Technology

• Audio-Technica’s SQ1TW2 earphones have a battery overheating issue
• The problem is with the charging case which can produce smoke
• The manufacturer assures us that no one has been harmed by the issue

Audio-Technica has issued a warning for its new SQ1TW2 wireless earphones, with some versions suffering from a fault with the battery which can overheat with alarming consequences.

In an email, Audio-Technica advised TechRadar that one batch of stock of these earphones are affected by a problem which means a “few of the charging cases are faulty due to an overheating battery that can produce smoke.”

If you want to check, the potentially affected models have serial numbers between 2322 and 2426 – you can see the number on the inside of the charging case, as shown in the image below. Also, if your case has no serial number, then it could be hit by the issue, too.

If you have one of the affected models of SQ1TW2 earphones, you should contact Audio-Technica, and the company will arrange a replacement, and for the safe disposal of the faulty product.

As you might guess, you should also not use the charging case with the earphones while you’re waiting for your faulty model to be swapped out.

(Image credit: Audio-Technica) A precautionary recall

Clearly, this is an unfortunate affair, so be sure to check the serial number if you have bought the SQ1TW2 earphones.

They’re likely to have been a popular budget model, given that they’re the sequel to the original SQ1TW, earphones that we heaped tons of praise on in our five-star review (sporting a sound with a far higher quality than others in its price bracket). The SQ1TW2 was launched in August 2024, at an even cheaper price point than the original earphones, with a more compact nature.

So, this is a rather unsightly blot on an otherwise exciting budget pair of earphones, but of course, the impact is limited to a (hopefully) small number of models, going by the communication from the company. Audio-Technica makes it clear that no one has been harmed by this issue to date, and the recall is a precautionary measure.

Still, it isn't the first issue it's had of this nature – a couple of years ago, it issued a product safety notice for its ATH-CK3TW earbuds, due to a similar overheating problem with its charging case. We've asked Audio-Technica if it's going to publish a similar notice for its SQ1TW2 earphones and will update this story if we hear back.

You might also like

• Black Friday earbuds deals 2024: the best offers live now including Nothing, Sony, Bose and AirPods
• The best earbuds 2024: wireless and wired buds for all budgets
• The best noise-cancelling earbuds for all budgets

Not all premium VPN services protect your privacy equally, with over half of the most popular services suffering some form of data leak. At least three apps also shared your personal information "in a way that put user privacy at risk."

These are the main findings from new research conducted by Top10VPN based on the 30 most popular premium providers for Android devices. These include some of the best VPN apps on the market, such as NordVPN, ExpressVPN, Proton VPN, and Surfshark.

"I don’t want to exaggerate the level of risk. For most users, it is fairly low, but it does depend on your threat model," Simon Migliano, Head of Research at Top10VPN, told TechRadar, noting Avira Phantom VPN and FastestVPN as the paid Android VPNs to "absolutely" avoid.

Paid Android VPN apps' privacy fails

As mentioned, Migliano conducted testing on the 30 most popular paid Android VPNs to identify potential safety issues within the apps – you can find the full list of services analyzed here.

These tests focused on different areas, namely DNS and other data leaks, VPN encryption, VPN tunnel stability, risky app permissions, risky use of device hardware features, and data collection and sharing.

The most surprising result for Migliano was that half of the top paid VPNs tested (15) failed to ensure SNI (Server Name Indication) was encrypted for all server connections the apps make. SNI is an extension to the TLS protocol that a client needs to indicate the hostname of the server it’s trying to connect to during the handshake process.

While this leak may be relatively minor for most people, "It’s an oversight that could land someone in trouble with their school or workplace if VPNs aren’t allowed on the network, or even in legal trouble somewhere like Turkey or China, where VPNs are heavily regulated," he added.

According to Migliano's data, Surfshark, Private Internet Access (PIA) and PrivadoVPN were some of the apps still overlooking SNI encryption.

