PowerDecode: a PowerShell Script Decoder Dedicated to Malware Analysis

In recent years, PowerShell-based attacks have been widely employed to compromise systems’ security. Attackers can easily hide such malicious scripts in file formats (e.g., Office document macros) that can be easily delivered via large-scale spam mail campaigns. Moreover, attackers employ obfuscation techniques that make the PowerShell code able to evade the most common anti-malware protections and perform unauthorized actions that will target the confidentiality, integrity and availability of an information system. In this paper, we present PowerDecode, an open-source module for the de-obfuscation and the analysis of PowerShell scripts. In particular, this module receives a script as an input and returns its obfuscated layers, its original de-obfuscated variant and a report about possible malicious activities. We tested PowerDecode on almost 3000 malicious scripts and the attained results showed significantly improved de-obfuscation performances in comparison to state-of-the-art systems. More specifically, PowerDecode was able to resolve multiple types of obfuscation and collect important information about attacks, such as malicious URLs and IP addresses contacted by malware. Finally, PowerDecode can be easily integrated in other malware analysis systems, and can represent a precious aid to identify malicious activities

Sparse Vicious Attacks on Graph Neural Networks

Graph Neural Networks (GNNs) have proven to be successful in several predictive modeling tasks for graph-structured data. Amongst those tasks, link prediction is one of the fundamental problems for many real-world applications, such as recommender systems. However, GNNs are not immune to adversarial attacks, i.e., carefully crafted malicious examples that are designed to fool the predictive model. In this work, we focus on a specific, white-box attack to GNN-based link prediction models, where a malicious node aims to appear in the list of recommended nodes for a given target victim. To achieve this goal, the attacker node may also count on the cooperation of other existing peers that it directly controls, namely on the ability to inject a number of ``vicious'' nodes in the network. Specifically, all these malicious nodes can add new edges or remove existing ones, thereby perturbing the original graph. Thus, we propose SAVAGE, a novel framework and a method to mount this type of link prediction attacks. SAVAGE formulates the adversary's goal as an optimization task, striking the balance between the effectiveness of the attack and the sparsity of malicious resources required. Extensive experiments conducted on real-world and synthetic datasets demonstrate that adversarial attacks implemented through SAVAGE indeed achieve high attack success rate yet using a small amount of vicious nodes. Finally, despite those attacks require full knowledge of the target model, we show that they are successfully transferable to other black-box methods for link prediction

Recurrent exercise-induced acute renal failure in a young Pakistani man with severe renal hypouricemia and SLC2A9 compound heterozygosity.

BACKGROUND: Familial renal hypouricemia (RHUC) is a hereditary disease characterized by hypouricemia, high renal fractional excretion of uric acid (FE-UA) and can be complicated by acute kidney failure and nephrolithiasis. Loss-of-function mutations in the SLC22A12 gene cause renal hypouricemia type 1 (RHUC1), whereas renal hypouricemia type 2 (RHUC2) is caused by mutations in the SLC2A9 gene. CASE PRESENTATION: We describe a 24-year-old Pakistani man who was admitted twice to our hospital for severe exercise-induced acute renal failure (EIARF), abdominal pain and fever; he had very low serum UA levels (0.2 mg/dl the first time and 0.09 mg/dl the second time) and high FE-UA (200% and 732% respectively), suggestive of RHUC. Mutational analyses of both urate transporters revealed a new compound heterozygosity for two distinct missense mutations in the SLC2A9 gene: p.Arg380Trp, already identified in heterozygosity, and p.Gly216Arg, previously found in homozygosity or compound heterozygosity in some RHUC2 patients. Compared with previously reported patients harbouring these mutations, our proband showed the highest FE-UA levels, suggesting that the combination of p.Arg380Trp and p.Gly216Arg mutations most severely affects the renal handling of UA. CONCLUSIONS: The clinical and molecular findings from this patient and a review of the literature provide new insights into the genotype-phenotype correlation of this disorder, supporting the evidence of an autosomal recessive inheritance pattern for RHUC2. Further investigations into the functional properties of GLUT9, URAT1 and other urate transporters are required to assess their potential research and clinical implications

New national and regional Annex I Habitat records: from #45 to #59

New Italian data on the distribution of Annex I Habitats are reported in this contribution. Specifically, 8 new occurrences in Natura 2000 sites are presented and 27 new cells are added in the EEA 10 km × 10 km reference grid. The new data refer to the Italian administrative regions of Apulia, Campania, Calabria, Lazio, Tuscany, Umbria, Sardinia, and Sicily

