Colao, Immuni per passaporto vaccinale? Un riciclo che sa di sconfitta
Il Ministro per l’Innovazione Tecnologica e la Transizione Digitale per la prima volta – ieri in audizione – parla dell’App italiana per il contact tracing, ne ammette i limiti (il modesto successo di pubblico) e ne propone un rilancio appunto come passaporto vaccinale, con tamponi fatti e forse certificazione del vaccino.
https://www.agendadigitale.eu/sanita/colao-immuni-per-passaporto-vaccinale-un-riciclo-che-sa-di-sconfitta/
Il Ministro per l’Innovazione Tecnologica e la Transizione Digitale per la prima volta – ieri in audizione – parla dell’App italiana per il contact tracing, ne ammette i limiti (il modesto successo di pubblico) e ne propone un rilancio appunto come passaporto vaccinale, con tamponi fatti e forse certificazione del vaccino.
https://www.agendadigitale.eu/sanita/colao-immuni-per-passaporto-vaccinale-un-riciclo-che-sa-di-sconfitta/
Agenda Digitale
Colao, Immuni per passaporto vaccinale? Un riciclo che sa di sconfitta | Agenda Digitale
Il Ministro per l’Innovazione Tecnologica e la Transizione Digitale Vittorio Colao per la prima volta - ieri in audizione - parla dell’App italiana per il contact tracing, riconosce il flop e annuncia l'ipotesi riutilizzo per passaporto. Che delusione. Si…
Pericolosa campagna Flubot veicolata anche in Italia via SMS prende di mira i dispositivi Android
In questi giorni il CERT-AGID ha rilevato una campagna malware per dispositivi Android che utilizza SMS per veicolare Flublot 3.9. FluBot è un malware già diffuso al di fuori dall’Italia, in particolare in Spagna, Germania e Ungheria. Il giorno dopo la prima rilevazione della campagna italiana, grazie anche alla collaborazione con il ricercatore di sicurezza [...]
by CERT-AgID - https://cert-agid.gov.it/news/campagna-flubot-veicolata-anche-in-italia-via-sms-prende-di-mira-i-dispositivi-android/
In questi giorni il CERT-AGID ha rilevato una campagna malware per dispositivi Android che utilizza SMS per veicolare Flublot 3.9. FluBot è un malware già diffuso al di fuori dall’Italia, in particolare in Spagna, Germania e Ungheria. Il giorno dopo la prima rilevazione della campagna italiana, grazie anche alla collaborazione con il ricercatore di sicurezza [...]
by CERT-AgID - https://cert-agid.gov.it/news/campagna-flubot-veicolata-anche-in-italia-via-sms-prende-di-mira-i-dispositivi-android/
CERT-AGID
Pericolosa campagna Flu bot veicolata anche in Italia via SMS prende di mira i dispositivi Android
100 million more IoT devices are exposed—and they won’t be the last
Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the Internet. The vulnerabilities, present in operating systems like the open source project FreeBSD, as well as Nucleus NET from the industrial control firm Siemens, all relate to how these stacks implement the “Domain Name System” Internet phone book.
https://arstechnica.com/information-technology/2021/04/100-million-more-iot-devices-are-exposed-and-they-wont-be-the-last/
Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the Internet. The vulnerabilities, present in operating systems like the open source project FreeBSD, as well as Nucleus NET from the industrial control firm Siemens, all relate to how these stacks implement the “Domain Name System” Internet phone book.
https://arstechnica.com/information-technology/2021/04/100-million-more-iot-devices-are-exposed-and-they-wont-be-the-last/
Ars Technica
100 million more IoT devices are exposed—and they won’t be the last
Name:Wreck flaws in TCP/IP have global implications.
