Per la prima volta nella storia giudiziaria americana, una vittima di omicidio è “salita alla sbarra” durante il processo per il proprio omicidio.

Un tribunale dell’Arizona ha mostrato un videoclip di un avatar digitale di Christopher Pelkey, un veterano dell’esercito americano morto in un incidente stradale nel 2021, mentre parla sullo schermo. La sua voce e il suo aspetto sono stati ricreati utilizzando modelli di reti neurali. Il video è stato creato dalla sorella della vittima e faceva parte dell’udienza di condanna che ha portato all’omicidio la pena massima di 10,5 anni di carcere.

youtube.com/embed/cMs-_8etNts?…

L’omicidio è avvenuto più di tre anni fa. Gabriel Orcasitas ha sparato e ucciso Pelkey ​​durante un episodio di violenza stradale. La famiglia della vittima ha dovuto sopportare due processi e la visione ripetuta di filmati dell’omicidio, tra cui quello in cui Pelkey ​​viene ferito a morte e cade a terra. Ai parenti non era consentito mostrare emozioni in aula per evitare precedenti che avrebbero potuto portare all’invalidità del processo. Ma nella fase della sentenza, affermano, hanno avuto la loro prima possibilità di parlare e di controllare il modo in cui la storia di Christopher sarebbe stata raccontata.

La sorella del defunto, Stacey Wales, ha avuto difficoltà a scrivere la sua testimonianza in tribunale. Ammette di aver riscritto la sua dichiarazione per mesi, finché non ha deciso di fare qualcosa di diverso: lasciare che fosse suo fratello a “dirlo da solo”. Lei e suo marito Tim, che lavora nel settore tecnologico, hanno creato un video in cui si esibisce una controfigura digitale di Pelkey. Hanno utilizzato Stable Diffusion con pre-addestramento LoRA per generare l’immagine visiva e strumenti di sintesi vocale per creare una voce a partire da frammenti audio. Tutte le parole pronunciate dall’avatar sono state scritte da Stacy stessa. Sottolinea che il suo obiettivo era la sincerità, non la vendetta: secondo lei, il discorso doveva essere una “coperta d’amore” perché così era suo fratello. La paranoia digitale è il nuovo buon senso.

Il video iniziava con un avvertimento: “Ciao. Giusto perché tutti lo sappiano, sono una versione di Chris Pelkey, ricreata dall’intelligenza artificiale usando la mia immagine e la mia voce”. In seguito, agli spettatori viene mostrato un frammento reale con un Pelki dal vivo, che parla del servizio nell’esercito e della fede in Dio, e poi di nuovo un passaggio a un avatar digitale, che fa la sua affermazione. Ringrazia tutti coloro che sono venuti all’udienza, hanno sostenuto la famiglia, ricorda amici e parenti e passa all’appello chiave: l’assassino.

“A Gabriel Orcasitas, l’uomo che mi ha sparato”, dice Christopher digitale, “mi dispiace che ci siamo incontrati in quelle circostanze. In un’altra vita, forse saremmo potuti essere amici. Credo nel perdono e in un Dio che perdona. Ci ho sempre creduto. E ci credo ancora.”

Il giudice Todd Lang ha affermato che il video ha lasciato una profonda impressione. Ha dichiarato di essere convinto della sincerità di quanto aveva sentito e si è persino rifiutato di rivolgersi formalmente al defunto usando il suo cognome, chiamandolo per nome. Il giudice ha sottolineato che, nonostante la famiglia avesse chiesto la pena massima, le parole della Pelka digitale non invocavano vendetta, ma solo perdono. E questo, a suo avviso, rifletteva la vera essenza nobile dell’intera famiglia del defunto.

L’avvocato di Orcasitas ha cercato di usare le stesse parole dell’avatar nella sua difesa, affermando che il defunto e l’imputato avrebbero potuto effettivamente avere interessi in comune e sarebbero potuti diventare amici. Tuttavia, il tribunale non ha attenuato la pena. Stacey Wales ammise in seguito che il loro obiettivo era quello di “far piangere il giudice” e “resuscitare Christopher almeno per qualche minuto”.

Da un punto di vista tecnico e giuridico, l’uso dell’intelligenza artificiale non ha suscitato controversie. L’Arizona ha una Carta dei diritti delle vittime che consente ai familiari di scegliere come presentare le richieste di risarcimento. L’avvocato Jessica Gattuso, che ha rappresentato la famiglia, ha osservato che il video era accompagnato fin dall’inizio da una spiegazione della sua natura di intelligenza artificiale, nessuno ha cercato di far passare il discorso per le reali parole di Pelkey ​​e nessuna delle due parti ha sollevato obiezioni. Secondo lei la decisione è stata attuata in modo corretto e onesto.

Il contrasto con altri casi di intelligenza artificiale in contenzioso è stato netto: all’inizio di quest’anno, un avvocato del Wyoming è stato pubblicamente rimproverato per aver utilizzato precedenti fittizi generati da un modello linguistico. A marzo, un altro team legale è stato multato di 15.000 dollari per aver fatto riferimento a casi “allucinatori”. Nel caso della famiglia Pelkey, la tecnologia è stata utilizzata come strumento emotivo, non per sostituire i fatti, ma per mettere in luce la voce umana che altrimenti non sarebbe stata ascoltata.

La procura ha chiesto nove anni di reclusione; il massimo era dieci e mezzo. Il giudice ha dato il massimo. E secondo la stessa Stacey, il video ha avuto un ruolo decisivo: “Ha mostrato chi era Chris e ci ha dato la possibilità di parlare a suo nome. Non vendicatevi. E di farci sentire”.

L'articolo Parla al processo del suo omicidio: la vittima “resuscitata” con l’IA testimonia in tribunale proviene da il blog della sicurezza informatica.

Today we are happy to present a web-based GUI for making a web-based GUI! If you’re a programmer then web front-end development might not be your bag. But a web-based graphical user interface (GUI) for administration and reporting for your microcontroller device can look very professional and be super useful. The Mongoose Wizard can help you develop a device dashboard for your ESP32-based project.

In this article (and associated video) the Mongoose developers run you through how to get started with their technology. They help you get your development environment set up, create your dashboard layout, add a dashboard page, add a device settings page, add an over-the-air (OTA) firmware update page, build and test the firmware, and attach the user-interface controls to the hardware. The generated firmware includes an embedded web server for serving your dashboard and delivering its REST interface, pretty handy.

