Technology

• The Scout Terra electric pick-up brings back the bench seat
• Hybrid range-extender version can cover up to 500 miles
• Terra and Traveler won't hit roads until 2027

Former American off-road brand Scout, which was recently purchased and revived by the Volkswagen Group, has returned to inject some throwback chic into the pick-up and SUV segment, as well as give the likes of Rivian a run for its money.

Although both the recently unveiled Terra Truck and Traveler SUV still fall under the banner of “production-intent concepts”, they give us our best look yet at what Volkswagen is trying to achieve by reviving the brand.

And that clearly means retro looks, nostalgic nods to the past and modern technology that features tactile buttons and mechanical switches where possible.

As someone with a mild obsession for old Chevrolet pick-ups from the 1960s and 70s, I think it's wonderful – all of the best bits of classic American trucks, without the worry about things falling off or rusting away in the rain.

(Image credit: Scout Motors)

Despite previously suggesting that Scout was going to be a pure battery EV manufacturer, it has decided to also offer a range-extending hybrid into the mix, which the company states is good for around 500 miles of total range and should go some way to bash range anxiety over the head.

Pure electric versions of the Terra Truck will offer 350 miles, but there’s still no official word on the battery and motors used. However, all-wheel-drive comes as standard (obviously) and the most powerful versions of both Terra and Traveler should be able to hit 60mph from rest in around 3.5 seconds.

But it is inside Scout's concepts where the nostalgia really kicks in, because the brand is arguably among the first to revive the front bench seat – a mainstay in the trucks and SUVs of America’s glorious yesteryear.

The company is is also a vocal advocate of real controls, dials and toggles to take care of key information, while the infotainment system appears to be on rails so the copilot can “take control of the screen while you focus on the road ahead”.

Analysis: Volkswagen needs a truck-shaped sales boost

(Image credit: Scout Motors)

Manufacturers clearly deem retro to be en vogue, as it is a mechanism that has recently been employed by French marque Renault, with the launch of its all-electric Renault 5 and upcoming Renault 4 models, while both Mini and Fiat are still playing on their heritage with great success.

Scout’s main rival, Rivian, is already notching up solid sales of its second-generation R1T and R1S models, as well as teasing the mid-sized R2 and R3, which are due sometime in 2026. All of these feature a hefty dose of nostalgia in their designs, too.

We won’t see either of Scout’s models hit the road until at least 2027, when the company predicts they will be on sale for $50,000 (around £38,000 / AU$75,600) to $60,000 (around £46,000 / AU$91,000) with incentives.

This is all subject to market conditions at the time of launch, of course, but pricing appears competitive, considering a Rivian R1T costs almost $10,000 more, while a base Cybertruck now hovers at $74,490.

Interestingly, Scout has also said it is going to eschew Volkswagen's traditional dealer sales channels – much to the dismay of disgruntled dealers.

(Image credit: Scout Motors)

Instead, it will sell direct to consumer via its own unique spaces, as well as offer the ability to purchase online and through its app. It is a bid to modernize the buying experience and cut out the middleman.

It all feels very modern and appealing to the younger buyer, but will nostalgia and direct-to-consumer sales be enough to persuade them to make the switch?

Volkswagen could do with a truck-shapes sales boost in the US, as dwindling sales in China are currently stifling its progress in the EV market. The fact Scout will be made in the US will also get around the government's recent tax hikes and proposed bans on vehicles imported from China.

Either way, Scout had me at bench seat.

you might also like

• Rivian just gave its EVs a KITT from Knight Rider makeover with this spooky software update
• ChatGPT gives Volkswagen cars the smarts to talk to you all day long
• I’ve ridden Can-Am’s new electric motorcycles – and they’re the best case so far for ditching polluting commuter bikes

This satellite provider offers an all-in-one plan featuring faster speeds, no contracts and higher data allowances. Here’s what to know about Viasat.

iOS 18.1 brings the first Apple Intelligence features, but you need to take a few steps before you can use them.

