[Charmed Labs] are responsible for bringing numerous open-source hardware products to fruition over the years, and their latest device is an adorably small robotic camera platform called Goby, currently crowdfunding for its initial release. Goby has a few really clever design features and delivers a capable (and hackable) platform for under 100 USD.

Goby embraces its small size, delivering what its creators dub “tinypresence” — or the feeling of being there, but on a very small scale. Cardboard courses, LEGO arenas, or even tabletop gaming scenery hits different when experienced from a first-person perspective. Goby is entirely reprogrammable with nothing more than a USB cable and the Arduino IDE, while costing less than most Arduino starter kits.
Recharging happens by driving over the charger, then pivoting down so the connectors (the little blunt vampire fangs under and to each side of the camera) come into contact with the charger.
One of the physical features we really like is the tail-like articulated caster at the rear. Flexing this pivots Goby up or down (and can even flip Goby completely over), allowing one to pan and tilt the view without needing to mount the camera on a gimbal. It also comes into play for recharging; Goby simply moves over the disc-shaped charger and pivots down to make contact.

At Goby‘s heart is an ESP32-S3 and OmniVision OV2640 camera sensor streaming a live video feed (and driving controls) with WebRTC. Fitting the WebRTC stack onto an ESP32 wasn’t easy, but opens up possibilities beyond just media streaming.

Goby is set up to make launching an encrypted connection as easy as sharing a URL or scanning a QR code. The link is negotiated between bot and client with the initial help of an external server, and once a peer-to-peer connection is established, the server’s job is done and it is out of the picture. [Charmed Labs]’s code for this functionality — named BitBang — is in beta and destined for an open release as well. While BitBang is being used here to make it effortless to access Goby remotely, it’s more broadly intended to make web access for any ESP32-based device easier to implement.

As far as tiny remote camera platforms go, it might not be as small as rebuilding a Hot Wheels car into a micro RC platform, but it’s definitely more accessible and probably cheaper, to boot. Check it out at the Kickstarter (see the first link in this post) and watch it in action in the video, embedded just below the page break.

youtube.com/embed/iuJ_9_ITKFs?…

hackaday.com/2025/04/17/tiny-h…

Running a dairy farm used to be a rather hands-on experience, with the farmer required to be around every few hours to milk the cows, feed them, do all the veterinarian tasks that the farmer can do themselves, and so on. The introduction of milking machines in the early 20th century however began a trend of increased automation whereby a single farmer could handle a hundred cows by the end of the century instead of only a couple. In a recent article in IEEE Spectrum covers the continued progress here is covered, including cows milking themselves, on-demand style as shown in the top image.

The article focuses primarily on Dutch company Lely’s recent robots, which range from said self-milking robots to a manure cleaning robot that looks like an oversized Roomba. With how labor-intensive (and low-margin) a dairy farm is, any level of automation that can improve matters will be welcomed, with so far Lely’s robots receiving a mostly positive response. Since cows are pretty smart, they will happily guide themselves to a self-milking robot when they feel that their udders are full enough, which can save the farmer a few hours of work each day, as this robot handles every task, including the cleaning of the udders prior to milking and sanitizing itself prior to inviting the next cow into its loving embrace.

As for the other tasks, speaking as a genuine Dutch dairy farm girl who was born & raised around cattle (and sheep), the idea of e.g. mucking out stables being taken over by robots is something that raises a lot more skepticism. After all, a farmer’s children have to earn their pocket money somehow, which includes mucking, herding, farm maintenance and so on. Unless those robots get really cheap and low maintenance, the idea of fully automated dairy farms may still be a long while off, but reducing the workload and making cows happier are definitely lofty goals.

Top image: The milking robot that can automatically milk a cow without human assistance. (Credit: Lely)

hackaday.com/2025/04/17/rise-o…

No doubt many readers have at times wished to try their hand at blacksmithing, but it’s fair to say that acquiring an anvil represents quite the hurdle. For anyone not knowing where to turn there’s a video from [Black Bear Forge], in which he takes us through a range of budget options.

