If you’re looking to add a pop of glowing whimsy to your workspace, check out this vibrant jiggly desk toy by [thzinc], who couldn’t resist the allure of Adafruit’s NOODS LED strands. [thzinc]’s fascination with both glowing LEDs and levitating tensegrity designs led to an innovative attempt to defy gravity once again.

The construction’s genius is all about the balance of tension across the flexible LED strands, with three red ‘arms’ and a blue ‘hanger’ arm supporting the central hub. [thzinc]’s early designs faced print failures, but by cleverly reorienting print angles and refining channel designs, he achieved a modular, sturdy structure. Assembly involved careful soldering, tension adjustments, and even a bit of temporary tape magic to perfect the wobbling equilibrium.

But, the result is one to applaud. A delightful, wobbly desk toy with a kind of a Jell-O vibe that dances to your desk’s vibrations while glowing like a mini neon sign. We’ve covered tensegrity constructions in the past, so with a little digging through our archives you’ll be able to find some unique variations to build your own. Be sure to read [thzinc]’s build story before you start. Feel free to combine the best out there, and see what you can bring to the table!

media.hachyderm.io/media_attac…

hackaday.com/2025/01/30/the-je…

As the most important muscle in our body, any issues with our heart are considered critical and reason for replacement with a donor heart. Unfortunately donor hearts are rather rare, making alternatives absolutely necessary, or at the very least a way to coax the old heart along for longer. A new method here seems to be literally patching up a patient’s heart with healthy heart tissue, per the first human study results by [Ahmad-Fawad Jebran] et al. as published in Nature (as well as a partially paywalled accompanying article).

Currently, simple artificial hearts are a popular bridging method, which provide a patient with effectively a supporting pump. This new method is more refined, in that it uses induced pluripotent stem cells (iPS) from an existing hiPSC cell line (TC1133) which are then coaxed into forming cardiomyocytes and stromal cells, effectively engineered heart muscle (EHM). After first testing this procedure on rhesus macaque monkeys, a human trial was started involving a 46-year old woman with heart failure after a heart attack a few years prior.

During an operation in 2021, 10 patches of EHMs containing about 400 million cells each were grafted onto the failing heart. When this patient received a donor heart three months later, the removed old heart was examined and the newly grafted sections found to be healthy, including the development of blood vessels.

Although currently purely intended to be a way to keep people alive until they can get a donor heart, this research opens the tantalizing possibility of repairing a patient’s heart using their own cells, which would be significantly easier than growing (or bioprinting) an entire heart from scratch, while providing the benefit of such tissue patches grown from one’s own iPS cells not evoking an immune response and thus mitigating the need for life-long immune system suppressant drugs.

Featured image: Explanted heart obtained 3 months after EHM implantation, showing the healthy grafts. (Credit: Jebran et al., 2025, Nature)

hackaday.com/2025/01/30/patchi…

[Zen Garden Oasis] wanted to heat and light a space using a candle. But candles aren’t always convenient since they burn down and, eventually, you must replace them. So he built copper candles using a common copper pipe and an old glass jar. Of course, the candle still takes fuel that you have to replace, but the candle itself doesn’t burn down.

The basic idea is that the copper tube holds a high-temperature carbon wick that stays saturated with fuel. The fuel burns, but the wick material doesn’t. The copper part is actually concentric with a 3/4-inch pipe mostly enclosing a 1/2-inch pipe.

The inner pipe extends further, and there are several holes in each pipe for fuel and air flow. The extended part of the pipe will be the candle’s flame. The wick wraps the entire inner pipe, stopping when it emerges from the outer pipe.

The fuel is alcohol, just like the old burner in your childhood chemistry set. The flame isn’t very visible, but a little salt in the fuel can help make the burn more orange.

Of course, this is a flame, so you need ventilation. You’ll also want to take care to make sure the candle—or anything burning—doesn’t tip over or set something else on fire. These candles will store just fine, and they can even burn common rubbing alcohol, so they could be useful in an emergency to generate heat and light with no electricity. Even a small candle can generate heat around 300F. Bigger candles make more heat, and the video shows ways to capture the heat to make it more useful.

There are a number of useful comments about drilling a cleaner hole in the jar lid and better replacements for the JB Weld seal. We’d have suggested furnace cement, which is easy to find and cheap.

youtube.com/embed/7LV5wY-iM34?…

hackaday.com/2025/01/30/copper…

Dopo aver inviato una richiesta ufficiale alle società cinesi Hangzhou DeepSeek Artificial Intelligence e Beijing DeepSeek Artificial Intelligence, il Garante per la protezione dei dati personali ha emesso un ulteriore comunicato in cui blocca con effetto immediato il trattamento dei dati degli utenti italiani da parte del chatbot DeepSeek.

Il provvedimento arriva dopo che le risposte fornite dalle società sono state ritenute del tutto insufficienti. Le aziende avevano dichiarato di non operare in Italia e di non essere soggette alla normativa europea, una posizione che il Garante ha contestato con fermezza, avviando un’istruttoria per verificare eventuali violazioni della normativa sulla protezione dei dati.

DeepSeek: l’AI cinese sotto osservazione

DeepSeek è un software di intelligenza artificiale relazionale, progettato per comprendere ed elaborare il linguaggio umano. Lanciato di recente a livello globale, ha registrato milioni di download in pochi giorni, attirando rapidamente l’attenzione delle autorità di regolamentazione.

In una precedente richiesta di informazioni, il Garante aveva chiesto a DeepSeek dettagli su:

• Quali dati personali vengono raccolti e da quali fonti;
• La base giuridica del trattamento e le finalità d’uso dei dati;
• La localizzazione dei server, con particolare attenzione a un eventuale trasferimento di dati verso la Cina;
• Le metodologie di addestramento del modello AI, inclusa la raccolta di informazioni tramite web scraping, e come gli utenti (registrati e non) venissero informati su tali pratiche.

Tuttavia, la risposta delle aziende cinesi è stata ritenuta inadeguata e non conforme alle richieste dell’Autorità.

La decisione del Garante

A tutela della privacy degli utenti italiani, il Garante ha disposto la limitazione immediata del trattamento dei dati da parte di DeepSeek, bloccando di fatto l’operatività del chatbot in Italia. Contestualmente, è stata aperta un’istruttoria per approfondire le eventuali violazioni della normativa europea sulla protezione dei dati personali.

Questa vicenda segna un nuovo capitolo nella crescente attenzione delle autorità europee nei confronti delle AI di origine straniera, soprattutto in relazione al trattamento dei dati personali e alla trasparenza degli algoritmi di addestramento.

L’episodio DeepSeek ricorda il caso di ChatGPT, che nel 2023 era stato temporaneamente bloccato in Italia per presunte violazioni della privacy, salvo poi essere riammesso dopo l’adozione di misure correttive. Le big tech dell’AI dovranno ora confrontarsi con normative sempre più stringenti, per garantire la protezione dei dati degli utenti europei.

Abbiamo chiesto a DeepSeek cosa ne pensa relativamente al comunicato del garante e l’AI ha riportato quanto segue:

L'articolo Il Garante Blocca DeepSeek in Italia: La Delucidazione è Stata “Del Tutto Insufficiente” proviene da il blog della sicurezza informatica.

Testing every kind of glue with PETG, including wood glue. (Credit: Cosel, YouTube)
PETG is a pretty great material to print 3D models with, but one issue with it is that gluing it can be a bit of a pain. In a recent video by [Cosel] (German language, with English auto-dub) he notes that he found that with many adhesives the adhesion between PETG parts would tend to fail over time, so he set out to do a large test with just about any adhesive he could get his hands on. This included everything from epoxy to wood glue and various adhesives for plastics

For the test, two flat surfaces were printed in PETG for each test, glued together and allowed to fully dry over multiple days. After about a week each sample was put into a rig that tried to pull the two surfaces apart while measuring the force required to do so.

With e.g. two-part epoxy and super glue the parts would break rather than the glue layer, while with others the glue layer would give way first. All of these results are noted in the above graphic that has the force listed in Newton. The special notes and symbols stand for strong smell (‘Geruch’), the PETG itself breaking (‘Substrat gebrochen’) and high variability (‘hohe Streuung’) between the multiple samples tested per adhesive.

Interesting is that multiple superglues (‘Sekundenkleber’) show different results, while MMA (Methyl Methacrylate) and similar score the highest. The Bostik P580 is a polyurethane construction adhesive, usually used for gluing just about anything to anything in interior and exterior applications, so perhaps its high score isn’t so surprising. Trailing at the end are the wood glue in last place, with the UHU general adhesive also scoring rather poorly.

Clearly there are many options for gluing PETG parts, but some are definitely more sturdy than others.

Thanks to [Risu no Kairu] for the tip.

youtube.com/embed/tyo8vLorpZo?…

hackaday.com/2025/01/30/compar…

Although much diminished now, the public switched telephone network was one of the largest machines ever constructed. To make good on its promise of instant communication across town or around the world, the network had to reach into every home and business, snake along poles to thousands of central offices, and hum through the ether on microwave links. In its heyday it was almost unfathomably complex, with calls potentially passing through thousands of electronic components, any of which failing could present anything from a minor annoyance to a matter of life or death.

The brief but very interesting film below deals with “The Tyranny of Large Numbers.” Produced sometime in the 1960s by Western Electric, the manufacturing arm of the Bell System, it takes a detailed look at the problems caused by scaling up systems. As an example, it focuses on the humble carbon film resistor, a component used by the millions in various pieces of telco gear. Getting the manufacturing of these simple but critical components right apparently took a lot of effort. Initially made by hand, a tedious and error-prone process briefly covered in the film, Western Electric looked for ways to scale up production significantly while simultaneously increasing quality.

While the equipment used by the Western engineers to automate the production of resistors, especially the Librascope LGP-30 computer that’s running the show, may look quaint, there’s a lot about the process that’s still used to this day. Vibratory bowl feeders for the ceramic cores, carbon deposition by hot methane, and an early version of a SCARA arm to sputter gold terminals on the core could all be used to produce precision resistors today. Even cutting the helical groove to trim the resistance is similar, although today it’s done with a laser instead of a grinding wheel. There are differences, of course; we doubt current resistor manufacturers look for leaks in the outer coating by submerging them in water and watching for bubbles, but that’s how they did it in the 60s.

The productivity results were impressive. Just replacing the silver paint used for terminal cups with sputtered gold terminals cut 16 hours of curing time out of the process. The overall throughput increased to 1,200 pieces per hour, an impressive number for such high-reliability precision components, some of which we’d wager were still in service well into the early 2000s. Most of them are likely long gone, but the shadows cast by these automated manufacturing processes stretch into our time, and probably far beyond.

youtube.com/embed/4qlcBWkSHjk?…

hackaday.com/2025/01/30/retrot…

You might not have noticed if you’re not a digital artist, but most painting and image apps still get color mixing wrong. As we all learned in kindergarten, blue paint and yellow paint makes green paint. Try doing that in Photoshop, and you’ll get something altogether different—a vague, uninspiring brownish-grey. It’s the same story in just about every graphics package out there.

As it turns out, there’s a good reason the big art apps haven’t tackled this—because it’s really hard! However, a team of researchers at Czech Technical University has finally cracked this long-standing problem. The result of their hard work is Mixbox, a digital model for pigment-based color mixing. Once again, creative application of mathematics has netted aesthetically beautiful results!

Come Up Off Your Color Chart

Combine yellow and blue paint, and the only light reflected by the pigments will be wavelengths in the green range. This is referred to as “subtractive” color mixing because each pigment is taking something away from white light. Credit: Lewin Day
The core issue lies in how digital art apps handle color. Most are built around the RGB color model, which is exactly how our monitors display color—but it’s nothing like how paint and color work in the real world. When you mix blue and yellow light, you get gray – exactly what happens in most digital painting software. Actual paint pigments interact with light in a much more complex way.

What we see when we look at paint is the light reflected from the pigments, not what was absorbed. Mixing paints ends up with a more complex situation, with the combined paint absorbing and scattering different wavelengths as light bounces around between pigment particles. Combine two paints, and you’re left with less reflected light because each different pigment absorbs a different part of the spectrum. You only see what’s left. This is also why you get a murky brown or black result when you mix a whole ton of different colors—the different pigments absorb light from all different parts of the spectrum, and reflect precious little to your eyes.

There’s actually been a mathematical model for the behavior of mixed paints since 1931 – the Kubelka-Munk (K-M) equations. Computer graphics researchers have known about it for decades, but it’s never widely been implemented in commercial software. That’s because implementing it would require tracking multiple pigment channels for every pixel instead of just three channels to cover red, green, and blue values. That was a particular deal-breaker in the early days of computing, but it remains a hurdle to this day. Most art software still relies on graphics pipelines built entirely around RGB. Beyond that, pigments don’t readily map to the whole gamut of available RGB colors.
Left, you can see the results of standard RGB color mixing, while to the right, you can see the results of the K-M method. The latter is far more representative of how paint mixes in real life. Credit: Research paper
The breakthrough came when researchers realized they could knit the principles of the K-M model into the RGB space. Their hack works by decomposing RGB colors into a combination of four basic pigments. The team chose Phthalo Blue, Quinacridone Magenta, Hansa Yellow, and Titanium White as a reasonable basis. Then, they coded a routine to calculate how RGB colors should mix based on their component pigments, using the K-M model. For RGB colors that can’t be made up purely with pigments, there’s also a special “residual” term that accounts for “the missing part of red, green, and blue light that needs to be supplemented to the light reflected off of the pigment mixture in order to exactly match the original RGB color.” It lets the K-M model do its mixing magic without compromising the color space available to the user. The team then had to perform some pigment manipulations to ensure their model wouldn’t end up creating colors that lived outside of the RGB color space, either.

Getting this model to run at speed was a must; after all, nobody wants art software that lags when dragging a brush across the screen. The biggest hurdle to overcome was the mathematical operation to decompose RGB colors into their base pigments. To run this quickly, they pre-compute massive lookup tables that handle all the complex K-M math ahead of time. At runtime, the software only needs to do a few quick table lookups to figure out how colors should blend. The whole system acts as a drop-in replacement for regular RGB color mixing, requiring minimal changes to existing software.

The performance overhead is surprisingly minimal, with the model running only about two to three times slower than regular RGB mixing. On modern hardware, that translates to just milliseconds of lag. In most cases, the model can run at over 60 frames per second on a modern computer. The lookup tables add about 96MB of memory overhead, which is pretty much unnoticeable compared to the gigabytes of memory bloat in most modern software.
The K-M model proves far more authentic than standard color-mixing algorithms in commercial software. Credit: research paper
The team has released their implementation on GitHub, opening the door for other developers to integrate proper pigment mixing into their own projects. The code has also been implemented in a simple web painting app that you can try for yourself, right in a browser. Alternatively, the system has been implemented in a commercial painting app called Rebelle. Whichever way you try it out, though, the results are equally impressive. With the mixing model at play, not only do blue and yellow finally make green, but you get all sorts of subtle effects that happen with real paint. For example, colors actually become more saturated when mixed with white instead of getting washed out.

