When the electric guitar was first produced in the 1930s, there was some skepticism among musicians as to whether or not this instrument would have lasting impact or be a flash-in-the-pan novelty. Since this was more than a decade before the invention of the transistor, it would have been hard then to imagine the possibilities that a musician nowadays would have with modern technology to shape the sound of an instrument like this. People are still innovating in this space as well as new technology appears, like [Gary Rigg] who has added a few extra degrees of freedom to a guitar effects pedal.

A traditional expression pedal, like a wah-wah pedal, uses a single motion to change an aspect of the sound of the guitar, and is generally controlled with the musician’s foot. [Gary]’s pedal, on the other hand, can be manipulated in three different ways to control separate elements of the instrument’s sound. It can be pitched forward and back like a normal effects pedal, but also rolled side-to-side and twisted around its yaw axis. The pedal has a built-in IMU to measure the various position changes of the pedal, which is then translated by an RP2040 microcontroller to a MIDI signal which controls the three different aspects of the sound digitally.

While the yaw motion might be difficult for a guitarist to create with their foot while playing, the idea for this pedal is still excellent. Adding in a few more degrees of freedom gives the musician more immediate control over the sound of their instrument and opens up ways of playing that might not be possible or easy with multiple pedals, with the MIDI allowing for versatility that might not be available in many analog effects pedals. Not every pedal needs MIDI though; with the help of a Teensy this digital guitar pedal has all its effects built into a self-contained package.

youtube.com/embed/qRjAQaGeyRA?…

A spare monitor and keyboard are handy things to have around, but they’re a bit of a hassle. They are useful for hardware development, plugging in to headless servers, or firing up a Raspberry Pi or similar single-board computer (SBC). If that’s something you do and portability and storage space are important to you, then you may be interested in the CrowView Note.

I got an opportunity to test and provide feedback on an early version of this unusual device, which is functionally a portable spare monitor plus keyboard (and touchpad) without the bulk and extra cables. Heck, it’s even giving me ideas as the guts of a Cyberdeck build. Let’s take a look.

What It Is

It really looks like a laptop, but it’s actually a 14″ 1920 x 1280 monitor and USB keyboard in a laptop form factor.

There is also an integrated trackpad, speakers and mic, and a rechargeable battery. That makes it capable of providing its own power, and it can even function as a power bank in a pinch. There’s an HDMI input on one side, and on the other is a full-featured USB-C port that accepts video input via the DisplayPort altmode.
Pictured here is a Raspberry Pi 5 with optional PCB adapter to eliminate cables. The three ports (HDMI in, USB-C 5 V out, and USB-A for peripherals) provide all the board needs.
The CrowView Note is a pretty useful device for a workbench where one is often plugging hardware in for development or testing, because there’s no need to manage a separate monitor, keyboard, and mouse.

It is not a laptop, but attaching an SBC like a Raspberry Pi makes it act like one. The three ports conveniently located on the left-hand side (HDMI in, USB-C out for power to the SBC, and USB-A in for peripherals like keyboard and trackpad) are all that are needed in this case. Elecrow offers a “cable eliminator” PCB adapters to make the process of connecting a Raspberry Pi 5 or a Jetson Nano as simple as possible. The result is something that looks and works just like a laptop.

Well, almost. The SBC will still be a separate piece of hardware, whether connected by cables or by one of Elecrow’s PCB adapters. The result is OK for bench work, but especially in the case of the PCB adapter, not particularly rugged. Still, it’s a nice option and makes working on such boards convenient and cable-free.

What It Isn’t

Visually the CrowView note looks so much like a laptop that it bears repeating: this is not a laptop. There are no processing brains whatsoever inside. It’s a portable and rechargeable monitor, keyboard, mic, and speakers in a laptop form factor.

Also, it is not a laptop kit. It’s got all the right hardware to act like one, but there’s no way to truly securely or semi-permanently attach an SBC. Attaching an SBC like a Raspberry Pi 5 can be done with cables or one of Elecrow’s PCB adapters, but the result is more a convenience than something that would survive being loaded into a bag or backpack and carried around.

Use Cases, and Video Input Options

A device like this is handy for any situation that would require a spare monitor and keyboard, like configuring headless systems or working with development kits. An HDMI and USB cable are all that’s really needed to provide monitor and keyboard/touchpad functionality in this way, and the built-in rechargeable battery means it can power itself as well as attached hardware.

The USB-C port on the left is a 5 V output for exactly this purpose, but the one on the right side is a full-featured port that supports modes such as power delivery (PD) and DisplayPort video over USB-C. Devices that support video in this way include some mobile phones, and portable devices like Valve’s Steam Deck (shown here.)

The only catch for video over USB-C is that both the device and the cable must support it. The DisplayPort altmode is one of USB-C’s high-speed interfaces and requires the cable to have the right pairs connected, or it won’t work. (Since cables all look the same from the outside, this is where a USB cable tester comes in handy.)

The Electrow Note is rechargeable, light, and charges and handles just like a laptop. It’s far less bulky than a standalone monitor and keyboard/mouse. This makes it attractive for use on a crowded workbench, or in field work where portability is key.

Limitations and Quirks

In my testing of an early version of the device, I found a couple quirks that are worth keeping in mind.

One is that this device is a monitor and keyboard/mouse all in one, and they aren’t really completely independent devices. That is to say, if the monitor isn’t getting a useable video signal, the display goes to sleep and seems to take the keyboard and touchpad functionality with it.

For example, pressing CAPS LOCK won’t toggle the caps lock indicator light because the keyboard isn’t “awake” without a video signal. I was unable to use the device just as a USB keyboard/mouse and ignore plugging in the monitor. Similarly, with no valid input video signal functions like brightness adjustment or using the monitor’s OSD menu are inaccessible. (Input switching and battery level display do work, however.)

