Samples taken from the space-returned piece of asteroid Ryugu were collected and prepared under strict anti-contamination controls. Inside the cleanest of clean rooms, a tiny particle was collected from the returned sample with sterilized tools in a nitrogen atmosphere and stored in airtight containers before being embedded in an epoxy block for scanning electron microscopy.

It’s hard to imagine what more one could do, but despite all the precautions taken, the samples were rapidly colonized by terrestrial microorganisms. Only the upper few microns of the sample surface, but it happened. That’s what the images above show.
The surface of Ryugu from Rover 1B’s camera. Source: JAXA
Obtaining a sample from asteroid Ryugu was a triumph. Could this organic matter have come from the asteroid itself? In a word, no. Researchers have concluded the microorganisms are almost certainly terrestrial bacteria that contaminated the sample during collection, despite the precautions taken.

You can read the study to get all the details, but it seems that microorganisms — our world’s greatest colonizers — can circumvent contamination controls. No surprise, in a way. Every corner of our world is absolutely awash in microbial life. Opening samples on Earth comes with challenges.

As for off-Earth, robots may be doing the exploration but despite NASA assembling landers in clean room environments we may have already inadvertently exported terrestrial microbes to the Moon, and Mars. The search for life to which we are not related is one of science and humanity’s greatest quests, but it seems life found on a space-returned samples will end up looking awfully familiar until we step up our game.

hackaday.com/2024/11/27/life-f…

Overview of 2024 consumer cyberthreats and trends predictions

Part of the Kaspersky Security Bulletin, our predictions for 2024 identified key consumer cyberthreats and trends shaped by global events, technological advances and evolving user behavior.

Last year, we suggested that charity-related scams would increase globally. While cybercriminals exploited humanitarian crises and charitable causes, taking advantage of both major conflicts and new donation methods, the anticipated boost could not be confirmed. We witnessed cases of abusing such efforts, particularly those associated with the Israeli-Hamas conflict, with Kaspersky researchers uncovering more than 540 scam emails and numerous fraudulent websites that imitated legitimate humanitarian aid campaigns. However, charity platforms’ ever-evolving protective measures and growing integration between charitable giving and day-to-day online shopping have provided more secure and convenient ways for users to make a contribution without exposing themselves to scammers, which also proves our prediction about such collaboration as accurate.

In line with our expectations regarding VPN usage and internet segmentation, 2024 saw a notable global surge in the popularity of VPN and proxy services, with applications gaining significant popularity across various countries. This trend is largely driven by users seeking to bypass regional content restrictions and enhance online privacy. However, this increased demand has attracted malicious actors. Cybercriminals are exploiting the popularity of VPN services by spreading potentially harmful applications disguised as legitimate VPN tools. Kaspersky has reported a surge in these malicious apps, capable of compromising user data and security.

In 2024, the prediction that national security concerns would lead to restrictions imposed on apps and services, thus creating new security issues, proved accurate. Governments worldwide used security as a justification for limiting access to popular platforms, often leaving users with fewer and potentially less secure alternatives in the process. Notable developments included the temporary suspension of X (formerly Twitter) in Brazil by a court ruling, ongoing discussions about TikTok’s ownership structure in the United States, and the removal of various messaging apps from Apple’s App Store in China.

Our prediction that play-to-earn (P2E) gaming platforms would attract cybercriminals was also fulfilled, with multiple cases highlighting the sector’s vulnerabilities. Kaspersky researchers uncovered phishing schemes targeting Hamster Kombat players, a popular Telegram-based clicker game, where attackers used fraudulent links to steal credentials and gain unauthorized access to user accounts. Similarly, Kaspersky GReAT discovered a scheme devised by the Lazarus group, which developed a malicious decoy game disguised as a legitimate P2E platform containing sophisticated malware designed to steal cryptocurrency and sensitive user data.

Despite the growing need driven by advancements in generative AI technology, the prediction about the development of a universal deepfake verification tool remained unfulfilled in 2024. While user-generated content (UGC) platforms like TikTok and Instagram have introduced policies requiring creators to label AI-generated content, the effectiveness of these measures is limited by their reliance on users’ honesty and awareness.