La gestione dei rifiuti nucleari in Italia è una sequenza di errori
sioning degli ex impianti nucleari sarebbe costato dagli 8 ai 10 milioni di euro in più per sito. A mettere in fila per l’ennesima volta la sequenza di errori è la relazione, fresca di approvazione, della commissione bicamerale di inchiesta sulle attività illecite connesse al ciclo dei rifiuti (Ecomafie, relatori Stefano Vignaroli e Pietro Lorefice del Movimento 5 Stelle e Rossella Muroni di Facciamo Eco), che ha fatto il punto sul dossier nucleare. E i risultati sono sconfortanti.
https://www.wired.it/attualita/ambiente/2021/03/30/nucleare-italia-rifiuti-deposito-nazionale-errori/
sioning degli ex impianti nucleari sarebbe costato dagli 8 ai 10 milioni di euro in più per sito. A mettere in fila per l’ennesima volta la sequenza di errori è la relazione, fresca di approvazione, della commissione bicamerale di inchiesta sulle attività illecite connesse al ciclo dei rifiuti (Ecomafie, relatori Stefano Vignaroli e Pietro Lorefice del Movimento 5 Stelle e Rossella Muroni di Facciamo Eco), che ha fatto il punto sul dossier nucleare. E i risultati sono sconfortanti.
https://www.wired.it/attualita/ambiente/2021/03/30/nucleare-italia-rifiuti-deposito-nazionale-errori/
WIRED.IT
La gestione dei rifiuti nucleari in Italia è una sequenza di errori
Dai ritardi nella scelta del deposito nazionale ai colli di bottiglia burocratici, fino ai sistemi di controlli mai usati alle frontiere: l'analisi impietosa della commissione Ecomafie
WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device.
"we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in External Storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions.” reads the analysis of researchers from Census Labs which reported one of the two issues (CVE-2021-24027). “With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise [05] protocol keys used for end-to-end encryption in user communications."
https://securityaffairs.co/wordpress/116833/hacking/whatsapp-flaws-remote-hack.html
"we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in External Storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions.” reads the analysis of researchers from Census Labs which reported one of the two issues (CVE-2021-24027). “With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise [05] protocol keys used for end-to-end encryption in user communications."
https://securityaffairs.co/wordpress/116833/hacking/whatsapp-flaws-remote-hack.html
Security Affairs
WhatsApp flaws could have allowed hackers to hack mobile devices
WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim's device.
A Casino Gets Hacked Through a Fish-Tank Thermometer
Maybe you've heard of IoT, but in case you haven't it's easily explained. It’s all about dumb, inanimate objects. And no, I’m not talking about members of Congress. These are elevators, engines, machinery, trucks, phones, sprinkler systems, inventory and, yes, even fish-tank thermometers. These objects are being equipped with sensors and then connected back to networks, databases and communication systems. So much so that by 2025 some analysts predict that there will be as many as 31 billion connected devices worldwide.
https://www.entrepreneur.com/article/368943
Maybe you've heard of IoT, but in case you haven't it's easily explained. It’s all about dumb, inanimate objects. And no, I’m not talking about members of Congress. These are elevators, engines, machinery, trucks, phones, sprinkler systems, inventory and, yes, even fish-tank thermometers. These objects are being equipped with sensors and then connected back to networks, databases and communication systems. So much so that by 2025 some analysts predict that there will be as many as 31 billion connected devices worldwide.
https://www.entrepreneur.com/article/368943
Entrepreneur
A Casino Gets Hacked Through a Fish-Tank Thermometer
Are your fish tanks secure?
Apple and Google block NHS COVID-19 app update
Apple and Google have blocked a new update to the NHS COVID-19 app on iOS and Android because it breaks rules about collecting location data.
The new update to the contact-tracing app, which garnered much publicity last year due to its development back-and-forths, delayed launch, and ‘software glitches’, would have asked users to upload venue check-ins, thereby sharing location data.
https://www.itpro.co.uk/security/privacy/359180/apple-and-google-block-new-nhs-covid-19-app-update
Apple and Google have blocked a new update to the NHS COVID-19 app on iOS and Android because it breaks rules about collecting location data.