One of the best VPN services on the market just revealed new advanced security features, beefing up its defense against some of the most pressing online threats.

On October 25, 2024, Mullvad VPN unveiled expanded protections against AI surveillance and censorship in two separate announcements. The newly launched DAITA feature, short for Defense against AI-guided Traffic Analysis, is now also available for its Android VPN app – previously, only Windows, macOS, and Linux users could use it. At the same time, the provider added Shadowsocks obfuscation technology to the WireGuard VPN protocol for its Android and desktop apps.

Keep reading as I explain what these added features are all about and why you should use them.

Fighting back against AI tracking

Mullvad launched DAITA back in May, describing it as "the first step" in the battle against sophisticated traffic analysis. Fully built on an open-source framework – meaning that anyone can check that works as promised – it aims to modify the appearance of data packets sent over the VPN network to prevent snoopers from tracing these activities back to you.

DAITA is a necessary tool as a virtual private network (VPN) can only protect you against some forms of online surveillance – not all.

A VPN encrypts your internet connections so that third parties cannot access the content of the data packet you sent – though they can still see them moving – whilst spoofing your real IP address location. Put simply, when you're using a VPN or even the more secure Tor Browser, you can still be vulnerable to traffic analysis.

As Jan Jonsson, CEO of Mullvad VPN, explains, artificial intelligence has made traffic analysis particularly dangerous for user privacy. This is because AI can be used to analyze the data packets sent back and forth from your device to link online activities back to individual users. At the same time, AI tools can sort through all the data that authorities and big tech companies have collected more quickly and on a more sophisticated level.

"AI will be used both to collect data about people and to analyze that data. That’s why we developed DAITA, to counteract this right at the point of the data collection," Jonsson told me.

Mullvad introducing Defense against AI-guided Traffic Analysis (DAITA) https://t.co/bfOVYCT0ziMay 7, 2024

DAITA launched in May 2024 on Mullvad's Windows VPN apps for Windows 10 and 11 operating systems, with support for macOS and Linux arriving at the beginning of September. Now, Android users can finally benefit from the advanced protection.

Enabling DAITA on Android is easy. All you need to do is open your app and head to Settings. Here you'll need to tap VPN settings and then DAITA to switch ON the toggle button.

When you connect to a VPN server, you'll see that a notification ("using DAITA") will appear next to the server location on the app homepage. This means that your online activities have an added layer of protection, and are less susceptible to being traced by a third party, as Mullvad promises to make all data packets the same size while adding random background traffic.

Faster VPN obfuscation

AI tracking might be a relatively new threat on the internet – but online censorship is a much older risk, and one of the primary reasons why VPN usage continues to soar around the world. At the same time, however, authorities are getting better at blocking VPN usage.

As a result, VPN providers need to keep evolving in the cybersecurity space to help users bypass restrictions.

VPN obfuscation is a hugely important part of this. As the name suggests, it references the technology responsible for hiding the fact you're using a VPN in the first place. While different techniques achieve the same thing, they all have something in common – ensuring the VPN traffic looks like normal traffic to evade any VPN blocks and bans.

WireGuard Shadowsocks's support for the Mullvad iPhone VPN app is expected to come at a later date

Mullvad has been using Shadowsocks obfuscation since 2019 as a default setting for its OpenVPN protocol to help users successfully bypass firewalls and censorship. What's changed now, though, is that the provider has extended Shadowsocks support to the faster and more efficient WireGuard protocol.

So, when you use Mullvad VPN on a desktop or Android, you won't need to sacrifice performance and blocking capabilities in exchange for improved digital privacy. Our most recent testing shows, in fact, a clear discrepancy between peak speeds with WireGuard (950 Mbps) and OpenVPN (410 Mbps). WireGuard Shadowsocks's support for the Mullvad iPhone VPN app is expected to come at a later date

It's worth noting that you might still encounter some connection stability issues at the time of writing when using Shadowsocks and switching between networks. "We are currently working on addressing those as part of an upcoming release," said the provider in a blog post. The team at Mullvad ensures that none of these issues are security-related nor expose you to any risk of data leaks.