The main limitation is that the system can only handle four base pigments at a time – adding more would make the lookup tables impractically large. More pigments might make it easier to cover the whole RGB gamut, but they also introduce issues for handling the maths in a neat and tidy manner. The researchers have suggested such expansion might be a valuable area for future work.
It’s quite easy to compare the validity of the K-M model simply by putting it next to real paint as an example. Credit: research paper
In any case, this could be a game-changer for new digital artists coming from traditional media, where color mixing is so much more intuitive. It’s beautiful to see vibrant colors erupting from a canvas, whether real or digital. Now, the latter can more accurately approach the former, giving digital artists greater opportunity for rich expression, colors and all.

hackaday.com/2025/01/30/digita…

Although it sounds like some Star Trek McGuffin, a Q-Meter is a piece of test gear that measures the Q factor of a tuned circuit. [Thomas] got a Boonton meter from 1962 that wasn’t in very good shape, but it was a fun teardown, as you can see in the video below. The meter had signs of a prior modification or repair, but still a nice peek into some vintage gear.

The meter could measure up to 260 MHz (or megacycles in 1962 parlance) and had some unusual features, including an oddly wired AC transformer and a “voltage stabilizer” to ensure a constant AC voltage at the input. We have to admit, we miss the days when our test equipment had gears inside. Then again, we don’t miss the tubes and the high-voltage stuff. Because of the high frequency, the unit even has an oddball acorn tube that you rarely see.

You may notice the meter has a mirror in a strip on the face. This is a common feature of high-precision analog meter movements. The idea is that you move your head until the needle hides its own reflection in the mirror to avoid parallax errors in your reading.

This isn’t the first Q meter we’ve seen; in fact, one was pretty similar but a bit older. While you can get a lot of new gear cheap these days, there’s still something to be said for vintage test equipment.

youtube.com/embed/-o-g3DZhXBo?…

hackaday.com/2025/01/30/a-1962…

Hey, you know that guy in accounting, Marco? If you want to find out more about him, you’d probably go surf LinkedIn or maybe a social media site. Inside a company, you might look on instant messaging for a profile and even find out if he is at his desk or away. But back in the 1970s, those weren’t options. But if Marco was on the computer system, maybe you could finger him. While that sounds strange to say today, Finger was a common service provided by computer services at the time. It was like a LinkedIn profile page for the 1970s.

Based on RFC 742, Finger was the brainchild for [Les Earnest]. From a user’s point of view, you put a few files in your home directory (usually .project and .plan; both hidden files), and when someone “fingered” you, they’d see some human-friendly output about your account like your name and office location, if you were logged in or not, and the contents of your project and plan files.

Modern versions may also show your public PGP key and other data. You could usually put a file in your home directory called .nofinger if you wanted to stop people from fingering you.

Under the Covers

Behind the scenes, finger worked with a daemon on port 79 that handled TCP requests. By 1991, RFC 1288 defined the protocol in more detail. Since it was a network service, you could finger people on other computers as long as port 79 was open.

Things were pretty freeform, so while some people had information in their plan files, others had jokes or even ASCII graphics. Most people didn’t know about them and ended up with the defaults.

Why Finger?

This PDP-10 surely was running a finger service. (photo CC-BY-4.0 by [Gah4])You might wonder why this was called finger. We always thought it was like the old mobster movies (“he put the finger on Lenny”). But it turns out, [Les] noted people using their fingers to trace through the verbose output of WHO command on WAITS, which was based on the operating system later known as TOPS-10, a common operating system on the PDP-6 and PDP-10 computers.

Incidentally, [Les] was the same guy who developed the SAIL keyboard that, as far as we know, introduced the META key you hear about in Emacs.

Cutting Off Finger

Finger is from a simpler time when you could assume people weren’t trying to hack into your system. Of course, they are. In 1988, the Morris worm exploited fingerd — the finger daemon — to spread itself among systems.

Between better alternatives, security concerns, and a general lack of awareness among new users, the writing was on the wall. Today, it is hard to find a system that provides finger services.

You could install finger, but we don’t recommend you keep it running for long. Ubuntu’s package manager, at least, will let you install both finger and fingerd easily.

Running finger with no arguments will show you a list of logged in users. Usually, you’d use it with a user ID, though:
$ finger alw
Login: alw Name: Al Williams
Directory: /home/alw Shell: /bin/bash
On since Sun Jan 12 13:51 (CST) on tty2 from :0
19 days 19 hours idle
On since Sun Jan 12 13:51 (CST) on pts/0 from :0
16 days 21 hours idle
On since Sun Jan 12 13:52 (CST) on pts/2 from tmux(1721804).%1
2 seconds idle
. . .
On since Wed Jan 15 13:48 (CST) on pts/7 from tmux(1721804).%4
13 days 21 hours idle
On since Fri Jan 17 11:40 (CST) on pts/11 from :0
11 days 23 hours idle
(messages off)
No mail.
Plan:
Write more Hackaday!
Sounds like a good plan.

In the 1980s, it seemed like finger would be around forever. But network tech can go from ubiquitous to forgotten in a flash. Just like UUCP in our last installment.

Featured image: The incredibly wittily titled “Left Index Finger” by Pixabay.

hackaday.com/2025/01/30/forgot…

A few years ago [Brian McCafferty] created a nice big RGB LED panel in a poster frame that aimed to be easy to move, program, and display. We’d like to draw particular attention to one of his construction methods. On the software end of things there are multiple ways to get images onto a DIY RGB panel, but his assembly technique is worth keeping in mind.
The diameter of ping pong balls is a mismatch for the spacing of LEDs on a strip. The solution? A bit of force.
The technique we want to highlight is not the fact that he used table tennis balls as the diffusers, but rather the particular manner in which he used them. As diffusers, ping-pong balls are economical and they’re effective. But you know what else they are? An inconvenient size!

An LED strip with 30 LEDs per meter puts individual LEDs about 33 mm apart. A regulation ping-pong ball is 40 mm in diameter, making them just a wee bit too big to fit nicely. We’ve seen projects avoid this problem with modular frames that optimize spacing and layout. But [Brian]’s solution was simply to use force.

Observing that ping-pong balls don’t put up much of a fight and the size mismatch was relatively small, he just shoved those (slightly squashy) 40 mm globes into 33 mm spacing. It actually looks… perfectly fine!

We suspect that this method doesn’t scale indefinitely. Probably large displays like this 1200 pixel wall are not the right place to force a square peg into a round hole, but it sure seemed to hit the spot for his poster-sized display. Watch it in action in the video below, or see additional details on the project’s GitHub repository.

youtube.com/embed/zc0501GzpMw?…

hackaday.com/2025/01/30/rgb-le…

in occasione del SecurityBarcamp, l’evento dedicato agli scenari di cybercrime e di cybersecurity che ha visto la partecipazione dell’Agenzia per la Cybersicurezza Nazionale, Ansaldo e Aruba.

Milano, 30 gennaio 2025 – Nel 2025 gli attacchi informatici che sfruttano l’intelligenza artificiale diventeranno sempre più personalizzati e colpiranno attraverso truffe e attacchi di phishing altamente sofisticati. I cybercriminali utilizzeranno le informazioni trafugate online per addestrare i LLM a imitare gli utenti e sferrare così attacchi sempre più difficili da distinguere e prevenire, dando via al fenomeno che potrebbe caratterizzare l’anno, quello dei “malicious digital twins, i gemelli digitali cattivi”. I dati emergono dall’ultimo report Trend Micro, leader globale di cybersecurity, sulle minacce informatiche che caratterizzeranno il 2025, dal titolo “The Easy Way In/Out: Securing The Artificial Future”.

Lo studio è stato rilasciato durante l’evento #SecurityBarcamp, l’approfondimento annuale dedicato agli scenari di cybercrime e di cybersecurity di Trend Micro, diventato ormai un importante e tradizionale momento di condivisione tra prestigiosi enti pubblici e privati, che collaborano per il mantenimento della sicurezza a livello di sistema Paese.

In questa edizione, i rinomati e autorevoli ospiti sono stati: Gianluca Galasso, Direttore del Servizio Operazioni/ CSIRT Italia, Agenzia per la Cybersicurezza Nazionale (ACN), Ivan Monti, CISO Ansaldo, David Neumarker, CISO Aruba S.p.A, oltre ad Alessio Agnello, Technical Director Trend Micro Italia, Marco Balduzzi, Presidente No Hat e Technical Research Lead Trend Micro e Alessandro Fontana, Country Manager Trend Micro Italia.

Indicazioni emerse durante i lavori

“L’IA è un potente strumento a doppio taglio. Da un lato, può migliorare notevolmente la sicurezza informatica, automatizzando la detection di minacce e rispondendo più rapidamente agli attacchi. Dall’altro, può essere utilizzata per creare attacchi più sofisticati. E può essere addestrata a creare malware altamente personalizzati e difficili da rilevare, oppure generare tentativi di phishing estremamente convincenti e Deepfakes difficili da riconoscere. Ci vorrà ancora qualche tempo prima di capirne il potenziale nel campo della cybersicurezza. Per ora è fondamentale impegnarsi a sviluppare sistemi di IA sicuri e affidabili, e capire come utilizzarli per difendersi dagli attacchi basati sull’IA stessa.

Per questo in ACN abbiamo già avviato dei programmi per utilizzare l’IA con l’HPC per anticipare la minaccia cibernetica”. Dichiara Gianluca Galasso, Direttore del Servizio Operazioni/ CSIRT Italia, Agenzia per la Cybersicurezza Nazionale (ACN).

“Crediamo fermamente che l’information sharing sia un pilastro fondamentale per rafforzare la resilienza del Sistema Paese, soprattutto in un contesto in cui le minacce informatiche sono sempre più sofisticate e interconnesse. La direttiva NIS2 sottolinea l’importanza della cooperazione tra settore pubblico, privato e piccole e medie imprese, riconoscendo che la condivisione tempestiva delle informazioni di sicurezza è essenziale per prevenire, mitigare e rispondere efficacemente agli incidenti. Per questo, favorire una cultura basata sulla fiducia e sulla collaborazione è oggi più che mai una necessità strategica per proteggere il nostro tessuto economico e digitale”. Precisa Ivan Monti, CISO Ansaldo.

“Il Security Barcamp di Trend Micro rappresenta un’importante occasione per condividere conoscenze e strategie contro le nuove minacce cibernetiche. Le evoluzioni tecnologiche, come l’intelligenza artificiale generativa, hanno ampliato le opportunità per i cybercriminali, rendendo fondamentale un ulteriore adeguamento a tutti i livelli e rimarcando l’importanza di un approccio collaborativo tra pubblico e privato. Come fornitore ICT offriamo supporto concreto alle PMI, con servizi e soluzioni IT e di sicurezza, al passo per fronteggiare le nuove sfide connesse alla trasformazione digitale. Collaboriamo attivamente con enti come l’ACN e ci allineiamo alle normative europee, come la NIS2, abilitando i nostri clienti a raggiungerne gli obiettivi di compliance.” Sottolinea David Neumarker, CISO Aruba S.p.A.

“L’intelligenza artificiale generativa è sempre più diffusa sia nelle aziende, sia nella società. Questo richiede un’attenzione costante alle nuove minacce, spingendo le organizzazioni a focalizzarsi sull’individuazione e la neutralizzazione di attacchi sempre più sofisticati e sulla prevenzione della manipolazione degli agent AI”. Afferma Alessandro Fontana, Country Manager di Trend Micro Italia.

Le previsioni Trend Micro per il 2025

Cybercriminali e AI: arrivano i gemelli digitali cattivi e truffe sempre più personalizzate

A causa del loro grande potenziale, i deepfake sono destinati a diventare la più grande minaccia legata all’intelligenza artificiale e verranno utilizzati per rendere sempre più credibili truffe già popolari e basate sull’ingegneria sociale. I cybercriminali useranno anche LLM addestrati sui post pubblici di una persona per imitare lo stile di scrittura e la personalità, creando delle imitazioni convincenti che prenderanno di mira nuove vittime inconsapevoli, dando via al fenomeno dei malicious digital twins, i gemelli digitali cattivi. I cybercriminali creeranno anche dei falsi dipendenti per attaccare le aziende in nuove truffe Business Email Compromise (BEC) e si avvarranno anche di dati biometrici esposti involontariamente, oltre che di video e audio. Anche gli stessi sistemi di intelligenza artificiale potranno essere manipolati per compiere azioni dannose o non autorizzate e per creare kit di phishing personalizzati su misura, rendendo l’underground cybercriminale sempre più efficiente. Per gli utenti, diventerà sempre più difficile comprendere la veridicità e la legittimità dei contenuti creati online attraverso l’intelligenza artificiale.

AI e aziende: l’automazione nasconderà i difetti agli occhi umani

Nel momento in cui l’intelligenza artificiale inizierà a utilizzare strumenti e computer aziendali in modo autonomo, creerà una catena di eventi e interazioni invisibili agli operatori umani. Questa mancanza di visibilità può essere un problema di sicurezza, poiché sarà difficile monitorare e controllare le azioni dell’AI in tempo reale.

Le aziende saranno esposte a maggiori vulnerabilità, dovute anche alla possibile divulgazione di informazioni sensibili da parte degli LLM durante le interazioni con dipendenti e clienti. I cybercriminali potrebbero anche impossessarsi di agenti di intelligenza artificiale per compiere attività dannose. Il consumo delle risorse di sistema da parte degli agenti AI, sia benigni sia dannosi, potrà anche portare alla negazione di un servizio quando le risorse sono sopraffatte.

Attacchi APT a impatto massimo: gruppi criminali avanzati colpiranno il cloud e le supply chain

Nel 2024, gruppi di cybercriminali legati a organizzazione statali come Lazarus, Turla e Pawn Storm sono stati particolarmente attivi e potrebbero aumentare le loro attività nel 2025. Questi gruppi continueranno a concentrarsi sulla sottrazione di informazioni diplomatiche e di tecnologie militari, oltre a colpire le supply chain per massimizzare l’impatto dei loro attacchi.