Did you know?

(Image credit: Shutterstock)

A virtual private network (VPN) is security software that encrypts your internet connection to prevent third parties from accessing your data in transit and snooping on your online activities. At the same time, it also spoofs your real IP address location for maximum anonymity, granting you access to otherwise geo-restricted content.

At least seven Android VPNs also leaked DNS requests – meaning the device's request to a Domain Name System server to provide an IP address for a given hostname.

Again, these data leaks aren't critical and happen only under very specific circumstances, so it won't be a big issue for most users. That said, Migliano believes that "a properly configured VPN should terminate all existing network connections to prevent this from happening."

This is why, if private browsing is crucial for you, he suggests avoiding the VPNs impacted by this issue, namely HMA!, Private VPN, Mozilla VPN, Privado, VyprVPN, X-VPN, and Avira Phantom.

FastestVPN was another big no for Migliano on this front. He said: "I could never recommend FastestVPN after it exposed my email address in clear text in the headers of a server request to a geolocation API, which is unforgivable."

While way better than free VPN apps, data collection and sharing may also be an issue for some providers. Migliano found seven apps out of 30 analyzed to pose a potential privacy risk due to embedded tracking code from advertisers and data brokers. Yet, only two VPNs (VPN Unlimited and Hotspot Shield) were found guilty of actually sharing data in practice, while X-VPN employed poor data-sharing practices.

VPN encryption for paid services was good overall. Yet, while seven apps failed to use the latest version of TLS to establish the VPN tunnel (AES-256), Avira Phantom made use of the deprecated SSLv2 protocol which, Migliano noted, has long been considered insecure.

On December 3, WIRED will be sitting down with some of the biggest names in technology, business, science, and beyond for a full day packed with in-depth conversations.

Pakistan's top religious body has said that using a VPN service to access blocked content goes against Shariah, the Islamic law.

The statement from the country's constitutional body for legal advice on Islamic matters described their responsibility to prevent the "spread of evil", according to the report from the Associated Press.

Pakistan's residents have increasingly turned to virtual private network (VPN) software as a way to access X which has been blocked since February.

Authorities announced plans to regulate the use of VPNs back in August. While the debate is still ongoing on whether or not commercial VPNs should also be blocked – the Pakistani English-speaking publication Dawn reported – businesses and freelancers have time until November 30, 2024, to register their service and avoid disruptions.

The Pakistan VPN debate

"Using VPNs to access blocked or illegal content is against Islamic and social norms, therefore, their use is not acceptable under Islamic law," reads the official statement released on Friday, November 15, quoting the Council of Islamic Ideology’s chairman Raghib Naeemi – Voice of America reported.

The statement also notes that any technology used to access "immoral or illegal activities is prohibited according to Islamic principles," the internet included. Illegal content includes "immoral and porn websites or websites that spread anarchy through disinformation."

On the same day, also the Ministry of Interior spoke out against VPN usage.

In a letter sent to the Pakistan Telecommunication Authority (PTA), he calls to block all "illegal" VPNs, claiming that terrorists use these tools "to facilitate violent activities and financial transactions in Pakistan."

Do you know?

(Image credit: Getty Images)

On Sunday, November 9, 2024, people in Pakistan lamented issues accessing their VPN apps throughout the day, in what looked like the beginning of the crackdown on "unregistered" VPNs. Authorities confirmed this to be a "brief technical glitch," while reiterating the need to register their service to avoid further disruptions.

The best VPN providers have been recording an increase in usage from citizens in Pakistan this year as people try to keep accessing X and other blocked content online. This is because such security software spoofs a user's real IP address location to grant access to otherwise geo-restricted content while encrypting internet connection to boost online anonymity.

At times, VPNs have also become a target as authorities seek to prevent people from using these services to bypass government-imposed restrictions.

As Dawn reported, though, VPN usage is still permitted in Pakistan for legitimate purposes. These include banking, foreign missions, corporate enterprises, universities, IT companies, call centers, and freelance professionals.