Related to the above, the interface for adjusting monitor functions is basic, and understanding how it works may save time and frustration. As with many laptops, the function key row doubles as device controls with F1 for video input selection, F5 and F6 adjusting brightness down and up, and so on. On the version I tested, the default configuration is to have the function key row act as monitor controls. To send a literal F1 keypress from the keyboard, one must press Fn+F1. It’s possible to swap this behavior, but the setting reverts at the next power cycle, which led to some head-scratching on my part while troubleshooting.

The CrowView Note’s interface — while functional — isn’t completely obvious at first. On a workbench, one might be plugging a device like this into hardware that may not be working as it should, and its quirks can compound troubleshooting headaches unless one knows what to expect.

Does It Have a Place On Your Workbench, Or In Your Next Project?

Tabletop space and storage space are at premiums for most of us. The CrowView Note is an attractive all-in-one alternative to separate devices, especially with its rechargeable battery. That it includes speaker and mic and can work as a USB power bank in a pinch is a nice touch.

Honestly, it is also giving me DIY cyberdeck build ideas. Monitor, keyboard, speaker, mic, touchpad, and a 5000 mAh battery with charging circuitry built-in? It’s not a bad bundle of hardware for $169 USD. Elecrow is currently accepting pre-orders for the CrowView Note via a crowdfunding campaign if you’re interested.

How often do you find yourself needing to break out a monitor and keyboard, and what’s your favorite solution? Do you see a device like this as a space-saving tool, or more the basis of a hardware project like a cyberdeck build? Could you or have you DIYed something like this on the cheap? Let us know in the comments.

Lo studente diciassettenne Cesare Mencarini del Cardiff Sixth Form College, ha progettato e costruito un piccolo reattore a fusione come parte del suo ultimo progetto A-Level. Il suo lavoro è stato presentato al Cambridge Science Festival e ha suscitato grande interesse tra gli specialisti e il pubblico.

Lo sviluppo del reattore a fusione nucleare

Mencarini ha trascorso 18 mesi sviluppando e creando un’installazione per la generazione di neutroni. Secondo il giovane scienziato, la sua invenzione avrebbe dovuto creare le condizioni necessarie per la fusione nucleare. Tuttavia, a causa dei limiti del laboratorio scolastico, era impossibile raggiungere una pressione paragonabile a quella creata nelle profondità del Sole sotto l’influenza della gravità. Pertanto, Cesare ha utilizzato l’alta tensione per riscaldare gli atomi alla temperatura richiesta.

Il percorso non è stato agevole. Inizialmente, i funzionari universitari hanno espresso preoccupazione per la sicurezza dell’esperimento. Mencarini dovette fare molti sforzi per convincere gli insegnanti della fondatezza della sua idea. “All’inizio il college era preoccupato che questo progetto, che ho utilizzato anche per il mio EPQ, potesse essere pericoloso. Tuttavia, abbiamo effettuato una valutazione completa del rischio e il personale è stato di grande aiuto”, ha affermato il giovane fisico. Questo risultato non solo gli ha portato il voto più alto nel suo esame di livello A, ma gli ha anche aperto le porte al mondo della grande scienza.

Il preside del college, il dottor Julian Davies, ha definito il lavoro di Cesare “eccezionale” ed “estremamente emozionante“. Ha sottolineato l’importanza di dare agli studenti l’opportunità di lavorare su progetti che li interessano, oltre a studiare per gli esami. “Vogliamo insegnare loro ad essere coraggiosi, a correre dei rischi calcolati e a sviluppare progetti che si applichino a situazioni di vita reale“, ha detto Davis.

Le specifiche tecniche

Il reattore Mencarini ha generato plasma diversi mesi fa, a giugno. I dettagli tecnici dell’installazione sono impressionanti nella loro complessità. Il sistema è alimentato da una pompa principale Leybold Trivac E2, che consente una pressione massima di 8E-3 torr. Mencarini prevede inoltre di utilizzare la pompa turbomolecolare Pfeiffer TPH062 per la sintesi futura.

La griglia del reattore è collegata a un passante ad alta tensione valutato a 30 kV e collegato a un alimentatore Unilab da 5 kV. Ciò consente all’unità di essere attivata in un ambiente scolastico, poiché la corrente di uscita è limitata a 2 mA. Durante gli esperimenti Mencarini ha testato due diverse configurazioni di griglia.

Cesare Mencarini, originario dell’Italia, studia matematica, chimica e fisica. Ora sta progettando di studiare ingegneria, ma prima spera di lavorare presso il Centro per l’interfaccia e l’analisi dell’Università di Bristol.

I risultati di Mencarini non solo dimostrano le sue eccezionali capacità di hacking del ragazzi, ma aprono anche nuovi orizzonti nel campo della fisica e dell’energia nucleare. Il dottor Davis è fiducioso che Cesare avrà un impatto significativo sul settore energetico in futuro. Questo progetto costituisce un esempio stimolante di come i giovani talenti possono contribuire a risolvere i problemi energetici e climatici globali.

Il significato di Hacking

Come sempre abbiamo detto su queste pagine, “hacking” è una “capacità” e non un aggettivo negativo di una persona. Come in tutte le “capacità”, c’è chi la può usare a fin di bene o a fin di male.

Hacking significa superare un ostacolo con arte ingegno ed intelletto, significa innovare e abbraccia diverse discipline e non soltanto la sicurezza informatica,.ma anche la matematica, la musica e la Fisica.

Infatti la parola hacking deriva dal verbo inglese “to hack”, che significa “intaccare”, “sminuzzare”, ovvero vedere oltre, dove gli altri non sono riusciti a farlo.