Just as predicted, the rise of voice deepfakes continued in 2024, fueling scams like vishing (voice phishing). A notable example is the proliferation of “fake kidnapping” scams, where attackers use voice imitation technology to impersonate real individuals and extort money from their families. The availability of open-source voice generation models expanded significantly, making these tools more accessible and lowering the technological threshold for malicious actors. The challenge of combating deepfakes extends beyond advances in tech and includes the need to raise public awareness and ensure the seamless integration of detection tools into everyday life.

Lastly, cybercriminals capitalized on the anticipation surrounding major film and game releases in 2024, which aligned with our earlier predictions. The release of “Joker 2” was accompanied by scams like phishing websites and fake streaming links, that aimed to deceive eager fans. Although “Grand Theft Auto VI” (GTA VI) is scheduled for release in 2025, scammers have already started to exploit its popularity by creating fake beta versions and unauthorized mobile releases to trick users into downloading malware or submitting personal information.

Overview of 2024 privacy predictions

The privacy landscape in 2024 was shaped by significant technological advances and evolving societal concerns, aligning with many of our predictions but leaving some areas underdeveloped.

Biometric data gained recognition as a critical aspect of privacy protection, with the European Union adopting the Artificial Intelligence (AI) Act to address privacy concerns associated with facial recognition and other biometric technologies. This marked a notable step towards expanding the concept of private data beyond traditional means of identification. However, while the EU led these efforts, global consensus and comprehensive implementation of similar standards remain ongoing challenges, rendering the anticipated trend of stricter regulation of biometric data usage only partially fulfilled.

Predicted privacy debates surrounding AI-enabled wearables, such as Humane’s AI Pin, did not gain much traction, as these devices struggled to make significant advancements in 2024. As a result, discussions surrounding these technologies often merged with those about AR and VR devices, which saw more tangible development. Devices like Apple Vision Pro and Meta’s Ray-Ban smart glasses highlighted similar concerns around data collection, biometric privacy, environmental mapping and bystanders’ consent. While these advancements brought privacy challenges to the forefront, the lack of robust regulatory frameworks left these predictions only partially realized. The immersive and pervasive nature of AR/VR technology underscores the urgency of establishing concrete regulatory measures to address these evolving concerns.

In 2024, the prediction that leaked passwords would become less of a concern saw partial realization. The increased adoption of passwordless authentication, supported by passkeys and biometric logins from major tech companies like Google, Microsoft and Apple, reduced the reliance on traditional passwords and mitigated the impact of credential leaks. However, the transition remains incomplete, with gaps in adoption leaving room for continued exploitation.

Assistant bots showed promise in enhancing privacy, particularly in mitigating phishing risks through call transcription and incoming caller screening, as predicted. However, the rise of sophisticated scams targeting bot vulnerabilities underscored the dual role of these technologies, showcasing both their potential and the need for stronger safeguards.

Overall, 2024 demonstrated progress in addressing critical privacy concerns while highlighting the need for continued advancement, global collaboration and comprehensive regulatory efforts to fully realize the potential of emerging technology in safeguarding privacy.

Consumer and privacy predictions for 2025

AI becomes an everyday reality

In 2025, artificial intelligence (AI) will solidify its role as a core element of daily life, transitioning from an innovative tool to a mundane utility. The rapid adoption of AI-driven technology across various domains — from search engines to creative tasks — has already reshaped how people work, learn and communicate. Major platforms like Google and Bing have integrated AI into search results, while users increasingly rely on chatbots for everything from answering questions and editing media to learning languages and simplifying workflows.

This trend is set to expand further with the anticipated release of advanced AI features in key operating systems like iOS and Android, marking a new phase in AI accessibility. As these capabilities roll out, AI will influence not only personal convenience but also broader industries. In academia, for instance, AI has accelerated research processes, and its contributions may reach new heights, as highlighted by the potential for groundbreaking achievements like the Nobel Prize awarded to the cofounder and scientist behind the AI initiative DeepMind.

