0 Comentários
0 Compartilhamentos
28 Visualizações
Diretório
Diretório
-
Faça Login para curtir, compartilhar e comentar!
-
WWW.POLYGON.COMWickeds big problem: It signals the dawn of the Musical Theater UniverseGood news! Its dead! The myth that audiences wont stand for a true-blue big-screen musical is dead!The movie version of the Broadway hit Wicked is busting box-office records left and right, recently dethroning Grease as the highest-grossing film adaptation of a Broadway show in history. Add in strongly positive reviews, rapidly escalating Oscar buzz, and a Part Two due in 2025, and youve got a blockbuster success story thats also a ready-made franchise starter. After decades of stage-to-screen musicals of varying levels of success, Wicked is bringing Broadway into the IP-driven era of cinema, signaling the dawn of the MTU: The Musical Theater Universe.Thats right; just like Kevin Feige shifted an industry by heeding the requests of superhero aficionados clamoring for comic-reverent screen versions of their childhood faves, producers Marc Platt and David Stone have transformed their Broadway blockbuster into a big-screen juggernaut by remaining, above all else, faithful to the show as it exists onstage. Musical theater superfans can now join the Marvel crowd in their transformation from nerdy cultural subset to cool kids at the center of the zeitgeist. Comic book movie-centric sites that usually focus on news about the latest Spider-Man or Avengers flick are now flooded with Wicked explainers. And seemingly niche knowledge about the plot details of Wickeds second act are now as mainstream a talking point as What happens after the Snap in Avengers: Infinity War?We may be a long way out from the kind of shared cinematic universe where Elphaba and Glinda team up with Alexander Hamilton or Evan Hansen. But the bones of what made the MCU initially flourish are undoubtedly at play here: a weaponizing of nerd cultures desire to see nostalgic texts of their childhood visualized faithfully but realistically on the big screen, and the franchising of those texts to the point where the wait time between installments, where theories can percolate and anticipations build, becomes as integral as the content of the films themselves.This gambit has paid off in wildly successful dividends, and thats an undeniable victory for the Broadway crowd, the ones who tirelessly rail against the casting of non-singers in movie musicals and protest every movie musical trailer that seems hell-bent on obscuring any whiff of the characters bursting into song, from Sweeney Todd to Into the Woods to Mean Girls. The casting of whisper-singing Angourie Rice in that latter film seems particularly laughable when Wicked has Cynthia Erivo, surely one of our most gifted vocalists: Her effortless transition from onstage powerhouse to natural screen presence makes her a no-brainer for Elphaba on film.The same goes for Ariana Grande, whose Glinda launches into Popular with the vim and verve of someone clearly born for this sort of thing. Likewise, in director Jon M. Chu, Wicked has found a stage-to-screen translator who is a fan first and foremost. All together, they are brazenly unafraid to let their movie musical be an all-singing, all-dancing spectacle. And the box-office returns feel like vindication both for them and for the people who held out belief that Broadway movies could indeed achieve mainstream success.And yet, as Glinda sings at the top of Wickeds second act, theres a kind of a sort of cost, theres a couple of things get lostMuch like with MCU series entries, Wicked the movie has a sugar-rush sensibility. It scratches an itch for a big holiday tentpole piece of family entertainment, but doesnt reverberate much beyond the walls of the cineplex. For better or worse, what Chu has delivered is essentially a cinematic souvenir program of the musical as it exists onstage: Its high on fan service, low on imaginative adaptation, almost damagingly obsessed with not shaking things up, not doing anything to incur ire from the shows fans.Though the movie runs almost as long as the stage show and still only gets us to the intermission, theres bafflingly little new material on the screen: This is the first act of Wicked, padded to the gills. No songs have been cut, no scenes rearranged. Everything from Broadway has been preserved and expanded, with little hunger for creating anything fresh, and a focus on blowing out fan-favorite moments to the nth degree until every possible tear is wrung from Glindas and Elphabas first dance together and the appearance of a certain broomstick has the same crowd-pleasing potential as, say, Captain America grabbing Thors hammer in Avengers: Endgame.That approach leaves little for the superfans to grouse