Authorities are now urging companies and freelance workers operating in the aforementioned sectors to complete the VPN registration with PTA by the end of the month. Failing to do that could mean further service interruptions in the future.

While it isn't clear yet how the blocking will work in practice, the new legislation aims to curb VPN misuse and security risks. Authorities deemed unregistered VPNs a "security risk" for Pakistan as they can be used to access "sensitive data."

Yet, at the same time, internet experts also believe that the increase in censorship is the main cause of the decline of the country's internet, with VPNs remaining the best tool to keep accessing the free web.

• US President-Elect Donald Trump could be working on a free tax filing app
• The initiative forms part of Elon Musk’s DOGE plans for streamlining
• Intuit and H&R Block shares fell following the news

Shares in tax software giants Intuit and H&R Block have fallen after reports claimed Donald Trump’s administration advisory team could be exploring creating a new, free tax-filing app.

The Washington Post reported that Trump’s proposed Department of Government Efficiency (DOGE), an external advisory body led by Elon Musk, could be considering the app as part of plans to streamline government operations.

The two software companies, which currently dominate the tax-filing market, would face major competition if the US government were to introduce a free alternative.

Trump and Musk considering free tax-filing app

While discussions surrounding the app appear to be in their early stages, the prospect has raised concerns among private tax-preparation firms which make a profit off US citizens filing their taxes.

The IRS currently offers free filing options to eligible taxpayers earning less than $79,000. The agency has also launched Direct File, a pilot program that it’s trialling across 12 states to give 18 million taxpayers free access to online tax-filing services.

The DOGE-backed app would build on these existing efforts, which have been driven under the Biden-Harris administration. It’s unclear whether the app would become available for all US taxpayers.

Intuit spokesperson Tania Mercado commented (via CNBC): “For decades, Intuit has publicly called for simplifying the U.S. tax code so individuals, families, and small businesses can better understand their finances.”

The Federal Trade Commission recently confirmed it would be taking action against H&R Block for “deceptively marketing their products as ‘free’ when they were not free for many consumers,” among other concerns. The proposed settlement would see H&R Block liable to paying out $7 million.

You might also like

• We’ve listed the best personal finance software
• Live over the pond? Here’s the best MTD software
• The IRS is releasing a TurboTax alternative, and you can try it now

Brad Porter helped Amazon deploy an army of warehouse robots. His new creation—Proxie—could help other companies embrace more automation.

Black Friday is now underway, so beat the crowds and get HP printer before stock runs out.

This two burner griddle is now $50 off at Walmart and it even comes with a prep cart for all kinds of cooking needs.

Customize the ambience of your space with this 3-pack starter kit at $50 off.

Black Friday at Walmart is already rolling out with doorbusters, like these Skullcandy headphones, for just $99.

Available in three different colors, you can save over $200 in comparison to a new pair.

Two independent audits officially confirm that NordVPN is way more than just the best VPN app on the market.

Experts at AV-TEST, a German cybersecurity testing firm, recently ranked NordVPN's newly launched Threat Protection Pro as the top tool for blocking malicious sites. The feature also received the highest rating in an anti-malware validation conducted by the technical research and product testing organization West Coast Labs (WCL).

While you need to upgrade to a top-tier plan to use NordVPN Threat Protection Pro, you can now save some bucks in the process thanks to its great time-limited Black Friday VPN deal.

Two golden medals for protection

In October, AV-TEST evaluated the capabilities of five well-known VPN providers in detecting different types of malicious links.

These included three specific categories: phishing links, portable executable (PE) URLs (for example, EXE files), and non-portable executable web addresses (for example, HTML and JavaScript files). Experts also looked at how good the VPN services were in avoiding false positives, meaning flagging legitimate links as malicious.