However, alongside this normalization, challenges remain. AI’s ability to produce personalized deepfakes continues to evolve, raising ethical and privacy concerns in the absence of robust detection tools. As AI systems increasingly interact with and shape the physical world, the need for safeguards and accountability will grow. By 2025, AI’s ubiquity will transform it from a novelty into an indispensable part of modern life, with both opportunities and risks becoming more pronounced.

Fraudsters to exploit high-profile entertainment releases in 2025

In 2025, cybercriminals are expected to capitalize on the excitement surrounding major gaming, console and film releases. The launch of highly anticipated games like Mafia: The Old Country, Civilization VII and Death Stranding 2 will likely be accompanied by scams involving fake pre-orders and counterfeit digital keys. Similarly, rumors about the release of Nintendo’s next-generation console may fuel scams tied to pre-orders, early sales and fake hacking tools, some of which could deliver malware disguised as rootkits.

On the cinematic front, anticipated sequels and remakes like Superman, Jurassic World Rebirth, Captain America: Brave New World, Return to Silent Hill, and Tron: Ares will provide scammers with ample opportunity. Fraudulent campaigns may target fan forums and social media platforms by promoting fake early screenings, counterfeit merchandise and phishing emails. As the hype around these premieres intensifies, so will the sophistication and scale of cybercriminal activity seeking to exploit eager fans and consumers.

Proliferating subscription services to fuel fraud risks

As the global economy increasingly shifts towards subscription-based models, a significant uptick in fraud related to fake subscription offerings is anticipated. Cybercriminals are expected to exploit the growing shift in habits regarding subscriptions and reliance on these by creating counterfeit services that mimic legitimate ones. These fraudulent platforms aim to deceive users into providing personal and financial information, leading to identity theft and financial loss.

Moreover, with the proliferation of subscription services, some users may turn to unofficial resources to access content at reduced prices or for free. These non-official channels often lack proper security and may serve as hotspots for malware distribution, phishing attacks and other cyberthreats. Engaging with these platforms not only undermines legitimate businesses’ interests but also exposes users to heightened risks of fraud and data breaches.

Prohibition of social media for children may lead to broader user restrictions

Australia is considering legislation to ban children under 16 from using social media platforms like Facebook, Instagram, TikTok and X (formerly Twitter). The success of this measure hinges on its technical implementation, particularly in establishing reliable and effective age verification systems. If these challenges are successfully resolved, this legislation could serve as a model for similar restrictions globally. Moreover, successful implementation of a stricter approach might create a precedent for projecting restrictive measures onto other user groups, potentially reshaping international norms for regulating online platform access and use.

While unrelated to Australia’s initiative, content sharing platforms like Instagram are independently exploring advanced solutions to address age-related access issues. Instagram, for example, plans to deploy artificial intelligence to detect users misrepresenting their age, demonstrating how technology can enhance compliance with age-based policies. These innovations highlight the potential for scalable enforcement solutions, even as they face significant hurdles in ensuring accuracy and fairness.

Political polarization to fuel cyberbullying

In 2025, the increasing political divides affecting countries worldwide are expected to fuel a rise in cyberbullying, exacerbated by the global reach of social media platforms. Economic disparities, social movements and geopolitical conflicts have heightened tensions across Europe, Asia, Africa and the Americas. Social media platforms amplify these divides through algorithms that promote echo chambers and inflammatory content, creating an environment ripe for targeted harassment. Emerging AI tools, such as those used to create deepfakes or doctored posts, further enable malicious actors to escalate harassment. Although there are measures taken by various social media platforms to protect the online community from abuse, offensive content is hard to distinguish comprehensively, leaving users exposed to cyberbullying.

This trend will lead to an increase in the frequency of targeted attacks, doxing and coordinated cyberbullying campaigns, often crossing national boundaries. Individuals may face harassment not only from domestic adversaries but also from users abroad, making cyberbullying a transnational issue.