You will find no end of ESP32-based projects here at Hackaday which you could potentially integrate with Mongoose. We think the OTA support is an excellent feature to have, but of course there are other ways of supporting that functionality.

youtube.com/embed/nUwmnySG-FI?…

Thanks to [Toly] for this tip.

hackaday.com/2025/05/10/web-da…

Il gruppo Qilin, da noi intervistato qualche tempo fa, è in cima alla lista degli operatori di ransomware più attivi nell’aprile 2025, pubblicando i dettagli di 72 vittime sul suo sito Data Leak Site (DLS). Secondo Group-IB si tratta di una cifra record: da luglio 2024 a gennaio 2025 il numero di tali pubblicazioni raramente superava le 23 al mese, ma da febbraio la curva ha registrato un forte aumento: 48 casi a febbraio, 44 ​​a marzo e già 45 nelle prime settimane di aprile.

La causa principale dell’aumento dell’attività è stata la scomparsa improvvisa del gruppo concorrente RansomHub, che in precedenza si classificava al secondo posto per numero di attacchi. Dopo il crollo, un numero significativo di aggressori affiliati si è spostato a Qilin, causando una crescita esponenziale delle loro operazioni. Secondo Flashpoint, in un solo anno, da aprile 2024 ad aprile 2025, RansomHub è riuscito a colpire 38 organizzazioni del settore finanziario prima di scomparire dalla scena.

La particolarità delle campagne Qilin è l’utilizzo di un nuovo pacchetto di componenti dannosi: il già noto modulo SmokeLoader e un nuovo loader .NET, nome in codice NETXLOADER.

I ricercatori di Trend Micro hanno studiato NETXLOADER in dettaglio e hanno notato il suo ruolo chiave nella distribuzione di malware. Questo downloader installa silenziosamente moduli dannosi, è protetto dall’analisi tramite .NET Reactor versione 6 e utilizza diverse tecniche di bypass.

NETXLOADER è estremamente difficile da analizzare: il codice è crittografato, i nomi dei metodi non sono informativi e la logica di esecuzione è confusa. Vengono utilizzate tecniche avanzate di occultamento, come gli hook JIT e il caricamento controllato delle DLL direttamente nella memoria, rendendo impossibile l’analisi statica o la ricerca di stringhe. Infatti, senza eseguirlo in un ambiente reale, è impossibile capire esattamente cosa fa questo bootloader.

Le catene di attacco iniziano molto spesso con il phishing o la compromissione di account reali, dopodiché NETXLOADER penetra nel sistema infetto. Successivamente, attiva SmokeLoader, che esegue controlli di anti-analisi, di virtualizzazione e disabilita i processi da un elenco predefinito. Nella fase finale, SmokeLoader contatta il server di controllo remoto e riceve da lì NETXLOADER, che carica già il ransomware Agenda utilizzando la tecnica Reflective DLL Loading, caricando la libreria direttamente nella memoria senza scriverla sul disco.

Agenda viene utilizzato attivamente per attaccare domini di rete, unità esterne, storage e hypervisor VCenter ESXi. Trend Micro ha osservato che le vittime più comuni sono le organizzazioni sanitarie, finanziarie, delle telecomunicazioni e delle infrastrutture IT in paesi come Stati Uniti, India, Brasile, Filippine e Paesi Bassi.

Con l’aumento del numero delle vittime e della maturità tecnica degli strumenti utilizzati, Qilin continua a consolidare la sua posizione come uno dei ransomware tecnologicamente più avanzati nel panorama della criminalità informatica.

L'articolo Qilin domina le classifiche del Ransomware! 72 vittime solo nel mese di aprile 2025! proviene da il blog della sicurezza informatica.

Recently [Colin Leroy-Mira] found himself slipping into a bit of a rabbit hole while investigating why only under Apple II MAME emulation there was a lot of flickering when using the (emulated) Apple II MouseCard. This issue could not be reproduced on real (PAL or NTSC) hardware. The answer all comes down to how the card synchronizes with the system’s vertical blanking (VBL) while drawing to the screen.

The Apple II MouseCard is one of the many peripheral cards produced for the system, originally bundled with a version of MacPaint for the Apple II. While not a super popular card at the time, it nevertheless got used by other software despite this Apple system still being based around a command line interface.

According to the card’s documentation the interrupt call (IRQ) can be set to 50 or 60 Hz to match the local standard. Confusingly, certain knowledgeable people told him that the card could not be synced to the VBL as it had no knowledge of this. As covered in the article and associated MAME issue ticket, it turns out that the card is very much synced with the VBL exactly as described in The Friendly Manual, with the card’s firmware being run by the system’s CPU, which informs the card of synchronization events.

hackaday.com/2025/05/09/the-ap…

We always enjoy [The History Guy], and we wish he’d do more history of science and technology. But when he does, he always delivers! His latest video, which you can see below, focuses on the Cold War pursuit of creating transfermium elements. That is, the discovery of elements that appear above fermium using advanced techniques like cyclotrons.

There was a brief history of scientists producing unnatural elements. The two leaders in this work were a Soviet lab, the Joint Institute of Nuclear Research, and a US lab at Berkeley.

You’d think the discovery of new elements wouldn’t be very exciting. However, with the politics of the day, naming elements became a huge exercise in diplomacy.

Part of the problem was the difficulty in proving you created a huge atom for a few milliseconds. It was often the case that the initial inventor wasn’t entirely clear.

We were buoyed to learn that American scientists named an element(Mendelevium) after a Russian scientist as an act of friendship, although the good feelings didn’t last.

We wonder if a new element pops up, if we can get some votes for Hackadaium. Don’t laugh. You might not need a cyclotron anymore.

youtube.com/embed/GgJrnrDh8y4?…

hackaday.com/2025/05/09/the-nu…

Everyone knows what its like to get a hankering for a specific food. In [Attoparsec]’s case, he wanted waffles. Not any waffles would do, though; he needed waffles in the form of a labyrinth. Those don’t exist, so he had to machine his own waffle maker.
When computers were the size of rooms, these stood in where we’d use CNC today.
Most of us would have run this off on a CNC, but [Attoparsec] isn’t into CNCing–manual machining is his hobby, and he’s not interested in getting into another one, no matter how much more productive he admits it might make him. We can respect that. After a bit of brain sweat thinking of different ways to cut out the labyrinth shape, he has the opportunity to pick up an antique Deckle pantograph mill.

These machines were what shops used to do CNC before the ‘computer numeric’ part was a thing. By tracing out a template (which [Attoparsec] 3D prints, so he’s obviously no Luddite) complex shapes can be milled with ease. Complex shapes like a labyrnthine wafflemaker. Check out the full video below; it’s full of all sorts of interesting details about the machining process and the tools involved.

If you don’t need to machine cast iron, but are interested in the techniques seen here, a wooden pantorouter might be more your speed than a one-tonne antique. If you have a hankering for waffles but would rather use CNC, check out these design tips to help you get started. If pancakes are more your style, why not print them?

