Technology

US Immigration and Customs Enforcement put out a fresh call for contracts for surveillance technologies before an anticipated surge in the number of people it monitors ahead of deportation hearings.

Tempur-Pedic Luxe Breeze is one of the most premium options out there, but is it the right one for you? Here's everything you should know before hitting the buy button.

San Francisco–based Ossium Health has carried out three transplants for cancer patients using stem cells from deceased donors’ bone marrow in recent months.

• Volt Typhoon is rapidly rebuilding its botnet of legacy routers
• Traffic is being obscured through webshells and MIPS-based malware
• Critical infrastructure needs to upgrade away from EOL devices

US allies and authorities recently dismantled parts of a network of legacy routers in small offices and home offices (SOHO) infected with the KV Botnet malware, used by the notorious Volt Typhoon group to target US critical infrastructure.

However, a huge new botnet targeting the same vulnerable legacy edge devices within critical infrastructure is rapidly growing, and Security Scorecard’s STRIKE Team thinks it is Volt Typhoon emerging from the ashes.

‘End-of-life’ (EOL) devices, those for which manufacturer support has ended, are again the main targets for this growing network.

SOHO and EOL devices

This time, Volt Typhoon has adapted to more effectively obscure its traffic using a number of tactics. By using SOHO and EOL devices, Volt Typhoon can maintain persistence within legacy routers without fear of security updates that could potentially boot them from their infrastructure. The group has also been spotted using MIPS-based malware to hide its connections and communications through port forwarding via 8433.

Webshells are also being implanted into routers to maintain remote control, which also disguise malicious traffic inside the router's standard network operations. Many of these devices have been detected on the Pacific island of New Caledonia, acting as a transfer point for traffic coming from Volt Typhoon in the Asia-Pacific region heading into the US, and vice versa.

The prime targets of Volt Typhoon’s activities are Cisco RV320/325 and Netgear ProSafe routers. Software maintenance releases and bug fixes for the Cisco RV320/325 ended in 2021, with STRIKE Team highlighting that Volt Typhoon compromised 30% of visible Cisco RV320/325 routers in just 37 days, with government and critical infrastructure being prime targets.

STRIKE Team recommends that government departments should address weaknesses such as the use of legacy devices within critical infrastructure to reduce the number of potential vulnerabilities and access points for cyber criminal organizations and state-sponsored groups.

You might also like

• These are the best business VPNs
• US government agency warns workers of possible Chinese cellphone hacks
• Take a look at the best endpoint protection software

Refinance rates were mixed, but one key rate declined. Experts expect refi activity to go up as rates drop.

Mortgage interest rates moved in opposite directions, but one benchmark rate trailed off. Rates change on an hourly, daily and weekly basis.

• Mac mini M4 has been rated for repairability by iFixit
• The compact computer scored a 7/10 with a laudable modular design
• There are sticking points with the proprietary SSD, though

Apple’s Mac mini M4 has been given the teardown treatment by iFixit, and there are generally positive findings here, albeit with some catches.

The website is famous for taking apart hardware and rating it in terms of design and repairability considerations, and iFixit begins its video teardown by underlining just how much smaller the new Mac mini is compared to the computer in the past.

Apple achieved this by cramming a lot of components into a small space in an impressive manner, and something to note is that the power supply has been changed from a single module to a board that runs across the top of the chassis.

There’s also a large fan inside the Mac mini M4 and an innovative cooling design which is doing a lot of the heavy lifting in terms of keeping the power used in check given the limited space in the more compact chassis.

Another interesting move on the cooling front is that the Mac mini with vanilla M4 has an aluminum heatsink, whereas the model with the M4 Pro SoC has a larger copper heatsink to better cool the more powerful processor, which makes sense of course.

There’s good news on the storage front: the SSD is removable, as we’ve already heard about, so upgrading to a bigger drive is possible. We say that, but there are caveats here, which we’ll come back to in a moment.

The plus point of removable and replaceable ports is also noted, at least on the front of the Mac mini – sadly the rear ports are soldered (as is the system RAM, alongside the M4 chip itself at the heart of the machine).

The controversial position of the power button on the underside of the Mac mini also gets a mention, inevitably, along with an observation that perhaps Apple is overly concerned about aesthetics here.

