Cybersecurity & cyberwarfare

2024-05-07 23:00:51

Your Pi, From Anywhere

The Raspberry Pi finds a use in a huge variety of applications, and in almost any location you could imagine. Sadly those who use those machines might not be in the same place as the machines themselves, and thus there’s the question of providing a remote connection between the two. This may not be a huge challenge to those skilled with Linux and firewalls, but to many Pi users it’s a closed book. So the Pi folks have come up with a painless way to connect to your Pi wherever it is, and it’s called Raspberry Pi Connect.

To use the service all you need is a Pi running the latest 64-bit version of Raspberry Pi OS, so sadly that excludes base model Zeros and older models. Sign in to the Raspberry Pi Connect server, follow the instructions, and you’re on your way. Under the hood it’s the well-known VNC protocol at work, with the connection setup being managed via WebRTC. The Pi servers are intended to act simply as connection facilitators for peer-to-peer traffic, though they are capable of handling through traffic themselves. It’s a beta service with a single server in the UK at the time of writing, though we’d expect both the number of servers and the offering to evolve over time.

We think this is a useful addition to the Pi offering, and we expect to see it used in all manner of inventive ways. Meanwhile it’s a while since we had a look at connecting to a headless Pi, but much of the information is still relevant.

Cybersecurity & cyberwarfare

2024-05-07 20:00:16

Z80s From the ’80s Had Futuristic Design

Ever heard of a Dutch company called Holborn (literally, born in Holland)? We hadn’t either, but [Bryan Lunduke] showed us these computers from the early 1980s, and we wondered if they might have appeared in some science fiction movies. They definitely look like something from a 1970s movie space station.

The company started out tiny and only lasted a few years. The Holborn 9100 looked like a minicomputer and, honestly, other than the terminal, looks more like an air conditioner or refrigerator. While it was a Z-80 system, it was clearly aimed at business. The processor ran at 3.5 MHz, there was 72K of RAM that could expand to 220 K — a whopping amount for the early ’80s. They also could accept loads of 8-inch floppies. It even had a light pen, which seems exotic today but was actually fairly common back then.

When we heard you could go to 220 K of memory, we assumed it used a version of CP/M or MP/M that understood bank switching. Nope. They developed their own multiuser operating system. The OS was totally in ROM, so finding out any details about it is difficult.

Their next computer was a cheaper version that only supported two terminals, the Holborn 7100. There were only 200 9100 systems sold (or at least, claimed to be sold), and presumably fewer of the stripped-down model.

By 1982, CP/M was rising, and the company realized that its OS was not catching on. That led to the Holborn 6100 which was a CP/M machine that could handle 192K of RAM. Same mod terminal, but a much smaller box that could pass for a floppy disk NAS today. They sold about 100 of these computers.

The next computer was to be the 6500, but the company filed for bankruptcy before any of them could be shipped. The bankruptcy proceedings revealed that the company had actually sold only 50 units of the 9100 and 7100 combined! They also had about $7 million in debt.

The post has lots of pictures, ads, and even an internal shot of one of the devices. You can imagine with 50 units in the wild, there is little left of the Holborn computers today. But if you happen to run across one, you should definitely rescue it!

Old computers are like actors. Some are remembered, and some are forgotten. Despite looking like a minicomputer, a typical mini of that era would have had a bitslice CPU, not a Z80.

Cybersecurity & cyberwarfare

2024-05-07 18:30:13

Bluepad32 Brings All the Controllers To Your MCU

As much as we enjoy spinning up our own solutions, there are times when you’ve got to look at what’s on the market and realize you might be out of your league. For example, take Bluetooth game controllers. Sure, you could make your own with a microcontroller, some buttons, and a couple joysticks. But between the major players like Microsoft, Nintendo, and Sony, as well as independent peripheral companies like 8BitDo, there’s some seriously impressive hardware out there that can be easily repurposed.

How, you ask? Well, Bluepad32 by [Ricardo Quesada] would be a great place to start. This Apache v2.0 licensed project allows you to easily interface with a wide array of commercially available BT controllers, and supports an impressive number of software and hardware platforms. Using the Arduino IDE on an ESP32? No problem. CircuitPython on the Pico W? Supported. There’s even example code provided for using it on Linux and Mac OS. Sorry Windows fans — perhaps there’s a sassy paperclip or sentient dog built into your OS that can instruct you further.
A few of the controllers supported by Bluepad32.
The nature of the Bluetooth Human Interface Device (HID) protocol means that, at least in theory, pretty much all modern devices should be supported by Bluepad32 automatically. But even still, it’s hard not to be impressed by the official controller compatibility list. There’s also separate lists for Bluetooth mice and keyboards that are known to work with the project.

While it’s somewhat unlikely to be a problem in this particular community, there is an unusual quirk to this project which we think should at least be mentioned. Although Bluepad32 itself is free and open source software (FOSS), it depends on the BTstack library, which in turn uses a more ambiguous licensing scheme. BTstack is “open” in the sense that you can see the source code and implement it in your own projects, but its custom license precludes commercial use. If you want to use BTstack (and by extension, Bluepad32) in a commercial product, you need to contact the developers and discuss terms.

License gotchas aside, Bluepad32 is definitely a project to keep in the back of your mind for the future. You can always build your own controller if you’re looking a challenge, but you’ll have a hell of a time beating the decades of testing and development Sony has put into theirs.

Cybersecurity & cyberwarfare

2024-05-07 17:00:37

The 2024 Business Card Challenge Starts Now

If you want to make circuits for a living, what better way to impress a future employer than to hand them a piece of your work to take home? But even if you’re just hacking for fun, you can still turn your calling into your calling card.

We are inviting you to submit your coolest business card hacks for us all to admire, and the top three entries will win a $150 DigiKey shopping spree. If your work can fit on a business card, create a project page for it over on Hackaday.io and enter it in the 2024 Business Card Contest. Share your tiny hacks!

To enter, create a project for your hacked business card over at Hackaday IO, and then enter it into the 2024 Business Card Challenge by selecting the pulldown on the left. It’s that easy.

Honorable Mentions

Since we always get more fantastic submissions than we have prizes, we love to recognize entries that stand out. These Honorable Mention categories to highlight those who rise to the challenge.