Nuove Vulnerabilità colpiranno la gestione della memoria e il settore automotive

Le vulnerabilità nella gestione della memoria, come le scritture/letture fuori limite e i bug di corruzione continueranno a essere tra gli strumenti preferiti dei cybercriminali. La sicurezza diventerà sempre più fondamentale anche nelle innovazioni legate al settore della mobilità, dove c’è ancora molta strada da percorrere. La standardizzazione delle diverse piattaforme potrebbe permettere alle vulnerabilità di diffondersi su più modelli e coinvolgere molti produttori, obbligando a richiami su larga scala o aggiornamenti software urgenti. I cybercriminali potrebbero accedere ai sistemi di bordo dei veicoli, rubare informazioni sui pagamenti e interrompere le ricariche delle auto elettriche, ad esempio. Disattivando freni e sterzo, si potrebbero avere anche conseguenze fisiche per i guidatori e pedoni.

I Ransomware sfrutteranno sempre di più le vulnerabilità

Nel 2024 sono aumentati i gruppi ransomware che sfruttavano strumenti legittimi per l’esfiltrazione dei dati, collezionare credenziali e replicarle, con l’obiettivo di effettuare movimenti laterali e guadagnare privilegi. Questo trend continuerà anche nel 2025 e gli attacchi ransomware sfrutteranno sempre più spesso vulnerabilità o account compromessi, a discapito di tattiche più tradizionali legate al phishing. Gli attacchi ransomware potrebbero anche spostarsi verso modelli di business che non necessitano più di crittografia.

Gli attacchi di malvertising saranno più efficienti

Le informazioni raccolte dagli infostealer sono molto utili per i cybercriminali e i gruppi ransomware continueranno a utilizzare i dati, come gli account utente raccolti dagli infostealer, nei loro attacchi. Anche per questo, le minacce legate al malvertising, già sotto i riflettori a causa della loro diffusione e proliferazione, continueranno nel 2025.

In risposta a minacce sempre più pericolose e all’espansione della superficie d’attacco nelle aziende, queste le raccomandazioni Trend Micro:

• Implementare un approccio alla sicurezza informatica basato sul rischio, che abiliti un’identificazione delle risorse a livello centrale e un’efficace valutazione, assegnazione delle priorità e mitigazione del rischio
• Sfruttare l’intelligenza artificiale per beneficiare di informazioni sulle minacce, gestire i profili delle risorse, prevenire il percorso di un attacco e avere indicazioni per la risoluzione, idealmente da un’unica piattaforma
• Formare e sensibilizzare gli utenti sui recenti progressi dell’intelligenza artificiale e il modo in cui questa potrebbe favorire la criminalità informatica
• Monitorare e proteggere l’intelligenza artificiale dagli abusi, compresa la sicurezza per la convalida degli input e delle risposte o delle azioni generate dall’intelligenza artificiale
• Per la sicurezza LLM: rafforzare gli ambienti sandbox, implementare una rigorosa convalida dei dati e difese multilivello contro attività di injection
• Comprendere la posizione dell’organizzazione all’interno della supply chain, affrontare le vulnerabilità nei server rivolti al pubblico e implementare difese a più livelli all’interno delle reti interne
• Facilitare la visibilità end-to-end sugli agenti AI
• Implementare la previsione del percorso di attacco per mitigare le minacce cloud

Ulteriori informazioni sono disponibili a questo link

Di più su Trend Micro

Trend Micro, leader globale di cybersecurity, è impegnata a rendere il mondo un posto più sicuro per lo scambio di informazioni digitali. Con oltre 30 anni di esperienza nella security, nel campo della ricerca sulle minacce e con una propensione all’innovazione continua, Trend Micro protegge oltre 500.000 organizzazioni e milioni di individui che utilizzano il cloud, le reti e i più diversi dispositivi, attraverso la sua piattaforma unificata di cybersecurity. La piattaforma unificata di cybersecurity Trend Vision One™ fornisce tecniche avanzate di difesa dalle minacce, XDR e si integra con i diversi ecosistemi IT, inclusi AWS, Microsoft e Google, permettendo alle organizzazioni di comprendere, comunicare e mitigare al meglio i rischi cyber. Con 7.000 dipendenti in 65 Paesi, Trend Micro permette alle organizzazioni di semplificare e mettere al sicuro il loro spazio connesso. www.trendmicro.com

L'articolo Trend Micro Svela le Minacce IT 2025: AI Malevole, Deepfake, APT e Minacce Automotive in Aumento proviene da il blog della sicurezza informatica.

In the mid 1980s, there was a rash of 16-bit computers entering the market. One of them stood head and shoulders above the rest: Commodore’s Amiga 1000. It had everything that could reasonably be stuffed into a machine of the period, and multimedia capabilities the rest wouldn’t catch up on for years. [Celso Martinho] has managed to secure one of those first machines, and has shared his tale of bringing it back to life.

The post is as much a love letter to the Amiga and review of A1000 peripherals as it is a restoration, which makes it a good read for retrocomputing enthusiasts. He recapped it and it wouldn’t boot, the solution of which turned out to be a reminder for the rest of us.

The machine had a RAM upgrade in the form of a daughterboard under the processor, its pins had weakened the leaves of the processor socket so it wouldn’t make contact. So don’t forget to replace sockets as well as capacitors.

The resulting machine is much faster thanks to a modern upgrade with a much quicker processor, memory, and an SD card for storage. He goes into some of the other upgrades available today, all of which would have had early-1990s-us salivating. It’s fair to say that in 2025 an A1000 is more 40-year-old curio than useful modern computer, but we can’t fail to admit to a bit of envy. The Amiga holds a special affection, here.

hackaday.com/2025/01/30/lesson…

Introduction

Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples. The primary targets of the campaign are users in Malaysia and Brunei, with Malaysia being the most affected country.

Our investigation suggests that this campaign is likely operated by an Indonesian-speaking threat actor, as we found artifacts written in the Indonesian language, namely several unique strings embedded in the malware and the naming pattern of the Telegram bots that are used for hosting C2 servers.

Our findings, in a nutshell, are as follows:

• Tria Stealer collects victims’ SMS data, tracks call logs, messages (for example, from WhatsApp and WhatsApp Business), and email data (for example, Gmail and Outlook mailboxes).
• Tria Stealer exfiltrates the data by sending it to various Telegram bots using the Telegram API for communication.
• The threat actor then exploits this data to hijack personal messaging accounts, impersonate account owners to request money transfers from the victims’ contacts, and compromise accounts with other services.

Kaspersky products detect this threat as
HEUR:Trojan-Spy.AndroidOS.Agent.*.

Technical details

Background

We detected several APK samples tagged as
Trojan-Spy.AndroidOS.Agent and originating from Malaysia and Brunei in our Kaspersky Security Network (KSN) telemetry and on third-party multi-antivirus platforms.
Further investigation revealed multiple posts by Malaysian Android users on social media platforms like X and Facebook discussing a scam campaign involving malicious APKs and WhatsApp hijacking. Our analysis indicates that this campaign has been ongoing since March 2024, with the threat actor consistently using a wedding invitation theme to lure victims into installing the malicious app. We discovered two versions of malicious APKs, with the first one initially detected in March 2024, and the second one in August of the same year. The newer sample was slightly upgraded with additional functionality and adjusted wording in messages that were sent to Telegram bots.

We named this malware “Tria Stealer” after the username found in all APK samples in the message that is sent to the C2 server during the initial execution of the malware, which states, “Having any issues? Contact me at ‘https://t[.]me/Mr_tria'”. This suggests that “Mr Tria” may be the support contact or the individual in charge of the campaign.

Overview of the Tria Stealer campaign

According to our observations, the threat actor uses stolen messages and emails to obtain security codes for hijacking their victims’ WhatsApp and Telegram accounts which will be used for distributing the malicious APK to the victims’ contacts. Not only that, but our researchers also have observed that the threat actor takes advantage of the hijacked WhatsApp and Telegram accounts to impersonate their owners, asking the targets’ contacts to transfer money to the actor’s bank accounts.

Besides WhatsApp and Telegram accounts, the threat actor was also able to take over and sign in to the victims’ accounts with other services by requesting transaction authorization codes (TACs) and one-time passwords (OTPs) for the relevant platforms, and then accessing the security codes in the text messages which they intercepted.

Delivery method

The threat actor distributes the APK via personal and group chats in Telegram and WhatsApp, using messages that invite recipients to a wedding and require them to install the APK to view an invitation card.

Delivery through a compromised WhatsApp account (on the left) and through a compromised Telegram account (on the right)

First-time execution

When the malicious Android app is installed, it checks whether it is being opened for the first time via the
IntroActivity function, which is triggered only during the initial app launch. The app also retrieves the Boolean value associated with the key firstStart in the SharedPreferences object. If this key does not exist, the default value true is returned, meaning it’s the first time the app has been opened.
In that case, the malware requests the
android.permission.RECEIVE_SMS permission to gain access to read newly received SMS messages. The app mimics a system settings app with a gear icon to trick the victim into thinking that the request and the app itself are legitimate.
Once the user grants the required permission, they are presented with a custom dialog prompting them to enter their phone number.

Custom dialog box prompts for a phone number (new version on the left, earlier version on the right)

After the victim enters their phone number and clicks “Next”, this number along with the device’s brand and model is collected and assembled into a string to be later sent to a C2. A message with Mr. Tria’s contact is also added to this string.

Building the required strings before sending them to the bot

The malware then communicates with the
SendMessage Telegram API to send the collected information to one of the threat actor’s Telegram bots, as shown below.

Sending messages to the bot

In most cases we’ve seen in this campaign, the attackers used a different Telegram bot for each sample, although we managed to find a few that shared the same Telegram bot.

Meanwhile, the app updates its SharedPreferences object to record the fact that it has been opened before, preventing it from starting with the
IntroActivity function again on subsequent launches.

Main activity

After completing the initial execution flow, or whenever the app is opened again, the main activity of Tria Stealer is invoked using an intent.

During this process, the app requests all permissions declared in its manifest:

1. android.permission.READ_SMS;
2. android.permission.RECEIVE_SMS;
3. android.permission.INTERNET;
4. android.permission.ACCESS_NETWORK_STATE;
5. android.permission.READ_PHONE_STATE;
6. android.permission.READ_CALL_LOG;
7. android.permission.SYSTEM_ALERT_WINDOW;
8. android.permission.WAKE_LOCK;
9. android.permission.RECEIVE_BOOT_COMPLETED;
10. android.permission.FOREGROUND_SERVICE.

These permissions allow the malware to access messaging and calls data and collect other information, such as the network state.

In newer variants, an additional permission,
android.permission.BIND_NOTIFICATION_LISTENER_SERVICE, is declared in the manifest. This permission is utilized to intercept messages and emails via notifications.
The app then sends a message to the Telegram bot, indicating that the malicious app has been opened by the victim, thus notifying the attackers.

Building strings indicating the malicious app is opened

Moreover, in this main activity, the app runs a background service designed to open the built-in system settings app using an intent. This occurs when the victim opens the app, convincing the victim that they are accessing the legitimate system settings.

SMS and call monitor

In all samples and variants of Tria Stealer, the malicious APK utilizes the
BroadcastReceiver function to monitor new incoming messages and call activities through two components named SMSMonitor and CallMonitor. SMSMonitor captures SMS information, including the message content, sender’s phone number, and SIM slot details. CallMonitor tracks incoming call activities and, like SMSMonitor, extracts such details as the caller’s phone number and SIM slot (for dual SIM devices). The malware also collects additional details, including the current battery level of the victim’s phone, which is possible to do via either of these components.
Then the sample processes all collected data and combines it into a single message to send to the Telegram bot.

Building strings for retrieving SMS content

The threat actor uses this activity mostly to take over WhatsApp, Telegram or other accounts by reading SMS messages containing OTP/TAC codes.

App messages and mail stealer

In the newer variant of Tria Stealer, we discovered that the threat actor had developed an additional feature to steal personal messages and emails from the packages related to a number of apps, including the following:

The threat actor steals messages by intercepting notifications from these apps. The
onNotificationPosted function in a custom class named AppNotificationListener is triggered whenever a new notification is posted by one of the targeted apps.

onNotificationPosted function

Once a notification is received, the malware retrieves the app name that matches the
packageName property of the notification. If the app is not recognized, it is labeled as “Unknown App”. Then the malware proceeds to extract the notification content and combines it with the app and contact names, device information (brand and model), and the target phone number into a formatted string. Once generated, this string is sent as a message to the Telegram bot.

Building a message to be sent to the bot

As suggested by our observations, the threat actor creates and uses separate Telegram bots for handling different types of stolen data. One bot is used for collecting texts from messaging apps and emails, while another handles SMS data. As a result, newer variants of the malware include two Telegram bot token IDs.

Account takeover

The threat actor’s main goal is to get full access to victims’ WhatsApp and Telegram accounts. Once compromised, these accounts are used for two main purposes:

1. Distributing the malicious APK to the targets’ contacts through group chats and direct messages, thereby expanding the pool of victims.
2. Impersonating the account owners to request money transfers from their contacts to the threat actor’s bank account.

Furthermore, we assume that by intercepting SMS messages, the threat actor was also able to sign in to various platforms using the victims’ accounts to inflict further damage.

The stolen information also could be exploited for other malicious activities, such as accessing online banking accounts, resetting passwords for specific platforms, or compromising services that rely on instant message or email authentication.

Attribution

We assume with high confidence that the threat actor is Indonesian-speaking, because some strings included in the messages sent to the Telegram bot are written in Indonesian, for example: “APLIKASI DI BUKA LAGI” (translated as “APPLICATION REOPENED”).

Victimology

In this campaign, we did not observe any specific targeting of individual users. However, the threat actor focuses on individuals in Malaysia and Brunei. We saw a spike in the number of detects in mid-2024, but Tria Stealer continues to be detected in January 2025.

Different campaign from UdangaSteal

In 2023 and early 2024, our researchers observed a very similar campaign under the detection name
HEUR:Trojan-Banker.AndroidOS.UdangaSteal, primarily targeting victims in Indonesia, Malaysia and India to steal SMS data and exfiltrate it to Telegram bots hosted as a C2. In this campaign, the threat actor heavily targeted Indonesian and Indian victims and utilized various lure themes, including the following:

• wedding invitations;
• parcel delivery;
• credit card transactions;
• government job offers;
• religious events;
• annual tax charges;
• customer support;
• electricity bills;
• government initiatives for farmers;
• vehicle registration system for Indian users.

However, we are not attributing the current Tria Stealer campaign to the same threat actor associated with UdangaSteal, as the APK code between the two malware campaigns looks different, the Telegram bot naming patterns are also different, and the victimology varies compared to this UdangaSteal malware campaign. Moreover, in the Tria Stealer campaign, the threat actor upgraded their malware to not only steal SMS messages but also to target personal communications, including data from WhatsApp and email apps. This contrasts with the UdangaSteal malware, where the threat actor consistently used the same tactics from its rise in 2023 till late 2024 without any changes.

