August 2024 – Page 278 – Tech News Feed

LM Studio 0.3 – Discover, download, and run local LLMs

Comments

Zapping sand to create rock could help curb coastal erosion

submitted by /u/OMG__Ponies [link] [comments]

submitted by /u/OMG__Ponies
[link] [comments]

Microsoft patches critical security bug in Copilot Studio that could have leaked private data

Copilot Studio bug could have allowed threat actors to exfiltrate sensitive data from vulnerable endpoints.

Microsoft Copilot Studio had a security issues which could have allowed threat actors to exfiltrate sensitive data from vulnerable endpoints, experts have warned.

Cybersecurity researcher Evan Grant from Tenable, who found and reported on the vulnerability, which is described as an information disclosure flaw stemming from a server-side request forgery (SSRF) attack, and tracked as CVE-2024-38206 with a severity score of 8.5.

Copilot Studio is an end-to-end conversational AI platform that empowers users to create and customize copilots using natural language or a graphical interface.

Microsoft patches the bug

Describing the flaw, Grant said it abuses a Copilot feature in which it makes external web requests.

“Combined with a useful SSRF protection bypass, we used this flaw to get access to Microsoft’s internal infrastructure for Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant said.

In layman’s terms, Grant pulled the instance metadata in Copilot chat messages and used it to grab managed identity access tokens. These, in turn, allowed him to access other internal resources, as well as read/write features on a Cosmos DB instance.

“An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft said in an advisory, effectively acknowledging the bug. There is nothing the users need to do, however, the bug is handled on Microsoft’s side.

While the flaw does allow crooks to access sensitive data, it doesn’t allow them to access cross-tenant information, Grant concluded. Still, since the Copilot Studio infrastructure is shared among multiple tenants, in theory it means that multiple customers can be affected when having elevated access to Microsoft’s infrastructure.

Microsoft Copilot Studio is part of Microsoft’s broader Copilot initiative, which integrates AI-powered tools into its software suite. Announced in 2023, Copilot Studio allows organizations and developers to tailor Copilot’s behavior to their specific needs.

Via The Hacker News

More from TechRadar Pro

Microsoft Copilot for Security could be the AI-powered secret to keeping your business safe Here’s a list of the best firewall software around todayThese are the best malware removal tools right now

Don’t freak out, but Nintendo is killing off Animal Crossing: Pocket Camp

Animal Crossing: Pocket Camp will cease to exist on November 28, but players’ saves should be getting a new home. Since its global launch in 2017, Pocket Camp has offered the core Animal Crossing experience on smartphones, including limited time special events.
Sales of Leaf Tickets, the in-game currency for speeding up access to camp accessories, will stop on November 27. The company is also ending its subscription plans for the Pocket Camp Club, which provides additional in-game cosmetics each month. New plans will not be accepted after October 28 and existing subscriptions will not renew after that date.
But all is not lost for those of us who have invested a lot of hours into building pint-sized communities. Nintendo cushioned the blow with the news that a new app is in the works where existing players can continue their save files. The new take on the game will be a paid purchase with no in-app purchases, as opposed to Pocket Camp’s freemium approach. The team promised more information on the new app this October.This article originally appeared on Engadget at https://www.engadget.com/apps/dont-freak-out-but-nintendo-is-killing-off-animal-crossing-pocket-camp-181640622.html?src=rss

Animal Crossing: Pocket Camp will cease to exist on November 28, but players’ saves should be getting a new home. Since its global launch in 2017, Pocket Camp has offered the core Animal Crossing experience on smartphones, including limited time special events.

Sales of Leaf Tickets, the in-game currency for speeding up access to camp accessories, will stop on November 27. The company is also ending its subscription plans for the Pocket Camp Club, which provides additional in-game cosmetics each month. New plans will not be accepted after October 28 and existing subscriptions will not renew after that date.

But all is not lost for those of us who have invested a lot of hours into building pint-sized communities. Nintendo cushioned the blow with the news that a new app is in the works where existing players can continue their save files. The new take on the game will be a paid purchase with no in-app purchases, as opposed to Pocket Camp‘s freemium approach. The team promised more information on the new app this October.

This article originally appeared on Engadget at https://www.engadget.com/apps/dont-freak-out-but-nintendo-is-killing-off-animal-crossing-pocket-camp-181640622.html?src=rss

AMD explains, promises partial fixes for Ryzen 9000 performance problems

Improved branch prediction in Windows 24H2 should help all recent Ryzen CPUs.

Enlarge / We (and other testers) have had issues getting the Ryzen 9000 series to behave normally. (credit: Andrew Cunningham)

AMD recently released its Ryzen 9000-series processors, which brought the company’s new Zen 5 CPU architecture to desktops for the first time. But we (and multiple other reviewers) had issues getting the chips’ performance to match up to AMD’s promises, something that the company wasn’t able to fully resolve before the processors launched to the public.

AMD has since put out statements explaining some of the discrepancies and promising at least partial fixes for some of them.

A Windows problem

The main fix for slower-than-expected game performance, the company says, will come with the Windows 11 24H2 update later this year, which will include “optimized AMD-specific branch prediction code” that improves Ryzen 9000’s performance by between 3 and 13 percent in an AMD-provided cross-section of games and benchmarks (though a handful of tests also showed no change). AMD says that these improvements will also benefit Zen 3- and Zen 4-based Ryzen processors, but that “the biggest boost” will be reserved for Ryzen 9000 and Zen 5.

Read 12 remaining paragraphs | Comments

Climate policies that achieved major emission reductions

Comments

Humans To Push Further Into Wildlife Habitats Across More Than 50% of Land by 2070, Study Says

Over the next 50 years, people will push further into wildlife habitats across more than half the land on Earth, scientists have found, threatening biodiversity and increasing the chance of future pandemics. From a report: Humans have already transformed or occupied between 70% and 75% of the world’s land. Research published in Science Advances on Wednesday found the overlap between human and wildlife populations is expected to increase across 57% of the Earth’s land by 2070, driven by human population growth.

[…] As humans and animals share increasingly crowded landscapes, the bigger overlap could result in higher potential for disease transmission, biodiversity loss, animals being killed by people and wildlife eating livestock and crops, the researchers said. Biodiversity loss is the leading driver of infectious disease outbreaks. About 75% of emerging diseases in humans are zoonotic, meaning they can be passed from animals to humans, and many diseases concerning global health authorities — including Covid-19, mpox, avian flu and swine flu — likely originated in wildlife.