Avete notato anche voi che il social nato per i "contatti professionali" ultimamente è diventato un Instagram per boomer?

spreaker.com/episode/dk-9x13-i…

##

La recente presentazione del Calendario CITES dei carabinieri Forestali che si occupano di tale materia, fornisce l'occasione per tornare a parlare di questo particolare servizio, non conosciuto da molti, che ha importanti ricadute in ambito di cooperazione internazionale tra forze di polizia.
Nel 1973, nell'ambito delle attività dell'ONU per l'ambiente, 80 paesi firmarono a Washington la Convenzione CITES (Convention on International Trade of Endangered Species) per la tutela della biodiversità, attraverso il controllo del commercio di specie di flora e fauna, rischio di estinzione o particolarmente vulnerabili.
Entrata in vigore il 1° luglio 1975, oggi conta ben 183 paesi, quasi la totalità dei componenti della comunità internazionale. Anche l'Italia quale paese membro, si è dotata di una specifica normativa, che è la legge 150 del 1999.
L’Arma dei carabinieri ha un ruolo da protagonista, quale co–Autorità di gestione.
Il commercio illegale delle specie selvatiche (wildlife traffic) è uno dei traffici illeciti più importanti al mondo, dopo quello di droga, armi ed esseri umani, ed è un fenomeno per sua natura transnazionale, che per essere contrastato richiede la collaborazione di organismi, autorità, organizzazioni governative e non–governative (ONG), per la raccolta delle informazioni, la loro disseminazione, lo scambio di esperienze, di tecniche investigative e di intelligence. Per questa ragione, su tutto il territorio nazionale sono dislocati oltre 50 uffici CITES che rilasciano mediamente circa 80.000 certificati che consentono l'importazione dopo verifiche all'anno, riguardanti animali riprodotti in cattività, ma anche zanne ed oggetti in avorio di elefante, articoli in pelle di rettile, tessuti e pellicce pregiati, piante ornamentali, legname e prodotti derivati dal legno.

Un’altra importante funzione del Servizio CITES è quello di educare alla legalità e sensibilizzare i cittadini, tra i quali vi sono anche viaggiatori e turisti.

L’Italia è un Paese di destinazione, si pensi ad esempio alla importazione illegale di pappagalli tropicali, ma va al riguardo sottolineato come sia anche Paese di origine del traffico: vi sono gruppi criminali coinvolti nella raccolta di nidi e nel traffico di specie di uccelli in via di estinzione (cardellini, verzellini ed altri), il cui mercato principale sono i Paesi europei. Cavallucci marini e i cetrioli di mare invece, raccolti lungo gli habitat costieri italiani, sono specie trafficate verso mercati cinesi.

Il video di presentazione del Calendario si può vedere qui
materialious.nadeko.net/search…

@Notizie dall'Italia e dal mondo

Un post allarmante è stato recentemente individuato nel Dark Web, dove un Threat Actor sta promuovendo una presunta vulnerabilità 0-day Remote Code Execution (RCE), in grado di compromettere i due browser più diffusi al mondo: Google Chrome e Microsoft Edge.

Questa segnalazione solleva serie preoccupazioni all’interno della comunità della sicurezza informatica, evidenziando il potenziale rischio di sfruttamento di una falla non ancora divulgata, con implicazioni che potrebbero mettere in pericolo la sicurezza di milioni di utenti a livello globale.

L’offerta dell’hacker: bug bounty o vendita diretta

Secondo quanto dichiarato nel post, il Threat Actor afferma di aver scoperto la vulnerabilità, ma di non averla ancora resa pubblica. Il Cybercriminale ha avanzato due opzioni:

• Trovare un programma di bug bounty che accetti pagamenti in criptovaluta e non richieda procedure di identificazione personale.

• Vendere direttamente la vulnerabilità, limitando la transazione a compratori in grado di fornire prove di fondi o che possiedano uno status di “acquirente fidato”.

Il prezzo di partenza richiesto è di 100.000 dollari, con transazioni esclusivamente in criptovaluta, un dettaglio che sottolinea la volontà di mantenere l’anonimato e rende difficile rintracciare le operazioni.

Potenziali rischi della vulnerabilità

Se autentica, questa vulnerabilità rappresenta una minaccia significativa sia per gli utenti individuali che per le aziende. Una falla RCE consente agli attaccanti di eseguire codice arbitrario da remoto, aprendo la strada a diverse tipologie di attacco:

• Compromissione dei dispositivi, utilizzando exploit specifici.
• Furto di dati sensibili, incluse credenziali e informazioni personali.
• Distribuzione di malware, come ransomware o spyware, con impatti potenzialmente estesi e dannosi.

La gravità di una vulnerabilità 0-day risiede nella sua natura: essendo sconosciuta al pubblico e ai fornitori, non esistono patch o misure di difesa immediate, lasciando gli utenti esposti a possibili attacchi.

Conclusione

L’episodio sottolinea ancora una volta il ruolo cruciale della cybersecurity in un panorama digitale sempre più complesso e minaccioso. Il Dark Web continua a essere un punto di scambio per falle di alto profilo, mettendo in evidenza la necessità di un monitoraggio costante e di una risposta rapida alle minacce emergenti. La prevenzione e l’adozione di misure proattive restano le armi più efficaci per contrastare un ambiente in cui ogni vulnerabilità rappresenta un’opportunità per i Cybercriminali e un potenziale disastro per utenti e organizzazioni.

L'articolo Minaccia Dal Dark Web: Un Bug RCE 0-Day per Chrome ed Edge in Vendita nelle Underground proviene da il blog della sicurezza informatica.

L’Ufficio federale per la sicurezza dell’informazione (BSI) della Germania ha interrotto la botnet Badbox. Il malware con lo stesso nome è preinstallato sui dispositivi Android e sono stati scoperti più di 30.000 dispositivi infetti. Tra questi cornici per foto digitali, lettori multimediali, set-top box TV e probabilmente smartphone e tablet nel paese.

Ricordiamo che l’anno scorso gli specialisti di Human Security e il ricercatore indipendente sulla sicurezza informatica Daniel Milisic hanno avvertito che migliaia di dispositivi IoT sono infettati da Badbox e tale botnet viene venduta con il malware pre-installato. È stato poi riferito che le backdoor contenevano almeno sette set-top box e un tablet e che anche più di 200 modelli di altri dispositivi Android mostravano segni di infezione.

Tuttavia, i ricercatori non sono riusciti a scoprire in quale fase della catena di approvvigionamento si verifica la compromissione. Il fatto è che i dispositivi sono prodotti in Cina e, prima che cadano nelle mani dei rivenditori, al loro firmware viene aggiunta una backdoor. Ad esempio, i set-top box Android economici per lo streaming video (di solito costano meno di 50 dollari) sono risultati infetti. Spesso venduti con marchi diversi o senza alcun marchio, quindi è difficile tracciarne l’origine e la catena di fornitura;

Badbox è un malware Android che viene utilizzato per rubare dati. Inoltre installa malware aggiuntivo e consentire agli aggressori di ottenere l’accesso remoto alla rete su cui si trova il gadget infetto.

Quando un dispositivo infetto si connette per la prima volta a Internet, il malware contatta il suo server di comando e controllo. Comunica quindi a Badbox quali servizi dannosi eseguire e riceve anche tutti i dati rubati dalla rete della vittima.