Thought the best Garmin watches were too expensive already? You haven’t seen anything yet.

Garmin’s ultra-premium line of smartwatches, the Marq range, is Garmin’s foray into style as well as substance. Instead of going for chunky G-Shock style adventure watches like the Instinct range, or going for a more conventional smartwatch aesthetic like the Venu or Garmin Vivoactive 5, the Garmin Marq line shares a design ethos with premium analog watches, with each model representing a certain theme.

The Garmin Marq Aviator, for example, boasts weather reports for specific airports (ideal for pilots), while the Marq Captain model looks like a classic dive watch and features a regatta timer on the bezel.

The Marq Adventurer is a premium smartwatch with a 360-degree rotating compass bezel, as well as all the rest of Garmin’s premium adventuring features including topographical maps support, all-day blood oxygen sensing for altitude acclimation, and advanced GPS capabilities. Ordinarily, the Marq Adventurer Gen 2’s case and bezel is comprised of Grade 5 Titanium, but a recent drop by Garmin has the Marq Adventurer’s case and rotating bezel comprised of Damascus steel.

Damascus steel is well-known for its incredible durability and distinctive wavy design. Described as “forged from the finest materials on Earth”, the Garmin Marq Adventurer (Gen 2) Damascus Steel Edition, to give it its full title, looks absolutely sublime.

(Image credit: Garmin)

It comes with a leather / FKM rubber hybrid watch strap to pair with the ultra-premium body, which features Garmin’s classic five-button design. This will all set you back an eye-watering $3,100 / £2,799 / AU$5,500.

This has to be one of the best-looking smartwatches, with that Damascus steel undulating pattern made using its forging, that I’ve ever seen. Forget the price: I still want one. Long-time readers might know that I love it when analog and digital design languages meet to create something unique: it’s why I’m one of the only people I know who really loved the smart Casio G-Shock aesthetic of the Garmin Instinct Crossover. But the Marq Adventurer (Gen 2) Damascus Steel Edition is another level, and for three grand I should hope so.

There doesn’t appear to be a huge difference in functionality between Garmin’s other premium offerings, such as the Garmin Fenix 8, but Garmin already knows its internals are quality: you’re paying for a smartwatch that looks like it could belong on the wrist of Indiana Jones, only with current-generation smarts. It might look timeless, but this watch certainly doesn’t belong in a museum.

You might also like...

• The Coros Vertix 2 can tell you everything you need to know about your climbing session – without you even wearing it
• Garmin Fenix 8 review: rugged, expensive perfection
• Garmin MARQ Athlete (Gen 2) review: It's stylish, rugged and expensive, like James Bond

Several months after a CrowdStrike update left millions of servers unusable, bringing some industries to a temporary but costly halt, Delta Air Lines has filed a law suit against the cybersecurity company to recoup some of its losses

The lawsuit, filed in a Georgia court, asks CrowdStrike to pay out over $500 million in losses, along with litigation costs and punitive damages.

After cancelling around 7,000 flights, Delta asserts it lost $380 million in revenue and incurred a further $170 million in other costs, which it is now looking to cover through means of legal action.

Delta takes CrowdStrike to court

“CrowdStrike caused a global catastrophe because it cut corners, took shortcuts, and circumvented the very testing and certification processes it advertised, for its own benefit and profit," a Delta annoncement said.

News of the lawsuit comes after the company appointed David Boies, a major attorney with experience in some high-profile cases to seek damages from CrowdStrike and Microsoft.

Speaking with CNBC, Delta CEO Ed Bastian said: “The havoc that was created deserves, in my opinion, to be fully compensated for.”