L'articolo 17 Anni, Italiano, costruisce un Reattore a Fusione Nucleare al college. Anche questo è Hacking! proviene da il blog della sicurezza informatica.

Over at the [Usagi Electric] farm, [David Lovett]’s custom 1-bit, vacuum tube-based computer (UEVTC for short) has been coming along well the past years, matching and exceeding the Motorola MC14500B 1-bit industrial control unit (ICU) that it is heavily inspired by. What is still missing, however, is a faster way to get data into the computer than manually toggling switches. The obvious choice is to make a (punched) paper tape reader, but how does one go about this, and what options exist here? With a few historical examples as reference and the tape reader on the impressive 1950s Bendix G-15 which [David] happens to have lounging around, [David] takes us in a new video through the spiraling complexity of what at first glance seems like a simple engineering challenge.
Photodiodes in the tape reader of the Bendix G-15. (Credit: David Lovett, Usagi Electric)
Punched paper tape saw significant use alongside punched paper cards and magnetic tape, and despite their low bit density, if acid-free paper (or e.g. mylar) is used, rolls of paper tape should remain readable for many decades. So how to read these perforations in the paper? This can be done mechanically, or optically, with in both case the feedrate an important consideration. Right off the bat the idea of a mechanical reader was tossed out due to tape wear, with [David] digging into his stack of photodetector tubes. After looking at a few rather clunky approaches involving such tubes, the photodiodes in the Bendix G-15’s tape reader were instead used as inspiration for a design. These are 1.8 mm diameter photodiodes, which aren’t super common, but have the nice property that they align exactly with the holes in the paper tape.

This left building a proof-of-concept on a breadboard with some incandescent bulbs and one of the photodiode to demonstrate that a valid logic signal could be produced. This turned out to be the case, clearing the construction of the actual tape reader, which will feature in upcoming videos.

youtube.com/embed/eNsV_gKfvf4?…

Secondo l’articolo di Dark Reading: “Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs”, recentemente è stata scoperta una vulnerabilità nel processo di validazione delle credenziali negli ambienti Microsoft Entra ID. Questa vulnerabilità, scoperta dai ricercatori di Cymulate, permetterebbe agli attaccanti di bypassare l’autenticazione nelle infrastrutture ibride.

Dettagli dell’Attacco ed Implicazioni

• Manipolazione delle Credenziali: Gli attaccanti possono sfruttare questa vulnerabilità per accedere come utenti di Entra ID attraverso diversi domini on-premises senza necessità di autenticazione separata.
• Local Admin Necessario: L’attacco richiede che un avversario abbia accesso come local admin su un server che ospita un PTA agent.
• Agente PTA come Doppio Agente: La vulnerabilità trasforma l’agente PTA in un “doppio agente”, permettendo agli attaccanti di accedere come qualsiasi utente AD sincronizzato senza conoscere la password reale. Questo potrebbe concedere accesso a un global admin, indipendentemente dal dominio AD sincronizzato, e consentire movimenti laterali tra diversi domini on-premises.
• Malfunzionamento delle Richieste: Gli agenti PTA a volte gestiscono in modo errato le richieste di autenticazione per diversi domini on-premises. Questo può portare a un fallimento dell’autenticazione perché il server non riconosce l’utente specifico.

Cymulate ha dimostrato come un attaccante potrebbe sfruttare questa vulnerabilità, iniettando una libreria dinamica non gestita nell’agente PTA. Una volta caricata, la DLL gestita intercetta la funzione ValidateCredential responsabile della verifica delle credenziali utente sia all’inizio che alla fine. Intercettando questa funzione, l’attaccante può manipolare il risultato, forzandolo sempre a restituire True. Questo significa che anche se vengono fornite le credenziali di un utente di un dominio diverso, l’hook restituirà True, permettendo così di accedere come qualsiasi utente da qualsiasi AD on-prem sincronizzato.

Il team di ricercatori ha raccomandato Microsoft di implementare un “domain-aware” routing per garantire che le richieste siano indirizzate all’agente PTA corretto, ed ha indicato inoltre che una separazione logica tra i diversi domini on-premises all’interno dello stesso tenant potrebbe portare benefici.

Le organizzazioni che hanno sincronizzato più domini Active Directory on-premises con un singolo tenant Azure risultano essere particolarmente vulnerabili. Anche la sincronizzazione di un singolo dominio può essere sfruttata, poiché l’attaccante sarebbe comunque in grado di accedere come qualsiasi utente sincronizzato da quel dominio.

La Risposta di Microsoft

Microsoft, identificando la minaccia con livello medio (dato che è necessario essere local admin, ndr), ha pianificato di risolvere la vulnerabilità. Ha inoltre raccomandato di attivare l’MFA su tutte le utenze sincronizzate e di trattare il server PTA come un componente di Tier-0 applicando le pratiche più importanti, quali network isolation, access management stringenti e monitoraggio.

L'articolo Vulnerabilità di Microsoft Entra ID Minaccia le Infrastrutture Ibride proviene da il blog della sicurezza informatica.

BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin America. They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy and oil and gas companies, among others.

BlindEagle has demonstrated adaptability in shaping the objectives of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations.

There is evidence that the group has been active since at least 2018. At GReAT, we have been closely tracking their campaigns. This blog aims to give an introduction to the group, detail its TTPs, and provide insights into their recent operations.

The eagle goes phishing

The spreading method used by BlindEagle is via phishing emails. Depending on the type of cyberoperation they conduct, it could be spear phishing (used in targeted espionage attacks) or more generalized phishing (particularly used in financial attacks).

