Lunar Lander games abound on every platform. Along with Tetris and Pac-Man, the game–in which your mission is to safely maneuver your lunar module onto the moon’s surface–is one of the most widely cloned computer games of all time. But did you know that game players began touching down on the moon in Lunar Lander just months after Apollo 11 astronauts Neil Armstrong and Buzz Aldrin did so on July 20th, 1969?

Islamic Jihad announcement: “the Al-Quds Brigades said in its military statement that the deceased fighter, ‘Ahmed Adel Attia Abu Ramadan,’ (27 years old), one of the Mujahideen of Al-Quds Brigades in the Al-Wusta Brigade, died today, Saturday, Muharram 25, 1445 AH, corresponding to August 12, 2023 AD, as a result of a mistake while cleaning the weapon.”

Rather than compromising infrastructure used to make various MFA services work, as more advanced groups do, a Lapsus$ leader last year described his approach to defeating MFA this way: “Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.” //

• A phishing campaign that used MFA bombing and other unsophisticated techniques successfully breached San Francisco-based MFA provider Twilio and came close to breaching content delivery network Cloudflare were it not for the latter’s use of MFA that’s compliant with the FIDO2 industry standard. //

The report contains a variety of recommendations. Key among them is moving to passwordless authentication systems, which presumably refer to passkeys, based on FIDO2. Like all FIDO2 offerings, passkeys are immune to all known credential phishing attacks because the standard requires the device that provides MFA to be no further than a few feet away from the device logging in.

Both consumer and server processors from Intel show the gap. For consumers, all PCs or laptops with Intel Core processors of the 6th “Skylake” generation up to and including the 11th-gen “Tiger Lake” chips contain the vulnerability. This means that the vulnerability has existed since at least 2015, when Skylake was released.

Intel’s corresponding Xeon processors are also at risk to Downfall. Due to Intel’s dominant position in server processors, virtually every internet user could be affected, at least indirectly.

Microsoft finds vulnerabilities it says could be used to shut down power plants
Exploitation is hard and patches are already out, but the potential risk is great.

Microsoft on Friday disclosed 15 high-severity vulnerabilities in a widely used collection of tools used to program operational devices inside industrial facilities such as plants for power generation, factory automation, energy automation, and process automation. The company warned that while exploiting the code-execution and denial-of-service vulnerabilities was difficult, it enabled threat actors to “inflict great damage on targets."

The vulnerabilities affect the CODESYS V3 software development kit. Developers inside companies such as Schneider Electric and WAGO use the platform-independent tools to develop programmable logic controllers, the toaster-sized devices that open and close valves, turn rotors, and control various other physical devices in industrial facilities worldwide. Specifically, the SDK allows developers to make PLCs compatible with IEC 611131-3, an international standard that defines programming languages that are safe to use in industrial environments. Examples of devices that use CODESYS V3 include Schneider Electric’s Modicon TM251 and the WAGO PFC200.