pod al popolo #037, esercito alieno, di soldatini atlantic (un ricordo di luca zanini)
slowforward.net/2024/08/20/pod…
Grazie a Luca Zanini per questo ricordo di quando gli eserciti erano solo per gioco. Su Pod al popolo. Il podcast irregolare, ennesimo fail again fail better dell’occidente postremo. Buon ascolto.slowforward.net/wp-content/upl…
slowforward.net/2024/08/20/pod…
#000000 #audio #audioArchive #LucaZanini #PAP #pap037 #pap037 #podAlPopolo #podcast #poemaOggetto #poesia #poesie_ #ricostruzione #ricostruzioni #soldatiniAtlantic #unRicordo
pod al popolo #037, esercito alieno, di soldatini atlantic (un ricordo di luca zanini)
Grazie a Luca Zanini per questo ricordo di quando gli eserciti erano solo per gioco. Su Pod al popolo. Il podcast irregolare, ennesimo fail again fail better dell’occidente postremo. Buon ascolto.…slowforward
three works / jim leftwich. 2006
slowforward.net/2024/08/20/thr…
click to enlargeflickr.com/photos/textimagepoe…
_
slowforward.net/2024/08/20/thr…
#art #arte #ffffff #JimLeftwich #materialiVerbovisivi #verboVisualStuff #vispo
found incoherents trash - jim leftwich
visual poems, collages, experiments, interventions, modifications: 2001 - 2010, by jim leftwichjim leftwich (Flickr)
il podcast di rai radiotre su giuliano mesa + alcuni link per iniziare a conoscerne l’opera
slowforward.net/2024/08/19/il-…
raiplaysound.it/audio/2024/08/…e
slowforward.net/wp-content/upl…*
La Camera Verde, di Giovanni Andrea Semerano, info [at] lacameraverde.com – lacameraverde.org/edizioni.htm…
GIULIANO MESA: Atelier 61 – marzo 2011 ➽ scarica il pdf: Atelier-61-XVI-marzo-2011
Schedario (Geiger, 1978), Biagio Cepollaro E-dizioni, 2005: cepollaro.it/poesiaitaliana/Me…
Quattro quaderni (Zona, 2000):
editricezona.it/old/quattroqua…I loro scritti, Quasar, 1992:
edizioniquasar.it/products/224…slowforward.net/tag/giuliano-m…
nazioneindiana.com/tag/giulian…
puntocritico2.wordpress.com/?s…
rebstein.wordpress.com/tag/giu…
leparoleelecose.it/?tag=giulia…
facebook.com/giulianomesa.auto…
_
player.vimeo.com/video/2797447…
player.vimeo.com/video/1906978…youtube.com/embed/rgujacsUQwI?…
youtube.com/embed/lEUbRoLhmGc?…
youtube.com/embed/WbaSMZdkdGQ?…
youtube.com/embed/xVrciOF5rqc?…
slowforward.net/2024/08/19/il-…
#000000 #AgostinoDiScipio #AndreaTemporelli #Atelier #BiagioCepollaroEDizioni #Fahrenheit #ffffff #FlorindaFusco #GiulianoMesa #ILoroScritti #MatiasGuerra #Mesa #poemetto #poesia #poesiaContemporanea #poesie #Quasar #ricordo #Schedario #scritturaDiRicerca #scrittureDiRicerca #slowforward #Tiresia
Fahrenheit | S2024 | Un ricordo di Giuliano Mesa poeta | Rai Radio 3 | RaiPlay Sound
Un ricordo di Giuliano Mesa poeta - Fahrenheit - I libri e le idee. Con Graziano Graziani | Alle 15.00 Un ricordo di Giuliano Mesa poeta, morto a Ferragosto del 2011. Con Marco Giovenale | Alle 5.RaiPlaySound
pietra bianca leonessana / fabrizio m. rossi. 2024
slowforward.net/2024/08/19/pie…
pietra bianca leonessana (recto). cliccare per ingrandire
pietra bianca leonessana (verso). cliccare per ingrandire_
slowforward.net/2024/08/19/pie…
#000000 #art #arte #asemic #asemicWriting #FabrizioMRossi #ffffff #pietra #pietre #scritturaAsemica
vhs / david herbert. 2005
slowforward.net/2024/08/19/vhs…
Foam, plexiglas, latex paint (2 x 4 x 8 feet)slowforward.net/2024/08/19/vhs…
#art #arte #DavidHerbert
dip 018 (.en)
slowforward.net/2024/08/18/dip…
There’s an impressive amount of literary critics and readers who don’t absolutely give a single f*ck what a good text really is. They only want to put their hands on some art show, a shearable pic. Stuff whose identity seems to be dealing with literature, but it can actually be sh*t, trash or whatever. Or even a masterpiece. No matter.slowforward.net/2024/08/18/dip…
dip 018 (.en)
There’s an impressive amount of literary critics and readers who don’t absolutely give a single f*ck what a good text really is. They only want to put their hands on some art show, a shearable pic.…slowforward
israeli army snipers shot 9-year-old alaa abu aasi in the back as she played near her tent || i cecchini dell’esercito israeliano hanno sparato ad alaa abu aasi, 9 anni, alla schiena, mentre giocava vicino alla sua tenda
slowforward.net/2024/08/17/121…
israeli army snipers shot 9-year-old Alaa Abu Aasi in the back as she played near her tent.