at. That said, anyone looking for a true cinematic adaptation of the musical may walk away befuddled.Its important to note that this kind of easy reliance on nostalgia has always been integral to Wicked. Though it debuted on Broadway five years before Robert Downey Jr. first suited up as Iron Man, the musicals staging of Elphaba donning her black cape and pointed hat, or clutching her broomstick for the first time, is exactly the kind of So thats how it happened origin-story moment were used to seeing in everything from Captain America: The First Avenger to Cruella these days. The shows second act is a minefield of prequel table-setting for The Wizard of Oz, from how the Scarecrow got stuffed to why the Lion is so cowardly. (Future Wicked: For Good explainer headline incoming: Who Glinda Meant When She Said Her Little Dog Dodo: 5 Fun Facts About Dorothys Pet.)But theres a somewhat depressing nature to the degenerative mimeographing of this kind of fan service, particularly for an avid fan of both cinema and Broadway musicals. I suppose a Wicked movie is uniquely suited for this present moment, where a movies connection to other movies (or TV shows, or comics, or whatever else) is valued more than the movie at hand. But Chus Wicked: Part I still feels like a weird sort of copy of a copy, the basic but essential conversation with The Wizard of Oz all but forgotten in favor of a lamer one with a big stage success. On screen, when Elphaba grabs her broom, its less about The Birth of the Wicked Witch of the West, and more about The Birth of a Famous Character from Musical Theater. Its as though Hello, Dolly!s Dolly Levi or Gypsys Mama Rose were having their own Avengers moments.This treating of the stage show as sacred has been a badge of honor for the creative team, with Chu proudly stating how Ariana Grande would often balk at changes to the source material, saying Thats bible, you cant remove that line. But while that trust in the original show is admirable, theres a rigidity to this kind of thinking that isnt so far from toxic fandoms imposing absurd limitations on comic book movies or Star Wars entries (say, Luke Skywalker wouldnt toss his lightsaber over a cliff or Batman doesnt eat pussy).Its not that Wicked stans have revealed themselves as possessing anything near the vitriol of some Last Jedi naysayers. But the desire to be so precious and sacrosanct about every single line of a musical about how the Wicked Witch of the West got her broom so much so that it needs to become two 160-minute films isnt so different from the impulse that motivated the Release the Snyder Cut bros.Theres a way to remain faithful in spirit to a stage show, and still create something fresh and new for the screen that can exist on its own terms. Thats what Rob Marshall did with Chicago more than 20 years ago, jettisoning six of the shows songs and introducing a cinematic conceit that foregrounded Roxie Harts desire to be a star, transforming the remaining numbers into hallucinatory episodes in her minds eye. Since then, some filmmakers have shown similar daring in adapting Broadway: Hairspray, Tick, Tick Boom!, and Steven Spielbergs West Side Story are genuine screen adaptations, playing fast and loose with the source material without sacrificing any of the musical energy or dynamism that made these shows so successful onstage.By comparison, Wicked feels as cold and clinical as brand management not just in stage-to-screen translation, but visually as well. The films washed-out, homogenous cinematography has been criticized already. Its true the film biffs an opportunity to place Elphaba and Glinda back in the iconography of the 1939 classic The Wizard of Oz, or at least to crib from that films iconic mastery of color and design. And its true we could imagine a livelier, more vibrant setting, with more tangible, tactile creatures animatronic or puppeteered flying monkeys that unsettle and disturb, production design thats more The Dark Crystal or Labyrinth and less Ant-Man and the Wasp: Quantumania or Thor: Ragnarok.But perhaps the films most dispiriting visual flourish is its staging of Defying Gravity.Onstage, its a magic trick: A cherry-picker, concealed by fog and a mountain of black fabric, hoists an actress into the air as she holds her broom aloft. But what we see is flight, not to mention one of the most exhilarating and iconic coups de thtre of the century. On screen, its thuddingly literal, the magic evaporated. In the same way that the splash-page maximalism of a Jack Kirby or a John Byrne comic becomes smaller and less magnificent when translated to reality, an expressionistically theatrical image full of wonder and power becomes transformed into the same-old-same-old CGI sludge weve seen a million times.In this