Shoutout to [the gambler] for sending this into the tip line. We think he struck the jackpot on this one. If you have a tip, don’t be shy.

youtube.com/embed/SlCJ6hp1xZY?…

hackaday.com/2025/05/09/antiqu…

[Martin Lorton] has a vintage Harmon 4200B selective voltmeter that needed repair. He picked it up on eBay, and he knew it wasn’t working, but it was in good condition, especially for the price. He’s posted four videos about what’s inside and how he’s fixing it. You can see the first installment below.

The 4200B is an RMS voltmeter and is selective because it has a tuned circuit to adjust to a particular frequency. The unit uses discrete components and has an analog meter along with an LCD counter.

The initial tests didn’t work out well because the analog meter was stuck, so it wouldn’t go beyond about 33% of full scale.

Since there are four videos (so far), there is a good bit of information and detail about the meter. However, it is an interesting piece of gear and part 3 is interesting if you want to see inside an analog meter movement.

By the fourth video, things seem to be working well. You might want to browse the manual for the similar 4200A manual to get oriented.

Forgot why we measure RMS? You weren’t the only one. RMS conversion in meters is a big topic and there are many ways to do it.

youtube.com/embed/P614i6uTfqk?…

hackaday.com/2025/05/09/inside…

The Intel 8051 series of 8-bit microcontrollers is long-discontinued by its original manufacturer, but lives on as a core included in all manner of more recent chips. It’s easy to understand and program, so it remains a fixture despite much faster replacements appearing.

If you can’t find an original 40-pin DIP don’t worry, because [mit41301] has produced a board in a compatible 40-pin format. It’s called the single chip computer not because such a thing is a novelty in 2025, but because it has no need for the support chips which would have come with the original.

The modern 8051 clone in use is a CH558 or CH559, both chips with far more onboard than the original. The pins are brought out to one side only of the board, because on the original the other side would interface with an external RAM chip. It speaks serial, and can be used through either a USB-to-serial or Bluetooth-to-serial chip. There’s MCS-BASIC for it, so programming should be straightforward.

We can see the attraction of this board even though we reach for much more accomplished modern CPUs by choice. Several decades ago the original 8051 on Intel dev boards was our university teaching microcontoller, so there remains here a soft spot for it. We certainly see other 8051 designs, as for example this Arduino clone.

hackaday.com/2025/05/09/a-sing…

When you’ve had some kind of injury, rehabilitation can be challenging. You often need to be careful about how you’re using the affected parts of your body, as well as pursue careful exercises for repair and restoration of function. It can be tedious and tiring work, for patients and treating practitioners alike.

Juan Diego Zambrano, Abdelrahman Farag, and Ivan Hernandez have been working on new technology to aid those going through this challenging process. Their talk at the 2024 Hackaday Supercon covers an innovative motion monitoring device intended to aid rehabilitation goals in a medical context.

Motion Project

youtube.com/embed/_5ySbBsYnZg?…

As outlined in the talk, the team took a measured and reasoned approach to developing their device. The project started by defining the problem at hand, before proposing a potential solution. From there, it was a case of selecting the right hardware to do the job, and developing it alongside the necessary software to make it all work.
The Arduino Nano BLE33 had most of the necessary functionality for this project, out of the box.
The problem in question regarded helping children through rehabilitative therapies. Structured activities are used to help develop abilities in areas like motor skills, coordination, and balance. These can be particularly challenging for children with physical or developmental difficulties, and can be repetitive at the best of times, leading to a lack of engagement. “We wanted to solve that… we wanted to make it more interactive and more useful for the therapies and for the doctors,” Ivan explains, with an eye to increasing motivation for the individual undergoing rehabilitation.

Other challenges also exist in this arena. Traditional rehabilitation methods offer no real-time feedback to the individual on how they’re performing. There is also a need for manual monitoring and record keeping of the individual’s performance, which can be tedious and often relies on subjective assessments.
The device was demonstrated mounted on a patient’s chest, while being used in a game designed for balance work.
Having explored the literature on game-based therapy techniques, the team figured a wearable device with sensors could aid in solving some of these issues. Thus they created their immersive motion rehabilitation device.

At the heart of the build is an Arduino Nano BLE33, so named for its Bluetooth Low Energy wireless communications hardware. Onboard is an nRF52840 microcontroller, which offers both good performance and low power consumption. The real benefit of this platform, though, is that it includes an inertial measurement unit (IMU) and magnetometer on board and ready to go. The IMU in question is the BMI270, which combines a high-precision 3-axis accelerometer and 3-axis gyroscope into a single package. If you want to track motion in three dimensions, this is a great way to do it.

For user feedback, some additional hardware was needed. The team added a vibration motor, RGB LED, and buzzer for this reason. Controlling the device is simple, with the buttons on board. In order to make the device easy to use for therapists, it’s paired with a Windows application, programmed in C#. It’s used for monitoring and analysis of the wearer’s performance during regular rehabilitation activities.
The user’s motions are recorded while playing a simple game, providing useful clinical data.
The talk explains how this simple, off-the-shelf hardware was used to aid the rehabilitation experience. By gamifying things, users are prompted to better engage with the therapy process by completing tasks monitored by the device’s sensors. Fun graphics and simple gameplay ideas are used to make a boring exercise into something more palatable to children going through rehabilitation.

The team go on to explain the benefits on the clinical side of things, regarding how data collection and real time monitoring can aid in delivery. The project also involved the creation of a system for generating reports and accessing patient data to support this work, as well as a fun connection assistant called Sharky.

Overall, the talk serves as a useful insight as to how commonly-available hardware can be transformed into useful clinical tools. Indeed, it’s not so different from the gamification we see all the time in the exercise space, where smartwatches and apps are used to increase motivation and provide data for analysis. Ultimately, with a project like this, if you can motivate a patient to pursue their rehabilitation goals while collecting data at the same time, that’s useful in more ways than one.

hackaday.com/2025/05/09/superc…

This week, Hackaday’s Elliot Williams and Kristina Panos met up across the universe to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.

In Hackaday news, the 2025 Pet Hacks Contest rolls on. You have until June 10th to show us what you’ve got, so head over to Hackaday.IO and get started today!

On What’s That Sound, Kristina actually got it this time, although she couldn’t quite muster the correct name for it, however at Hackaday we’ll be calling it the “glassophone” from now on. Congratulations to [disaster_recovered] who fared better and wins a limited edition Hackaday Podcast t-shirt!