Overall, iFixit praises the thinking about the modular design, with the likes of those ports (on the front), and the storage, pinning a 7/10 (provisional) score for repairability on the Mac mini M4.

Analysis: Storage and Apple’s proprietary choice

Coming back to the issue of storage, while the SSD can be upgraded, there are catches as mentioned (which we already touched on in a previous report). The drives are physically different between the Mac mini with M4 and the computer with the M4 Pro, so you can’t swap SSDs between those models. However, iFixit did successfully upgrade a base Mac mini M4 with a 512GB SSD from another model replacing a 256GB drive.

The other fly in the ointment here is that the SSD is a proprietary Apple drive, so you can’t just go and buy any old solid-state drive and plug it into your Mac mini. You’ll need an SSD from another Mac mini, or one sold by Apple – if the company starts offering these (which isn’t the case yet). So, that rather limits the storage upgrade options as you can imagine.

There is the possibility that third parties will produce compatible SSDs for Mac mini upgrades, and indeed there have already been announcements to that effect. The downside of such a ‘fudged’ (well, unofficial) drive installation could be that Apple closes off this avenue via firmware updates that render the third-party SSD inoperable, but we’re getting ahead of ourselves here.

Let’s just hope Apple sells SSDs for Mac mini storage upgrades itself, but skeptics are already doubtful this might happen – and the point of the replaceable drive here is more about facilitating repairs, than upgrades.

You might also like

• Apple Mac mini M4 PC gets rare $50 discount in early Amazon Black Friday surprise offer
• A new dawn for Mac gaming? Apple's M4 Mac mini will support hardware-accelerated ray tracing
• Apple just declared a bunch of Macs obsolete – these are the affected MacBook and iMac models

Audiobooks are one of the best ways to pass the time on long car rides, and with just this app and a library card, you can grab a whole lot of them for free.

Get TV for free by watching over-the-air broadcasts. Here are our recommendations for the best indoor TV antennas.

• Sony announced a chunky $70 discount for the PS5 Slim
• However, the trailer for the deal has now been delisted
• It seems likely that the deal will resurface closer to Black Friday

It looks like the PS5 Slim is getting a slight discount over the Black Friday sales period... or is it?

As spotted by IGN, Sony released a short trailer announcing that the PS5 Slim Digital Edition is to be reduced to $379.99 - a pretty sizeable $70 off its $449.99 retail price in the US. However, trying to watch the trailer at this point won't do you any good as Sony very quickly delisted it after it went live yesterday (November 12).

While there was no start date attached to the deal, it was due to run all the way up until December 24 - so plenty of time to nab one in time for Christmas. The deal would've been quite a boon for those planning on buying a PS5 disc drive, which retails for $79.99. That would bring the total price up to $459.98 - about $40 cheaper than the PS5 Slim console with the disc drive included.

The most likely reason for the trailer being delisted is that it was simply posted too early. Black Friday PS5 deals commence on November 29, so we could see PlayStation's official channels repost the deal trailer a little closer to the time.

Curiously, there's no word on whether or not the standard PS5 Slim with the disc drive included will receive a Black Friday discount, though this could also be up to individual retailers' discretion. We also don't know if the deal will be reflected in other parts of the world such as the UK and Australia.

All we can say at this point, really, is watch this space. We'd be surprised if Sony decided to cancel the deal entirely, as there will no doubt be plenty of buyers eager to grab the console at a discount in time for the Holidays.

You might also like...

• PS5 Pro review: a high-performing enthusiast console with a pricey sting in the tail
• Black Friday PS5 Pro deals: the best discounts and deals to expect
• Black Friday PS5 controller deals 2024: sales are going live

• New rumor predicts that iOS 18.2 could roll out on December 9
• Software update will finally deliver some Apple Intelligence features
• Rumors contradict previous speculation about a December 2 release

Since Apple Intelligence was revealed at Apple’s WWDC 2024 event in June, it’s been very slow to roll out, with many features still not in the hands of iOS 18 users. That will all change when iOS 18.2 gets the green light – and two sources have now indicated exactly when that might happen.

The first hint seems to have been inadvertently leaked by British mobile carrier EE (as spotted by MacRumors). According to forum posts, EE has warned users that it will stop offering a service called “Wi-Fi calling on other supported iCloud-connected devices” on December 9. This feature lets you make a call from an iPad or a Mac when you iPhone is not close to hand.

