Tens of thousands of SonicWall VPN firewall platforms are vulnerable to different flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.
Cybersecurity researchers at BishopFox scanned the internet with Shodan and BinaryEdge, and running proprietary scripts to analyze the returning data, discovered there were 430,363 endpoints exposed to the internet.
While this doesn’t necessarily mean they’re vulnerable, endpoints such as these ones should not be connected to the wider internet to begin with, since it means crooks could try to access them and look for holes.
End of life"The management interface on a firewall should never be publicly exposed, as this presents an unnecessary risk," BishopFox said in its report. "The SSL VPN interface, although designed to provide access to external clients over the internet, should ideally be protected by source IP address restrictions."
Drilling deeper, BishopFox found that almost 120,000 endpoints were running versions affected by serious vulnerabilities, including 25,485 endpoints with critical severity flaws, and 94,018 endpoints with high severity bugs. Furthermore, they said that 20,710 endpoints were running versions of the software that are no longer supported by the vendor.
This presents a rather large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often targeted in different campaigns, including the recent strikes by both Fog and Akira ransomware groups. These threat actors were abusing flaws to gain initial access to corporate networks, where they later deployed ransomware encryptors and wreaked havoc across enterprise infrastructure.
To tackle the threat, businesses should make sure they are always running the latest versions of their software, and that their endpoints are still supported by their respective vendors.
Via BleepingComputer
You might also likeDay 10 of the 12 Days of OpenAI went a little retro to make ChatGPT far more accessible than before. OpenAI has introduced new ways to interact with ChatGPT using a much older form of communication technology: a phone number. Specifically, you can text with ChatGPT through WhatsApp and by calling a toll-free phone number. AI by landline has arrived. Naturally, the number to call or message is 1-800-CHATGPT.
You can start a conversation with ChatGPT on WhatsApp by texting 1-800-242-8478 on the app. You can message ChatGPT like any other WhatsApp chatbot but get responses matching those from the free tier of ChatGPT on the mobile app or website. Not every ChatGPT feature is available on WhatsApp either. You can’t ask the AI to search for things online or analyze images, at least for now.
If you’d rather have your AI answers by audio, you can pick up your phone to dial 1-800-CHATGPT (that’s 1-800-242-8478), and a very friendly, very human-like female voice will answer all the same queries you might type out to send to ChatGPT. The experience is pretty much like ChatGPT’s Advanced Voice Mode, where you ask questions, and the AI responds in real-time. It can help you translate a sentence, give recommendations, or chat about whatever’s on your mind.
Even if you still you have a phone like this, you can call ChatGPT. (Image credit: Future) Search AIThere are obvious accessibility benefits to OpenAI in making ChatGPT far more globally available, even with all of the limits and caveats. It’s the same reason Google set up a phone number for Google Assistant that people could call to interact with the voice assistant. But, it also points to how OpenAI and its rivals want to see AI integrated into more communication channels. That’s why both OpenAI and Apple were keen to add ChatGPT capabilities to Siri, augmenting the iOS assistant with the AI model.
There are also limits to ChatGPT on WhatsApp and by phone. You can only message ChatGPT on WhatsApp a limited amount a day, though OpenAI is vague about what that limit actually is. You’ll get a warning when you approach the limit, so you’re not surprised by the cutoff. Similarly, ChatGPT phone conversations aren't unlimited. Instead of a message cap, you get 15 minutes a month for verbal interactions with the AI. And the phone number only works in the U.S. for now. An automated phone number was certainly a surprise for OpenAI’s latest ‘present,’ akin to finding an old wooden train under the wrapping paper. I'd expect that OpenAI will probably take a more future-facing approach to the final two gifts before the event ends.
You might also likeAmazon’s had a pretty packed few months – including new Kindles, a Fire TV Stick refresh, and an entry into Mini LED TVs – and is now debuting a new accessibility feature, expanding another, and highlighting an accessible addition for some product packaging.
A variety of Fire TV devices already support the ability to beam audio directly to hearing aids thanks to support for the Audio Streaming for Hearing Aids (ASHA) protocol. Amazon’s latest move, though, is dubbed “Dual Audio” and is exclusive to the Fire TV Omni Mini LED TV series for now – with this, you can send audio using ASHA to a hearing aid and audio through the TV’s speakers.