The new update to the contact-tracing app, which garnered much publicity last year due to its development back-and-forths, delayed launch, and ‘software glitches’, would have asked users to upload venue check-ins, thereby sharing location data.
https://www.itpro.co.uk/security/privacy/359180/apple-and-google-block-new-nhs-covid-19-app-update
IT PRO
Apple and Google block NHS COVID-19 app update | IT PRO
The update breached the tech giant's rules about collecting and sharing location data
Renault, pilote du projet Software République
Su iniziativa di Renault, il gigante automobilistico sta unendo le forze con quattro aziende tecnologiche francesi per creare Software Republic, un nuovo ecosistema europeo per condividere il loro know-how nei campi della cybersecurity, dei big data e dell'intelligenza artificiale.
https://linformaticien.com/renault-pilote-du-projet-software-republique/
Su iniziativa di Renault, il gigante automobilistico sta unendo le forze con quattro aziende tecnologiche francesi per creare Software Republic, un nuovo ecosistema europeo per condividere il loro know-how nei campi della cybersecurity, dei big data e dell'intelligenza artificiale.
https://linformaticien.com/renault-pilote-du-projet-software-republique/
L'1FO Tech par L'Informaticien
Renault, pilote du projet Software République - L'1FO Tech par L'Informaticien
A l’initiative de Renault, le géant automobile s’associe avec quatre entreprises de la Tech française autour de Software République, un nouvel écosystème européen pour partager leur savoir-faire autour des thèmes […]
Rapporto OCSE: l’efficienza della Pa è la chiave per la ripresa dell’Italia
Many of Italy’s structural challenges -the significant divides across regions, age, gender and productivity, as well as high levels of public debt -have been compounded by the COVID-19 crisis. The key priority for the recovery is to enhance the public administration's effectiveness. This should include, in particular, public investment governance and improved co-ordination and implementation across different levels of government. This will be essential to effective utilisation of the funds available from the European Recovery and Resilience Facility (RRF) and realising the benefits of structural reforms.
http://www.funzionepubblica.gov.it/articolo/ministro/14-04-2021/ocse-all%E2%80%99italia-%E2%80%9Ccrisi-rischia-di-aggravare-disuguaglianze%E2%80%9D
Many of Italy’s structural challenges -the significant divides across regions, age, gender and productivity, as well as high levels of public debt -have been compounded by the COVID-19 crisis. The key priority for the recovery is to enhance the public administration's effectiveness. This should include, in particular, public investment governance and improved co-ordination and implementation across different levels of government. This will be essential to effective utilisation of the funds available from the European Recovery and Resilience Facility (RRF) and realising the benefits of structural reforms.
http://www.funzionepubblica.gov.it/articolo/ministro/14-04-2021/ocse-all%E2%80%99italia-%E2%80%9Ccrisi-rischia-di-aggravare-disuguaglianze%E2%80%9D
Ministro per la Pubblica Amministrazione
Rapporto OCSE: l’efficienza della Pa è la chiave per la ripresa
Il ministro Brunetta: riforme urgenti, non ci sono più alibi
Backdoor nascosta nelle copie pirata di Office e Photoshop CC
Attenzione all’uso di software pirata, perché possono nascondere pericolose backdoor di accesso per i cyber criminali: Bitdefender ne ha scoperto la pericolosa dinamica nei due software Microsoft Office e Adobe Photoshop CC disponibili in versioni “crackate” (non autorizzate), disponibili fin dal 2018.
https://www.cybersecurity360.it/nuove-minacce/backdoor-nascosta-nelle-copie-pirata-di-office-e-photoshop-cc-tutti-i-dettagli/
Attenzione all’uso di software pirata, perché possono nascondere pericolose backdoor di accesso per i cyber criminali: Bitdefender ne ha scoperto la pericolosa dinamica nei due software Microsoft Office e Adobe Photoshop CC disponibili in versioni “crackate” (non autorizzate), disponibili fin dal 2018.
https://www.cybersecurity360.it/nuove-minacce/backdoor-nascosta-nelle-copie-pirata-di-office-e-photoshop-cc-tutti-i-dettagli/
Cyber Security 360
Backdoor nascosta nelle copie pirata di Office e Photoshop CC: tutti i dettagli
È stata individuata una pericolosa backdoor nelle copie pirata di Microsoft Office e Adobe Photoshop CC: una volta attiva, consente ai cyber criminali di compromettere computer, dirottare portafogli di criptovaluta ed esfiltrare informazioni riservate. Tutto…
AMD Warns Customers About Radeon RX 580 Recall Scam In China
Chinese dealers used a fake letter that looked as if it had come from AMD and XFX to get users to return their cards because of instability issues that arose from a manufacturing defect. These issues don't exist and most informed people know that the Radeon RX 580 was discontinued some time ago, but the casual customer may not know that. These dealers are exchanging the AMD Radeon RX 580 4GB and Radeon RX 580 8GB with a GeForce GTX 1050 Ti and GeForce GTX 1060 3GB, respectively.