How does this relate to iOS 18.2 and Apple Intelligence? Well, eagle-eyed sleuths have noticed that the second developer beta of iOS 18.2 (which launched last week) came with new carrier settings specifically for EE.

This update removed a toggle in the Settings app called “Add Wi-Fi Calling For Other Devices,” which sounds extremely similar to the feature that EE says will be discontinued on December 9. Since most carrier updates are bundled in with full public iOS releases, it suggests that iOS 18.2 will launch out of beta on the date indicated by EE.

Another date for your diary

(Image credit: Future)

However, those new rumors may not have predicted the exact date. That’s because Bloomberg reporter Mark Gurman believes iOS 18.2 will actually land a week earlier. Writing in his recent Power On newsletter, Gurman explained that iOS 18.2 is likely to be rolled out at some point in the week commencing December 2, putting him at odds with the EE leak.

Gurman has a very strong track record and is seen as one of the most reliable Apple leakers in the business, so his words carry weight. But at the same time, iOS x.2 releases usually fall in the second week of December, which tends to support the EE theory. Either way, what seems certain is that iOS 18.2 is nearly upon us.

Whenever it launches, iOS 18.2 will bring a number of Apple Intelligence features to compatible devices, including the Image Playground, Visual Intelligence, custom emoji known as Genmoji, and an integration with ChatGPT.

We’ll have all the details on how to get the most out of them when they arrive – whatever date that ends up being.

You might also like

• iOS 18.2 could land a week earlier than expected, and it'll include big Apple Intelligence updates
• You can try new Apple Intelligence features like Genmoji, Image Playground, and ChatGPT in Siri today with launch of new public betas
• Apple Intelligence’s Genmoji is already a huge hit as custom emoji pack sharing goes viral on TikTok

• 92% of UK businesses recognize sustainability as a key priority
• More pressure is coming from investors and shareholders
• The future is in data-driven predictive AI

A new joint study by Kyndryl and Microsoft has shed light on how taking advantage of new and emerging technologies can actually help companies reach their sustainability goals.

With British businesses being forced to comply with increasingly stringent regulations, nine in 10 (92%) UK companies now recognize sustainability as a high priority, however fewer than one in three (30%) are fully using technology for meaningful progress.

However, the report revealed that investor expectations and shareholder demands are the primary motivators – with pressure coming from the top and outside, businesses are less likely to feel the urge to change, which is reflected in the low green tech uptake.

Businesses aren’t using tech for sustainability initiatives

With investor and shareholder pressure now noted by 38% of respondents, up from 29% last year, the need to reduce energy consumption as a motivator has slipped four percentage points to 38%.

In terms of how companies can use tech to become more sustainable, artificial intelligence is already emerging as an important role player. Three in five (62%) use it to monitor energy use and emissions, but with only 37% using predictive AI to forecast needs based on trends and patterns, there’s room for improvement.

Furthermore, only one in five (19%) fully use data for strategic planning and decision-making – a concerningly small proportion given the importance of a strong data foundation in the deployment of AI tools.

However, the report calls for the responsible use of artificial intelligence, which relies on power- and resource-hungry data centers that themselves are coming under scrutiny in a more environmentally-conscious world. Only one-third (35%) are currently considering the energy implications of their AI solutions.

"By integrating sustainability into a company’s business strategy, processes and systems, organizations can maximize the value of their people and technology to achieve internal goals and deliver positive impact," noted Faith Taylor, Chief Corporate Citizenship and Sustainability Officer at Kyndryl.

You might also like

• We’ve listed the best green web hosting providers
• Cost concerns are holding back sustainability drive for many firms
• Keep your data safe online by using one of the best cloud hosting providers

• HBO chief Casey Bloys has narrowed down the launch windows for the highly-anticipated duo
• The Last of Us season 2 will arrive in early 2025, Bloys revealed
• Peacemaker season 2 is also set to be released next August, HBO's CEO added

HBO boss Casey Bloys has provided some exciting release window updates for two of the studio's most anticipated TV shows.

