We get it. We also watched Star Trek and thought how cool it would be to talk to our computer. From Kirk setting a self-destruct sequence, to Scotty talking into a mouse, or Picard ordering Earl Grey, we intuitively know that talking to a computer is better than typing, right? Well, computers talking back and forth to us is no longer science fiction, and maybe we aren’t as happy about it as we thought we’d be.

We weren’t able to pinpoint the first talking computer in fiction. Asimov and van Vogt had talking computers in the 1940s. “I, Robot” by Eando Binder, and not the more famous Asimov story, had a fully speaking robot in 1939. You could argue that “The Machine” in E. M. Forster’s “The Machine Stops” was probably speaking — the text is a little vague — and that was in 1909. The robot from Metropolis (1927) spoke after transforming, but you could argue that doesn’t count.

Meanwhile, In Real Life

In real life, computers weren’t as quick to speak. Before the middle of the twentieth century, machine-generated speech was an oddity. In 1779, a mechanical contrivance by Wolfgang von Kempelen, famous for the mechanical Turk chess-playing automaton, could form simple words. By 1939, Bell Labs could do even better speech synthesis electronically but with a human operator. It didn’t sound very good, as you can see in the video below, but it was certainly expressive.

youtube.com/embed/0rAyrmm7vv0?…

Speech recognition would wait until 1952, when Bell Labs showed a system that required training to understand someone speaking numbers. IBM could recognize 16 different utterances in 1961 with “Shoebox,” and, of course, that same year, they made an IBM 704 sing “Daisy Bell,” which would later inspire HAL 9000 to do the same.

youtube.com/embed/gQqCCzrS5_I?…

Recent advances in neural network systems and other AI techniques mean that now computers can generate and understand speech at a level even most fiction didn’t anticipate. These days, it is trivially easy to interact with your phone or your PC by using your voice. Of course, we sometimes question if every device needs AI smarts and a voice. We can maybe do without a smart toaster, for instance.

So What’s the Problem?

Patrick Blower’s famous cartoon about Amazon buying Whole Foods is both funny and tragically possible. In it, Jeff Bezos says, “Alexa, buy me something from Whole Foods.” To which Alexa replies, “Sure, Jeff. Buying Whole Foods.” Misunderstandings are one of the problems with voice input.

Every night, I say exactly the same phrase right before I go to sleep: “Hey, Google. Play my playlist sleep list.” About seven times out of ten, I get my playlist going. Two times out of ten, I get children’s lullabies or something even stranger. Occasionally, for variety, I get “Something went wrong. Try again later.” You can, of course, make excuses for this. The technology is new. Maybe my bedroom is noisy or has lousy acoustics. But still.

That’s not the only problem. Science fiction often predicts the future and, generally, newer science fiction is closer than older science fiction. But Star Trek sometimes turns that on its head. Picard had an office. Kirk worked out of his quarters at a time when working from home was almost unheard of. Offices are a forgotten luxury for many people, and if you are working from home, that’s fine. But if you are in a call center, a bullpen, or the bridge of the Enterprise, all this yakking back and forth with your computer will drive everyone crazy. Even if you train the computer to only recognize the user’s voice, it will still annoy you to have to hear everyone else’s notifications, messages, and alerts.

Today, humans are still better at understanding people than computers are. We all have a friend who consistently mispronounces “Arduino,” but we still know what he means. Or the colleague with a very thick accent, like Checkov trying to enter authorization code “wictor wictor two” in the recent movie. You knew what he meant, too.

youtube.com/embed/yMOp-1r2ras?…

Some of the problems are social. I can’t tell you the number of times I’m in the middle of dictating an e-mail, and someone just comes up and starts talking to me, which then shows up in the middle of my sentence. Granted, that’s not a computer issue. But it is another example of why voice input systems are not always as delightful as you’d think.

Solutions?

Probably got great battery life.
Sure, maybe you could build a cone of silence over each station, but that has its own problems. Then again, Spock and Uhuru sometimes wore the biggest Bluetooth Earbud ever, so maybe that’s half of the answer. The other half could be subvocalization, but that’s mostly science fiction, although not entirely.

What do you think? Even telepathy probably has some downsides. You’d have to be careful what you think, right? What is the ideal human-computer interface? Or will future Star Fleet officers be typing on molecular keyboards? Or will it wind up all in our brains? Tell us what you think in the comments.

hackaday.com/2025/02/19/be-car…

Quasi 59 mila americani sono diventati vittime di truffatori , perdendo 697,3 milioni di dollari in truffe sentimentali nel 2024. Dietro le belle parole e le promesse d’amore si nascondevano inganni e una trappola finanziaria.

Sebbene il numero di casi di frode segnalati sia diminuito nel corso degli anni, le somme di denaro sottratte ai truffatori restano elevate. Nel 2023 sono state registrate 62,4 mila truffe di questo tipo, con perdite pari a 702,7 milioni di dollari. Ciò indica un cambiamento nelle tattiche dei truffatori, che ora si concentrano su schemi con frodi finanziarie più grandi, tra cui gli investimenti in criptovalute.

Secondo i dati di IC3, nel 2023, le truffe basate sulla fiducia e sulle relazioni sentimentali hanno rappresentato il 6% di tutti i reclami per truffe sulle criptovalute, causando perdite per oltre 215,8 milioni di dollari. Ciò significa che le truffe sentimentali stanno diventando sempre più parte di schemi finanziari più ampi, in cui le vittime non solo vengono indotte a credere nell’amore, ma anche convinte a investire denaro.

Anche la perdita media per frode varia. Ad esempio, in Idaho ha raggiunto i 61.784 dollari, in West Virginia i 51.588 dollari e in Oregon i 50.136 dollari. Sebbene il numero complessivo di truffe sentimentali sia in calo, i truffatori non stanno abbandonando i loro stratagemmi di seduzione, stanno semplicemente cambiando il loro approccio. L’uso della tecnologia, compresa l’intelligenza artificiale, consente agli aggressori di creare profili più convincenti, generare messaggi credibili e persino foto false per ingannare le vittime.

Gli investimenti fraudolenti basati su rapporti di fiducia rappresentano una minaccia crescente. Molte truffe iniziano con una relazione sentimentale, per poi trasformarsi in truffe sugli investimenti. Alle persone ingannate viene proposto di investire denaro in criptovalute o altri asset, il che comporta la perdita di ingenti somme di denaro.

Il problema delle truffe sentimentali è complicato dal loro basso tasso di rilevamento: molte vittime si vergognano semplicemente a denunciare l’accaduto. Le ricerche dimostrano che solo il 3,66% di questi casi viene registrato ufficialmente. Si stima che il danno effettivo causato da questo tipo di frode negli Stati Uniti potrebbe raggiungere i 535 miliardi di dollari.

Per evitare di essere scoperti, è importante ricordare i segnali chiave di una frode: richieste inaspettate di trasferimento di denaro, eccessiva fretta nello sviluppare relazioni, rifiuto di videochiamate o riunioni, nonché storie di improvvisi problemi finanziari. Al minimo dubbio, dovresti interrompere la comunicazione, verificare le informazioni e chiedere consiglio ai tuoi cari.

Le truffe sentimentali continuano a evolversi, diventando parte di schemi criminali più complessi. Ma con maggiore consapevolezza e cautela, è possibile evitare la trappola e risparmiare non solo denaro, ma anche tranquillità.

L'articolo Falsi Amori, Veri Inganni! Truffe Romantiche e Crypto per Raggiri Milionari nel 2024 proviene da il blog della sicurezza informatica.

It is easy to forget that many technology juggernauts weren’t always the only game in town. Ethernet seems ubiquitous today, but it had to fight past several competing standards. VHS and Blu-ray beat out their respective competitors. But what about USB? Sure, it was off to a rocky start in the beginning, but what was the real competition at that time? SCSI? Firewire? While those had plusses and minuses, neither were really in a position to fill the gap that USB would inhabit. But [Ernie Smith] remembers ACCESS.bus (or, sometimes, A.b) — what you might be using today if USB hadn’t taken over the world.

Back in the mid-1980s, there were several competing serial bus systems including Apple Desktop Bus and some other brand-specific things from companies like Commodore (the IEC bus) and Atari (SIO). The problem is that all of these things belong to one company. If you wanted to make, say, keyboards, this was terrible. Your Apple keyboard didn’t fit your Atari or your IBM computer. But there was a very robust serial protocol already in use — one you’ve probably used yourself. IIC or I2C (depending on who you ask).

I2C is robust, simple, and cheap to implement with reasonable licensing from Philips. It just needed a little tweaking to make it suitable for peripheral use, and that was the idea behind ACCESS.bus. [Ernie] tracked down a 1991 article that covered the technology and explained a good bit of the how and why. You can also find a comparison of A.b, I2C, and SMBus in this old datasheet. You can even find the 3.0 version of the spec online. While DEC was instrumental in the standard, some of their equipment used SERIAL.bus, which was identical except for using 12 V power and having a slightly different pinout.

