Quanti di voi conoscono il celebre client SSH Putty? E quanti di voi l’ha installato scaricandolo da internet senza fare attenzione alla firma rilasciata dal produttore? Se ricadi in questo caso, la prossima volta potrebbe capitare a te!

Gli esperti di sicurezza di Arctic Wolf hanno identificato una nuova ondata di attacchi di avvelenamento SEO volti a distribuire un noto downloader dannoso chiamato Oyster, noto anche come Broomstick o CleanUpLoader. I truffatori utilizzano siti web falsi che imitano le risorse ufficiali di utility popolari come PuTTY e WinSCP per ingannare gli utenti, principalmente professionisti IT, che cercano questi strumenti sui motori di ricerca.

Il sito web dannoso offre il download di una versione falsa del programma desiderato. Una volta avviata, la backdoor Oyster viene installata sul dispositivo della vittima. Gli aggressori ne garantiscono il funzionamento costante creando un’attività pianificata che esegue la libreria DLL dannosa ogni tre minuti utilizzando l’utility “rundll32.exe”. Ciò indica l’utilizzo del meccanismo di registrazione delle DLL per infiltrarsi nel sistema.

I siti falsi utilizzati per distribuire il malware includono domini come updaterputty[.]com, zephyrhype[.]com, putty[.]run, putty[.]bet e puttyy[.]org. Gli esperti sospettano che l’elenco dei programmi utilizzati per distribuire il downloader non si limiti a PuTTY e WinSCP.

Inoltre, sono diventate più attive anche altre campagne che sfruttano il SEO poisoning per promuovere malware correlati all’intelligenza artificiale. Ad esempio, durante la ricerca di strumenti di intelligenza artificiale, gli utenti potrebbero essere indirizzati a siti con codice JavaScript incorporato che verifica la presenza di ad-blocker e raccoglie informazioni sul browser. Questo avvia una serie di reindirizzamenti che portano a una pagina di phishing che offre il download di un archivio ZIP contenente malware.

Secondo Zscaler, il risultato finale del download è spesso Vidar Stealer o Lumma Stealer, entrambi distribuiti come archivi con una password specificata nella pagina di download. L’archivio contiene un programma di installazione NSIS da 800 MB, che crea l’illusione di legittimità e aiuta a bypassare gli antivirus che si concentrano sulle dimensioni dei file. Il programma di installazione esegue uno script AutoIt, responsabile dell’attivazione del payload malware. La variante Legion Loader utilizza un file MSI e uno script BAT per distribuire il malware.

Un’altra campagna simile si basa sullo spoofing delle pagine CAPTCHA di Cloudflare. Gli utenti vengono attirati su pagine false di popolari servizi web che utilizzano la nota tecnica ClickFix per installare RedLine Stealer tramite Hijack Loader.

Secondo Kaspersky Lab, le piccole e medie imprese sono sempre più prese di mira. Solo nei primi quattro mesi del 2025, si sono verificati circa 8.500 attacchi in cui malware o programmi potenzialmente indesiderati si presentavano come strumenti come OpenAI ChatGPT, DeepSeek, Cisco AnyConnect, Google Drive, Microsoft Office, Teams, Salesforce e Zoom. Zoom ha rappresentato il 41% di tutti i file dannosi unici, seguito da Outlook e PowerPoint (16% ciascuno), Excel (12%), Word (9%) e Teams (5%). Il numero di file falsi mascherati da ChatGPT è aumentato del 115%, raggiungendo quota 177.

Gli attacchi che sfruttano il supporto tecnico di marchi famosi nei motori di ricerca sono particolarmente pericolosi. Cercando le pagine di servizio di Apple, Microsoft, Netflix o PayPal, un utente potrebbe finire su un sito falso che sembra ufficiale. Ma invece del vero numero di assistenza, ne viene visualizzato uno fraudolento . Questa tecnica viene implementata inserendo parametri di ricerca, che consentono di modificare la visualizzazione della pagina senza modificarne l’URL nei risultati di ricerca. Queste pagine vengono attivamente promosse tramite risultati a pagamento su Google.

Questi incidenti dimostrano come gli aggressori sfruttino aggressivamente la fiducia in marchi noti, piattaforme pubblicitarie e motori di ricerca per diffondere malware. La combinazione di trucchi social, trucchi tecnici e una portata su larga scala attraverso l’avvelenamento SEO trasforma le normali query di ricerca in potenziali trappole.