Secondo gli esperti, il malware è in grado di rubare codici di autenticazione a due fattori, installare altri programmi dannosi e creare nuovi account di posta elettronica e di messaggistica per diffondere notizie false. Inoltre, come notato nel 2023, gli operatori Badbox possono essere associati a frodi pubblicitarie e i gadget infetti che vengono talvolta utilizzati come proxy residenziali.

BSI ha ora riferito di essere riuscito a bloccare le comunicazioni tra i dispositivi infetti da Badbox e la loro infrastruttura di gestione tramite il sinkhole delle query DNS. Tutti i fornitori Internet del Paese che servono più di 100.000 abbonati hanno ricevuto istruzioni adeguate.

Di conseguenza, il malware comunica invece che con i server di controllo degli aggressori, con server controllati dalla polizia. Ciò impedisce al malware di trasmettere dati rubati agli hacker e di ricevere nuovi comandi da eseguire sui dispositivi infetti.

Ora tutti i possessori di dispositivi infetti riceveranno notifiche dai propri provider Internet (a seconda dell’indirizzo IP). Le forze dell’ordine sottolineano che chiunque riceva tali notifiche dovrebbe immediatamente disconnettere i dispositivi infetti da Badbox dalla propria rete. Oppure, meglio ancora, smettere del tutto di utilizzarli.

L'articolo Badbox Malware: Più di 30.000 dispositivi Android compromessi in Supply-Chain proviene da il blog della sicurezza informatica.

Air hockey is a fun game, but it’s one you can’t play by yourself. That is, unless you have a smart robot hockey player to act as your rival. [Zeroshot] built exactly that.

The build is based around a small 27-inch air hockey table—not exactly arcade-spec, but big enough to demonstrate the concepts at play. The robot player moves its mallet in the X and Y axes using a pair of NEMA17 stepper motors and an H-belt configuration. To analyze the game state, there’s a Raspberry Pi 3B fitted with a camera, and it has a top-down view of the board. The Pi gives the stepper motors commands on how to move the mallet via an Arduino that communicates with the stepper drivers. The Pi doesn’t just aim for the puck itself, either. With Python and OpenCV, it tries to predict your own moves by tracking your mallet, and the puck, too. It predicts the very-predictable path of the puck, and moves itself to the right position for effective defence.

Believe it or not, we’ve featured quite a few projects in this vein before. They’ve all got their similarities, and their own unique quirks. Video after the break.

youtube.com/embed/VZdKkK-lPW4?…

[Thanks to hari wiguna for the tip!]

hackaday.com/2024/12/16/robot-…

When it comes to aviation curiosities, few machines captivate the imagination like the Fairey Rotodyne. This British hybrid aircraft was a daring attempt to combine helicopter and fixed-wing efficiency into a single vehicle. A bold experiment in aeronautical design, the Rotodyne promised vertical takeoffs and landings in cramped urban spaces while offering the speed and range of a regional airliner. First flown in 1957, it captured the world’s attention but ultimately failed to realize its potential. Despite featured before, new footage keeps fascinating us. If you have never heard about this jet, keep reading.

The Rotodyne’s innovative design centered around a massive, powered rotor that utilized a unique tip-jet system. Compressed air, mixed with fuel and ignited at the rotor tips, created lift without the need for a tail rotor. The result: a smoother transition between vertical and forward flight modes. Inside, it offered spacious seating for 50 passengers and even had clamshell doors for cargo. Yet its futuristic approach wasn’t without drawbacks—most notably, the thunderous noise produced by its rotor jets, earning complaints from both city planners and residents.

Despite these hurdles, the helicopter plane crossover demonstrated its versatility, setting a world speed record and performing groundbreaking intercity flights. Airlines and militaries expressed interest, but escalating development costs and noise concerns grounded this ambitious project.

To this day, the Rotodyne remains a symbol of what could have been—a marvel of engineering ahead of its time. Interested in more retro-futuristic aircraft tales? Read our previous story on it, or watch the original footage below and share your thoughts.

youtube.com/embed/Xa0G6brh420?…

hackaday.com/2024/12/16/versat…

[Mark B] had a problem. He’d come into possession of an Acer N30 PDA, sans batteries. He couldn’t just throw any old cells in, since the unit expected to communicate with an onboard controller chip in the original pack. What ensued was his effort to emulate the original battery controller hardware. This is classic Hackaday right here, folks.

Just wiring in typical Li-Ion voltages to the PDAs battery pins wasn’t enough to make this Windows CE device happy. The device kept fleeing to sleep mode, thinking the battery was faulty or very low. Eventually, inspecting the motherboard revealed the PDA hosted a BQ24025 charger IC from Texas Instruments. [Mark] surmised it was trying to communciate with a BQ26500 “gas gauge” IC from the original battery pack. Armed with that knowledge, he then set about programming an STM32 chip to emulate its behavior. He then successfully ported the functionality over to a CH32V003 microcontroller as well. Paired with a Nokia BL-5CT battery, he had a working portable power solution for his PDA.

It’s great to see ancient hardware brought back to functionality with some good old fashioned hacking. I’d hoped to do the same with my Apple Newton before someone nicked it from my lounge room, more’s the pity. If you’re rescuing your own beleaguered battery-powered portables, don’t hesitate to let us know!

hackaday.com/2024/12/16/emulat…

In most natural environments, fish are able to feed themselves. However, if you wanted to help them out with some extra food, you could always build a 3D-printed boat to do the job for you, as [gokux] did.

The concept is simple enough—it’s a small radio-controlled boat that gets around the water with the aid of two paddle wheels. Driven together, the paddle wheels provide thrust, and driven in opposite directions, they provide steering. A SeeedStudio XIAO ESP32 is the brains of the operation. It listens into commands from the controller and runs the paddle drive motors with the aid of a DRV8833 motor driver module. The custom radio controller is it itself running on another ESP32, and [gokux] built it with a nice industrial style joystick which looks very satisfying to use. The two ESP32s use their onboard wireless hardware to communicate, which keeps things nicely integrated. The boat is able to potter around on the water’s surface, while using a servo-driven to deliver small doses of food when desired.

It’s a neat build, and shows just what you can whip up when you put your 3D printer to good use. If you’d like to build a bigger plastic watercraft, though, you can do that too. Video after the break.

youtube.com/embed/HWH-6doB_aM?…

hackaday.com/2024/12/16/3d-pri…

A long-term project of mine is the the Sony Vaio new mainboard project. A year ago, I used it as an example to show you the cool new feature in KiCad 8, known as “background bitmaps”.

There are a heap of cool aspects to this specific Sony Vaio. It’s outrageously cute and purse-sized, the keyboard is nice enough for typing, motherboard schematics are available (very important!), and it’s not too terribly expensive. Of course, the most motivating aspect is that I happen to own one, its mainboard is not in the best state, and I’ve been itching to make it work.

It turned out to be a pretty complicated project, and, there was plenty to learn – way more than I expected in the beginning, too. I’m happy to announce that my v1 PCB design has been working wonders so far, and there are only a few small parts of it left untested.

