Friday Squid Blogging: Squid Skin–Inspired Insulating Material

Read Time:52 Second

Interesting:

Drawing inspiration from cephalopod skin, engineers at the University of California, Irvine invented an adaptive composite material that can insulate beverage cups, restaurant to-go bags, parcel boxes and even shipping containers.

[…]

“The metal islands in our composite material are next to one another when the material is relaxed and become separated when the material is stretched, allowing for control of the reflection and transmission of infrared light or heat dissipation,” said Gorodetsky. “The mechanism is analogous to chromatophore expansion and contraction in a squid’s skin, which alters the reflection and transmission of visible light.”

Chromatophore size changes help squids communicate and camouflage their bodies to evade predators and hide from prey. Gorodetsky said by mimicking this approach, his team has enabled “tunable thermoregulation” in their material, which can lead to improved energy efficiency and protect sensitive fingers from hot surfaces.

Research paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

esh-0.3.2-1.fc36

Read Time:12 Second

FEDORA-2022-c4e644865f

Packages in this update:

esh-0.3.2-1.fc36

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

esh-0.3.2-1.fc35

Read Time:12 Second

FEDORA-2022-f6e24d96b6

Packages in this update:

esh-0.3.2-1.fc35

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

esh-0.3.2-1.fc34

Read Time:12 Second

FEDORA-2022-bc5c8ee61e

Packages in this update:

esh-0.3.2-1.fc34

Update description:

Honor umask of existing file or parent process when using -o option
Make trap rm -f more robust, resistant to Command Injection attack

Read More

CVE-2021-20464

Read Time:11 Second

IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.

Read More

Cryptomining botnet targeting Docker on Linux systems

Read Time:32 Second

LemonDuck, a well-known cryptomining botnet, is targeting Docker on Linux systems to coin digital money, CloudStrike reported Thursday.

The company’s threat research team revealed in a blog written by Manoj Ahuje that the botnet is leveraging Docker APIs exposed to the internet to run malicious containers on Linux systems.

Docker is used to build, run, and mange containerized workloads. Since it runs primarily in the cloud, a misconfigured instance can expose a Docker API to the internet where it can be exploited by a threat actor, who can run a crypto miner inside an outlaw container.

To read this article in full, please click here

Read More

CVE-2020-14123

Read Time:18 Second

There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.

Read More