Let’s repeat: a 9-year-old girl was shot in the back.
x.com/Daline_Dee_99/status/182…
mega.nz/file/f5dEGaIT#wz6HdaMy…I cecchini dell’esercito israeliano hanno sparato a Alaa Abu Aasi, 9 anni, alla schiena, mentre giocava vicino alla sua tenda.
Ripetiamolo: hanno sparato alla schiena, a una bimba di 9 anni.
x.com/Daline_Dee_99/status/182…
mega.nz/file/f5dEGaIT#wz6HdaMy…slowforward.net/2024/08/17/121…
#000000 #AlaaAbuAasi #cowardarmy #Gaza #genocide #genocidio #infamousizrahell #izrahell #Palestina #Palestine #sionismo #sionisti #zionism #zionists
israeli army snipers shot 9-year-old alaa abu aasi in the back as she played near his tent || I cecchini dell’esercito israeliano hanno sparato ad alaa abu aasi, 9 anni, alla schiena, mentre giocava vicino alla sua tenda
israeli army snipers shot 9-year-old Alaa Abu Aasi in the back as she played near his tent. Let’s repeat: a 9-year-old girl was shot in the back. I cecchini dell’esercito israeliano han…slowforward
La Commissione Europea taglia i finanziamenti per i progetti di Software Libero
L'iniziativa Next Generation Internet ha supportato progetti di Software Libero con finanziamenti e assistenza tecnica dal 2018.
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 reshared this.
FLOSS Weekly Episode 797: Coreutils — Don’t rm -r Up the Tree
This week Jonathan Bennett and Dan Lynch chat with Pádraig Brady about Coreutils! It’s been around since the 90s, and is still a healthy project under active development. You’ve almost certainly used these tools whether you realize it or not! What’s the relationship with the other coreutils implementations? And why is GNU Coreutils the most cautious of them all?
- pixelbeat.org/contact.html
- pixelbeat.org/docs/coreutils-t…
- pixelbeat.org/docs/coreutils-g…
- pixelbeat.org/programming/avoi…
- gnu.org/software/coreutils/rej…
- gnu.org/software/coreutils/quo…
- pixelbeat.org/docs/coreutils_i…
youtube.com/embed/IK4OgiFQut8?…
Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
WhatsApp sempre più simile a Telegram. Nickname e PIN in arrivo
WhatsApp continua a migliorare la sua applicazione, aggiungendo nuove funzionalità che rendono la comunicazione più comoda e sicura. Nell’ultimo aggiornamento beta per Android (versione 2.24.18.2), reso disponibile tramite il programma Beta di Google Play, l’azienda ha annunciato lo sviluppo di una funzionalità per la creazione di un nome utente univoco con supporto per codice PIN.
Il nome utente ti consentirà di scegliere un soprannome univoco per i tuoi account WhatsApp. L’utilizzo di un nickname anziché di un numero di telefono offrirà agli utenti un maggiore controllo sulla propria privacy e la possibilità di nascondere il proprio numero ai nuovi contatti.
Anche in questa build c’è la possibilità di impostare un codice PIN per un nickname. Servirà come ulteriore livello di protezione: prima di iniziare un dialogo, gli utenti non familiari dovranno inserire questo codice. Tuttavia, per i contatti con cui hai già corrispondenza, non sarà necessario utilizzare un codice PIN.
La pagina di configurazione del codice PIN verrà visualizzata dopo che l’utente ha selezionato un nickname. Il codice deve essere lungo almeno 4 cifre e non può essere uguale al codice di autenticazione a due fattori.
Vale la pena notare che le funzioni nickname e codice PIN sono ancora in fase di sviluppo e non sono disponibili per i beta tester. Non è noto quando appariranno nella versione ufficiale del messenger.
Presumibilmente WhatsApp sta lavorando anche ad un’opzione per bloccare i messaggi provenienti da contatti sconosciuti. Ma i dettagli su queste funzioni non sono ancora stati resi noti.
L'articolo WhatsApp sempre più simile a Telegram. Nickname e PIN in arrivo proviene da il blog della sicurezza informatica.
🔁🖼 Liberare il mio smartphone per liberare me stesso Il libro in PDF di Kenobit, liberamente scaricabile in licenza Creative Commons: https://cl...
Liberare il mio smartphone per liberare me stesso
Il libro in PDF di Kenobit, liberamente scaricabile in licenza Creative Commons:
cloud.kenobisboch.it/s/jmCZRro…
Informa Pirata: informazione e notizie
Liberare il mio smartphone per liberare me stesso Il libro in PDF di Kenobit, liberamente scaricabile in licenza Creative Commons: https://cloud.kenobisboch.it/s/jmCZRrotinadfTMTelegram
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 reshared this.
🔁 I fatti che stiamo per raccontare risalgono all’estate del 2020 e, come riporta Il Sole 24 Ore, la Sezione VI del Tribunale di Milano è giunta ...