I know that some of you might be looking to rebuild a lovely little computer of your choice. Hell, this particular laptop has had someone else rebuild it into a Pi-powered handheld years ago, as evidenced by this majestic “mess of wires” imgur build log! In honor of every hacker who has gotten their own almost-finished piece of hardware waiting for them half-assembled on the shelf, inside a KiCad file, or just inside your mind for now, let’s go through the tricks and decisions that helped made my board real.

Barely Any Space? Plan It Out Well

I recently finished and tested the first revision of this motherboard. It’s a tightly packed four-layer board, populated from both sides, and I want to show it off – describe how I designed it, the various low-level and high-level decisions that went into it, and strategies that I used to make sure this board became real and workable despite the odds.

First of all, the original article has helped in more than one way. Most importantly, I was lucky be contacted by [Exentio], a hacker who was also looking at remaking this particular Vaio with a Compute Module. He had designed two crucial blocks: a display parallel RGB to LVDS converter and a keyboard controller board. From my side, I could help and design review these boards, and design the backlight circuit, uhhh, eventually. Having these blocks was instrumental in me feeling comfortable enough to start the Vaio board design!

At some point in May, I realized I had the board outline and two of the crucial building blocks tested and ready to go, thanks to [Exentio]’s effort – there was barely anything else left that could hold me back. I started playing with the design by throwing these blocks into the schematic and copy-pasting some of my own general building blocks in, for instance, a PAM2306 dual-channel buck regulator, a USB hub, and two simple powerpaths for initial power management.

One trick that’s definitely helped from the start, is planning out locations for the building blocks using empty squares on the silkscreen, ensuring I’d keep space for everything. It didn’t have to be the perfect kind of planning, and I still had to move things here and there during layout, but it’s definitely helped in that I didn’t end up requiring any giant moves and rearrangements.
The silkscreen separations turned out to be super helpful for starting the board. Half of them ended up moving, but they did serve as a helpful “what to expect and where” TODO list
If you want to make your estimates more precise or make more educated layout guesses, don’t limit yourself to squares – just throw footprints (“Add Footprint”) onto the board before you even get to their schematic – any little bit of pre-planning that helps you avoid moving large chunks of your layout later. This applies doubly to connectors – you might not have the symbols for them wired up or even ready yet, but if you make sure the required external connectors are present on the board from the start, it will help you avoid some nasty moves.

Another crucial trick was spending about an hour-two on this board every day, for a week or two. A large project like this will take a fair bit of time, so you’ll want to make sure you can put tons of effort into it, and be emotionally prepared that it won’t happen in an evening’s time – this one took about two weeks. I also kept a TODO list in the schematic – you really want a place to note even the smallest things, from features, to potentially problematic spots that you’ll want to pay extra attention.

Space Constraints

When planning out a board with a large amount of passives, you want to make sure they’re as uniform as possible, so you have less to worry when ordering. In particular – what’s the size of passives you can afford in terms of board space? If you pick too large ones, you might run out of board space way way too quickly, becoming unable to route tracks

I standardized on 0402 components, which also meant I’d certainly be stenciling this board. It gets tiring to hand-solder parts given that this board has a thousand or two solder pads to touch. I opted to use 0805 for larger-value bulk capacitors for switching regulators and power rail purposes because 0402 10uF and 22uF capacitors get expensive if you want to get reliable ones, as we’ve discussed previously. In a few spots, though, I had to switch some 0805 capacitors to 0603, purely due to space constraints.

There are about a hundred resistors and a hundred capacitors on this board – remember, at some point, you can get a PCB fab to assemble just the passives for you, purely to spare yourself all the resistor and capacitor placement. You won’t get to stencil the ICs together with the passives, though, which is why I didn’t bother, because the RP2040 QFNs alone are annoying to handle without solder paste. Have you heard of Interactive HTML BOM for KiCAD? Make sure to use that, it’s simply wonderful and will prevent assembly errors of the kind that burn your board up before it’s even placed into the case.
This was one of the high-power inductors for which I didn’t estimate physical size early enough, and as a result, I had to somewhat bend reality around it
Inductors in the switching regulator can be an unexpected contribution to board space – if you need a 4.7 uH inductor and you need it to pass 5 A or more, take a look at online marketplaces before you even start designing the circuit, and see what the average size is for an inductor that fits your parameters. In my case, I got lucky, but only barely – some inductors definitely didn’t fit as well as I would’ve had hoped.

For this specific board, expected to fit inside the thin Sony Vaio’s shell, I had one more different thing to consider – component height. The original Vaio board was definitely designed in a way where all switching regulator components were placed on only one side, with plenty of height room for inductors and capacitors specifically. I placed all the switching regulators on one side, except one – the PAM2306 for the display 2.5 V and mod board extra 3.3 V rail.

In the end, I mis-estimated the inductor height, and had to shop for lower-profile inductors for that regulator. Thankfully, I found some decent lower-height inductors – they work wonders for powering the screen, and the only problem is that the inductor heats up more than I’d expect, but not too badly.

Source Considerations

Ordering the components for your board? Missing a position or two will really suck, and could delay your project by a week or two easily. My advice is to make sure that all component values are assigned and correct, and to pay the most attention to configuration and feedback resistors! Then, optimize the BOM, export the BOM out of the board into a .csv, and go through it line by line as you’re ordering. Alternatively, you can use the checkboxes in the InteractiveHTLMBoM – just that you’ll have to keep it open all throughout.

When it comes to resistors, remember that you might have to improvise them on the spot – again, you don’t want to wait on them, so get a collection of resistor values. I bought a $15 book of 0402 resistors from Aliexpress, and it proved instrumental – especially given it lets you adjust values during bringup, and, it let me basically not worry at all about missing resistor values at all during sourcing. The earlier you order, the more likely will it be that one IC won’t go out – which has very much prevented me from testing out the display properly.

Apart from that, the book let me be a little more lazy and figure out switching regulator feedback circuits during assembly – and there’s nothing like being able to adjust your USB boost regulator to 5.25 V post-factum, or increasing backlight current in case you figure out the calculated resistors result in a dim screen.

Hacks For Routability, Bootstrap, Motivation

This board’s switching regulators are probably worth their ownr article. There were two power hacks I ended up doing. The first one was having a separate always-on linear regulator for the EC, avoiding chicken-and-egg power problems. This one was certainly a success, and if you’re planning a motherboard that will also have to go low-power at times, you might really want a separate regulator for your EC.

The second one was making use of the Pi Zero’s 3.3 V regulator for powering a ton of stuff, like the keyboard controller chip, the LVDS transmitter, the USB hub, and – basically, everything that would only need to run once the Pi would be powered. This constrains the Zero’s onboard 3.3 V regulator, sure, but it’s not too much of a problem – I’ve powered tons of stuff from the Pi Zero’s 3.3 V rail in the past. It also has helped quite a bit, because the less switching regulators I have to design and keep track of, the better.

A big problem was making use of board layers correctly. I went for four layers on this board, with one 3.3 V layer which carries the output 3.3V rail from the Pi Zero, and one GND layer: SIG-GND-PWR-SIG. Later on, I took a look at the 3.3 V polygon, and realized that nothing used 3.3 V on a big chunk of the board. I deliberated some, and added an extra GND polygon covering a good third of the 3.3 V layer on the path where all the switching regulators were concentrated, and specifically, the path where the DC input jack current would flow into the switching regulator providing 5 V. It’s a plane split, sure, which is not great as far as signal return currents go, but there was one continuous GND layer right next to it already. Fingers crossed it works out for me long-term!