https://wccftech.com/amd-warns-customers-about-radeon-rx-580-recall-scam-in-china/
Chinese dealers used a fake letter that looked as if it had come from AMD and XFX to get users to return their cards because of instability issues that arose from a manufacturing defect. These issues don't exist and most informed people know that the Radeon RX 580 was discontinued some time ago, but the casual customer may not know that. These dealers are exchanging the AMD Radeon RX 580 4GB and Radeon RX 580 8GB with a GeForce GTX 1050 Ti and GeForce GTX 1060 3GB, respectively.
https://wccftech.com/amd-warns-customers-about-radeon-rx-580-recall-scam-in-china/
Wccftech
AMD Warns Customers About Radeon RX 580 Recall Scam In China
Merchants posed as AMD and XFX to issue a fake recall in order to get owners of the Radeon RX 580 to return them for the GeForce equivalent.
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks
NSA encourages its customers to mitigate against the following publicly known vulnerabilities:
CVE-2018-13379 Fortinet FortiGate VPN
CVE-2019-9670 Synacor Zimbra Collaboration Suite
CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
CVE-2019-19781 Citrix Application Delivery Controller and Gateway
CVE-2020-4006 VMware Workspace ONE Access
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
NSA encourages its customers to mitigate against the following publicly known vulnerabilities:
CVE-2018-13379 Fortinet FortiGate VPN
CVE-2019-9670 Synacor Zimbra Collaboration Suite
CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
CVE-2019-19781 Citrix Application Delivery Controller and Gateway
CVE-2020-4006 VMware Workspace ONE Access
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Data Brokers Are a Threat to Democracy
Data brokerage is a threat to democracy. Without robust national privacy safeguards, entire databases of citizen information are ready for purchase, whether to predatory loan companies, law enforcement agencies, or even malicious foreign actors. Federal privacy bills that don’t give sufficient attention to data brokerage will therefore fail to tackle an enormous portion of the data surveillance economy, and will leave civil rights, national security, and public-private boundaries vulnerable in the process.
https://www.wired.com/story/opinion-data-brokers-are-a-threat-to-democracy/
Data brokerage is a threat to democracy. Without robust national privacy safeguards, entire databases of citizen information are ready for purchase, whether to predatory loan companies, law enforcement agencies, or even malicious foreign actors. Federal privacy bills that don’t give sufficient attention to data brokerage will therefore fail to tackle an enormous portion of the data surveillance economy, and will leave civil rights, national security, and public-private boundaries vulnerable in the process.
https://www.wired.com/story/opinion-data-brokers-are-a-threat-to-democracy/
WIRED
Data Brokers Are a Threat to Democracy
Unless the federal government steps up, the unchecked middlemen of surveillance capitalism will continue to harm our civil rights and national security.
The EU is considering a ban on AI for mass surveillance and social credit scores
The European Union is considering banning the use of artificial intelligence for a number of purposes, including mass surveillance and social credit scores. This is according to a leaked proposal that is circulating online, first reported by Politico, ahead of an official announcement expected next week.
https://www.theverge.com/2021/4/14/22383301/eu-ai-regulation-draft-leak-surveillance-social-credit
The European Union is considering banning the use of artificial intelligence for a number of purposes, including mass surveillance and social credit scores. This is according to a leaked proposal that is circulating online, first reported by Politico, ahead of an official announcement expected next week.
https://www.theverge.com/2021/4/14/22383301/eu-ai-regulation-draft-leak-surveillance-social-credit
The Verge
The EU is considering a ban on AI for mass surveillance and social credit scores
GDPR, but for AI.
