Categories
Game

‘GoldenEye 007’ fans are creating a full game mod based on ‘The Spy Who Loved Me’

There’s a mod in the works for Nintendo 64 classic GoldenEye 007 that turns another James Bond film into a full game. Fans are building a playable version of The Spy Who Loved Me, Roger Moore’s third, and some would argue best, Bond movie.

As spotted by , YouTuber Graslu00 posted a playthrough video showing 11 levels of The Spy Who Loved Me 64. The mod depicts the key events and locations of the film, taking Bond from the Alps to the pyramids of Egypt and a supertanker in the Atlantic Ocean. It includes Moore’s likeness, as well as characters such as Anya Amasova (aka Agent XXX) and villain Karl Stromberg. It’s possible to run the mod on an emulator in 4K at 60 frames per second, though you can also play it on an N64 console.

It’s a work in progress, as Graslu00 notes. The build of The Spy Who Loved Me 64 that’s available is a demo of the first three levels with a peek at a planned four-player multiplayer mode. It looks like there’s quite a way for the fans working on the game to go, though. The stage select screen shows 20 levels including, curiously, Bond’s childhood home of Skyfall — that seems to be one of the multiplayer maps.

Meanwhile, there’s an official James Bond title in the works. It emerged in late 2020 that Hitman studio IO Interactive is developing a game that delves into the superspy’s origins. It’s expected to be the first official Bond game since 2012’s 007 Legends.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Security

Update Now: New Mac Vulnerability Allows Apps to Spy On You

Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to spoof the TCC and plant malware or hijack another app on the computer.

Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.

According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.

By doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Microsoft was even cheekily able to give Teams mic and camera access. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021.

The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.

Fortunately, Microsoft again notified Apple of the vulnerability, and it was patched last month. Microsoft is urging macOS users to ensure that their version of MacOS Monterey is updated with the latest patch. The company also took time to promote its own Defender for Endpoint enterprise security solution, which was able to prevent those exploits even before Apple patched them.

There have been previous TCC exploits, including one that utilizes Apple’s built in Time Machine utility, that have since been patched as well. It’s always highly advised to keep all of your devices updated with the latest patches to prevent possible exploits like this. Feel free to read the details of Microsoft’s TCC exploits on their security blog post.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Tech News

Chinese hackathon reportedly revealed iOS breach, exploited it to spy on Uyghurs

When Apple announced in a 2019 blog post that it had patched a security vulnerability in its iOS operating system, the company sought to reassure its customers. The attack that had exploited the vulnerability, Apple said, was “narrowly focused” on websites featuring content related to the Uyghur community.

It has since emerged that the vulnerability in question was discovered at China’s principal hacking competition, the Tianfu Cup, where a professional hacker won a prize for his work in uncovering it. The normal protocol would be to inform Apple of the vulnerability. But it’s alleged that, instead, the breach was kept secret, with the Chinese government acquiring it to spy on the country’s Muslim minority.

Hacking competitions are an established way for technology companies like Apple to locate and attend to weaknesses in their software’s cybersecurity. But with state-backed hacks on the rise, the suggestion that the Tianfu Cup is feeding Beijing new ways to perform surveillance is concerning – especially seeing as Chinese competitors have dominated international hacking competitions for years.

Hacking competitions

When software is hacked, it’s often because attackers have found and exploited a cybersecurity vulnerability that the software vendor didn’t know existed. Finding these vulnerabilities before they’re spotted by cyber-criminals or state-backed hackers can save technology providers a huge amount of money, time, and public-relations firefighting.

That’s why hacking competitions exist. Tech companies provide the prize money and cybersecurity researchers – or professional hackers – compete to win it by finding the security weaknesses hidden in the world’s most-used software. The likes of Zoom and Microsoft Teams were successfully hacked in April’s Pwn2Own event, for instance, which is regarded as the top hacking competition in North America.

Until 2017, Chinese hackers walked away with a high proportion of prizes offered at Pwn2Own. But after a Chinese billionaire argued that Chinese hackers should “stay in China” because of the strategic value of their work, Beijing responded by banning Chinese citizens from competing in overseas hacking competitions. China’s Tianfu Cup was set up shortly after, in 2018.

In its first year, a hacker competing in the Tianfu Cup produced a prize-winning hack he called “Chaos”. The hack could be used to remotely access even the latest iPhones – the kind of breach that could easily be used for surveillance purposes. Google and Apple both spotted the hack “in the wild” two months later, after it had been used in a targeted way against Uyghur iPhone users.

Though Apple mitigated the hack within two months, this case shows that exclusive national hacking competitions are dangerous – especially when they take place in countries that require citizens to cooperate with government demands.

Hacking competitions are designed to expose “zero-day” vulnerabilities – security weaknesses that software vendors haven’t located or foreseen. Prize-winning hackers are supposed to share the techniques they used so that the vendors can devise ways to patch them up. But keeping zero-day exploits private, or passing them on to government institutions, significantly increases the chance they’ll be used in state-backed zero-day attacks.

Zero-day attacks

We’ve seen examples of such attacks before. Early in 2021, four zero-day vulnerabilities in the Microsoft Exchange server were used to launch widespread attacks against tens of thousands of organizations. The attack has been linked with Hanium, a Chinese government-backed hacking group.

A year earlier, the SolarWinds hack compromised the security of multiple US federal agencies, including the Treasury and Commerce Department and the Energy Department, which is in charge of the country’s nuclear stockpile. The hack has been linked to APT29, also known as “Cozy Bear”, which is the hacking arm of Russia’s foreign intelligence service, the SVR. The same group was reportedly involved in the attempted hacking of organizations holding information about COVID-19 vaccines in July 2020.

In Russia and China at least, evidence suggests that gangs of cybercriminals are working closely, and sometimes interchangeably, with state-sponsored hacking groups. With the advent of the Tianfu Cup, China appears to have access to a new talent pool of expert hackers, motivated by the competition’s prize money to produce potentially harmful hacks that Beijing may be willing to use both at home and abroad.

This article by Chaminda Hewage, Reader in Data Security, Cardiff Metropolitan University and Elochukwu Ukwandu, Lecturer in Computer Security, Department of Computer Science, Cardiff Metropolitan University is republished from The Conversation under a Creative Commons license. Read the original article.

Repost: Original Source and Author Link