I kept inner layers as clean as possible generally – however, some tracks still had to go on inner layers. My compromise for having good inner polygons was keeping the inner layer traces as close as possible to the edge of the board, ensuring that there’s the least amount of plane splitting possible.

The cherry on top of the cake? I used KiCad board image generation hook for GitHub that I covered this year, and, it’s added a surprising source of motivation to the project. Each time I’d push changes to the repository after a day of board design work, the board image would regenerate, showing off my changes – a lovely conclusion to my work and a reminder that I’ve done well with it. Also, I could demonstrate the board additions to my friends, including [Exentio] – can’t deny, having a social element to this design has really helped in getting this board completed!

There are a few fundamental aspects left – like power management, making plans for board assembly and bringup before you send off the board to manufacturing, and giving yourself the best chances for success when assembly and bringup time comes. That’s within a week – together with a report on how the board is working out so far!

hackaday.com/2024/12/16/sony-v…

The Red Ring of Death (RROD) was the bane of many an Xbox 360 owner. The problem was eventually solved, mostly, but memories of that hellish era lurk in the back of many a gamer’s mind. For a more cheery use of those same status lights, you might appreciate “Lightshow” from [Derf].

The concept is simple enough. It’s a small application that runs on an Xbox 360, and allows you to test the individual LEDs that make up the Ring of Light indicator, along with the main power LED. If you want to test the lights and see each segment correctly lights up as green, yellow and red, you can.

Alternatively, you can have some fun with it. [Derf] also programmed it to flash along to simple four-channel MIDI songs. Naturally, Sandstorm was the perfect song to test it with. It may have been the result of a simple throwaway joke, but [Derf] delivered in amusing fashion nonetheless.

Lightshow is an entry for Xbox Scene Modfest 2024; it’s nice to see the community is still popping off even in this era of heavily-locked-down consoles. We’ve featured some other useful 360 hacks in recent months, too. Video after the break.

youtube.com/embed/3WJwQjNUcpw?…

youtube.com/embed/-H91NT_gmmU?…

hackaday.com/2024/12/16/a-red-…

CYFIRMA ha analizzato un’applicazione Android dannosa progettata per attaccare risorse nell’Asia meridionale. L’esempio è stato creato utilizzando lo strumento di amministrazione remota SpyNote. Si presume che l’obiettivo possa essere oggetto di interesse per un gruppo APT. I dettagli sulle vittime e sulle regioni specifiche non sono stati divulgati.

Si è scoperto che l’applicazione dannosa veniva distribuita tramite WhatsApp. Alla vittima sono state inviate quattro versioni del file denominate “Best Friend”, “Best-Friend 1”, “Friend” e “best”. Tutte le applicazioni avevano un server di gestione. I programmi venivano installati segretamente e cominciavano a funzionare in background utilizzando l’offuscamento del codice.

SpyNote utilizza una serie di autorizzazioni per accedere ai dati chiave del dispositivo: geolocalizzazione, contatti, SMS, memoria del dispositivo e fotocamera. L’applicazione può anche intercettare chiamate, raccogliere dati di sistema e persino utilizzare funzionalità speciali del sistema per monitorare lo schermo e inserire testo.

Il codice dannoso mirava a raccogliere dati come numero IMEI, carta SIM, versione di Android e tipo di rete. I dati ricevuti sono stati immediatamente inviati al server di controllo. Inoltre, l’applicazione ha acquisito screenshot e copiato i dati utente come contatti, messaggi e foto.

SpyNote e le sue modifiche, tra cui SpyMax e Crax RAT, vengono utilizzate attivamente da hacker e gruppi APT come OilRig (APT34) e APT-C-37. Questi strumenti aiutano gli aggressori a spiare le comunicazioni, rubare dati e mantenere l’accesso ai sistemi delle vittime.

Gli incidenti di SpyNote hanno già colpito agenzie governative, ONG, media e istituzioni finanziarie. Il caso attuale indica il probabile coinvolgimento di un gruppo APT sconosciuto o di un altro attore criminale informatico.

SpyNote rimane una seria minaccia a causa della sua disponibilità sui forum clandestini e sui canali Telegram. Gli attacchi che utilizzano questo strumento confermano la preferenza degli aggressori per strumenti comprovati e potenti per compromettere obiettivi di alto profilo.

L'articolo SpyNote colpisce ancora: malware Android distribuito via WhatsApp nell’Asia meridionale proviene da il blog della sicurezza informatica.

What do you get when you combine a Raspberry Pi 4B, a Kaypro keyboard, and a 9″ Apple ], you get the coolest AVR development workstation I’ve seen in a while.

Image by [John Anderson] via Hackaday.IOAs you may have guessed, I really dig the looks of this thing. The paint job on the display is great, but the stripes on the keyboard and badging on are on another level. Be sure to check out the entire gallery on this one.

About that keyboard — [John] started this project with two incomplete keyboards that each had a couple of broken switches. Since the two keyboards were compliments of each other parts-wise, they made a great pair, and [John] only had to swap out three switches to get it up and clacking.

In order to make it work with the Pi, [John] wrote a user-mode serial driver that uses the uinput kernel module to inject key events to the kernel. But he didn’t stop there.

Although the Pi supports composite video out, the OS doesn’t provide any way to turn off the chroma color signal that’s modulated on top of the basic monochrome NTSC signal, which makes the picture look terrible. To fix that, he wrote a command-line app that sets up the video controller to properly display a monochrome NTSC signal. Happy AVRing on your amazing setup, [John]!

Check Out This Refreshingly Small Keyboard

Image by [AnnaRooks] via redditUsually when we see keyboards this small, they have tiny keys that are fully intended for thumb presses and thumb presses only. But what about something ultra-portable that has full-size keys?

Although it might be hard to believe, [AnnaRooks] only uses about 20 of the 24 keys that make up this mint tin keyboard. She has a keymap for typing, gaming, and Diablo II.

Personally, and my feelings about layers aside, I don’t think I could use a keyboard without thumb clusters at this point. Although you know what? It would make a great traveling macropad.

The Centerfold: A Close Look At Force Curves

Image by [ThereminGoat] via redditWell, boys and girls, we’ve got a smart beauty this time around. This here is an industrial key switch force tester. [ThereminGoat] is gonna tell you all about force curves and how to read them.

What even is a force curve, and why is it so important? It refers to the graphical representation of the force required to press a key to the actuation point (y) versus the distance traveled during the press (x). So, it’s only critical to evaluating key switch performance. Key points along the force curve include the starting force, the actuation point, the tactile bump if present, the bottom-out force, and the return curve.

So, why does it actually matter? Force curves help us understand how light or heavy a switch feels, the actuation behavior, and help with customization. I’ll let [ThereminGoat] take it from here.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: My IBM Wheelwriter 5

You know, I kind of can’t believe that I’ve now gone 47 Keebins without spotlighting my daily driver, which takes up most of my second desk. She may not look like much, but she types like the wind, and has that legendary buckling-spring keyboard to boot.