The DEC Station 5000 was an early adopter of ACCESS.bus. From the user’s guide:

In theory, one ACCESS.bus port could handle 125 devices. It didn’t have a hub architecture like USB, but instead, you plugged one device into another. So your mouse plugs into your keyboard, which plugs into your printer, and finally connects to your PC.

The speed wasn’t that great — about 100 kilobits per second. So if ACCESS.bus had won, it would have needed to speed up when flash drives and the like became popular. However, ACCESS.bus does sort of live even today. Computer monitors that support DDC — that is, all of them in modern times — use a form of ACCESS.bus so the screen you are reading this on is using it right now so the monitor and PC can communicate things like refresh rates.

We love to read (and write) these deep dives into obscure tech. The Avatar Shark comes to mind. Or drives that used photographic film.

hackaday.com/2025/02/19/in-a-w…

Microsoft Threat Intelligence ha individuato una nuova variante di XCSSET, il pericoloso malware modulare per macOS che infetta i progetti Xcode. Sebbene al momento gli attacchi rilevati siano limitati, la scoperta di questa variante segna un’evoluzione preoccupante della minaccia, con nuove tecniche di offuscamento, meccanismi di persistenza aggiornati e strategie di infezione ancora più sofisticate.

XCSSET: un ritorno con nuove armi

Questa è la prima variante conosciuta di XCSSET dal 2022, e porta con sé miglioramenti significativi che lo rendono ancora più insidioso. Oltre alle capacità già note, come il furto di dati da wallet digitali, la raccolta di informazioni dall’app Note e l’esfiltrazione di file di sistema, il malware ora utilizza tecniche avanzate per eludere le difese e garantire la propria persistenza.

Offuscamento migliorato: più difficile da individuare

La nuova variante di XCSSET adotta un approccio altamente randomizzato per generare i payload all’interno dei progetti Xcode infetti. Le tecniche di codifica variano sia nella metodologia che nel numero di iterazioni, rendendo più complessa la rilevazione. Mentre le versioni precedenti utilizzavano esclusivamente xxd (hexdump) per l’encoding, questa variante introduce anche la codifica Base64, aumentando ulteriormente la complessità dell’analisi. Inoltre, i nomi dei moduli nel codice sono offuscati, rendendo difficile determinare il loro scopo.

Persistenza aggiornata

XCSSET sfrutta due nuovi metodi per garantirsi un’esecuzione continua sul sistema infetto:

• Metodo zshrc: il malware crea un file ~/.zshrc_aliases contenente il payload e modifica il file ~/.zshrc, assicurandosi che il codice venga eseguito ogni volta che si apre una nuova sessione shell.
• Metodo dock: scarica un tool firmato chiamato dockutil da un server di comando e controllo (C2) e lo usa per manipolare gli elementi del dock. Il malware sostituisce il percorso del Launchpad con una versione fasulla, assicurandosi che ogni volta che viene avviato dal dock, si esegua anche il codice malevolo.

Nuove tecniche di infezione nei progetti Xcode

XCSSET ha migliorato anche le modalità con cui inserisce il proprio codice nei progetti Xcode bersaglio. La variante sceglie tra tre strategie:

• TARGET
• RULE
• FORCED_STRATEGY

Inoltre, può posizionare il payload all’interno della chiave TARGET_DEVICE_FAMILY nelle impostazioni di compilazione, eseguendolo in una fase successiva del processo di sviluppo.

Come proteggersi da XCSSET?

Microsoft Defender for Endpoint su Mac è in grado di rilevare XCSSET, compresa questa nuova variante, ma la miglior difesa è la prevenzione. Per proteggersi da questa minaccia:

• Ispezionare attentamente i progetti Xcode prima di scaricarli o clonarli da repository.
• Evitare di installare applicazioni da fonti non affidabili, preferendo gli store ufficiali delle piattaforme software.

La costante evoluzione di XCSSET dimostra ancora una volta come i cybercriminali continuino a perfezionare i loro strumenti per aggirare le difese. Per gli sviluppatori e gli utenti Mac, la prudenza è l’unica arma efficace contro queste minacce sempre più insidiose.

L'articolo XCSSET torna a colpire: il malware che infetta i progetti Xcode si evolve con nuove tecniche di attacco proviene da il blog della sicurezza informatica.

The year in figures

• 27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam
• 18% of all spam emails were sent from Russia
• Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments
• Our Anti-Phishing system thwarted 893,216,170 attempts to follow phishing links
• Chat Protection in Kaspersky mobile solutions prevented more than 60,000 redirects via phishing links from Telegram

Phishing and scams in 2024

Phishing for travelers

In 2024, cybercriminals targeted travel enthusiasts using fake hotel and airline booking websites. In one simple scheme, a fraudulent site asked users to enter their login credentials to complete their booking — these credentials ended up in criminal hands. Sometimes, the fake login form appeared under multiple brand names at once (for example, both Booking and Airbnb).

Another scheme involved a more sophisticated fake site, where users could even select the purpose of their trip (business or leisure). To complete the booking, the scammers requested bank card details, claiming that a certain sum would be temporarily blocked on the account to verify the card’s authenticity. Legitimate booking services regularly request payment details, so the victim may not suspect anything in this case. To rush users into entering their data carelessly, on the phishing page, the scammers displayed warnings about dwindling accommodation availability and an imminent payment deadline for the booking. If the victim entered their data, the funds were not frozen but went straight into the criminals’ pockets.

Cyberthreats in the travel sector affected not only tourists but also employees of travel agencies. By gaining access to a corporate account, criminals could conduct financial transactions on behalf of employees and gain access to large customer databases.

Fake accommodation sites often sent messages to property owners, telling them to log in to “manage their property.” This scheme targeted people renting out their homes through online booking platforms.

Other scam pages featured surveys, offering respondents gifts or prize draws for participating. In this case, victims risked both their credentials and their money. Such fake giveaways are a classic scam tactic. They are often timed to coincide with a significant date for the travel industry or a specific company. For example, the screenshot below shows an offer to take part in a giveaway of airline tickets to celebrate Ryanair’s birthday.

After completing the survey, users may be asked to share the offer with a certain number of contacts, and then pay a small fee to receive the expensive gift. Of course, these prizes are non-existent.

Trapped in social networks

To steal credentials for social media and messenger accounts, scammers used another classic technique: asking users to verify themselves. In one scheme, the victim was redirected to a website that completely replicated WhatsApp’s design. The user entered their phone number and login code, handing their credentials straight over to the cybercriminals.

Beyond verification scams, fraudsters also lured victims with attractive offers. For example, in the screenshot below, the victim is promised free Instagram followers.

Some cybercriminals also used the promise of adult content to lure victims into entering their credentials in a fake authorization form.

Other scammers took advantage of Facebook and Instagram being owned by the same company. On a fraudulent page, they claimed to offer a service that allowed users to find Instagram profiles by entering their Facebook login and password.

Some scams offered users a surprise “gift” — a free Telegram Premium subscription. To enable the messenger’s premium features, the victim only had to enter their phone number and a one-time code on a fraudulent website.

Some fake social media and messenger pages were designed not to steal login credentials but to install malware on victims’ devices. Taking advantage of the popularity of Facebook Lite for Android, scammers offered users a “more advanced official version”, claiming it had extra features missing in the original app. However, instead of an upgraded app, users downloaded malware onto their devices.

Similarly, installing a supposedly free Telegram client with an activated Premium subscription often led to downloading malware.

Social media business services were increasingly used as a pretext for credential theft, as they play a key role in developing and promoting businesses and are directly linked to financial operations. Cybercriminals tricked Telegram channel owners into logging in to a phishing platform imitating the official Telegram Ads tool, thereby stealing their Telegram credentials. To make the scam more convincing, the attackers detailed how Telegram advertising works and promised millions of ad views per month.

TikTok users have also been targeted. TikTok Shop allows sellers to list curated products—items featured in videos—for potential buyers to find and purchase. Scammers created fake TikTok Shop pages to steal seller credentials, potentially leading to both reputational and financial damage.

In another case, fraudsters informed Facebook fan page owners of unusual activity in their accounts. Potential victims were prompted to check their profile by entering their login credentials into a phishing form.

Cryptocurrency: don’t mistake scams for real deals

One of last year’s most sensational stories was the cryptocurrency game Hamster Kombat. This clicker game, simulating the creation of a crypto exchange in a gamified format, quickly attracted a massive audience. Players eagerly awaited the moment when the in-game coins could be exchanged for real virtual currency. But while the official listing was delayed, the fraudulent schemes wasted no time.

Fraudsters claimed to offer cash-out services for in-game coins by converting them into rubles. To withdraw money, criminals claimed, users just had to log in through a fake Telegram page.

The growing anticipation for the new cryptocurrency’s market launch was frequently exploited by cybercriminals to steal seed phrases from crypto wallets. Scammers announced an early token sale, requiring users to log in through a fake page to participate. Of course, there was no mention of such promotions on official resources.