I fatti che stiamo per raccontare risalgono all’estate del 2020 e, come riporta Il Sole 24 Ore, la Sezione VI del Tribunale di Milano è giunta a riconoscere la responsabilità in solido di Bper Banca e Tim.
🔁 21/08/2024 Argomento: Scenario digitale Allarme di Confartigianato MANCANO 362MILA ESPERTI DIGITALI La transizione digitale delle imprese italian...
21/08/2024
Argomento: Scenario digitale
Allarme di Confartigianato
MANCANO 362MILA ESPERTI DIGITALI
La transizione digitale delle imprese italiane rischia di rallentare a causa della crescente difficoltà nel reperire personale qualificato.
Informa Pirata: informazione e notizie
21/08/2024 Argomento: Scenario digitale Allarme di Confartigianato MANCANO 362MILA ESPERTI DIGITALI La transizione digitale delle imprese italiane rischia di rallentare a causa della crescente difficoltà nel reperire personale qualificato.Telegram
🔁 Mollicone (FdI): “Tuteliamo con ACN la Cultura da attacchi cyber”. Italia unica in Ue a inserire il settore in NIS2 feddit.it/post/1027...
Mollicone (FdI): “Tuteliamo con ACN la Cultura da attacchi cyber”. Italia unica in Ue a inserire il settore in NIS2
feddit.it/post/10276148
Il nuovo post di cybersecurity è su feddit.
Informa Pirata: informazione e notizie
Mollicone (FdI): “Tuteliamo con ACN la Cultura da attacchi cyber”. Italia unica in Ue a inserire il settore in NIS2 https://feddit.it/post/10276148 Il nuovo post di cybersecurity è su feddit.Telegram
Informa Pirata: informazione e notizie
🤖🫱 Ancora una volta Anthropic, il "papà" di Claude AI, partecipato da Amazon, è al centro delle polemiche.Telegram
Supercon 2023: Soft Actuators as Assistive Tech
When we think of assistive prostheses or braces, we often think of hard and rigid contraptions. After all, it wasn’t that long ago that prosthetic limbs were still being made out of wood. Even devices made of more modern materials tend to have a robotic quality that inevitably limits their dexterity. However, advancements in soft robotics could allow for assistive devices that more closely mimic their organic counterparts.
At Supercon 2023, Benedetta Lia Mandelli and Emilio Sordi presented their work in developing soft actuator orthosis — specifically, a brace that can help tetraplegics with limited finger and thumb control. Individuals with certain spinal cord injuries can move their arms and wrists but are unable to grasp objects.
Existing braces can help restore this ability, but they are heavy and limited by the fact that the wearer needs to hold their wrist in a specific position to keep pressure on the mechanism. By replacing the rigid linkage used in the traditional orthosis, the experience of using the device is improved in many ways.
Not only is it lighter and more comfortable to wear, but the grip strength can also be more easily adjusted. The most important advancement however is how the user operates the device.
Like the more traditional designs, the wearer controls the grip through the position of their wrist. But the key difference with the soft actuator version is that the user doesn’t need to maintain that wrist position to keep the grip engaged. Once the inertial measurement units (IMUs) have detected the user has put their wrist into the proper position, the electronics maintain the pressure inside the actuator until commanded otherwise. This means that the user can freely move their wrist after gripping an object without inadvertently dropping it.
From Concept to Production
While much of the talk covers the advantages of their brace, the team also goes over how their design was improved from their original proof of concept work — which featured an earlier version of the soft actuator literally zip tied to the wearer’s fingers.
While the brace itself was modified, the biggest changes came to the actuator itself. The first version used two chambers, but this was eventually simplified to just one. In addition, they switched from using a pneumatic system to hydraulic. Originally, an air pump was used to pressurize the actuator, but they found a syringe pushing liquid into the actuator provided better control.
Soft Actuator Design
Perhaps one of the most interesting aspects of their talk was the discussion of the soft actuator itself. In a series of slides, they described not only how the mechanism works, but how they produce them in-house using a surprisingly simple process.
Essentially, the actuator is a strip of silicone with a series of hollow chambers molded into it. When the actuator is pressurized with air or liquid, these chambers expand. Normally, this would just make the structure blow up like a balloon, but by integrating a non-elastic layer onto the bottom of the actuator, it instead causes it to curve around. Once the system releases pressure, the silicone naturally returns to its original size and shape.
Creating the actuator is as simple as pouring silicone into a custom-made mold, and then attaching a strip of cotton to one side with a bit more liquid silicone. Once cured, they cut cotton to size and the actuator is ready to go. While the team tested several shapes for the actuator, the final version is a simple rectangle, as this was determined to be the easiest to produce.
Looking Ahead
While the design is already impressive, it’s still essentially a prototype. The electronics still live on scraps of protoboard, and the team continues to research potential improvements to their actuator design — from changes to the silicone mold to different motor and gearbox options for driving the syringe. Benedetta and Emilio also want to look into different ways of controlling the actuator outside of their current IMU solution.
Ultimately, they hope to put the brace into production as a semi-assembled kit that can be put together and fitted to the wearer by a medical professional in the field. The hope is that by bringing the cost of the brace down and making it easy to customize for the individual, they can bring this assistive technology to traditionally underserved areas.