After that, it’s on to the hacks and such, beginning with a complete and completely-documented wireless USB autopsy. We take a look at a lovely 3D-printed downspout, some DIY penicillin, and a jellybean iMac that’s hiding a modern PC. Finally, we explore a really cool 3D printing technology, and ask what happened to typing ‘www.’.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 320 Show Notes:

News:

• The Pet Hacks Challenge rolls on!

What’s that Sound?

• Congratulations to [disaster_recovered] for the glass armonica pick!

Interesting Hacks of the Week:

• Wireless USB Autopsy
• 3D Printed Downspout Makes Life Just A Little Nicer
• DIY Penicillin
• Jellybean Mac Hides Modern PC
• Liquid Silicone 3D Printing Is No Joke
• Creative PCB Business Cards Are Sure To Make An Impression

Quick Hacks:

• Elliot’s Picks:
  
  • 3D Printed TPU Bellows With PLA Interface Layers
  • Germany’s Cabinentaxi: The Double-Sided Monorail That Wasn’t Meant To Be
  • PCB Renewal Aims To Make Old Boards Useful Again

  
  

• Kristina’s Picks:
  
  • A Neat E-Paper Digit Clock (or Four)
  • All-Band Radio Records Signals, Plays MP3s
  • 3D Printed Spirograph Makes Art Out Of Walnut

  
  

Can’t-Miss Articles:

• Optical Contact Bonding: Where The Macro Meets The Molecular
• Flow Visualization With Schlieren Photography
• What Happened To WWW.?

hackaday.com/2025/05/09/hackad…

You’re designing an oscilloscope with modest storage — only 15,000 samples per channel. However, the sample rate is at 5 Gs/s, and you have to store all four channels at that speed and depth. While there is a bit of a challenge implied, this is quite doable using today’s technology. But what about in the 1990s when the Tektronix TDS 684B appeared on the market? [Tom Verbure] wondered how it was able to do such a thing. He found out, and since he wrote it up, now you can find out, too.

Inside the scope, there are two PCBs. There’s a CPU board, of course. But there’s not enough memory there to account for the scope’s capability. That much high-speed memory would have been tough in those days, anyway. The memory is actually on the analog board along with the inputs and digitizers. That should be a clue.

The secret is the ADG286D from National Semiconductor. While we can’t find any info on the chip, it appears to be an analog shift register, something all the rage at the time. These chips often appeared in audio special effect units because they could delay an analog signal easily.

In practice, the device worked by charging a capacitor to an input signal and then, using a clock, dumping each capacitor into the next one until the last capacitor produced the delayed output. Like any delay line, you could feed the output to the input and have a working memory device.

The scope would push samples into the memory at high speed. Then the CPU could shift them back out on a much slower clock. A clever design and [Tom] gives us a great glimpse inside a state-of-the-art 1990s-era scope.

While we haven’t seen the ADG286D before, we have looked at analog shift registers, if you want to learn more.

hackaday.com/2025/05/09/oscill…

Cryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights, but they are of questionable real-world impact. The most consequential is how easy it is to add additional members to a group chat. Or to put it another way, there are no cryptographic guarantees associated with adding a new user to a group.

The good news is that WhatsApp groups don’t allow new members to read previous messages. So a user getting added to a group doesn’t reveal historic messages. But a user added without being noticed can snoop on future messages. There’s an obvious question, as to how this is a weakness. Isn’t it redundant, since anyone with the permission to add someone to a group, can already read the messages from that group?

That’s where the lack of cryptography comes in. To put it simply, the WhatsApp servers could add users to groups, even if none of the existing users actually requested the addition. It’s not a vulnerability per se, but definitely a design choice to keep in mind. Keep an eye on the members in your groups, just in case.

The Signal We Have at Home

The TeleMessage app has been pulled from availability, after it was used to compromise Signal communications of US government officials. There’s political hay to be made out of the current administration’s use and potential misuse of Signal, but the political angle isn’t what we’re here for. The TeleMessage client is Signal compatible, but adds message archiving features. Government officials and financial companies were using this alternative client, likely in order to comply with message retention laws.

While it’s possible to do long term message retention securely, TeleMessage was not doing this particularly well. The messages are stripped of their end-to-end encryption in the client, before being sent to the archiving server. It’s not clear exactly how, but those messages were accessed by a hacker. This nicely demonstrates the inherent tension between the need for transparent archiving as required by the US government for internal communications, and the need for end-to-end encryption.

The NSO Judgement

WhatsApp is in the news for another reason, this time winning a legal judgement against NSO Group for their Pegasus spyware. The $167 Million in damages casts real doubt on the idea that NSO has immunity to develop and deploy malware, simply because it’s doing so for governments. This case is likely to be appealed, and higher courts may have a different opinion on this key legal question, so hold on. Regardless, the era of NSO’s nearly unrestricted actions is probably over. They aren’t the only group operating in this grey legal space, and the other “legal” spyware/malware vendors are sure to be paying attention to this ruling as well.

The $5 Wrench

In reality, the weak point of any cryptography scheme is the humans using it. We’re beginning to see real world re-enactments of the famous XKCD $5 wrench, that can defeat even 4096-bit RSA encryption. In this case, it’s the application of old crime techniques to new technology like cryptocurrency. To quote Ars Technica:

We have reached the “severed fingers and abductions” stage of the crypto revolution

The flashy stories involve kidnapping and torture, but let’s not forget that the most common low-tech approach is simple deception. Whether you call it the art of the con, or social engineering, this is still the most likely way to lose your savings, whether it’s conventional or a cryptocurrency.

The SonicWall N-day

WatchTowr is back with yet another reverse-engineered vulnerability. More precisely, it’s two CVEs that are being chained together to achieve pre-auth Remote Code Execution (RCE) on SonicWall appliances. This exploit chain has been patched, but not everyone has updated, and the vulnerabilities are being exploited in the wild.

The first vulnerability at play is actually from last year, and is in Apache’s mod_rewrite module. This module is widely used to map URLs to source files, and it has a filename confusion issue where a url-encoded question mark in the path can break the mapping to the final filesystem path. A second issue is that when DocumentRoot is specified, instances of RewriteRule take on a weird dual-meaning. The filesystem target refers to the location inside DocumentRoot, but it first checks for that location in the filesystem root itself. This was fixed in Apache nearly a year ago, but it takes time for patches to roll out.

SonicWall was using a rewrite rule to serve CSS files, and the regex used to match those files is just flexible enough to be abused for arbitrary file read. /mnt/ram/var/log/httpd.log%3f.1.1.1.1a-1.css matches that rule, but includes the url-encoded question mark, and matches a location on the root filesystem. There are other, more interesting files to access, like the temp.db SQLite database, which contains session keys for the currently logged in users.

