Recently Canada’s Canadarm2 caught its 50th spacecraft in the form of a Northrop Grumman Cygnus cargo vessel since 2009. Although perhaps not the most prominent part of the International Space Station (ISS), the Canadarm2 performs a range of very essential functions on the outside of the ISS, such as moving equipment around and supporting astronauts during EVAs.
Power and Data Grapple Fixture on the ISS (Credit: NASA)
Officially called the Space Station Remote Manipulator System (SSRMS), it is part of the three-part Mobile Servicing System (MSS) that allows for the Canadarm2 and the Dextre unit to scoot around the non-Russian part of the ISS, attach to Power Data Grapple Fixtures (PDGFs) on the ISS and manipulate anything that has a compatible Grapple Fixture on it.

Originally the MSS was not designed to catch spacecraft when it was installed in 2001 by Space Shuttle Endeavour during STS-100, but with the US moving away from the Space Shuttle to a range of unmanned supply craft which aren’t all capable of autonomous docking, this became a necessity, with the Japanese HTV (with grapple fixture) becoming the first craft to be caught this way in 2009. Since the Canadarm2 was originally designed to manipulate ISS modules this wasn’t such a major shift, and the MSS is soon planned to also started building new space stations when the first Axiom Orbital Segment is launched by 2026. This would become the Axiom Station.

With the Axiom Station planned to have its own Canadarm-like system, this will likely mean that Canadarm2 and the rest of the MSS will be decommissioned with the rest of the ISS by 2031.

Top image: Canadarm2 captures Cygnus OA-5 S.S. Alan Poindexter in late 2016 (Credit: NASA)

[Mellow_Labs] wanted an Everything Presence Lite kite but found it was always out of stock. Therefore, he decided to create his own. The kit uses a millimeter wave sensor as a super-sensitive motion tracker for up to three people. It can even read your heart rate remotely. You can see a video of the project below.

There are a few differences from the original kit. Both use the C4001 24 GHz human presence detection sensor. However, the homebrew version also includes a BME680 environmental sensor.

If you haven’t seen a millimeter wave sensor—often written mmwave—before, it is essentially a tiny radar that can measure movement, acceleration, and angles very accurately. They are available at different microwave wavelengths and have onboard processing to easily provide useful information for a processor like the one in this project. The processor on board is an ESP32, which works well with [Mellow_Labs’] home automation system.

A 3D-printed case rounds everything out. Circuit-wise, there isn’t much going on since everything is on a module PCB. You essentially just have to connect everything together.

These sensors can do a lot of things. For example, inspecting pipelines. Another common way to detect people is to use a specialized camera.

youtube.com/embed/P8RO9gjs_h4?…

We’ve all got our favorite hand tools, and while the selection criteria are usually pretty subjective, it usually boils down to a combination of looks and feel. In our opinion, the king of both these categories when it comes to screwdrivers is those clear, hard acetate plastic handles, which are a joy to use — at least until the plastic starts to degrade and exude a characteristically funky aroma.

But perhaps we can change that if these experiments on screwdriver “mange” hold up. That’s [357magdad]’s unappealing but accurate description of the chemical changes that eventually occur in the strong, hard, crystal-clear handles of your favorite screwdrivers. The polymer used for these handles is cellulose acetate butyrate, or CAB, which is mostly the same cellulose acetate that replaced the more explode-y cellulose nitrate in things like pool balls and movie film, except with some of the acetate groups replaced with a little butyric acid. The polymer is fine at first, but add a little UV light and over time the outer layer of CAB decomposes into a white flaky cellulose residue while the butyric acid volatilizes, creating the characteristic odor of vomitus. Lovely.