Following the incident, Delta was quick to offer customers financial support by means of refunds and reimbursements. The company acknowledged that CrowdStrike was responsible for the outage, but offered customers little more in terms of an explanation.

CrowdStrike CEO George Kurtz issued a public apology after the outage, promising to enhance the company’s update protocols.

A CrowdStrike spokesperson responded to the case (via CNBC): “Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure.”

It’s unclear how the case will play out, but with CrowdStrike’s dodgy update being the cause of the issue, it’s likely that this will guide the judge’s decision.

More from TechRadar Pro

• Check out the best server for your small business
• Boost security by installing the best endpoint protection software
• CrowdStrike hits back at Delta lawsuit — claims it did everything it could, and airline ignored offer of help

Let's break down how much of the previous story is relevant in order to best enjoy this new entry.

California has more rooftop solar panels than any other state. Here's what to know if you're planning to join in.

Before you write in, our Headphones of the Year Award is open to in-ear, on-ear and over-ear designs (rather than just cans) because we want to make you aware of the very best headphone product released in 2024. And based on another full year of testing, I want you to know right from the off that choosing the Bowers & Wilkins Pi8 as that product was one of the easiest decisions we've made all year.

This year, the hands-down TechRadar Choice Awards 2024 audio winner revealed itself rather late in the game, at the end of August to be precise. This was cutting it pretty fine for consideration in the 2024 awards proceedings, but I doubt B&W was particularly worried about that; it's abundantly clear to me that this time around, the UK audio specialist wanted to get its earbuds done right, rather than to get them done quickly – and that is probably why they're so, so good.

The keen-eyed will already have spotted that the Bose QuietComfort Ultra Headphones won our 'Best wireless headphones' award, so why did we choose the Pi8 as the overall winner, rather than the household name of Bose?

I've said it before and I'll say it again: this decision isn't always conscious, rather it makes itself, over the course of our review process. I might have five or six sets of the best headphones at similar price-points as reference products (I trust my ears and my testing, but it's still nice to have proven class-leaders in the mix to double-check), and it's the ones I reach for when I'm not testing that tend to steal the crown.

I typically prefer the best over-ear headphones given the choice – not just so I don't have to talk to people, although that helps – but I found myself picking the B&W Pi8 earbuds every day before heading out the door, for no reason other than they provide the sound quality I really wanted.

Actually there are other reasons, but to understand them fully you need to understand that sound quality has never been the issue with B&W's earbuds historically. So when the company finally went back to the drawing board and got the basics – design, comfort, connectivity, on-ear controls – absolutely bang on with the Pi8, it simply allowed that sound quality to take center stage. And there you have it: winners.

How's that for an updated design that just works? (Image credit: Future)

Let's drill down into the design overhaul then, because the Pi8 are are unrecognizable from the slightly unreliable (and honestly uncomfortable) Pi7 S2 that came before them. Refreshingly, the company approached the challenge of rectifying the older siblings' issues with both humility and due diligence, chiefly by completely redesigning the driver housings (to look quite a lot like the also-excellent 2023-issue Technics EAH-AZ80, honestly) but also by adding an upgraded DAC, DSP and amplifier components, meaning they effectively bypass Qualcomm's digital-to-analog converter for even better audio quality compared to how most of the best wireless earbuds handle this.

Do the Pi8 nullify noise as well the Bose QuietComfort Ultra Earbuds or the AirPods Pro 2? For me, it's a yes. The Pi8 have received quite the redesign here too – using tech from their PX8 over-ear siblings – and however B&W has done it, it works. That feeling of leaving traffic for dust kicks straight in, but without any sense of wind-tunnel-type nausea or being unceremoniously sucked into a vacuum by the eardrums. Also, you now get on-ear volume control, something I've been knocking B&W's decision to swerve since 2021, since it had me rifling through my bag to alter the volume of elite earbuds' – meanwhile, propositions at a fraction of the price could do it on the earpieces.