He starts with a sledgehammer, the simplest anvil of all, which we would agree makes a very accessible means to do simple forge work. He shows us a rail anvil and a couple of broken old anvils, before spending some time on a cheap Vevor anvil and going on to some much nicer more professional ones. It’s probably the Vevor which is the most interesting of the ones on show though, not because it is particularly good but because it’s a chance to see up close one of these very cheap anvils.

Are they worth taking the chance? The one he’s got has plenty of rough parts and casting flaws, an oddly-sited pritchel and a hardy hole that’s too small. These anvils are sometimes referred to as “Anvil shaped objects”, and while this one could make a reasonable starter it’s not difficult to see why it might not be the best purchase. It’s a subject we have touched on before in our blacksmithing series, so we’re particularly interested to see his take on it.

youtube.com/embed/ZJFFCp6-wKs?…

hackaday.com/2025/04/17/a-blac…

pixelfed.social/p/Fotos.photos…

Diego Herculano

2025-04-17 12:55:16

China

@photography@lemmy.ml
#photography #photo #streetphotography #fotografia #China #360Degrees #35mm #art #travel #press #news #photooftheday #mastodon #PortfolioDay #pixelfed #photojournalism #photodocumentary #beach

How it started: a simple repair job on a Roland drum machine. How it ended: a scratch-built FM drum synth module that’s completely analog, and completely cool.

[Moritz Klein]’s journey down the analog drum machine rabbit hole started with a Roland TR-909, a hybrid drum machine from the mid-80s that combined sampled sounds with analog synthesis. The unit [Moritz] picked up was having trouble with the decay on the kick drum, so he spread out the gloriously detailed schematic and got to work. He breadboarded a few sections of the kick drum circuit to aid troubleshooting, but one thing led to another and he was soon in new territory.

The video below is on the longish side, with the first third or so dedicated to recreating the circuits used to create the 909’s iconic sound, slightly modifying some of them to simplify construction. Like the schematic that started the whole thing, this section of the video is jam-packed with goodness, too much to detail here. But a few of the gems that caught our eye were the voltage-controlled amplifier (VCA) circuit that seems to make appearances in multiple places in the circuit, and the dead-simple wave-shaper circuit, which takes some of the harmonics out of the triangle wave oscillator’s output with just a couple of diodes and some resistors.

Once the 909’s kick and toms section had been breadboarded, [Moritz] turned his attention to adding something Roland hadn’t included: frequency modulation. He did this by adding a second, lower-frequency voltage-controlled oscillator (VCO) and using that to modulate the drum section. That resulted in a weird, metallic sound that can be tuned to imitate anything from a steel drum to a bell. He also added a hi-hat and cymbal section by mixing the square wave outputs on the VCOs through a funky XOR gate made from discrete components and a high-pass filter.

There’s a lot of information packed into this video, and by breaking everything down into small, simple blocks, [Moritz] makes it easy to understand analog synths and the circuits behind them.

youtube.com/embed/Xbl1xwFR3eg?…

hackaday.com/2025/04/17/design…

Molte persone che si avvicinano al machine learning non hanno un forte background in ingegneria del software, e quando devono lavorare su un prodotto reale, il loro codice può risultare disordinato e difficile da gestire. Per questo motivo, raccomando sempre vivamente di imparare a usare le coding best practices, che ti permetteranno di lavorare senza problemi all’interno di un team e di migliorare il livello del progetto su cui stai lavorando. Oggi voglio parlare dell’inheritance di Python e mostrare alcuni semplici esempi di come utilizzarla nel campo del machine learning.

Nello sviluppo software e in altri ambiti dell’informatica, il technical debt (noto anche come design debt o code debt) rappresenta il costo implicito di future rielaborazioni dovuto a una soluzione che privilegia la rapidità rispetto a un design a lungo termine.

Se sei interessato a saperne di più sui design patterns, potresti trovare utili alcuni dei miei articoli precedenti.

Python Inheritance

L’Inheritance non è solo un concetto di Python, ma un concetto generale nell’Object Oriented Programming. Quindi, in questo tutorial, dovremo lavorare con classei e oggetti, che rappresentano un paradigma di sviluppo non molto utilizzato in Python rispetto ad altri linguaggi come Java.