• Wafer Thin: A “normal” business card is about 1 mm thick. That’s a tough ask for a fully functional project, but let’s just say that for this category, there’s no such thing as too thin. Let’s see what you can do.
• Aesthetics: This category is for you artists out there. Squeeze the most beauty possible into a business card form factor.
• Madman Muntz: Paper business cards are insanely cheap to produce – custom electronics projects, not so much. But clever component choice and corner cutting can go a long way. For this category, we’d like to see how inexpensively you can get your cards made.
• Fun and Games: Nothing says “work” like a business card. Flip the script with a business card that’s a toy at heart.
• Utilitarian: Can you actually get something useful done within the size limits? How much functionality can you fit in your wallet?

More Inspiration

Need some inspiration? Check out these business card projects on Hackaday.

Maybe one of the first business card hacks that we ever featured was Hackaday alum [Ian Lesnet]’s How-To: Web Server On A Business Card. This one’s probably a history lesson today, because it was done in the days of slow microcontrollers with no inbuilt WiFi. Check out that Ethernet dongle attachment!

Flashing forward to the present, [Ryan Chan] designed a business card that, in addition to his contact information, also has a complete Tic-Tac-Toe game built in. [Beast Devices]’s smart business cards do away with the battery entirely by drawing their power from NFC, and are probably eminently hackable too, thanks to those sweet test points for programming.

[Michael Teeuw] designed these PCBs that sport small OLED screens to display contact info and even have a hidden easter egg. [Alex.puffer]’s card is classy and simple, and nobody out there needs to ask if he could have done it simply with a 555 timer.

Now it’s your turn. Head on over to Hackaday.io put your business card in the running. The contest runs between Tuesday, May 7, 2024 09:00 am PDT and Tuesday, July 2, 2024 09:00 am PDT, so get going.

Thanks again to DigiKey for sponsoring this contest with the $150 prizes!

Cybersecurity & cyberwarfare

2024-05-07 18:24:36

Un nuovo attacco contro praticamente tutte le app VPN neutralizza il loro intero scopo

La vulnerabilità TunnelVision esiste dal 2002 e potrebbe essere già nota agli aggressori.

TunnelVision, come i ricercatori hanno chiamato il loro attacco, nega in gran parte l'intero scopo e punto di forza delle VPN, ovvero incapsulare il traffico Internet in entrata e in uscita in un tunnel crittografato e mascherare l'indirizzo IP dell'utente. I ricercatori ritengono che colpisca tutte le applicazioni VPN quando sono connesse a una rete ostile e che non ci siano modi per prevenire tali attacchi tranne quando la VPN dell'utente funziona su Linux o Android. Hanno anche affermato che la loro tecnica di attacco potrebbe essere stata utilizzata fin dal 2002 e da allora potrebbe già essere stata scoperta e utilizzata in natura.

@Informatica (Italy e non Italy 😁)

Grazie a @:manjaro: Anon per la segnalazione

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

Ars Technica: Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision vulnerability has existed since 2002 and may already be known to attackers.

Cybersecurity & cyberwarfare

2024-05-07 15:30:43

256-Core RISC-V Megacluster

Supercomputers are always an impressive sight to behold, but also completely unobtainable for the ordinary person. But what if that wasn’t the case? [bitluni] shows us how it’s done with his 256-core RISC-V megacluster.

While the CH32V family of microcontrollers it’s based on aren’t nearly as powerful as what you’d traditionally find in a supercomputer, [bitluni] does use them to demonstrate a property of supercomputers: many, many cores doing the same task in parallel.

To recap our previous coverage, a single “supercluster” is made from 16 CH32V003 microcontrollers connected to each other with an 8-bit bus, with an LED on each and the remaining pins to an I/O expander. The megacluster is in turn made from 16 of these superclusters, which are put in pairs on 8 “blades” with a CH32V203 per square as a bridge between the supercluster and the main 8-bit bus of the megacluster, controlled by one last CH32V203.

[bitluni] goes into detail about designing PCBs that break KiCad, managing an overcrowded bus with 16 participants, culminating in a mesmerizing showcase of blinking LEDs showing that RC oscillators aren’t all that accurate.

https://www.youtube.com/embed/lh93FayWHqw?feature=oembed

Cybersecurity & cyberwarfare

2024-05-07 15:35:49

Usi software pirata? Che RedLine ti colga! Fate attenzione agli Infostealer!

Gli esperti di Kaspersky Lab riferiscono che lo scorso anno più della metà dei dispositivi attaccati dagli stealer nel mondo (55%) sono stati infettati dal malware RedLine. In totale, nel 2023, circa 10 milioni di sistemi sono stati colpiti dai ladri di informazioni e il numero di infezioni è aumentato del 35% dal 2022 al 2023.

I ricercatori ricordano che RedLine è attiva dal 2020.

Questo malware consente agli aggressori di rubare login, password, cookie, dati di carte bancarie e portafogli crittografici, nonché di scaricare ed eseguire programmi di terze parti. RedLine viene distribuito, tra le altre cose, tramite e-mail di spam e downloader di terze parti.

Complessivamente, nel periodo 2020-2023, RedLine è stata utilizzata nel 51% dei casi di infezione dei dispositivi da parte di ladri. Seguono Vidar (17%) e Raccoon (circa il 12%).

In totale, tra il 2020 e il 2023, gli esperti hanno scoperto più di 100 tipi di infostealer. Allo stesso tempo, dal 2021 al 2023, la quota di attacchi che utilizzano nuove famiglie di malware di questo tipo è aumentata dal 4% al 28%. Ad esempio, nel 2023, il solo ladro di Lumma ha rappresentato oltre il 6% delle infezioni.

Va notato che i dati raccolti dai ladri vengono solitamente venduti ad altri criminali sulla darknet, ma talvolta vengono anche pubblicati gratuitamente. In questo modo alcuni hacker criminali cercano di aumentare la propria reputazione nella comunità.

L'articolo Usi software pirata? Che RedLine ti colga! Fate attenzione agli Infostealer! proviene da il blog della sicurezza informatica.

The Pirate Post

2024-05-07 14:33:04

General Puropse AI Models can`t ignore copyright in the EU

Artificial intelligence has posed serious challenges to our understanding of copyright. General-purpose models are trained on massive amounts of text and images in order to produce tools that can answer to a vast array of prompts.