Sure, the Selectrics get all the love, and rightfully so. But if you actually want to use a typewriter day in and day out, you really can’t beat its successor, the Wheelwriter. IBM produced these machines from 1984 to 1991, and Lexmark took over, cranking them out until 2001. Mine shows an install date of 4/22/85.

The Wheelwriter was IBM’s first daisy wheel typewriter, which replaced the golf ball type element that signified the Selectric. Arguably even easier to swap than the golf ball, these slim cartridges lay flat for easy storage.

Whereas the Selectric used a mainspring and an escapement like traditional machines, the Wheelwriter has a stepper motor that moves the print head and a solenoid that strikes the daisy wheel against the paper. It makes a delightfully frightening noise on startup as it tests the stepper and solenoid and spins the daisy wheel with alarming swiftness. I love this machine!
hackaday.com/wp-content/upload…

ICYMI: Updated Mouse Ring Now Uses Joystick

Are you tired of traditional mouse and keyboard input, even though you’ve got a sweet ergo split and a trackball? Maybe you’re just looking to enhance your VR setup. Whatever you’re into, consider building [rafgaj78]’s Mouse Ring.

As you might be able to discern from the picture, this baby is based on the Seeed Xiao nRF52840 and uses a tiny battery pack. This is version two of the ring mouse, so if you prefer buttons to a joystick, then the first iteration may be more your style. Keep in mind that version two is easier to assemble and comes in more ring sizes.

There are two modes to this mouse ring. In the first mode, the joystick does left and right mouse click and wheel up-down, and pushing will wake it from deep sleep. In the second mode, the joystick acts as the mouse pointer, and you push down to left click.

I love the elegant design of the ring itself, and it looks great in yellow. Hmm, maybe I need one of these…

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2024/12/16/keebin…

Gli specialisti Microsoft registrano il blocco di circa 7mila attacchi utilizzando password ogni secondo, quasi il doppio rispetto a un anno fa. Questi risultati evidenziano l’urgente necessità di metodi di sicurezza degli account più robusti.

Una soluzione promettente sono le chiavi di accesso (Passkey). Utilizzano dati biometrici o codici PIN per sbloccare la chiave privata sul dispositivo dell’utente, rendendolo praticamente invulnerabile al phishing e ad altri tipi di attacchi.

L’utilizzo delle PassKey oggi

Le statistiche mostrano anche la crescente sofisticazione degli attacchi informatici. Nell’ultimo anno, il numero di attacchi man-in-the-middle è aumentato del 146%. Microsoft sta implementando attivamente le passkey come parte della transizione verso metodi di autenticazione più sicuri.

A maggio 2024, Microsoft ha annunciato il supporto per le chiavi di accesso per servizi popolari come Xbox, Microsoft 365 e Microsoft Copilot. Questo passaggio accelera notevolmente il processo di accesso agli account: le passkey sono tre volte più veloci delle password e otto volte più veloci delle combinazioni di password con autenticazione a più fattori.

Anche gli utenti accettano attivamente il nuovo approccio: il 98% di loro accede con successo utilizzando le passkey, mentre per le password questa cifra è solo del 32%.

Microsoft promuove attivamente la registrazione delle chiavi di accesso, offrendola durante la creazione di un account o la modifica di una password. Ciò ha portato a un risultato impressionante: l’aumento nell’uso delle passkey è stato del 987% dopo l’introduzione di un nuovo design di accesso per i servizi dell’azienda.

Microsoft prevede che centinaia di milioni di utenti passeranno alle passkey nei prossimi mesi. L’obiettivo finale è eliminare completamente le password e passare ad account a prova di phishing.

Il passaggio a Passkey apre una nuova era di sicurezza informatica. Iniziative come queste da parte di grandi player come Microsoft potrebbero finalmente cambiare l’approccio all’autenticazione, rendendola comoda e sicura. Questa trasformazione potrebbe essere l’inizio della fine dell’era delle password

Cosa si intende per Passkey

Le passkey rappresentano un nuovo standard per l’autenticazione digitale, progettato per sostituire le tradizionali password con un metodo di accesso più sicuro, veloce e a prova di attacco. A differenza delle password, che possono essere facilmente intercettate o rubate, le passkey utilizzano un sistema basato sulla crittografia a chiave pubblica e privata, rendendo l’autenticazione praticamente invulnerabile a tecniche di phishing o attacchi man-in-the-middle.

Le passkey si basano su un meccanismo di autenticazione che coinvolge due elementi principali:

1. Chiave pubblica: Questa è un identificativo univoco che viene condiviso con il servizio o il sito web al momento della registrazione.
2. Chiave privata: Questa viene generata e conservata esclusivamente sul dispositivo dell’utente, come uno smartphone, un computer o un dispositivo hardware dedicato. Non viene mai condivisa o trasmessa.

Quando un utente desidera accedere a un servizio, il dispositivo invia la chiave pubblica per confermare l’identità. Il servizio, a sua volta, invia una richiesta che solo la chiave privata può sbloccare, autenticando così l’utente. Le passkey eliminano alcune delle vulnerabilità più comuni legate alle password tradizionali:

• phishing: Non essendo necessario digitare una password, gli utenti non possono essere ingannati a inserirla in siti fraudolenti.
• Protezione contro attacchi man-in-the-middle: Poiché la chiave privata non viene mai trasmessa, gli hacker non possono intercettarla.
• Resistenza al furto di credenziali: Anche se un database di un servizio venisse compromesso, la chiave pubblica rubata è inutile senza la corrispondente chiave privata, custodita in modo sicuro sul dispositivo dell’utente.

Quali sono le tecnologie utilizzate per le passkey?

Le passkey si integrano con tecnologie biometriche e PIN locali per garantire che solo l’utente autorizzato possa accedere alla chiave privata. Ad esempio:

• Riconoscimento facciale (Face ID)
• Scanner di impronte digitali (Touch ID)
• PIN locali

Questi metodi rendono l’accesso più rapido e semplice, eliminando la necessità di ricordare e gestire lunghe sequenze di caratteri complessi. Le passkey offrono numerosi vantaggi rispetto alle password tradizionali e persino rispetto all’autenticazione a due fattori (2FA):

1. Facilità d’uso: Non c’è bisogno di ricordare password o utilizzare generatori di codici temporanei.
2. Velocità: Le passkey sono tre volte più veloci delle password e otto volte più rapide rispetto alle combinazioni di password con 2FA.
3. Maggiore sicurezza: Eliminano il rischio associato a pratiche comuni come il riutilizzo delle password.
4. Compatibilità: Le passkey sono supportate da standard internazionali come FIDO2 e WebAuthn, il che le rende interoperabili tra dispositivi e piattaforme diverse.

Il futuro senza password

Le passkey rappresentano una vera rivoluzione nel campo della sicurezza digitale. Non solo migliorano l’esperienza utente, ma offrono anche un livello di protezione senza precedenti contro le minacce informatiche. Grazie alla loro implementazione da parte dei principali attori tecnologici, possiamo immaginare un futuro in cui le password diventeranno un ricordo del passato, sostituite da metodi di autenticazione più sicuri, pratici e innovativi.

L'articolo Addio password: Microsoft rivoluziona la sicurezza con le PassKey! proviene da il blog della sicurezza informatica.