L'articolo PuTTY si trasforma in Trojan! Con Malwertising e SEO Poisoning, una falsa App installa Redline Stealer proviene da il blog della sicurezza informatica.

Humans have forever been using all manner of techniques to better secure the food we need to sustain our lives. The practice of agriculture is intimately tied to the development of society, while techniques like selective breeding and animal husbandry have seen our plants and livestock deliver greater and more nourishing bounty as the millennia have gone by. More recently, more direct tools of genetic engineering have risen to prominence, further allowing us to tinker with our crops to make them do more of what we want.

Recently, however, scientists have been pursuing a bold new technique. Researchers have explored using radiation from space to potentially create greater crops to feed more of us than ever.

“Cosmic Crops”

Most recently, an effort at “space mutagenesis” has been spearheaded by the International Atomic Energy Agency, a body which has been rather more notable for other works of late. In partnership with the UN’s Food and Agriculture Organization (FAO), it has been examining the effects that the space-based environment might have on seeds. Ideally, these effects would be positive, producing hardier crops with greater yields for the benefit of humanity.
The sorghum seeds that spent five months on the ISS as part of the joint FAO/IAEA research project. Credit: Katy Laffan/IAEA, CC BY 2.0
The concept is simple enough—put a bunch of seeds on the International Space Station (ISS), and see what happens. Specifically, researchers placed half the seeds outside the ISS, where they would be exposed to extreme cold and maximum doses of cosmic radiation. The other half were left inside the station as a control, where they would experience microgravity but otherwise be safe from temperature and radiation extremes. The hope was that the radiation may cause some random but beneficial mutations in the seed’s genetics which provide better crops for use on Earth.
Plant breeder and geneticist Anupama Hingane examines a sorghum plant grown at the FAO/IAEA Plant Breeding & Genetics Laboratory. Credit: Katy Laffan / IAEA, CC BY 2.0
Two types of seeds were sent up for the first trial by the IAEA and UN—sorghum, a nutrient-filled cereal grain, and arabidopsis, a fast-growing cress. After their flight on the ISS, they were returned to Earth to be germinated, grown, and examined for desirable traits. Of course, DNA sequencing was also on the table, to compare mutations generated in space with seeds kept inside the ISS and those irradiated under laboratory conditions.

The only thing missing from the IAEA’s experiment? A research paper. The seeds returned from space in April 2023, and were sent to the Plant Breeding and Genetics Laboratory in Seibersdorf, Austria soon after. We’ve seen pictures of the plants that sprouted from the seeds in space, but researchers are yet to publish full results or findings from the project.

Proven Benefits

It might sound like an oddball idea, particularly given the results from the IAEA’s project are yet to be delivered. However, space mutagenesis has been tried and tested to a greater degree than you might think. Chinese scientists have been experimenting with the technique of space mutagenesis for over 30 years, finding that it often delivers more beneficial mutations compared to using gamma rays in terrestrial labs.

Chinese efforts have seen many thousands of seeds irradiated via satellites and space stations, including a trip around the moon on the Chang’e-5 mission. Having been exposed to space radiation for anywhere from days to months, the seeds have returned to Earth and been planted and examined for beneficial mutations. While not every seed comes back better than before, some show rare mutations that offer breakthrough benefits in yield, drought resistance, fruit size, or temperature hardiness. These crops can then be bred further to refine the gains. Chinese efforts have experimented with everything from cotton to tomatoes, watermelons and corn, beyond others. A particular success story was Yujiao 1 – a sweet pepper variety released in 1990 boasting better fruit and resistance to disease, along with 16.4% higher yield than some comparable varieties.
A comparison of mutated peppers Yujiao 1 (Y1), Yujiao 2 (Y2), and Yujiao 3 (Y3) with comparable Longjiao wild types (marked W1,W2). Credit: research paper
The results of space mutagenesis are tracked very carefully, both by researchers involved and wider authorities. Notably, the IAEA maintains a Mutant Variety Database for plants that have been modified either by space-based radiation or a variety of other physical or chemical methods. This is important, and not only for reaping the benefits from mutagenic organisms. It’s also important to help researchers understand the mechanisms involved, and to help make sure that the risk of any negative traits breaking out into broader wild plant populations are mitigated.