---

https://www.euractiv.com/section/artificial-intelligence/video/general-puropse-ai-models-cant-ignore-copyright-in-the-eu/

Cybersecurity & cyberwarfare

2024-05-07 14:39:37

European Parliament’s recruitment application compromised in data breach

The European Parliament sent on Monday (6 May) an internal notification to its staff, seen by Euractiv, about a data breach in the application PEOPLE, used for the recruitment of the institution's non-permanent staff.

---

https://www.euractiv.com/section/cybersecurity/news/european-parliaments-recruitment-application-compromised-in-data-breach/

Cybersecurity & cyberwarfare

2024-05-07 14:00:44

Supercon 2023: MakeItHackin Automates the Tindie Workflow

Selling your hardware hacks is a great way to multiply your project’s impact, get your creations into others’ hands, and contribute to your hacking-related budget while at it. If you’re good at it, your store begins to grow. From receiving a couple orders a year, to getting one almost every day – if you don’t optimize the process of mailing orders out, it might just start taking a toll on you.

That is not to say that you should worry – it’s merely a matter of optimization, and, now you have a veritable resource to refer to. At Supercon 2023, [MakeItHackin]/[Andrew] has graced us with his extensive experience scaling up your sales and making your shipping process as seamless as it could be. His experience is multifaceted, and he’s working with entire four platforms – Tindie, Lektronz, Etsy and Shopify, which makes his talk all that more valuable.

[MakeItHackin] tells us how he started out selling hardware, how his stores grew, and what pushed him to automate the shipping process to a formidable extent. Not just that – he’s developed a codebase for making the shipping experience as smooth as possible, and he’s sharing it all with us.

His research was initially prompted by Tindie, specifically, striving to make the shipping process seamless. If you go the straightforward way and use the Web UI to copy-paste the shipping data in your postal system, it’s going to take you a good few minutes, and it’s an error-prone process. This is fine for a couple orders a year, but when you’re processing dozens of orders at a time, it starts to add up. Plus, there’s a few issues – for instance, the invoices Tindie prints out, are not customizeable. As for Etsy, it is less than equipped for handling shipping at all, and you are expected to have your own system.

There are APIs, however – which is where automation can begin. The goal is simple – spending as little time as possible on shipping, and as much time as possible on designing hardware. He shows us a video with a simple demo – cutting down the shipping label creation time from a couple minutes, down to fourteen seconds. That alone is a veritable result, and, there’s more.

On the way there, he’s had to reverse-engineer a couple APIs. In the talk, you get a primer about APIs – how they work, differences between external and internal APIs, ways to tap into internal APIs and make them work your magic. APIs are one of the keys to having the shipping process run smoothly and quickly, and [MakeItHackin] teaches you everything, from managing cookies to using browser inspect element tools and Selenium.

Another key is having fun. [MakeItHackin] gives us another demo – an automated system that stays in your workshop, powered by a Raspberry Pi and assisted by an Arduino, which does the entire process from start to finish without human input, save for actually putting things into envelopes and taking them to the post office. Of course, the system is also equipped with flashing lights and sirens – there’s no chance you will miss an order arriving.

Then, he goes into customs and inventory management. Customs forms might require special information added to the label, which is all that much easier to do in an automated process completely under your control. As for inventory management, the API situation is a bit dire, but he’s looking into a centralized inventory synchronization system for all four platforms too.

The last part is about working with your customers as people. Prompt and personalized communication helps – some might be tempted to use “AI” chatbots, and [MakeItHackin] has tried, showing you that there are specific limitations. Also, careful with the temptation to have part of your shipping process be cloud-managed – that also means you’re susceptible to personal data storage-related risks, so it might be best to stay away from it.

In the end, we get a list of things to watch out for. For instance, don’t use your personal details on the envelope, whether it’s the “From” address or the phone number, getting substitute ones is well worth it to protect your privacy. On the practical side, using a label printer might turn out to be significantly cheaper than using an inkjet printer – remember, ink costs money, and, there’s a dozen more pieces of advice that any up-and-coming seller ought to know.

Of course, all this is but a sliver of the wealth of information that [MakeItHackin] shares in his talk, and we are overjoyed to have hosted it. If you’re looking to start selling your hardware, or perhaps you’re well on your way, find 45 minutes for this talk – it’s worth its metaphorical weight in gold.

https://www.youtube.com/embed/2MgV89PpWtw?feature=oembed

Cybersecurity & cyberwarfare

2024-05-07 12:26:04

Europol’s declaration against end-to-end encryption reignites debate, sparks privacy concerns

Europol's recent joint declaration with European police chiefs urges action against end-to-end encryption, citing concerns of possible justice obstruction, amid an ongoing debate about balancing data privacy with combating crime.

---

https://www.euractiv.com/section/law-enforcement/news/europols-declaration-against-end-to-end-encryption-reignites-debate-sparks-privacy-concerns/

Cybersecurity & cyberwarfare

2024-05-07 08:07:39

Addio alle Password: Microsoft Rivoluziona l’Accesso con Passkey

Non molto tempo fa, Microsoft ha annunciato il lancio di massa della funzionalità Passkey, che consente agli utenti di non utilizzare più le password per accedere agli account aziendali.

Nella sua pubblicazione ufficiale, l’azienda riferisce che gli utenti dei servizi Microsoft possono ora creare una passkey sui propri dispositivi e utilizzare un volto, un’impronta digitale, un PIN o una chiave di sicurezza per l’identificazione.

In precedenza, i clienti Microsoft potevano accedere ad app e siti utilizzando le chiavi di sicurezza FIDO, Windows Hello o l’app Microsoft Authenticator anziché una password. L’introduzione di Passkey, a sua volta, è il prossimo passo dell’azienda verso l’autenticazione senza password.

La tecnologia di accesso senza password di Passkey offre vantaggi in termini di sicurezza oltre a migliorare l’esperienza dell’utente. Microsoft definisce questo metodo di autenticazione “resistente al phishing” perché funziona in modo molto diverso dalle semplici password.

“Gli attacchi con password sono così popolari perché sono ancora efficaci. È dolorosamente ovvio che le password non fanno abbastanza per proteggere la nostra vita online. Non importa quanto lunga e complessa crei la tua password o quanto spesso la cambi, rappresenta comunque un rischio”, ha spiegato Microsoft.