The other half of this attack is a really clever command injection using one of the diagnostic tools included in the SonicWall interface. Traceroute6 is straightforward, running a traceroute6 command and returning the results. It’s also got good data sanitization, blocking all of the easy ways to break out of the traceroute command and execute some arbitrary code. The weakness is that while this sanitization adds backslashes to escape quotes and other special symbols, it stores the result in a fixed-length result buffer. If the result of this escaping process overflows the result buffer, it writes over the null terminator and into the buffer that holds the original command before it’s sanitized. This overflow is repeated when the command is run, and with some careful crafting, this results in escaping the sanitization and including arbitrary commands. Clever.

The AI CVE DDoS

[Daniel Stenberg], lead developer of curl, is putting his foot down. We’ve talked about this before, even chatting with Daniel about the issue when we had him on FLOSS Weekly. Curl’s bug bounty project has attracted quite a few ambitious people, that don’t actually have the skills to find vulnerabilities in the curl codebase. Instead, these amateur security researchers are using LLMs to “find vulnerabilities”. Spoiler, LLMs aren’t yet capable of this task. But LLMs are capable of writing fake vulnerability reports that look very convincing at first read. The game is usually revealed when the project asks a question, and the fake researcher feeds the LLM response back into the bug report.

This trend hasn’t slowed, and the curl project is now viewing the AI generated vulnerability reports as a form of DDoS. In response, the curl Hackerone bounty program will soon ask a question with every entry: “Did you use an AI to find the problem or generate this submission?” An affirmative answer won’t automatically disqualify the report, but it definitely puts the burden on the reporter to demonstrate that the flaw is real and wasn’t hallucinated. Additionally, “AI slop” reports will result in permanent bans for the reporter.

It’s good to see that not all AI content is completely disallowed, as it’s very likely that LLMs will be involved in finding and describing vulnerabilities before long. Just not in this naive way, where a single prompt results in a vulnerability find and generates a patch that doesn’t even apply. Ironically, one of the tells of an AI generated report is that it’s too perfect, particularly for someone’s first report. AI is still the hot new thing, so this issue likely isn’t going away any time soon.

Bits and Bytes

A supply chain attack has been triggered against several hundred Magento e-commerce sites, via at least three software vendors distributing malicious code. One of the very odd elements to this story is that it appears this malicious code has been incubating for six years, and only recently invoked for malicious behavior.

On the WordPress side of the fence, the Ottokit plugin was updated last month to fix a critical vulnerability. That update was force pushed to the majority of WordPress sites running that plugin, but that hasn’t stopped threat actors from attempting to use the exploit, with the first attempts coming just an hour and a half after disclosure.

It turns out it’s probably not a great idea to allow control codes as part of file names. Portswigger has a report of a couple ways VS Code can do the wrong thing with such filenames.

And finally, this story comes with a disclaimer: Your author is part of Meshtastic Solutions and the Meshtastic project. We’ve talked about Meshtastic a few times here on Hackaday, and would be remiss not to point out CVE-2025-24797. This buffer overflow could theoretically result in RCE on the node itself. I’ve seen at least one suggestion that this is a wormable vulnerability, which may be technically true, but seems quite impractical in practice. Upgrade your nodes to at least release 2.6.2 to get the fix.

hackaday.com/2025/05/09/this-w…

Il maxi-blackout che ieri ha paralizzato per ore Spagna e Portogallo ha impressionato l’Europa intera e messo sotto stress non solo la capacità di reazione dei governi di Madrid e Lisbona, chiamati a gestire in condizioni d’incertezza i Paesi mentre le infrastrutture apparivano estremamente rallentate dall’interruzione dell’energia elettrica, ma anche l’elaborazione politica delle autorità di altri Paesi. Il blackout iberico mostra la necessità di sviluppare capacità di gestione delle infrastrutture critiche in grado di garantire sicurezza e resilienza anche in condizioni d’incertezza e mostrano la vulnerabilità delle reti alle operazioni asimmetriche e di guerra ibrida oggi sempre al centro del dibattito degli strateghi.

Di questi temi parliamo con l’ingegner Giuseppe Lucci, collaboratore di ricerca dell’Osservatorio per la Sicurezza del Sistema Industriale Strategico Nazionale (OSSISNa) costituito in seno al Centro Italiano di Strategia e Intelligence (Cisint) e specialista Grid Development di E-Distribuzione. Per OSSISNa e per Strategic Leadership Journal, la testata del Centro Altri Studi Difesa, Lucci ha di recente pubblicato interessanti studi sui temi di cui discute con InsideOver, centrali per la sicurezza strategica delle economie più avanzate in un’epoca incerta.

Cosa ci insegna la crisi del blackout iberico in materia di sicurezza e resilienza delle infrastrutture elettriche critiche?

“Il recente blackout che ha colpito la Penisola Iberica ci offre importanti spunti di riflessione sulla vulnerabilità dei nostri sistemi energetici, pur ricordando che le cause precise dell’evento non sono ancora state accertate. Osservando quanto accaduto, possiamo comunque trarre alcune considerazioni preliminari che meritano attenzione. Innanzitutto, l’isolamento energetico di Spagna e Portogallo si è rivelato un fattore critico. Questi Paesi, pur disponendo di capacità produttiva propria, quando si sono trovati in difficoltà non hanno potuto contare su sufficienti interconnessioni con il resto d’Europa. È come se vivessero in una casa ben riscaldata ma con pochissime porte e finestre: al primo problema interno, le vie d’uscita sono limitate. Inoltre, le reti di trasmissione ad alta tensione hanno mostrato la loro centralità strategica. Un sistema elettrico è forte quanto il suo anello più debole, e bastano criticità su poche linee principali per innescare effetti a catena su territori vastissimi. Immaginate un sistema stradale dove, bloccate poche autostrade chiave, tutto il traffico si paralizza senza alternative percorribili”.

Nelle crisi urge la possibilità di agire in maniera rapida e coordinata…

“Durante la crisi, la velocità di reazione e il coordinamento tra operatori si sono rivelati determinanti. Come in una squadra di emergenza ben addestrata, la capacità di agire rapidamente e in modo sincronizzato ha fatto la differenza, sebbene siano emerse anche difficoltà nel prendere decisioni tempestive in assenza di scenari preimpostati. Un altro aspetto emerso riguarda la nostra crescente dipendenza dai sistemi digitali per il controllo delle reti elettriche. Questi strumenti, fondamentali per la gestione quotidiana, potrebbero trasformarsi in punti di vulnerabilità in situazioni critiche, sia per malfunzionamenti tecnici che per possibili attacchi informatici”.

La generazione energetica di Spagna e Portogallo è fortemente basata sulle fondi rinnovabili. Che riflessioni impone questo dato di fatto?