New regulations to expand user ownership of their data

In 2025, privacy regulations are set to hand users more control over their personal data than ever before. New laws may enable individuals to monetize their data, turning it from a corporate commodity into a personal asset. Expanded portability rights could make it easier to move data across platforms, encouraging competition and giving users the freedom to switch services without losing their digital history. Simplified consent models and enhanced rights to correct or delete data will further empower users to manage their online presence.

Globally, privacy frameworks like California’s CPRA and the EU’s GDPR are inspiring similar reforms in regions such as Asia and across U.S. states. Innovations like decentralized data storage may also emerge, giving users direct control over their data. By the end of 2025, the balance of power in the digital ecosystem may shift decisively toward individuals.

securelist.com/ksb-consumer-an…

If you were to walk into most of the world’s hackerspaces, it’s likely that the most frequent big-ticket tool you’ll find after a 3D printer is a laser cutter. A few years ago that would inevitably been one of the ubiquitous blue Chinese-made K40 machines, but here in 2024 it’s become common to see something far more sophisticated. For all that, many of us are still laser cutter noobs, and for us [Dominic Morrow] gave a talk at last summer’s EMF Camp in the UK entitled “Getting Started In Laser Cutting“. [Dominic] is a long-term laser cutting specialist who now works for Lightburn, so he’s ideally placed to deliver this subject.

It’s fair to say that this is an overview in the time available for a hacker camp talk rather than an in-depth piece, so he takes the approach of addressing people’s misconceptions and concerns about cutters. Perhaps the most important one he addresses is the exhaust, something we’ve seen a few in our community neglect in favor of excessive attention to laser cooling or other factors. An interesting one for us though was his talking about the cheaper diode lasers, having some insight into this end of the market is valuable when you have no idea which way to go.

We’re sorry to have missed this one in the real world, perhaps because of the allure of junk.

youtube.com/embed/o_i9Mv3Mby4?…

hackaday.com/2024/11/27/gettin…

Il recente attacco alla sicurezza nazionale in Italia ha portato alla luce vulnerabilità critiche, con il furto di informazioni sensibili a livello governativo. Tra le vittime di questa violazione figurano anche le email del Presidente Sergio Mattarella, il che ha sollevato preoccupazioni riguardo alla protezione delle comunicazioni istituzionali. Questo episodio ha evidenziato quanto sia vulnerabile la sicurezza digitale nel paese, nonostante i continui sforzi di difesa contro minacce esterne. L’attacco ha messo in evidenza la necessità urgente di rafforzare le misure di cyber-sicurezza per prevenire la compromissione di informazioni vitali.

L’incidente non è isolato, ma si inserisce in un contesto più ampio di attacchi informatici sempre più sofisticati contro enti pubblici e privati. L’Italia, infatti, è diventata un obiettivo privilegiato per gruppi di hacker che mirano a ottenere informazioni sensibili o a destabilizzare le strutture governative. La crescente interconnessione digitale espone le istituzioni a minacce persistenti, e la gestione dei dati risulta sempre più complessa in un panorama segnato da continui attacchi da parte di attori cybercriminali ben organizzati.

Questo episodio pone in evidenza una realtà scomoda: nonostante gli sforzi per incrementare la resilienza digitale, la protezione contro le minacce cyber è ancora insufficiente.

[strong][em]Scopri Business LOG. La tecnologia italiana per il monitoraggio dei log di sistema. Provalo gratuitamente per 30 giorni.[/em][/strong]

Una soluzione Italiana Scritta da Sviluppatori Italiani

Nel contesto geopolitico attuale, caratterizzato da tensioni crescenti e da un panorama di minacce informatiche sempre più sofisticato, è essenziale iniziare a puntare su soluzioni tecnologiche italiane per garantire la sicurezza nazionale. Affidarsi a tecnologie domestiche non solo rafforza l’autonomia strategica del Paese, ma permette di sviluppare competenze locali e di ridurre la dipendenza da fornitori esteri, spesso soggetti a pressioni politiche o restrizioni economiche. La sicurezza del futuro sarà sempre più legata alla capacità da parte dell’Europa e dell’Italia di progettare, sviluppare e implementare soluzioni tecnologiche nazionali, costruite con criteri di trasparenza, affidabilità e pieno controllo sul ciclo di vita dei sistemi.