Rivoluzione cyber? Servono tre attori, ecco quali. Scrivono De Nicola e Prinetto
In questo contesto riteniamo siano ben tre le realtà da prendere in considerazione nella realizzazione della futura architettura nazionale: tre realtà in linea di principio diverse, ciascuna con una sua peculiarità e un suo ruolo distinto e preciso, e più specificamente: Agenzia per la cybersecurity; Centro italiano di cybersecurity; Istituto italiano di ricerca in cybersecurity.
https://formiche.net/2021/04/nuova-architettura-cyber-de-nicola-prinetto/
In questo contesto riteniamo siano ben tre le realtà da prendere in considerazione nella realizzazione della futura architettura nazionale: tre realtà in linea di principio diverse, ciascuna con una sua peculiarità e un suo ruolo distinto e preciso, e più specificamente: Agenzia per la cybersecurity; Centro italiano di cybersecurity; Istituto italiano di ricerca in cybersecurity.
https://formiche.net/2021/04/nuova-architettura-cyber-de-nicola-prinetto/
Formiche.net
Rivoluzione cyber? Servono tre attori, ecco quali. Scrivono De Nicola e Prinetto - Formiche.net
Un’Agenzia, un Centro e un Istituto di ricerca. La proposta di nuova architettura cyber di Rocco De Nicola e Paolo Prinetto
Am I FLoCed?
Google is running a Chrome "origin trial" to test out an experimental new tracking feature called Federated Learning of Cohorts (aka "FLoC"). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States. This page will try to detect whether you've been made a guinea pig in Google's ad-tech experiment.
https://amifloced.org/
Google is running a Chrome "origin trial" to test out an experimental new tracking feature called Federated Learning of Cohorts (aka "FLoC"). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States. This page will try to detect whether you've been made a guinea pig in Google's ad-tech experiment.
https://amifloced.org/
Am I FLoCed?
This page will check whether Google Chrome's experimental new ad-targeting technology is enabled in your browser.
Lo scontro Viminale-Garante della privacy sul riconoscimento facciale in tempo reale
Mentre in tutto il mondo si discute dei rischi etici del riconoscimento facciale, della necessità di sospendere queste tecnologie fino a quando non saranno correttamente regolate, o persino di introdurre dei divieti totali al loro utilizzo, la Direzione Centrale Anticrimine della Polizia di Stato ha invece l’esigenza di potenziare le due componenti del Sistema Automatico Riconoscimento Immagini (SARI) acquistato nel 2017: SARI Enterprise e SARI Real-Time
https://irpimedia.irpi.eu/viminale-garante-privacy-riconoscimento-facciale-in-tempo-reale/
Mentre in tutto il mondo si discute dei rischi etici del riconoscimento facciale, della necessità di sospendere queste tecnologie fino a quando non saranno correttamente regolate, o persino di introdurre dei divieti totali al loro utilizzo, la Direzione Centrale Anticrimine della Polizia di Stato ha invece l’esigenza di potenziare le due componenti del Sistema Automatico Riconoscimento Immagini (SARI) acquistato nel 2017: SARI Enterprise e SARI Real-Time
https://irpimedia.irpi.eu/viminale-garante-privacy-riconoscimento-facciale-in-tempo-reale/
IrpiMedia
Lo scontro Viminale-Garante della privacy sul riconoscimento facciale in tempo reale
Finanziato dall’Europa, il sistema SARI dovrebbe monitorare le operazioni di sbarco e tutte le varie attività correlate. In altri Stati questa tecnologia è stata già giudicata illegale
Sintesi riepilogativa delle campagne malevole nella settimana 10-16 aprile 2021
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 28 campagne malevole attive, di cui 1 generica veicolata anche in Italia e 27 con obiettivi italiani, mettendo così a disposizione dei suoi enti accreditati i relativi 498 indicatori di compromissione (IOC) individuati.
by CERT-AgID - https://cert-agid.gov.it/news/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-10-16-aprile-2021/
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 28 campagne malevole attive, di cui 1 generica veicolata anche in Italia e 27 con obiettivi italiani, mettendo così a disposizione dei suoi enti accreditati i relativi 498 indicatori di compromissione (IOC) individuati.
by CERT-AgID - https://cert-agid.gov.it/news/sintesi-riepilogativa-delle-campagne-malevole-nella-settimana-10-16-aprile-2021/
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana 10-16 aprile 2021
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 28 campagne malevole attive, di cui 1 generica veicolata anche in Italia e 27 con obiettivi italiani, mettendo così a disposizione dei…