NordVPN Threat Protection Pro managed to successfully detect and block 83.42% of malicious links, leading in all three categories. In contrast, the second-best result captured only less than half (46.96%).

AV-TEST experts used 3,209 links in total, consisting of 1,050 malicious links to PE files, 1,031 links to other malicious (non-PE) file types, and 1,128 links to phishing sites. (Image credit: Nord Security)

WCL's testing was focused on malware protection. Here, NordVPN achieved a staggering 99.8% detection rate for high-threat malware.

The provider earned the highest AAA rating overall thanks to top marks in other categories, too. These include a smooth buying experience, easy and customizable installation, sleek apps, and reliable customer support.

This isn't the first time that NordVPN Threat Protection Pro has proved its effectiveness with third-party observers. Back in August, the feature gained the bronze medal out of 35 competitors as a top tool to avoid online shopping scams.

Yet, Domininkas Virbickas, head of development at Threat Protection, explains that the recent ratings complement the evaluations conducted by AV-Comparatives this summer by providing a broader picture of the tool's capabilities.

Do you know?

(Image credit: NordVPN)

The latest round of testing carried out by TechRadar's reviewers in September also confirmed how the provider upped the game for malware and phishing protection.

He said: "These results validate our consistent commitment to providing comprehensive protection against a wide range of online threats."

As Virbickas puts it, "The internet is full of scammers." A simple click on a wrong link is all it takes for attackers to steal your account, money, or identity.

It's with this in mind that the team at NordVPN decided to give a boost to its tracker blocker tool back in June.

What used to be called Threat Protection Lite – now simply known as Threat Protection – is based on DNS filtering and is still available to all NordVPN customers using Android, iOS, Linux, Windows, macOS, and browser extensions.

By contrast, Threat Protection Pro works at the URL and Javascript levels to help you avoid tracking, phishing, scams, malware, and annoying ads and is exclusive for Standard, Plus, Complete, Ultimate, and Ultra subscribers on Windows and macOS only at the time of writing.

• Researchers spot Helldown exploiting Zyxel VPN to breach networks
• The flaw was previously undisclosed
• The crooks mostly target SMBs in the US and Europe

There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.

The group is called Helldown, and has been active since summer 2023, a new report from cybersecurity researchers has revealed Sekoia, noting the group most likely uses a previously undisclosed vulnerability in Zyxel’s firewalls for initial access.

Furthermore, the group seems to be exploiting CVE-2024-42057, a command injection bug in IPSec VPN that, in certain scenarios, grants unauthenticated users the ability to run OS commands.

Dozens of victims

When they breach a target network, they steal as many files as they can, and encrypt the system. For encryption, they seem to be using a piece of software developed from the leaked LockBit 3 builder. The researchers said the encryptor was relatively basic, but also probably still under development.

As basic as it is, the encryptor still locked down at least 31 organizations, as that’s the number of victims listed on the group’s data leak site. According to BleepingComputer, between November 7 and today, the number dropped to 28, which could be a hint that some organizations paid the ransom demand. We don’t know who the victims are, or how much money the crooks demanded in return for the decryption key and for keeping the data secure.

Most of the victims seem to be small and medium-sized organizations in the United States and Europe.

If the researchers are indeed right, and Helldown does use flaws in Zyxel and IPSec instances to breach the networks, the best way to defend would be to keep these devices up to date, and limit access to trusted accounts only. CVE-2024-42057 that plagues IPSec was fixed on September 3, and the earliest clean firmware version is 5.39. For Zyxel, since the vulnerability is still undisclosed, it would be wise to keep an eye on upcoming advisories and deploy the patch as soon as it’s published.

Via BleepingComputer

You might also like

• Thousands of Oracle NetSuite ERP websites found leaking private customer information
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Shopping for broadband in Orange? Our experts have compiled the best internet providers in the area to help you find the fastest speeds and cheapest internet plans.