Business LOG è un’applicazione di Adaptive SOC e rappresenta una risposta efficace e completa al problema, offrendo una piattaforma avanzata di Log Management progettata per garantire sicurezza, conformità normativa e continuità operativa. La suite è pienamente conforme alle normative vigenti, come il GDPR e la ISO 27001, e si distingue per funzionalità chiave quali:

• Monitoraggio in tempo reale delle attività IT;
• Analisi avanzata e audit per individuare comportamenti sospetti;
• Backup cloud sicuro per evitare la perdita di dati critici;
• Gestione centralizzata dei log per una visione completa e integrata.

Il sistema monitora con precisione file aperti, copiati o manipolati, grazie a un SOC nativo che segnala tempestivamente eventuali comportamenti anomali. L’integrazione dell’Intelligenza Artificiale (IA) permette di distinguere rapidamente tra operazioni ordinarie e potenziali minacce, ottimizzando la risposta agli incidenti.

Implementando Business LOG, le aziende possono ottenere una visibilità completa sulle attività IT e garantire la conservazione sicura dei log, anche in caso di guasti hardware o software. Questo strumento facilita inoltre il rispetto delle normative GDPR, ISO 27001 e delle disposizioni del Garante Privacy, assicurando che tutte le attività di gestione dei log siano pienamente conformi.

[strong][em]Scopri Business LOG. La tecnologia italiana per il monitoraggio dei log di sistema. Provalo gratuitamente per 30 giorni.[/em][/strong]

Intelligenza Artificiale a protezione delle reti informatiche

L’uso dell’IA predittiva all’interno di Business LOG rappresenta un significativo passo avanti nella gestione dei log aziendali. Grazie all’automazione delle risposte, all’ottimizzazione della conformità e alla capacità di identificare minacce emergenti, la suite offre un approccio proattivo e sicuro alla protezione dei dati.

In un panorama in cui le minacce informatiche continuano a evolversi, strumenti come Business LOG sono essenziali per proteggere le informazioni sensibili, garantire la sicurezza operativa e rafforzare la fiducia di clienti e partner.

Per scoprire le funzionalità di Business LOG e valutarne l’efficacia, è possibile richiedere una DEMO gratuita di 30 giorni visitando il sito ufficiale. Una protezione completa e innovativa è ora a portata di mano per le organizzazioni che desiderano affrontare le sfide della cybersecurity moderna con la massima efficacia.

[strong][em]Scopri Business LOG. La tecnologia italiana per il monitoraggio dei log di sistema. Provalo gratuitamente per 30 giorni.[/em][/strong]

L'articolo Italia Sotto Attacco: Furto di Dati Sensibili e Email del Presidente Mattarella hackerata. Come Proteggersi? proviene da il blog della sicurezza informatica.

QNAP ha rilasciato aggiornamenti di sicurezza che risolvono una serie di vulnerabilità, incluse tre critiche. Si consiglia vivamente agli utenti di installare patch per evitare rischi.qnap.com/en-us/security-adviso…

I problemi che hanno ricevuto maggiore attenzione sono l’applicazione Notes Station 3 utilizzata sui sistemi NAS. La vulnerabilità CVE-2024-38643 con un punteggio CVSS pari a 9,3 consente agli aggressori di ottenere accesso non autorizzato ed eseguire funzioni di sistema senza autorizzazione. Un altro bug, CVE-2024-38645 (CVSS: 9.4), è un problema di falsificazione delle richieste lato server (SSRF) che può portare alla perdita di dati. Questi problemi sono stati risolti nella versione 3.9.7.