The popularity of Hamster Kombat was also abused in scam schemes. For example, users were offered access to a crypto wallet supposedly containing a significant sum in virtual coins. To claim it, the unsuspecting victims had to share information about the “opportunity” with a certain number of contacts in messaging apps. Having made their potential victim an accomplice in spreading false information, the scammers demanded a small commission for the withdrawal and disappeared with the stolen money.

A more elaborate scam also aimed to trick users into paying a “commission”, but with a slightly different approach. First, visitors to the page were asked to register to learn about some new activity related to Hamster Kombat.

Once registered, they were suddenly informed of having won a large amount of the HMSTR cryptocurrency supposedly as part of an experiment conducted on the platform. Exploiting uncertainty around the token’s listing, scammers urged victims to bypass the official trading launch and exchange their in-game currency for Bitcoin immediately.

To make it more convincing, the page displayed an exchange rate at which the “prize” would be converted.

However, after clicking the “Exchange coins” button, users were prompted to pay a commission for the service.

Everyone who paid this fee lost their money and received no Bitcoin.

Phishing attacks also targeted TON wallet users. In this case, scammers lured victims with promises of bonuses, requiring them to link their crypto wallets on fraudulent websites.

TON cryptocurrency was also used as bait in scam schemes. In a classic scenario, users were promised a quick way to earn digital currency. Fraudsters advertised a cloud mining service that allegedly generated high profits without any effort. After registering, unsuspecting users could monitor their “earnings” but had to pay a commission in cryptocurrency to withdraw funds.

Another “profitable” crypto scam resembled a Ponzi scheme: victims were required to recruit at least five new participants into the program—without receiving any money, of course. The scam site mimicked an online earning platform.

Visitors were instructed to install Telegram and use an unofficial bot to activate a crypto wallet where profits would supposedly be deposited.

According to the instructions, users then had to buy Toncoin and register in the program through a referral link from another participant. The scam worked by enticing people to make a small investment in the hopes of making big profits—the victims used their own funds to purchase the cryptocurrency for registration. But as with any pyramid scheme, only those at the top profited, while everyone else was left with nothing but empty dreams.

All or nothing: multipurpose phishing

Victims of phishing frequently included bank clients and users of government service portals. In such schemes, users first received a notification that they needed to update their account credentials. Cybercriminals used various communication channels to contact their victims: email, text messages, and chats in messaging apps. The victims were then led to fake sites where they were asked to provide their personal data. First, they entered their personal login credentials on the organization’s website.

Next, they were prompted to provide their email account credentials. The scammers also attempted to collect identity document details and other data, including the bank card PIN code.

Additionally, these phishing forms requested answers to security questions commonly used for additional verification in banking transactions.

This way, the cybercriminals gained full access to the victim’s account. Even the PIN code could be useful for the scammers in gaining access to the account. Security questions served as an extra safeguard for fraudsters in case the bank’s security service detected suspicious activity.

False idols

Phishing schemes also exploited the images of real people. For example, users browsing YouTube could stumble upon ad videos of celebrities announcing giveaways for their fans. Clicking the link in such a video led users to a page containing a post supposedly from the celebrity’s social media account, explaining how to claim the prize. However, when attempting to collect the “winnings”, visitors were asked to pay a small commission—insignificant compared to the value of the “gift.” Needless to say, those who paid the fee lost their money. The prize never existed, and the video was nothing more than a deepfake.

Spam in 2024

Scams

Token giveaway scam

Throughout the year, we frequently encountered emails announcing fake cryptocurrency airdrops, allegedly from teams of well-known crypto projects. The recipients, referred to as the platform’s “most valuable users,” were invited to participate in an “exclusive” event as a thank you for their loyalty and exceptional engagement.

New users unfamiliar with cryptocurrency were lured in with a unique opportunity to take part in the token giveaway and win a large sum—all they had to do was register on the platform, which was, of course, fake.

Scammers in 2024 closely monitored cryptocurrency market news. For example, in the spring, ahead of Notcoin’s upcoming listing, scam messages appeared featuring countdown timers, urging potential victims to participate in an airdrop allegedly arranged just for them.

Scam emails also targeted users of the cryptocurrency game Hamster Kombat, popular among Russian-speakers. Players eagerly awaited the HMSTR token listing, which was repeatedly postponed—a delay that scammers were quick to exploit. In the fall of 2024, they began sending emails pretending to be from the Hamster Kombat team, promising generous cash prizes if victims clicked a link to a fake game site.

Similar offers were distributed via a fraudulent website mimicking a major cryptocurrency exchange. In both cases, to claim the coveted tokens, victims had to link their cryptocurrency wallets.

“Nigerian” scam

In 2024, the Nigerian scam remained popular among spammers. Furthermore, fraudsters used both time-tested and trending themes to deceive victims. Cybercriminals employed various tricks and manipulations to engage with email recipients, with the ultimate goal of extracting money.

Most often, users were lured into classic schemes: fraudsters posed as terminally ill wealthy individuals seeking a worthy heir, lottery winners eager to share their prize, or investors offering opportunities in a promising business. Sometimes, to evade suspicion, scammers “rescued” their victims from other fraudsters and offered to compensate them for any financial losses. For example, in the summer of 2024, we came across an interesting case where an alleged victim of crypto fraud suggested that fellow sufferers contact a group of noble hackers for help recovering lost cryptocurrency.

Some scam offers were quite unexpected, as they didn’t promise vast riches, and, therefore, might not attract such a wide audience. In mid-to-late 2024, we saw scam emails claiming to be looking for new owners for pianos due to relocation or the previous owner’s passing.

We also encountered even more creative scam narratives. For example, an email allegedly sent from a secret society of Illuminati promising to share their wealth, power and fame if the recipients agree to join their grand brotherhood.

Other “Nigerian” scam emails capitalized on current news events. Thus, the most talked-about event of 2024, the US presidential election, significantly influenced the types of scams we saw. For example, one scam email claimed that the recipients were incredibly lucky to be eligible to receive millions of dollars from Donald Trump’s foundation.

Scam in the Russian segment

Last year, the Russian segment of the internet was not spared from mass scam mailings. We frequently encountered schemes mimicking investment projects of major banks, promising users easy earnings and bonuses. Fraudsters also sent out emails with promotional offers from home appliance and electronics stores. Customers were informed of huge discounts on sales that were supposedly about to end.

The links in such emails led to fraudulent websites that looked identical to legitimate online stores but stood out with extremely low prices. After paying for their desired items, customers lost their money, as orders were never actually placed.

Beyond electronics, scammers also offered other discounted products. In one such campaign, users received an email advertising a sneaker store selling popular models at affordable prices.

Judging by the technical headers of the emails, both the sneaker store and electronics store promotions were sent by the same fraudsters.

Additionally, we came across emails offering recipients to apply for debit or credit cards under favorable conditions. Unlike the electronics and shoe sale scams, these messages were legitimate referral programs from major banks, which enterprising spammers tried to monetize. Technically, such emails are not scams, as their links lead to real banking websites, and recipients do not face any risks. However, senders profit from registrations via the referral program. Nevertheless, we do not recommend clicking links from unknown senders, as seemingly harmless emails from a referral platform could be phishing or scam messages.

Emails with malicious links and attachments

Password-protected archives

In 2024, there was an increase in emails distributing password-protected archives containing malicious content. Sometimes, these files were included not as attachments but via download links, which also required a password. Presumably, this was the attackers’ attempt to bypass email security filters. Typically, the archive password was mentioned in the email text, and sometimes in the attachment’s filename. Notably, fraudsters often disguised malicious archives or links as files with other extensions, such as PDF, XLS, or DOC.

Since April 2024, we have been recording similar distributions of files with the double extension .PDF.RAR, targeting employees of Russian companies in the government, financial, manufacturing, and energy sectors.

We assume that these messages were sent from compromised email accounts of the recipients’ business partners. Some emails contained real correspondence, to which attackers replied with an email containing the malware. All the emails we examined in this campaign were unique. The attackers likely crafted messages to closely mimic the style of the compromised business partner.

Similar messages containing malicious files were also found in other languages. However, unlike campaigns targeting Russian-speaking users, these had more general themes—attachments were disguised as invoices, commercial offers, supply orders, tender schedules, court notices, and other documents.

Pre-trial claims and lawsuits

Last year, attackers frequently threatened legal action to convince victims to click dangerous links or open malicious attachments. These messages primarily targeted Russian companies but were also observed in other languages. Typically, fraudsters posed as business partners, demanding debt repayment; otherwise, they “would be forced to take the matter to arbitration court.” In one such campaign, pre-trial claims in attachments were .DOC files containing VBA scripts. These scripts established connections with command servers and downloaded, saved, and executed malicious files on the victim’s device. Kaspersky’s products detect this payload with the verdict HEUR:Trojan-Downloader.MSOffice.Sload.gen.

In some cases, cybercriminals gave no reason for their legal threats but instead attempted to shock victims with an already “filed” lawsuit to pressure them into opening the attachment. Of course, it contained malware.