In the video below, [357magdad] takes a look at different concoctions that all allegedly cure the mange. TL, DW; it was a dunk in household ammonia that performed the best, well ahead of other common agents like vinegar and bleach. The ammonia — or more precisely, ammonium hydroxide — works very quickly on the cellulose residue, dissolving it readily and leaving the handle mange-free and looking nearly new after some light scrubbing. None of the other agents came close, although acetone did manage to clear up the mange a bit, at the cost of softening the underlying CAB in a process that’s probably similar to acetone smoothing ABS prints.

As for the funky smell, well, the results were less encouraging. Nothing really got rid of the pukey smell, even a roll in baking soda. We suspect there won’t be much for that, since humans can detect it down to 10 parts per million. Consider it the price to pay for a nice-looking screwdriver that feels so good in your hand.

youtube.com/embed/n_Q4zsE_bFA?…

If you’re thinking about building a single tiny game or even a platform, you might be tempted to use a single button for everything. Such is the case with [Alex]’s Salsa ONE minimalist game console, which is inspired by both the Arduboy and the ergonomics of the SanDisk Sansa music player.

With Salsa ONE, [Alex] aimed to make something that is both simple and challenging. The result is something that, awesomely enough, doesn’t need a PCB, and can be comfortably controlled with just one thumb. There isn’t much to this thing, which is essentially an RP2040, an OLED, a vibration motor, a buzzer, a button, and a CR2032 coin cell. [Alex] chose to program Salsa ONE in MicroPython. Be sure to check it out in action in the brief demo after the break.

Have you got an idea for a tiny game? Don’t hesitate to enter the 2024 Tiny Games Contest! You have until September 10th, so head on over to Hackaday.io and get started today.

youtube.com/embed/o96_ZfCg81I?…

You may have heard about a very large data breach, exposing the Social Security numbers of three billion individuals. Now hang on. Social Security numbers are a particularly American data point, and last time we checked there were quite a few Americans shy of even a half of a billion’s worth. As [Troy Hunt] points out, there are several things about this story that seem just a bit odd.

First up, the claim is that this is data grabbed from National Public Data, and there’s even a vague notice on their website about it. NPD is a legitimate business, grabbing data on as many people as possible, and providing services like background checks and credit checks. It’s not impossible that this company has records on virtually every citizen of the US, UK, and Canada. And while that’s far less than 2.9 billion people, it could feasibly add up to 2.9 billion records as was originally claimed.

The story gets strange as we consider the bits of data that have been released publicly, like a pair of files shared with [Troy] that have names, birthdays, addresses, phone numbers, and social security numbers. Those had a total of 2.69 billion records, with an average of 3 records for each ID number. That math is still just a little weird, since the US has to date only generated 450 million SSNs and change.

So far all we have are partial datasets, and claims on the Internet. The story is that there’s a grand total of 4 TB of data once uncompressed. The rest of the details are unclear, and it’s likely to take some time for the rest of the story to come out.

Windows IPv6 RCE

Microsoft has patched a Remote Code Execution (RCE) in Windows 10, 11, and server systems. By all accounts, it’s a nasty one, but there’s a redeeming wrinkle to the story, that may also be bad news. It’s an IPv6 vulnerability. The actual details are scarce, for obvious reasons. By next week, I anticipate someone will have reverse engineered the patch enough to have some details on the flaw.

What we do know is that Microsoft scores this a 9.8 out of 10 for severity, and considers it a low complexity attack that is likely to be used in the wild. Trend Micro considers it a wormable flaw. The built-in Windows firewall doesn’t block it, because the vulnerability triggers before processing by the firewall. This leads to a theory that it’s another problem related to defragmenting incoming IPv6 packets, or a similar process.

The good news is that it requires actual IPv6 connectivity, which at least in my corner of the world is a rather rare thing. It’s hard to know definitively without more details, but it’s at least likely that a proper stateful firewall would block these unsolicited IPv6 packets from the wider Internet. There’s still a lot of room for trouble inside the network — where you probably have working IPv6 connectivity even without routable IPv6 from your ISP. In conclusion, get this one patched ASAP.

