet individuata utilizza una variante del malware Mirai, che di solito viene utilizzato per creare piattaforme DDoS o mining.

Il problema è stato identificato e monitorato con il CVE-2024-11120 (punteggio CVSS 9,8), scoperto da The Shadowserver Foundation. Il bug critico riguarda l’iniezione di comandi, che consente agli aggressori non autenticati di eseguire comandi arbitrari su un dispositivo vulnerabile.

Allo stesso tempo, il CERT taiwanese conferma che gli hacker stanno già sfruttando attivamente il bug di sicurezza.

È stato segnalato che il CVE-2024-11120 influisce sui seguenti dispositivi:

• GV-VS12 è un server video H.264 a due canali che converte i segnali video analogici in digitali per la trasmissione in rete;
• GV-VS11 è un server video a canale singolo progettato per la digitalizzazione di video analogici per la trasmissione su una rete;
• GV-DSP LPR V3 – Sistema Linux predisposto per il riconoscimento targhe;
• GV-LX4C V2 / GV-LX4C V3 – DVR per sistemi di videosorveglianza mobile.

Poiché tutti questi sistemi non sono più supportati dal produttore, non è necessario attendere il rilascio delle patch.

Secondo la Shadowserver Foundation, attualmente sulla rete sono presenti circa 17.000 dispositivi GeoVision vulnerabili a CVE-2024-11120.

La maggioranza si trova negli Stati Uniti (9.100), seguita da Germania (1.600), Canada (800), Taiwan (800), Giappone (350), Spagna (300) e Francia (250).

L'articolo La Botnet Mirai sfrutta un nuovo 0day e mette a rischio 17.000 dispositivi GeoVision proviene da il blog della sicurezza informatica.

Per il sesto anno consecutivo, i ricercatori NordPass hanno stilato un elenco delle password peggiori e più comuni dell’anno. Purtroppo, il 2024 non ha portato alcun miglioramento notevole: le persone usano ancora la password “123456” più spesso, e nella top 5 ci sono anche classici senza tempo come “password” e “qwerty123”.

Per preparare questo anti-rating, gli esperti hanno analizzato un database da 2,5 TB. Questo database è stato compilato da varie fonti aperte, comprese fonti sul dark web (ad esempio, password rubate da infostealer o rese pubblicamente disponibili a causa di fughe di dati). Si sottolinea che nessun dato personale degli utenti è stato acquistato o altrimenti ottenuto.

Anche quest’anno i ricercatori hanno preparato statistiche separate sulle password aziendali, che solitamente vengono rubate insieme agli indirizzi e-mail, che consente loro di distinguerle dalla massa, distinguendo tra credenziali aziendali e personali.

“123456 ha ricevuto ancora una volta il titolo di peggiore password al mondo”, scrivono gli esperti di NordPass. “In effetti, nel corso dei sei anni della nostra ricerca, è stata in cima alla lista ed è stata riconosciuta come la password più comune 5 volte su 6. “Password” ha ricevuto questo titolo poco onorevole solo una volta.”

Di conseguenza, le 10 peggiori password del 2024 si presentano così:

Come puoi vedere nella tabella sopra, la password “123456” è stata utilizzata più di 3 milioni di volte e ci vuole meno di un secondo per decifrarla. Altre password incluse nella top 10 (“password”, “segreta”, “qwerty123” e così via) sono più o meno le stesse “affidabili“.

Sfortunatamente, si è scoperto che nel segmento aziendale la situazione non è praticamente diversa e sembra anche più triste. “Le persone tendono a fare affidamento sulle stesse password deboli sia nella vita personale che in quella lavorativa”, spiegano i ricercatori.

Gli esperti ricordano che le password complesse dovrebbero essere lunghe almeno 20 caratteri e non dovrebbero contenere informazioni facilmente indovinabili (compleanni, nomi e parole semplici). Inoltre, non dovresti riutilizzare le stesse password per siti e servizi diversi.

L'articolo La Password Più Popolare del 2024 è 123456! Applausi per il Sesto anno Consecutivo di Podio! proviene da il blog della sicurezza informatica.

On November 6th, Northwestern University introduced a groundbreaking leap in haptic technology, and it’s worth every bit of attention now, even two weeks later. Full details are in their original article. This innovation brings tactile feedback into the future with a hexagonal matrix of 19 mini actuators embedded in a flexible silicone mesh. It’s the stuff of dreams for hackers and tinkerers looking for the next big thing in wearables.

What makes this patch truly cutting-edge? First, it offers multi-dimensional feedback: pressure, vibration, and twisting sensations—imagine a wearable that can nudge or twist your skin instead of just buzzing. Unlike the simple, one-note “buzzers” of old devices, this setup adds depth and realism to interactions. For those in the VR community or anyone keen on building sensory experiences, this is a game changer.