Emails with malicious SVG files

According to our observations, the past year saw a rise in the distribution of malicious SVG files. Disguised as harmless images, these files contained scripts that downloaded and installed additional malware on the victim’s device. (Our solutions detect these scripts as Trojan.Script.Agent.sy and Trojan.Script.Agent.qe.) The emails we encountered were written in Spanish and posed as fake legal case notifications and court summons. The text included a password for opening the attached file.

Threats to businesses

Fake deals

A special category of emails that users complained about in 2024 was requests for quotation from suspicious senders. These emails were sent either from free email addresses or recently created domains. Attackers signed the emails with the names of large companies, included links to their websites, and sometimes even used official company logos. These emails followed a uniform template: the “buyers” briefly introduced themselves, expressed interest in the recipient’s products, and requested a catalog or price list. Interestingly, the fraudsters did not seem to care about the type of goods involved.

If the recipient responded, events could unfold in two ways. In some cases, after receiving a reply to the initial seemingly legitimate request, the fraudsters sent malicious attachments or links in the next email.

In another scenario, the “buyers” engaged in further correspondence with their “potential partner”—the victim—discussing details and insisting on their conditions, including post-payment and requiring the seller to cover customs duties. This meant that the supplier bore all the risks of delivery and could lose their goods without receiving any payment.

Facebook

In the spring of 2024, we discovered an interesting phishing email scheme that leveraged legitimate Facebook notifications. The service sent entirely legitimate emails to users mentioned in threatening posts. The attackers used compromised Facebook accounts, renamed to “24 Hours Left To Request Review. See Why,” and changed the profile picture to an icon featuring an orange exclamation mark.

Then, the fraudsters created posts on these pages tagging the business accounts of potential victims. The tagged users received notifications from the alarmingly-named pages.

These posts contained more details than the emails: victims were warned about an impending account ban due to a complaint from another user. To dispute the ban for violating service terms, the recipient of the “notification” was required to follow a phishing link from the post—leading to a fake site with Meta logos that requested Facebook login credentials.

We also found phishing emails containing legitimate Facebook links in October 2024, but this time without using the platform’s infrastructure. These emails contained notifications of lawsuits for copyright infringement and the removal of unlawful posts from the recipient’s profile. The target was warned that their personal and business pages would be blocked within 24 hours, pressuring them to take hasty and careless action.

However, they were immediately offered the chance to appeal by contacting the “Appeal Support Center.” The link in the email led to a phishing site disguised as Meta’s support service, where the victim was also asked to enter their profile password. To make the phishing link more convincing, a legitimate mechanism for redirecting users to external Facebook resources was used.

At the end of 2024, we noticed an email campaign targeting companies promoting their business pages on Facebook. These emails mimicked official Meta for Business notifications and threatened to block the user’s account and business page for violating the platform’s rules and community policies.

To dispute these accusations, the fraudsters urged the profile owners to click a link to contact “Facebook support” in a legitimate messenger. However, in reality, the victim was communicating with the owner of a fan page called “Content Moderation Center,” imitating an official support service employee. The scam could have been identified by the “Fan Page” label in the chat, though it was easy to miss.

News agenda

In 2024, scammers continued to exploit news agenda in spam campaigns.

During the UEFA Euro 2024 football championship in Germany, emails began to appear offering merchandise with UEFA EURO 2024 logos.

After Pavel Durov’s arrest in Paris, we noticed English-language messages calling for donations to supposedly fund his legal defense.

In the fall of last year, a scam campaign began circulating, offering not-yet-released MacBook Pro M4 devices at low prices or even for free. The links in these emails led to fake websites imitating major marketplaces.

Before Black Friday, we recorded a surge in spam offering exclusive discounts. The links in these messages lured victims to sites disguised as marketplaces, electronics stores, and financial institutions.

B2B spam campaigns

Online promotion services

One of the most common categories of spam email in 2024, complained of frequently by our corporate clients, was commercial offers for online promotion. Users were offered services such as creating or redesigning websites, setting up SEO tools, and purchasing databases with potential client contacts and other information. Other advertised services included guest post placement with backlinks to the client’s site, writing positive reviews, removing negative reviews, and creating personalized email campaigns. While these messages are not malicious or fraudulent, they are mass-distributed and unsolicited, causing inconvenience to users. The popularity of this type of spam is likely driven by the development of digital marketing tools and the search for new clients for small- and medium-sized businesses amid growing online competition.

Buying likes and followers on social media

We also frequently encountered business offers for the online promotion of company accounts on social media. Spammers sell fake likes and followers. They often pose as employees of real social media marketing firms, claiming to be industry leaders. At the end of their emails, the spammers included a link to a marketing platform and payment options for their services. One such campaign, which we observed throughout the past year and is still active, stood out due to the variety of languages used in the emails and the diversity of domain names. With these tactics, the spammers aimed to reach a global audience.

AI in B2B emails

The growing popularity of neural networks has led companies to actively integrate AI into their business processes. We assume that clients of such organizations, in turn, are drawn to service offers that incorporate neural networks. As a natural consequence of this trend, AI-driven solutions began appearing in spam campaigns advertising online marketing services.

Spammers emphasized using AI, particularly ChatGPT, to perform various business tasks. We identified the following themes in these emails:

• Attracting website traffic
• Creating advanced lead generation strategies
• Developing unique approaches tailored to a brand’s identity
• Producing and publishing content
• Launching personalized multi-channel marketing campaigns
• Creating custom videos for YouTube channels

Other topics also appeared in spam emails, but they all shared the same goal—enhancing business processes and attracting potential clients.

Another particularly popular category of spam related to neural networks was advertising online events. Last year, we encountered numerous examples of emails promoting webinars about the promising capabilities and practical applications of AI in business operations.

Targeted phishing in 2024

In 2024, two main trends were observed in targeted phishing:

1. Notifications on behalf of a company’s HR department. Employees were asked to fill out or sign a document, such as a vacation schedule, accessible via a link in an email. Sometimes, instead of routine requests, attackers resorted to more extravagant tactics—such as inviting employees to check if they were on a list of staff to be dismissed.

Phishing email from HR

In all these cases, the common factor was that clicking the link led the employee to a phishing login page instead of the actual corporate portal. Most often, attackers targeted Microsoft accounts, though some phishing forms mimicked internal corporate resources.

Fake login form

1. Emails from a seller to a buyer, or vice versa. One common scheme involved a buyer or seller asking the victim to review an offer or respond to questions about product delivery and required specifications. These emails contained attached documents that actually concealed phishing links.

Example of a phishing email from a seller

When attempting to open the attachment, the user was redirected to a phishing page. As in the previous case, these fake forms harvested Microsoft credentials and corporate account logins.

Fake password entry form

Statistics: phishing

The number of phishing attacks in 2024 increased compared to the previous year. Kaspersky solutions blocked 893,216,170 attempts to follow phishing links—26% more than in 2023.

Number of Anti-Phishing triggerings, 2024 (download)

Map of phishing attacks

Users from Peru (19.06%) encountered phishing most often. Greece (18.21%) ranked second, followed by Vietnam (17.53%) and Madagascar (17.17%). They are closely followed by Ecuador (16.90%), Lesotho (16.87%) and Somalia (16.70%). The final places in the TOP 10 are occupied by Brunei (16.55%), Tunisia (16.51%) and Kenya (16.38%).

* Share of users who encountered phishing out of the total number of Kaspersky users in the country/territory, 2024

Top-level domains

The most common domain zone hosting phishing sites remains the COM zone (29.78%)—its popularity has increased one and a half times compared to 2023. In second place is the XYZ domain (7.10%), which ranked fifth last year, followed by TOP (6.97%), which retained its position in the top ten. Next, with a slight margin from each other, are the ONLINE (4.25%) and SITE (3.87%) domain zones, where phishing sites were less actively hosted last year. The Russian RU domain (2.23%) and the global NET domain (2.02%) are in sixth and seventh place, respectively. Following them are CLICK (1.41%) and INFO (1.35%)—the year before, these zones were not frequently used. Closing the top ten is another national domain: UK, with a share of 1.33%.

Most frequent top-level domains for phishing pages, 2024 (download)

Organizations targeted by phishing attacks

The rating of organizations targeted by phishers is based on the detections of the deterministic component in the Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an email message or on the web, as long as links to these pages are present in the Kaspersky database.

In 2024, the highest number of attempts to access phishing links blocked by Kaspersky solutions was associated with pages imitating various web services (15.75%), surpassing global internet portals (13.88%), which held the top position in 2023. The third and fourth positions in last year’s top ten also swapped places: banks moved ahead (12.86%), overtaking online stores at 11.52%. Attackers were also interested in social media (8.35%) and messengers (7.98%): attacks targeting them strengthened their positions in the ranking. For websites imitating delivery services, we observed a decline in phishing activity (6.55%), while the share of payment systems remained unchanged at 5.82%. Also included in the list of the most frequently targeted organizations were online games (5.31%) and blogs (3.75%).