Conclusion

The Tria Stealer campaign remains active, targeting more victims in Malaysia and Brunei. The attackers employ phishing techniques to spread the APK, allowing them to spy on victims’ personal messages and emails. According to our observations, the threat actor uses the stolen data to obtain security codes for hijacking victims’ WhatsApp and Telegram accounts which will be used for distributing the malicious APK to the targets’ contacts. Accessing security codes also could enable the attackers to take over and log in to victims’ other online accounts to extend the scope of their malicious activities.

We assess with medium confidence that the threat actor will likely continue targeting users in Malaysia and Brunei in the near future, aiming to hijack new WhatsApp and Telegram accounts and take over accounts with other services to pursue malicious activities. To protect against such threats, we strongly advise against installing apps from untrusted sources and recommend using reliable security solutions for mobile devices.

Indicator of Compromises

Tria Stealer

File hashes

Telegram bots

UdangaSteal

File hashes

daa30cd6699c187bb891448b89be1340
162ed054914a8c71ad02126693c40997
9698fa3e7e64272ff79c057e3b8be5d8
9a0147d4c9d6ed3be82825ce35fdb4ee
e4da1332303b93f11d40787f7a79b917
4ff2572a40300c0cce4327ec34259902

securelist.com/tria-stealer-co…

DeepSeek, recentemente salita alla ribalta per il suo modello di ragionamento avanzato DeepSeek-R1, è stata elogiata per la sua efficienza e il rapporto costo-efficacia, posizionandosi come un competitor diretto di OpenAI.

Tuttavia, questa esposizione mette in luce le criticità nella protezione dei dati in un settore in rapida espansione, dove la sicurezza sembra non sempre tenere il passo con l’innovazione.

I ricercatori di Wiz Research hanno rilevato una grave vulnerabilità di sicurezza ha colpito DeepSeek, una delle startup cinesi più promettenti nel campo dell’intelligenza artificiale, esponendo un database ClickHouse accessibile pubblicamente.

Il database conteneva oltre un milione di righe di log sensibili, tra cui registri di chat, chiavi API, dettagli di backend e metadati operativi, sollevando serie preoccupazioni sulle pratiche di sicurezza delle aziende AI emergenti.

BREAKING: Internal #DeepSeek database publicly exposed 🚨

Wiz Research has discovered "DeepLeak" – a publicly accessible ClickHouse database belonging to DeepSeek, exposing highly sensitive information, including secret keys, plain-text chat messages, backend details, and logs. pic.twitter.com/C7HZTKNO3p
— Wiz (@wiz_io) January 29, 2025

Il database, ospitato su oauth2callback.deepseek.com:9000e dev.deepseek.com:9000, consentiva un accesso illimitato, consentendo agli utenti non autorizzati di eseguire query SQL e di visualizzare dati interni sensibili.

I ricercatori hanno utilizzato tecniche di ricognizione standard per mappare la superficie di attacco esterna di DeepSeek, identificando inizialmente circa 30 sottodomini. Mentre la maggior parte dei sottodomini sembravano essere host di routine di interfacce di chatbot, pagine di stato e documentazione, ulteriori indagini hanno rivelato due porte aperte (8123 e 9000) che conducevano al database ClickHouse nei seguenti host.

• oauth2callback.deepseek.com:81…
• dev.deepseek.com:8123
• oauth2callback.deepseek.com:90…
• dev.deepseek.com:9000

ClickHouse è un database open source ampiamente utilizzato, progettato per elaborare grandi set di dati in tempo reale. La sua interfaccia HTTP ha consentito ai ricercatori l’accesso ed eseguire comandi SQL, rivelando l’elenco completo delle tabelle archiviate nel database.

Tra questi, la log_streamtabella si distingueva perché conteneva dati altamente sensibili, tra cui registri di conversazioni in chiaro, segreti API e dettagli sui servizi back-end.

La mancanza di autenticazione sul database non solo consentiva l’accesso ai dati sensibili, ma forniva anche il pieno controllo sul database stesso. Wiz Research ha prontamente informato DeepSeek, che ha rapidamente messo in sicurezza il database esposto e ha affrontato il problema. L’azienda non ha ancora rilasciato un commento ufficiale sull’incidente.

Questo incidente mette in luce i rischi concreti legati alla rapida adozione dell’intelligenza artificiale, spesso trascurati a favore di minacce più futuristiche come la manipolazione dei modelli o gli attacchi avversari. La violazione di DeepSeek dimostra che le falle nella sicurezza delle infrastrutture rappresentano una minaccia immediata e tangibile.

“Mentre le organizzazioni corrono per adottare l’intelligenza artificiale, i framework di sicurezza progettati per salvaguardare i dati sensibili vengono spesso trascurati”, ha affermato un portavoce di Wiz Research. “Questo incidente funge da campanello d’allarme per l’intero settore”.

L’esposizione accidentale di dati sensibili non è solo un problema per la singola azienda coinvolta, ma ha implicazioni più ampie sulla fiducia nell’intero ecosistema AI. Senza misure di sicurezza robuste, il rischio di compromettere informazioni proprietarie e dati degli utenti rimane elevato.

Man mano che le tecnologie AI si integrano nei settori più critici dell’economia, le startup e le aziende consolidate devono dare priorità alla sicurezza fin dalla progettazione delle loro infrastrutture. Questo caso non è solo un avvertimento per DeepSeek, ma un segnale per l’intera industria: innovare senza sicurezza significa esporsi a vulnerabilità potenzialmente devastanti.

L'articolo DeepSeek è stata Hackerata! Esposta una grave falla di sicurezza nel database dell’AI proviene da il blog della sicurezza informatica.

I ricercatori di sicurezza di watchTowr Labs hanno rilasciato all’interno del loro canale telegram un Proof Of Concept per lo sfruttamento della vulnerabilità CVE-2024-55591 classificata “Critical” con uno score di 9.6.

Questa vulnerabilità di tipo Authentication Bypass, sfruttabile su FortiOS e FortiProxy non aggiornati, consente ad un attaccante di guadagnare privilegi di super-admin tramite richieste al modulo websocket Node.js.

La CVE è riconosciuta da Fortinet sul proprio sito Product Security Incident Response Team (PSIRT) dove potete trovare gli IOC (indicatori di compromissione), i metodi di mitigazione e la tabella delle versioni di FortiOS e FortiProxy vulnerabili.

I ricercatori di watchTowr hanno condotto un’analisi dettagliata della vulnerabilità e come riportato sul loro blog di sicurezza, hanno dimostrato la fattibilità tecnica di poter guadagnare i privilegi di super-admin su un dispositivo vulnerabile; ha supporto di quanto analizzato hanno pubblicato su GitHUB uno POC scritto in Python per sfruttare la vulnerabilità.

Sempre sul repository GitHUB di watchTowrLABS i ricercatori mettono a disposizione uno script Python per la verifica se un Fortigate o un FortiProxy siano vulnerabili alla CVE-2024-55591.

Le raccomandazioni del produttore ma in generale le best practies sono sempre le stesse: disabilitare l’accesso pubblico all’interfaccia amministrativa del firewall, limitarne l’accesso con ACL o filtro su IP sorgenti, monitorare gli avvisi di sicurezza e applicare le patch e gli aggiornamenti.

ArticWolfLabs già a dicembre 2024 aveva osservato attività sospette sui firewall Fortinet esposti su internet dove i therad actors riuscivano ad avere accesso alle interfacce di management e modificare le configurazione dei firewall. Il 14 gennaio 2025 Fortinet conferma la vulnerabilità.

L’entità del problema non è da sottovalutare al 20 Gennaio 2025 Shadowserver Fondation rileva che nel mondo ci sono circa 50.000 esposti e vulnerabili.

Riferimenti:

• WATCHTOWRLABS: labs.watchtowr.com/get-fortire…
• ARTICWOLFLABS: arcticwolf.com/resources/blog/…
• FORTINET PSIRT: fortiguard.com/psirt/FG-IR-24-…
• GITHUB POC: github.com/watchtowrlabs/forti…
• GITHUB DETECTION TOOL: github.com/watchtowrlabs/forti…

L'articolo Vulnerabilità Critica su FortiOS e FortiProxy: Rilasciate PoC di sfruttamento proviene da il blog della sicurezza informatica.

L’FBI ha sequestrato tre dei principali forum di hacking e criminalità informatica: Nulled.to, Cracked.to e Cracked.io, nell’ambito di un’operazione mirata ai facilitatori del cybercrime. Oltre a questi, le autorità hanno rimosso altri tre domini — StarkRDP.io, Sellix.io e MySellix.io — reindirizzando i loro record DNS ai server dell’FBI.

Ota tali siti un banner con la dicitura: “Questo sito web è stato sequestrato”. Gli avvisi fanno riferimento a un’operazione denominata “Operation Talent”, un’iniziativa internazionale delle forze dell’ordine guidata dall’FBI e supportata da Europol, la Polizia Postale Italiana, la Polizia Federale Australiana e l’Ufficio Federale di Polizia Criminale tedesco.

L’operazione, avviata il 29 gennaio 2025, ha portato al sequestro di diversi domini noti per ospitare attività illecite, tra cui la distribuzione di software craccato, credenziali rubate e strumenti di hacking.

StarkRDP.io, ad esempio, offriva servizi di hosting virtuale per server Windows e Linux, ma veniva anche sfruttato da cybercriminali per ospitare truffe e attacchi informatici.

Gli amministratori di Cracked.to hanno confermato il sequestro tramite il loro canale Telegram, descrivendo l’evento come “un giorno davvero triste per la nostra comunità”.

Nel loro messaggio, hanno dichiarato di essere in attesa di documentazione ufficiale da parte del data center e del registrar del dominio, suggerendo che potrebbero tentare di riemergere su un nuovo dominio.

Al momento, non è chiaro se siano stati effettuati arresti. Tuttavia, il fatto che gli amministratori di Cracked.to risultino ancora attivi indica la possibilità che il forum possa riapparire sotto un’altra identità.

Né l’FBI né altre agenzie statunitensi hanno ancora rilasciato un comunicato ufficiale in merito ai sequestri.

L'articolo L’FBI Demolisce il Cybercrime: Sequestrati Cracked.io, Nulled.to e altri ancora! proviene da il blog della sicurezza informatica.

VFDs — vacuum fluorescent displays — have a distinctive look, and [Anthony Francis-Jones] is generally fascinated with retro displays. So, it makes sense that he’d build a VFD project as an excuse to explain how they work. You can see the video below.

VFDs are almost miniature CRTs. They are very flexible in what they display and can even use color in a limited way. The project [Anthony] uses as an example is an indicator to show the video number he’s currently making.

The glass display is evacuated and, like a tube, has a getter to consume the last of the gas. There’s a filament that emits electrons, a grid to control their flow, and anodes coated with a fluorescent material. Unlike a regular tube, the filaments have to operate cool so they don’t glow under operation.

When the grid is positive, and the anode is also positive, that anode will glow. The anodes can be arranged in any pattern, although these are made as seven-segment displays. The filament on the tubes in this project runs on 1.5V, and the anodes need about 25V.

The project itself is fairly simple. Of course, you need a way to control the 25V anode and grid voltages, but that’s easy enough to do. It is possible to make VFDs in unusual character shapes. They work well as light sources for projection displays, too.

youtube.com/embed/FH6LzV8FaEw?…

hackaday.com/2025/01/29/inside…

Guanella Impedance Transformer. (Credit: FesZ Electronics)
Even before entering the mystical realms of UHF design, radio frequency (RF) circuits come with a whole range of fun design aspects as well. A case in point can be found in transmission line transformers, which are commonly used in RF power amplifiers, with the Guanella transformer (balun) being one example. Allowing balanced and unbalanced (hence ‘balun’) systems to interface without issues, they’re both very simple and very complex. This type of transformer and its various uses is explained in a video by [FesZ Electronics], and also the subject of an article by [Dr. Steve Arar] as part of a larger series, the latter of which is recommended to start with you’re not familiar with RF circuitry.

Transmission line transformers are similar to regular transformers, except that the former relies on transmission line action to transfer energy rather than magnetic flux and provides no DC isolation. The Guanella balun transformer was originally described by Gustav Guanella in 1944. Beyond the 1:1 balun other configurations are also possible, which [Dr. Arar] describes in a follow-up article, and which are also covered in the [FesZ] video, alongside the explanation of another use of Guanella transformers: as an impedance transformer. This shows just how flexible transformers are once you can wrap your mind around the theory.

We have previously covered RF amplifier builds as well as some rather interesting balun hacks.

Heading image: The Guanella 1:1 balun. (Credit: Steve Arar)

youtube.com/embed/QAYaetJ1dvM?…

hackaday.com/2025/01/29/using-…

Let’s face it—seeing a good tool go to waste is heartbreaking. So when his cordless drill’s motor gave up after some unfortunate exposure to the elements, [Chaz] wasn’t about to bin it. Instead, he embarked on a brave journey to breathe new life into the machine by swapping its dying brushed motor for a sleek brushless upgrade.

Things got real as [Chaz] dismantled the drill, comparing its guts to a salvaged portable bandsaw motor. What looked like an easy swap soon became a true hacker’s challenge: incompatible gear systems, dodgy windings, and warped laminations. Not discouraged by that, he dreamed up a hybrid solution: 3D-printing a custom adapter to make the brushless motor fit snugly into the existing housing.

The trickiest part was designing a speed control mechanism for the brushless motor—an impressively solved puzzle. After some serious elbow grease and ingenuity, the franken-drill emerged better than ever. We’ve seen some brushless hacks before, and this is worth adding to the list. A great tool hack and successful way to save an old beloved drill. Go ahead and check out the video below!

youtube.com/embed/7lnhADnFRoQ?…

hackaday.com/2025/01/29/going-…

[Stephen] recently wrote in to share his experiments with using the LimeSDR mini to conduct a bit of piracy on the airwaves, and though we can’t immediately think of a legitimate application for spamming the full FM broadcast band simultaneously, we can’t help but be fascinated by the technique. Called the Taylorator, as it was originally intended to carpet bomb the dial with the collected works of Taylor Swift on every channel, the code makes for some interesting reading if you’re interested in the transmission-side of software defined radio (SDR).

The write-up talks about the logistics of FM modulation, and how quickly the computational demands stack up when you’re trying to push out 100 different audio streams at once. It takes a desktop-class CPU to pull it off in real-time, and eats up nearly 4 GB of RAM.

