Toggle light / dark theme

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.

IPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS.

Unfortunately, you aren’t getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware. As headlines have focused on all week, a zero-click zero-day in Apple’s iMessage feature is being exploited by NSO Group’s notorious Pegasus mobile spyware: A spyware blitz enabled by a bug that has given the security community pause about the security of Apple’s closed ecosystem.

The chip world’s most important machines are made near corn fields in the Netherlands. The U.S. is trying to block China from buying them.


The one-of-a-kind, 180-ton machines are used by companies including Intel Corp., South Korea’s Samsung Electronics Co. and leading Apple Inc. supplier Taiwan Semiconductor Manufacturing Co. to make the chips in everything from cutting-edge smartphones and 5G cellular equipment to computers used for artificial intelligence.

China wants the $150-million machines for domestic chip makers, so smartphone giant Huawei Technologies Co. and other Chinese tech companies can be less reliant on foreign suppliers. But ASML hasn’t sent a single one because the Netherlands—under pressure from the U.S.—is withholding an export license to China.

The Biden administration has asked the government to restrict sales because of national-security concerns, according to U.S. officials. The stance is a holdover from the Trump White House, which first identified the strategic value of the machine and reached out to Dutch officials.

As pervasive as they are in everyday uses, like encryption and security, randomly generated digital numbers are seldom truly random.

So far, only bulky, relatively slow quantum random generators (QRNGs) can achieve levels of randomness on par with the basic laws of quantum physics, but researchers are looking to make these devices faster and more portable.

In Applied Physics Letters, scientists from China present the fastest real-time QRNG to date to make the devices quicker and more portable. The device combines a state-of-the-art photonic integrated with optimized real-time postprocessing for extracting randomness from quantum entropy source of vacuum states.

WTF?! On Thursday the Security Service of Ukraine (SSU) reported that they had shut down a cryptomining operation in the city of Vinnytsia, seizing over 500 GPUs and 50 processors — and a bunch of Playstation 4s. Consoles built on 2013-era technology might not be great at mining, but they don’t need to be when you have 3800 of them.

Although the market for GPUs is starting to improve, and dedicated ASICs might be on the way to relieve demand, it seems that one group of enterprising cryptocurrency miners have turned to last-gen console hardware to get things done.

From the photos provided by the SSU, it looks like these consoles are of the PS4 Slim variety, the 2016 refresh of the original console from three years prior. Mostly obsolete for newer games, it’s not at all surprising that so many could be sourced en masse so easily.

Planetary scientists estimate that each year, about 500 meteorites survive the fiery trip through Earth’s atmosphere and fall to our planet’s surface. Most are quite small, and less than 2% of them are ever recovered. While the majority of rocks from space may not be recoverable due to ending up in oceans or remote, inaccessible areas, other meteorite falls are just not witnessed or known about.

But new technology has upped the number known falls in recent years. Doppler radar has detected meteorite falls, as well as all-sky camera networks specifically on the lookout for meteors. Additionally, increased use of dashcams and security cameras have allowed for more serendipitous sightings and data on fireballs and potential meteorite falls.

A team of researchers is now taking advantage of additional technology advances by testing out drones and machine learning for automated searches for small meteorites. The drones are programmed to fly a grid search pattern in a projected “strewn field” for a recent meteorite fall, taking systematic pictures of the ground over a large survey area. Artificial intelligence is then used to search through the pictures to identify potential meteorites.

Security researchers accidentally revealed a huge flaw.


Microsoft is warning Windows users about an unpatched critical flaw in the Windows Print Spooler service. The vulnerability, dubbed PrintNightmare, was uncovered earlier this week after security researchers accidentally published a proof-of-concept (PoC) exploit. While Microsoft hasn’t rated the vulnerability, it allows attackers to remotely execute code with system-level privileges, which is as critical and problematic as you can get in Windows.

Researchers at Sangfor published the PoC, in what appears to have been a mistake, or a miscommunication between the researchers and Microsoft. The test code was quickly deleted, but not before it had already been forked on GitHub.

Sangfor researchers had been planning to detail multiple 0-day vulnerabilities in the Windows Print Spooler service at the annual Black Hat security conference later this month. It appears the researchers thought Microsoft had patched this particular vulnerability, after the company published patches for a separate Windows Print Spooler flaw.

“It would be difficult to introduce a single thing and it causes crime to go down,” one expert said.


“Are we seeing dramatic changes since we deployed the robot in January?” Lerner, the Westland spokesperson said. “No. But I do believe it is a great tool to keep a community as large as this, to keep it safer, to keep it controlled.”

For its part, Knightscope maintains on its website that the robots “predict and prevent crime,” without much evidence that they do so. Experts say this is a bold claim.

“It would be difficult to introduce a single thing and it causes crime to go down,” said Ryan Calo, a law professor at the University of Washington, comparing the Knightscope robots to a “roving scarecrow.”

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Batten down the hatches

“We’re aware of the situation and have been working our best to investigate and resolve it,” the email, which was posted to Twitter, said. “The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as ‘zyxel_silvpn,’ ‘zyxel_ts,’ or ‘zyxel_vpn_test,’ to manipulate the device’s configuration.”

Circa 2015 In theory this big bang laser could eventually create complex matter but would need to be pocket-size as I want it on a smartphone to make a replicator so I can make fruit or food in space 😀


The Institute of Laser Engineering (ILE), Osaka University, has succeeded to reinforce the Petawatt laser “LFEX” to deliver up to 2000 trillion watts in the duration of one trillionth of one second (this corresponds to 1000 times the integrated electric power consumed in the world). By using this high-power laser, it is now possible to generate all of the high-energy quantum beams (electrons, ions, gamma ray, neutron, positron). Owing to such quantum beams with large current, we can make a big step forward not only for creating new fundamental technologies such as medical applications and non-destructive inspection of social infrastructures to contribute to our future life of longevity, safety, and security, but also for realization of laser fusion energy triggered by fast ignition.

Background and output of research

Petawatt lasers are used for study of basic science, generating such high-energy quantum beams as neutrons and ions, but only a few facilities in the world have Petawatt laser. So far, Petawatt lasers in the world have had relatively a small output (to a few tens of joules). ILE has achieved the world’s largest laser output of dozens of times those at other world-class lasers facilities (1000 joules or more).