“L’alta percentuale di energia rinnovabile nel mix iberico solleva interrogativi sulla gestione di queste fonti intermittenti in situazioni di emergenza. La transizione verde, pur necessaria, richiede adeguati sistemi di accumulo e backup per garantire stabilità anche nei momenti critici. Il blackout iberico ci ricorda che la resilienza energetica non si misura solo in megawatt disponibili, ma nella robustezza dell’intero ecosistema: qualità delle reti, prontezza operativa, integrazione sicura delle rinnovabili e capacità di risposta alle emergenze. È un campanello d’allarme per tutta l’Europa: anche sistemi apparentemente solidi possono rivelare fragilità inaspettate quando sottoposti a stress. Mentre aspettiamo di conoscere le cause precise dell’incidente, questa crisi ci invita già a ripensare i nostri paradigmi di sicurezza energetica con uno sguardo più integrato e previdente”.

In che misura questo problema è proprio del sistema di Spagna e Portogallo e quanto invece è potenzialmente estendibile anche al resto dell’Europa occidentale?

“La Penisola Iberica si trova attualmente in una condizione particolare di limitata integrazione energetica con il resto dell’Europa, una situazione che merita un’analisi approfondita. Spagna e Portogallo presentano una capacità di interconnessione con la rete elettrica continentale significativamente inferiore rispetto agli obiettivi stabiliti dall’Unione Europea, circostanza che comporta ripercussioni sia in termini di sicurezza energetica che di efficienza economica. La conformazione geografica, con i Pirenei che costituiscono una barriera naturale, rappresenta un fattore oggettivo che ha limitato lo sviluppo di adeguate infrastrutture di connessione con la Francia. Questo aspetto, unito alla notevole penetrazione di energie rinnovabili non programmabili nel mix energetico iberico, genera una situazione in cui la gestione dei flussi energetici risulta particolarmente complessa, con conseguenti differenziali di prezzo rispetto al mercato continentale”.

Il problema è esclusivamente iberico o ci sono altri casi simili?

“È opportuno considerare come alcune di queste problematiche, sebbene con intensità differente, si manifestino anche in altre aree dell’Europa occidentale. Le reti di trasmissione di diversi Paesi europei mostrano crescenti segni di congestione, mentre l’evoluzione del panorama produttivo legato alla transizione energetica sta introducendo nuove sfide infrastrutturali. Regioni come l’Italia meridionale e insulare, così come l’Irlanda, presentano già situazioni di parziale isolamento energetico su scala regionale. La questione iberica può pertanto essere interpretata come un caso di studio rilevante per comprendere le potenziali criticità che potrebbero interessare altre aree europee qualora lo sviluppo delle infrastrutture di rete non procedesse di pari passo con la trasformazione del mix energetico. Il fenomeno suggerisce l’importanza di un approccio coordinato a livello continentale per garantire un’efficace integrazione dei mercati energetici europei, requisito essenziale per il successo della transizione verso un sistema energetico più sostenibile”.

Le cause restano da chiarire. Non ci sono prove della possibilità di un attacco ostile ma chiaramente casi del genere sarebbero le conseguenze di qualsiasi offensiva cybernetica. Chi studia operazioni di guerra asimmetrica contro le reti prende appunti da queste vulnerabilità?

“Il blackout che ha colpito la Penisola Iberica ci offre uno spaccato illuminante sulle fragilità dei nostri sistemi energetici moderni. Sebbene le cause precise dell’evento restino ancora da chiarire, ciò che emerge con evidenza è il potenziale che simili situazioni rappresentano per chi studia le operazioni di guerra asimmetrica. Immaginate le nostre reti elettriche come il sistema nervoso della società contemporanea. Un tempo robuste e relativamente semplici, oggi sono diventate incredibilmente sofisticate ma, paradossalmente, anche più vulnerabili. La digitalizzazione che le rende efficienti le trasforma simultaneamente in bersagli ideali per attori che cercano di colpire un avversario “di lato” anziché frontalmente”.

Perché le reti elettriche attirano così tanto l’attenzione degli strateghi militari non convenzionali?

“La risposta è nella loro architettura interconnessa. Un sistema elettrico moderno funziona come un delicato gioco di equilibri: quando questa armonia viene disturbata in punti strategici, l’effetto può propagarsi come onde in uno stagno, amplificandosi ben oltre il punto d’impatto iniziale. Gli esperti che analizzano questi scenari non sono necessariamente interessati alla distruzione fisica delle infrastrutture. Ciò che studiamo nel rapporto OSSISNa 2025 è la possibilità di provocare una “disfunzione sistemica” – un’incapacità temporanea ma estesa del sistema di svolgere le sue funzioni essenziali. Il caos sociale che ne consegue e la pressione politica sui governi possono ottenere risultati strategici significativi senza sparare un colpo”.

Quali sono i profili di minaccia da osservare con maggiore attenzione?

“Particolarmente preoccupante è la nuova frontiera delle vulnerabilità digitali. I sistemi di controllo computerizzati che gestiscono le reti elettriche sono come porte che, se forzate, permettono di manipolare l’intero edificio energetico. Un singolo malware ben posizionato può compromettere centri nevralgici di distribuzione o sistemi di monitoraggio remoto. Non serve più abbattere fisicamente i tralicci quando si può “sussurrare” istruzioni dannose ai computer che li controllano. Ciò che rende questi scenari ancora più inquietanti è l’effetto domino che può scaturirne. Il blackout iberico, qualunque ne sia la causa, ha mostrato come un problema inizialmente circoscritto possa propagarsi attraverso reti insufficientemente compartimentate. Per uno stratega di guerra asimmetrica, questa è una leva formidabile: investire risorse limitate per ottenere effetti sproporzionati”.

Quali sono le principali lezioni da trarre da questa situazione?

“La lezione più importante che possiamo trarre da questa vicenda è che la resilienza energetica è ormai una questione di sicurezza nazionale, non solo di efficienza tecnica. Le moderne strategie di conflitto non mirano necessariamente alla distruzione, ma alla destabilizzazione attraverso la disarticolare dei servizi essenziali. Mentre attendiamo di comprendere le reali cause del blackout iberico, una cosa è certa: gli strateghi di guerra asimmetrica stanno prendendo appunti, e le nostre società farebbero bene a fare lo stesso, ripensando profondamente come proteggere le arterie energetiche da cui dipende la nostra vita quotidiana”.

L'articolo Giuseppe Lucci: “Le lezioni sulla sicurezza dal black out in Spagna e Portogallo” proviene da InsideOver.

HERE'S A BONUS DIGITAL POLITICS to finish your week. I'm Mark Scott, and you find me on a train to York (in the north of England) on my way to a workshop to discuss social media data access. Oh, what a glamorous life.