Speaking at a HBO event, which was attended by press outlets including IGN, Bloys fielded numerous questions about the company's upcoming line-up of shows. Among the queries put to Bloys was when audiences could expect to see The Last of Us season 2 and Peacemaker season 2 make their debuts. And, while Bloys wasn't directly quoted by IGN or its siblings, IGN reports he was more than happy to deliver some telling updates on the pair's forthcoming releases.

Discussing The Last of Us' return first, Bloys told the assembled press that the hugely popular post-apocalyptic drama would launch sometime in spring 2025 (that's autumn for non-northern hemisphere dwellers). That's a narrower launch window than I'd previously reported on – indeed, in mid-September, Bloys said one of the best Max shows' second seasons would air in the "first half of 2025".

Prepare to dance along to Peacemaker's amazing intro sequence again in August 2025 (Image credit: Max)

As for Peacemaker season 2, Bloys was more forthcoming about an actual release month for the DC Cinematic Universe (DCU) TV show. The John Cena-starring comic book-inspired series will, according to Bloys, debut on Max (in the US, anyway) next August, meaning it'll be released a few weeks after James Gunn's Superman movie flies into theaters.

With Peacemaker's sophomore season in the final throes of its filming schedule, plus the fact that 2025's Superman flick will lead directly into the show's next outing, it makes sense for the two DCU Chapter One projects to launch in close proximity to each other. For what it's worth, DC Studios co-head James Gunn hasn't taken to social media to counter what Bloys said. Considering Gunn is quick to dismiss rumors and other falsely reported news, it seems there's more than a grain of truth to Bloys' comments regarding Peacemaker 2.

Max-ing out HBO's 2025 release schedule

The duo's release window updates come hot on the heels of a 'new in 2025' Max trailer, which featured Peacemaker season 2's first footage and new clips from The Last of Us season 2. Regarding the latter, there was a new, albeit quick glimpse at Pedro Pascal's Joel interacting with Catherine O'Hara's unnamed character, which debuted alongside previously seen clips from season 2. Meanwhile, the first scenes from Peacemaker 2 showed the titular character raising a glass with his 11th Street Kids crew, plus a first look at Frank Grillo's Rick Flag Sr., who's expected to be the series' new antagonist.

Before he makes his live-action debut in Peacemaker, Grillo's Flag Sr. will be seen in animated form as part of Creature Commandos. The first project to arrive as part of Gunn's rebooted DC cinematic franchise, it'll launch on Max (US), aka one of the world's best streaming services, with a two-episode premiere on December 5. It's expected to debut on Sky/Now TV (UK) and Binge (Australia) around the same time, too.

It could be a while before an official trailer for Peacemaker season 2 is released, but we received an unsettling teaser for The Last of Us TV show's second installment in late September. As someone who played Naughty Dog's The Last of Us Part II, which the series' second chapter is based on, I'm not ready to have my heart broken again, either.

You might also like

• The DCU's Lanterns series finds its John Stewart and Hal Jordan as new mystery character teased for Peacemaker season 2
• The Last of Us season 2 will be shorter than the first – here are 3 reasons why that's exciting for the hit Max show
• The first episode of Arcane season 2's after show is out now, and its sneak peek at act 2 will have you fearing for your favorite character's life

• Google is restarting the Wear OS 5 rollout on older Pixel Watch models
• It has previously been paused because it was bricking devices
• Pixel Watch 1 and 2 users will see the rollout starting now

Google has confirmed that it's restarting the rollout of Wear OS 5 for Pixel Watch 1 and 2 owners, weeks after the update was pulled because the new software was bricking devices.

Google paused the Wear OS 5 update in late September after users reported that the update was bricking their older-generation Pixel Watch models. At the time, Google told us it had put the update on hold while it looked for a solution.

In a community post on November 12, Google confirmed that the rollout is back underway.

"Pixel Watch 1, Pixel Watch 2, and Pixel Watch 3 devices will receive the November 2024 software update, with the next update planned for March 2025," Google stated, adding that with this update "Pixel Watch 1 and 2 users will resume receiving the Wear OS 5 upgrade starting today (November 12.)"

Google says Pixel Watch users can expect the update to land over the coming week depending on carrier and device, and they'll get a notification on their watch once the update is available.