Distribution of organizations targeted by phishers, by category, 2024 (download)

Statistics: spam

Share of spam in email traffic

In 2024, spam emails accounted for 47.27% of the total global email traffic, an increase of 1.27 p.p. compared to the previous year. The lowest spam levels were recorded in October and November, with average shares dropping to 45.33% and 45.20%, respectively. In December, we observed a seemingly slight upward trend in junk emails, resulting in the fourth quarter of the year being the calmest. Spam activity peaked in the summer, with the highest number of emails recorded in June (49.52%) and July (49.27%).

Share of spam in global email traffic, 2024 (download)

In the Russian internet segment, the average spam share exceeded the global figure, reaching 48.57%, which is 1.98 p.p. higher than in 2023. As in the rest of the world, spammers were least active at the end of the year: in the fourth quarter, 45.14% of emails were spam. However, unlike global trends, in Runet, we recorded four months during which the spam share exceeded half of all traffic: March (51.01%), June (51.53%), July (51.02%), and September (51.25%). These figures identified the third quarter as the most active, with a share of 50.46%. December was the calmest month, and interestingly, despite spam levels being generally high or the same in Russia, the number of spam emails in December was lower than the global figure: 44.56%.

Share of spam in Runet email traffic, 2024 (download)

Countries and territories where spam originated

We continue to observe an increase in the share of spam sent from Russia—from 31.45% to 36.18%. The United States and mainland China, which held second and third place last year, swapped positions, with China’s share increasing by 6 p.p. (17.11%) and the US share decreasing by 3 p.p. (8.40%). Kazakhstan, which entered the top twenty for the first time last year, rose from eighth to fourth place (3.82%), pushing Japan (2.93%) down, and causing Germany, previously in fifth place, to drop one position with a share of 2.10%. India’s share slightly decreased, but the country moved up two positions from last year to seventh place. Conversely, the amount of spam sent from Hong Kong more than doubled (1.75%), allowing this territory to take eighth place in the top twenty. Next come Brazil (1.44%) and the Netherlands (1.25%), whose shares continued to decline.

TOP 20 countries and territories where spam originated in 2024 (download)

Malicious email attachments

In 2024, Kaspersky solutions detected 125,521,794 attempts to open malicious email attachments, ten million fewer than the previous year. Interestingly, one of the peaks in email antivirus detections occurred in April—in contrast to 2023, when this month had the lowest malicious activity. In January and December, we observed a relative decrease in detections, while increases were noted in spring and autumn.

Number of email antivirus detections, 2024 (download)

The most common malicious email attachments were Agensla stealers (6.51%), which ranked second last year. Next were Badun Trojans (4.51%), which spread in archives disguised as electronic documents. The Makoob family moved from eighth to third place (3.96%), displacing the Noon spyware (3.62%), which collects browser passwords and keystrokes. The malicious Badur PDFs, the most common attachments in 2023, dropped to fifth place with a 3.48% share, followed by phishing HTML forms from the Hoax.HTML.Phish family (2.93%). Next in line were Strab spyware Trojans (2.85%), capable of tracking keystrokes, taking screenshots, and performing other typical spyware actions. Rounding out the top ten were SAgent VBS scripts (2.75%), which were not as actively used last year, the Taskun family (2.75%), which maintained its previous share, and PDF documents containing phishing links, Hoax.PDF.Phish (2.11%).

TOP 10 malware families distributed as email attachments, 2024 (download)

The list of the most widespread malware reflects trends similar to the distribution of families, with a few exceptions: the Hoax.HTML.Phish variant of malicious HTML forms dropped two positions (2.20%), and instead of a specific Strab Trojan sample, the top ten included the ISO image Trojan.Win32.ISO.gen, distributed via email (1.39%).

TOP 10 malicious programs distributed as email attachments, 2024 (download)

Countries and territories targeted by malicious mailings

In 2024, users in Russia continued to face malicious email attachments more frequently than other countries, although the share of email antivirus detections in this country decreased compared to last year, to 11.37%. China ranked second (10.96%), re-entering the top twenty after several years. Next came Spain (8.32%), Mexico (5.73%), and Turkey (5.05%), which dropped one position each with a slight decline in malicious attachments. Switzerland (4.82%) took sixth place, appearing in the ranking for the first time. Following them were Vietnam (3.68%), whose share declined, and the UAE (3.24%), which strengthened its position in the ranking. Also among frequent targets of malicious spam were users from Malaysia (2.99%) and Italy (2.54%).

TOP 20 countries and territories targeted by malicious mailings, 2024 (download)

Conclusion

Political and economic crises will continue to provide new pretexts for fraudulent schemes. In some cases presented in the 2024 report, we can observe the “greed” of cybercriminals: the use of two different company brands on the same page; a credible fake of a resource aimed not at stealing credentials but at stealing money; comprehensive questionnaires that can lead not only to loss of access to funds but also to identity theft. Such multi-layered threats may become a new trend in phishing and scam attacks.

We continue to observe major news events being exploited in spam campaigns that promise easy earnings and discounted goods or services. The growing user interest in artificial intelligence tools is actively being leveraged by spammers to attract an audience, and this trend will undoubtedly continue.

securelist.com/spam-and-phishi…

One can 3D print with conductive filament, and therefore plausibly create passive components like resistors. But what about active components, which typically require semiconductors? Researchers at MIT demonstrate working concepts for a resettable fuse and logic gates, completely 3D printed and semiconductor-free.

Now just to be absolutely clear — these are still just proofs of concept. To say they are big and perform poorly compared to their semiconductor equivalents would be an understatement. But they do work, and they are 100% 3D printed active electronic components, using commercially-available filament.

How does one make a working resettable fuse and transistor out of such stuff? By harnessing thermal expansion, essentially.

The conductive filament the researchers used is Electrifi by Multi3D, which is PLA combined with copper micro-particles. A segment printed in this filament is normally very conductive due to the densely-packed particles, but as temperature increases (beginning around 40° C) the polymer begins to soften and undergoes thermal expansion. This expansion separates the copper particles, causing a dramatic increase in electrical resistance as electrical pathways are disrupted. That’s pretty neat, but what really ties it together is that this behavior is self-resetting, and reversible. As long as the PLA isn’t straight up melted (that is to say, avoids going over about 150° C) then as the material cools it contracts and restores the conductive pathways to their original low-resistance state. Neat!

So where does the heat required come from? Simply passing enough current through the junction will do the job. By carefully controlling the size and shape of traces (something even hobbyist filament-based 3D printers are very good at) this effect can be made predictable and repeatable.

The simpler of the two test components uses the resistance spike as a self-resetting fuse. The printed component is designed such that current above a threshold triggers a surge in resistance, preventing damage to some theoretical circuitry downstream. As long as the component is not destroyed by heating it to the point that it melts, it self-resets as it cools.

The transistor is a bit more interesting. By designing two paths so that they intersect each other, one can be used as a control path and the other as a signal path. Applying a voltage to the control path electrically controls the resistance of the signal path, effectively acting as a transistor. Researchers combined these basic transistors into NOT, AND, and OR gates. One is shown here.

This whole system is scalable, low-cost, and highly accessible to just about anyone with some basic equipment. Of course, it has some drawbacks. The switching speed is slow (seconds rather than nanoseconds) and being thermally-driven means power consumption is high. Still, it’s pretty nifty stuff. Check out the research paper for all the nitty-gritty details.

We’ve seen 3D printed triboelectric generators so it’s pretty exciting to now see printed active electronic components. Maybe someday they can be combined?

hackaday.com/2025/02/19/mit-de…

I canali Telegram degli hacker filorussi di NoName057(16) sono stati eliminati da telegram. Ma subito gli attivisti ricreano nuovi canali marchiati con il suffisso “reborn“.

Ma non è tutto, nei loro primi post sui nuovi canali, pubblicano un nuovo attacco ad infrastrutture italiane con attacchi di Distributed Denial-of-Service (DDoS) frutto del progetto DDoSia da loro coordinato.

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Di seguito viene riportato il messaggio presente nel post di oggi sul loro nuovo canale telegram.
Schiacciare l'infrastruttura internet italiana

❌Banca d'investimento italiana Mediobanca Banca di Credito Finanziario SpA (chiuso da geo)
check-host.net/check-report/233b848ck43e

❌Benelli Armi S.p.A. è un'azienda italiana produttrice di armi da fuoco
check-host.net/check-report/233b883fk23

❌Nexi - Società finanziaria italiana
check-host.net/check-report/233b899aka73

❌Fiocchi Munizioni - Il più grande produttore italiano di munizioni (chiuso per motivi geo)
check-host.net/check-report/233b8a88k5e4

❌Franchi - Azienda italiana produttrice di armi da fuoco
check-host.net/check-report/233b8be5k793

❌Danieli - azienda italiana internazionale, fornitrice di attrezzature e impianti per l'industria metallurgica
check-host.net/check-report/233b8d24k48

Che cos’è un attacco Distributed Denial of Service

Un attacco DDoS (Distributed Denial of Service) è un tipo di attacco informatico in cui vengono inviate una grande quantità di richieste a un server o a un sito web da molte macchine diverse contemporaneamente, al fine di sovraccaricare le risorse del server e renderlo inaccessibile ai suoi utenti legittimi.