Below are two analyses that I wrote for Tech Policy Press where I am a contributing editor. They build on this week's newsletter to drill down on different aspects of the transatlantic tech relationship.

Taken together, they offer dueling perspectives on what is going on in Washington and Brussels. The first places Donald Trump's administration in the global context. The second explains the European Union's vibe shift on tech.

Let's get started:

digitalpolitics.co/newsletter0…

Every year lightning strikes cause a lot of damage — with the high-voltage discharges being a major risk to buildings, infrastructure, and the continued existence of squishy bags of mostly salty water. While some ways exist to reduce their impact such as lightning rods, these passive systems can only be deployed in select locations and cannot prevent the build-up of the charge that leads up to the plasma discharge event. But the drone-based system recently tested by Japan’s NTT, the world’s fourth largest telecommunications company, could provide a more proactive solution.

The idea is pretty simple: fly a drone that is protected by a specially designed metal cage close to a thundercloud with a conductive tether leading back to the ground. By providing a very short path to ground, the built-up charge in said cloud will readily discharge into this cage and from there back to the ground.

To test this idea, NTT researchers took commercial drones fitted with such a protective cage and exposed them to artificial lightning. The drones turned out to be fine up to 150 kA which is five times more than natural lightning. Afterwards the full system was tested with a real thunderstorm, during which the drone took a hit and kept flying, although the protective cage partially melted.

Expanding on this experiment, NTT imagines that a system like this could protect cities and sensitive areas, and possibly even use and store the thus captured energy rather than just leading it to ground. While this latter idea would need some seriously effective charging technologies, the idea of proactively discharging thunderclouds is perhaps not so crazy. We would need to see someone run the numbers on the potential effectiveness, of course, but we are all in favor of (safe) lightning experiments like this.

If you’re wondering why channeling lightning away from critical infrastructure is such a big deal, you may want to read up on Apollo 12.

hackaday.com/2025/05/09/trigge…

We’ve certainly seen people take a photo of a part, bring it into CAD, and then scale it until some dimension on the screen is the same as a known dimension of the part. We like what [Scale Addition] shows in the video below. In addition to a picture of the part, he also takes a picture of a vernier caliper gripping the part. Now your scale is built into the picture, and you can edit out the caliper later.

He uses SketchUp, but this would work on any software that can import an image. Given the image with the correct scale, it is usually trivial to sketch over the image or even use an automatic tracing function. You still need some measurements, of course. The part in question has a vertical portion that doesn’t show up in a flat photograph. We’ve had good luck using a flatbed scanner before, and there’s no reason you couldn’t scan a part with a caliper for scale.

This is one case where a digital caliper probably isn’t as handy as an old-school one. But it would be possible to do the same trick with any measurement device. You could even take your picture on a grid of known dimensions. This would also allow you to check that the distances at the top and bottom are the same as the distances on the right and left.

Of course, you can get 3D scanners, but they have their own challenges.

youtube.com/embed/XSrSXhhsehk?…

hackaday.com/2025/05/09/scan-y…

The 1970s saw a veritable goldrush to corner the home computer market, with Tandy’s Z80-powered TRS-80 probably one of the most (in)famous entries. Designed from the ground up to be as cheap as possible, the original (Model I) TRS-80 cut all corners management could get away with. The story of the TRS-80 Model I is the subject of a recent video by the [Little Car] YouTube channel.

Having the TRS-80 sold as an assembled computer was not a given, as kits were rather common back then, especially since Tandy’s Radio Shack stores had their roots in selling radio kits and the like, not computer systems. Ultimately the system was built around the lower-end 1.78 MHz Z80 MPU with the rudimentary Level I BASIC (later updated to Level II), though with a memory layout that made running the likes of CP/M impossible. The Model II would be sold later as a dedicated business machine, with the Model III being the actual upgrade to the Model I. You could also absolutely access online services like those of Compuserve on your TRS-80.

While it was appreciated that the TRS-80 (lovingly called the ‘Trash-80’ by some) had a real keyboard instead of a cheap membrane keyboard, the rest of the Model I hardware had plenty of issues, and new FCC regulations meant that the Model III was required as the Model I produced enough EMI to drown out nearby radios. Despite this, the Model I put Tandy on the map of home computers, opened the world of computing to many children and adults, with subsequent Tandy TRS-80 computers being released until 1991 with the Model 4.

youtube.com/embed/Z0Ckj6wZ2dQ?…

hackaday.com/2025/05/08/hacky-…

Although [Vitor Fróis] is explaining linear regression because it relates to machine learning, the post and, indeed, the topic have wide applications in many things that we do with electronics and computers. It is one way to use independent variables to predict dependent variables, and, in its simplest form, it is based on nothing more than a straight line.

You might remember from school that a straight line can be described by: y=mx+b. Here, m is the slope of the line and b is the y-intercept. Another way to think about it is that m is how fast the line goes up (or down, if m is negative), and b is where the line “starts” at x=0.

[Vitor] starts out with a great example: home prices (the dependent variable) and area (the independent variable). As you would guess, bigger houses tend to sell for more than smaller houses. But it isn’t an exact formula, because there are a lot of reasons a house might sell for more or less. If you plot it, you don’t get a nice line; you get a cloud of points that sort of group around some imaginary line.

There are mathematical ways to figure out what line you should imagine, but you can often eyeball it, too. The real trick is evaluating the quality of that imaginary line.

To do that, you need an error measure. If you didn’t know better, you’d probably think expressing the error in terms of absolute value would be best. You know, “this is 10 off” or whatever. But, as [Vitor] explains, the standard way to do this is with a squared error term R². Why? Read the post and find out.

For electronics, linear regression has many applications, including interpreting sensor data. You might also use it to generalize a batch of unknown components, for example. Think of a batch of transistors with different Beta values at different frequencies. A linear regression will help you predict the Beta and the error term will tell you if it is worth using the prediction or not. Or, maybe you just want to make the perfect cup of coffee.

hackaday.com/2025/05/08/unders…

In the driving simulator community, setups can quickly grow ever more complicated and expensive, all in the quest for fidelity. For [CNCDan], rather than buy pedals off the shelf, he opted to build his own.

[Dan] has been using some commercial pedals alongside his own DIY steering wheel and the experience is rather lackluster in comparison. The build starts with some custom brackets. To save on cost, they are flat with tabs to let you know where to bend it in a vise. Additionally, rather than three sets of unique brackets, [Dan] made them all the same to save on cost. The clutch and throttle are a simple hall effect sensor with a spring to provide feedback. However, each bracket provides a set of spring mounting holes to adjust the curve. Change up the angle of the spring and you have a different curve. The brake pedal is different as rather than measure position, it measures force. A load cell is perfect for this. The HX711 load cell sensor board that [Dan] bought was only polling at 10hz. Lifting a pin from ground and bodging it to VDD puts the chip in 80hz, which is much more usable for a driving sim setup.