This is the first time a Fire TV device can send audio out in two streams. This way, if you’re wearing a hearing aid, you can watch TV with family members and have it be a communal experience without any delays. It’s exciting to see this launch for the Fire TV Omni Mini LED TV series, but I do hope Amazon can expand this to other Fire TV devices as well – be it a Fire TV 4-Series model or a streaming stick.
(Image credit: Amazon)A software update will be required to enable this, and it will start rolling out to the Fire TV Omni Mini LED TV series in the ‘coming weeks.’ Once it’s installed, you’ll be able to turn on ‘Dual Audio’ in Settings under Accessibility. You’ll pair a compatible hearing aid with the TV to start the process, and then with it, you can have audio through the aid as well as the TV speakers. After that first setup, you can also use quick settings to turn the feature on and off.
More broadly, beyond just the Fire TV Omni Mini LED TV series, Amazon is expanding the types of hearing aids that can be paired with its Fire TV family of devices. Now supported via the audio streaming protocol for hearing aids are Widex Moment Behind-The-Ear (BTE) and Receiver-In-Canal (RIC) aids. BTE and RIC hearing aids will be supported on all ASHA-enabled Fire TV devices like the Omni TV lineup, Fire TV Cube, and the 2- and 4-Series Fire TV models.
(Image credit: Amazon)Beyond support for more types of hearing aids and Dual Audio on the Fire TV Omni Mini LED TV series, Amazon has also added a tactical-marked, raised QR code inside the packaging of select devices. The QR code, which features raised dots, is designed to help customers who have low vision or are blind easily access quick setup guides and other support documents. You’ll scan the QR code and be taken to these; the raised QR code is found on the “top left corner on the back panel of the device Quick Start Guide” inside the packaging.
It’s not found on every device that Amazon makes, but it is found on some of the new Kindles – Colorsoft, Paperwhite, and Scribe – the Fire TV Soundbar and Soundbar Plus, Fire TV Omni Mini-LED Series, Echo Spot, Echo Show 15, and Echo Show 21.
You might also likeSome people might not know that until pretty recently, Microsoft made computer accessories - and it looks like Microsoft is dipping its toe in again. The company actually has a considerable history of creating PC accessories, from ergonomic keyboards to high-precision mice. After discontinuing its own brand of PC accessories last year, Microsoft has partnered with Incase to bring back some of those back.
Incase put out a post announcing the partnership starting in 2024, promising to combine both companies’ expertise to bring you 23 computer accessories to start with and possibly more to come. You can get products that some might recognize, such as the Modern Mobile Mouse or Sculpt Ergonomic Keyboard, but now with the Incase logo and branding.
(Image credit: Incase) What Incase and Microsoft have to offerIn practical terms, these accessories will work just as well as the originals and they come at great prices that won’t make you jump out of your seat. For example, the $24.99 Mobile Mouse 1850 is a lightweight, reliable wireless mouse that’s perfect for everyday tasks, while the $39.99 Modern Mobile Mouse offers a sleeker design with better performance for on-the-go professionals. This new lineup also includes keyboards that are wireless, ergonomic, and compact, along with headsets and a webcam.
While Microsoft has pretty much entirely left the PC accessory market, its Surface range includes Surface-specific gear, like the Surface Desktop Keyboard with its AI-powered Copilot+ key, which shows off Microsoft’s commitment to its premium Surface lineup. So, whether you’re looking for dependable classics under the new “Incase Designed by Microsoft” label or cutting-edge tech under the Surface brand, Microsoft has something for everyone.
Those who are familiar with Microsoft’s computer accessories will probably welcome this announcement. While some have complaints about products like Microsoft 365, Edge, and, of course, Windows, it is still a highly trusted company, and with Incase’s collaboration efforts, I think these will be pretty decent quality for the price.
YOU MIGHT ALSO LIKE...The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.
BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.
It revolves around deploying a custom automation configuration assessment tool (ScubaGear for Microsoft 365 audits), integrating with CISA’s continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB).
Mandatory policies"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," CISA said.
"This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA's Secure Cloud Business Applications (SCuBA) secure configuration baselines."
Here is what CISA demands FCEB organizations do:
- Identify all cloud tenants within the scope of this Directive by February 21, 2025.
