Zum Inhalt der Seite gehen

Suche

Beiträge, die mit Engineer getaggt sind


[Important Update] Google patches two Android Zero-Days used in targeted Attacks. :android:

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 & CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks.

https://source.android.com/docs/security/bulletin/2024-11-01

#google #android #update #zerodays #it #security #privacy #engineer #media #tech #news
The security issues fixed this month impact Android versions between 12 and 15.

• The CVE-2024-43047 flaw is a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges. The flaw was first disclosed in early October 2024 by Qualcomm as a problem in its Digital Signal Processor (DSP) service.

• CVE-2024-43093 is also a high-severity elevation of privilege flaw, this time impacting the Android Framework component and Google Play system updates, specifically in the Documents UI. Google did not disclose who discovered the CVE-2024-43093 vulnerability.

To apply the latest update, head to Settings > System > Software updates > System update. Alternatively, go to Settings > Security & privacy > System & updates > Security update. A restart will be required to apply the update.


The Turing Machine made Real, In LEGO.

A working Turing Machine was submitted to Lego Ideas, consisting of approximately 2,900 parts and a bucketload of extreme cleverness. The original machine was devised by mathematician Alan Turing in 1936. Turing's idea was a hypothetical system that could simulate any computer algorithm.

https://youtu.be/8AA3E05axHw?si=MWCSLoUNAxo2TiWD

#turing #machine #history #retro #computing #lego #artist #it #engineer #media #tech #art #news
The British mathematician and pioneer of computing Alan Turing published a paper in 1936 which described a Universal Machine, a theoretical model of a computer processor that would later become known as a Turing Machine.

Physical representations on Turing's model are an interesting engineering and computational challenge, and while any algorithm can be simulated, such machines are nowhere near as performant as purpose-built silicon. The Turing Machine still does, however, represent a useful model for students of computation.
[ImageSource: Bananaman 2018]

The design consisted of an infinitely long tape with symbols that could be moved left and right, a 'head' that could read the symbols and overwrite them with new ones, a finite control that described the machine's state, and a table to link each combination of state and symbol to an instruction for what to do next.

In addition to the constraints of making the device out of Lego, there was also the challenge of fitting into the limits imposed by Lego Ideas. At the time of submission, this was 3,000 parts and The Bananaman's contraption finally managed to come in at around 2,900. The limit has since been raised to 5,000 parts.

Fans of 3D printing will no doubt be pleased to note that some of the parts (notably one of the large gears) came from a printer, but only because buying missing bits online tends to take longer and cost more. A real-world version of the model was designed and built first to make sure it worked.
[ImageSource: 6zacl8.blogspot]

The original Alan Turing machine.

First demonstrated in 1950, this is one of Britain's earliest stored program computers and the oldest complete general purpose electronic computer in Britain. Designed and built at the National Physical Laboratory, Middlesex in 1949-1950, it was based on plans for a larger computer (the ACE) designed by the mathematician Alan Turing (1912-1954) at NPL between 1945 and 1947. Previously Turing worked on the Colossus computer used in codebreaking at Bletchley Park during World War II. Pilot ACE was estimated to have cost £50,000 to design and build, but by 1954 had earned over £240,000 from advanced scientific and engineering work in various fields including crystallography, aeronautics and computing bomb trajectories.


I’ve waited Years for Apple to give a Damn about Gaming — with Cyberpunk 2077 coming to the Mac, it’s finally happening.

Apple silicon Macs will get their ultimate gaming test. One of the most graphically demanding and visually impressive games in recent years, will soon get a Mac release, according to CD Projekt Red.

https://www.cyberpunk.net/en/news/50947/just-announced-cyberpunk-2077-ultimate-edition-coming-to-mac

#apple #silicon #mac #cyberpunk2077 #gaming #engineer #media #it #tech #news
The announcement was published on CD Projekt Red's blog and also appeared briefly during Apple's pre-recorded MacBook Pro announcement video. The game will be sold on the Mac App Store, Steam, GOG and the Epic Game Store when it launches, and it will be labeled the Cyberpunk 2077: Ultimate Edition, which simply means it also includes Phantom Liberty, the expansion that was released a couple of years after the original game.

Apple has been working with AAA game publishers to try to get the games they made for consoles or Windows gaming PCs onto the Mac or iPhone, including Assassin's Creed Mirage, Death Stranding and Resident Evil Village, among others. But the addition of Cyberpunk 2077 is notable because of its history of running poorly on low-end hardware and because it uses new technologies like ray-traced illumination, reflections and shadows. It also heavily relies on AI upscaling like DLSS or FSR to be playable even on high-end machines.


Floppy Discs still run a U.S. Metro? Japan steps in with 'Project kill Floppy'.

Yes, we're talking about the good old floppy disk, which is somehow still being utilized for something as important as a critical function of a public transport network within a major city’s.

https://www.govtech.com/transportation/s-f-muni-will-spend-212m-to-move-train-control-off-disk

#us #rail #train #control #metro #floppydisk #publictransport #travel #hitachirail #retrocomputing #engineer #media #tech #news


LiteSpeed Cache Plugin Vulnerability poses significant Risk to WordPress Websites.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated actors to gain admin rights.

[CVE-2024-50550 CVSS score: 8.1]

https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/

#wordpress #litespeed #flaw #it #security #privacy #engineer #media #tech #news
LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites.

The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August 2024 (CVE-2024-28000, CVSS score: 9.8).

It stems from the use of a weak security hash check that could be brute-forced by a bad actor, thus allowing for the crawler feature to be abused to simulate a logged-in user, including an administrator.

The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

<https://wordpress.org/plugins/litespeed-cache/>


[BEWARE!!!] Android Malware "FakeCall" now reroutes Bank Calls to Attackers. :androidalt:

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/

#android #fakecall #vishing #malware #it #security #privacy #engineer #media #tech #news
FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information.

In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction.

The malware also exploits the Android Accessibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app.
[ImageSource: Zimperium]

Overview of latest FakeCall attacks.

The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges.

A fake call interface mimics the actual Android dialer, displaying trusted contact information and names, elevating the level of deception to a point that's hard for victims to realize.

What makes this malware so dangerous is that when a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker's phone number instead.


Apple creates Private Cloud Compute VM to let Researchers find Bugs. :apple_inc:

The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to [$1 Million] for vulnerabilities that could compromise “the fundamental security and privacy guarantees of PCC”.

https://security.apple.com/blog/pcc-security-research

#apple #pcc #vm #securityresearch #bug #bounty #programming #ai #it #security #privacy #engineer #media #tech #news
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some “key components” to help researchers analyze the privacy and safety features on the architecture.

The company also makes available the Private Cloud Compute Security Guide, which explains the architecture and technical details of the components and the way they work.

<https://security.apple.com/documentation/private-cloud-compute>
[ImageSource: Apple]

Interacting with the Private Cloud Compute client from the Virtual Research Environment.

Apple provides a Virtual Research Environment (VRE), which replicates locally the cloud intelligence system and allows inspecting it as well as testing its security and hunting for issues.

“The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple explains, sharing documentation on how to set up the Virtual Research Environment on your device.

VRE is present on macOS Sequia 15.1 Developer Preview and it needs a device with Apple silicaon and at least 16GB of unified memory.

<https://security.apple.com/documentation/private-cloud-compute/vresetup>