You could use this project to play a different episode of the Hackaday Podcast on every FM channel at once, but we wouldn’t recommend it. As [Stephen] touches on at the end of the post, this is almost certainly illegal no matter where you happen to live. That said, if you keep the power low enough so as not to broadcast anything beyond your home lab, it’s unlikely anyone will ever find out.

peertube.scd31.com/videos/embe…

hackaday.com/2025/01/29/taylor…

This week, Jonathan Bennett, Doc Searls, and Jeff Massie talk about Deepseek, technical solutions to Terms of Service abuse, and more!

youtube.com/embed/p0qZD52pcv8?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/01/29/floss-…

Bambu Labs have been in the news lately. Not because of the machines themselves, but because they are proposing a firmware change that many in our community find restricts their freedom to use their own devices.

What can be done? [Joshua Wise] gave a standout talk on the Design Lab stage at the 2024 Hackaday Superconference where he told the tale of his custom firmware for the Bambu X1 Carbon. He wasn’t alone here; the X1 Plus tale involves a community of hackers working on opening up the printer, but it’s also a tale that hasn’t ended yet. Bambu is striking back.

youtube.com/embed/K4pZ93Ag4UM?…

Classics of Getting Root

But first, the hacks. It took three and a half attacks to get the job done. The Bambu looks like a Linux machine, and it does everything over HTTPS, so that’s a difficult path. But the Bambu slicer software speaks to the printer over a custom API, and since the slicer can print, it must be able to send files to the printer.

Another hacker named [Doridian] had started working on getting in between the slicer and the printer, and the attack starts as every attack does – typing some keywords from the API into the Internet and finding the “confidential” documentation. Since you can download files using this API, you can start to get some binary files off the system. Bambu patched this one. [Doridian] then tried symlinks on an SD card, which worked for a little while, but Bambu patched this one too. Finally, they tried the old Johnny Droptables trick with a filename of a 3D model. This was also quickly patched.

Then [Joshua] got a message on Superbowl Sunday from a total stranger, [Balosh], who claimed he had a bootrom vulnerability that completely hosed the device because it’s baked into the firmware, and that’s an uncloseable door. [Fabian Masterbroek] wrote a kexec loadable module that lets you boot a second kernel from a running one, but it was written for the wrong platform. [Joshua] wrote the platform driver stuff to enable the swapover, shut everything down, and then reboot into a custom kernel.

What To Do When You Get In?

So [Joshua] was in. Now what to do? What features would you add to your own custom Bambu X1 Carbon firmware? Since it’s a Linux device, you might want a modern kernel, with better WiFi support and USB Ethernet. Maybe some security? An improved filesystem?

Here is a reverse-engineering nugget: The original UI is written in QML, which [Joshua] claims is horrible. He then uses Unicorn Engine, which is a patched QEMU that lets him know where all the function calls go, and shows him the way to, for instance, turn on and off the backlight. Now he could write his own system.

Winning the Battle, Not Yet the War

Word of the hacks got out on the Internets and [Joshua] got in touch with folks at Bambu Labs. They worked to a compromise that allowed Bambu to save face – they would allow people to upload their own firmware to the printers: a great victory for hackers that lets us FTP into the devices and print our own files without going through the cloud. All’s well that ends well?

The talk ends with foreshadowing: a cautionary note from back in November 2024. [Joshua] calls it “unusual” that Bambu would simply say “OK, run your own code”. Vendors gotta be vendors, and he predicts that the cat and mouse games will continue. How right he was! But it looks like the game is, for now at least, back in the mouse’s corner.

hackaday.com/2025/01/29/superc…

Though it is many decades since paper tape was commonly used as a data input or storage medium, it still holds a fascination for many who work with computers. Over the years we’ve featured more than one paper tape related project, and the latest to come out way is [ColemanJW2]’s 8-bit ASCII paper tape generator.

It’s natural to expect when talking about a paper tape generator that a machine of some type will emerge, probably with a large reel of tape, a whirring mechanical punch, and a big box of paper confetti. This one however is different, because it exists in software and produces an SVG file to cut the tape with a laser cutter. Common workshop equipment in 2025, but the stuff of science fiction when paper tape was current.

The software is a Python script, which has a friendly GUI. It applies 8-bit ASCII to the tape, and supports control codes and ANSI escape sequences. There’s a very short demonstration video of a tape being cut, which we’ve placed below the break.

If you make any tapes this way, see if you can find a paper tape event badge to read them.

youtube.com/embed/EPgzjeAySPs?…

hackaday.com/2025/01/29/paper-…

Il 26 gennaio 2025, il Ministero della Difesa italiano è stato bersaglio di un attacco DDoS (Distributed Denial of Service) da parte del Pro-Palestine Hackers Movement (PPHM), un gruppo di hacktivisti noto per colpire istituzioni governative e siti occidentali.

L’attacco, rivendicato dal gruppo su Telegram, è stato attribuito a l collettivo noto come “Mr Hamza”. La schermata condivisa dal gruppo mostra il sito www.difesa.it non accessibile, con l’errore “Ce site est inaccessible”, suggerendo il sovraccarico del server dovuto all’attacco oltre al linkare il checkhost.
Informativa rilevata all’interno del sistema di threat Intelligence di Recorded Future.
Gli attacchi DDoS non alterano i contenuti di un sito, ma ne impediscono l’accesso saturando le risorse del server con un traffico anomalo. Spesso condotti attraverso botnet e strumenti di stress testing, questi attacchi mirano a bloccare i servizi online delle istituzioni colpite.

Defacement del Museo delle Ceramiche Acerbo

Nella stessa giornata, il Museo delle Ceramiche Acerbo, situato a Loreto Aprutino, è stato vittima di un defacement. Questa tecnica di attacco prevede la sostituzione della homepage con messaggi propagandistici.

Il museo, noto per la sua collezione dedicata alla tradizione della ceramica abruzzese, ha visto il proprio sito web modificato con immagini e testi a favore della causa palestinese, firmati dall’hacker DXPLOIT, post pubblicato sul canale telegram di PPHM.

Diversamente dagli attacchi DDoS, il defacement mira a modificare l’aspetto di un sito web, spesso con finalità di propaganda. Per eseguire un defacement, gli hacker sfruttano vulnerabilità nei server o nelle piattaforme CMS, ottenendo accesso ai file del sito e sostituendo i contenuti originali.

Al momento della scrittura dell’articolo, entrambi i siti risultano completamente operativi, a conferma che le problematiche segnalate dai cybervandali sono state risolte dalle rispettive organizzazioni.

Il Threat Actor: Pro-Palestine Hackers Movement (PPHM)

Il Pro-Palestine Hackers Movement (PPHM) è un gruppo di hacktivisti che utilizza il cyber-spazio per promuovere la causa palestinese. Il gruppo è noto per attacchi mirati a siti governativi e istituzionali, principalmente attraverso defacement, attacchi DDoS e data leaks.

Attivo su Telegram, PPHM utilizza il canale per rivendicare gli attacchi, condividere screenshot delle loro azioni e pubblicizzare i risultati delle offensive informatiche. L’attacco al Ministero della Difesa italiano rappresenta una chiara escalation nelle loro attività, colpendo un’istituzione di alto profilo e dimostrando la capacità del gruppo di organizzare operazioni coordinate su più bersagli.

Conclusioni

Gli attacchi a Ministero della Difesa e Museo delle Ceramiche Acerbo evidenziano la crescente attività di hacktivismo contro le istituzioni italiane. Il DDoS contro il Ministero mira a interrompere i servizi, mentre il defacement del Museo ha uno scopo propagandistico.

Questi eventi sottolineano l’importanza di rafforzare la cybersecurity, adottando misure per mitigare gli attacchi DDoS, proteggere i server da intrusioni e garantire la continuità operativa delle istituzioni, sia culturali che governative.

L'articolo Attacco DDoS al Ministero della Difesa e Deface al Museo Di Acerbo: l’azione di PPHM e DXPLOIT in Italia proviene da il blog della sicurezza informatica.

Key global cyberthreat landscape development drivers

Hunt for innovations

Innovations are changing our lives. Today, the world is on the threshold of another technical revolution. Access to new technologies is a ticket to the future, a guarantee of economic prosperity and political sovereignty. Therefore, many countries are looking for their way into the new technological order, investing in promising research and development in a variety of areas: AI and machine learning, quantum computing, optical electronics, new materials, energy sources and types of engines, satellites and telecommunications, genetics, biotechnology and medicine.

In terms of cybersecurity, growing interest in innovation means APTs are focusing on institutions and enterprises involved in new tech research and development. As the demand for the technical know-how grows, elite cybercriminal groups – such as top ransomware gangs and hacktivists – are also joining the game, hunting for the leading innovative enterprises’ trade secrets.

Industrial enterprises should keep in mind that this information might be even easier to access and exfiltrate from the shop floor than from within research lab and office network perimeters. The supply chain and network of trusted partners are also very logical potential targets.

Intentionally created barriers and sanction wars

Increasing geopolitical turbulence, sanction wars, and the artificial restriction of access to efficient technology is boosting the drive to violate the intellectual property rights of leading enterprises. This may lead to the following security risks.

• OT technology developers and suppliers are facing the problem that existing mechanisms built into their products may no longer be effectively safeguarding their intellectual property.
• Сracks, third-party patches, and various other ways to bypass license restrictions, come at the price of increased cybersecurity risks right inside OT perimeter.
• In addition to stealing documentation related to cutting-edge technological developments, attackers will continue to hunt for technical know-how – for example, collecting 3D/physical models and CAD/CAM designs as we saw in the attacks by Librarian Ghouls.
• PLC programs, SCADA projects, and other sources of technological process information stored in OT assets may also become another target for malicious actors.

New technologies mean new cyber risks

When trying something completely new, one should always expect some unexpected consequences in addition to the promised benefits. Today, many industrial enterprises are keeping up with organizations in other sectors (for example, financial or retail) in the implementation of IT innovations, such as augmented reality and quantum computing. As in many other fields, the biggest boost in efficiency is expected from the widespread use of machine learning and AI systems, including their direct application in production – when tweaking and adjusting technological process control. Already today, the use of such systems at certain facilities, such as non-ferrous metallurgy, can increase final product output by an estimated billion dollars per year. Once an enterprise experiences such an increase in efficiency, there’s no going back – such a system will become an essential production asset. This may affect the industrial threat landscape in several ways:

• The improper use of AI technologies in the IT and operational processes of industrial enterprises may lead to the unintended disclosure of confidential information (for example, by being entered into a model training dataset) and to new security threats. The seriousness and likelihood of some of these threats is currently hard to assess.
• Both the AI systems and the unique enterprise data they use (either in its raw form – historical telemetry data – used as a training dataset, or as neural network weights incorporated into the AI model), if they become crucial assets, may now be new cyberattack targets. For example, if the systems or data get locked by the bad guys, they may be impossible to restore. Additionally, attacking these systems may not pose risks to the safety of the victim facility, unlike for traditional OT systems, meaning malicious actors may be more inclined to go for the attack.
• Attackers also do not ignore technical progress; their use of AI at various stages of the killchain (for malicious tools development and social engineering, such as text generation for phishing emails) reduces costs, thereby accelerating the development of cyberthreats. This tendency will certainly evolve in 2025.

Time-tested technologies mean new cyber risks

Just because a system has not been attacked, it doesn’t necessarily mean that it is well protected. It could be that attackers have simply not reached it yet – perhaps because they already had simpler, more reliable and automated ways to perform attacks, or maybe you’ve just been lucky.

The expression “if it ain’t broke, don’t fix it” takes on a special meaning in OT infrastructures. Sometimes systems have been running for years or even decades without any modifications, even without installing critical security patches or changing insecure configurations, such as unnecessary network services, debug interfaces and weak passwords. Sometimes systems are still running in the exact same state as when they were put into operation.

Things get even more complicated when you take into account the poor quality of information about OT product vulnerabilities available from the developers or public sources. Fortunately, malicious actors still very rarely attack industrial assets and industrial automation systems.

Moreover, in addition to unprotected industrial automation systems such as PLCs and SCADA servers, which are in fact very difficult to keep cybersecure, there are many other types of devices and even entire infrastructures that are somehow connected to the technological network. The security of these systems is often unjustifiably overlooked:

• Telecom equipment. Its security is usually considered either the responsibility of the telecom operator or thought to be unnecessary for some reason. For example, mobile base stations and technological networks of mobile operators are believed to be already sufficiently protected from cyberattacks, which is why “no one attacks them”. For some reason, this problem is largely ignored by security researchers as well: while the security of endpoints and their key components, such as modems, is thoroughly studied, there are extremely few in-depth publications on the security of base stations or core network equipment. However, the equipment can obviously be compromised, at least from the operator’s side, for example, during maintenance. After all, telecom operators themselves are far from being immune to cyberattacks, as the story of the Blackwood attacks using the NSPX30 implant shows us. Thus, the following must be kept in mind:
  
  • At the very least, the threat model of industrial enterprises must include “man-in-the-middle” attacks on telecom equipment and the infrastructure of telecom operators.
  • Given how rapidly all kinds of smart remote monitoring and control systems are being implemented – primarily in mining and logistics, but also in other sectors and types of facilities – the priority of securing telecom-related infrastructures will only increase correspondingly. For example, to guarantee the safety of robotized infrastructures and the use of automated transport at facilities, we’re seeing the introduction of wireless communication. Industrial enterprises should clearly invest in telecom security in order to avoid cyberincidents, perhaps as early as this year.

  
  

• The security of smart sensors, meters, measuring and control devices, and other devices in the Industrial Internet of Things is typically neglected by both the enterprises using them and, correspondingly, the developers themselves. However, as the history of FrostyGoop shows, these devices may also become attack targets.
• The connection points of small remote industrial infrastructure facilities typically use inexpensive network equipment, sometimes not even designed for industrial use (for example, SOHO devices). Their cybersecurity can be extremely difficult to keep in good condition, both due to architectural limitations and the complexity of centralized maintenance. At the same time, such devices can be manipulated not only to distribute general-purpose malware or host botnet agents (as in the case of Flax Typhoon/Raptor Train), but also as an entry point into the IT or OT network.
• The Windows OS family has been the most popular platform for workstations and automation system servers for decades. However, in recent years, many industrial enterprises have been increasingly installing Linux-based systems in their OT circuits, for various reasons. One of the decisive arguments in favor of choosing Linux is often the belief that such systems are more resistant to cyberattacks. On the one hand, there is indeed less malware that can run on this OS, and the probability of accidental infection is lower than for Windows OS. On the other hand, protecting Linux systems against a targeted attack is just as difficult, and in some cases even more so. The fact is that:
  
  • Developers of security solutions for Linux have to catch up with solutions protecting Windows infrastructure. For a long time, many functions were not in demand by customers and, therefore, were not implemented. At the same time, implementing new functionality is more expensive because it is necessary to support multiple OS strains developing in parallel, and the integration of security solutions is not a priority for kernel developers. There are two downstream consequences of this: first, a lack of effective standard integration mechanisms, and second, updating the kernel can easily “break” compatibility – and a simple module rebuild may not be enough.
  • On the industrial enterprise side, there are clearly not enough information security specialists who are also Linux experts, so both secure device configuration and monitoring and incident detection may not be that effective.
  • Both Linux OT solutions themselves and their developers often demonstrate insufficient information security maturity and can be an easy target for attackers, as was revealed, for example, during the investigation of a series of Sandworm attacks on Ukrainian critical infrastructure facilities.