case, safety means success. And success is good for Wicked the movie, for Chu and Erivo and Grande, as well as for the fans to whom it matters so much. The box-office success of such a balls-to-the-wall musical as Wicked is a net positive for the genre.But if the MTU is anything like the MCU, safety can also mean impermanence. Making a movie for the fans has become a surefire way to ensure a project wont ultimately stand the test of time. Thats a big part of why Alfonso Cuarns Harry Potter and the Prisoner of Azkaban movie feels more warmly regarded these days than, say, Chris Columbus slavishly literal adaptation Harry Potter and the Chamber of Secrets. Or why Marc Webbs arguably more faithful Spider-Man flicks still hold less cultural sway than Sam Raimis voicier interpretations. Future MTU filmmakers, take note: Love your source material, and hire actors who can sing. But make a movie, not a paint-by-numbers facsimile of the show as it exists onstage.Imagine a Hamilton movie that looks like Barry Lyndon but feels like Childish Gambinos This Is America music video. Or a Rankin/Bass-style claymation Urinetown, or a Spring Awakening in the style of 24 Hour Party People. Should we not attempt to dream of more ambitious adaptations of Broadway material, ones where genuine cinematic vision, theatrical reverence, and strong vocal chops arent mutually exclusive?For now, Wicked is doing just fine. Its spreading the gospel of the Broadway show to people who never would have had a chance to see it onstage, and reminding the die-hard fans just why they fell in love with it so many years ago. But is it creating its own unique fandom with its own unique take on the material? I suspect after the hoopla of the initial release, when the dust settles and we can really take a look at the man behind the curtain, well see a film that is more like what Elphaba finally admits herself to be at the end of the second act: limited.0 Comentários 0 Compartilhamentos 24 Visualizações
-
WWW.TECHRADAR.COM2025 could be the year of reckoning for AI as a global survey of CFOs shows rampant nervousness about ROIGlobal survey reveals CFOs' rising AI interest but also ROI skepticism.0 Comentários 0 Compartilhamentos 29 Visualizações
-
WWW.CREATIVEBLOQ.COMThe best indie games of 2024From an absurd 'slapformer' to stunning art and story-driven gameplay, these were our favourite indie games of the year.0 Comentários 0 Compartilhamentos 25 Visualizações
-
WWW.NYTIMES.COMTrumps Plans to Scrap Climate Policies Has Unnerved Green Energy InvestorsPresident-elect Donald J. Trump is expected to roll back many of the rules and subsidies that have attracted billions of dollars from the private sector to renewable energy and electric vehicles.0 Comentários 0 Compartilhamentos 25 Visualizações
-
ARCHINECT.COMOliver Wainwright picks his favorite architecture of the yearOliver Wainwright's picks are in for The Guardians year-end critics list. His trips abroad to visitthe Paris Olympics and Columbus, Indiana left an impression, as did the Met's first-ever major retrospective look at the mercurial influence of Paul Rudulph, the new children's hospital in Zurich from Herzog & de Meuron, the Norwegian Kunstsilo, and, of course, the MAK Museum of Applied Arts in Vienna's closely timed look into the "protest architecture" of barricades, encampments, and activists' inventive "spatial tactics." University Children's Hospital in Zurich. Image: Herzog & de Meuron, Foto Michael SchmidtKunstilo Museum in Kristiansand, Norway. Photo: Alan Williams Photography, image courtesy Kunstsilo.Paul Rudolph (American, 1918-1997) Architectural model for the proposed Sino Tower (unbuilt), Hong Kong (1989). Balsa wood and plastic 48 x 34 1/4 x 25 in. (131.7 x 63.2 cm) Prints and Photographs Division, Library of Congress. Photograph by Eileen TravellFirst Christian Chu...0 Comentários 0 Compartilhamentos 24 Visualizações
-
WWW.THEVERGE.COMWhat podcasts looked like in 2024 literallyIn 2024, podcasts have gotten closer to becoming a video-first medium. Though video podcasts have been around a relatively long time, shows from The New York Times, NPR, and many other podcast networks that have been audio-only for years have recently started adding a video component in order to gain new listenership. In fact, Spotify, a major player in podcasts, is about to begin paying podcasters to bring videos to the platform.And after years of producers trying to get audio shows to go viral on social media, podcasts are now dominating TikTok, Instagram Reels, and YouTube Shorts after video producers realized they can just film the talent talking. Meanwhile, weekly podcasts are looking to attract younger audiences who grew up on YouTube.As a result, video producers are figuring out how to make podcasts, and