Lifeboat Foundation

According to user reports following this month’s Patch Tuesday, the August 2024 Windows updates are breaking dual boot on Linux systems with Secure Boot enabled.

This issue is caused by Microsoft’s decision to apply a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022–2601 GRUB2 Secure Boot bypass vulnerability, which could “have an impact on Windows security.”

“The vulnerability assigned to this CVE is in the Linux GRUB2 boot loader, a boot loader designed to support Secure Boot on systems that are running Linux,” Microsoft says in an advisory published last week to address this issue.

Security researchers disclosed PoC exploit codes for three vulnerabilities (CVE-2023–4206, CVE-2023–4207, and CVE-2023–4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free” vulnerabilities within the net/sched component could allow local privilege escalation, enabling attackers to gain unauthorized control over affected systems. The vulnerabilities have been given a CVSS score of 7.8, indicating their high severity.

Researchers at the University of Houston unveiled an advancement in X-ray imaging technology that could provide significant improvements in medical diagnostics, materials and industrial imaging, transportation security and other applications.

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild.

Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month.

The Patch Tuesday updates are notable for addressing six actively exploited zero-days.

Ivanti releases critical security updates for vTM and Neurons for ITSM to fix vulnerabilities allowing unauthorized access. Update immediately.

Unlike classical encryption, which relies on mathematical algorithms, quantum encryption assures security based on physical principles. Detection of espionage or interference is guaranteed by unavoidable alteration of the quantum states involved.

A very dangerous position to be in the world community of scientist should gather in agreement those friendly to the values and principles of democracy to advance science for the good humanity and freedom.

The U.S. sorely needs a coordinated national research strategy, says Marcia McNutt, president of the U.S. National Academy of Sciences.

By Saima S. Iqbal

Continue reading “American Science is in Dangerous Decline while Chinese Research Surges, Experts Warn” »

Researchers uncover 10 security flaws in Google’s Quick Share, potentially allowing remote code execution on Windows. Update to version 1.0.1724.0 or.

Startup Riverlane helped continue what has been a strong year for venture funding in the quantum computing industry.

The U.K.-based firm — which specializes in quantum error correction technology — raised a $75 million Series C led by Planet First Partners. The round also includes participation from ETF Partners, EDBI, Cambridge Innovation Capital, Amadeus Capital Partners, the National Security Strategic Investment Fund and Altair

The company’s tech helps quantum computers perform without succumbing to eventual errors. Such computers typically can only perform a few hundred quantum operations before failure.