Notulae to the Italian flora of algae, bryophytes, fungi and lichens: 12

In this contribution, new data concerning bryophytes, fungi and lichens of the Italian flora are presented. It includes new records, confirmations or exclusions for the bryophyte genera Acaulon, Campylopus, Entosthodon, Homomallium, Pseudohygrohypnum, and Thuidium, the fungal genera Entoloma, Cortinarius, Mycenella, Oxyporus, and Psathyrella and the lichen genera Anaptychia, Athallia, Baeomyces, Bagliettoa, Calicium, Nephroma, Pectenia, Phaeophyscia, Polyblastia, Protoparmeliopsis, Pyrenula, Ramalina, and Sanguineodiscus

Notulae to the Italian native vascular flora: 8

In this contribution, new data concerning the distribution of native vascular flora in Italy are presented. It includes new records, confirmations, exclusions, and status changes to the Italian administrative regions for taxa in the genera Ajuga, Chamaemelum, Clematis, Convolvulus, Cytisus, Deschampsia, Eleocharis, Epipactis, Euphorbia, Groenlandia, Hedera, Hieracium, Hydrocharis, Jacobaea, Juncus, Klasea, Lagurus, Leersia, Linum, Nerium, Onopordum, Persicaria, Phlomis, Polypogon, Potamogeton, Securigera, Sedum, Soleirolia, Stachys, Umbilicus, Valerianella, and Vinca. Nomenclatural and distribution updates, published elsewhere, and corrigenda are provided as Suppl. material 1

Notulae to the Italian native vascular flora: 6

In this contribution, new data concerning the distribution of native vascular flora in Italy are presented. It includes new records, confirmations and status changes to the Italian administrative regions for taxa in the genera Alchemilla, Arundo, Bupleurum, Clematis, Clinopodium, Cota, Crassula, Cytisus, Euphorbia, Hieracium, Isoëtes, Lamium, Leontodon, Linaria, Lychnis, Middendorfia, Ophrys, Philadelphus, Pinus, Sagina, Sedum, Taeniatherum, Tofieldia, Triticum, Veronica, and Vicia. Nomenclature and distribution updates, published elsewhere, and corrigenda are provided as supplementary material

Notulae to the Italian native vascular flora: 6

In this contribution, new data concerning the distribution of native vascular flora in Italy are presented. It includes new records, confirmations and status changes to the Italian administrative regions for taxa in the genera Alchemilla, Arundo, Bupleurum, Clematis, Clinopodium, Cota, Crassula, Cytisus, Euphorbia, Hieracium, Isoëtes, Lamium, Leontodon, Linaria, Lychnis, Middendorfia, Ophrys, Philadelphus, Pinus, Sagina, Sedum, Taeniatherum, Tofieldia, Triticum, Veronica, and Vicia. Nomenclature and distribution updates, published elsewhere, and corrigenda are provided as supplementary material

A Newly Discovered Forest of the Whip Coral <i>Viminella flagellum</i> (Anthozoa, Alcyonacea) in the Mediterranean Sea: A Non-Invasive Method to Assess Its Population Structure

Coral forests are vulnerable marine ecosystems formed by arborescent corals (e.g., Anthozoa of the orders Alcyonacea and Antipatharia). The population structure of the habitat-forming corals can inform on the status of the habitat, representing an essential aspect to monitor. Most Mediterranean corals live in the mesophotic and aphotic zones, and their population structures can be assessed by analyzing images collected by underwater vehicles. This is still not possible in whip-like corals, whose colony lengths and flexibilities impede the taking of direct length measurements from images. This study reports on the occurrence of a monospecific forest, of the whip coral Viminella flagellum in the Aeolian Archipelago (Southern Tyrrhenian Sea; 149 m depth), and the assessment of its population structure through an ad-hoc, non-invasive method to estimate a colony height based on its width. The forest of V. flagellum showed a mean density of 19.4 ± 0.2 colonies m−2 (up to 44.8 colonies m−2) and no signs of anthropogenic impacts. The population was dominated by young colonies, with the presence of large adults and active recruitment. The new model proved to be effective for non-invasive monitoring of this near threatened species, representing a needed step towards appropriate conservation actions