Queste richieste possono essere inviate da un grande numero di dispositivi infetti da malware e controllati da un’organizzazione criminale, da una rete di computer compromessi chiamata botnet, o da altre fonti di traffico non legittime. L’obiettivo di un attacco DDoS è spesso quello di interrompere le attività online di un’organizzazione o di un’azienda, o di costringerla a pagare un riscatto per ripristinare l’accesso ai propri servizi online.

Gli attacchi DDoS possono causare danni significativi alle attività online di un’organizzazione, inclusi tempi di inattività prolungati, perdita di dati e danni reputazionali. Per proteggersi da questi attacchi, le organizzazioni possono adottare misure di sicurezza come la limitazione del traffico di rete proveniente da fonti sospette, l’utilizzo di servizi di protezione contro gli attacchi DDoS o la progettazione di sistemi resistenti agli attacchi DDoS.

Occorre precisare che gli attacchi di tipo DDoS, seppur provocano un disservizio temporaneo ai sistemi, non hanno impatti sulla Riservatezza e Integrità dei dati, ma solo sulla loro disponibilità. pertanto una volta concluso l’attacco DDoS, il sito riprende a funzionare esattamente come prima.

Che cos’è l’hacktivismo cibernetico

L’hacktivismo cibernetico è un movimento che si serve delle tecniche di hacking informatico per promuovere un messaggio politico o sociale. Gli hacktivisti usano le loro abilità informatiche per svolgere azioni online come l’accesso non autorizzato a siti web o a reti informatiche, la diffusione di informazioni riservate o il blocco dei servizi online di una determinata organizzazione.

L’obiettivo dell’hacktivismo cibernetico è di sensibilizzare l’opinione pubblica su questioni importanti come la libertà di espressione, la privacy, la libertà di accesso all’informazione o la lotta contro la censura online. Gli hacktivisti possono appartenere a gruppi organizzati o agire individualmente, ma in entrambi i casi utilizzano le loro competenze informatiche per creare un impatto sociale e politico.

È importante sottolineare che l’hacktivismo cibernetico non deve essere confuso con il cybercrime, ovvero la pratica di utilizzare le tecniche di hacking per scopi illeciti come il furto di dati personali o finanziari. Mentre il cybercrime è illegale, l’hacktivismo cibernetico può essere considerato legittimo se mira a portare all’attenzione pubblica questioni importanti e a favorire il dibattito democratico. Tuttavia, le azioni degli hacktivisti possono avere conseguenze legali e gli hacktivisti possono essere perseguiti per le loro azioni.

Chi sono gli hacktivisti di NoName057(16)

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private

Le informazioni sugli attacchi effettuati da NoName057(16) sono pubblicate nell’omonimo canale di messaggistica di Telegram. Secondo i media ucraini, il gruppo è anche coinvolto nell’invio di lettere di minaccia ai giornalisti ucraini. Gli hacker hanno guadagnato la loro popolarità durante una serie di massicci attacchi DDOS sui siti web lituani.

Le tecniche di attacco DDoS utilizzate dal gruppo sono miste, prediligendo la “Slow http attack”.

La tecnica del “Slow Http Attack”

L’attacco “Slow HTTP Attack” (l’articolo completo a questo link) è un tipo di attacco informatico che sfrutta una vulnerabilità dei server web. In questo tipo di attacco, l’attaccante invia molte richieste HTTP incomplete al server bersaglio, con lo scopo di tenere occupate le connessioni al server per un periodo prolungato e impedire l’accesso ai legittimi utenti del sito.

Nello specifico, l’attacco Slow HTTP sfrutta la modalità di funzionamento del protocollo HTTP, che prevede che una richiesta HTTP sia composta da tre parti: la richiesta, la risposta e il corpo del messaggio. L’attaccante invia molte richieste HTTP incomplete, in cui il corpo del messaggio viene inviato in modo molto lento o in modo incompleto, bloccando la connessione e impedendo al server di liberare le risorse necessarie per servire altre richieste.

Questo tipo di attacco è particolarmente difficile da rilevare e mitigare, poiché le richieste sembrano legittime, ma richiedono un tempo eccessivo per essere elaborate dal server. Gli attacchi Slow HTTP possono causare tempi di risposta molto lenti o tempi di inattività del server, rendendo impossibile l’accesso ai servizi online ospitati su quel sistema.

Per proteggersi da questi attacchi, le organizzazioni possono implementare soluzioni di sicurezza come l’uso di firewall applicativi (web application firewall o WAF), la limitazione delle connessioni al server e l’utilizzo di sistemi di rilevamento e mitigazione degli attacchi DDoS

L'articolo NoName057(16) Cancellato da Telegram! Ma subito il “Reborn” Con Attacchi DDoS All’Italia! proviene da il blog della sicurezza informatica.

Due vulnerabilità di heap buffer overflow di elevata gravità sono state risolte da Google nel browser Chrome, CVE-2025-0999 e CVE-2025-1426. Tali bug di sicurezza potrebbero consentire agli aggressori di eseguire codice arbitrario e prendere il controllo dei sistemi interessati.

Si tratta di una vulnerabilità del motore V8 (CVE-2025-0999) deriva da una gestione non corretta della memoria durante l’elaborazione di oggetti JavaScript, consentendo la corruzione dell’heap tramite pagine HTML contraffatte. E di una falla sulla GPU (CVE-2025-1426), la quale sfrutta l’integrazione dell’unità di elaborazione grafica di Chrome, consentendo agli aggressori di superare i limiti del buffer durante le operazioni di rendering.

Le vulnerabilità, risolte in Chrome 133.0.6943.126/.127 per Windows/Mac e 133.0.6943.126 per Linux, colpiscono rispettivamente il motore JavaScript V8 e i componenti GPU. Entrambe le vulnerabilità garantiscono capacità di esecuzione di codice remoto (RCE), consentendo potenzialmente la compromissione dell’intero sistema, il furto di dati o lo spostamento laterale all’interno delle reti.

La vulnerabilità di overflow consente agli aggressori di sovrascrivere regioni di memoria allocate dinamicamente ed eseguire codice arbitrario. Questa vulnerabilità si verifica quando i programmi scrivono dati oltre i limiti dei blocchi di memoria allocati sull’heap, un’area di memoria gestita dinamicamente utilizzata per l’archiviazione dei dati di runtime.

Un’altra vulnerabilità è il CVE-2025-1006, una vulnerabilità use-after-free (UAF) di media gravità nel componente Network di Google Chrome. Gli aggressori potrebbero sfruttarla creando contenuti web dannosi per innescare l’esecuzione di codice arbitrario, compromettendo potenzialmente i sistemi degli utenti o esfiltrando dati sensibili.

Google ha omesso di fornire tutti i dettagli tecnici finché la maggior parte degli utenti non avrà effettuato l’aggiornamento, una pratica standard per impedire l’uso di exploit come arma.

Si raccomanda agli utenti di procedere immediatamente con l’aggiornamento del software per mitigare i rischi legati a queste vulnerabilità critiche. Per aggiornare Google Chrome, è sufficiente accedere al menu del browser, selezionare Guida > Informazioni su Google Chrome e attendere il completamento del download della patch. Una volta terminato, sarà necessario riavviare il browser affinché le correzioni vengano applicate correttamente. Gli amministratori IT sono invitati a distribuire l’aggiornamento su tutti i dispositivi aziendali per prevenire potenziali attacchi exploit.

L'articolo Chrome sotto attacco! Due vulnerabilità critiche minacciano milioni di utenti proviene da il blog della sicurezza informatica.

Benvenuti nell’era digitale, l’epoca in cui il palcoscenico globale è a portata di mano e il nostro io diventa il protagonista indiscusso dello spettacolo.

I social media, come specchi deformanti, riflettono un’immagine di noi stessi spesso idealizzata, filtrata, costruita ad arte per ottenere l’approvazione del pubblico virtuale. Like, commenti, condivisioni: diventano il metro della nostra popolarità, il termometro di un ego che ha bisogno di continue conferme esterne.

Ma cosa succede quando la ricerca di validazione online si trasforma in un’ossessione? Quando l’immagine che proiettiamo sui social diventa più importante della nostra autenticità? In questo viaggio nel cuore del narcisismo digitale, esploreremo le dinamiche complesse che ci spingono a mettere in scena il nostro io online, svelandone le luci e le ombre.

I social network come specchio di sé

La rete ci offre la possibilità di passare dal “cogito” legato ad un corpo a un “cogitamus” extracorporeo, aperto alle possibilità offerte dalla differenza e organizzato attraverso il controllo sociale e tecnologico. Le piattaforme social, con la loro enfasi sull’immagine e sull’auto promozione, offrono un palcoscenico ideale per i narcisisti digitali. Questi individui utilizzano i social per costruire un’immagine di sé idealizzata, attraverso la condivisione di selfie, momenti di vita patinati e successi personali.