audio producers are figuring out how to make videos. Ive noticed a few developing trends in this video-first podcasting format. This isnt surprising; when one producer discovers a formula that works, others are going to try it. Lets take a look at current design and tech trends and then Ill talk about what I think may develop over the next year or so.Home designMany of todays podcast studios look like living rooms and basements. This isnt a new phenomenon with talk shows, but a lot of podcasts started out in a living space, and larger media companies have adopted that aesthetic. Lamps. Fireplaces. Fake plants. Bookshelves. This environment gives a more laid back style of long-form interviewing, which is typically the vibe of most chat-style podcasts.1/5Bill Mahers basement vibe. Screenshot: YouTube / Club Random1/5Bill Mahers basement vibe. Screenshot: YouTube / Club RandomCouches and comfy chairs show up a lot on these video shows. The round table has been ditched, and leisure is key its a lot more comfortable of an environment for talking hours at a time. Both hosts and guests are often on a couch together or sitting in comfy chairs separately.1/5Just chillin on the couch. Screenshot: YouTube / Lesser Known Characters1/5Just chillin on the couch. Screenshot: YouTube / Lesser Known CharactersAnother trend Ive noticed are these wooden slats on the wall in podcast studios our own Vox Media space has gone with this design as well. These work better for sound absorption while still looking like a living space. This is already looking to be a signifier of mid-2020 video podcasts.1/7This setup covers a lot of podcast tropes but looks so comfy. Screenshot: YouTube / Two Hot Takes1/7This setup covers a lot of podcast tropes but looks so comfy. Screenshot: YouTube / Two Hot TakesWith wide-shot camera angles showcasing the entire room, there is usually something in the middle of the screen, like a TV or a giant logo of the show, to create a symmetrical studio look.Neon signs and colored lights are very trendy right now because they add a colorful glow to a more muted studio space. Lots of cursive lettering. Branding is often prioritized in video, and most producers think that means literally looking at the logo for two hours. This is also an easy way to let a TikTok scroller know what show they are watching (though this typically doesnt crop well for vertical video). 1/8The TV looks a bit crooked. Screenshot: YouTube / The Daily Beast1/8The TV looks a bit crooked. Screenshot: YouTube / The Daily BeastMore attention to techMicrophones are often placed on floor stands that extend over the couches (these articulating boom stands have been staples in recording studios for decades). As a result, the stands often appear from out of the camera frame and stick up broadly in front of guests faces awkwardly. Poles sticking out at various incongruent angles look even messier when you have multiple guests on separate chairs.1/6Lots of guests, each with their own puffy chair and mic stand. Screenshot: YouTube / Joe Budden Network1/6Lots of guests, each with their own puffy chair and mic stand. Screenshot: YouTube / Joe Budden NetworkThough new kinds of mic stands for podcasts have been introduced to the market, many shows are ditching the long, awkward boom poles in favor of havinghosts and guests hold their microphones instead. This feels a bit more authentic and intimate onscreen, and many stand-up comedians prefer this method. However, it can get a bit awkward with inexperienced guests who talk with their hands or who dont know how to hold a microphone with a narrow polar pattern.1/6You must hold this microphone for the entire show. Screenshot: YouTube / The Bald and the Beautiful1/6You must hold this microphone for the entire show. Screenshot: YouTube / The Bald and the BeautifulIt can get even worse. When podcasts are audio first but with a video component, you often see awkward practices caught on camera, like this instance where each guest is holding their phone up to their face to record their audio while looking directly at the viewer.This is a common practice for radio interviews but isnt great when video is involved.You never see people use their phones like this on a video call in real life. Screenshot: YouTube / The DailyThe Shure SM7B microphones are still really popular in this medium as well as the budget MV7 model. For the purposes of branding, cubes with the name of the show are often stuck awkwardly on the bottom of the microphone. This is reminiscent of microphone flags on newscaster stick mics, and they are now being retrofitted for these classic radio studio microphones.This is likely because its more effective branding on vertically cropped videos than a big logo on the wall in a studio. 1/6Get that logo in there! Screenshot: YouTube / Pod Save America1/6Get that logo in there! Screenshot: YouTube / Pod Save AmericaBig isolating headphones are common in radio and podcasts and are still used in a lot of video versions. But when guests are remote and are looking directly at their webcam, those large ear cups stick out very awkwardly more so than if youre looking at someones profile view.0 Comentários 0 Compartilhamentos 31 Visualizações