Considering its harm, I will not disclose more details in the short term.

— wei (@XiaoWei___) August 14, 2024

Don’t Roll Your Own Crypto!

There’s a rallying cry, aimed at anyone responsible for build secure systems: “Don’t roll your own crypto!” But why? Surely a secret algorithm that only you understand is more secure, right? No. Particularly not when tools like Ghidra that put firmware reverse engineering within grasp of every security researcher. Case in point, the Vstarcam CB73 security camera that [Brown Fine Security] took a look at.

The first clue that somethign was wrong was that packets were being repeated, byte-for-byte identically. As [Brown] points out, a good cryptography scheme has some sort of protection against replay attacks. This one had none at all. Another issue with this homebrew crypto scheme is that it only has 256 possible internal states, and once you know the trick the whole thing is trivially decryptable, no key required. This is why you don’t roll your own crypto.

Old School CSS Trick

This write-up from Adepts of 0xCC is a trip down memory lane, to a time when browsers let websites get away with way more, like detecting whether links had been visited by detecting the style that the browser used to display them. Browsers eventually locked down those sorts of tricks, but what’s old is new again, with just a bit of cleverness. In this case, generate a captcha, and set the page’s CSS to make the visited links blend in with the background. The user completes the captcha, and based on which characters were typed, you have some basic history information. Clever!

Ring -2

The classic x86 architecture has a four ring system, where userspace applications run in Ring 3 and the kernel runs in Ring 0. But the sneaky truth is that our X86 processors are actually emulating the x86 instruction set, Rings 1 and 2 are never used, and there’s a CPU management engine running all the way down at Ring -3. This suggests to the security minded, that it would be particularly bad for something malicious to run at one of those hidden ring levels. And that’s exactly what [jjensn] managed to pull off.

In this case it’s in the motherboard firmware, in the System Management Engine. A bit of vulnerable code in a couple places allows writing data into protected SMRAM memory, into Ring -2. A bit of clever work corrupts the SMRAM just enough to jump into shellcode without crashing the machine. And suddenly an attacker can own a machine on a level two layers below the OS.

Bits and Bytes

Careful with your artifacts. Apparently quite a few Github CI scripts take the easy wqy out, and just zip up the entire work directory as an artifact. That’s not great, as generally artifacts are accessible to anyone with a GitHub account, and the .git folder very likely has a Github token in it.

Speaking of GitHub, another Chrome type confusion vulnerability was written up there in detail. As objects in JavaScript are manipulated, the engine is continually updating the underlying data structures. Cloning objects can be particularly tricky, and changing the properties of an object after a shallow copy can result in memory corruption. Memory corruption, fake objects, and finally code execution outside the JavaScript sandbox.

In Windows, the mark of the Web is rather important for security, warning users when they’re about to access or execute something from the Internet. It’s also been broken in many interesting ways over the years. Most recently, Web-based Distruted Authoring and Versioning (WEBDAV) shares are used, as they can be accessed by either the browser, or the Windows File Explorer. The most recent fix here adds Mark of the Web to files copied from WEBDAV shares using Explorer. Sneaky.

The summer doldrums are here, but that doesn’t mean that Elliot and Dan couldn’t sift through the week’s hack and find the real gems. It was an audio-rich week, with a nifty microsynth, music bounced off the moon, and everything you always wanted to know about Raspberry Pi audio but were afraid to ask. We looked into the mysteries of waveguides and found a math-free way to understand how they work, and looked at the way Mecanum wheels work in the most soothing way possible. We also each locked in on more classic hacks, Elliot with a look at a buffer overflow in Tony Hawks Pro Skater and Dan with fault injection user a low-(ish) cost laser setup. From Proxxon upgrades to an RC submarine to Arya’s portable router build, we’ve got plenty of material for your late summer listening pleasure.

html5-player.libsyn.com/embed/…
Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Worried about attracting the Black Helicopters? Download the DRM-free MP3 and listen offline, just in case.