La ricerca di “like” e commenti

La ricerca di “like” e commenti, l’ossessione per l’immagine perfetta e la costruzione di un’identità virtuale idealizzata sono solo alcune delle manifestazioni di questo fenomeno.

Se nel mito greco di Narciso il bellissimo giovane si innamorava della propria immagine riflessa nell’acqua del lago, fino a cadervi e perdere la vita, oggi l’immagine fittizia di sé è quella restituita dall’identità digitale.

Il narcisista digitale è costantemente alla ricerca di validazione esterna, misurata attraverso il numero di “like”, commenti e condivisioni ottenuti sui propri post. I like non sono mai abbastanza. Ogni foto, post, video o reel è a caccia di apprezzamenti, follower e commenti. Questa dipendenza dai feedback altrui può portare a una vera e propria ossessione per i social media, con conseguenze negative sulla vita reale.

Egocentrismo e narcisismo digitale

Quante volte ci siamo trovati a scrutare la nostra immagine riflessa in uno specchio, alla ricerca di un segno di approvazione, di un’eco di bellezza che ci rassicuri sulla nostra esistenza?

Il narcisismo è un viaggio interiore, un’esplorazione del nostro io più profondo, alla ricerca di un equilibrio tra amore per sé stessi e bisogno di riconoscimento esterno. È un percorso che può condurci verso la luce dell’autostima o spingerci nell’ombra dell’egoismo. È un viaggio nel labirinto dell’ego, dove il confine tra amore per sé stessi e l’ossessione per la propria immagine diventa labile. Un viaggio che può portare alla realizzazione di sé o alla caduta nell’abisso dell’egoismo.

Quali sono i sintomi del narcisismo digitale?

Riconoscere un narcisista digitale non è sempre facile nella realtà al di fuori dei social.

Uno studio svolto dall’Università di Firenze, dal titolo “Narcisisti grandiosi e vulnerabili: chi è a maggior rischio di dipendenza da Social Network?” (Casale, Fioravanti, Rugai, 2016) su un campione di 535 studenti europei, ha esplorato la relazione tra narcisismo e dipendenza dai social network, distinguendo tra due tipologie di narcisismo: grandioso e vulnerabile.

• Narcisismo grandioso: individui con un’elevata autostima, senso di superiorità e bisogno di ammirazione.
• Narcisismo vulnerabile: individui con bassa autostima, insicurezza e ipersensibilità alle critiche.

Entrambi i tipi di narcisismo sono correlati alla dipendenza da social network. Tuttavia, le motivazioni e i meccanismi sottostanti sono diversi. I narcisisti grandiosi utilizzano i social network per esibirsi e ottenere ammirazione. Sono attratti dalla possibilità di presentare un’immagine di sé idealizzata e di ricevere feedback positivi.

I narcisisti vulnerabili utilizzano i social network per compensare la loro bassa autostima e cercare accettazione. Trovano nei social un ambiente in cui sentirsi più sicuri e meno esposti al giudizio diretto. Tra i tratti ricorrenti di un narcisista digitale figurano:

• Dipendenza compulsiva dai social media
• Costante ricerca di conferme sui social in forma di like e commenti
• Tendenza al’isolamento nella vita reale
• Eccessiva condivisione di selfie e contenuti sulla propria vita (oversharing)
• Tendenza a sovrastimare la propria identità digitale e la propria importanza online
• Mancanza di empatia verso gli altri, nella realtà e sui social
• Fantasie di potere e successo senza limiti, convinzione di essere destinati alla fama
• Depressione se l’attenzione e l’approvazione sui social diminuiscono

Come affrontare il narcisismo digitale

Il narcisismo digitale è una sfida sempre più rilevante nella nostra società iperconnessa. Affrontarlo richiede un approccio consapevole e attivo. Ecco alcuni consigli utili:

Consapevolezza di sé:

• Riconosci i tuoi comportamenti: analizza il tuo utilizzo dei social media. Sei alla costante ricerca di validazione attraverso “like” e commenti? Ti senti a disagio quando non ricevi l’attenzione che desideri?
• Comprendi le tue motivazioni: perché senti il bisogno di condividere ogni aspetto della tua vita online? Cosa cerchi di ottenere attraverso i social media?
• Accetta le tue fragilità: tutti abbiamo bisogno di un certo grado di riconoscimento, ma è importante accettare che la validazione esterna non è l’unico modo per sentirsi realizzati.

Gestione dei social media:

• Stabilisci limiti di tempo: definisci un tempo massimo da dedicare ogni giorno ai social media.
• Disattiva le notifiche: evita di essere costantemente interrotto da notifiche e messaggi.
• Seleziona i contenuti che consumi: segui account che ti ispirano e ti arricchiscono, non solo quelli che ti fanno sentire inadeguato.
• Utilizza i social media in modo consapevole: condividi contenuti che ti rappresentano veramente, senza cercare di creare un’immagine di te idealizzata.

Sviluppo dell’autostima:

• Concentrati sui tuoi valori: cosa è veramente importante per te? Cosa ti rende felice e soddisfatto?
• Coltiva le relazioni reali: dedica tempo ed energie alle persone che ti vogliono bene per come sei, non per la tua immagine sui social media.
• Prenditi cura di te: fai attività che ti piacciono e ti fanno sentire bene, sia a livello fisico che mentale.
• Impara ad accettarti: tutti abbiamo difetti e insicurezze. Accettare le proprie fragilità è un passo fondamentale verso l’autostima.

Conclusione

Il narcisismo, in fondo, è una ricerca di riconoscimento e accettazione. La vera sfida è imparare a guardare oltre lo specchio, a riconoscere le nostre fragilità e a coltivare un amore per noi stessi che non dipenda dal giudizio degli altri. Solo così potremo intraprendere un viaggio autentico verso la realizzazione di noi stessi, liberi dalla prigione dell’ego.

L’era digitale ci ha donato uno specchio potente, capace di riflettere ogni nostra azione, pensiero, emozione. Ma questo specchio, a volte, può distorcere la nostra immagine, ingigantendo i nostri successi e minimizzando le nostre fragilità. Il narcisismo digitale è la tentazione di inseguire un’immagine idealizzata di noi stessi, alla ricerca di un riconoscimento che non sempre corrisponde alla realtà. È la paura di non essere abbastanza, di non ricevere abbastanza “like”, di non essere visti.

Ma la verità è che il nostro valore non si misura in base al numero di “mi piace” o di commenti. La nostra identità è molto più complessa, ricca di sfumature e in continua evoluzione. La sfida è imparare a usare questo specchio con consapevolezza, senza lasciarci intrappolare dalla sua immagine illusoria. Ricordiamoci che la vera bellezza è quella che nasce dall’interno, dalla capacità di accettare le nostre imperfezioni e di amare noi stessi per ciò che siamo.

L'articolo Il Narcisismo Digitale: Quando l’Ego si fa Social e l’Apparenza conta più della Realtà proviene da il blog della sicurezza informatica.

Miliardi di dollari, tecnologie avanzate e i più rigidi protocolli di sicurezza: niente di tutto questo ha protetto le strutture militari e le aziende di difesa americane dai più comuni reati informatici.

Lo Studio Hudson Rock mostra che decine di dipendenti di importanti appaltatori della difesa, tra cui Lockheed Martin e Boeing così come il personale dell’esercito e della marina degli Stati Uniti, sono stati infettati dagli infostealer. Credenziali, sessioni VPN, e-mail e persino l’accesso a sistemi di approvvigionamento chiusi sono ora nelle mani dei criminali informatici.

Basta un download accidentale di un file infetto sul tuo computer: un keygenerator di un gioco, un programma hackerato o un documento PDF trojanizzato è sufficente per installare un infostealer. Una volta installato, il malware raccoglie di tutto, dalle password alla cronologia del browser, fino ai file dal computer di lavoro. E poi i dati vengono venduti sul darknet. Il prezzo medio per l’accesso completo al computer di lavoro di un dipendente di un’azienda militare con dati sensibili è di soli 10 dollari.

Questo tipo di attacco si è dimostrato estremamente efficace. Secondo i dati raccolti negli ultimi anni sono stati infettati più di 30 milioni di computer. Di questi, circa il 20% conteneva account aziendali, tra cui quelli di società che collaborano con la sicurezza nazionale degli Stati Uniti.

Particolarmente pericolosi sono i cookie di sessione attivi, che consentono ai criminali di accedere istantaneamente a sistemi protetti senza dover immettere dati di accesso e password. Nemmeno l’autenticazione a più fattori (MFA) sarà utile se un aggressore riesce ad accedere alla sessione attiva di un utente.

L’esempio di Honeywell mostra la portata del problema. Dal 2024, sono stati rubati 56 account aziendali a 398 dipendenti dell’azienda, tra cui l’accesso ai sistemi interni SAP, Bitbucket e SharePoint. Inoltre, sono trapelati gli accessi a servizi di terze parti: Microsoft, Cisco e SAP.