The phishing emails typically impersonate governmental institutions, such as Colombia’s National Directorate of Taxes and Customs, Ministry of Foreign Affairs or Office of the Attorney General, among others. Spam campaigns impersonating financial and banking entities are also common.

Phishing impersonating the Attorney General’s Office

The campaigns involve sending deceptive emails containing a notification about an issue that requires immediate action by the user. Each email contains a link in its body that appears to lead to the official website of the entity being impersonated, and an attached file (particularly PDF or Word documents). The attached document mirrors the email’s message, contains the same URL and, in some cases, adds extra details and a heightened sense of urgency to make the phishing attempt sound more convincing. The links usually point to DDNS services and redirect victims to public repositories or sites owned by the attackers where they host malware implants, also known as “the initial dropper”.

A distinctive aspect of the malware delivery is geolocation filtering. The group often uses URL shorteners that are capable of geographical detection and redirection. That means that, if a connection is detected to be coming from a country which is not among the group’s targets, the attack is called off, and the victim is redirected to the site of the organization the attackers are impersonating. This geographical redirection prevents new malicious sites from being flagged, and thwarts hunting and analysis of these attacks.

How the eagles attack

Once an email is delivered, it paves the way for the group’s final malicious implant. BlindEagle is well known for using publicly available or open-source Remote Access Trojans (RATs), with the primary goal of spying on victims and stealing financial information. The group constantly switches from one RAT to another, using different tools in different campaigns. We have observed BlindEagle running operations using njRAT, LimeRAT, BitRAT and AsyncRAT, among others. They usually modify the samples to add customization them and new capabilities.

To deploy the final implant, the group uses a multi-stage process that is consistently similar across their campaigns. Unlike the final payload, the tools they use at the intermediate stages are custom built. The initial dropper, downloaded from malicious links, is typically a compressed file that tricks the victim by pretending to be an official document from the government or financial entity being spoofed in the phishing attack. We have observed the use of popular compression formats like ZIP, but also older and less known formats, such as LHA and UUE. Many threat actors exploit these lesser-known formats to deceive their victims into opening the file, taking advantage of their lack of knowledge about these formats.

The victim is persuaded to extract and run the files within the archive allegedly to solve the issue mentioned in the phishing email. The extracted files are typically Visual Basic Scripts that use WScript, XMLHTTP objects, or PowerShell commands to contact another server to download a malicious artifact for the next stage. The server address is usually hardcoded in the VBS file.

During the monitored campaigns, we have observed various server options chosen by BlindEagle, including servers controlled by the group and public infrastructure, such as image hosting sites, text storage sites like Pastebin, CDN services like Discord or developer platforms like GitHub repositories.

As the second-stage artifact, the threat actor employs various files, with the most common types being text files, images and .NET executables. These are usually encoded or obfuscated.

Steganography used in a BlindEagle campaign

The text files often contain a payload encoded in base64, ASCII or a combination of both. For images, the group has explored using steganography techniques to hide similarly encoded malicious code. The executable files typically masquerade as legitimate and contain the next malicious payload within their resource section.

In the next phase, the malicious code is extracted if needed and decoded by the initial dropper, yielding an intermediate file that, judging by the campaigns we have monitored, can be either a DLL or a .NET injector. This file calls yet another malicious server, whose address is, too, hardcoded in the executable, to download the final payload: the open-source RAT.

During this intermediate phase, the group often uses process injection techniques to execute the RAT in the memory of a legitimate process, thereby evading process-based defenses. The group’s preferred technique is process hollowing. This technique consists in creating a legitimate process in a suspended state, then unmapping its memory, replacing it with a malicious payload, and finally resuming the process to start execution.

Cyber-espionage or a financial attack: Actually, both

BlindEagle uses open-source RATs as the final link in their attack chain, which they modify in a way that suits their campaign objectives. This approach gives them the flexibility to adapt their malware with minimal efforts, as they do not need to develop implants from scratch. We have observed a wide variety of RATs used by the group, with notable examples including AsyncRAT, njRAT, Lime-RAT, Quasar RAT and BitRAT.

The group demonstrates great adaptability between campaigns. For example, in some of its financial attacks, the threat actor utilized a modified version of the Quasar RAT, a malware primarily used for espionage but in this case, repurposed as a banking Trojan to specifically target customers of financial institutions in Colombia.

The group modified the RAT by adding functionality to capture information from the victim’s browser to intercept credentials for banking services. After execution, the malware monitored newly opened browser windows. If the titles of any of these windows returned a match with a list of strings relating to ten Colombian financial entities, the RAT initiated keylogging to capture the login credentials for these entities’ online services.

A version of Quasar RAT modified to steal financial credentials

When it comes to espionage campaigns, the group turns to Trojans like njRAT. Modified versions of this malware allow them to capture sensitive information from their victims through keylogging and application monitoring. Additionally, the RAT exfiltrates system information and screenshots to C2 servers and can create RDP sessions or even install additional plugins. In one of the recent campaigns we have detected, the group modified this RAT to add the capability to install plugins sent from the C2 in the form of .NET assemblies or other binary files.

Improving flight precision

The group has always been known for using simple yet highly effective tactics and techniques: straightforward phishing, basic encoding and obfuscation methods, and the use of publicly available malware. However, during the latest campaigns, we have observed changes in the group’s techniques, reinforcing the idea of “adapt or perish”.

In May this year, for instance, the group conducted a new espionage campaign targeting Colombia. During this operation, BlindEagle employed an infection process featuring artifacts with strings and variable names entirely in Portuguese (instead of Spanish they had predominantly used before) and utilized Brazilian image hosting sites. Although not definitive, these elements could hint at the involvement of third parties with the group, either through collaboration or outsourcing to increase their attack capacity.