Nell’OOP, possiamo definire una classe generale che rappresenta qualcosa nel mondo, ad esempio una Persona, che definiamo semplicemente con un nome, un cognome e un’età nel seguente modo.

class Person:
def __init__(self, name, surname, age):
self.name = name
self.surname = surname
self.age = age

def __str__(self):
return f"Name: {self.name}, surname: {self.surname}, age: {self.age}"

def grow(self):
self.age +=1

In questa classe, abbiamo definito un semplice costruttore (init). Poi abbiamo definito il method str, che si occuperà di stampare l’oggetto nel modo che desideriamo. Infine, abbiamo il method grow() per rendere la persona di un anno più vecchia.

Ora possiamo instanziare un oggetto e utilizzare questa classe.

person = Person("Marcello", "Politi", 28)
person.grow()
print(person)

# output wiil be
# Name: Marcello, surname: Politi, age: 29

E se volessimo definire un particolare tipo di persona, ad esempio un operaio? Possiamo fare la stessa cosa di prima, ma aggiungiamo un’altra variabile di input per aggiungere il suo stipendio.

class Worker:
def __init__(self, name, surname, age, salary):
self.name = name
self.surname = surname
self.age = age
self.salary = salary

def __str__(self):
return f"Name: {self.name}, surname: {self.surname}, age: {self.age}, salary: {self.salary}"

def grow(self):
self.age +=1

Tutto qui. Ma è questo il modo migliore per implementarlo? Vedete che la maggior parte del codice del lavoratore è uguale a quello della persona, perché un lavoratore è una persona particolare e condivide molte cose in comune con una persona.

Quello che possiamo fare è dire a Python che il lavoratore deve ereditare tutto da Persona, e poi aggiungere manualmente tutte le cose di cui abbiamo bisogno, che una persona generica non ha.

class Worker(Person):
def __init__(self, name, surname, age, salary):
super().__init__(name, surname, age)
self.salary = salary

def __str__(self):
text = super().__str__()
return text + f",salary: {self.salary}"

Nella classe worker, il costruttore richiama il costruttore della classe person sfruttando la parola chiave super() e poi aggiunge anche la variabile salary.

La stessa cosa avviene quando si definisce il metodo str. Utilizziamo lo stesso testo restituito da Person usando la parola chiave super e aggiungiamo il salario quando stampiamo l’oggetto.

Ereditarietà nel Machine Learning

Non ci sono regole su quando usare l’ereditarietà nell’machine learning . Non so a quale progetto stiate lavorando, né come sia il vostro codice. Voglio solo sottolineare il fatto che dovreste adottare un paradigma OOP nel vostro codice. Tuttavia, vediamo alcuni esempi di utilizzo dell’ereditarietà.

Definire un BaseModel

Sviluppiamo una classe di base per il modello di ML, definita da alcune variabili standard. Questa classe avrà un metodo per caricare i dati, uno per addestrare, un altro per valutare e uno per preelaborare i dati. Tuttavia, ogni modello specifico preelaborerà i dati in modo diverso, quindi le sottoclassi che erediteranno il modello di base dovranno riscrivere il metodo di preelaborazione.
Attenzione, il modello BaseMLModel stesso eredita la classe ABC. Questo è un modo per dire a Python che questa classe è una classe astratta e non deve essere usata, ma è solo un modello per costruire sottoclassi.

Lo stesso vale per il metodo preprocess_train_data, che è contrassegnato come @abstactmethod. Ciò significa che le sottoclassi devono reimplementare questo metodo.

Guardate questo video per saperne di più su classi e metodi astratti:

youtube.com/embed/UDmJGvM-OUw?…

from abc import ABC, abstractmethod
from sklearn.model_selection import train_test_split
from sklearn.metrics import accuracy_score
from sklearn.ensemble import RandomForestClassifier
from sklearn.linear_model import LogisticRegression
from sklearn.datasets import load_iris
import numpy as np

class BaseMLModel(ABC):
def __init__(self, test_size=0.2, random_state=42):
self.model = None # This will be set in subclasses
self.test_size = test_size
self.random_state = random_state
self.X_train = None
self.X_test = None
self.y_train = None
self.y_test = None

def load_data(self, X, y):
self.X_train, self.X_test, self.y_train, self.y_test = train_test_split(
X, y, test_size=self.test_size, random_state=self.random_state
)