Invece di un elemento vulnerabile sotto forma di password, la tecnologia Passkey utilizza due chiavi univoche contemporaneamente, formando una coppia crittografica. Una chiave è archiviata in modo sicuro sul tuo dispositivo, protetta dalla biometria dell’utente o dal PIN. Allo stesso tempo, l’altra chiave rimane nell’applicazione o nel sito. Poiché questa combinazione di tasti è unica, la passkey dell’utente funzionerà solo sul sito o sull’applicazione per cui è stata creata.

Il passaggio all’autenticazione senza password è una tendenza attuale tra le grandi aziende tecnologiche. Pertanto, Google ha recentemente riferito che oltre 400 milioni di account aziendali sono già passati all’autenticazione Passkey. Inutile dire che la popolarità di questa tecnologia non potrà che aumentare in futuro.

Nonostante gli evidenti vantaggi della nuova tecnologia sotto forma di maggiore sicurezza e comodità, i critici sostengono che le password tradizionali rimarranno ancora nelle nostre vite. L’anno scorso, un rapporto di Keeper Security ha dimostrato che, nonostante i notevoli rischi per la sicurezza, è probabile che la maggior parte delle organizzazioni continui a utilizzare le password.

Molto spesso, i nuovi metodi di autenticazione semplicemente non sono supportati dai servizi e dalle applicazioni legacy, costringendo i team di sicurezza ad abbandonare i progressi a favore del mantenimento della funzionalità della propria azienda.

L'articolo Addio alle Password: Microsoft Rivoluziona l’Accesso con Passkey proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-05-07 11:24:40

Mise, Guardia di Finanza e Ministero delle Infrastrutture presi di mira dal gruppo di hacktivisti filorussi di NoName057(16)

Gli hacker di NoName057(16) riavviano le loro attività ostili contro diversi obiettivi italiani, attraverso attacchi di Distributed Denial-of-Service (DDoS).

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private.

Questa volta a farne le spese sono i siti del Ministero delle imprese e del made in Italy (www.mise.gov.it) dei Concorsi della Guardia di Finanza (https://concorsi.gdf.gov.it/index.aspx) e del Ministero delle infrastrutture e dei trasporti (https://www.mit.gov.it/). Inoltre anche il sito della Presidente del Consiglio Giorgia Meloni (https://www.giorgiameloni.it/) è stato preso di mira dal gruppo di hacktivisti.

Hanno riportato all’interno del loro canale Telegram quanto segue:
Continuiamo il nostro viaggio attraverso l'Italia e mettiamo a tacere i dossiers di questo paese😈

❌ Il Ministero dello Sviluppo Economico italiano (morto sul ping)
check-host.net/check-report/190ecd82kad5

❌Il Ministero italiano delle Infrastrutture e dei Trasporti
check-host.net/check-report/190e4ee8k77f

Sottodominio della Polizia finanziaria
check-host.net/check-report/190e529dk37f

❌Il sito di Giorgia Meloni, capo del governo italiano, è inattivo e si limita a segnalare problemi tecnici.

Tradotto con DeepL.com (versione gratuita)

Che cos’è un attacco Distributed Denial of Service

Un attacco DDoS (Distributed Denial of Service) è un tipo di attacco informatico in cui vengono inviate una grande quantità di richieste a un server o a un sito web da molte macchine diverse contemporaneamente, al fine di sovraccaricare le risorse del server e renderlo inaccessibile ai suoi utenti legittimi.

Queste richieste possono essere inviate da un grande numero di dispositivi infetti da malware e controllati da un’organizzazione criminale, da una rete di computer compromessi chiamata botnet, o da altre fonti di traffico non legittime. L’obiettivo di un attacco DDoS è spesso quello di interrompere le attività online di un’organizzazione o di un’azienda, o di costringerla a pagare un riscatto per ripristinare l’accesso ai propri servizi online.

Gli attacchi DDoS possono causare danni significativi alle attività online di un’organizzazione, inclusi tempi di inattività prolungati, perdita di dati e danni reputazionali. Per proteggersi da questi attacchi, le organizzazioni possono adottare misure di sicurezza come la limitazione del traffico di rete proveniente da fonti sospette, l’utilizzo di servizi di protezione contro gli attacchi DDoS o la progettazione di sistemi resistenti agli attacchi DDoS.

Occorre precisare che gli attacchi di tipo DDoS, seppur provocano un disservizio temporaneo ai sistemi, non hanno impatti sulla Riservatezza e Integrità dei dati, ma solo sulla loro disponibilità. pertanto una volta concluso l’attacco DDoS, il sito riprende a funzionare esattamente come prima.

Che cos’è l’hacktivismo cibernetico

L’hacktivismo cibernetico è un movimento che si serve delle tecniche di hacking informatico per promuovere un messaggio politico o sociale. Gli hacktivisti usano le loro abilità informatiche per svolgere azioni online come l’accesso non autorizzato a siti web o a reti informatiche, la diffusione di informazioni riservate o il blocco dei servizi online di una determinata organizzazione.

L’obiettivo dell’hacktivismo cibernetico è di sensibilizzare l’opinione pubblica su questioni importanti come la libertà di espressione, la privacy, la libertà di accesso all’informazione o la lotta contro la censura online. Gli hacktivisti possono appartenere a gruppi organizzati o agire individualmente, ma in entrambi i casi utilizzano le loro competenze informatiche per creare un impatto sociale e politico.

È importante sottolineare che l’hacktivismo cibernetico non deve essere confuso con il cybercrime, ovvero la pratica di utilizzare le tecniche di hacking per scopi illeciti come il furto di dati personali o finanziari. Mentre il cybercrime è illegale, l’hacktivismo cibernetico può essere considerato legittimo se mira a portare all’attenzione pubblica questioni importanti e a favorire il dibattito democratico. Tuttavia, le azioni degli hacktivisti possono avere conseguenze legali e gli hacktivisti possono essere perseguiti per le loro azioni.

Chi sono gli hacktivisti di NoName057(16)

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private

Le informazioni sugli attacchi effettuati da NoName057(16) sono pubblicate nell’omonimo canale di messaggistica di Telegram. Secondo i media ucraini, il gruppo è anche coinvolto nell’invio di lettere di minaccia ai giornalisti ucraini. Gli hacker hanno guadagnato la loro popolarità durante una serie di massicci attacchi DDOS sui siti web lituani.