More recently, in June, we observed an espionage campaign that also targeted Colombia in which the group introduced a new technique into their arsenal. The campaign followed all the group’s usual TTPs, but this time, added a DLL sideloading twist and a new modular malware loader dubbed “HijackLoader”.

The attack was initiated through phishing emails impersonating Colombia’s judicial institutions and containing malicious PDF or DOCX files masquerading as a demand notice or a court summons. The victims were tricked into opening the attached files and clicking embedded links to download fictitious lawsuit documents, allegedly to resolve the previously mentioned legal issues. These documents were actual legitimate executable files signed by ASUS or IObit. They invoked malicious DLLs through sideloading, ultimately executing a version of HijackLoader that injected the spy RAT: in this case, AsyncRAT.

Victims

Since its inception, BlindEagle has been conducting persistent campaigns targeting entities and individuals, particularly in Colombia and other Latin American, countries such as Ecuador, Chile and Panama.

In the espionage campaigns we observed in May and June this year, the group primarily targeted individuals and organizations in Colombia, which accounted for 87% of the detected victims. These attacks involved entities across various sectors, notably government, education, health and transportation.

Tactics, techniques and procedures (TTPs)

Although the group’s toolset varies greatly, as do their goals, they employ a range of tactics, techniques, and procedures that are consistently used across their various campaigns. Below are some key TTPs that frequently recur:

• Phishing impersonating governmental entities as the spreading method. In some campaigns, particularly those involving financial attacks, the group impersonates banking institutions.
• Attached PDFs and DOCX files containing embedded links.
• URL shortener services employed for geolocation filtering.
• Dynamic DNS services utilized for resolving the addresses of servers hosting the group’s malicious artifacts.
• Public infrastructure used to host some of the malicious artifacts (image hosting services, pastebin sites, GitHub repositories and the Discord CDN, among others).
• Process hollowing applied for injecting malicious code into legitimate processes during intermediate stages of the attack.
• VBS scripts and .NET assemblies employed as intermediate artifacts.
• Open-source RATs used as the final payload in the attack.

Conclusions

As simple as BlindEagle’s techniques and procedures may appear, their effectiveness allows the group to sustain a high level of activity. By consistently executing cyber-espionage and financial credential theft campaigns, BlindEagle remains a significant threat in the region.

Additionally, the group is exploring alternative strategies within their infection processes and adding new techniques to their arsenal to sustain their operations and maintain their impact. BlindEagle continues to fly high, and we will maintain vigilant monitoring of their activity.

securelist.com/blindeagle-apt/…

We don’t know how you feel when designing hardware, but we get uncomfortable at the extremes. High voltage or current, low noise figures, or extreme frequencies make us nervous. [Orion Serup] from CrabLabs has been turning up a few of those variables and has created a fairly beefy 3-phase motor driver using GaN technology that can operate up to 80V at 70A. GaN semiconductors are a newer technology that enables greater power handling in smaller packages than seems possible, thanks to high electron mobility and thermal conductivity in the material compared to silicon.

The KiCAD schematic shows a typical high-power driver configuration, broken down into a gate pre-driver, the driver itself, and the following current and voltage sense sub-circuits. As is typical with high-power drivers, these operate in a half-bridge configuration with identical N-channel GaN transistors (specifically part EPC2361) driven by dedicated gate drivers (that’s the pre-driver bit) to feed enough current into the device to enable it to switch quickly and reliably.

The design uses the LM1025 low-side driver chip for this task, as you’d be hard-pushed to drive a GaN transistor with discrete components! You may be surprised that the half-bridge driver uses a pair of N-channel devices, not a symmetric P and N arrangement, as you might use to drive a low-power DC motor. This is simply because, at these power levels, P-channel devices are a rarity.

Why are P-channel devices rare? N-channel devices utilise electrons as the majority charge carrier, but P-channel devices utilise holes, and the mobility of holes in GaN is very low compared to that of electrons, resulting in much worse ON-resistance in a P-channel and, as a consequence, limited performance. That’s why you rarely see P-channel devices in a circuit like this.

Of course, schematic details are only part of the problem. High-power design at the PCB level also requires careful consideration. As seen from the project images, this involves heavy, thick copper traces on two or more heavily via-stitched layers to maximise copper volume and lower resistance as far as possible. But, you can overdo this and end up with too much inductance in critical areas, quickly killing many high-power devices. Another vital area is the footprint design for the GaN device and how it connects to the rest of the circuit. Get this wrong or mess up the soldering, and you can quickly end up with a much worse performance!

We’ve seen DIY high-power controllers here a few times. Here’s an EV controller that uses discrete power modules. Another design we saw a few years ago drives IGBTs for a power output of 90kW.

Secondo MTS RED, nella prima metà del 2024, il numero di attacchi informatici critici contro le organizzazioni mediche è aumentato del 32% rispetto allo scorso anno. Tali incidenti minacciano di far trapelare i dati dei pazienti, distruggere le infrastrutture e interrompere i servizi medici.

L’azienda ha affermato che non solo è aumentato il numero degli attacchi, ma è aumentata anche la loro quota nel volume totale degli incidenti legati alla sicurezza informatica. Se nella prima metà dello scorso anno era circa il 6%, dall’inizio del 2024 è già quasi al 19%. Questa tendenza è particolarmente evidente dato che il numero totale di attacchi contro le organizzazioni mediche durante questo periodo è aumentato di non più del 10%.

Stanno anche emergendo delle cyber-gang specializzate nella violazione delle organizzazioni sanitarie, come RansomCortex, intervistata recentemente da Red Hot Cyber.