@abstractmethod
def preprocess_train_data(self):
"""Each model can define custom preprocessing for training data."""
pass

def train(self):
self.X_train, self.y_train = self.preprocess_train_data()
self.model.fit(self.X_train, self.y_train)

def evaluate(self):
predictions = self.model.predict(self.X_test)
return accuracy_score(self.y_test, predictions)

Vediamo ora come ereditare da questa classe. Per prima cosa, possiamo implementare un LogisticRegressionModel. Che avrà il suo algoritmo di preelaborazione.

class LogisticRegressionModel(BaseMLModel):
def __init__(self, **kwargs):
super().__init__()
self.model = LogisticRegression(**kwargs)

def preprocess_train_data(self):
#Standardize features for Logistic Regression
mean = self.X_train.mean(axis=0)
std = self.X_train.std(axis=0)
X_train_scaled = (self.X_train - mean) / std
return X_train_scaled, self.y_train

Poi possiamo definire tutte le sottoclassi che vogliamo. Qui ne definisco una per una Random Forest.

class RandomForestModel(BaseMLModel):
def __init__(self, n_important_features=2, **kwargs):
super().__init__()
self.model = RandomForestClassifier(**kwargs)
self.n_important_features = n_important_features

def preprocess_train_data(self):
#Select top `n_important_features` features based on variance
feature_variances = np.var(self.X_train, axis=0)
top_features_indices = np.argsort(feature_variances)[-self.n_important_features:]
X_train_selected = self.X_train[:, top_features_indices]
return X_train_selected, self.y_train

Ora usiamo tutto nella funzione main.

if __name__ == "__main__":
# Load dataset
data = load_iris()
X, y = data.data, data.target

# Logistic Regression
log_reg_model = LogisticRegressionModel(max_iter=200)
log_reg_model.load_data(X, y)
log_reg_model.train()
print(f"Logistic Regression Accuracy: {log_reg_model.evaluate()}")

# Random Forest
rf_model = RandomForestModel(n_estimators=100, n_important_features=3)
rf_model.load_data(X, y)
rf_model.train()
print(f"Random Forest Accuracy: {rf_model.evaluate()}")

Conclusioni

Uno dei principali vantaggi dell’ereditarietà di Python nei progetti ML è nella progettazione di codici modulari, mantenibili e scalabili. L’ereditarietà aiuta a evitare codice ridondante, scrivendo la logica comune in una classe base, come BaseMLModel, riducendo quindi la duplicazione del codice. L’inheritance rende anche facile incapsulare comportamenti comuni in una classe base, permettendo alle subclasses di definire dettagli specifici.

Il principale vantaggio, a mio avviso, è che una codebase ben organizzata e orientata agli oggetti consente a più sviluppatori all’interno di un team di lavorare indipendentemente su parti separate. Nel nostro esempio, un ingegnere capo potrebbe definire il modello base, e poi ogni sviluppatore potrebbe concentrarsi su un singolo algoritmo e scrivere la subclass.
Prima di immergerti in design patterns complessi, concentrati sull’utilizzo delle best practices nell’OOP. Farlo ti renderà un programmatore migliore rispetto a molti altri nel campo dell’AI!

L'articolo Inheritance in Python: la chiave per scrivere codice pulito e collaborativo nel Machine Learnin proviene da il blog della sicurezza informatica.

If you’ve spent any time on two wheels, you’ve certainly experienced the woes of poor bicycle shifting. You hit the button or twist the knob expecting a smooth transition into the next gear, only to be met with angry metallic clanking that you try to push though but ultimately can’t. Bicycle manufacturers collectively spent millions attempting to remedy this issue with the likes of gearboxes, electronic shifting, and even belt-driven bikes. But Praxis believes to have a better solution in their prototype HiT system.

Rather then moving a chain between gears, their novel solution works by folding gears into or away from a chain. These gears are made up of four separate segments that individually pivot around an axle near the cog’s center. These segments are carefully timed to ensure there is no interference with the chain making shifting look like a complex mechanical ballet.