Le tecniche di attacco DDoS utilizzate dal gruppo sono miste, prediligendo la “Slow http attack”.

La tecnica del “Slow Http Attack”

L’attacco “Slow HTTP Attack” (l’articolo completo a questo link) è un tipo di attacco informatico che sfrutta una vulnerabilità dei server web. In questo tipo di attacco, l’attaccante invia molte richieste HTTP incomplete al server bersaglio, con lo scopo di tenere occupate le connessioni al server per un periodo prolungato e impedire l’accesso ai legittimi utenti del sito.

Nello specifico, l’attacco Slow HTTP sfrutta la modalità di funzionamento del protocollo HTTP, che prevede che una richiesta HTTP sia composta da tre parti: la richiesta, la risposta e il corpo del messaggio. L’attaccante invia molte richieste HTTP incomplete, in cui il corpo del messaggio viene inviato in modo molto lento o in modo incompleto, bloccando la connessione e impedendo al server di liberare le risorse necessarie per servire altre richieste.

Questo tipo di attacco è particolarmente difficile da rilevare e mitigare, poiché le richieste sembrano legittime, ma richiedono un tempo eccessivo per essere elaborate dal server. Gli attacchi Slow HTTP possono causare tempi di risposta molto lenti o tempi di inattività del server, rendendo impossibile l’accesso ai servizi online ospitati su quel sistema.

Per proteggersi da questi attacchi, le organizzazioni possono implementare soluzioni di sicurezza come l’uso di firewall applicativi (web application firewall o WAF), la limitazione delle connessioni al server e l’utilizzo di sistemi di rilevamento e mitigazione degli attacchi DDoS

L'articolo Mise, Guardia di Finanza e Ministero delle Infrastrutture presi di mira dal gruppo di hacktivisti filorussi di NoName057(16) proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-05-07 10:00:39

Exploits and vulnerabilities in Q1 2024

We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape. In this report, we present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by attackers. Additionally, we take a close look at several noteworthy vulnerabilities discovered in Q1 2024.

Statistics on registered vulnerabilities

To facilitate the management of vulnerabilities, vendors can register these and assign CVE identifiers. All identifiers and related public information are published on https://cve.mitre.org/feed/ (at the time of writing, the site is in the process of migrating to a new domain, https://www.cve.org/). Although vendors often fail to register vulnerabilities, and the CVE list cannot be considered exhaustive, it does allow us to track certain trends. We analyzed data on registered software vulnerabilities and compared their quantities over the past five years.

The number of newly registered CVEs, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only (download)

As the chart illustrates, the number of new vulnerabilities has been steadily increasing year over year. This can be attributed to several factors.

Firstly, the growing popularity of bug bounty platforms and vulnerability discovery competitions have provided a major impetus to research in the field. As a result, vulnerability discoveries have been on the rise. This also leads to more vendors registering the discovered vulnerabilities, resulting in a growing number of CVEs.

Secondly, companies developing popular software, operating systems, and programming languages are implementing more security solutions and new procedures that improve the performance of vulnerability monitoring in software. On the one hand, this leads to vulnerabilities being discovered more frequently; on the other, entire categories of vulnerabilities become obsolete. As a result, both threat actors and security researchers striving to stay ahead are actively searching for new types of vulnerabilities and creating automated services that allow for even more efficient detection.

Finally, new applications appear with time as existing ones get updates and become more complex, spawning new vulnerabilities. With the rapid pace of technological evolution, the number of discovered vulnerabilities is likely to continue to grow year after year.

It is important to note that different vulnerabilities pose different levels of security threats. In particular, some of them may be categorized as critical. We used the data in the list of registered CVEs and the results of internal reproducibility tests to calculate the share of critical vulnerabilities.

The number of newly registered CVEs and the percentage of critical CVEs in these, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only (download)

As the chart shows, the growth in the number of critical vulnerabilities has been intermittent. In 2021 and 2022, the share of critical vulnerabilities among the total number was comparable, but it increased during the periods from 2019 through 2021 and from 2022 through 2023. The year 2023 was notable for a record number of critical vulnerabilities discovered in software. The percentage of critical vulnerabilities in the total number of registered ones remained high in Q1 2024. This once again emphasizes the importance of proper patch management and the need for security solutions capable of preventing vulnerability exploitation.

Exploitation statistics

This section presents exploit statistics gathered from both public sources, such as registered CVEs, and our in-house telemetry.

An exploit is a program containing data or executable code that takes advantage of one or more software vulnerabilities on a local or remote computer for malicious purposes. Software vulnerabilities that allow attackers to gain control over the target user’s system are of the highest value to exploit developers.

Exploits can be created by malicious actors who sell their creations on underground forums or use them to their own ends. Additionally, enthusiasts, including participants of various bug bounty programs, develop exploits to stay ahead of adversaries and devise countermeasures.

A dark web buy ad for zero- and one-day exploits

Windows and Linux vulnerability exploitation

The charts below show the trends in the number of Linux and Windows users protected by Kaspersky products who encountered vulnerability exploits in 2023 and Q1 2024. The statistics are based on data from the Kaspersky Security Network, provided by our users voluntarily.

Changes in the number of Windows users who encountered exploits, Q1 2023 — Q1 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

Changes in the number of Linux users who encountered exploits, Q1 2023 — Q1 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

As the charts demonstrate, the number of Windows users who experienced vulnerability exploitation remained roughly unchanged throughout 2023, whereas the number of affected Linux users increased steadily. It’s important to note that this doesn’t necessarily involve the same vulnerabilities in both cases. Some vulnerabilities quickly become obsolete, prompting threat actors to shift their focus to newer ones.

Let’s illustrate the changes in the popularity of certain vulnerabilities using the example of the CVE-2023-28831 vulnerability in WinRAR.

The popularity dynamics of the CVE-2023-28831 vulnerability in WinRAR, September 2023 — March 2024 (download)

The chart reveals that the vulnerability was quite popular almost immediately after it was registered in September 2023 but then gradually declined in relevance as users installed patches. This is just further evidence that malicious actors tend to take an interest in vulnerabilities as long as the number of users who have installed a fix is relatively small.