But the real kicker is its energy management. The patch incorporates a ‘bistable’ mechanism, meaning it stays in two stable positions without continuous power, saving energy by recycling elastic energy stored in the skin. Think of it like a rubber band that snaps back and releases stored energy during operation. The result? Longer battery life and efficient power usage—perfect for tinkering with extended use cases.

And it’s not all fun and games (though VR fans should rejoice). This patch turns sensory substitution into practical tech for the visually impaired, using LiDAR data and Bluetooth to transmit surroundings into tactile feedback. It’s like a white cane but integrated with data-rich, spatial awareness feedback—a boost for accessibility.

Fancy more stories like this? Earlier this year, we wrote about these lightweight haptic gloves—for those who notice, featuring a similar hexagonal array of 19 sensors—a pattern for success? You can read the original article on TechXplore here.

hackaday.com/2024/11/18/hackin…

High-speed photography with the camera on a fast-moving robot arm has become all the rage at red-carpet events, but this GlamBOT setup comes with a hefty price tag. To get similar visual effects on a much lower budget [Henry Kidman] built a large, very fast camera slider. As is usually the case with such projects, it’s harder than it seems.

The original GlamBOT has a full 6 degrees of freedom, but many of the shots it’s famous for are just a slightly curved path between two points. That curve adds a few zeros to the required budget, so a straight slider was deemed good enough for [Henry]’s purposes. The first remaining challenge is speed. V1 one used linear rails made from shower curtain rails, with 3D printed sliders driven by a large stepper motor via a belt. The stepper motor wasn’t powerful enough to achieve the desired acceleration, so [Henry] upgraded to a more powerful 6 hp servo motor.

Unfortunately, the MDF and 3D-printed frame components were not rigid enough for the upgraded torque. It caused several crashes into the ends of the frame as the belt slipped and failed to stop the camera platform. The frame was rebuilt from steel, with square tubing for the rails and steel plates for the brackets. It provided the required rigidity, but the welding had warped the rails which led to a bumpy ride for the camera so he had to use active stabilization on the gimbal and camera. This project was filled with setback and challenges, but in the end the results look very promising with great slow motion shots on a mock red carpet.

We’ve seen DIY camera sliders of all shapes and sizes, including ones made from skateboard trucks and wood, and even a measuring tape.

youtube.com/embed/8pIti4nohTM?…

hackaday.com/2024/11/18/a-very…

Un cavo sottomarino per telecomunicazioni che collega la Finlandia all’Europa continentale è stato danneggiato, interrompendo le connessioni che viaggiano attraverso di esso. Secondo Cinia, l’azienda finlandese proprietaria del cavo, le cause del problema sono ancora sconosciute. Questo incidente solleva preoccupazioni per l’affidabilità delle infrastrutture critiche. Ricordiamo sempre che ad oggi, il 99% delle comunicazioni internet nel mondo viaggia all’interno dei cavi sottomarini.

Samuli Bergström, rappresentante del Traficom, ha confermato l’interruzione delle connessioni internazionali dalla Finlandia. Tuttavia, ha rassicurato che l’impatto per i cittadini sarà probabilmente limitato, grazie alla presenza di connessioni alternative. L’evento mette comunque sotto pressione le altre infrastrutture di rete del Paese.

Possibile atto intenzionale o sabotaggio?

Tapio Frantti, esperto di sicurezza informatica, ha dichiarato che la rottura del cavo potrebbe non essere accidentale. Ha suggerito che attori come la Russia potrebbero avere un movente per sabotare il cavo, anche se mancano prove definitive. Questo evento potrebbe essere interpretato come un test per azioni future su larga scala.

Non è la prima volta che infrastrutture critiche in Scandinavia subiscono danni. Nel 2023, un gasdotto e un cavo elettrico tra Finlandia ed Estonia sono stati danneggiati, e altri episodi simili si sono verificati nella regione. Questo incidente sottolinea l’importanza di proteggere queste infrastrutture da rischi sia naturali che intenzionali.

In seguito alle notizie riportate dai media finlandesi secondo cui un guasto inspiegabile di un cavo di telecomunicazioni sottomarino avrebbe interrotto i servizi di comunicazione tra Finlandia e Germania, Andrius Šemeškevičius, direttore tecnico di Telia, ha dichiarato che anche il cavo di comunicazioni tra Lituania e Svezia è stato danneggiato.

