Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 55

Twelve new security flaws impacting various chipsets were disclosed in this month’s security advisory for Qualcomm’s devices, two of which have been given a critical severity rating. Two significant flaws in Qualcomm chipsets have been identified that might allow malicious payloads to installed remotely on the Android devices.

The first vulnerability, identified as CVE-2022–25748 (CVSS score 9.8), affects Qualcomm’s WLAN component and is described as a “Integer Overflow to Buffer Overflow during parsing GTK frames”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

The second vulnerability, identified as CVE-2022–25718 (CVSS score 9.1), also affects Qualcomm’s WLAN component and is described as a “Cryptographic issue in WLAN due to improper check on return value while authentication handshake”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

Read more | >

A security investigator has discovered three new code execution flaws in the Linux kernel that might be exploited by a local or external adversary to take control of the vulnerable computers and run arbitrary code. The roccat_report_event function in drivers/hid/hid-roccat.c has a use-after-free vulnerability identified as CVE-2022–41850 (CVSS score: 8.4). A local attacker might exploit this flaw to run malicious script on the system by submitting a report while copying a report->value. Patch has be released to addresses the Linux Kernel 5.19.12 vulnerability CVE-2022–41850.

The second flaw tracked as CVE-2022–41848 (CVSS score: 6.8), is also a use-after-free flaw due to a race condition between mgslpc_ioctl and mgslpc_detach in drivers/char/pcmcia/synclink_cs.c. By removing a PCMCIA device while calling ioctl, an attacker could exploit this vulnerability to execute arbitrary code on the system. The bug affects Linux Kernel 5.19.12 and was fixed via this patch.

Due to a compatibility issues between mgslpc ioctl and mgslpc detach in drivers/char/pcmcia/synclink cs.c, the second vulnerability, tagged as CVE-2022–41848 (CVSS score: 6.8), is likewise a use-after-free vulnerability. An adversary might use this flaw to run malicious script on the computer by deleting a PCMCIA device while executing ioctl. There is a patch that corrects this flaw that was present in the Linux Kernel 5.19.12.

Read more | >

Tiny particles are interconnected despite sometimes being thousands of kilometers apart—Albert Einstein called this “spooky action at a distance.” Something that would be inexplicable by the laws of classical physics is a fundamental part of quantum physics. Entanglement like this can occur between multiple quantum particles, meaning that certain properties of the particles are intimately linked with each other.

Entangled systems containing multiple offer significant benefits in implementing quantum algorithms, which have the potential to be used in communications, or quantum computing. Researchers from Paderborn University have been working with colleagues from Ulm University to develop the first programmable optical quantum memory. The study was published as an “Editor’s suggestion” in the Physical Review Letters journal.

Read more | >

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

The open-source Linux operating system is an essential component of the cloud and enterprise application delivery. In fact, every cloud service, even Microsoft, offers Linux-based compute resources and Linux is often the default choice for embedded and internet of things (IoT) devices. Among the major Linux distribution vendors today are IBM’s Red Hat business unit, German vendor SUSE and Canonical, which develops the Ubuntu Linux distribution.

The market for Linux is forecast to grow to $22.15 billion by 2029, according to Fortune Business Insights, up from $6.27 billion in 2022.

Read more | >

Since the infancy of functional magnetic resonance imaging (fMRI) in 1990, people have been fascinated by the potential for brain scans to unlock the mysteries of the human mind, our behaviors and beliefs. Many breathtaking applications for brain scans have been devised, but hype often exceeds what empirical science can deliver. It’s time to ask: What’s the big picture of neuroscience and what are the limitations of brain scans?

The specific aims of any research endeavor depend on who you ask and what funding agency is involved, says Michael Spezio, associate professor of psychology, data science and neuroscience at Scripps College. Some people believe neuroscience has the potential to explain human cognition and behavior as a fully mechanistic process, ultimately debunking an “illusion of free will.” Not all neuroscientists agree that free will is a myth, but it’s a strong current these days. Neuroscience also has applications in finance, artificial intelligence, weapons research and national security.