Public exploit statistics

The availability of an exploit, especially when accessible on public platforms like GitHub, is a key criterion in assessing the criticality of a vulnerability. We analyzed data on publicly available exploits for registered vulnerabilities.

The number of vulnerabilities and the percentage of those that have an exploit, 2019 — 2024 (download)

The statistics reveal an increase in the total number of exploits, encompassing both ready for use and raw PoCs. The latter may be unstable but they demonstrate the possibility of exploiting the vulnerability and hold potential for future refinement. It’s worth noting that malicious actors seek both new exploits and modifications to existing ones, such as optimization for compatibility with multiple operating systems, integration of new data processing methods, and stability enhancements.

A dark web ad seeking an exploit for the CVE-2023-40477 vulnerability in WinRAR

A dark web ad seeking assistance in configuring a CVE-2023-28252 exploit for older Windows versions

Most prevalent exploits

We continuously monitor exploits published for various vulnerabilities, with a particular focus on critical ones. Our analysis of these exploits has allowed us to single out several categories of software that are of particular interest to malicious actors:

• Browsers;
• Operating systems (Windows, Linux, macOS);
• Microsoft Exchange servers and server components;
• Microsoft SharePoint servers and server components;
• The Microsoft Office suite;
• All other applications that fall outside the five categories above.

Let’s see which software categories had the most critical vulnerabilities with working exploits in 2023 and Q1 2024.

The distribution of exploits for critical vulnerabilities by platform, 2023 (download)

The distribution of exploits for critical vulnerabilities by platform, Q1 2024 (download)

The data indicates that the software categories most affected by critical vulnerabilities with working exploits are:

• Operating systems;
• Browsers.

However, in Q1 2024, we also observed a significant number of exploits targeting Exchange servers. Additionally, a substantial portion of exploits falls into the “other software” category. This is due to the variety of applications that users may have installed on their systems to handle business tasks.

Vulnerability exploitation in APT attacks

Exploiting software vulnerabilities is an integral component of nearly every APT attack targeting enterprise infrastructures. We analyzed available data on exploits used in APT attacks for 2023 and Q1 2024 to determine which software is most frequently exploited by attackers. Below are the vulnerabilities that APT groups leveraged the most in 2023 and Q1 2024.

The top 10 vulnerabilities exploited in APT attacks, 2023 (download)

The top 10 vulnerabilities exploited in APT attacks, Q1 2024 (download)

The statistics presented above indicate that popular entry points for malicious actors currently are:

• Vulnerable remote access services like Ivanti or ScreenConnect.
• Vulnerable access control features like Windows SmartScreen.
• Vulnerable office applications. Notably, exploits for the Microsoft Office suite, which long held the top of the most-exploited list, were superseded by a WinRAR vulnerability in 2023.

Therefore, we can conclude that APT groups mostly exploit vulnerabilities while gaining initial access to an infrastructure. In most cases, this involves either breaching the perimeter (for example, by exploiting vulnerable internet-facing services like VPNs and web applications) or exploiting office applications combined with social engineering (for example, by emailing infected documents or archives to company employees).

Notable Q1 2024 vulnerabilities

This section deals with the most interesting vulnerabilities registered in Q1 2024.

CVE-2024-3094 (XZ)

A backdoor was discovered within the XZ data compression utility package in late March. Attackers inserted malicious code into the source code of the library responsible for handling archived data. This code, through a modified build procedure, ended up in the compiled library. Upon loading such a library, the malicious code would begin modifying functions in memory that are exported by certain distributions for SSH server operation, enabling the attackers to send commands to the infected server.

The backdoor’s functionality is notable because the attackers managed to inject malicious algorithms into a popular library, a feat rarely accomplished in the history of open-source software. The attack also stands out for its complexity and the multi-stage infection process. No one but the author of the malicious code could have exploited the backdoor.

CVE-2024-20656 (Visual Studio)

This vulnerability in Visual Studio lets a malicious actor elevate their privileges in the system. An attacker can leverage it to execute a DACL reset attack on Windows. A DACL (Discretionary Access Control List) is an access control list that defines the level of access users have to perform specific operations on an object. Resetting a DACL removes all restrictions on accessing system files or directories, so any users can do whatever they wish to these. The vulnerability is intriguing due to its exploitation algorithm.

The exploit source code, which we analyzed, utilizes a method of redirecting the Visual Studio application debugging service from one directory to another through a symlink chain: DummyDir => Global\\GLOBALROOT\\RPC Control => TargetDir. Here, DummyDir is a publicly accessible directory created by the attacker, and TargetDir is the directory they want to gain access to. When the application debugging service is redirected from DummyDir to TargetDir, the latter inherits access settings identical to those of DummyDir.

This method of employing symlinks to perform selective actions on protected files is quite challenging to prevent, as not all files within a system can be write-protected. This implies that it could potentially be used to exploit other vulnerabilities in the future. If a file or dependency used by the targeted OS service is identified and its modification restrictions are removed, the user can simply overwrite this file or dependency after the exploit runs. Upon the next launch, the attacker-injected code will execute within the compromised service, inheriting the same access level as the service itself.

We are not currently aware of any cases of this vulnerability being leveraged in real-life attacks. However, it shares the same exploitation primitives with the CVE-2023-36874, which malicious actors began exploiting even before it was discovered.

CVE-2024-21626 (runc)

OS-level virtualization, or containerization, is widely employed today for application scaling and building fault-tolerant systems. Therefore, vulnerabilities within systems that manage containers are of critical importance.

The vulnerability in question owes its existence to certain behavior of the fork system call in the Linux kernel. This system call’s characteristic feature is the method by which it launches a child process, which is copied from the parent process.

This functionality allows for rapid application startup but also presents a risk that developers may not always consider. Process cloning implies that some data from the parent process may be accessible from the child process. If the application code fails to monitor such data, this can lead to a data disclosure vulnerability CWE-403 – Exposure of File Descriptor to Unintended Control Sphere, according to the CWE category system.

CVE-2024-21626 is a case in point. The Docker toolkit uses the runc tool to create and run containers; therefore, a running container acts as a child process relative to runc. If you try accessing /proc/self directory from that container, you can obtain descriptors for all files opened by the runc process. Navigation of accessible resources and descriptors in Linux follows file system rules. Hence, attackers quickly started using the relative path to interpreters accessible to the parent process to escape the container.