This year, we not only challenged Supercon attendees to come up with their own Simple Add-Ons (SAOs) for the badge, but to push the envelope on how the modular bits of flair work. Historically, most SAOs were little more than artistically arranged LEDs, but we wanted to see what folks could do if they embraced the largely unused I2C capability of the spec.

[Squidgeefish] clearly understood the assignment. This first-time attendee arrived in Pasadena with an SAO that was hard to miss…literally. Looking directly at the shockingly bright 128 RGB LED array packed onto the one-inch diameter PCB was an experience that would stay with you for quite some time (ask us how we know). With the “artistically arranged LEDs” aspect of the nominal SAO handled nicely, the extra work was put into the design so that the CPU could control the LED array via simple I2C commands.

Aligning the LED footprints with an imported image of the array.
Now that the dust has settled after Supercon, [Squidgeefish] took the time to write up the experience of designing and producing this gorgeous specimen for our reading pleasure. It’s a fascinating account that starts with a hat tip towards the work of [Jason Coon], specifically the Fibonacci series of densely-packed RGB art pieces. The goal was to recreate the design of the 128 LED model in SAO form, but without the design files for the original hardware, that meant spending some quality time with KiCad’s image import feature.

He designed the LED array for assembly at a board house for obvious reasons, but hand soldering was the order of the day for the SOIC-8 microcontroller, capacitors, and SAO header on the reverse side. Speaking of the MCU, [Squidgeefish] went though a couple of possible suspects before settling on the STM8S001J3, and all the code necessary to drive the LEDs and communicate with the badge over I2C are available should you consider a similar project.

Now technically, the SAO was done at this point, but in testing it out on the Vectorscope badge from Supercon 2023, a problem appeared. It turns out that whatever yahoos came up with that design pulled the power for the SAO port right off of the batteries instead of utilizing the boost converter built-in to the Pi Pico. The end result is that, you never get a true 3.3 V. Also, the voltage that the SAO does get tends to drop quickly — leading to all sorts of unexpected issues.

To solve the problem, [Squidgeefish] came up with a clever boost converter “backpack” PCB that attaches to the rear of the completed SAO. This board intercepts the connection to the badge, and takes whatever voltage is coming across the line and steps it up to the 5 V that the LEDs are actually designed for.

Of course, the irony is that since the 2024 Supercon badge actually did use the boost circuitry of the Pico to provide a true 3.3 V on the SAO connector, this modification wasn’t strictly necessary. But we still love the idea of an add-on for the add-on.

The entire write-up is a fantastic read, and serves as a perfect example of why creating your own Simple Add-On can be so rewarding…and challenging. From adding contingency hardware to deal with badges that don’t obey the spec to figuring out how to produce low-cost packaging on short notice, the production of a decent number of SAOs for the purposes of distribution is a great way to peek out from your comfort zone.

hackaday.com/2024/12/16/buildi…

Researchers have been testing a new type of lithium ion battery that uses single-crystal electrodes. Over several years, they’ve found that the technology could keep 80% of its capacity after 20,000 charge and discharge cycles. For reference, a conventional cell reaches 80% after about 2,400 cycles.

The researchers say that the number of cycles would be equivalent to driving about 8 million kilometers in an electric vehicle. This is within striking distance of having the battery last longer than the other parts of the vehicle. The researchers employed synchrotron x-ray diffraction to study the wear on the electrodes. One interesting result is that after use, the single-crystal electrode showed very little degradation. According to reports, the batteries are already in production and they expect to see them used more often in the near future.

The technology shows promise, too, for other demanding battery applications like grid storage. Of course, better batteries are always welcome, although it is hard to tell which new technologies will catch on and which will be forgotten.

There are many researchers working on making better batteries. Even AI is getting into the act.

hackaday.com/2024/12/16/single…

Review of last year’s predictions

The number of services providing AV evasion for malware (cryptors) will increase

We continuously monitor underground markets for the emergence of new “cryptors,” which are tools specifically designed to obfuscate the code within malware samples. The primary purpose of these tools is to render the code undetectable by security software. In 2024, our expert observations indicate that commercial advertising for these cryptors have indeed gained momentum. Cryptor developers are introducing novel techniques to evade detection by security solutions, incorporating these advances into their malware offerings.

Pricing for these tools has remained consistent, ranging from $100 for a monthly subscription to cryptors available on dark web forums to as much as $20,000 for premium private subscriptions. There has been a shift toward the development and distribution of premium private solutions, which are becoming increasingly prevalent compared to public offerings.

Verdict: prediction fulfilled ✅

“Loader” malware services will continue to evolve

As anticipated, the supply for the “loader” malware family has been constant in 2024. These loaders exhibit a wide range of capabilities, from mass-distributed loaders available at low prices to highly specialized loaders tailored to detailed specifications with prices reaching into the thousands of dollars.

Examples of loader offers

Additionally, threat actors appear to be increasingly using multiple programming languages. For example, the client component of the malware may be developed in C++, while the server-side admin panel is implemented in Go.

Along with the wide variety of loader offerings, we have also seen demands for specific functionality tailored to launch a particular infection chain.

Example of searching for a loader with specific requirements

Verdict: prediction fulfilled ✅

Crypto asset draining services will continue to grow on dark web markets

In 2024, we observed a surge in the activity of “drainers” across dark markets. These are malicious tools designed to steal the victim’s crypto assets, such as tokens or NFTs. New drainers emerged throughout the year and were actively promoted on various dark web platforms. In general, the number of unique threads discussing drainers on underground markets increased from 55 in 2022 to 129 in 2024, which is remarkable. At the same time, these posts frequently served as redirects to Telegram.

The number of unique threads about drainers on the dark web (download)

In fact, in 2024, Telegram channels were a prominent hub for drainer-related activity.

Dark web post containing links directing potential collaborators to Telegram

Drainer developers are increasingly focused on serving their long-term clients, with most activity now conducted in invite-only channels.

In terms of functionality, drainers have remained largely consistent, with a continued emphasis on incorporating support for new crypto-related assets such as emerging coins, tokens, and NFTs. 2024 also saw the discovery of the first mobile drainer.

Verdict: prediction fulfilled ✅

Black traffic schemes will be very popular on underground markets

In 2024, the popularity of black traffic schemes on underground markets remained constant. Black traffic dealers have maintained their operations by promoting malicious landing pages through deceptive ads. Sales activities for these services remain robust on underground markets, with demand holding steady, further highlighting the effectiveness of mainstream ad delivery platforms for malware distribution. This method continues to be a popular choice for cybercriminals looking to reach a wider audience, posing an ongoing threat to online users.

Verdict: Partially fulfilled

Evolution and market dynamics of Bitcoin mixers and cleaning services

In 2024, there was no significant increase in the number of services advertising cryptocurrency “cleaning” solutions. The majority of established and popular services have maintained their presence in the market, with little change in the competitive landscape.

Verdict: prediction not fulfilled ❌

Our predictions for 2025

Data breaches through contractors

When abusing company-contractor relationships (trusted relationship attacks), threat actors first infiltrate a supplier’s systems and then gain access to the target organization’s infrastructure or data. In some cases, these attacks result in significant data breaches, such as the case where attackers allegedly accessed Ticketmaster’s Snowflake cloud account by breaching a third-party contractor. Another prominent threat actor employing this tactic was IntelBroker – the actor and their associated gang reportedly breached companies like Nokia, Ford, a number of Cisco customers including Microsoft, and others through third parties.