All’inizio del 2024, gli analisti di MTS RED hanno notato un aumento degli attacchi hacker alle strutture delle infrastrutture critiche informative (CII) in Russia. Circa il 69% di tutti gli attacchi erano diretti contro organizzazioni provenienti da aree legate alla CII. Tra questi, il settore sanitario è al secondo posto per frequenza di attacchi, secondo solo all’industria.

Il ritmo delle minacce informatiche alla medicina e all’assistenza sanitaria continua a crescere rapidamente. Nel secondo trimestre, MTS RED ha registrato il 65% in più di attacchi contro le organizzazioni sanitarie rispetto al primo. Nei mesi di maggio e giugno il numero degli attacchi ha superato di 2-2,5 volte la media mensile di inizio anno.

MTS RED ha spiegato che il settore sanitario è diventato un nuovo bersaglio per gli hacker per diversi motivi.

• In primo luogo, si tratta di un settore abbastanza digitalizzato, in cui viene elaborata una grande quantità di dati personali e riservati, la cui fuga può causare una grande risonanza.
• l’assistenza sanitaria è un ramo dell’infrastruttura informatica critica; la continuità del suo funzionamento è di grande importanza per i cittadini del Paese. Un attacco riuscito a un’organizzazione medica porterà inevitabilmente a conseguenze significative.
• Un altro motivo è il basso livello di maturità della sicurezza informatica del settore significa che gli hacker non necessitano di grandi investimenti finanziari o di risorse per sferrare un attacco serio.

Gli incidenti più comuni sono i tentativi di aggirare le misure di sicurezza, che rappresentano il 36% di tutti gli attacchi.

Al secondo posto ci sono gli attacchi di rete e l’iniezione di malware, ciascuna di queste categorie rappresenta circa un quarto di tutti gli attacchi. Nel 5% degli incidenti sono state registrate violazioni delle politiche di sicurezza delle informazioni e azioni illegittime degli amministratori dei sistemi informativi.

L'articolo Gli attacchi al settore sanitario sono in aumento. +32% rispetto all’anno precedente proviene da il blog della sicurezza informatica.

I criminali informatici hanno preso il controllo di oltre 35.000 domini registrati utilizzando un attacco chiamato dai ricercatori “Sitting Ducks” . Questo metodo consente agli aggressori di prendere il controllo dei domini senza accedere al provider DNS o all’account del registrar del proprietario.

Nell’attacco di Sitting Ducks i criminali informatici sfruttano difetti di configurazione a livello di registrar e un’insufficiente verifica della proprietà presso i provider DNS. I ricercatori di Infoblox ed Eclypsium hanno scoperto che ogni giorno più di un milione di domini possono essere violati utilizzando questo attacco.

Numerosi gruppi di criminali informatici utilizzano questo metodo da diversi anni per inviare spam, truffe, diffondere malware, phishing e furto di dati. Il problema è stato documentato per la prima volta nel 2016 da Matthew Bryant, un ingegnere della sicurezza di Snap.

Perché un attacco abbia successo devono essere soddisfatte diverse condizioni: il dominio deve utilizzare o delegare i servizi DNS autoritativi a un provider diverso dal registrar; un server DNS autorevole non dovrebbe essere in grado di risolvere le query; Il provider DNS dovrebbe consentirti di rivendicare i diritti su un dominio senza verificarne la proprietà.

Se queste condizioni vengono soddisfatte, gli aggressori possono impossessarsi del dominio. Le varianti dell’attacco includono la delega parzialmente errata e il reindirizzamento a un altro provider DNS. Se i servizi DNS o l’hosting web per un dominio di destinazione scadono, un utente malintenzionato può rivendicare la proprietà del dominio creando un account presso il provider DNS.

Infoblox ed Eclypsium hanno osservato numerosi casi di sfruttamento di Sitting Ducks dal 2018 e 2019. Durante questo periodo sono stati registrati più di 35.000 casi di dirottamento di domini utilizzando questo metodo. In genere, i criminali informatici detenevano i domini per un breve periodo, ma in alcuni casi i domini rimanevano sotto il controllo degli aggressori fino a un anno.

L'articolo Attacco Sitting Ducks: 35.000 Domini Compromessi dai Cybercriminali proviene da il blog della sicurezza informatica.

Quello che stiamo per raccontarvi è qualcosa di inquietante, che risulta una ennesima deriva dell’intelligenza artificiale generativa e delle regolamentazioni ancora assenti sulle quali occorre lavorare.

Il Regno Unito ha dovuto affrontare un incidente inquietante in cui una famiglia è finita in ospedale dopo aver consumato funghi velenosi raccolti seguendo le raccomandazioni contenute in un libro acquistato da un’importante piattaforma online.

Questo libro di identificazione dei funghi, destinato ai principianti, è stato generato utilizzando l’intelligenza artificiale e conteneva errori che potevano portare a conseguenze tragiche.

Il libro, con un titolo simile a Mushrooms UK: A Guide to Harvesting Safe and Edible Mushrooms, è stato regalato al compleanno di un capofamiglia. Tuttavia, dopo che tutti i membri della famiglia hanno manifestato sintomi di grave avvelenamento, è diventato chiaro che il libro conteneva informazioni errate. Dopo un’analisi più attenta, si è scoperto che le immagini dei funghi nel libro erano state generate dall’intelligenza artificiale e che il testo conteneva incongruenze e frasi senza senso.

Il caso ha portato l’attenzione del pubblico una questione più ampia: la proliferazione di libri scritti dall’intelligenza artificiale su piattaforme come Amazon. Gli esperti avvertono che tali libri possono essere pericolosi poiché contengono errori che potrebbero costare vite umane. Ad esempio, alcuni consigliano di utilizzare l’olfatto o il gusto per identificare i funghi, un metodo che può essere fatale. Oltre a ciò, è stato rivelato che molti di questi libri scritti dalle AI, i loro autori reali spesso non sono disponibili per essere contattati.