Ultimately, space mutagenesis is just another tool in the toolbox for scientists looking to improve crops. It’s far from cheap to send seeds to space, let alone to do the research to weed out those with beneficial mutations from the rest. Still, the benefits on offer can be huge when scaled to the size of modern agriculture, so the work will go on regardless. It’s just another way to get more, something humans can never quite get enough of.

hackaday.com/2025/07/08/could-…

Over the course of evolution microorganisms have evolved pathways to break down many materials. The challenge with the many materials that we humans have created over just the past decades is that we cannot wait for evolution to catch up, ergo we have to develop such pathways ourselves. One such example is demonstrated by [Nick W. Johnson] et al. with a recent study in Nature Chemistry that explicitly targets PET plastic, which is very commonly used in plastic bottles.

The researchers modified regular E. coli bacteria to use PET plastic as an input via Lossen rearrangement, which converts hydroxamate esters to isocyanates, with at the end of the pathway para-aminobenzoate (PABA) resulting, which using biosynthesis created paracetamol, the active ingredient in Tylenol. This new pathway is also completely harmless to the bacterium, which is always a potential pitfall with this kind of biological pathway engineering.

In addition to this offering a potential way to convert PET bottles into paracetamol, the researchers note that their findings could be very beneficial to studies targeting other ‘waste’ products from biological pathways.

Thanks to [DjBiohazard] for the tip.

hackaday.com/2025/07/08/turnin…

From the very dawn of the personal computing era, the PC and Apple platforms have gone very different ways. IBM compatibles surged in popularity, while Apple was able to more closely guard the Macintosh from imitators wanting to duplicate its hardware and run its software.

Things changed when Apple announced it would hop aboard the x86 bandwagon in 2005. Soon enough was born the Hackintosh. It was difficult, yet possible, to run MacOS on your own computer built with the PC parts your heart desired.

Only, the Hackintosh era is now coming to the end. With the transition to Apple Silicon all but complete, MacOS will abandon the Intel world once more.

End Of An Era

macOS Tahoe is slated to drop later this year. Credit: Apple
2025 saw the 36th Worldwide Developers Conference take place in June, and with it, came the announcement of macOS Tahoe. The latest version of Apple’s full-fat operating system will offer more interface customization, improved search features, and the new attractive ‘Liquid Glass’ design language. More critically, however, it will also be the last version of the modern MacOS to support Apple’s now aging line of x86-based computers.

The latest OS will support both Apple Silicon machines as well as a small list of older Macs. Namely, if you’ve got anything with an M1 or newer, you’re onboard. If you’re Intel-based, though, you might be out of luck. It will run on the MacBook Pro 16 inch from 2019, as well as the MacBook Pro 13-inch from 2020, but only the model with four Thunderbolt 3 ports. It will also support iMacs and Mac Minis from 2020 or later. As for the Mac Pro, you’ll need one from 2019 or later, or 2022 or later for the Mac Studio.

Basically, beyond the release of Tahoe, Apple will stop releasing versions of its operating system for x86 systems. Going forward, it will only be compiling MacOS for ARM-based Apple Silicon machines.

How It Was Done

Of course, it’s worth remembering that Apple never wanted random PC builders to be able to run macOS to begin with. Yes, it will eventually stop making an x86 version of its operating system, but it had already gone to great lengths trying to stop macOS from running on non-authorized hardware. The dream of a Hackintosh was to build a powerful computer on the cheap, without having to pay Apple’s exorbitant prices for things like hard drive, CPU, and memory upgrades. However, you always had to jump through hoops, using hacks to fool macOS into running on a computer that Apple never built.

youtube.com/embed/0Afw3fchl9o?…

Installing macOS on a PC takes some doing.

Getting a Hackintosh running generally involved pulling down special patches crafted by a dedicated community of hackers. Soon after Apple started building x86 machines, hackers rushed to circumvent security features in what was then called Mac OS X, allowing it to run on non-Apple approved machines. The first patches landed just over a month after the first x86 Macs. Each subsequent Apple update to OS X locked things down further, only for the community to release new patches unlocking the operating system in quick succession. Sometimes this involved emulating the EFI subsystem which contemporary Macs used in place of a traditional PC’s BIOS. Sometimes it was involved as tweaking the kernel to stick to older SSE2 instructions when Apple’s use of SS3 instructions stopped the operating system running on older hardware. Depending on the precise machine you were building, and the version of OS X or MacOS that you hoped to run, you’d use different patches or hacks to get your machine booting, installing, and running to operating system.
Hackintosh communities maintain lists of bugs and things that don’t work quite right—no surprise given Apple’s developers put little thought into making their OS work on unofficial hardware. Credit: eliteMacx86.com via Screenshot
Running a Hackintosh often involved dealing with limitations. Apple’s operating system was never intended to run on just any hardware, after all. Typical hurdles included having to use specific GPUs or WiFi cards, for example, since broad support for the wide range of PC parts just wasn’t there. Similarly, sometimes certain motherboards wouldn’t work, or would require specific workarounds to make Apple’s operating system happy in a particularly unfamiliar environment.