While the shift initialization is handled electronically, the gear folding synchronization is mechanical. The combination of electronic and mechanical systems brings near-instant shifting under load at rotational rates of 100 RPM. Make sure to scroll through the product page and watch the videos showcasing the mechanism!

The HiT gearbox is a strange hybrid between a derailleur and a gearbox. It doesn’t contain a clutch based gear change system or even a CVT as seen in the famous Honda bike of old. It’s fully sealed with more robust chains and no moving chainline as in a derailleur system. The prototype is configurable between four or sixteen speeds, with the four speed consisting of two folding gear pairs connected with a chain and the sixteen speed featuring a separate pair of folding gears. The output is either concentric to the input, or above the input for certain types of mountain bikes.

Despite the high level of polish, this remains a prototype and we eagerly await what Praxis does next with the system. In the meantime, make sure to check out this chainless e-drive bicycle.

hackaday.com/2025/04/17/bicycl…

If you had to guess, what do you think it would take to build an ocean-going buoy that could not only survive on its own without human intervention for more than two years, but return useful data the whole time? You’d probably assume such a feat would require beefy hardware, riding inside an expensive and relatively large watertight vessel of some type — and for good reason, the ocean is an unforgiving environment, and has sent far more robust hardware to the briny depths.

But as Wayne Pavalko found back in 2016, a little planning can go a long way. That’s when he launched the first of what he now calls Maker Buoys: a series of solar-powered drifting buoys that combine a collection of off-the-shelf sensor boards with an Arduino microcontroller and an Iridium Short-Burst Data (SBD) modem in a relatively simple watertight box.

He guessed that first buoy might last a few weeks to a month, but when he finally lost contact with it after 771 days, he realized there was real potential for reducing the cost and complexity of ocean research.

Wayne recalled the origin of his project and updated the audience on where it’s gone from there during his 2024 Supercon talk, Adventures in Ocean Tech: The Maker Buoy Journey. Even if you’re not interested in charting ocean currents with homebrew hardware, his story is an inspirational reminder that sometimes a fresh approach can help solve problems that might at first glance seem insurmountable.

DIY All the Way

As Dan Maloney commented when he wrote-up that first buoy’s journey in 2017, the Bill of Materials for a Maker Buoy is tailored for the hobbyist. Despite being capable of journeys lasting for several thousand kilometers in the open ocean, there’s no marine-grade unobtainium parts onboard. Indeed, nearly all of the electronic components can be sourced from Adafruit, with the most expensive line item being the RockBLOCK 9603 Iridium satellite modem at $299.

Even the watertight container that holds all the electronics is relatively pedestrian. It’s the sort of plastic latching box you might put your phone or camera in on a boat trip to make sure it stays dry and floats if it falls overboard. Wayne points out that the box being clear is a huge advantage, as you can mount the solar panel internally. Later versions of the Maker Buoy even included a camera that could peer downward through the bottom of the box.

Wayne says that first buoy was arguably over-built, with each internal component housed in its own waterproof compartment. Current versions instead hold all of the hardware in place with a 3D printed internal frame. The bi-level framework puts the solar panel, GPS, and satellite modem up at the top so they’ve got a clear view of the sky, and mounts the primary PCB, battery, and desiccant container down on the bottom.

The only external addition necessary is to attach a 16 inch (40 centimeter) long piece of PVC pipe to the bottom of the box, which acts as a passive stabilizer. Holes drilled in the pipe allow it to fill with water once submerged, lowering the buoy’s center of gravity and making it harder to flip over. At the same time, should the buoy find itself inverted due to wave action, the pipe will make it top-heavy and flip it back over.

It’s simple, cheap, and incredibly effective. Wayne mentions that data returned from onboard Inertial Measurement Units (IMUs) have shown that Maker Buoys do occasionally find themselves going end-over-end during storms, but they always right themselves.

youtube.com/embed/5WSOKEplw9g?…

Like Space…But Wetter

The V1 Maker Buoy was designed to be as reliable as possible.
Early on in his presentation, Wayne makes an interesting comparison when talking about the difficulties in developing the Maker Buoy. He likens it to operating a spacecraft in that your hardware is never coming back, nobody will be able to service it, and the only connection you’ll have to the craft during its lifetime is a relatively low-bandwidth link.