Amazon ha già ritirato dalla vendita questo particolare libro e ha dichiarato il proprio impegno per la sicurezza degli utenti. Tuttavia, il problema rimane: sulla piattaforma si possono ancora trovare molti libri simili, il che continua a rappresentare una minaccia per gli acquirenti disinformati.

Questo caso evidenzia l’importanza di selezionare attentamente le fonti di informazione, soprattutto in aree critiche come la raccolta dei funghi. Errori in tali libri possono avere gravi conseguenze, sollevando interrogativi sulla necessità di una regolamentazione più rigorosa dei contenuti generati dall’intelligenza artificiale.

L'articolo Guida Mortale! Un libro scritto da una AI mette a rischio la vita dei lettori proviene da il blog della sicurezza informatica.

The City of Prague has cancelled plans to award a contract to PORR for the construction of the Nová Palmovka building, which is to become the new headquarters of the EU's space agency.

euractiv.com/section/politics/…

We love it when we find someone on the Internet who has the exact same problem we do and then solves it. [Hyperspace Pirate] starts a recent video by saying, “Oh no! I need to get rid of the algae in my pond, but I bought too much algaecide. If only there were a way to turn all this excess into CNC machined parts.” OK, we’ll admit that we don’t actually have this problem, but maybe you do?

Algaecide is typically made with copper sulfate. There are several ways to extract the copper, and while it is a little more expensive than buying copper, it is cost-competitive. Electrolysis works, but it takes a lot of power and time. Instead, he puts a more reactive metal in the liquid to generate a different sulfate, and the copper should precipitate out.

As you might expect, the details are the problem here. He first tried scrap steel. It worked, but it took a long time. He switched to aluminum, which was faster but required some salt to strip off the oxide. Once he had 1 kg of copper, it was time to heat it up.

Melting it was another set of issues and solutions. He eventually gets a reasonable cube of copper. Then it was off to the CNC mill, which had its own set of issues. But in the end, it looked OK. Some chemical aging made it look interesting.

Honestly, maybe just buy copper, but it sure was interesting and educational watching it all work. As a bonus, he took the copper dust from machining and converted it back into copper sulfate, completing the circle.

Usually, our chemical interest in copper is making it go away. Or plating it onto something.

youtube.com/embed/7M5x2OFYP-k?…

Diamonds are nearly perfect crystals, but not totally perfect. The defects in these crystals give the stones their characteristic colors. But one type of defect, the NV — nitrogen-vacancy — center, can hold a particular spin, and you can change that spin with the correct application of energy. [Asianometry] explains why this is important in the video below.

Interestingly, even at room temperature, an NV center stays stable for a long time. Even more importantly, you can measure the spin nondestructively by detecting light emissions from the center.

There are obvious applications for quantum computing, but an even more practical application is sensing magnetic fields. These could replace SQUIDs, which are often used for sensitive magnetic measurements but require cold temperatures to support superconductivity.

Of course, you have to create a diamond artificially to get the NV centers the way you want and it turns out that semiconductor manufacturing tools can help produce the diamonds you need.

The last time we looked in on diamond defects, the proposal was to use them for data storage. It seems like this could be easier than holding out for room-temperature superconductors to improve SQUIDs.

youtube.com/embed/CRfTe9gBOQA?…

They’re back! The San Francisco autonomous vehicle hijinks, that is, as Waymo’s fleet of driverless cars recently took up the fun new hobby of honking their horns in the wee hours of the morning. Meat-based neighbors of a Waymo parking lot in the South Market neighborhood took offense at the fleet of autonomous vehicles sounding off at 4:00 AM as they shuffled themselves around in the parking lot in a slow-motion ballet of undetermined purpose. The horn-honking is apparently by design, as the cars are programmed to tootle their horn trumpets melodiously if they detect another vehicle backing up into them. That’s understandable; we’ve tootled ourselves under these conditions, with vigor, even. But when the parking lot is full of cars that (presumably) can’t hear the honking and (also presumably) know where the other driverless vehicles are as well as their intent, what’s the point? Luckily, Waymo is on the case, as they issued a fix to keep the peace. Unfortunately, it sounds like the fix is just to geofence the lot and inhibit honking there, which seems like just a band-aid to us.

From the “Tech Doesn’t Make Everything Better” department, we’ve got news of a vulnerability in high-end racing bicycles that opens up a new vector for cheating. While our bike has been sitting sadly idle for the last twenty-odd years, apparently shifting technology has changed a lot, to the point where high-end derailleurs are no longer connected to handlebar-mounted shift lever by Bowden cables but now have servos that are linked to the shifters via Bluetooth. Anyone with more than a few minutes of experience with Bluetooth accessories and their default “123456” passwords can see where this is going. While there are no specific instances of cheating detailed in the story, one can imagine the hilarity to be had with a Flipper Zero while sitting on the side of a road at a course upgrade. To be sure, there are other ways to cheat, but we’re not sure we see the advantages of wireless shifting that offset the risks in this case.

Only 94 percent? A recent study claims to have quantified business spreadsheet errors, finding that 94% have critical problems. They came to this conclusion by mining literature from journal articles dating back to 1987, but rather than looking for papers with associated spreadsheets and analyzing them for errors, they looked for papers that discussed spreadsheet quality assurance. So this is sort of a meta-study, which makes us doubt the 94% finding. Still, we’d say it’s a safe bet that there are a lot of spreadsheets out there with critical errors, and that spreadsheet abuse is pretty rampant overall.

They say that if you’re not looking for your next job, you’re just waiting to get fired. That’s pretty much a tautology since there are only two — OK, three — ways out of any job, but it’s still good to always be looking for your next opportunity. So you might want to check out eejobboard, which allows you to do a parametric job search in the electrical engineering space. Pretty cool stuff.