• AWS is introducing a central management tools to AWS Organizations
• The tool will allow security teams to manage root user access
• Root sessions are also being introduced for short-term root access

AWS Identity and Access Management is helping businesses boost multi-factor authentication (MFA) adoption and organizational security by introducing a centrally managed security feature.

The tool will help organizations and security teams manage root credentials and root sessions through AWS Organizations.

AWS hopes the tool will help reduce the risk of lateral movement and privilege escalation in the event of a cyberattack, while also making day to day security easier and scalable.

Boosting MFA and account security

AWS has taken several steps recently to enhance account security, initially introducing MFA for management account root users before launching FIDO2 passkey support which resulted in a 100% increase in MFA adoption for AWS Organizations users with more than 750,000 AWS root users enabling the phishing-resistant authentication method.

Now, security teams will also be able to remove long-term root credentials to prevent them from being abused, and will also stop them from being recovered and used maliciously.

“This will improve the security posture of our customers while simultaneously reducing their operational effort,” the blog post stated.

The centralized management tool will also allow security teams to create accounts without root credentials, making them secure-by-default and removing the need for additional security measures. The tool will also assist with compliance-related issues by allowing security teams to closely monitor and remove long-term root credentials.

As an additional preventative measure against the misuse of root credentials, AWS is also introducing ‘root sessions’ that provide short-term access for specific tasks and actions, relying on the principle of least privilege to minimize the possibility of malicious use.

Root sessions will also reduce the burden on security teams by helping them adhere to AWS best practices, and perform privileged root actions from a single central dashboard, rather than having to manually log in to each user account.

Central root account management is available through IAM console, AWS CLI or AWS SDK, with additional details for obtaining root credentials on the AWS blog.

You might also like

• Take a look at the best password managers
• Here is our guide to the best endpoint protection
• Apple says Mac users are being targeted by dangerous zero-day attacks, so update now

Are you ready to be terrified by xenomorphs and face huggers galore again? You better be, because Alien: Earth – the first-ever TV series set in the sci-fi horror franchise's universe – has secured a mid-2025 release window.

Announced in a Disney press release, the show, which is being helmed by Fargo creator Noah Hawley, will officially make its debut on Hulu (US) and Disney Plus (internationally) sometime between June and September next year. Indeed, confirmation comes by way of a brand-new teaser for the Alien franchise's inaugural small screen project, which revealed Alien: Earth will emerge from its ovomorph in summer 2025 (that's winter for southern hemisphere dwellers).

Unfortunately, the series' latest teaser doesn't contain any new footage for fans to pore over. That'll be a grave disappointment to many people, myself included, too, especially after Alien: Earth's first teaser was the most underwhelming one I'd seen in a long time.

To be fair to this newest trailer – if it can be labeled as such – there are some quick-flash clips that appear around its midway point. The blurry nature of these snippets, though, mean it's incredibly difficult to determine what's being shown. Indeed, the only thing I could pick out was a person screaming at around the 0:24 mark. It's a bizarre way to market what's like to be one of the best Hulu shows and best Disney Plus shows of 2025, too, especially after a 'new on Disney Plus in 2025' trailer, which arrived in mid-November, actually showed some proper footage from Alien: Earth. Why not include those clips in this new teaser, then?

What is Alien: Earth about?

Sydney Chandley's Wendy will be the latest in a long line of female heroes who'll face off against a xenomorph or two (Image credit: FX/Hulu/Disney Plus)

But enough of my complaining. You want to know what to expect from Alien: Earth's plot, don't you? Lucky for you, FX/Disney has provided new details concerning its story.

"When a mysterious space vessel crash-lands on Earth," the plot synopsis reads, "a young woman and a ragtag group of tactical soldiers make a fateful discovery that puts them face-to-face with the planet’s greatest threat in the sci-fi horror series Alien: Earth.

"As members of the crash recovery crew search for survivors among the wreckage, they encounter mysterious predatory life forms more terrifying than they could have ever imagined. With this new threat unlocked, the search crew must fight for survival and what they choose to do with this discovery could change planet Earth as they know it."