Profile of the actor named IntelBroker on a popular dark web forum

We expect to see the number of attacks through contractors leading to data breaches at major end targets to continue to grow in 2025. Cloud platforms and IT services often store and process corporate data from multiple organizations, so a breach at just one company can open the door to many others. It is worth noting that a breach does not necessarily have to affect critical assets to be destructive. Not every data breach advertisement on the dark web is the result of a genuinely serious incident. Some “offers” may simply be well-marketed material; for example, certain databases may combine publicly available or previously leaked data and present it as breaking news, or simply claim to be a breach for a well-known brand. By creating hype around what is actually old – and probably irrelevant – data, cybercriminals can provoke publicity, generate buzz, and damage the reputation of both the supplier and its customers.

IntelBroker’s dark web post claiming a Tesla data breach, later edited to claim to be a breach of a third-party EV charging firm

In general, we have noticed an overall increase in the frequency of corporate database advertisements on the dark web. For example, on one popular forum, the corresponding number of posts in August-November 2024 increased by 40% in comparison with the same period last year, and peaked several times.

Number of dark web posts distributing databases on one popular forum, August 2023-November 2024 (download)

While some of this growth may be attributed to the reposting or combining of older leaks, cybercriminals are clearly interested in distributing leaked data – whether new, old, or even fake. Consequently, in 2025, we are likely to witness not only a rise in company data hacks and leaks through contractors, but also an overall increase in data breaches.

Migration of criminal activity from Telegram to dark web forums

Despite a spike in cybercriminal activity on Telegram in 2024, we expect the shadow community to migrate back to dark web forums. Shadow Telegram channels are increasingly being banned, as noted by their administrators:

Examples of messages from threat actors announcing a ban on their Telegram channels and accounts

The return or influx of cybercriminals to dark web forums is expected to intensify competition among these resources. To stand out and attract new audiences, forum operators are likely to start introducing new features and improving conditions for data trading. These may include automated escrow services, streamlined dispute resolution processes, and improved security and anonymity measures.

Increase in high-profile law enforcement operations against cybercrime groups

2024 was a significant year in the global high-profile fight against cybercrime. The world has seen many successful operations – Cronos against LockBit, the takedown of BreachForums, the arrest of WWH Club members, successful initiatives like Magnus against RedLine and Meta stealers, and Endgame against TrickBot, IcedID, and SmokeLoader, and more. We at Kaspersky also actively contributed to law enforcement efforts to combat cybercrime. For example, we supported INTERPOL-coordinated action to disrupt the Grandoreiro malware operation, helped counter cybercrime during the 2024 Olympics, and contributed to Operation Synergia II, which aimed to disrupt cyberthreats such as targeted phishing, ransomware, and infostealers. We also assisted the joint INTERPOL and AFRIPOL operation combating cybercrime across Africa. These and many other cases highlighted the coordination and collaboration between law enforcement and cybersecurity organizations.

We expect 2025 to bring an increase in arrests and takedowns of high-profile cybercriminal group infrastructures and forums. However, in response to the successful operations of 2024, threat actors will likely switch tactics and retreat to deeper, more anonymous layers of the dark web. We also expect to see the emergence of closed forums and an increase in invitation-only access models.

Stealers and drainers to see a rise in their promotion as services on the dark web

Cryptocurrencies have been a prime target for cybercriminals for years. They lure crypto users to scam sites and Telegram bots under various guises, and add crypto-stealing functionality to infostealers and banking Trojans. With the price of Bitcoin setting record after record, the popularity of drainers specifically designed to steal cryptocurrency tokens from victims’ wallets is likely to persist in the coming year.

Infostealers are another type of malware that harvests sensitive information from users’ devices, including private keys for cryptocurrency wallets, passwords, browser cookies, and autofill data. In recent years, we have witnessed a dramatic rise in credential leaks driven by this malware, and we expect this trend to continue – and in some sense evolve. Most likely, we will see the emergence of new families of stealers, along with an increase in the activity of those that already exist.

Both stealers and drainers are likely to be increasingly promoted as services on the dark web. Malware-as-a-Service (MaaS) – or “subscription” – is a dark web business model that involves leasing software to carry out cyberattacks. Typically, clients of such services are offered a personal account through which they can control the attack, as well as technical support. It lowers the initial threshold of expertise required by would-be cybercriminals.

Example of a stealer offered through the MaaS model

In addition to publications on the dark web featuring stealers or drainers themselves, we also see posts looking for traffers – people who help cybercriminals distribute and promote stealers, drainers, or scam and phishing pages.

Examples of traffer searches for drainers

Example of a traffer search for a cryptoscam (not a drainer)

Fragmentation of ransomware groups

Next year, we may see ransomware groups fragmenting into smaller independent entities, making them more difficult to track and allowing cybercriminals to operate with greater flexibility while staying under the radar. Kaspersky Digital Footprint Intelligence data shows that in 2024 the number of Dedicated Leak Sites (DLS) grew 1.5 times compared to 2023. Despite this growth, the average number of unique posts per month has remained the same compared to the previous year.

Ransomware operators are also likely to continue to leverage leaked malware source codes and builders to create their own customized versions. This approach significantly lowers the barrier to entry for new groups, as they can avoid developing tools from scratch. The same goes for Dedicated Leak Sites (DLSs): low-skilled cybercriminals will likely use the leaked DLS source codes of notorious groups to create almost exact copies of their blogs – something we can already see happening on the dark web.

LockBit’s DLS

DarkVault’s DLS is almost an exact copy of LockBit’s

Escalating cyberthreats in the Middle East: hacktivism and ransomware on the rise

According to Kaspersky Digital Footprint Intelligence (DFI), one of the most concerning cybersecurity threats related to dark web activity in the Middle East in the first half of 2024 was the activity of hacktivists. The region has seen an increase in these threats due to the current geopolitical situation, which is likely to continue to rise if tensions do not ease.

Kaspersky DFI researchers observed more than 11 hacktivist movements and various actors across the region. In line with the current geopolitical instability, hacktivist attacks are already shifting from distributed denial of service (DDoS) and website defacement to critical outcomes such as data leaks and the compromise of target organizations.

Another threat that is likely to remain highly active in the region is ransomware. Over the past two years, the Middle East has seen a surge in the number of ransomware attack victims, rising significantly from an average of 28 each six months in 2022-2023 to 45 in the first half of 2024. This trend is likely to persist into 2025.

securelist.com/ksb-dark-web-pr…

Gli scienziati cercano da molti anni di ottenere questo risultato lavorando con gli esseri viventi. Un gruppo di ricercatori della Nanyang Technological University di Singapore ha inventato una macchina per trasformare comuni scarafaggi in cyborg controllati dai computer. La macchina installa sull’insetto apparecchiature elettroniche di stimolazione e comunicazione in soli 68 secondi, 26 volte più velocemente che farlo manualmente.

Innanzitutto, l’animale a sei zampe viene posto in un ambiente con anidride carbonica per immobilizzarlo. Il sistema robotico lo fissa quindi utilizzando aste metalliche e la visione artificiale trova i punti in cui collegare elettrodi in miniatura e altre parti. L’errore medio della tecnologia durante l’installazione dei componenti è di soli 0,3 mm.