Jangle Box Plucks Strings At the Press of a Button
There are some that enjoy the human element of a musical performance, delighting in the unique way an artist teases the desired sound from their instruments. Then there are those of us who listen to random bleeps, bloops, and buzzes tortured out of some crusty sound chip pulled from an 8-bit computer. It’s all very subjective.
It seems to us that the Jangle Box, created by [Rich Bernett], lands somewhere in the middle. A human is still playing the instrument, but they aren’t directly touching the strings. Instead, buttons and a potentiometer on the front of the device are used to control four small hobby motors that slap their respective strings with what appears to be the remnants of plastic propellers — we’d guess these motors were pulled from cheap personal fans. Standard guitar tuner knobs can be used to adjust the tension of each string, providing further control over the sounds produced by the device.
If you’re one of his Patreon supporters you can download the sample pack yourself, otherwise, you’ll have to make your own version of the instrument to get your hands on that electro-tangy sound.
This isn’t the first original [Rich Bernett] musical creation to grace these pages, back in 2020 we covered his Cassettone synth.
youtube.com/embed/UT9AWUC7G40?…
Thanks to [Stephen] for the tip.
Controllo e manipolo, quindi sono. La svolta della Francia sulla infowar
La svolta della Francia su cyber e infowar prosegue e ha al centro Corexalys, un'azienda strategica e decisamente da osservare.
The post Controllo e manipolo, quindi sono. La svolta della Francia sulla infowar appeared first on InsideOver.
Ask Hackaday: How Can We Leverage Tech for Education?
If you’re like us, you’ve studied the mathematician [Euler], but all you really remember is that you pronounce his name like “oiler” and not much else. [Welch Labs], on the other hand, not only remembers what he learned about logarithms and imaginary numbers but also has a beautiful video with helpful 3D graphics to explain the concepts.
This post, however, isn’t about that video. If you are interested in math, definitely watch it. It’s great. But it also got us thinking. What would it be like to be a high school math student today? In our day, we were lucky to have some simple 2D graph to explain concepts. Then it hit us: it probably is exactly the same.
Changing the Subject
Well, maybe not exactly, but the problem is, we are guessing that your math teacher — no offense to him or her — wasn’t the same kind of person [Welch Labs] is. To be fair, we couldn’t have produced that video either. So, the way we see it, you have a few choices.
First, maybe you get lucky and you happen to get a teacher (about math or any other subject) who is just awesome. We are lucky enough to know a few of these people, but you have to admit world-class teachers are rare, and even rarer outside of colleges and universities.
Second, maybe you have a teacher who is greatly engaged and goes out and finds material like this to share. We suspect that goes on a lot, but maybe not as much as it could. There is a whole industry, too, set up to provide teachers with materials for profit, but it often isn’t at the same quality level as something like this. That’s unsurprising. If you are a movie studio, not every movie wins the Oscar.
Third, if a student is motivated, you have an extraordinary research library at your fingertips. Individuals create amazing articles, videos, and even courses. Major universities have their course material online for anyone to use, in many cases. You just have to find it.
A Mixed Bag
This, too, is a mixed bag. While you have access to more information, you have to critically evaluate if it is correct or not. You could presume anything you found in a traditional library was probably not patently false. Not that everything in a library is true, but, statistically, the way books used to be produced and library collections created, it was far less likely than finding false information on the Internet. On the other hand, how motivated were you as a kid to do things like that? Well, being a Hackaday reader, you probably were. Maybe a better question is how many of your classmates were in the library while you were reading about computers?
In a way, it is like tech support. Sure, AI might not be the best of all possible tech support. But it might be better than what you probably will get. Realistically, every teacher can’t be the greatest, and even if they were, they probably don’t have the time to produce huge amounts of high-quality material for their classes.
The Answer? (Or, at Least, the Question)
So what’s the answer? That’s where you come in. How could we make sure that all students get access to high quality resources from everywhere? I frequently hear of kids using Khan Academy, for example, to explain things they aren’t getting from their teachers. But that’s just one resource. Are there curated lists of resources for each subject out there somewhere? If not, why not? What other ways could we get the serious educational material produced on the Web every day into the classroom? I’m sure there are lists, but we’re thinking about something with the go-to recognition of, say Wikipedia. Not just a random blog posting. Let us know what you think and what’s already out there.
Maybe the best scenario is when great teachers share their materials with the world. We just need to get the word out. Another good scenario is when great teachers let their students take the lead. If you want to see how not to produce educational videos, have a look at this series of parodies of 1970-era science videos.
L’Evoluzione del Malware Iraniano: APT42 Passa dal Modulare al Monolitico
Negli ultimi anni, il panorama delle minacce informatiche è stato dominato dall’uso di malware modulari, apprezzati per la loro flessibilità e adattabilità. Tuttavia, una recente scoperta ha rivelato un cambio di paradigma nella strategia di APT42, un gruppo di hacker iraniani legato al Corpo delle Guardie Rivoluzionarie Islamiche (IRGC). In una delle loro ultime campagne, gli hacker hanno sviluppato un Trojan monolitico, consolidando diversi moduli di malware in un unico script PowerShell. Questa scelta rappresenta un ritorno a una tecnica più tradizionale, ma con implicazioni significative per la sicurezza informatica globale, suggerendo un continuo adattamento delle tattiche di guerra cibernetica iraniana alle sfide attuali. Nell’articolo che segue, esploreremo le motivazioni dietro questa mossa e le sue potenziali conseguenze.