- Deploy all SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025
- Implement all mandatory SCuBA policies effective as of the Directive’s issuance no later than Friday, June 20, 2025
- Implement all future updates to mandatory SCuBA policies
- Implement all mandatory SCuBA Secure Configuration Baselines
The list of all mandatory policies can be found on the Required Configurations website. At press time, it included secure configuration baselines for Microsoft 365, Azure Active DIrectory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online & OneDrive, and Microsoft Teams.
Google and other cloud platforms are set to follow in the coming months.
CISA also has a list of mandatory actions, you can read more about those here.
Via BleepingComputer
You might also likeLG has announced that its 77-inch Signature OLED T transparent OLED TV is now available to buy. The world’s first transparent OLED TV with wireless audio and video transfer, the Signature OLED T made a big splash when it was demonstrated at CES 2024, where it was shown without any confirmed release date or price.
We now have that information: The 77-inch Signature OLED T is available at select LG retailers, Best Buy, and LG.com for $59,999 in the United States. Availability in other markets will be announced at a future date.
The LG Signature OLED T’s screen can transform from transparent to opaque at the push of a button, allowing for a range of display options, including installation in front of windows. When in transparent mode, objects on-screen appear to float in 3D space. In opaque mode, a roll-up back panel transforms it into a regular display for streaming movies and TV, and the Signature T is also optimized for gaming, with 4K at 120Hz support, AMD FreeSync Premium compatibility, and Nvidia G-Sync certification.
According to LG’s press release, the Signature OLED T provides three separate display options:
Transparent displays captured our imagination at CES 2024, with LG and Samsung making them a primary focus of their “Innovation room” exhibits. Of the two, LG’s Signature OLED T looked the most ready for prime time. Although no availability date was given, it was said to arrive in 2024.
LG has clearly made good on its promise, with the Signature OLED T arriving just in the nick of time in mid-December 2024. At $59,999, the transparent OLED is quite a bit more expensive than the best OLED TVs, even 83-inch 8K models such as the LG Z3.
Still, for those craving a design-forward TV that pushes the limits of tech and captures the imagination, the Signature OLED T might just be the ticket.
@techradar ♬ One Night - Frank Bramble & Slip.stream You might also like...Huawei engineers have reportedly released new Linux patches to enable driver support for High Bandwidth Memory (HBM) management on the company’s ARM-based Kunpeng high-performance SoC.
The Kunpeng 920, which debuted in January 2019 as the company’s first server CPU, is a 7nm processor featuring up to 64 cores based on the Armv8.2 architecture. It supports eight DDR4 memory channels and has a thermal design power (TDP) of up to 180W. While these specifications were competitive when first introduced, things have moved on significantly since.
Introducing a new Kunpeng SoC with integrated HBM would align with industry trends as companies seek to boost memory bandwidth and performance in response to increasingly demanding workloads. It could also signal Huawei’s efforts to maintain competitiveness in the HPC and server markets dominated by Intel Xeon and AMD EPYC.
No official announcement... yetPhoronix’s Michael Larabel notes that Huawei has not yet formally announced a new Kunpeng SoC (with or without HBM), and references to it are sparse. Kernel patches, however, have previously indicated work on integrating HBM into the platform.
The latest patches specifically address power control for HBM devices on the Kunpeng SoC, introducing the ability to power on or off HBM caches depending on workload requirements.
The patch series includes detailed descriptions of this functionality. Huawei explains that HBM offers higher bandwidth but consumes more power. The proposed drivers will allow users to manage HBM power consumption, optimizing energy use for workloads that do not require high memory bandwidth.
The patches also introduce a driver for HBM cache, enabling user-space control over this feature. By using HBM as a cache, operating systems can leverage its bandwidth benefits without needing direct awareness of the cache’s presence. When workloads are less demanding, the cache can be powered down to save energy.
While we don't have any concrete details on future Kunpeng SoCs, integrating HBM could potentially allow them compete more effectively against other ARM-based server processors, as well as Intel’s latest Xeon and AMD EPYC offerings.
You might also likeSecret Level is getting a second season on Prime Video, even though its first season has received a mixed response from critics and fans. Nevertheless, one of the best streaming services has decided to commission more episodes following the release of season 1's final few entries yesterday (December 17).
We don't have a confirmed release date for season 2 yet, and we also don't know if any of the big stars from season 1 will return in potential sequels to the standalone stories.