Wear OS 5 comes to older Pixel Watch models

(Image credit: Google)

The Wear OS 5 rollout is great news for owners of the Pixel Watch and Pixel Watch 2, which are still some of the best Android smartwatch options out there despite the launch of the Pixel Watch 3 earlier this year. Users can expect improved performance and battery life, as well as new running metrics such as ground contact time and vertical oscillation.

Not only is it great news for existing Pixel Watch customers, it could also give a boost to Pixel Watch sales ahead of the Black Friday deals event. We expect to see big savings on Pixel Watch 1 and 2 models (the Pixel Watch 2 is already $100 off at Amazon), and now prospective customers know they're getting the latest Android wearable software if they decide to go for an older model.

You may also like

• Samsung Galaxy Watch 6 owners poised to get Wear OS 5 soon – as Google Pixel Watch still struggles
• Don't panic, Facer users, full Wear OS 5 support is coming – eventually
• Google Pixel Watch 3 price slashed in the US and UK in stunning early Black Friday deal

These savings accounts still earn more than 10 times the national average rate.

My partner and I are looking for a bed that accommodates our drastically different sleep preferences. Could Avocado be “the one” or will we end up in a sleep divorce?

Just before the 2024 general election was announced, the UK government was looking to bring in tougher rules on ransomware payments, including the potential to ban ransom payments entirely. The justification? A decisive action to cut off the business model of cyber extortionists.

But the message around ransom payments is contradictory to say the least. In the UK, the NCSC has made it abundantly clear that businesses should not pay ransoms. Yet, insurance policies recommended by the government's Cyber Essentials scheme clearly state that they provide cover for extortion payments. Ultimately though, this directly funds cybercriminal activity and enables it to gain momentum.

So, what are the benefits and drawbacks of banning ransomware payments, what alternatives can be considered and what role does the cyber insurance industry play in tackling this threat?

To pay or not to pay

Earlier this year, French hospital, CHCSV, refused to pay a ransomware demand, despite suffering severe operational disruption. Meanwhile, other organizations that have fallen victim, such as Change Healthcare in the US, have gone in a different direction, with this particular private healthcare firm paying $22m to attackers.

The difference here is that one victim falls within the public sector, while the other doesn’t, and when public sector organizations pay ransom demands, it ultimately comes out of tax payers’ money. It’s for this reason, among others, that several states in the US have already made it illegal for public sector organizations to pay extortion payments.

However, there appears to be less public transparency in the UK on whether companies pay ransomware demands. While the US has official government data specific to ransomware payments, the UK lacks official reporting as most of the data available comes from industry reports. For instance, a report from Censornet revealed 85% of SMEs report paying a ransomware demand, while research from Cohesity found that 69% had paid a ransom in the last year.

But not paying can cost businesses more in the long run. For example, last year, MGM Resorts didn’t pay its attackers but has since revealed costs of up to $110m. Similarly, the WannaCry incident, which affected thousands of NHS hospitals and surgeries in 2017, is reported to have cost £92 million in recovery.

While ransomware victims continue to play this game of ‘will they, won’t they’, according to Mordor Intelligence and Fortune Business Insights the cyber insurance market in the UK is estimated to be $1.35bn in 2024 and $20.88 billion globally, with new policies continually being established as businesses scramble to insure themselves against the inevitable.

Insurers, unsurprisingly, will usually look for the lowest cost option when dealing with the fallout of a ransomware attack: paying the ransom demands. But doing so funds this global cybercrime pandemic. It’s therefore little surprise that ransomware payments, according to Chainalysis, broke the $1bn mark in 2023.

So, while some believe ransomware is becoming more prevalent due to better targeting by cyber criminals, it’s perhaps worth considering whether it’s any coincidence that as the insurance industry grows, so too does the cybercrime landscape.

What other choice do we have?

Despite these somewhat muddied waters, the correct response to ransomware attacks is clear: paying demands should almost always be a last resort. The only exception should be where there is a risk to life. Paying because it’s easy, costs less and causes less disruption to the business is not a good enough reason to pay, regardless of whether it’s the business handing cashing out or an insurer.

However, while a step in the right direction, totally banning ransom payments addresses only one form of attack and feels a bit like a ‘whack-a-mole’ strategy. It may ease the rise in attacks for a short while, but attackers will inevitably switch tactics, to compromising business email perhaps, or something we’ve not even heard of yet.