-
9TO5MAC.COMThe best features to try on your new Apple WatchIf you just unwrapped a new Apple Watch this holiday season, there are a variety of tips and tricks that can help you get the most out of your new wearable. Read on for some guidance on our favorite Apple Watch features for health, activity, customization, and more.Setting up your Apple Watch activity ringsFor many people, the Apple Watch is, first and foremost, a fitness-focused wearable. The key to this is a trio of rings, each represented by a different color: red for move, green for exercise, and blue for stand.By default, the green exercise ring closes when you log 30 minutes of intense activity, the blue stand or roll ring closes when you move around for at least one minute of 12 different hours, and the red move ring closes when you meet your personal goal for active calories burned in a day.Apple also includes the ability to customize your exercise and stand goals. Maybe youre recovering from an injury and 12 stand hours paired with 30 minutes of exercise is too much for your body to handle. People have also been calling on Apple to integrate rest days into the Apple Watch rings system, and this feature at least gives users more control over their goals.Heres how to change your Apple Watch move, exercise, and stand goals:On your Apple Watch, open the Activity app.Scroll down to the bottom and look for the Change Goals button.Use the + or buttons to adjust your goals, or use the Digital Crown.Tap OK to confirm your changes.The exercise ring can be lowered or raised in intervals of five, down to a minimum of 10 minutes or a maximum of 60 minutes. The stand goal can be changed in single-hour intervals, down to a minimum of six hours or a maximum of 16 hours. Additionally, you can create custom schedules in the Fitness app to ensure youre living as healthy of a lifestyle as possible. This includes the ability to schedule rest days and pause your Apple Watch rings altogether. Customizing your watch faceThe centerpiece of your Apple Watch is the watch face. On your watch face, you can add bits of information known as complications, including things such as weather, activity data, heart rate information, and much more. The easiest way to build an Apple Watch face is with the Apple Watch app on iPhone. You can find the entire library of watch faces in the Face Gallery tab of the app, and as you build them, you can add faces to your personal collection. Once you create multiple watch faces, you can swipe between them from your Apple Watch, making it easy to adjust on the fly for different scenarios.Apple Watch App StoreYou can find apps built specifically for the Apple Watch in the watchOS App Store. Simply press the digital crown on your Apple Watch and look for the App Store icon. Here, youll be able to easily find and install dedicated Apple Watch applications without using your iPhone at all.One of the ways I love to stay motivated with my Apple Watch is by sharing my activity data with friends and family. When you do this, you can see when your friends complete workouts, how much progress theyve made towards their goals, and when they earn new awards.To share your Apple Watch activity data with others, follow these steps:Open the Fitness app on your iPhone.Tap the sharing icon in the bottom-right corner.Tap the + button in the top corner.Start typing a name, then tap the name youd like to add. If the other person has an Apple Watch the name will turn red.Tap the Send button, then wait for your friend to accept your Activity request. Once accepted, youll receive a notification on your Apple Watch.This is one of my favorite features of the Apple Watch, plus theres even support for starting one-on-one weekly competitions with your friends. Set up health monitoring featuresThe Apple Watch is not only useful for deliberately tracking your fitness progress, but also for passively monitoring it in the background.Fall DetectionOne such feature is called Fall Detection, and it uses the gyroscope and accelerometer to detect if youve fallen, and more importantly, if youve fallen and cannot get back up. By default, Fall Detection is disabled for users under the age of 65, but you can manually enable it with these steps:Open the Apple Watch app on your iPhone.Tap Emergency SOS.Look for the Fall Detection toggleApple