  
  

Wrong vendor choice means big trouble

Insufficient investment of product developers or technology providers in their own information security guarantees that their customers will experience incidents. This problem is especially relevant for providers of niche products and services. An illustrative case is the attack on CDK Global, which led to direct losses of its customers exceeding a total of one billion dollars.

The situation for industrial enterprises is complicated by a number of factors. Key among these are:

• Extremely long technology supply chains. Equipment, including automation systems for key production assets, is very complex. An enterprise’s industrial equipment fleet may include both all the main components typical of IT systems and many components created as a result of cooperation between multiple manufacturers of industry-specific technologies. Many of these may be relatively small developers of niche solutions without the necessary resources to satisfactorily ensure their own security and that of their products. Moreover, the installation, initial setup, and regular maintenance of equipment requires the involvement of various third-party specialists, further expanding the attack surface of the supply chain and trusted partners.
• Almost every large industrial organization is its own vendor. The specifics of the particular industry and enterprise require significant modification of ready-made solutions, as well as the development of new automation solutions tailored for the organization. Often, these developments are carried out either within the organization itself or by subsidiaries or related companies. All of this multiplies almost all of the risk factors described above: such developments are rarely carried out with a high level of security maturity, resulting in solutions full of basic vulnerabilities that even mediocre attackers can exploit. Obviously, these security issues are already being used in cyberattacks and will continue to be.

Security by obscurity doesn’t work anymore for OT infrastructures

The availability of so many tools for working with industrial equipment (just count the number of libraries and utilities implementing industrial network protocols posted on GitHub) makes developing and implementing an attack on an industrial enterprise’s main production assets significantly easier than just a few years ago. In addition, industrial enterprises themselves continue to evolve – over the past few years, we’ve seen big efforts to not only automate production, but also to inventory and document systems and processes. Now, to impact an industrial facility on the cyber-physical level, attackers no longer need to carefully study textbooks on the particular type of protective systems (such as SIS or circuit/relay protection) basics and to involve external experts in the particular industry. All the necessary information is now available in convenient digital form in the organization’s administrative and technological network. We have seen cases of attackers telling journalists that after they entered the victims’ network perimeter they studied internal facility’s safety-related documentation for a long time before choosing which OT systems to attack, in order to avoid putting employee’s lives at risk or polluting the environment as a result of the attack.

ics-cert.kaspersky.com/publica…

Occasionally, we get a tip for a project that is so compelling that we just have to write it up despite lacking details on how and why it was built. Alternatively, there are other projects where the finished product is cool, but the tooling or methods used to get there are the real treat. “Homeokinesis,” a kinetic art installation by [Ricardo Weissenberg], ticks off both those boxes in a big way.

First, the project itself. Judging by the brief video clip in the reddit post below, Homeokinesis is a wall-mounted array of electromagnetically actuated cards. The cards are hinged so that solenoids behind them flip the card out a bit, making interesting patterns of shadow and light, along with a subtle and pleasing clicking sound. The mechanism appears to be largely custom-made, with ample use of 3D printed parts to make the frame and the armatures for each unit of the panel.

Now for the fun part. Rather than relying on commercial solenoids, [Ricardo] decided to roll his own, and built a really cool CNC machine to do it. The machine has a spindle that can hold at least eleven coil forms, which appear to be 3D printed. Blank coil forms have a pair of DuPont-style terminal pins pressed into them before mounting on the spindle, a job facilitated by another custom tool that we’d love more details on. Once the spindle is loaded up with forms, magnet wire feeds through a small mandrel mounted on a motorized carriage and wraps around one terminal pin by a combination of carriage and spindle movements. The spindle then neatly wraps the wire on the form before making the connection to the other terminal and moving on to the next form.

The coil winder is brilliant to watch in action — however briefly — in the video below. We’ve reached out to [Ricardo] for more information, which we’ll be sure to pass along. For now, there are a lot of great ideas here, both on the fabrication side and with the art piece itself, and we tip our hats to [Ricardo] for sharing this.

Development of my kinetic art installation
byu/musicatristedonaruto inEngineeringPorn

hackaday.com/2025/01/29/cool-k…

Did you ever hear of a satellite called Parcae (pronounced like park-eye)? If you haven’t, don’t feel bad—it was, after all, a top-secret project only revealed in July 2023. [Ivan Amato] not only heard about it, but also wrote a fascinating peek into the cloak-and-dagger world of cold-war spy satellites for this month’s IEEE Spectrum.

According to [Ivan], the satellite helped the United States to keep track of Russian submarines and was arguably the most capable orbiting spy platform ever. Or, at least, that we get to hear about.

Given that it was built in the 1970s, it was amazing that the satellite wasn’t very large. The craft itself seemed small compared to its solar panels. Even today, the satellite remains a bit of a mystery. While the NRO—the US spy satellite agency—did acknowledge its existence in 2023, there is very little official information about it, although, apparently, other curious people have unearthed data on Parcae over the years. According to the NRO, the satellites have not been in use since 2008.

The Parcae—named after the Romans’ three fates—worked in groups of three and launched in a “dispenser” that carried the trio of spaceships. They could listen to radio emissions from ships and use very accurate clocks to pinpoint their location based on the slight differences in the time each satellite heard the signal.

One of the system’s unique features was that thanks to a minicomputer, ship positions could be in users’ hands in minutes. That doesn’t sound so impressive today, but it was an amazing achievement for that time.

The article goes into more detail about how the individual satellites used a gravity boom for orientation and a lot of details about the designers. Of course, some of what Parcae could do is still secret for now, so there may be more to this story later.

Spy satellites can’t always hide from backyard telescopes. Spy satellites always have impressive technology and—presumably—big budgets.

hackaday.com/2025/01/28/parcae…

Transition-metal dichalcogenides (TMDs) are the subject of an emerging field in semiconductor research, with these materials offering a range of useful properties that include not only semiconductor applications, but also in superconducting material research and in supercapacitors. A recent number of papers have been published on these latter two applications, with [Rui] et al. demonstrating superconductivity in (InSe₂)_xNbSe₂. The superconducting transition occurred at 11.6 K with ambient pressure.

Two review papers on transition metal sulfide TMDs as supercapacitor electrodes were also recently published by [Mohammad Shariq] et al. and [Can Zhang] et al. showing it to be a highly promising material owing to strong redox properties. As usual there are plenty of challenges to bring something like TMDs from the laboratory to a production line, but TMDs (really TMD monolayers) have already seen structures like field effect transistors (FETs) made with them, and used in sensing applications.

TMDs consist of a transition-metal (M, e.g. molybdenum, tungsten) and a chalcogen atom (X, e.g. sulfur) in a monolayer with two X atoms (yellow in the above image) encapsulating a single M atom (black). Much like with other monolayers like graphene, molybdenene and goldene, it is this configuration that gives rise to unexpected properties. In the case of TMDs, some have a direct band gap, making them very suitable for transistors and perhaps most interestingly also for directly growing 3D semiconductor structures.

Heading image: Crystal structure of a monolayer of transition metal dichalcogenide.(Credit: 3113Ian, Wikimedia)

hackaday.com/2025/01/28/transi…

We’ve said it before: building one-offs is different from building at scale. Even on a small scale. There was a time when it was rare for a hobbyist to produce more than one of anything, but these days, access to cheap PC boards makes small production runs much more common. [VoltLog], for example, is selling some modules and found he was spening a lot of time testing the boards. The answer? A testing jig for his PC board.

Big factories, of course, have special machines for bulk testing. These are usually expensive. [VoltLog] found a place specializing in creating custom test jigs using 3D printing.

They also have some standard machines, too. He did have to modify his PCB to accomodate special test points. He sent the design files to the company and they produced a semi-custom testing jib for the boards in about a month.

A Raspberry Pi runs the test and can even sense LEDs turning on if you need it to. Although the device is 3D printed, it looks very professional. The machine accepts an entire panel of PCBs and wedges pogo pins to the test points.

We were curious about the cost of this fixture. Of course, each one is unique, so the cost of his fixture will not be the same as yours, but it would still be nice to have an order-of-magnitude idea of the price. On the other hand, he claims his testing is now 15 times faster, so if you spend enough time testing, the cost is probably insignificant.

Replicating a design many times has plenty of challenges. While we do like the look of [VoltLog’s] machine, we also know you could roll your own pogo pin setup if you were on a budget.

youtube.com/embed/BsUbPuzelnE?…

hackaday.com/2025/01/28/testin…

For many people of a certain age, the DEC VAX was the first computer they ever used. They were everywhere, powerful for their day, and relatively affordable for schools and businesses. These minicomputers were smaller than the mainframes of their day, but bigger than what we think of as a computer today. So even if you could find an old one in working order, it would be a lot more trouble than refurbishing, say, an old Commodore 64. But if you want to play on a VAX, you might want to get a free membership on DECUServe, a service that will let you remotely access a VAX in all its glory.

The machine is set up as a system of conferences organized in notebooks. However, you do wind up at a perfectly fine VAX prompt (OpenVMS).

What can you do? Well, if you want a quick demo project, try editing a file called NEW.BAS (EDIT NEW.BAS). You may have to struggle a bit with the commands, but if you (from the web interface) click VKB, you’ll get a virtual keyboard that has a help button. One tip: if you start clicking on the fake keyboard, you’ll need to click the main screen to continue typing with your real keyboard.

Once you have a simple BASIC program, you can compile it (BASIC NEW.BAS). That won’t seem to do anything, but when you do a DIR, you’ll see some object files. (LINK NEW) will give you an executable and, finally, RUN NEW will pay off.

Some quick searches will reveal a lot more you can do, and, of course, there are also the conferences (not all of them are about VAX, either). Great fun! We think this is really connected to an Alpha machine running OpenVMS, although it could be an emulator. There are tons of emulators available in your browser.

hackaday.com/2025/01/28/your-v…

r/keebgirlies Is Totally a Thing Now

When [coral-bells] posted her first build to r/mechanicalkeyboards, she likely felt some trepidation. After all this is reddit we’re talking about, so right away you’ve got two layers of male-domination hobby.

Image by [coral-bells] via redditWhat she likely didn’t expect was to be upvoted into the tens of thousands, or to receive such a response from other girlies who came out of the woodwork to share their builds.

And so r/keebgirlies was born, and already has a few thousand members. This is a brand-new subreddit for women and non-binary folks who are into mechanical keyboards. As it says in the sidebar, men are welcome but limited to the comments for now, so don’t go trying to post your builds. The girlies are currently seeking moderators, so give that some thought.

As for [coral-bells]’ lovely build, this is an Epomaker MS68 with MMD Vivian V2 switches, and those flowery keycaps are from Etsy. She is currently waiting for supplies to mod a Yunzii AL66, but wants to build a kit at some point.

Bear In Mind That You Can DIY Homing Keys

Ahh, homing keys. F and J, with their little bumps or lines that home your fingers on the… home row. The Kinesis Advantage doesn’t have them, unfortunately, but makes up for it with deep-dish DSA keycaps on the home row that are bright blue against a sea of black.

Image by [theTechRun] via redditI still miss having bumps around because I like to pick at them sometimes when I can’t find the words I want. So there’s a good chance I will try [theTechRun]’s DIY homing key method at some point.

After trying and failing several ways, [theTechRun] came up with this ball bearing method lovingly outlined in the reddit post. Basically, you draw a line across the keycap where you want the bearings to sit, make indentations with a spring-loaded center punch set on the lowest pressure setting, then use an unfolded paperclip to dab super glue in the divots and set 1/16″ bearings in there. Evidently, two bearings feel nicer than one, and they look cooler, too.

This is a great step-by-step with shopping links for everything but the pencil. [theTechRun] offers a lot of tips as well, like erasing the pencil line before you set the bearings, and using a leveler to mark it in the first place.

The Centerfold: the Rainbow Connection

Image by [SpockIsMyHomeboy] via redditHappy 8-year cake day to [SpockIsMyHomeboy], proud owner of a bunch of rainbows and a lovely peripheral. This is a KBDFans TET keyboard sporting GMK Panels keycaps on HMX Hyacinth V2U switches. That lovely artisan keycap is none other than a Muad’ib DuneDragon.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Merritt Had Merit

I keep featuring the odd index typewriter here and there because I want you to get the sense of how popular they used to be before the masses had really mastered the keyboard, whatever the layout might have been.
Image via The Antikey Chop
The Merritt index typewriter, which was marketed as “The People’s Type-Writer”, went for a cool $15 in the 1890s until the brand’s demise in 1896. That’s around $500 in 2025 money.

All versions of the Merritt were blindwriters that typed in a linear up-striking fashion. Thanks to a double Shift mechanism, the machine could produce 78 characters. The inking was handled with a couple of rollers. I find the layout intriguing and wonder how fast I could get going on the thing, though it seems like a recipe for a repetitive stress injury.

Interestingly, the Antikey Chop found an ad from 1901 that was placed by a department store. Hamburger & Sons claimed to have acquired “an immense quantity” of Merritts and were offering them for $3.98 and $4.98. They chose to market the machines as “typewriters for those who cannot afford typewriters”, “handy typewriters for tourists”, and “ideal machines for boys and girls”.

This Keyboard Charges Itself

Wireless keyboards are cool and all, but they whole keeping-it-charged thing adds a level of stress that many believe isn’t worth it. After all, what are you supposed to do when your keyboard is dead? Use the — gasp — laptop keyboard? Uh, no. I mean, unless you have a ThinkPad or something; those have pretty nice keyboards, or at least they did a few years ago.

Image by [Lenovo] via PC MagazineLenovo is here for you with their Self-Charging Bluetooth Keyboard, which debuted at CES. It uses a photovoltaic panel and supercapacitors to harness and store both solar and ambient artificial light. I don’t have to tell you that supercapacitors last much longer than lithium batteries.

I for one like the paint spatter design, but I wish only three keycaps were green. It’s a nitpick for sure, ignoring the elephant in the room with a sign around its neck that reads ceci n’est pas une ergonomic keyboard.

Bonus: Lenovo also debuted the AdaptX Mouse, a modular affair which appears to be a pretty sweet multi-functional peripheral for those who don’t want to carry too much. It can be a compact mouse, an ergonomic mouse, a travel hub, a memory card holder, and an emergency power bank. Sheesh! Unfortunately, it’s just a proof-of-concept for now. Gauntlet laid?