L’Analisi del Malware Monolitico: Un Ritorno al Passato?
Tradizionalmente, i gruppi di hacker come APT42 hanno fatto largo uso di malware modulari, che permettono una configurazione flessibile delle funzionalità in base all’obiettivo. Questo approccio ha offerto un vantaggio notevole, consentendo di aggiungere o rimuovere componenti anche dopo che l’infezione era già avvenuta, adattandosi dinamicamente alle esigenze operative. Tuttavia, la recente scoperta di un Trojan monolitico, in cui tutti i moduli sono consolidati in un unico file, segna una svolta interessante nelle tattiche di APT42.
L’impiego di un Trojan monolitico presenta diversi vantaggi, come la riduzione della probabilità che il malware venga rilevato durante la sua trasmissione. Inoltre, un singolo file è più facile da distribuire e può essere meno vulnerabile a tecniche di difesa che mirano a individuare e bloccare specifici moduli del malware. Questo Trojan monolitico, scritto in PowerShell, è stato utilizzato in attacchi recenti contro obiettivi israeliani, evidenziando la portata internazionale delle operazioni di APT42 (IFMAT) (OODA Loop).
Tattiche di Attacco e Impersonificazione
APT42 non si limita a sviluppare malware sofisticato; il gruppo è anche noto per le sue avanzate tecniche di phishing, che spesso coinvolgono l’impersonificazione di figure autorevoli o organizzazioni di rilievo. In diverse operazioni, i membri di APT42 si sono finti giornalisti di testate internazionali, organizzatori di eventi o rappresentanti di ONG per guadagnare la fiducia delle loro vittime. Questo tipo di inganno è stato utilizzato per distribuire malware a obiettivi situati principalmente in Medio Oriente, Stati Uniti ed Europa, con l’obiettivo di raccogliere informazioni sensibili e supportare gli interessi strategici iraniani (TechRadar).
Conclusione:
Il passaggio di APT42 a un Trojan monolitico rappresenta una mossa strategica che evidenzia l’adattabilità e l’evoluzione delle tattiche di attacco utilizzate dai gruppi di hacker sponsorizzati dallo Stato iraniano. Questo cambiamento, sebbene possa sembrare un ritorno a metodologie più tradizionali, potrebbe effettivamente rappresentare una risposta alle contromisure moderne adottate dalle difese informatiche globali. Per le organizzazioni e i professionisti della sicurezza informatica, questa evoluzione sottolinea l’importanza di rimanere vigili e di aggiornare continuamente le proprie strategie di difesa. In un contesto in cui le minacce sono in costante evoluzione, l’approccio proattivo e l’innovazione nella sicurezza sono fondamentali per contrastare efficacemente attacchi sempre più sofisticati.
L'articolo L’Evoluzione del Malware Iraniano: APT42 Passa dal Modulare al Monolitico proviene da il blog della sicurezza informatica.
Frode oltre la tomba: un hacker si dichiara morto per non pagare il mantenimento dei propri figli
Il 20 agosto, nella città americana di London, Kentucky, Jesse Kipf, 39 anni, residente nel Somerset, è stato condannato a 81 mesi (6,75 anni) di prigione per frode informatica e furto d’identità.
Kipf si è dichiarato colpevole di aver avuto accesso illegalmente al sistema informatico di registrazione dei decessi dello stato delle Hawaii nel gennaio 2023.
Utilizzando le credenziali di un medico straniero, l’imputato ha creato un caso fittizio riguardante la sua morte. Kipf ha quindi compilato un modulo per un certificato di morte e lo ha addirittura fatto firmare digitalmente dallo stesso medico per essere registrato come deceduto in vari database governativi. Uno dei motivi delle sue azioni è stata l’evasione dei pagamenti per il mantenimento dei figli.
Inoltre, Kipf ha violato i sistemi di registrazione dei decessi in altri stati ed è penetrato anche nelle reti di aziende private e organizzazioni governative. Utilizzando i dati rubati ha cercato di vendere nelle darknet l’accesso a queste reti, spesso associato a beni e servizi illegali.
Il procuratore degli Stati Uniti per il distretto orientale del Kentucky, Carlton Shier IV, ha definito il suo progetto insensibile e cinico, sottolineando che tali crimini evidenziano l’importanza della sicurezza informatica. Ha anche aggiunto che questo caso servirà da monito ad altri criminali informatici.
Michael E. Stansbury, agente speciale incaricato dell’FBI a Louisville, ha sottolineato che le vittime del furto d’identità possono affrontare conseguenze per tutta la vita e che l’FBI perseguirà coloro che commettono tali crimini.