Episode 284 Show Notes:

News:

• Possible Discovery Of Liquid Water In Mars’ Mid-Crust By The Insight Lander
• Superdeep Borehole Samples Create Non-boring Music

What’s that Sound?

• Last week’s sound was the startup chime from an SGI Indigo. But nobody guessed it right!
• Computer and Console Boot Sounds Compilation : Various : Free Download, Borrow, and Streaming : Internet Archive
• Boot chime for an SGI O2 — Dan used to use an O2, but wouldn’t have gotten it either.

Interesting Hacks of the Week:

• Kickflips And Buffer Slips: An Exploit In Tony Hawk’s Pro Skater
• Building AI Models To Diagnose HVAC Issues
• Inside The Mecanum Wheel
• Laser Fault Injection On The Cheap
  
  • Low-Cost Nanopositioning Hack Chat

  
  

• Tulip Is A Micropython Synth Workstation, In An ESP32
  
  • GitHub – shorepine/amy: AMY – the Additive Music synthesizer librarY
  • Generative Music Created In Minimalistic Javascript Code
  • Sonic Pi – The Live Coding Music Synth for Everyone

  
  

• The Waveguide Explanation You Wish You’d Had At School
  
  • Coax Stub Filters Demystified

  
  

Quick Hacks:

• Elliot’s Picks
  
  • Cheap DIY Button Pad Uses Neat Punchcard Trick
  • RC Submarine Build Starts With Plenty Of Research
  • Moonbounce Music

  
  

• Dan’s Picks:
  
  • Proxxon CNC Conversion Makes A Small Mill A Bit Bigger
  • Magnesium And Copper Makes An Emergency Flashlight
  • A Tiny Knob Keeps You In Control
    
    • For the curious

    
    

  
  

Can’t-Miss Articles:

• Audio On Pi: Here Are Your Options
• Portable Router Build: Picking Your CPU
  
  • Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds

  
  

Everyone likes a good lunar landing simulator, and [Dominic Doty] wrote a fun take on the idea: your goal is to write an autopilot controller to manage the landing. Try it out!
Virtual landers are far cheaper than real ones, thank goodness.
[Dominic] was inspired in part by this simple rocket landing game which is very much an exercise in reflex and intuition, not to mention being much faster-paced than the classic 1979 video game (which you can also play in your browser here.)

[Dominic]’s version has a similar classic look to the original, but embraces a more thoughtful approach. In it, one uses plain JavaScript to try to minimize the lander’s angle, velocity, and angular velocity in order to land safely on the generated terrain.

Want to see if you have the right stuff? Here’s a direct link to Lunar Pilot. Don’t get discouraged if you don’t succeed right away, though. Moon landings have had plenty of failures, and are actually very hard.

Some old computer languages are destined to never die. They do, however, evolve. For example, Fortran, among the oldest of computer languages, still has adherents, not to mention a ton of legacy code to maintain. But it doesn’t force you to pretend you are using punched cards anymore. In the 1970s, if you wanted to crunch numbers, Fortran was a good choice. But there was another very peculiar language: APL. Turns out, APL is alive and well and has a thriving community that still uses it.

APL has a lot going for it if you are crunching serious numbers. The main data type is a multidimensional array. In fact, you could argue that a lot of “modern” ideas like a REPL, list types, and even functional programming entered the mainstream through APL. But it did have one strange thing that made it difficult to use and learn.

[Kenneth E. Iverson] was at Harvard in 1957 and started working out a mathematical notation for dealing with arrays. By 1960, he’d moved to IBM and a few years later wrote a book entitled “A Programming Language.” That’s where the name comes from — it is actually an acronym for the book’s title. Being a mathematician, [Iverson] used symbols instead of words. For example, to create an array with the numbers 1 to 5 in it and then print it, you’d write:
⎕←⍳5
Since modern APL has a REPL (read-eval-print loop), you could remove the box and the arrow today.