“Il cavo è stato tagliato domenica mattina, verso le 10:00. I sistemi hanno immediatamente segnalato che avevamo perso la connessione. Sono state effettuate ulteriori indagini e chiarimenti, e si è scoperto che era danneggiato”, ha detto Šemeškevičius al programma Important Hour della LRT TV.

Secondo lui, Telia trasmette la connessione Internet alla Lituania tramite tre cavi, il che significa che la larghezza di banda di Internet è stata ridotta di un terzo a causa dell’incidente. Tuttavia, la connessione è stata ripristinata per gli utenti bypassando il guasto.

Riparazioni e tempi di recupero

Nel frattempo, la trasmissione dati tra Finlandia e Germania è stata completamente interrotta. Il cavo lungo quasi 1.200 chilometri è l’unico collegamento diretto del suo genere tra Finlandia ed Europa centrale e corre accanto ad altre importanti infrastrutture, tra cui gasdotti e cavi elettrici.

Il cedimento dell’unico collegamento tra la Finlandia e l’Europa centrale è avvenuto poche settimane dopo che gli Stati Uniti avevano segnalato un aumento dell’attività militare russa nei pressi di importanti cavi sottomarini.

Le riparazioni del cavo C-Lion1 sono in corso. Cinia ha mobilitato una nave di riparazione, ma il processo potrebbe richiedere dai 5 ai 15 giorni. Questo cavo, con una capacità di 144 terabit al secondo, è cruciale per operatori come TeliaSonera e Hetzner Online. La sua interruzione evidenzia la necessità di strategie di backup e resilienza per le telecomunicazioni internazionali.

L'articolo Due Cavi Sottomarini in in Europa in Panne: Guasto o Sabotaggio? proviene da il blog della sicurezza informatica.

How do you collect a lot of data about the ionosphere? Well, you could use sounding rockets or specialized gear. Or maybe you can just conscript a huge number of cell phones. That was the approach taken by Google researchers in a recent paper in Nature.

The idea is that GPS and similar navigation satellites measure transit time of the satellite signal, but the ionosphere alters the propagation of those signals. In fact, this effect is one of the major sources of error in GPS navigation. Most receivers have an 8-parameter model of the ionosphere that reduces that error by about 50%.

However, by measuring the difference in time between signals of different frequencies, the phone can estimate the total electron current (TEC) of the ionosphere between the receiver and the satellite. This requires a dual-frequency receiver, of course.

This isn’t a new idea. There are a large number of fixed-position stations that make this measurement to contribute to a worldwide database. However, the roughly 9,000 stations can’t compete with cell phones everywhere. The paper outlines how Android smartphones can do calculations on the GPS propagation delays to report the TEC numbers.

Hams often study the ionosphere. So do sounding rockets.

hackaday.com/2024/11/18/crowds…

The Raspberry Pi 5 board strapped to a liquid nitrogen cooler with an ElmorLabs AMPLE-X1 power board attached. (Credit: Pieter-Jan Plaisier, SkatterBencher.com)
As impractical as most overclocking of computers is these days, there is still a lot of fun to be had along the way. Case in point being [Pieter-Jan Plaisier]’s recent liquid nitrogen-aided overclocking of an unsuspecting Raspberry Pi 5 and its BCM2712 SoC. Previous OCing attempts with air cooling by [Pieter] had left things off at a paltry 3 GHz from the default 2.4 GHz, with the power management IC (PMIC) circuitry on the SBC turning out to be the main limiting factor.

The main change here was thus to go for liquid nitrogen (LN₂) cooling, with a small chipset LN₂ pot to fit on the SBC. Another improvement was the application of a NUMA (non-uniform memory addressing) patch to force the BCM2712’s memory controller to utilize better RAM chip parallelism.

With these changes, the OC could now hit 3.6 GHz, but at 3.7 GHz, the system would always crash. It was time to further investigate the PMIC issues.

The PMIC imposes voltage configuration limitations and turns the system off at high power consumption levels. A solution there was to replace said circuitry with an ElmorLabs AMPLE-X1 power supply and definitively void the SBC’s warranty. This involves removing inductors and removing solder mask to attach the external power wires. Yet even with these changes, the SoC frequency had trouble scaling, which is why an external clock board was used to replace the 54 MHz oscillator on the PCB. Unfortunately, this also failed to improve the final overclock.

We covered the ease of OCing to 3 GHz previously, and no doubt some of us are wondering whether the new SoC stepping may OC better. Regardless, if you want to get a faster small system without jumping through all those hoops, there are definitely better (and cheaper) options. But you do miss out on the fun of refilling the LN₂ pot every couple of minutes.

Thanks to [Stephen Walters] for the tip.

hackaday.com/2024/11/18/glorio…