[Dan] also cleverly uses a 3d printed bushing without any walls as resistance for the pedal. Since the bushing is just the infill, the bushing stiffness is controlled by the infill percentage. Aluminum extrusion forms the base so [Dan] can adjust the exact pedal positions. To finish it off, a bog standard Arduino communicates to the PC as a game controller.

The project is on GitHub. Perhaps the next version will have active feedback, like this DIY pedal setup.

youtube.com/embed/44LWekyILmk?…

hackaday.com/2025/05/08/diy-dr…

You might be old enough to remember record platters, but you probably aren’t old enough to remember when records were cylinders. The Edison Blue Amberol records came out in 1912 and were far superior to the earlier wax cylinders. If you had one today, how could you play it? Easy. Just build [Palingenesis’] record player. You can even hear it do its thing in the video below.

The cylinders are made of plaster with a celluloid wrapper tinted with the namesake blue color. They were more durable than the old wax records and could hold well over four minutes of sound.

The player is mostly made from wood cut with a mill or a laser. There are some bearings, fasteners, and — of course — electronics. The stylus requires some care. Conventional records use a lateral-cut groove, but these old records use a vertical-cut. That means the pickup moves up and down and has a rounder tip than a conventional needle.

Rather than try to control the motor to an exact speed, you get to set the speed with a potentiometer and see the resulting RPM on a small display. Overall, an involved but worthwhile project.

We recently looked at some players that would have been new about the same time as the blue record in the video. We don’t think you could modify one of these to play stereo, but if you do, let us know immediately!

youtube.com/embed/N8NWpFI_Xdw?…

hackaday.com/2025/05/08/edison…

If you have seen Star Wars, you know what is being referenced here. Holochess appeared as a diversion built into the Millennium Falcon in the very first movie, way back in 1977. While not quite as iconic a use of simulated holograms as tiny Princess Leia begging for hope, it evidently struck a chord with [Maker Mac70], given the impressive effort he’s evidently gone through to re-create the game table from the film.

The key component of this unit is a plate from Japanese firm ASKA3D that scatters light from displays inside the table in just such a way that the diverging rays are focused at a point above its surface, creating the illusion of an image hovering in space. Or in this case, hovering at the surface of a acrylic chessboard. Granted, this technique only works from one viewing angle, and so is not a perfect recreation of a sci-fi holoprojector. But from the right angle, it looks really good, as you can see in the video below.

There are actually six SPI displays, driven by an Arduino GIGA, positioned and angled to project each character in the game. Placing two of the displays on 3D printed gantries allows them to move, allowing two creatures to battle in the center of the table. As [Maker Mac70] admits, this is quite a bit simpler than the Holochess game seen in the film, but it’s quite impressive for real world hardware.

If this all seems a little bit familiar, we covered an earlier floating display by [Maker Mac70] last year. This works on similar principles, but uses more common components which makes the technique more accessible. If chess isn’t your forte, why not a volumetric display that plays DOOM? If you’re interested in real holograms, not Sci-Fi, our own [Maya Posch] did a deep dive you may find interesting.

youtube.com/embed/uMe7RNvCW6g?…

hackaday.com/2025/05/08/let-th…

Uno studio su larga scala condotto da Rubrik Zero Labs ha confermato che quasi il 90% dei responsabili IT e della sicurezza informatica in tutto il mondo dovrà affrontare attacchi informatici nel 2024. Il rapporto, intitolato “The State of Data Security 2025: A Distributed Crisis”, documenta una tendenza preoccupante: gli ambienti IT ibridi, diventati la norma per le aziende, stanno creando nuove vulnerabilità per le quali le aziende non sono preparate.

Gli esperti sottolineano che il passaggio al cloud è spesso accompagnato da un falso senso di sicurezza. Come ha sottolineato Joe Hladik, CEO di Rubrik Zero Labs, molti si affidano ai fornitori di servizi cloud per la sicurezza. In realtà, gli aggressori sfruttano attivamente le falle nelle architetture ibride e continuano ad attaccare utilizzandoransomware e furto di credenziali.

Gli attacchi stanno diventando sempre più frequenti. I principali vettori sono le fughe di dati, l’infezione dei dispositivi con malware, la compromissione delle piattaforme cloud, il phishing e gli attacchi dall’interno. Le conseguenze sono tangibili: aumento dei costi per la sicurezza informatica (40%), perdite di reputazione (37%) e persino un cambio di management in un terzo dei casi.

La situazione è complicata dal forte aumento dei volumi di dati e dalla diffusione dei sistemi di intelligenza artificiale. Il 90% degli intervistati ha dichiarato di gestire un ambiente cloud ibrido e che oltre la metà dei propri carichi di lavoro si sta già spostando sul cloud. Un terzo degli intervistati ha indicato la protezione dei dati come un problema importante in tali condizioni, mentre un terzo ha sottolineato la mancanza di gestione centralizzata e di trasparenza.

Secondo la telemetria di Rubrik, il 36% dei file sensibili nel cloud sono dati ad alto rischio. Tra questi rientrano dati personali, codici sorgente, numeri di previdenza sociale, numeri di telefono, nonché chiavi API e account. Si tratta del tipo di informazioni che interessa agli aggressori che cercano di rubare identità e penetrare nei sistemi critici.

Particolarmente preoccupante è lo stato dei backup: tra coloro che sono sopravvissuti a un attacco ransomware, l’86% ha pagato il riscatto e il 74% ha ammesso una parziale compromissione dei propri sistemi di ripristino. Nel 35% dei casi i sistemi di backup erano completamente compromessi.

La flessibilità dell’architettura ibrida è diventata anche il suo tallone d’Achille: il 92% delle aziende utilizza da due a cinque piattaforme cloud o SaaS, il che crea difficoltà nella gestione degli accessi. Secondo il 28% degli intervistati, gli attacchi che sfruttano account rubati e privilegi interni stanno diventando sempre più comuni.

In definitiva, Rubrik auspica un passaggio a un modello di sicurezza incentrato sui dati anziché sulle infrastrutture. Visibilità, controllo, classificazione e capacità di recupero rapido diventano priorità. Senza questo, i paesaggi ibridi continueranno a rappresentare un bersaglio appetibile per gli attacchi.

L'articolo Cybersecurity: l’86% delle aziende soccombe agli attacchi informatici per colpa del Cloud proviene da il blog della sicurezza informatica.