What Key Was That?

Wait. Where are all those keys on your keyboard? Ah, you’ve discovered the one strange thing. In 1963, CRTs were not very common. While punched cards were king, IBM also had a number of Selectric terminals. These were essentially computer-controlled typewriters that had type balls instead of bars that were easy to replace.

With the right type ball, you could have 26 upper-case letters, 10 digits, a few control characters, and then a large number of “weird” characters. But it is actually worse than that. The available symbols were still not numerous enough for APL’s appetite. So some symbols required you to type part of the symbol, press backspace, then type more of the symbols, sometimes repeating the process several times. On a printing terminal, that works fine. For the CRTs that would soon take over, this was tough to do.

For example, a comment (like a REM in Basic or a // in C++) is represented by a thumbnail (⍝). In other words, this would be an APL comment:
⍝ This is a comment
To make that character, you’d type the “arch” part, backspace, then the “dot” part. Not very speedy. Not very practical on old CRT terminals, either.

The characters aren’t the only strange thing. For example, APL evaluates math right to left.

That is, 3×2+5 is 21 because the 2+5 happens first. You just have to get used to that.

A Solution

Of course, modern screens can handle this easily and most people use an APL keyboard mapping that looks like your normal keyboard, but inserts special symbols when you use the right Alt key (with or without the shift modifier). This allows the keyboard to directly enter every possible symbol.

Of course, your keyboard’s keycaps probably don’t have those symbols etched in, so you’ll probably want a cheat sheet. You can buy APL keycaps or even entire keyboards if you really get into it.

What’s GNU With You?

While there have been many versions of APL over the years, GNU APL is certainly the easiest to setup, at least for Linux. According to the website, the project has more than 100,000 lines of C++ code! It also has many modern things like XML parsers.
A US APL keyboard layout
The real trick is making your keyboard work with the stranger characters. If you are just playing around, you can consider doing nothing. You can see the keyboard layout by issuing the ]KEYBD command at the APL prompt. That will give you something like the adjacent keyboard layout image.

From that image, you can copy and paste odd characters. That’s a pain, though. I had good luck with this command line:
setxkbmap -layout us,apl -variant ,dyalog -option grp:switch
With this setup, I can use the right alt key to get most APL characters. I never figured out how to get the shifted alternate characters, though. If you want to try harder, or if you use a different environment than I do, you might read the APL Wiki.

An Example

Rather than do a full tutorial, here’s my usual binary search high low game. The computer asks you to think of a number, and then it guesses it. Not the best use of APL’s advanced math capabilities, but it will give you an idea of what it can do.

Here’s a survival guide. The upside-down triangle is the start or end of a function. You already know the thumbnail is a comment. A left-pointing arrow is an assignment statement. A right-pointing arrow is a goto (this was created in the 1960s; modern APL has better control structures, but they can vary between implementations). Square boxes are for I/O, and the diamond separates multiple statements on a single line.

∇ BinarySearchGame
⍝ Initialize variables
lower ← 1
upper ← 1024
turns ← 0
cheating ← 0

⍝ Start the game
'Think of a number between 1 and 1024.' ⋄ ⎕ ← ''

Loop:
turns ← turns + 1
guess ← ⌊(lower + upper) ÷ 2 ⍝ Make a guess using binary search

⍞ ← 'Is your number ', ⍕ guess, '? (h for high, l for low, c for correct): '
response ← ⍞

→ (response = 'c')/Finish ⍝ Jump to Finish if correct
→ (response = 'h')/TooHigh ⍝ Jump to TooHigh if too high
→ (response = 'l')/TooLow ⍝ Jump to TooLow if too low
→ InvalidInput ⍝ Invalid input

TooHigh:
upper ← guess - 1
→ (lower > upper)/CheatingDetected ⍝ Detect cheating
→ Loop