You can detect exploitation of this vulnerability by monitoring activity within a running container. The primary pattern observed during exploitation involves the container attempting to access the file system using the path:

/proc/self/cwd/../

CVE-2024-1708 (ScreenConnect)

ConnectWise ScreenConnect is a remote desktop access tool. It comprises client-side applications running on user systems and a server used for client management. The server hosts a web application that contains the vulnerability in question.

Access control is considered to be the most critical mechanism within web applications. It works only as long as every user-accessible function and parameter in the web application is monitored and validated before being used in the application’s algorithms. The request monitoring and control in ScreenConnect proved to be inadequate. An attacker could force the system to reset its settings by simply appending a “/” character to the original request URL like this: http://vuln.server/SetupWizard.aspx. As a result, the adversary could gain access to the system with administrator privileges and exploit the server for malicious purposes.

The vulnerability is being actively used by malicious actors. Therefore, we recommend that ScreenConnect users apply the patch released by the developers and configure firewall rules to restrict access to the server’s web interface.

CVE-2024-21412 (Windows Defender)

The primary objective of most attacks targeting user systems is the execution of malicious commands. Attackers aim to accomplish this task through various methods, but the most popular and reliable approach involves launching a malicious file. To minimize the risk of unauthorized application launches, Windows employs a mechanism known as the SmartScreen Filter. SmartScreen checks websites that the user visits and files downloaded from the internet. When the check starts, the user sees a lock screen.

Such a notification can prompt the user to reconsider whether they truly want to launch the application. Consequently, malicious actors are actively seeking ways to bypass this filter. CVE-2024-21412 represents one such method.

Deceiving the security mechanism relies on a simple principle: if SmartScreen checks files downloaded from the internet, just trick the filter into believing that the file was already in the system at the time of launch.

This can be achieved by interacting with a file stored in a network storage. In the vulnerability in question, the storage resides on a WebDAV server. The WebDAV protocol allows multiple users to simultaneously edit a file stored on the server, and Windows provides capabilities for automatic access to such storage. All that remains for attackers is to present the server to the system in the appropriate manner. For this purpose, they use the following file URL:
URL=file://ip_address@port/webdav/TEST.URL

CVE-2024-27198 (TeamCity)

This vulnerability in the web interface of the TeamCity continuous integration tool allows access to features that should be restricted to authenticated users. You can detect exploitation by analyzing the standard logs that TeamCity generates in its working directory. The malicious pattern appears as follows:

The improper handling of files with a blank name, as shown above, grants unauthorized attackers access to the server API.

Malicious actors leverage this vulnerability as a way of gaining initial access to targeted systems. For more efficient exploitation monitoring, we recommend auditing accounts with access to the web interface.

CVE-2023-38831 (WinRAR)

Although this vulnerability was discovered in 2023, we believe it warrants attention due to its popularity among malicious actors in both late 2023 and Q1 2024.

This is how it works: when attempting to open a file inside an archive using the WinRAR GUI, the application also opens the contents of a folder with the same name if such a folder exists in the archive.

Since attackers began exploiting the vulnerability, they have come up with several types of exploits that can have one of two formats:

• ZIP archives;
• RAR archives.

The variations in malware and existing archives make it impossible to determine definitively whether an archive is an exploit. However, we can identify key characteristics of an exploit:

• The archive contains files whose names match those of subdirectories.
• At least one file name contains a space before the extension.
• The archive must contain an executable located inside the subdirectory.

Here are examples of such files viewed in a hex editor. For a ZIP archive, the data looks like this:

For RAR files, like this:

Attackers have learned to conceal exploit artifacts by protecting the archive with a password. In such cases, file paths may be encrypted, so the only way to detect an exploit would be through behavior analysis.

Conclusions and advice

In recent times, we have observed a continuous year-over-year increase in the number of registered vulnerabilities, accompanied by a rise in the availability of public exploits. Vulnerability exploitation is a crucial component of targeted attacks, with malicious actors typically focused on leveraging vulnerabilities extensively within the first few weeks following their registration and exploit publication. To stay safe, it is essential to respond promptly to the evolving threat landscape. Also, make sure that you:

• Maintain a comprehensive understanding of your infrastructure and its assets, paying particular attention to the perimeter. Knowledge of your own infrastructure is a fundamental factor in establishing any security processes.
• Implement a robust patch management system to promptly identify vulnerable software within your infrastructure and deploy security patches. Our Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed solutions can assist you in this endeavor.
• Use comprehensive security solutions that enable you to build a flexible and efficient security system. This system should encompass robust endpoint protection, early detection and suppression of attacks regardless of their complexity, access to up-to-date data on global cyberattacks, and basic digital literacy training for your We recommend our Kaspersky NEXT suite of products for business protection as a solution that can be tailored to the needs and capabilities of any company size.

---

https://securelist.com/vulnerability-report-q1-2024/112554/

Cybersecurity & cyberwarfare

2024-05-07 11:00:46

Imperva Report Claims That 50% of the World Wide Web is Now Bots

Automation has been a part of the Internet since long before the appearance of the World Wide Web and the first web browsers, but it’s become a significantly larger part of total traffic the past decade. A recent report by cyber security services company Imperva pins the level of automated traffic (‘bots’) at roughly fifty percent of total traffic, with about 32% of all traffic attributed to ‘bad bots’, meaning automated traffic that crawls and scrapes content to e.g. train large language models (LLMs) and generate automated content as well as perform automated attacks on the countless APIs accessible on the internet.

According to Imperva, this is the fifth year of rising ‘bad bot’ traffic, with the 2023 report noting again a few percent increase. Meanwhile ‘good bot’ traffic also keeps increasing year over year, yet while these are not directly nefarious, many of these bots can throw off analytics and of course generate increased costs for especially smaller websites. Most worrisome are the automated attacks by the bad bots, which ranges from account takeover attempts to exploiting vulnerable web-based APIs. It’s not just Imperva who is making these claims, the idea that automated traffic will soon destroy the WWW has floated around since the late 2010s as the ‘Dead Internet theory‘.

Although the idea that the Internet will ‘die’ is probably overblown, the increase in automated traffic makes it increasingly harder to distinguish human-generated content and human commentators from fake content and accounts. This is worrisome due to how much of today’s opinions are formed and reinforced on e.g. ‘social media’ websites, while more and more comments, images and even videos are manipulated or machine-generated.