Alien: Romulus, the sci-fi horror franchise's latest entry, was released in theaters in August (Image credit: 20th Century Studios)

Sydney Chandler (Sugar) leads an all-star cast as Wendy, a woman with the consciousness of a child who'll likely be part of the aforementioned crash recovery team. She'll be joined by numerous other recognizable faces, including Alex Lawther (Andor), Timothy Olyphant (The Mandalorian), Essie Davis (One Day), Samuel Blenkin (The Sandman), Babou Ceesay (Into the Badlands), David Rysdahl (Oppenheimer), Adrian Edmondson (3 Body Problem), Adarsh Gourav (The White Tiger), Jonathan Ajayi (Vigil), Erana James (The Wilds), Lily Newmark (Sex Education), Diem Camille (Psychosia), and Moe Bar-El (Honour).

As well as creating the show, Hawley is also on lead scriptwriting and directing duties. Ridley Scott, who created the Alien franchise, joins Hawley on the executive producing front, too.

It's a somewhat busy time for the Alien series. A brand-new film entry, titled Alien: Romulus, was one of 2024's many new movies and, after its solid box office performance, a sequel is believed to be in the works. Alien: Romulus is set to make its streaming debut on Hulu this Thursday (November 21), too, but there's no word on when it'll arrive on Disney Plus in overseas territories.

You might also like

• See if you agree with our ranking of the best Alien movies
• Alien: Romulus wants everyone to hear you scream over the sci-fi horror series' frightfully bold evolution
• Get the lowdown on the best Hulu movies to watch before Alien: Romulus arrives

It's never been easier to buy a mattress that fits your needs. To help you choose the best one, our team has tested and reviewed all the top brands.

Never waste your food again by turning it into compost or fertilizer with a 52% discount.

Avoid soupy salad greens with these shelf-life-extending tips from someone who handles fresh food for a living.

• Dell and Iron Bow accused of violating the False Claims Act by overcharging the US Army
• Together, the two firms will pay out $4.35 million in settlements
• A Dell whistleblower will get 6.6% of Dell’s payout

Dell Technologies and Iron Bow Technologies have agreed to pay more than $2 million each to resolve allegations that they overcharged the US Army under a government computing contract.

The settlements, confirmed in an announcement by the US Department of Justice, address claims of “non-competitive bids” submitted by the companies to secure army contracts at overinflated charges.

Dell will pay out $2.3 million, with Virginia-based Iron Bow set to pay $2.05 million, to settle the claims.

Dell and Iron Bow settlements

According to the DOJ, Dell operated a deal registration program that gave Iron Bow preferential pricing for Dell computer hardware. This subsequently let Iron Bow offer lower bids to the Army, while Dell submitted higher bids to guide the army towards Iron Bow.

Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, stated: “The United States relies on competition to get the best value and price for the American taxpayers.”

US Attorney Prim F. Escalona for the Northern District of Alabama added: “Fraud in the government contracting process costs taxpayers untold dollars each year… We will continue to work with our federal law enforcement partners to investigate and pursue those who commit government contracting fraud.”

The settlement also aims to resolve a whistleblower lawsuit filed by Brent Lillard, an executive of another IT reseller, under the False Claims Act. A $345,000 slice of Dell’s $2.3 million payout is destined for Lillard.

This isn’t the first time that software and hardware providers have been accused of overcharging the US government and its agencies. Earlier this month, the DOJ shared two instances of fraudulent IT contracts which resulted in six individuals being charged or indicted.

German company SAP was also raided by the FBI amid a longstanding investigation into allegations that the company had overcharged the US government and military for use of its software.

You might also like

• Microsoft claims Google is running "shadow campaigns" to discredit its cloud work in Europe
• Need an upgrade? These are the best workstations and mobile workstations
• We’ve listed the best cloud computing providers