warns that more physically active users may trigger Fall Detection even when you havent fallen. This is due to high impact activity, and may appear as a fall.Tap Confirm.HeartIn the Apple Watch app on iPhone, you can also enable a suite of features that will allow your Apple Watch to help you look after your heart. Simply open the Apple Watch app on your iPhone and look for the Heart category. In this section, you can enable the following features:Install the ECG app for taking electrocardiograms from your Apple Watch (Series 4 and later).Set up Cardio Fitness Levels and notifications, which are a strong indicator of your overall health.Irregular Rhythm notifications for receiving a notification when Apple Watch identifies multiple heart rhythms that may be atrial fibrillation.High Heart Rate notifications for receiving a notification when Apple Watch detects a heart rate that rises to a certain level while you appear inactive.Low Heart Rate notifications for receiving notification when Apple Watch detects a heart rate that falls below 50 bpm for 10 minutes.Crash DetectionCrash Detection is designed to detect severe car crashes such as front-impact, side-impact, and rear-end collisions, and rollovers involving sedans, minivans, SUVs, pickup trucks, and other passenger cars. When a severe car crash is detected: Your Apple Watch chimes and taps your wrist, and checks in with you on the screen. If you have only your watch, the screen displays an Emergency Call slider. If you have a watch with cellular or your watch is connected to Wi-Fi, it can call emergency services.If you have your iPhone and Apple Watch, the Emergency Call slider appears only on your watch, and the call is connected and the call audio plays from your watch.If youre able, you can choose to call emergency services or dismiss the alert.If youre unable to respond, your device automatically calls emergency services after a 20-second delay.If youve added emergency contacts, your device sends a message to share your location and let them know that youve been in a severe car crash.If youve set up your Medical ID, your device displays a Medical ID slider, so that emergency responders can access your medical information.Rein in your notificationsThe Apple Watch makes it incredibly easy to stay on top of your notifications. Every time an app sends a push notification, youll get a tap on the wrist and hear a sound. For many people, however, this can actually be overwhelming and unnecessary.To manage notifications on your Apple Watch, open the Apple Watch app on your iPhone and choose the Notifications category. Here, you can see a list of applications and manage notifications as necessary. My recommendation is to limit notifications as much as possible on your Apple Watch, otherwise, you might become overwhelmed.Toning down the Apple Watch: Tips and feature requests to avoid being overwhelmedCheck out Apple Fitness+Apple Fitness+ offers access to a library of hundreds of on-demand workouts across popular categories such as running, cycling, HIIT, rowing, yoga, and more.Apple Fitness+ features deep integration with Apple Watch, showing live data from your Apple Watch on the screen during your workout. Plus, if you recently got a new Apple Watch, you likely have three months of free access to the service.You can find Apple Fitness+ in the Fitness app on your iPhone or Apple TV. Its also available on the iPad, and you can download it from the iPadOS App Store to get started.How to use Apple Fitness+: Apple Watch requirement, sign up, start workouts, moreApple Watch accessoriesFinally, you might be looking to complement your new Apple Watch with accessories such as charging docks and watch bands. Here are some of our favorites.Best Apple Watch charging docks:Best Apple Watch bands:Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel0 Comentários 0 Compartilhamentos 25 Visualizações
-
THEHACKERNEWS.COMRuijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote AttacksDec 25, 2024Ravie LakshmananCloud Security / VulnerabilityCybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances."These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices."The operational technology (OT) security company, which carried out in-depth research of the Internet of Things (IoT) vendor, said it not only identified 10 flaws but also devised an attack called "Open Sesame" that can be used to hack into an access point in close physical proximity over the cloud and gain unauthorized access to its network.Of the 10 vulnerabilities, three of them are rated Critical in severity -CVE-2024-47547 (CVSS score of 9.4) - Use of a weak password recovery mechanism that leaves the authentication mechanism vulnerable to brute force attacksCVE-2024-48874 (CVSS score of 9.8) - A