But one could argue that the nature of Iridium communications makes the mission of the Maker Buoy even more challenging than your average spacecraft. As the network is really only designed for short messages — at one point Wayne mentions that even sending low-resolution images of only a few KB in size was something of an engineering challenge — remotely updating the software on the buoy isn’t an option. So even though the nearly fifty year old Voyager 1 can still receive the occasional software patch from billions of miles away, once you drop a Maker Buoy into the ocean, there’s no way to fix any bugs in the code.

Because of this, Wayne decided to take the extra step of adding a hardware watchdog timer that can monitor the buoy’s systems and reboot the hardware if necessary. It’s a bit like unplugging your router when the Internet goes out…if your Internet was coming from a satellite low-Earth orbit and your living room happened to be in the middle of the ocean.

From One to Many

After publishing information about his first successful Maker Buoy online, Wayne says it wasn’t long before folks started contacting him about potential applications for the hardware. In 2018, a Dutch non-profit expressed interest in buying 50 buoys from him to study the movement of floating plastic waste in the Pacific. The hardware was more than up to the task, but there was just one problem: up to this point, Wayne had only built a grand total of four buoys.

Opportunities like this, plus the desire to offer the Maker Buoy in kit and ready to deploy variants for commercial and educational purposes, meant Wayne had to streamline his production. When it’s just a personal project, it doesn’t really matter how long it takes to assemble or if everything goes together correctly the first time. But that approach just won’t work if you need to deliver functional units in quantities that you can’t count on your fingers.

As Wayne puts it, making something and making something that’s easily producible are really two very different things. The production becomes a project in its own right. He explains that investing the time and effort to make repetitive tasks more efficient and reliable, such as developing jigs to hold pieces together while you’re working on them, more than pays off for itself in the end. Even though he’s still building them himself in his basement, he uses an assembly line approach that allows for the consistent results expected by paying customers.

A Tale Well Told

While the technical details of how Wayne designed and built the different versions of the Maker Buoy are certainly interesting, it’s hearing the story of the project from inception to the present day that really makes watching this talk worthwhile. What started as a simple “What If” experiment has spiraled into a side-business that has helped deploy buoys all over the planet.

Admittedly, not every project has that same potential for growth. But hearing Wayne tell the Maker Buoy story is the sort of thing that makes you want to go dust off that project that’s been kicking around in the back of your head and finally give it a shot. You might be surprised by the kind of adventure taking a chance on a wild idea can lead to.

youtube.com/embed/cCYdSGGZcv0?…

hackaday.com/2025/04/17/superc…

Il Global Threat Report 2025 di CrowdStrike ha tracciato l’evoluzione e anticipato le sfide per la sicurezza informatica, ponendo attenzione sulla necessità di un ripensamento radicale delle strategie difensive tradizionali. Su questo e molto altro si confronterà un panel di esperti e aziende al CrowdTour, il 5 giugno a Milano.

Il Global Threat Report 2025 di CrowdStrike ha recentemente fotografato un panorama globale delle minacce informatiche in evoluzione. Nel 2024, la rapidità con cui gli attaccanti sono riusciti a sfruttare le vulnerabilità per insidiarsi nei sistemi è cresciuta, con un breakout timeminimo registrato di appena 51 secondi.

I cybercriminali, sempre più rapidi, sofisticati e organizzati, sfruttano le vulnerabilità degli ambienti cloud, le debolezze umane e tecnologie emergenti, prima tra tutte l’intelligenza artificiale generativa, per colpire le aziende ovunque e in ogni settore mettendo in luce l’esigenza non più trascurabile di mettere in pratica strategie di difesa più articolate.

L’intelligenza artificiale generativa: l’arma nelle mani degli attaccanti

Protagonista dell’indagine di CrowdStrike l’adozione su larga scala nel 2024 della GenAI da parte degli attaccanti informatici. L’AI ha notevolmente migliorato la qualità degli attacchi, in termini di automazione e scalabilità, generazione automatica di contenuti e di social engineering sempre più precisi. Gli strumenti di intelligenza artificiale generativa sono stati usati infatti per scrivere e-mail di phishing più credibili, creare profili falsi, realizzare contenuti manipolatori e automatizzare la creazione di malware.