So, what else can be done to slow the rise in ransomware attacks? Well, we can consider a few options, such as closing vulnerability trading brokers and regulating cryptocurrency transactions. To pick on the latter as an example, most cybercrime monetizes through cryptocurrency, so rather than simply banning payments, it could be a better option to regulate the crypto industry and flow of money.

Alongside this kind of regulatory change, governments could also consider moving the decision of whether to pay or not to an independent body. This would ensure the decision is made regardless of cost and instead based on risk to life and disruption to critical services. Though whether a court, or other independent body, could make these decisions quick enough is up for debate.

Insurance and cyber security can go hand in hand

Digital transformation was expedited during the pandemic and on top of that, extortion based cyber-attacks have been spurred on by cryptocurrency, all within a short time frame.

Meanwhile, the biggest challenge for insurers in today’s digital environment is their lack of data. This perfect storm explains why the insurers are continually adapting requirements and increasing premiums at an escalated pace.

But it’s important to remember that being insured can make the business more of a target because cyber criminals know they may get their ransom payment, fueling this never-ending cycle. It’s therefore essential that businesses adopt a cybersecurity posture that provides them with the best possible protection, insured or not. In fact, opting for an insurer who understands risk based on data can help make a business’ cyber strategy more secure.

For example, insurers who understand risk based on data often require businesses to adopt many different technologies and processes to reduce said risk, for example the use of cloud backup systems, multi-factor-authentication and advanced endpoint detection and response solutions.

In fact, the full list of recommendations these insurers require are typically a subset of those that cybersecurity professionals and cybersecurity frameworks also recommend. And while insurers are focused on reducing the potential of a financial claim, the cybersecurity industry is focused on reducing the risk of any cyberattack, so following these recommendations will inevitably be a positive step for the business.

A match made in cyber heaven?

The relationship between cyber insurance and cybersecurity is inseparable, and these two industries are fast becoming a marriage of convenience. However, there remains one significant obstacle in this becoming a happy and truly fulfilling marriage. The funding of cybercrime through the payment of ransomware demands by insurers needs to stop (unless in exceptional circumstances!).

We've featured the best malware removal tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Get an extra 10% off Priceline hotels with a promo code, plus up to 60% off Express Deals and rental cars this November.

• WhatsApp and Facebook Messenger to be banned for internal NatWest communications
• You can still reach customer service through WhatsApp
• The Financial Conduct Authority issued fines to Morgan Stanley for irretrievable conversations

One of the UK’s largest banks has banned employees from using instant messaging apps such as WhatsApp, Skype, and Facebook Messenger.

NatWest had previously asked workers to ensure they used ‘approved channels’, but has now gone one step further and made messaging platforms inaccessible from company-issued devices.

Whilst WhatsApp and Facebook Messenger are encrypted, they can also be set to disappear or can be difficult to retrieve, but financial institutions must be in line with record-keeping regulations, and have retrievable communications.

Robust regulations

"Like many organisations, we only permit the use of approved channels for communicating about business matters, whether internally or externally," a statement from NatWest confirmed.

The Financial Conduct Authority is reportedly paying particular attention to the issue of unmonitored communications, which prompted NatWest to take actions to protect itself in regards to the regulations.

The rules are aimed at preventing market abuse and misconduct, but the use of third party messaging apps has made them harder to enforce, especially with an increased number of people working from home. The bank still offers WhatsApp as a means of contact for customers and for assistance with banking enquiries, but the platform is banned for internal communications.

This comes after a huge fine was handed to Morgan Stanley of almost £5.5 million when Ofgem determined the bank had breached rules on recorded communications after staff used WhatsApp for trading communications.

Many Brits will remember the recent COVID inquiry revealed a mass deletion of WhatsApp messages by Government ministers and officials, on an ‘industrial scale’.

Former Prime Minister Boris Johnson told the inquiry he lost around 5,000 messages, which were never recovered - illustrating the unreliable nature of third party messaging apps (and politicians).

Via BBC

You might also like

• Take a look at our pick of the best laptop for working from home
• The EU wants to scan your WhatsApp chats—and privacy experts are furious
• Check out our choices for best encrypted messagins apps for Android

This "crime of opportunity" can be costly, especially during the holiday shopping season.