The first season features plenty of big names including Arnold Schwarzenegger, Kevin Hart, and Keanu Reeves, all of whom provided voices for an anthology series that celebrates the world of gaming, with episodes based on the likes of Dungeons & Dragons, Sifu, New World, Unreal Tournament, and Warhammer 40,000 all appearing.
What has been the response to Secret Level season 1?Currently, Secret Level season 1 has a 67% Rotten Tomatoes critical score, meaning it's not eligible to appear on our best Prime Video shows list. Indeed, reviewers haven't been overly impressed, with TechRadar's very own senior entertainment reporter Tom Power criticizing the series in our weekly round-up on December 13, saying: "I've seen all 15 episodes and, while I can vouch for how gorgeous some of them look and the intriguing stories they tell, many of them come across as hollow, cash-grab-esque advertisements".
Adding further fuel to the "not good enough" fire, it's received five "rotten" scores from critics on the reviews aggregation website as well. So, while audiences seemed happy enough to give it a 'Popcornmeter' score of 82%, it hasn't done enough to win over critics.
Still, there's always room for improvement and I'm interested to see if season 2 will make it onto our best Prime Video shows list now that its chief creative team has had feedback from gamers worldwide everywhere. Over to you, Amazon and Blur Studio.
You might also likeI recently reviewed the DJI Mic Mini and Rode Wireless Micro – both are superb quality wireless mics for content creation, designed to be ultra simple for capturing better audio with smartphones.
I'd recommend either in general, but if I were to pick one for myself, it would be the teeny tiny DJI Mic Mini, no question. Overall, it's a more versatile bit of kit for smartphones and cameras, with reliable connectivity via its receiver or Bluetooth, and the price difference between the two kits is negligible.
If you shoot with DJI cameras such as the Osmo Pocket 3 or Osmo Action 5 Pro, it's an even easier choice because those cameras feature built-in receivers for streamlined pairing with DJI's mics, including the pricier DJI Mic 2 – our camera accessories product of the year.
What's more, you can buy Mic Mini components individually, meaning you can save yourself a packet just picking up a mic for those DJI cameras, rather than the full kit with receiver.
All that said, more people shoot video just with smartphones, and for those people the simpler Rode Wireless Micro takes the DJI out with a knock-out punch.
(Image credit: Future / Tim Coleman) The winning one-trick ponyDJI's Mic Mini works for cameras and smartphones, while the Rode Wireless Micro is just for smartphones. I shoot with both so the choice is clear. But for smartphone-only creators, I think Rode's mic makes more sense.
The best method to connect the mics with your phone is through a receiver. That's the only method for Rode's mic, and the receiver slots neatly across the underside of your phone, connected to your USB-C (or Lightning) charging port (see gallery below). It's slim and it's simple too – there are no controls on it or the mics whatsoever.
You plug the receiver into your phone, follow the on-screen prompts (which might include selecting the wired mic option in favor of your phone's built-in mic in the camera app menu) and you're up and running in seconds. Everything is automated.
The Mic Mini's receiver is bulkier. Every time I used it with a phone, I was concerned I would snap it off – it sticks out, it's a little awkward, and a better fit with cameras, like into the hotshoe / coldshoe port. DJI's offering has another trick up its sleeve though that bypasses the receiver.
Image 1 of 2(Image credit: Future / Tim Coleman) Image 2 of 2(Image credit: Future / Tim Coleman)You can also connect the DJI Mic Mini to your phone using Bluetooth, meaning no receiver whatsoever. However, I wouldn't trust a Bluetooth connection for video recording in the same way that I would a purpose-made receiver, and audio quality drops from 24-bit depth to 16-bit depth when using Bluetooth instead of the receiver.
Bluetooth connectivity is fine at a pinch and still beats the audio quality of your phone's built-in mics, even when you're armed with voice enhanced audio, like you get with the latest Google Pixel handsets.
The Mic Mini also has a few manual controls to play with. There's a one-push noise reduction mode, plus ±12db audio level control on the receiver. These are great tools to have, but for phone users I think Rode's simpler approach – an automated 'Intelligent GainAssist technology' – again makes more sense.
And so while the DJI Mic Mini outstrips the Rode Wireless Micro in most ways, it's the Rode mic's outright simplicity that wins through for smartphone creators. I just hope Rode makes the Wireless Micro components available individually in the future – some of us could save a few pennies that way, especially if replacement parts are needed.
You might also like...