Cybersecurity & cyberwarfare

2024-05-07 10:46:15

Attacco informatico all’Università di Siena: una giornata di caos e di sfide

I dipendenti dell’Università di Siena si sono svegliati la mattina del 6 maggio con una sorpresa sgradevole: un attacco informatico ha messo in tilt la rete dell’ateneo, causando disagi e impedendo la comunicazione tra i dipendenti. Questo incidente non è isolato, ma si inserisce in un contesto internazionale di crescente preoccupazione per la sicurezza informatica.

L’attacco ha colpito repentinamente, con i dipendenti che hanno scoperto il problema appena hanno acceso i loro computer per iniziare la giornata lavorativa. I telefoni funzionavano, ma la rete interna era compromessa, rendendo impossibile la comunicazione efficace tra gli uffici dell’università. Le indagini hanno rivelato che si è trattato di un attacco perpetrato da un gruppo malintenzionati che hanno preso di mira l’infrastruttura informatica dell’ateneo.

I responsabili informatici dell’Università di Siena hanno reagito prontamente, comunicando l’attacco all’Agenzia per la Cybersicurezza nazionale e predisponendo denunce presso la polizia postale e l’autorità garante per la protezione dei dati personali. Tuttavia, recuperare la normalità potrebbe richiedere del tempo.

“L’infrastruttura di rete sarà ripristinata gradualmente e tornerà al suo normale funzionamento una volta assicurate le piene condizioni di sicurezza”, spiegano dall’ateneo. Nel frattempo, il sito internet dell’università è accessibile dall’esterno, ma la comunicazione interna resta compromessa.

È probabile che l’attacco abbia colpito in un momento di minore vigilanza, come spesso accade durante i fine settimana quando le postazioni sono meno sorvegliate. Il venerdì precedente tutto funzionava regolarmente, quindi è plausibile che l’attacco sia stato sferrato proprio durante il fine settimana.

La risposta dell’università è stata tempestiva: “Si è resa necessaria la chiusura della rete di Ateneo in entrata ed in uscita e l’avvio delle operazioni di verifica e di bonifica dell’integrità dell’infrastruttura, con la contemporanea valutazione degli eventuali danni arrecati”.

Non è la prima volta che un’istituzione pubblica viene presa di mira dagli hacker. Questi attacchi mettono in evidenza l’importanza di un’adeguata sicurezza informatica e della vigilanza costante per proteggere le reti e i dati sensibili.

L'articolo Attacco informatico all’Università di Siena: una giornata di caos e di sfide proviene da il blog della sicurezza informatica.

Cybersecurity & cyberwarfare

2024-05-07 12:30:17

Infrastruttura di rete dell’Università di Siena colpita da attacco informatico

@Informatica (Italy e non Italy 😁)

Dopo la comunicazione all’Agenzia per la Cybersicurezza Nazionale, sono state avviate le operazioni di verifica e di bonifica dell’integrità del sistema

Durante lo scorso fine settimana, l'Università di Siena ha subito un attacco alla propria infrastruttura di rete da parte di un gruppo di hacker internazionali. Nella mattinata di lunedì 6 maggio si è quindi resa necessaria la chiusura della rete di Ateneo in entrata e in uscita e l'avvio delle operazioni di verifica e di bonifica dell'integrità dell'infrastruttura, con la contemporanea valutazione degli eventuali danni arrecati.
I referenti informatici dell'Università hanno dato subito notizia dell'attacco all'Agenzia per la Cybersicurezza Nazionale, con cui sono in contatto continuo; stanno inoltre predisponendo gli atti per sporgere denuncia alla Polizia Postale e per la segnalazione all'Autorità Garante per la Protezione dei Dati Personali.

https://www.unisi.it/unisilife/notizie/infrastruttura-di-rete-colpita-da-attacco-hacker

Cybersecurity & cyberwarfare

2024-05-07 08:54:36

Influenza digitale: Gli Stati Uniti vegliano sui paesi in via di sviluppo per consentire loro prosperità

Il Dipartimento di Stato americano ha annunciato una nuova strategia di sicurezza informatica che mira a frenare l’influenza digitale russa e cinese nei paesi in via di sviluppo e contrastare i loro tentativi di interferire nelle elezioni. La strategia è stata svelata lunedì e presentata alla conferenza RSA di San Francisco, uno dei forum tecnologici più grandi del mondo.

Secondo Nate Fick, capo diplomatico informatico del Dipartimento di Stato, “Gli Stati Uniti scoprono continuamente le attività di hacker e propagandisti che cercano di minare la fiducia nella democrazia in diversi paesi”.

La strategia del Dipartimento di Stato getta le basi per la cooperazione con i paesi in via di sviluppo offrendo una “visione affermativa” del cyberspazio che rifiuta qualsiasi interferenza digitale. Si basa su decenni di sforzi degli Stati Uniti per persuadere i suoi alleati e partner a non utilizzare le principali tecnologie di comunicazione e software prodotti in paesi autoritari.

Antony Blinken, Segretario di Stato americano, ha sottolineato nel suo discorso che le economie e le democrazie dei diversi paesi hanno bisogno della sicurezza informatica per prosperare. Ha osservato che attacchi ransomware catastrofici potrebbero paralizzare le economie e che i governi potrebbero utilizzare programmi per arrestare i dissidenti.

Ad esempio, la Costa Rica, alleato degli Stati Uniti, ha subito un devastante attacco ransomware nel 2022. In risposta, gli Stati Uniti hanno fornito 25 milioni di dollari per aiutare a riprendersi dall’attacco, che ha colpito le agenzie finanziarie e di assistenza sociale del governo costaricano. Il Paese ha poi seguito il consiglio degli Stati Uniti e ha rifiutato di utilizzare la tecnologia cinese nelle sue reti mobili 5G, cosa che ha fatto arrabbiare Pechino.

Allo stesso tempo, come ha riconosciuto Blinken, le società di telecomunicazioni cinesi come Huawei continuano a dominare alcuni mercati, aumentando la concorrenza con i fornitori di stati autoritari nelle tecnologie di cloud computing.

L'articolo Influenza digitale: Gli Stati Uniti vegliano sui paesi in via di sviluppo per consentire loro prosperità proviene da il blog della sicurezza informatica.