server-side request forgery (SSRF) vulnerability that could be exploited to access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata servicesCVE-2024-52324 (CVSS score: 9.8) - Use of an inherently dangerous function that could allow an attacker to send a malicious MQTT message which could result in devices executing arbitrary operating system commandsClaroty's research also found that it's easy to break MQTT authentication by simply knowing the device's serial number (CVE-2024-45722, CVSS score: 7.5), subsequently exploiting the access to Ruijie's MQTT broker in order to receive a full list of all cloud-connected devices' serial numbers."Using the leaked serial numbers, we could generate valid authentication credentials for all cloud-connected devices," the researchers said. "This meant that we could perform a wide range of denial-of-service attacks, including disconnecting devices by authenticating on their behalf, and even sending fabricated messages and events to the cloud; sending false data to users of these devices."The knowledge of the device serial number could further be weaponized to access all MQTT message queues and issue malicious commands that would then get executed on all cloud connected devices (CVE-2024-52324).That's not all. An attacker who is physically adjacent to a Wi-Fi network that uses Ruijie access points could also extract the device's serial number by intercepting the raw Wi-Fi beacons, and then leverage the other vulnerabilities in MQTT communication to achieve remote code execution. The Open Sesame attack has been assigned the CVE identifier CVE-2024-47146 (CVSS score: 7.5).Following responsible disclosure, all the identified shortcomings have been fixed by the Chinese company in the cloud and no user action is required. About 50,000 cloud connected devices are estimated to have been potentially impacted by these bugs."This is another example of weaknesses in so-called internet-of-things devices such as wireless access points, routers, and other connected things that have a fairly low barrier to entry on to the device, yet enable much deeper network attacks," the researchers said.The disclosure comes as security form PCAutomotive flagged 12 vulnerabilities in the MIB3 infotainment unit used in certain Skoda cars that malicious actors could chain together to achieve code execution, track the cars' location in real-time, record conversations via the in-car microphone, take screenshots of the infotainment display, and even exfiltrate contact information.The flaws (from CVE-2023-28902 through CVE-2023-29113) permit attackers to "gain code execution on the MIB3 infotainment unit over Bluetooth, elevate privileges to root, bypass secure boot to gain persistent code execution, and control infotainment unit via DNS channel every time the car starts," PCAutomotive researchers said.The discovery adds to nine other flaws (from CVE-2023-28895 through CVE-2023-28901) identified in the MIB3 infotainment unit in late 2022 that could allow attackers to trigger a denial-of-service, bypass UDS authentication, and obtain vehicle data -- namely, mileage, recent trip duration, and average and max.=imum speed of the trip -- by knowing only VIN number of a vehicle.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE0 Comentários 0 Compartilhamentos 25 Visualizações
-
THEHACKERNEWS.COMCritical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS Patch NowDec 25, 2024Ravie LakshmananServer Security / VulnerabilityThe Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database.The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system."An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role 'admin,' 'federation,' 'operations,' 'portal,' or 'steering' to execute arbitrary SQL against the database by sending a specially-crafted PUT request," project maintainers said in an advisory.Apache Traffic Control is an open-source implementation of a Content Delivery Network (CDN). It was announced as a top-level project (TLP) by the AS in June 2018.Tencent YunDing Security Lab researcher Yuan Luo has been credited with discovering and reporting the vulnerability. It has been patched in version Apache Traffic Control 8.0.2.The development comes as the ASF has resolved an authentication bypass flaw in Apache HugeGraph-Server (CVE-2024-43441) from versions 1.0 through 1.3. A fix for the shortcoming has been released in version 1.5.0.It also follows the release of a patch for an important vulnerability in Apache Tomcat (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions.Users are recommended to update their instances to the latest versions of the software to protect against potential threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE0 Comentários 0 Compartilhamentos 25 Visualizações