TooLow:
lower ← guess + 1
→ (lower > upper)/CheatingDetected ⍝ Detect cheating
→ Loop

InvalidInput:
⍞ ← 'Invalid input. Please enter "h", "l", or "c".' ⋄ ⎕ ← ''
turns ← turns - 1 ⍝ Invalid input doesn't count as a turn
→ Loop

CheatingDetected:
⍞ ← 'Hmm... Something doesn''t add up. Did you make a mistake?' ⋄ ⎕ ← ''
cheating ← 1
→ Finish

Finish:
→ (cheating = 0)/Continue ⍝ If no cheating, continue
→ EndGame

Continue:
⍞ ← 'Great! The number is ', ⍕ guess, '. It took ', ⍕ turns, ' turns to guess it.' ⋄ ⎕ ← ''

EndGame:
⍞ ← 'Would you like to play again? (y/n): '
restart ← ⍞
→ (restart = 'y')/Restart ⍝ Restart the game if 'y'
→ Exit ⍝ Exit the game otherwise

Restart:
BinarySearchGame ⍝ Restart the game

Exit:
⍞ ← 'Thank you for playing!' ⋄ ⎕ ← '' ⍝ Exit message
∇

What’s Next?

If you want to get an idea of how APL’s special handling of data make some programs easier, the APL Wiki has a good page for that. If you don’t want to install anything, you can run APL in your browser (although it is the Dyalog version, a very common choice for modern APL).

If you don’t want to read the documentation, check out [phoebe’s] video below. We always wanted the IBM computer that had the big switch to go from Basic to APL.

youtube.com/embed/UltnvW83_CQ?…

APL Keyboard image via Reddit

Come spesso riportiamo, il cybercrime non si ferma mai, soprattutto quando le difese delle aziende sono al minimo come il periodo delle ferie estive.

Ieri, in pieno ferragosto, la cyber gang Ciphbit rivendica un attacco informatico che ha coinvolto la FD-SRL, un’azienda dinamica e innovativa specializzata in soluzioni avanzate per diversi settori industriali.

L’attacco è stato rivendicato all’interno del Data Leak Site (DLS) di Ciphbit, che ha dichiarato di aver compromesso i sistemi della FD-SRL, minacciando di pubblicare i dati sottratti entro 3-4 giorni.

Al momento, non possiamo confermare la veridicità della notizia, poiché l’organizzazione non ha ancora rilasciato alcun comunicato stampa ufficiale sul proprio sito web riguardo l’incidente. Pertanto, questo articolo deve essere considerato come ‘fonte di intelligence‘.

Chi è FD-SRL?

FD-SRL è un’azienda italiana specializzata in opere pubbliche, con particolare attenzione alla costruzione di strade e ferrovie.

Grazie all’impiego di tecnologie avanzate e di una forza lavoro qualificata, l’azienda è in grado di offrire soluzioni efficienti, affidabili e sostenibili ai propri clienti, guadagnandosi così una reputazione di partner fidato nel suo settore.

Conclusione

L’attacco rappresenta una seria minaccia per FD-SRL, che ora si trova di fronte alla possibilità di vedere esposti dati sensibili relativi ai propri progetti e clienti. L’attacco è stato annunciato dalla piattaforma web Ransomfeed.

Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Ransomware di Ferragosto! Ciphbit rivendica un attacco informatico all’italiana FD-SRL proviene da il blog della sicurezza informatica.

The European Commission sent a request for information to Meta under the Digital Services Act (DSA) on Friday (16 August), seeking details on compliance with data access and election monitoring requirements.

euractiv.com/section/platforms…

Il gruppo RansomHub ha iniziato a utilizzare un nuovo software dannoso che disabilita le soluzioni EDR sui dispositivi per aggirare i meccanismi di sicurezza e ottenere il pieno controllo del sistema. Lo strumento, chiamato EDRKillShifter, è stato scoperto da Sophos dopo un attacco fallito nel maggio 2024.