For other researchers and funders, the specific aim of neuroscience involves focusing on medical imaging, genetics, the study of proteins (proteomics) and the study of neural connections (connectomics). As caring persons who are biological, neurological, physical, social and spiritual, we can use neuroscience to think carefully and understand our humanity and possible ways to escape some of the traps we’ve built for ourselves, says Spezio. Also, brain scans can enhance research into spirituality, mindfulness and theory of mind – the awareness of emotions, values, empathy, beliefs, intentions and mental states to explain or predict others’ behavior.

Read more | >

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Modern software development typically follows a very iterative approach known as continuous integration/continuous development (CI/CD). The promise of CI/CD is better software that is released quicker and it’s a promise that ClearML now intends to bring to the world of machine learning (ML).

ClearML today announced the general availability of its enterprise MLops platform that extends the capabilities of the company’s open-source edition. The ClearML Enterprise platform provides organizations with security controls and additional capabilities for rapidly iterating and deploying ML workflows.

Read more | >

As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years.

The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, and IT management.

The shortcoming, tracked as CVE-2007–4559 (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write.

Read more | >

Maximizing Benefits Of The Life Sciences & Health Tech For All Americans — Dr. Andrew Hebbeler, Ph.D., Principal Assistant Director for Health and Life Sciences, Office of Science and Technology Policy, The White House.

Dr. Andrew Hebbeler, Ph.D., is Principal Assistant Director for Health and Life Sciences, Office of Science and Technology Policy at The White House (https://www.whitehouse.gov/ostp/ostps-teams/health-and-life-sciences/), and has extensive foreign affairs, national security, global health, and science and technology (S&T) policy experience.

Most recently, Dr. Hebbeler was Senior Director and Lead Scientist for Global Biological Policy and Programs at the non-profit Nuclear Threat Initiative and previous to that served in leadership positions at the State Department’s offices of Science and Technology Cooperation (OES/STC), the Science and Technology Adviser to the Secretary of State (E/STAS), and Cooperative Threat Reduction (ISN/CTR).

Continue reading “Dr. Andrew Hebbeler, Ph.D. — Office of Science and Technology Policy (OSTP) — The White House” | >

Wearable tech has seen an explosion of creativity and applications in the last decade; especially with circuit components getting smaller and cheaper, and batteries getting better and better. Whereas taking phone calls on your wrist was impressive just a few years ago, now, you can experiment with deauthentication attacks on WiFi networks just from this watch: the DSTIKE Deauther Watch SE.

Based on the ESP8266 WiFi microcontroller, this watch is the latest generation of a project to give you a wearable interface for pen testing local WiFi networks. The watch only works on 2.4GHz networks, due to the restrictions of the ESP8266. It comes pre-flashed with the latest ESP8266 Deauther firmware, which is an open-source project! The watch supports four main functions: a deauther attack, which disconnects all local 2.4GHz networks; deauther beacon, used for creating fake networks; deauther probe, to confuse any nearby WiFi trackers; and packet monitoring, which lets you display local WiFi traffic. As you can see, there’s a lot to appreciate in this slick and discreet package.


This watch (and its prior iterations) are made and sold by Travis Lin. Much like the seller emphasizes on the product page, this device is meant for educational purposes, and should be only tested on devices and networks you own. But if this has your curiosity piqued, put on your red hat and check out the wearable devices and other security goodies they have for sale!

Read more | >

These 15 robots may demonstrate that the concept is viable.

Personal robots have been a common trope in sci-fi for many decades. Their apparent plausibility has made many sci-fi enthusiasts wonder when they may become a reality.

Some robots with personal robot-like features have been developed, but are they personal robots?

Would you like a robot to assist you in the house? Perhaps another for personal security? Well, you can’t help but notice that there appears to be a complete lack of them.

Continue reading “Where are all the personal robots we were promised?” | >