La parte principale della modifica è uno zaino elettronico che consente di controllare i movimenti a distanza attraverso la stimolazione delle antenne. Quando un segnale arriva alle antenne sinistra o destra, l’insetto gira nella direzione desiderata. In questo modo l’operatore può guidarlo con precisione in qualsiasi punto. Lo zaino pesa meno di un grammo ed è alimentato da una batteria in miniatura, la cui carica dura sei ore di funzionamento continuo.

I piccoli cyborg funzionano altrettanto bene di quelli “gestiti” manualmente da specialisti esperti. Gli scienziati sottolineano che la procedura è sicura e non danneggia le funzioni biologiche. Dopo aver rimosso l’attrezzatura, gli insetti ritornano completamente alla loro vita normale.

Gli scarafaggi sono perfetti per tali esperimenti grazie alle loro caratteristiche. Sono piccoli, quindi possono passare attraverso strette fessure e macerie dove le persone e i normali robot non possono andare. Queste creature possono anche arrampicarsi sui muri e superare facilmente ostacoli difficili: i robot meccanici hanno ancora problemi in questo. Allo stesso tempo, possono sopportare una pressione pari a 900 volte il loro stesso peso e sono in grado di raggiungere velocità fino a 1,5 metri al secondo.

Questi insetti hanno naturalmente un senso dell’olfatto e del tatto molto acuto. Percepiscono diverse sostanze chimiche, gas e possono persino trovare persone. Le loro antenne rilevano le più piccole fluttuazioni dell’aria e i cambiamenti di temperatura e il loro complesso sistema nervoso consente loro di reagire immediatamente al pericolo.

La nuova tecnologia consente di creare centinaia e persino migliaia di cyborg su ordinazione. A differenza delle macchine intelligenti, gli esseri viventi non spendono quasi alcuna energia e si riproducono: questo è molto più redditizio in termini di tempo e finanze. Secondo i calcoli degli scienziati, mantenere una colonia di mille individui è 100 volte più economico che produrre lo stesso numero di microrobot.

Gli scarafaggi cyborg cercheranno le persone negli edifici distrutti, monitoreranno la qualità dell’aria e rileveranno l’inquinamento. Anche i militari erano interessati all’idea: gli insetti potevano essere usati per la sorveglianza segreta e la raccolta di informazioni. Particolarmente vantaggioso è il fatto che non emettono praticamente alcun suono né attirano l’attenzione e che i loro sistemi elettronici sono troppo piccoli per essere rilevati dai rilevatori convenzionali.

L'articolo Scarafaggi Cyborg in Missione Militare: La Nuova Frontiera della Tecnologia Bio-Robotica proviene da il blog della sicurezza informatica.

La direttiva NIS2: adeguarsi per garantire la sicurezza informatica delle aziende italiane

Con l’adozione della direttiva NIS2 (Network and Information System) da parte dell’Unione Europea, le aziende italiane si trovano di fronte a una nuova sfida normativa che non può essere ignorata. L’obiettivo principale della direttiva è rafforzare la sicurezza informatica nei settori essenziali e garantire la resilienza delle infrastrutture critiche contro le crescenti minacce cyber. Per le aziende italiane, in particolare le piccole e medie imprese (PMI), questa è un’occasione per migliorare la propria protezione digitale e adeguarsi agli standard europei per evitare sanzioni.

Che cos’è la direttiva NIS2?

La direttiva NIS2 rappresenta un’evoluzione della precedente direttiva NIS, ampliando il numero di settori coinvolti e introducendo obblighi più severi in termini di gestione dei rischi informatici e comunicazione delle violazioni. Tra i settori interessati rientrano l’energia, i trasporti, la sanità e le telecomunicazioni, ma anche realtà come i fornitori di servizi digitali e le aziende che gestiscono infrastrutture critiche.

Come evidenziato nel webinar organizzato da Sacchi Associati, il rispetto della direttiva richiede non solo l’adozione di misure tecnologiche, ma anche un ripensamento della governance aziendale per integrare la sicurezza informatica in tutti i processi organizzativi.

Un’opportunità per le aziende italiane

In Italia, la direttiva NIS2 rappresenta un’opportunità per rafforzare la sicurezza informatica in un contesto dove le PMI spesso mancano di risorse adeguate per difendersi dai rischi cyber. Gli obblighi imposti dalla direttiva, sebbene stringenti, spingono le aziende a implementare misure di prevenzione più efficaci e a dotarsi di strumenti e competenze adeguate.

Per le PMI, la sfida maggiore sarà quella di adeguarsi in tempi brevi, investendo in formazione e tecnologie. Tuttavia, il vantaggio competitivo di un’azienda che dimostra di essere conforme è significativo: oltre a ridurre i rischi, può guadagnare maggiore fiducia da parte di clienti e partner, rafforzando la propria reputazione sul mercato.

Preparati con il nostro corso online sulla direttiva NIS2 di Red Hot Cyber

Per aiutare le aziende italiane ad affrontare questa transizione, la nostra Academy propone un corso sulla NIS2 online in modalità e-learning, progettato dall’avvocato Andrea Capelli, consulente esperto in informatica giuridica, protezione dei dati personali e sicurezza informatica. Il corso offre un approccio pratico per comprendere gli obblighi della direttiva e implementare strategie di cybersecurity.

Il corso in modalità e-learning sulla Direttiva NIS2 offre un’esplorazione approfondita delle principali aree di applicazione della normativa, con un focus particolare su temi cruciali per la sicurezza informatica e la gestione del rischio. Verranno affrontati aspetti quali l’organizzazione istituzionale e il ruolo degli enti preposti, la gestione del rischio e dei soggetti coinvolti, la protezione della supply chain, le procedure di notifica e certificazione, nonché le questioni legate alla giurisdizione e alle sanzioni. Il corso si propone di fornire strumenti pratici e conoscenze essenziali per garantire la compliance e rafforzare la resilienza delle organizzazioni nell’ambiente digitale europeo.

Fino al 31 dicembre 2024, è possibile iscriversi con uno sconto del 25% tramite questo link al corso. Questa è un’occasione unica per accedere a competenze specializzate che possono fare la differenza nella protezione della tua azienda.

Perché è importante agire ora

L’adeguamento alla NIS2 non deve essere visto come un costo, ma come un investimento strategico per il futuro della tua azienda. Le minacce informatiche continuano a evolversi, e il rispetto della direttiva può garantire una protezione più efficace contro incidenti che potrebbero compromettere la continuità operativa.

Agire ora significa evitare sanzioni, proteggere i dati aziendali e consolidare la fiducia nel proprio business. Non aspettare l’ultimo momento: inizia subito il percorso di conformità e garantisci alla tua azienda un futuro sicuro e competitivo.

Iscriviti oggi stesso al nostro corso sulla direttiva NIS2

Preparati a guidare la tua azienda verso la compliance con il supporto dei nostri esperti.

Visita il nostro corso online e approfitta dello sconto del 25% fino al 31 dicembre 2024.

La sicurezza informatica inizia dalla formazione!

L'articolo La direttiva NIS2: un passo fondamentale per la sicurezza informatica aziendale proviene da il blog della sicurezza informatica.