EDRKillShifter è un malware che consente di condurre un attacco Bring Your Own Vulnerable Driver ( BYOVD ), utilizzando un driver legittimo ma vulnerabile per aumentare i privilegi, disabilitare i controlli di sicurezza e ottenere il controllo completo del sistema.

Sophos ha scoperto 2 diversi campioni EDRKillShifter, entrambi i quali utilizzano exploit PoC disponibili pubblicamente da GitHub. Uno degli esempi sfrutta il driver vulnerabile RentDrv2 e l’altro sfrutta il driver ThreatFireMonitor, che è un componente di un pacchetto di monitoraggio del sistema obsoleto.

EDRKillShifter è anche in grado di caricare driver diversi a seconda delle esigenze degli aggressori.
Catena di attacco EDRKillShifter
Il processo di esecuzione di EDRKillShifter è composto da tre passaggi. Innanzitutto, l’aggressore esegue un file binario con una password per decrittografare ed eseguire la risorsa BIN incorporata in memoria. Il codice quindi decomprime ed esegue il payload finale, che carica il driver vulnerabile per aumentare i privilegi ed uccidere i processi attivi dei sistemi EDR.

Il malware crea un nuovo servizio per il driver, lo avvia e carica il driver, quindi entra in un ciclo infinito, controllando continuamente i processi in esecuzione e terminandoli se i nomi dei processi corrispondono all’elenco crittografato di obiettivi.

Sophos consiglia di abilitare la protezione anti-manomissione nei prodotti per la sicurezza degli endpoint, di mantenere la separazione tra diritti utente e amministrativi per impedire agli aggressori di scaricare driver vulnerabili e di aggiornare regolarmente i sistemi, dato che Microsoft revoca regolarmente i certificati per i driver firmati che sono stati utilizzati in attacchi precedenti.

L'articolo Con EDRKillShifter vengono eluse le difese EDR da RansomHub per introdurre il ransomware proviene da il blog della sicurezza informatica.

When thinking of the first PCs, most of us might imagine something like the Apple I or the TRS-80. But even before that, there were a set of computers that often had no keyboard, or recognizable display beyond a few blinking lights. [Artem Kalinchuk] is attempting to recreate one of these very early digital computers, the Kenbak-1, using as many period-correct parts as possible.

Considered by many to be the world’s first personal computer, the Kenbak-1 was an 8-bit machine with 256 bytes of memory, using TTL integrated circuits for the logic as there was no commercially available microprocessor available at the time it was designed. For [Artem]’s build, most of these parts can still be sourced including the 7400-series chips and carbon resistors although the shift registers were a bit of a challenge to find. A custom PCB was built to replicate the original, and with all the parts in order it’s ready to be assembled and put into a case which was built using the drawings for the original unit.

Although [Artem] plans to build a period-correct linear power supply for this computer, right now he’s using a modern switching power supply for testing. The only other major components that are different are the status lamps, in this case switched to LEDs because he wasn’t able to source incandescent bulbs that drew low enough current, and the switches which he’s replaced with MX-style keys. We’ll stay tuned as he builds and tests this over the course of several videos, but in the meantime if you’re curious how this early computer actually worked we featured an emulator for it a while back.

youtube.com/embed/ffsnZ321Xv4?…

Negli ultimi giorni, è stata rilevata una nuova campagna di malware mirata specificamente agli utenti italiani, lo riporta il CERT-AgID.

Questa minaccia si presenta sotto forma di un trojan, Quasar RAT, che viene distribuito attraverso email ingannevoli con oggetto “Pagamenti Fattura“. Il nome Quasar RAT potrebbe non essere noto a molti, ma la sua potenza distruttiva è preoccupante, soprattutto perché consente agli attaccanti di prendere il controllo remoto dei dispositivi infetti.

Come Funziona l’Attacco?