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2025/01/28/keebin…

Which would you rather feel? The blast of a fire hose, or a cool, digital rain? That’s what we thought. Introducing Blue Rain — the fire hose that is the BlueSky feed, falling semi-cryptically down your screen in Matrix-style letter droplets. Ahh, isn’t that nice?

Now, the rain doesn’t have to be blue. You can change the color, the speed at which it falls, the font, the font size, and other stuff like toggling NSFW, uh, tweets. (Wait, what are we calling BlueSky messages, anyway? Skeets? Really?)

You can even choose between a few fonts for the rain. And if you want to like, actually read one of the skeets, just shoot one carefully with your mouse while it’s still falling.

[Simone] has the project files on GitHub, but you should really read the blog post. Inspired by the lovely firehose3d, [Simone] thought instead of displaying the BlueSky fire hose as digital rain.

First, she collects as many skeets as there are empty columns on a screen from a Jetstream sever. This is calculated based on font style and size. She wrote an algorithm loosely inspired by CodePen, which does digital rain. If the skeet doesn’t fully render by the time it reaches the bottom of the screen, the rest appears at the top of the same column and falls until it’s done displaying. Then the column clears out and waits for a new skeet.

Want to take Matrix-style digital rain on the go? You can cram it onto a Pico, you know.

Thanks for the tip, [FrancisF]!

hackaday.com/2025/01/28/its-ra…

Innovery, società di consulenza leader in Italia e in Europa specializzata in soluzioni innovative di ICT e cybersecurity, annuncia il rebranding e assume ufficialmente il nuovo marchio NEVERHACK.

Dopo l’acquisizione, avvenuta a settembre 2024, da parte delgruppo francese NEVERHACK esperto di cybersecurity, il cambio di brand segna la fine di un’era per Innovery, marcando al tempo stesso l’inizio di un nuovo capitolo della sua storia: un nuovo corso che si apre nel solco degli stessi valori che hanno guidato l’attività dell’azienda dalla sua fondazione e che può contare sulle solide competenze e sulla lunga esperienza maturata negli ultimi vent’anni nel campo della sicurezza informatica.
Gianvittorio Abate, Managing Partner NEVERHACK Southern Region
“Da oggi adottiamo il nuovo brand NEVERHACK, sancendo ufficialmente il nostro ingresso in un grande gruppo internazionale, leader di mercato nel settore della cybersecurity. Siamo pronti a cogliere nuove opportunità di crescita e sfide sempre più globali, portando avanti un sogno condiviso, che va oltre i confini nazionali, unendo talenti, esperienze e culture dei diversi Paesi che fanno parte del gruppo. Un ulteriore passo in avanti, che ci proietta al futuro, per continuare a garantire ai nostri clienti servizi e soluzioni informatiche per la sicurezza, personalizzate in base alle loro esigenze e con standard qualitativi sempre più elevati”, commenta Gianvittorio Abate, Managing Partner NEVERHACK Southern Region.

L’entrata di Innovery in NEVERHACK ha consentito di estendere il portfolio di servizi e soluzioni a disposizione dei clienti, con un’offerta di “one-stop-shop” integrata e allargata, nonché di espandere la presenza internazionale del gruppo, consolidandone la leadership sia nei Paesi dove Innovery era già presente (Spagna, Messico e USA), che in nuovi mercati.

Sul mercato italiano, NEVERHACK conserverà la leadership già acquisita da Innovery nell’incident response, espandendola a livello internazionale. Inoltre, continuerà a rappresentare un punto di riferimento nell’ambito della consulenza strategica e nella fornitura di soluzioni innovative per la sicurezza informatica, la definizione e l’integrazione dell’architettura informatica e la progettazione e la gestione dell’infrastruttura ICT, rispondendo con precisione alle esigenze dei propri clienti in materia di network operations center e sicurezza.

L'articolo Innovery cambia brand e diventa NEVERHACK. Si consolida la leadership del gruppo nel campo della cybersecurity proviene da il blog della sicurezza informatica.

I was fascinated by the idea of jet packs when I was a kid. They were sci-fi magic, and the idea that you could strap into an oversized backpack wrapped in tinfoil and fly around was very enticing. Better still was when I learned that these things weren’t powered by complicated rockets but by plain hydrogen peroxide, which violently decomposes into water and oxygen when it comes in contact with a metal like silver or platinum. Of course I ran right to the medicine cabinet to fetch a bottle of peroxide to drip on a spoon from my mother’s good silverware set. Needless to say, I was sorely disappointed by the results.

My little impromptu experiment went wrong in many ways, not least because the old bottle of peroxide I used probably had little of the reactive compound left in it. Given enough time, the decomposition of peroxide will happen all by itself. To be useful in a jet pack, this reaction has to proceed much, much faster, which was what the silver was for. The silver (or rather, a coating of samarium nitrate on the silver) acted as a catalyst that vastly increased the rate of peroxide decomposition, enough to produce jets of steam and oxygen with enough thrust to propel the wearer into the air. Using 90% pure peroxide would have helped too.

As it is for jet packs, so it is with industrial chemistry. Bulk chemical processes can rarely be left to their own devices, as some reactions proceed so slowly that they’d be commercially infeasible. Catalysts are the key to the chemistry we need to keep the world running, and reactors full of them are a major feature of many of the processes of Big Chemistry.

Catalysis 101

The high school chemistry description of a catalyst is pretty simple: it’s a substance that helps a reaction to proceed without being consumed in the process. Take the case of the jet pack reaction, or rather a close alternative using another catalyst, manganese dioxide:

Manganese dioxide does not appear on either the reactant side of the equation or in the products. It only facilitates the reaction, and no matter how much peroxide you pour on it, the manganese dioxide will still be there — with a few practical caveats, which we’ll discuss below. The usual explanation for how catalysts work is that they lower the activation energy of a reaction, which in turn increases the rate of the reaction. That’s fine as far as it goes, and probably enough of an explanation for the practical needs of bulk chemistry, but diving just a bit deeper into the concepts will help explain the engineering of catalysts and chemical reactors.

youtube.com/embed/S86mL5kEfBE?…

Most of the catalysts used in bulk chemistry processes are heterogenous surface catalysts; heterogenous in that they are in a different physical state from the reactants, usually a solid catalyst with liquid or gaseous reactants, and surface in that the catalysis occurs at the interface between the reactant phase and the solid surface of the catalyst. Reactants can diffuse from their liquid or gaseous phase and adsorb onto the catalyst’s surface in close enough proximity to react with each other. Alternatively, reactants can migrate across the surface of the catalyst so they get close enough to react, but the key concept is that the catalyst acts something like a jig to keep the adsorbed reactants together long enough to do their thing. Once the reaction is complete, the product will release or desorb from the catalyst, freeing up the surface to be used by fresh reactants. This process — diffusion, adsorption, reaction, and desorption — is referred to as the catalytic cycle.

Catalyst Structure

Most catalysts for bulk chemistry rely on elements from the transition metals groups, that block of elements that lives between the “towers” at either side of the periodic table. In addition to silver and manganese, metals from this block commonly used as catalysts include palladium, platinum, rhodium, rhenium, and iridium. Vanadium, used to produce sulfuric acid from sulfur dioxide, is another important transition metal catalyst, as is iron, which catalyzes ammonia synthesis in the Haber-Bosch process. The rare earth elements in this block are also used for some processes.

While it makes for a good demonstration of catalysis, the example above of dripping hydrogen peroxide onto a pile of manganese is a bit simplistic. Practical industrial catalysts are highly engineered to maximize their effectiveness while standing up to reaction conditions, which often require (or create) extreme temperatures and pressures. Most industrial catalysts are classified as supported, which simply means that the active element or elements are applied to a non-catalytic physical structure that provides mechanical stability. Support materials run the gamut, from simple inorganic compounds like magnesium chloride to complex shapes made from silica, ceramics, or even plastics. The catalytic element can either be part of the support matrix or applied to the outer surface of the support, which is common for precious metal catalysts such as palladium or platinum.
Forbidden candies. Supported catalysts for fixed bed reactors take many forms, all optimized for packing, reactant flow, and maximum surface area. Source: Shubhrapdil, CC BY-SA 4.0, via Wikimedia Commons
The size and shape of the catalyst support is critical to its efficiency. A wide range of forms are used, with a tendency to shy away from spherical shapes as these tend to minimize surface area for a given volume. Cylindrical shapes are often used, and many catalysts have one or more holes passing through them, to increase their surface area. The size and shape of the particles also determine the flow characteristics of the catalyst, which is important in continuous chemical processes where the reactants need to pass through a catalyst. Catalytic cracking of crude oil into products like diesel, gasoline, and butane is a good example of a continuous flow catalytic process.

Even though catalysts aren’t used up in a reaction, they still wear out over time. Back in the days when it was still possible to buy leaded gasoline, it was pretty obvious when someone had mistakenly used the wrong gas in a car with a catalytic converter. The tetraethyl lead poisoned the catalysts in the exhaust system by coating the surface with lead compounds, blocking the active surface and leading to a characteristic rotten egg reek. Poisoning is just one way that catalysts become less effective over time; other common catalyst deactivation mechanisms include coking with heavy carbon deposits, fouling with unreacted compounds or contaminants, sintering of catalytic metal into large crystals rather than a smooth layer, and solid-phase transformation, where molecules from the support material migrate through the active layer and block access to it. Catalyst deactivation eventually reduces the efficiency enough that the spent catalyst has to be replaced.

Catalyst Service With a Smile

Containing reactants and the catalyst media requires some sort of vessel. These are generically known as reactors, and while they range widely in size and features, for big chemistry processes like crude oil refining or polymer production, reactors can be among the biggest components of a plant. Reactors often take the form of a large tank or even a tower, many meters high, wrapped in pipes and equipped with catwalks and manholes and bristling with sensors and monitors. Big reactors are often very strong, able to resist high temperatures and pressures, and depending on the corrosivity and reactivity of the reactants, they may be made from materials such as stainless steel or even alloys like Monel or Inconel.

A large refinery or chemical plant may have dozens or even hundreds of reactors, all of which will require service at some point. Changing out spent catalyst is a challenging and dangerous job, so chemical operators usually outsource the job to specialist firms that do nothing but service reactors. They employ catalyst technicians who are trained for confined-space entry so they can safely get inside the reactor to inspect or clean it. Even with the proper training and safety equipment such as hazmat suits that are just this side of legitimate space suits, confined-space entry is very dangerous and can be terrifying; claustrophobiacs need not apply.

Unloading a reactor is a slow and deliberate process. Reactors tend to run very hot, so operators have to plan ahead and leave plenty of time for the reactor to cool down before unloading. Consideration also has to be given to any physical or chemical changes that occurred to the catalyst during its life, which could present a dangerous situation. Some catalysts may have accumulated metal oxides which would react violently if exposed to air, releasing deadly gasses like sulfur dioxide. In such cases, the reactor may be filled with nitrogen, which complicates technician access. Alternatively, a protective resin can be added to the reactor to coat the catalyst particles and lock away the reactive oxides, making them safer to handle.

With some reactors holding tons of catalyst, removing the spent media can be a challenge. Some reactors have dump gates at the bottom, allowing the spent material to flow out under gravity. Other reactors only have a manhole at the top, meaning that the spent catalyst has to be vacuumed out. Large, powerful vacuum trucks are used for this job, often with confined-entry techs guiding the hose inside the reactor.

The spent catalyst presents a disposal problem. In days past, spent material was either landfilled or sometimes ground up and used as a replacement for sand or gravel in concrete. This isn’t terribly sustainable, though, and when the active material of the catalyst is something like platinum, downright wasteful. Catalyst recycling is a big industry now, with companies specializing in the process. Spent catalyst is trucked off to facilities where it is classified and graded before being stripped of any remaining reactants, which are recovered and recycled where possible. Stripped catalyst is roasted in a rotary kiln to oxidize the active metal, with sulfur dioxide and particulates captured by electrostatic precipitators and filters. The roasted media, known as calcine, is ground and leached with acids to solubilize the metals, and the leachate goes through a series of pyrometallurgical processes to recover the metals.

Once a reactor has been unloaded and inspected and any necessary repairs made, it needs to be refilled with fresh catalyst. There are two main methods for this. Sock loading is where catalyst service techs enter the reactor wearing full protective suits with breath apparatus. They often need to wear special shoes to distribute their weight — think snowshoes — and prevent crushing the catalyst bed. A long flexible tube, traditionally made of canvas and hence the name of the method, is lowered to the bottom of the reactor. Catalyst particles flow down the sock from a hopper while the techs guide the sock around to make an even bed. The sock is withdrawn as the bed rises, and the techs often use rakes and shovels to evenly distribute the material.

youtube.com/embed/iHyBIT_mdd0?…

Another method is called dense loading. No technicians are required in the reactor; rather, a specialized dense loading tool in inserted into the tank through a central manhole at the top. The tool has a series of platforms that spin, distributing catalyst particles that are fed into the center of the tool from a hopper above. The gentle rain of catalyst particles free-falls in the reactor until it reaches the rising bed, where the particles bounce around until they settle into their lowest energy state. As the name suggests, dense loading yields a denser, more homogeneous catalyst bed, which allows more material to be packed into the same volume. This tends to make the reactor more efficient overall and increases catalyst life by decreasing hot spots.

hackaday.com/2025/01/28/big-ch…

Gli specialisti Doctor Web hanno scoperto campioni di malware che, dopo un esame più attento, si sono rivelati componenti di una campagna di mining attiva per la criptovaluta Monero. Allo stesso tempo, vengono costruite due catene dannose lanciando script che estraggono payload dannosi da file di immagine in formato BMP.

Secondo i ricercatori, questa campagna è attiva dal 2022, come dimostra il file eseguibile Services.exe, che è un’applicazione .NET che esegue uno script VBscript. Questo script implementa funzioni backdoor contattando il server degli aggressori ed eseguendo script e file inviati in risposta. Sul computer della vittima viene così scaricato il file dannoso ubr.txt, che è uno script per l’interprete PowerShell, la cui estensione è stata modificata da ps1 a txt.

Lo script verifica la presenza di minatori che potrebbero essere già installati sulla macchina compromessa e li modifica nelle versioni di cui hanno bisogno gli aggressori. I file installati dallo script rappresentano il minatore SilentCryptoMiner e le sue impostazioni.

Va notato che nell’ambito di questa campagna i file dei minatori vengono mascherati da diversi software, ad esempio per videochiamate in Zoom (ZoomE.exe e ZoomX.exe) o servizi Windows (Service32.exe e Service64.exe).