Secondo la legge federale, Kipf è tenuto a scontare almeno l’85% della sua pena in prigione. Dopo il suo rilascio sarà monitorato attentamente per altri tre anni. I danni ai sistemi informatici governativi e aziendali, nonché il mantenimento non pagato dei figli, ammontano a quasi 196.000 dollari.
Questo caso dimostra chiaramente che i tentativi di sottrarsi alle responsabilità ricorrendo alla criminalità informatica possono portare a conseguenze molto più gravi di quelle che gli utenti di computer tecnicamente esperti di solito cercano di evitare. Le tecnologie utilizzate dagli aggressori per ingannare si rivoltano inevitabilmente contro di loro, evidenziando l’importanza della sicurezza digitale e la necessità di misure rigorose per proteggere i dati personali.
L'articolo Frode oltre la tomba: un hacker si dichiara morto per non pagare il mantenimento dei propri figli proviene da il blog della sicurezza informatica.
UK regulator closes app store probe, but new rules could lead to renewed scrutiny of big tech
The UK's Competition and Markets Authority closed its investigation into Google and Apple app stores on Wednesday (21 August), but new laws that would give it more power to control the dominance of big tech companies could ensure that scrutiny continues.
Meno Mosca, più Pechino. Così cambia la strategia nucleare Usa
[quote]Il presidente degli Stati Uniti, Joe Biden, dovrebbe aver approvato a marzo un piano strategico nucleare che, per la prima volta, riorienta la strategia di deterrenza statunitensi dalla Russia per concentrarsi sulla Cina. La notizia proviene dal New York Times e sottolinea come il cambiamento avvenga in un
𝔻𝕚𝕖𝕘𝕠 🦝🧑🏻💻🍕 reshared this.
Mosca avanza nel Donetsk, Kiev afferma di controllare 1.200 kmq di territorio russo
@Notizie dall'Italia e dal mondo
La Russia afferma che le sue forze armate hanno preso il controllo del “polo strategico” di Niu-York. Le truppe ucraine starebbero ancora avanzando nella regione di Kursk
L'articolo Mosca avanza nel Donetsk, Kiev afferma di controllare 1.200
Notizie dall'Italia e dal mondo reshared this.
Exploits and vulnerabilities in Q2 2024
Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a general means of privilege escalation in the operating system. Such attacks are notable in that the vulnerability does not have to be fresh, since attackers themselves deliver unpatched drivers to the system. This report considers the statistics of research publications that can be used by cybercriminals to attack target systems, and provides statistical snapshots of vulnerabilities.
Statistics on registered vulnerabilities
In this section, we look at statistics on registered vulnerabilities based on data from the cve.org portal.
In Q2 2024, the number of registered vulnerabilities exceeded last year’s figure for the same period, and is likely to grow further, as some vulnerabilities are not added to the CVE list immediately after registration. This trend is in line with the general uptick in the number of registered vulnerabilities that we noted in our Q1 report.
Total number of registered vulnerabilities and number of critical ones, Q2 2023 and Q2 2024 (download)
Comparing the data for the period 2019–2024 we see that in H1 2024 the total number of registered vulnerabilities was slightly less than half of the figure for the whole of 2023. Worth noting is the quarter-on-quarter rise in the number of registered vulnerabilities, for which reason we cannot say for sure that it won’t exceed the 2023 figure by year’s end.
Number of vulnerabilities and the share of critical ones and of those for which exploits exist, 2019–2024 (download)
The chart also shows the share among all registered vulnerabilities of ones that are critical and of ones for which there is a public description or Proof of Concept. The drop in the latter’s share in Q2 illustrates that the number of registered vulnerabilities is growing faster than the number of published exploits for them.
The share of critical vulnerabilities also decreased slightly relative to 2023. But it is critical vulnerabilities that pose the greatest risk. To understand the risks that organizations may face, and how these risks change over time, let’s look at the types of vulnerabilities that make up the total number of critical CVEs registered in Q2 2023 and Q2 2024.
Vulnerability types that critical CVEs registered in Q2 2023 fall under (download)
Vulnerability types that critical CVEs registered in Q2 2024 fall under (download)
As we see from the charts, even with a CVE entry, most issues remain unclassified and require further investigation to obtain details, which can seriously hamper efforts to protect systems where these vulnerabilities may arise. Besides unclassified critical vulnerabilities, other common issues in Q2 2023 were:
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
Other types of vulnerabilities came to the fore in Q2 2024:
- CWE-434: Unrestricted Upload of File with Dangerous Type
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Both lists of the most common types indicate that the vast majority of classified critical vulnerabilities get registered for web applications. According to open-source information, vulnerabilities in web applications are indeed the most critical, since web applications include software that can access sensitive data, such as file-sharing systems, consoles controlling VPN access and cloud and IoT systems.
Vulnerability exploitation statistics
This section presents exploit statistics for Q2 2024 obtained from open sources and our in-house telemetry.
Exploits are quite expensive software. Their shelf life can be counted in days, even hours. Conversely, creating them is a lengthy process, which varies depending on the type of exploit. Below are statistics on the most popular platforms where users were attacked with exploits.