And finally, we don’t have any information on this other than what you see in the video, but we’d love to learn more about these hardware FFTs. The video shows two implementations, one using a Zync 7020 FPGA, and one that uses over a thousand 74HC-series chips to do the same thing. If anyone out there knows the OP on this one, we’d love to get in touch.

youtube.com/embed/QBMpJR-pozY?…

A decade is a long time to carry around a project idea in your head. Fortunately, the Tiny Games Contest happens to coincide with [senily64dx]’s getting back into ATMega programming, so they can finally make their zero-dimensional PONG dreams come true (and have the chance at great prizes, too, of course).

If you don’t already get what’s going on here, zero-dimensional PONG takes 1D PONG and turns it on the short side. Imagine the light coming toward you, then moving away toward your opponent, and you have the basic idea. So, how is this done? Pulse-width modulation controls the brightness of the LED, and, well, you have to be pretty fast, although there is a small margin for the inevitable error.

In the video after the break, you can watch [senily64dx] play themselves using a red/green LED. Player one must press the button when red is fully lit and green is off, and player two goes when green is fully lit and red is off. The cool thing is that [senily64dx] used sockets, so they can plug in any LED they want. There are nine difficulty levels to control the PWM speed, so one can really test one’s reaction time.

If you want to build one of these, you’ll need an ATtiny2313 or something similar, a couple of buttons, a display, and the optional but fun buzzer. The well-commented code is available through [senily64dx]’s site.

youtube.com/embed/6hIy9FdClCQ?…

SAP ha rilasciato la serie di patch di agosto che risolvono 17 vulnerabilità. Di particolare rilievo è un bug critico di bypass dell’autenticazione che ha consentito agli aggressori remoti di compromettere completamente il sistema.

La vulnerabilità, classificata CVE-2024-41730 e CVSS Vulnerability Score 9.8, è dovuta alla mancanza di controllo dell’autenticazione nelle versioni 430 e 440 della piattaforma SAP BusinessObjects Business Intelligence.

“Nella piattaforma SAP BusinessObjects Business Intelligence, se Single Signed On è abilitato per l’autenticazione Enterprise, un utente non autorizzato può ottenere un token di accesso utilizzando un endpoint REST”, riferiscono gli sviluppatori. “Un utente malintenzionato potrebbe compromettere completamente il sistema, compromettendo la riservatezza, l’integrità e la disponibilità dei dati.”

Un’altra vulnerabilità critica (CVE-2024-29415, punteggio CVSS 9.1) risolta questo mese riguarda la falsificazione delle richieste lato server nelle applicazioni create con SAP Build Apps versione 4.11.130 e successive.

L’errore è correlato al pacchetto IP per Node.js, che controlla se un indirizzo IP è pubblico o privato. Quando si utilizza la notazione ottale, riconosce erroneamente 127.0.0.1 come indirizzo pubblico e instradabile a livello globale.

Va notato che il problema è apparso a causa di una soluzione incompleta per un problema simile CVE-2023-42282 l’anno scorso.

Altri problemi risolti da SAP questo mese includono quattro vulnerabilità ad alta gravità (ovvero classificate tra 7,4 e 8,2 sulla scala CVSS):

• CVE-2024-42374 è un problema di XML injection nel servizio Web SAP BEx Web Java Runtime Export che interessa BI-BASE-E 7.5, BI-BASE-B 7.5, BI-IBC 7.5, BI-BASE-S 7.5 e BIWEBAPP 7.5 ;
• CVE-2023-30533 è un problema di Prototype Pollution in SAP S/4 HANA scoperto nel modulo Manage Supply Protection, che interessa le versioni della libreria SheetJS CE precedenti alla 0.19.3;
• CVE-2024-34688 è una vulnerabilità Denial of Service (DOS) in SAP NetWeaver AS Java che interessa la versione del componente Meta Model Repository MMR_SERVER 7.5;
• CVE-2024-33003 è un problema di divulgazione dei dati in SAP Commerce Cloud che interessa le versioni HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 e COM_CLOUD 2211.

L'articolo SAP rilascia le patch di Agosto. Un bug critico da 9.8 di Score mette a rischio le installazioni proviene da il blog della sicurezza informatica.

The cameras at the front of Meta’s Quest VR headsets are off-limits to developers, but developer [Michael Gschwandtner] created a workaround (Linkedin post) and shared implementation details with a VR news site.
The view isn’t a pure camera feed (it includes virtual and UI elements) but it’s a clever workaround.
The demo shows object detection via MobileNet V2, which we’ve seen used for machine vision on embedded systems like the Raspberry Pi. In this case it is running locally on the VR headset, automatically identifying objects even though the app cannot directly access the front-facing cameras to see what’s in front of it.

The workaround is conceptually simple, and leverages the headset’s ability to cast its video feed over Wi-Fi to other devices. This feature is normally used for people to share and spectate VR gameplay.

First, [Gschwandtner]’s app sets up passthrough video, which means that the camera feed from the front of the headset is used as background in VR, creating a mixed-reality environment. Then the app essentially spawns itself a Chromium browser, and casts its video feed to itself. It is this video that is used to — in a roundabout way — access what the cameras see.

The resulting view isn’t really direct from the cameras, it’s akin to snapshotting a through-the-headset view which means it contains virtual elements like the UI. Still, with passthrough turned on it is a pretty clever workaround that is contained entirely on-device.

Meta is hesitant to give developers direct access to camera views on their VR headset, and while John Carmack (former Meta consulting CTO) thinks it’s worth opening up and can be done safely, it’s not there yet.