Gli attaccanti inviano email fraudolente progettate per sembrare comunicazioni legittime riguardanti il pagamento di una fattura. All’interno di queste email, le vittime sono invitate a scaricare una fattura tramite un pulsante denominato “Scarica Fattura“. Tuttavia, invece di una semplice fattura PDF, il pulsante scarica un file eseguibile malevolo.Una volta aperto, il file infetta il sistema con Quasar RAT, un trojan che offre agli attaccanti un accesso remoto completo al dispositivo della vittima.

Questo consente agli hacker di eseguire comandi, rubare informazioni sensibili, e potenzialmente installare ulteriori malware.

Indicatori di Compromissione e Difesa

Le autorità italiane hanno agito rapidamente per diffondere informazioni sui dettagli tecnici del malware e sugli indicatori di compromissione (IoC). Questi indicatori sono stati condivisi con le organizzazioni accreditate al flusso #IoC del CERT-AGID, nel tentativo di limitare il più possibile i danni causati da questa minaccia.

{
"43588b0a-8803-47a9-95c2-a6d299ba77a0": {
"event_id": 16660,
"created_at": "2024-08-16T08:39:41.362917+00:00",
"updated_at": "2024-08-16T09:34:21.837593+00:00",
"name": "Campagna Quasar RAT italiana",
"description": "",
"subject": "Fw: Informazioni sulle entrate governative. - ( 2607579 )",
"tlp": "0",
"campaign_type": "malware",
"method": "attached",
"country": "italy",
"file_type": [
"zip"
],
"theme": "Pagamenti",
"malware": "Quasar",
"phishing": null,
"via": "email",
"tag": [],
"ioc_list": {
"md5": [
"0a57d370bb7a6bb0947789eaa997c9fb",
"8bc7c91b4b84a5672cc0b5303ac55f86",
"767f07f21c427466321971cdb6f3dc87"
],
"sha1": [
"d5daee9a52a5eee6a65f18d2c7a859e680c4071c",
"29e4552e7764f1021fc4ad0a0574356ef2d1fe24",
"7c3caa9fb80c71e76c7a18f21b0f1409aac7cd6e"
],
"sha256": [
"91a94ca01e17f6fcf6348047dddf5fdd263392d958768ff2f4b1231f3d60b7cf",
"998e3fbc3d984eca67c8c8e237476cbebd128bb0b438a32412bcee37da73b969",
"06b820e333d4893dee60b61c149d7a3a2e22134e3c42317e189a446e551f14ac"
],
"imphash": [],
"domain": [
"notificacao.noticiasnovidads.xyz",
"italy-845d4-default-rtdb.asia-southeast1.firebasedatabase.app"
],
"url": [
"http://64.23.164.170/shollrussia.png",
"http://64.23.164.170/",
"https://notificacao.noticiasnovidads.xyz/clientes/"
],
"ipv4": [
"64.23.164.170"
],
"email":
[] },
"email_victim": [],
"ioca_version": "1.0",
"organization": "cert-agid"
}
}

Gli utenti sono invitati a scaricare il documento contenente questi indicatori per verificare la presenza del malware sui propri sistemi. Il file con i dettagli tecnici è disponibile sul sito ufficiale del CERT-AGID al seguente link: .

Come Proteggersi?

Per proteggersi da questa e altre minacce simili, è essenziale seguire alcune buone pratiche:

• Diffidare delle email sospette:
• Non aprire allegati o cliccare su link in email che non ti aspettavi di ricevere.
• Mantenere aggiornato il software di sicurezza:
• Assicurati di avere un antivirus aggiornato e attivo
• Eseguire regolari scansioni di sicurezza:
• Controllare periodicamente il tuo sistema per individuare eventuali minacce.

L'articolo Campagna Massiva di Malware in Italia: Quasar RAT Minaccia gli Utenti Italiani proviene da il blog della sicurezza informatica.