Windows and Linux vulnerability exploitation
Since the start of the year, we have seen growth in the number of triggerings of Kaspersky solutions by exploits for Windows, driven primarily by phishing emails and attempts to gain initial access to user systems through vulnerability exploitation. Among the most popular are exploits for vulnerabilities in the Microsoft Office suite:
- CVE-2018-0802 – remote code execution vulnerability in the Equation Editor component
- CVE-2017-11882 – another remote code execution vulnerability in Equation Editor
- CVE-2017-0199 – remote code execution vulnerability in Microsoft Office and WordPad
- CVE-2021-40444 – remote code execution vulnerability in the MSHTML component
Dynamics of the number of Windows users who encountered exploits, Q1 2023 — Q2 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)
Note that due to similar detection patterns, exploits classified as CVE-2018-0802 and CVE-2021-40444 may include ones for the vulnerabilities CVE-2022-30190 (remote code execution in the Microsoft Support Diagnostic Tool (MSDT)) and CVE-2023-36884 (remote code execution in the Windows Search component), which also remain a live threat.
As Linux grows in the corporate segment, it also shows growth in terms of exploits; in contrast to Windows, however, the main exploits for Linux target the kernel:
- CVE-2022-0847 – privilege escalation vulnerability in the Linux kernel
- CVE-2023-2640 – privilege escalation vulnerability in the Ubuntu kernel
- CVE-2021-4034 – privilege escalation vulnerability in the pkexec utility used to execute commands as another user
Dynamics of the number of Linux users who encountered exploits in Q1 2023 — Q2 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)
Most exploits for Linux pertain to privilege escalation and can be used to gain persistence and run malicious code in the system. This may be because attackers often target Linux servers for which high privileges are needed to gain control.
Most common exploits
Q2 saw a shift in the distribution of critical vulnerabilities for which there are public exploits. See the charts below for a visual comparison of Q1 and Q2.
Distribution of exploits for critical vulnerabilities by platform, Q1 2024 (download)
Distribution of exploits for critical vulnerabilities by platform, Q2 2024 (download)
The share of exploits for vulnerabilities in operating systems increased in Q2 against Q1. This is because researchers tend to publish PoCs ahead of the summer season of cybersecurity conferences. Consequently, a great many OS exploits were published in Q2. In addition, the share of exploits for vulnerabilities in Microsoft Sharepoint increased during the reporting period, with almost no new exploits for browsers.
Vulnerability exploitation in APT attacks
We analyzed which vulnerabilities are most often used in advanced persistent threats (APTs). The ranking below is based on our telemetry, research and open sources.
Top 10 vulnerabilities exploited in APT attacks, Q2 2024
Although the list of vulnerabilities common in APT attacks is radically different compared to Q1, attackers most often exploited the same types of software/hardware solutions to gain access to organizations’ internal networks: remote access services, access control mechanisms and office applications. Note that the vulnerabilities of 2024 in this ranking were already being exploited at the time of discovery, that is, they were zero-day vulnerabilities.
Exploiting vulnerable drivers to attack operating systems
This section examines public exploits that use vulnerable drivers to attack the Windows operating system and software for it. According to open sources and our own data, there are hundreds of such vulnerable drivers, and new ones are appearing all the time.
Threat actors use vulnerable drivers as part of the Bring You Own Vulnerable Driver (BYOVD) technique. This involves installing an unpatched driver on the targeted system to ensure the vulnerability is exploited for privilege escalation in the OS or other cybercriminal activity. This method was first used by creators of game cheats, but was later adopted by cybercriminals.
Since 2023, we have noticed an upward trend in the use of vulnerable drivers to attack Windows with a view to escalating privileges and bypassing security mechanisms. In response, we are systematically adding and improving the mechanisms for detecting and blocking malicious operations through vulnerable drivers in our solutions.
BYOVD attack tools
Vulnerable drivers themselves are a serious enough problem for OS security, but truly destructive activity requires a client application to pass malicious instructions to the driver.
Since 2021, we have seen the appearance of 24 online tools for controlling vulnerable drivers in the context of privilege escalation and attacks on privileged processes, such as built-in and third-party security solutions. See below for a year-by-year distribution.
Number of tools published online for controlling vulnerable drivers, 2021–2024 (download)
As we can see, 2023 was the most abundant year for BYOVD attack tools. And more were published in H1 2024 than in 2021 and 2022 combined. We evaluated the trends of using such software in real attacks, as illustrated by blocked attacks on Kaspersky products in Q1 and Q2 2024:
Dynamics of the number of users who encountered attacks using vulnerable drivers on Kaspersky products, Q1 and Q2 2024; data for Q1 2024 is taken as 100% (download)
With the rise in the number of BYOVD attacks, developers of tools exploiting vulnerable drivers began to sell them, so we see a downturn in the number of published tools for attacks using vulnerable drivers. However, as mentioned, they continue to be made publicly available.
Interesting vulnerabilities
This section presents information about vulnerabilities of interest that were registered in Q2 2024.