Una vulnerabilità critica, CVE-2024-48860 (CVSS 9.5), è stata scoperta nei router QuRouter versione 2.4.x, e consente agli aggressori remoti di eseguire comandi sul sistema. La correzione è disponibile nella versione 2.4.3.106, che risolve anche il bug meno grave CVE-2024-48861 (CVSS: 7.3).

Notes Station 3 risolve anche le vulnerabilità di command injection e accesso ai dati CVE-2024-38644 (CVSS: 8.7) e CVE-2024-38646 (CVSS: 8.4). Il loro funzionamento richiede un account utente. Gli score rilasciati sono rispettivamente 8,7 e 8,4.

Ulteriori aggiornamenti hanno interessato i prodotti QNAP AI Core, QuLog Center e i sistemi operativi QTS e QuTS Hero. Tra questi ci sono:

• CVE-2024-38647 (CVSS: 7.9): una vulnerabilità relativa alla divulgazione di dati sensibili in QNAP AI Core, che è stata risolta nella versione 3.4.1.
• Il problema di path traversal del file system CVE-2024-48862 (CVSS: 8.7) in QuLog Center che è stato risolto nelle versioni 1.7.0.831 e 1.8.0.888.
• CVE-2024-50396 (CVSS: 7.7) e CVE-2024-50397 (CVSS: 7.7), errori nei formati stringa in QTS e QuTS Hero, risolti nelle versioni 5.2.1.2930 e h5.2.1.2929.

QNAP consiglia di non connettere dispositivi sensibili direttamente a Internet e di utilizzare una VPN per prevenire attacchi remoti.

L'articolo Tsunami di CVE per QNAP! Aggiornate il vostro NAS, Potrebbe fare il Doppio Gioco! proviene da il blog della sicurezza informatica.

Turning trash into art is something we undoubtedly all admire. [Davis DeWitt] did just that with a massive mural made entirely from discarded receipt paper. [Davis] got lucky while doing some light dumpster diving, where he stumbled upon the box of thermal paper rolls. He saw the potential them and, armed with engineering skills and a rental-friendly approach, set out to create something original.

The journey began with a simple test: how long can a receipt be printed, continuously? With a maximum length of 10.5 feet per print, [Davis] designed an image for the mural using vector files to maintain a high resolution. The scale of the project was a challenge in itself, taking over 13 hours to render a single image at the necessary resolution for a mural of this size. The final piece is 30 foot (9.144 meters) wide and 11 foot (3.3528 meters) tall – a pretty conversational piece in anyone’s room – or shop, in [Davis]’ case.

Once the design was ready, the image was sliced into strips that matched the width of the receipt paper. Printing over 1,000 feet of paper wasn’t without its issues, so [Davis] designed a custom spool system to undo the curling of the receipts. Hanging the mural involved 3D-printed brackets and binder clips, allowing the strips to hang freely with a kinetic effect.

Though the thermal paper will fade over time, the beauty of this project lies in its adaptability—just reprint any faded strips. Want to see how it all came together? Watch the full process here.

youtube.com/embed/dx0aSfPZonM?…

hackaday.com/2024/11/26/massiv…

What’s life without a little mystery? There’s one less rolling around after historians finally identified a donated mystery machine that had been in storage for years.
Feeding dough through this machine may have been faster, but probably not safer.
The main pieces of the machine are about a century old and any staff who may have known more about the undocumented device were no longer around to ask. The historical society finally posted pictures and asked for any insights, which eventually led to solving the mystery.

The machine is in all likelihood a beaten biscuit maker, which was a type of dense baked good popular in the American south. Making them called for a long and labor-intensive process of pounding and working the dough, and the society says this machine was likely created by a fellow trying to help his aunt streamline her business, offloading the labor of working the dough to a machine.

The machine had no branding of any sort and lacked any identifying marks. Its purpose was doubtfully obvious at the time, but no records remained and quite possibly none existed in the first place. Sound familiar? Perhaps someday our own undocumented projects and prototypes will mystify people. It’s certainly happened in the case of mysterious Roman dodecahedrons, which remain a head-scratching mystery.

hackaday.com/2024/11/26/your-u…