Of course, you can still build a Hackintosh today. Instructions exist for installing and running macOS Sequoia (macOS 15), macOS Sonoma (macOS 14), as well as a whole host of earlier versions all the way back to when it was still called Mac OS X. When macOS Tahoe drops later this year, the community will likely work to make the x86 version run on any old PC hardware. Beyond that, though, the story will end, as Apple continues to walk farther into its ARM-powered future.

Ultimately, what the Hackintosh offered was choice. It wasn’t convenient, but if you were in love with macOS, it let you do what Apple said was verboten. You didn’t have to pay for expensive first party parts, and you could build your machine in the manner to which you were accustomed. You could have your cake and eat it too, which is to say that you could run the Mac version of Photoshop because that apparently mattered to some people. Now, all that’s over, so if you love weird modifier keys on your keyboard and a sleek, glassy operating system, you’ll have to pay the big bucks for Apple hardware again. The Hackintosh is dead. Long live Apple Silicon, so it goes.

hackaday.com/2025/07/08/the-en…

Il 3 luglio, all’arrivo presso l’aeroporto di Malpensa, un uomo cinese di 33 anni è stato immediatamente fermato dalle autorità. Si è trattato di un mandato di cattura emesso dalle autorità degli Stati Uniti, nell’ambito di un’indagine condotta dall’Fbi.

L’uomo, probabilmente affiliato al gruppo Silk Typhoon è stato coinvolto in operazioni di spionaggio dal 2020. Si tratta di Xu Zewei, 33 anni, che svolge attività di tecnico per un’azienda di informatica, arrivato in Italia per le vacanze estive.

Silk Typhoon (HAFNIUM) è un gruppo National State Sponsored con sede in Cina. I principali obiettivi di Silk Typhoon sono le attività del settore sanitario, gli studi legali, gli istituti di istruzione superiore, gli appaltatori della difesa, think tank politici e organizzazioni non governative (ONG) con sede negli Stati Uniti, in Australia, Giappone e Vietnam.

Silk Typhoon si concentra sulla ricognizione e sulla raccolta dei dati cercando in siti Web aperti eventuali dati persi sull’infrastruttura colpita, oltre a usare strumenti come China Chopper e a sfruttarevulnerabilità zero-day. Il lavoro più conosciuto di Silk Typhoon riguarda un attacco a Microsoft Exchange, durante il quale gli aggressori hanno rubato documenti sensibili relativi alla politica del governo degli Stati Uniti, agli appaltatori della difesa e altro ancora.

Inoltre si sospetta che Xu Zewei abbia preso parte ad attività di spionaggio che hanno consentito alla Cina di approvvigionare importanti informazioni sui vaccini anti-COVID. Per l’Fbi l’attività di spionaggio sarebbe stata effettuata dal 33enne (e dal team) per conto di autorità appartenenti al governo cinese anche se potrebbe trattarsi di uno scambio di persona dato il nome molto comune.

Il 4 luglio, la giudice Veronica Tallarida della quinta penale d’appello di Milano ha convalidato l’arresto e ha emesso la custodia cautelare in carcere (ora è detenuto a Busto Arsizio, provincia di Varese), dopo che il provvedimento degli Usa era stato eseguito il giorno prima, verso le 11, dalla Polizia a Malpensa.

Gli Stati Uniti lo accusano, come risulta dagli atti, di vari reati: frode telematica e furto di identità aggravato, punibili con un massimo di 5 anni di reclusione; associazione a delinquere finalizzata alla frode telematica, con una pena massima di 20 anni; accesso non autorizzato a computer protetti, che può essere punito con fino a 5 anni.

Esiste per il giudice un concreto rischio di evasione, considerando che l’uomo è recentemente arrivato in Italia tramite un volo proveniente da Shanghai e non sembra avere alcun legame stabile in Italia. L’udienza di domani mattina sarà limitata esclusivamente all'”identificazione personale e al possibile consenso all’estradizione.

L'articolo Arrestato in Italia un Hacker di Silk Typhoon, l’APT che colpì le infrastrutture di Microsoft Exchange proviene da il blog della sicurezza informatica.