CVE-2024-26169 (WerKernel.sys)
Werkernel.sys is a driver for the Windows Error Reporting (WER) subsystem, which handles the sending of error messages. CVE-2024-26169 is a zero-day vulnerability discovered during the investigation of an incident related to a ransomware attack. It is caused by werkernel.sys using the null security descriptor, which handles the access level. This allows any user to interact with the driver, for example, to rewrite the value of the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe. This key stores data about the application that is responsible for error handling for applications in Windows.
An examination of the exploitation algorithm reveals the following events:
List of events generated by the exploit
The exploit tries to perform preparatory actions to create special registry keys that allow the executable file specified in the registry to be restarted with SYSTEM user privileges. The exploit itself is based on a race condition vulnerability, so its success depends on the system where it is launched.
CVE-2024-26229 (csc.sys)
Csc.sys is another driver in Windows, this time related to the Windows Client-Side Caching (CSC) service, which handles data caching on the client side. CVE-2024-26229 is a privilege escalation vulnerability, one that clearly illustrates the problem of insecure code in operating system drivers. Just a few days after the information about this vulnerability was posted on the Microsoft portal, a PoC was released that spread online and was rewritten for various formats and frameworks for penetration testing.
The exploit is very easy to use and comprises a “classic” combination of the Write primitive (writing to an arbitrary kernel location) and the kernel object address leak primitive.
The vulnerability is triggered using IOCTL, meaning that the method of communication with the vulnerable driver is in many ways similar to the BYOVD attack method.
The main algorithm of the exploit aims to modify the PRIMARY_TOKEN structure of the user-run process. This is achieved through the capabilities of the vulnerable driver.
CVE-2024-4577 (PHP CGI)
CVE-2024-4577 stems from bypassing the validation of parameters passed to the web application. Essentially, the vulnerability exists because PHP in CGI mode may not fully validate dangerous characters for pages in some languages. Cybercriminals can use this feature to carry out a standard OS command injection attack.
The validation problem arises in systems using the following language settings:
- Traditional Chinese (code page 950)
- Simplified Chinese (code page 936)
- Japanese (code page 932)
Note that CGI mode is not very popular today, but can be found in products such as XAMPP web servers.
Exploitation of the vulnerability is made possible by the fact that to bypass the filter parameter, it is enough to replace a normal dash with the equivalent of the Unicode symbol “–” (soft hyphen) in writing systems based on Chinese characters. As a result, the query is supplemented with data that can run additional commands. In the process tree, the full exploitation will look as follows:
Tree of processes in the victim system during exploitation of CVE-2024-4577
Takeaways and recommendations
In terms of quality and quantity, vulnerabilities and working exploits for them continue to grow each quarter, and threat actors are finding ways to bring already patched vulnerabilities back to life. One of the main tricks for exploiting closed vulnerabilities is the BYOVD technique, whereby attackers load a vulnerable driver into the system themselves. The wide variety of examples and toolkits in the public domain allow cybercriminals to quickly adapt vulnerable drivers to their needs. Going forward, we will likely only see more active use of this technique in attacks.
To stay safe, you need to react promptly to the changing threatscape, as well as:
- Understand and monitor your infrastructure thoroughly, paying particular attention to the perimeter; knowing your way around your own infrastructure is vital to keeping it secure.
- Introduce effective patch management to promptly detect and eliminate infrastructure vulnerabilities, including vulnerable drivers slipped into your network by attackers. Our Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed solutions could help you with this.
- Use comprehensive security solutions that deliver robust protection of workstations, as well as early detection and prevention of attacks of any complexity, collection of live cyberattack data from around the globe, and basic digital literacy skills for employees. Our Kaspersky NEXT line of solutions ticks all these boxes and more.
securelist.com/vulnerability-e…
How Jurassic Park’s Dinosaur Input Device Bridged the Stop-Motion and CGI Worlds
In a double-blast from the past, [Ian Failes]’ 2018 interview with [Phil Tippett] and others who worked on Jurassic Park is a great look at how the dinosaurs in this 1993 blockbuster movie came to be. Originally conceived as stop-motion animatronics with some motion blurring applied using a method called go-motion, a large team of puppeteers was actively working to make turning the book into a movie when [Steven Spielberg] decided to go in a different direction after seeing a computer-generated Tyrannosaurus rex test made by Industrial Light and Magic (ILM).
Naturally, this left [Phil Tippett] and his crew rather flabbergasted, leading to a range of puppeteering-related extinction jokes. Of course, it was the early 90s, with computer-generated imagery (CGI) animators being still very scarce. This led to an interesting hybrid solution where [Tippett]’s team were put in charge of the dinosaur motion using a custom gadget called the Dinosaur Input Device (DID). This effectively was like a stop-motion puppet, but tricked out with motion capture sensors.
This way the puppeteers could provide motion data for the CG dinosaur using their stop-motion skills, albeit with the computer handling a lot of interpolation. Meanwhile ILM could handle the integration and sprucing up of the final result using their existing pool of artists. As a bridge between the old and new, DIDs provided the means for both puppeteers and CGI artists to cooperate, creating the first major CGI production that holds up to today.
Even if DIDs went the way of the non-avian dinosaurs, their legacy will forever leave their dino-sized footprints on the movie industry.
Thanks to [Aaron] for the tip.
Top image: Raptor DID. Photo by Matt Mechtley.