Sono stati osservati in particolare gruppi nordcoreani, primo tra tutti FAMOUS CHOLLIMA, responsabile di aver utilizzato tecniche di social engineering per supportare la creazione di profili LinkedIn falsi, testi e risposte più credibili da utilizzare durante i colloqui di lavoro, utilizzando strumento di Gen AI. Con queste tecniche è stato possibile per questi criminali ingannare i recruiter, farsi assumere all’interno di grandi aziende come sviluppatori di software e tecnici IT e poi spedire i laptop aziendali in dotazione presso “Laptop farms” situate in paesi specifici per ottenere un IP pubblico di provenienza “trusted” (es. USA) e, una volta ottenuto l’accesso alle reti aziendali, installare strumenti di gestione remota (RMM) e estensioni del browser malevole per esfiltrare dati o eseguire altre attività malevole.

Le nuove frontiere dello spionaggio: la Cina e il cloud nel mirino

Il report ha posto anche l’attenzione su un aumento significativo dell’attività malevola associata alla Cina, cresciuta del 150% su scala globale e fino al 300% in settori come finanza, media, manifattura, industria e ingegneria.

Anche il cloud è diventato un bersaglio privilegiato, poiché responsabile della creazione di superfici di attacco sempre più estese, ma anche di configurazioni spesso errate e vulnerabilità non patchate.

Gli attaccanti hanno sfruttato identità compromesse e l’exploitation of trust relationship, ovvero abusi dei rapporti di fiducia, per muoversi lateralmente e mantenere l’accesso alle risorse cloud. Sono aumentate le intrusioni SaaS, in particolare su piattaforme come Microsoft 365, spesso finalizzate a esfiltrare dati ai fini di estorsione o di accesso a terze parti.

Quali strategie difensive adottare in azienda

CrowdStrike non si limita ad analizzare l’evoluzione delle minacce nel corso del 2024, ma propone una serie di riflessioni, raccomandazioni e best practices per le organizzazioni:

• Proteggere l’intero ecosistema delle identità adottando MFA resistenti al phishing, implementando politiche di accesso forti e utilizzando strumenti di rilevamento delle minacce alle identità integrati con piattaforme XDR
• Eliminare i gap di visibilità cross-domain: modernizzando le strategie di rilevamento e risposta con soluzioni XDR e SIEM di nuova generazione, svolgendo threat hunting proattivo e utilizzando intelligence sulle minacce
• Difendere il cloud come infrastruttura core: utilizzare CNAPP con capacità CDR, eseguire audit regolari per scoprire configurazioni errate e vulnerabilità non patchate
• Dare priorità al patching dei sistemi critici e utilizzare strumenti come Falcon Exposure Management per concentrarsi sulle vulnerabilità ad alto rischio
• Adottare un approccio basato sull’intelligence, integrare l’intelligence nelle operazioni di sicurezza, avviare programmi di consapevolezza degli utenti e svolgere esercitazioni di tabletop e red/blue teaming.

Appuntamento con il CrowdTour 2025 il prossimo 5 giugno a Milano

L’evento annuale di CrowdStrike farà tappa il prossimo 5 giugno presso PARCO Center Milano per un pomeriggio di full immersion nella cybersecurity.

L’azienda offrirà a professionisti, decision maker e aziende l’opportunità di confrontarsi direttamente con esperti internazionali, esplorare casi di successo e approfondire le più recenti innovazioni in ambito protezione degli endpoint, delle identità e delle infrastrutture cloud. L’evento rappresenterà anche un momento di networking per chi affronta quotidianamente le sfide della sicurezza, e di condivisione di esperienze reali, utile per lo sviluppo di strategie efficaci contro minacce tradizionali ed emergenti. Trovate tutte le informazioni sull’agenda e la possibilità di registrarsi a questo link.

L'articolo La sicurezza informatica nel 2025: un panorama di minacce in costante evoluzione e come difendersi proviene da il blog della sicurezza informatica.