Inoltre, il minatore accede al dominio getcert[.]net, che contiene il file m.txt con le impostazioni di mining di criptovaluta. Questa risorsa è stata utilizzata anche in altre catene di attacchi.

Gli esperti scrivono che ora gli aggressori hanno modificato la metodologia di attacco, rendendola più interessante, e hanno iniziato a utilizzare la steganografia.

La seconda e più recente catena di attacchi viene quindi implementata utilizzando il trojan Amadey, che esegue lo script PowerShell Async.ps1, scaricando immagini in formato BMP dall’host di immagini legittimo imghippo.com. Utilizzando la steganografia, da queste immagini vengono estratti due file eseguibili: lo stealer Trojan.PackedNET.2429 e il payload, che:

• disabilita la richiesta di elevazione dell’UAC per gli amministratori;
• introduce molte eccezioni a Windows Defender;
• disabilita le notifiche in Windows;
• crea una nuova attività nel percorso \Microsoft\Windows\WindowsBackup\ con il nome Utente.

Durante questa attività vengono contattati i domini dell’aggressore, il cui record DNS TXT contiene l’indirizzo di archiviazione per il successivo payload. Dopo averli scaricati, viene decompresso l’archivio con le immagini in formato BMP e vengono lanciati i seguenti file:

• txt – Script PowerShell che elimina eventuali altri minatori;
• txt – Script PowerShell che estrae il payload dalle immagini m.bmp e IV.bmp (il payload all’interno delle immagini è il miner SilentCryptoMiner e l’iniettore che lo esegue);
• txt è uno script che legge il record DNS TXT per i domini windowscdn[.]site e buyclients[.]xyz. Questa voce contiene un collegamento al payload che punta a raw.githack[.]com.

Si noti che i moduli dei minatori vengono costantemente sviluppati. Recentemente, gli autori di malware sono passati all’utilizzo di risorse legittime per ospitare immagini dannose e della piattaforma GitHub per archiviare i payload. Inoltre, sono stati scoperti moduli che controllano il fatto dell’avvio in sandbox e su macchine virtuali.

Uno dei portafogli specificati nelle impostazioni del minatore è stato creato nel maggio 2022 e ad oggi sono stati trasferiti su di esso 340 XMR. Basandosi sull’andamento dell’onda dell’hashrate (indicativo dei computer che si accendono e si spengono regolarmente), i ricercatori ritengono che questa campagna di mining coinvolga principalmente utenti ordinari che si trovano nello stesso gruppo di fusi orari. L’hashrate medio è di 3,3 milioni di hash al secondo, il che consente alle macchine compromesse di portare agli aggressori 1 XMR ogni 40 ore.

L'articolo Steganografia e Immagini BMP: Come il Cybercrime Attraverso Il Malware Mina Monero proviene da il blog della sicurezza informatica.

The Pebble smartwatch was introduced in 2012 as part of a Kickstarter campaign and saw moderate success before the company behind it got bought out by Fitbit. Although a group of enthusiasts kept their Pebble devices alive, including via the alternate Rebble project for online services, it seemed that no new Pebble devices would grace this Earth. However, we now got a flurry of Pebble updates, with Google, the current owner of Fitbit, open sourcing the PebbleOS source, and [Eric Migicovsky] as the original Pebble founder announcing new Pebble watches.

These new Pebble watches would be very much like the original Pebble, though switching from a memory LCD to an e-paper screen but keeping compatibility with the original Pebble watch and its hackability. Currently there’s just a rePebble site where you can sign up for announcements. Over at the Rebble project people are understandably excited, with the PebbleOS source available on GitHub.

A lot of work still remains, of course. The Apache 2.0-licensed PebbleOS source was stripped of everything from fonts to the voice codec and Bluetooth stack, and of course bootstrapping whole new hardware production will require serious investment. Even so, for lovers of smart watches that work with modern-day smartphones, featuring an always-on display and amazing battery life the future has never been more bright.

Thanks to [Will0] for the tip.

hackaday.com/2025/01/28/google…

The range of materials suitable for even the cheapest laser cutter is part of what makes them such versatile and desirable tools. As long as you temper your expectations, there’s plenty of material to cut with your 40 watt CO₂ laser or at least engrave—just not glass; that’s a tough one.

Or is it? According to [rschoenm], all it takes to engrave glass is a special coating. The recipe is easy: two parts white PVA glue, one part water, and two parts powdered titanium dioxide. The TiO₂ is the important part; it changes color when heated by the laser, forming a deep black line that adheres to the surface of the glass. The glue is just there as a binder to keep the TiO2 from being blasted away by the air assist, and the water thins out the goop for easy spreading with a paintbrush. Apply one or two coats, let it dry, and blast away. Vector files work better than raster files, and you’ll probably have to play with settings to get optimal results.

With plain float glass, [rschoenm] gets really nice results. He also tried ceramic tile and achieved similar results, although he says he had to add a drop or two of food coloring to the coating so he could see it against the white tile surface. Acrylic didn’t work, but there are other methods to do that.

youtube.com/embed/EW6fJqF9x-4?…

Thanks to [AbraKadabra] for the tip.

hackaday.com/2025/01/28/a-litt…

Microsoft fa un passo avanti nella lotta contro il phishing, annunciando una nuova funzionalità di sicurezza per Microsoft Teams, il popolare strumento di collaborazione aziendale. A partire da febbraio 2025, gli utenti saranno protetti da attacchi di phishing mirati che sfruttano la tecnica dell’impersonazione di marchi affidabili durante le chat con domini esterni.

Come funziona la nuova funzionalità di sicurezza

La funzionalità, parte del roadmap Microsoft 365 ID 421190, è progettata per intercettare potenziali rischi di impersonazione durante i primi contatti provenienti da domini esterni. Quando un utente riceve un messaggio da un mittente esterno, Teams analizzerà automaticamente il contenuto per identificare tentativi di phishing. In caso di rilevamento di un rischio elevato, sarà visualizzato un avviso chiaro e ben evidenziato, invitando l’utente a verificare attentamente nome e indirizzo email del mittente prima di accettare la comunicazione.

Questo sistema sarà abilitato di default, senza necessità di configurazione amministrativa. Inoltre, gli amministratori IT potranno monitorare i tentativi di impersonazione tramite i log di audit, assicurandosi che la funzionalità non interrompa i flussi di lavoro quotidiani.

La nuova funzionalità sarà distribuita in due fasi:

• Anteprima Targeted Release (Preview): il rilascio iniziale è previsto per fine ottobre 2024 e sarà disponibile per un gruppo selezionato di utenti.
• Rilascio globale (General Availability): la distribuzione a livello mondiale inizierà a metà novembre 2024 e si concluderà entro metà febbraio 2025.

Questa tempistica rappresenta un leggero ritardo rispetto alla data originale di gennaio 2025, ma garantisce una distribuzione più stabile e sicura per tutti gli utenti.

Perché è necessaria questa protezione

Le piattaforme di collaborazione, come Teams, sono diventate bersagli privilegiati dei cybercriminali, che sfruttano i contatti esterni per veicolare attacchi sofisticati. Organizzazioni che consentono comunicazioni con domini esterni sono particolarmente vulnerabili a campagne di phishing condotte da attori malevoli che si fingono rappresentanti di aziende fidate.

Ad esempio, gruppi come FIN7 e Storm-1811 hanno recentemente sfruttato Teams per impersonare il supporto IT delle aziende. Tattiche comuni includono:

• Email bombing: invio di migliaia di email per creare confusione.
• Falsi contatti su Teams: approfittano del caos generato per fingersi membri del team di supporto e ottenere accessi remoti agli endpoint.

Una volta ottenuto l’accesso, gli aggressori possono distribuire malware, rubare credenziali e, in alcuni casi, eseguire attacchi ransomware. Campagne come quella del ransomware Black Basta, osservate tra novembre 2024 e gennaio 2025, hanno causato danni ingenti sfruttando proprio queste tecniche.

Come prepararsi

Microsoft consiglia alle aziende di prepararsi in anticipo per l’introduzione di questa nuova funzionalità attraverso i seguenti passaggi:

1. Sensibilizzazione del personale: informare i dipendenti sugli avvisi di alto rischio e su come gestire i messaggi sospetti.
2. Aggiornamento della documentazione interna: includere informazioni sulle nuove misure di sicurezza e le procedure da seguire.
3. Formazione specifica: organizzare sessioni per insegnare a riconoscere segnali di phishing e utilizzare in modo corretto il flusso di accettazione/rifiuto dei messaggi.

Microsoft fornirà ulteriore documentazione prima del rilascio globale per aiutare le organizzazioni a integrare efficacemente la nuova funzionalità nei processi aziendali.

Conclusione

Con l’aumento degli attacchi alle piattaforme di collaborazione, la nuova protezione di Microsoft Teams rappresenta un ulteriore passo nella creazione di un ambiente digitale più sicuro. Questa funzionalità, pronta a diventare operativa entro febbraio 2025, non solo rafforza la sicurezza degli utenti, ma segna anche un impegno concreto di Microsoft contro le minacce sempre più sofisticate dei criminali informatici.

L'articolo Microsoft annuncia nuove misure contro gli attacchi phishing su Teams: la protezione inizia a febbraio 2025 proviene da il blog della sicurezza informatica.

Le azioni delle principali società tecnologiche statunitensi sono crollate drasticamente a causa del successo travolgente di un nuovo chatbot cinese, DeepSeek. L’app, rilasciata la scorsa settimana, è diventata in pochi giorni l’app gratuita più scaricata negli Stati Uniti, superando ChatGPT di OpenAI.

In questo contesto, le azioni di Nvidia, Microsoft, Meta e di altre società americane hanno subito un calo significativo. Pertanto, a metà della sessione di negoziazione di lunedì, il prezzo delle azioni Nvidia è sceso del 16%, Broadcom del 17,8% e Microsoft del 3,7%. I proprietari di Alphabet, la società madre di Google, hanno perso oltre il 3% del valore delle loro azioni. Anche l’Europa ha registrato perdite, con il produttore olandese di apparecchiature per chip ASML in calo del 7% e Siemens Energy in calo del 20%.

Un modello AI di avanguardia

DeepSeek si basa sul modello DeepSeek-V3, che secondo gli sviluppatori è stato addestrato utilizzando tecnologie open source ed è costato circa 6 milioni di dollari. Si tratta di una cifra significativamente inferiore ai miliardi investiti dai concorrenti statunitensi come OpenAI e Google. L’azienda cinese afferma di essere riuscita a ottenere risultati paragonabili agli ultimi modelli di OpenAI utilizzando meno risorse. DeepSeek ha già dimostrato la sua efficacia in compiti quali matematica, programmazione ed elaborazione del linguaggio naturale.

Il successo di DeepSeek è stato reso possibile dalla collaborazione di sviluppatori cinesi che hanno adattato la loro tecnologia per soddisfare le restrizioni di Nvidia sull’esportazione di chip di fascia alta in Cina. Hanno sperimentato soluzioni più convenienti, che hanno portato a significative riduzioni dei costi.

Gli esperti ritengono che il mercato sia stato colto di sorpresa dal basso costo dello sviluppo di DeepSeek. Gli investitori hanno espresso preoccupazione per il fatto che il successo dell’azienda cinese potrebbe minare l’attrattiva economica dei grandi investimenti nelle infrastrutture di intelligenza artificiale effettuati dalle aziende americane. Fiona Cincotta, analista di City Index, ha dichiarato: “L’idea di un modello cinese a basso costo non è stata al centro dell’attenzione e questo è stato una sorpresa per il mercato. Se tali approcci si rivelassero efficaci, metterebbero in discussione il ritorno sugli investimenti nella costosa intelligenza artificiale”. Gli analisti hanno inoltre sottolineato che, mentre DeepSeek potrebbe sfidare le aziende statunitensi, gli sviluppatori cinesi avranno difficoltà a competere a causa delle restrizioni sull’accesso a chip all’avanguardia.

La sospensione delle registrazioni

Lunedì DeepSeek ha annunciato di essere stato vittima di un attacco informatico su larga scala. “A causa dei gravi attacchi dannosi ai nostri servizi, stiamo temporaneamente limitando le registrazioni di nuovi utenti per garantire che l’app rimanga stabile”, ha affermato la società in una dichiarazione ufficiale. Tuttavia, gli utenti esistenti possono continuare a utilizzare l’applicazione senza restrizioni.

L’azienda è stata fondata nel 2023 a Hangzhou dal 40enne Liang Wenfeng, laureato alla Facoltà di Informatica e Tecnologia Elettronica. Prima di fondare DeepSeek, ha anche lanciato un hedge fund, che è diventato il principale investitore dell’azienda. Liang ha acquistato in anticipo circa 50.000 chip Nvidia A100, nonostante il divieto di esportazione in Cina. Questi chip, combinati con processori più economici, hanno creato uno strumento potente ma conveniente.

Il presidente Donald Trump, tornato in carica, ha recentemente annunciato Stargate, il più grande progetto di sviluppo di infrastrutture di intelligenza artificiale negli Stati Uniti, con un budget di 500 miliardi di dollari. La mossa mira a mantenere la leadership tecnologica degli Stati Uniti. Tuttavia, il successo di DeepSeek ricorda lo storico lancio del satellite sovietico Sputnik 1 nel 1957, che rappresentò una sfida per gli Stati Uniti. Un’analogia è stata fatta dall’investitore Marc Andreessen, il quale ha affermato che DeepSeek è stato un “momento sputnik” per l’intelligenza artificiale.

L'articolo Il Giorno Peggiore Per NVIDIA! Crollo Del 16% In Borsa A Causa Del “Momento Sputnik” proviene da il blog della sicurezza informatica.

You can work with a part for many decades, and still learn something new about it. At least we can, and we don’t mind admitting it. Take film capacitors — we all know they aren’t a polarized part like an electrolytic capacitor is, but as [TheDannVal] points out, that doesn’t mean both their leads are the same.

This might sound counterintuitive, but if you consider for a moment their construction it makes sense. A film capacitor is made from two strips of foil with a strip of plastic film between then, rolled up tightly into a cylinder. One of the pieces of foil that forms one side of the capacitor ends up on the outside of the cylinder, and thus forms the shield for the other. Thus if that side isn’t connected to the lower impedance side of whichever circuitry it resides in, it can pick up noise, while the inside strip of foil can not. It’s so obvious when demonstrated, but we have to admit to never having considered it before. Some film capacitors have a line marked on them to denote the connection forming the shield, for those that don’t he provides a couple of methods for detecting it.

The full video is below the break, and maybe you too can now pay attention to your capacitors for lower noise audio circuitry.

youtube.com/embed/vr6summ43Y0?…

hackaday.com/2025/01/27/film-c…