Ma la vera minaccia va ben oltre l’ambito del business privato. Tra le vittime c’erano membri della Marina Militare statunitense il cui accesso ai sistemi Citrix, OWA, Confluence e perfino alle piattaforme di addestramento militare era finito nelle mani degli aggressori. Ciò apre la porta ad attacchi contro installazioni militari critiche. Gli esperti sottolineano che se tali dati dovessero finire nelle mani di paesi ostili, le informazioni ottenute potrebbero essere utilizzate per penetrare in profondità nelle infrastrutture militari.
Elenco delle aziende i cui dipendenti sono rimasti vittime di infostealer (Hudson Rock)
Le principali misure di protezione includono:

• Divieto di utilizzare dispositivi personali per lavoro: molte infezioni si verificano tramite computer utilizzati sia per attività personali che lavorative;
• Rigorosa politica di download del software: utilizzare solo software con licenza;
• Autenticazione multilivello con monitoraggio continuo della sessione: se i cookie di sessione vengono rubati, devono essere prontamente cancellati;
• Monitorare costantemente le fughe di dati nel darknet: le aziende devono monitorare le fughe di dati dei propri dipendenti.

Hudson Rock ammette che Infostealer non è più solo uno strumento di hacking criminale, ma una minaccia per la sicurezza nazionale. Anche le aziende e le organizzazioni che mantengono rigidi standard di sicurezza informatica diventano vittime a causa delle vulnerabilità dei loro appaltatori e partner. La questione non è se le perdite possano essere prevenute, ma quanto velocemente possano essere individuate e neutralizzate.

L'articolo Infostealer: Quando un clic sbagliato ti fa vendere la Sicurezza Nazionale USA per soli 10 dollari! proviene da il blog della sicurezza informatica.

Immaginate di disporre di un dispositivo delle dimensioni di una comune chiavetta USB, capace di emulare una tastiera e di inviare comandi a un computer in tempi brevissimi. Una soluzione di questo tipo, già resa celebre dalla nota USB Rubber Ducky, rappresenta uno strumento di riferimento per i professionisti della cybersecurity.

Tuttavia, nonostante la sua efficacia, la Rubber Ducky presenta alcune limitazioni che possono compromettere la flessibilità operativa: la necessità di pre-caricare un unico script, l’esecuzione automatica e non supervisionabile al momento dell’inserimento e l’impossibilità di interagire in tempo reale con il sistema target.

A rispondere a queste sfide è USBreacher, un progetto gratuito open-source sviluppato da TITAN Security, che offre una significativa evoluzione rispetto ai dispositivi tradizionali. USBreacher mantiene le funzionalità principali del Rubber Ducky, ma ne amplia notevolmente le possibilità introducendo il controllo remoto tramite connessioni Bluetooth o Wi-Fi.

Grazie a questa innovazione, l’utente può decidere in quale momento eseguire uno script e persino inviare comandi in tempo reale, trasformando un dispositivo dall’apparenza innocua in uno strumento estremamente versatile e sofisticato.

Un ulteriore elemento distintivo di USBreacher è la sua natura accessibile: si tratta di un progetto che può essere riprodotto da chiunque disponga di competenze tecniche di base e dei componenti necessari. Alla base del dispositivo troviamo una scheda Arduino Pro Micro dotata di microcontrollore AtMega 32U4, ed un modulo Bluetooth HC-05.

Questa configurazione consente al dispositivo di emulare una tastiera USB e di ricevere comandi in modalità wireless. Attraverso un’adeguata configurazione e l’utilizzo di software di controllo, USBreacher permette di gestire e lanciare script in base alle specifiche esigenze operative, dimostrandosi uno strumento versatile per le attività di penetration testing.

Grazie alla possibilità di operare in modo selettivo e di adattarsi dinamicamente alle condizioni del test, rappresenta uno strumento open source all’avanguardia per i professionisti della sicurezza informatica.

Il progetto trova applicazione nell’ambito dei test di sicurezza informatica dove si necessita di operare su un dispositivo isolato dalla rete. Con USBreacher, infatti, è possibile operare da remoto anche su configurazioni di questo tipo.

Progetti come questo, se utilizzati in modo responsabile, possono offrire un contributo significativo all’analisi della sicurezza dei sistemi informatici, fornendo al tempo stesso un’opportunità per esplorare le frontiere dell’hacking etico.

L'articolo USBreacher: la Rubber Ducky fai da te controllabile da remoto via Bluetooth o Wi-Fi proviene da il blog della sicurezza informatica.

OpenSCAD has a lot of fans around these parts — if you’re unaware, it’s essentially a code-based way of designing 3D models. Instead of drawing them up in a CAD program, one writes a script that defines the required geometry. All that is made a little easier with the Belfry OpenSCAD Library (BOSL2).
Designing a part like this is a cinch with BOSL2.
BOSL2 has an extensive library of base shapes, advanced functions for manipulating models, and some really nifty tools for creating attachment points on parts and aligning components with one another. If that sounds handy for designing useful objects, you’re in for even more of a treat when you see their functions for gears, hinges, screws, and more.

There’s even one that covers bottle necks and caps. (Those are all standardized by the way, so it’s never been easier to interface to existing bottles or caps in a project.)

OpenSCAD really is very versatile software. It powers useful tools like this screw, washer, and nut generator as well as having more unusual applications like a procedural terrain generator. It’s free, so if you’ve never looked into it, check it out!

hackaday.com/2025/02/18/belfry…

Vacuum forming is perhaps one of the less popular tools in the modern maker arsenal, something which surprises us a bit because it offers many possibilities. We’ve created our own vacuum forms on 3D printed moulds for ages, so it’s interesting to see [Pisces Printing ] following the same path. But what you might not realize at first is that the vacuum forming sheets themselves are also 3D printed.

The full video is below the break, and in it he details making a mould from PETG, and in particular designing it for easy release. The part he’s making is a belt guard for a table top lathe, and the PETG sheet he’s forming it from is also 3D printed. He makes the point that it’s by no means perfect, for example he shows us a bit of layer separation, but it seems promising enough for further experimentation. His vacuum forming setup seems particularly small, which looks as though it makes the job of making a sheet somewhat simpler.

The cost of a vacuum forming sheet of whichever polymer is hardly high, so we can’t see this technique making sense for everyday use. But as we’ve seen in previous experiments, the printed sheets so make it easy to add color and texture to the final product, which obviously adds some value to the technique.

youtube.com/embed/lTR3ZY2X1Rk?…

Thanks [Tomas Harvie Mudrunka] for the tip.

hackaday.com/2025/02/18/vacuum…

To the extent that you’re familiar with magnetostriction, you probably know that it’s what makes big transformers hum, or that it’s what tips you off if you happen to walk out of a store without paying for something. But magnetostriction has other uses, too, such as in this clever linear position sensor.

Magnetostriction is just the tendency for magnetic materials to change size or shape slightly while undergoing magnetization, thanks to the tiny magnetic domains shifting within the material while they’re aligning. [Florian B.]’s sensor uses a side effect of magnetostriction known as the Wiedenmann effect, which causes a wire to experience a twisting force if a current pulse is applied to it in a magnetic field. When the current pulse is turned off, a mechanical wave travels along the wire to a coil, creating a signal. The difference in time between sending the pulse and receiving the reflection can be used to calculate the position of the magnet along the wire.

To turn that principle into a practical linear sensor, [Florian B.] used nickel wire stretched tightly down the middle of a PVC tube. At one end is a coil of copper magnet wire, while the other end has a damper to prevent reflections. Around the tube is a ring-shaped cursor magnet, which can move up and down the tube. An exciter circuit applies the current pulse to the wire, and an oscilloscope is used to receive the signal from the wire.

This project still appears to be in the prototype phase, as evidenced by the Fischertechnik test rig. [Florian] has been working on the exciter circuit most recently, but he’s done quite a bit of work on optimizing the cursor magnet and the coil configuration, as well as designs for the signal amplifier. It’s a pretty neat project, and we’re looking forward to updates.

If you need a deeper dive into magnetostriction, [Ben Krasnow] points the way.

hackaday.com/2025/02/18/a-uniq…

With the news that Amazon will no longer be allowing users to download their Kindle books after February 26th, many are scrambling to download their books before it’s too late. The most up-to-date project for automating this process appears to be Amazon Kindle Bulk Downloader.

As the company that famously removed 1984 from thousands of devices without users permission, this is a move that shouldn’t be surprising, but is still disappointing, especially for those of us that were somewhat early adopters of ebooks with Kindles that don’t have a WiFi connection. (Yes, you can tell us about how you bought a Sony reader before the Kindle even came out in the comments.)

The Typescript-coded tool runs inside bun which can be installed in any of the big three OSes and even has a handy Docker image if that’s more your speed. Whether you use this tool or not, if you have any Kindle books we’d implore you to download them now.

Once you’ve downloaded those books, how about cracking the DRM either with LEGO or with software like Calibre. You could load it on a completely Open Source Reader then.

hackaday.com/2025/02/18/auto-d…