Month: September 2021

• 

  Flipping past a T-Rex in a shiny, blue sports car: that's the Cruis'n Blast lifestyle at work. [credit: Raw Thrills / Nintendo ]

Cruis'n Blast's placement on my list of favorite video games of 2021 should not be taken as a universal recommendation. As a painstakingly authentic refresh of the dated Cruis'n arcade-racing series, it's a simple game, and in many ways, it lags behind other arcade racers that have come and gone in the past few years.

Still, if you're looking for sheer, unadulterated, all-ages racing fun, especially on the underpowered Nintendo Switch, you should set your GPS coordinates to the bonkers racetracks and Burnout-leaning smashy-smash of Cruis'n Blast as soon as possible.

Cruis’n through history: A primer

Cruis'n emerged in the '90s as one of the only major Western racing series in arcades, years after Sega and Namco unleashed their own dazzling 3D racers. This Midway series didn't really compete with the likes of Daytona USA or Ridge Racer, as it was marked by wimpy tech and simple mechanics. Instead, 1994's Cruis'n USA kept things loud and silly in a shameless, drive-straight-ahead manner. The result was, depending on where you lived, a pizza parlor mainstay—and one that rode Nintendo's coattails, since it was emblazoned with "Nintendo Ultra 64" logos before that console launched with a different name.

Enlarge (credit: Aurich Lawson | Getty Images)

Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world.

Tracked as CVE-2021-30860, the vulnerability needs little to no interaction by an iPhone user to be exploited—hence the name "FORCEDENTRY."

Discovered on a Saudi activist’s iPhone

In March, researchers at The Citizen Lab decided to analyze the iPhone of an unnamed Saudi activist who was targeted by NSO Group's Pegasus spyware. They obtained an iTunes backup of the device, and a review of the dump revealed 27 copies of a mysterious GIF file in various places—except the files were not images.

Enlarge / This isn't how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images)

Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure's CosmosDB-managed database service—has found another hole in Azure.

The new vulnerability impacts Linux virtual machines on Azure. They end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure's UI.

At its worst, the vulnerability in OMI could be leveraged into remote root code execution—although thankfully, Azure's on-by-default, outside-the-VM firewall will limit it to most customers' internal networks only.