There's a notable extra too: aside from the case's no-nonsense, pocketable appeal, you can plug its USB-C port (USB-C to 3.5mm and USB-C cables are in the box) into a non-Bluetooth source, such as an in-flight entertainment system, and it'll work as a wireless audio transmitter in aptX Adaptive quality at up to 24-bit/96kHz quality, turning these into wired earbuds… sort of.

There are no spatial audio with head-tracking and no ear-tip fit tests or hearing profile curation, but the B&W Music app is a joy to use when cueing up your various playlists if, like me, your music comes from a few different sources and streaming services. For better or worse, B&W wants unadulterated music to be the star of the show, and I cannot fault the sound quality the Pi8 earbuds are able to deliver in a wireless design, which is not a statement I make lightly.

All that’s really left for me to say is that the Pi8 won because they're now as physically comfortable and secure as they are sonically detailed and dynamically agile, which only makes the solid noise-cancellation even more effective. No, they’re not the cheapest. They’re simply the best wireless headphone option I've heard in 2024, by quite a wide margin – and I'd strongly suggest you keep your eye on our Black Friday earbuds deals, since any discount would be worth a close look.

Apple has just announced a new iMac with M4 chip, and alongside its refreshed all-in-one PC, it's also let slip that it's redesigned the Magic Mouse that comes with it - and we have some good and bad news.

First the good: both the Magic Mouse and the Magic Keyboard now come with USB-C ports. That's right, the Lightning cable, which used to also charge iPhones and iPads until the EU (and other institutions) forced Apple to switch to the non-proprietary USB-C, is now dead.

This is great news, especially as now that iPhones and iPads don't use Lightning cables, people just don't have that many lying around any more, which can be annoying when the peripherals run out of battery. Now, you can charge the Magic Mouse, Keyboard or Trackpad using the same USB-C cable you use to charge your iPhone, MacBook and other peripherals.

Apple answered our prayers, but dashed our dreams

As glad as I am to see USB-C finally included in the Magic Mouse (and the other iMac peripherals, which remain color-matched to the iMac you buy them with), it seems like Apple hasn't used this tweaked design as an excuse to fix one of the most glaring design faults found in its products.

That's right, the charging port remains located on the bottom of the Magic Mouse. This design choice has baffled myself and pretty much every Mac owner for years. It means when the Magic Mouse runs out of battery and you need to plug it in, you can't use the mouse - as it needs to be flipped upside down to be plugged in.

Pretty much every other wireless mouse in existence has a charging port on the upper half of the body, which allows you to charge the mouse and use it at the same time.

The fact that Apple has gone so far to change the port, but not the location, almost seems out of spite. Surely it can't think this was really a user-friendly place to put the port - yet it has stuck with it over the years. Come on Apple, admit you were wrong with this one, and I might even start using your Mice again...

You might also like

• I used to laugh at the Mac Mini but today I bought one
• Apple MacBook Pro 14-inch M4 could be a real treat for Halloween, if latest CPU and RAM spec rumors aren’t a trick
• Apple just declared a bunch of Macs obsolete – these are the affected MacBook and iMac models

The streamer now lets you share your favorite clips on social media, or bookmark them to revisit.

Meet the first Mac desktop with Apple's latest M4 processor.

Black Ops 6 Season One is right around the corner, given that the game is now out for all players. In the coming weeks, players will be treated to a new Battle Pass to work through, changes to Warzone, as well as some new content for Multiplayer. Unfortunately, Activision has yet to announce the specifics regarding Season One, but thanks to a recent leak, we may know the launch date after all.

If you weren't aware, new Call of Duty games tend to launch in a sort of pre-season state these days. This gives players the chance to jump into the game, leveling up guns and getting to grips with the map selection before new content is added. As such, there's currently no Battle Pass, but that's set to change. Even without Season One content, we're having a blast with Black Ops 6, and it's certainly looking to be a contender for our list of the best FPS games to play in 2024.

As we near the rumored Black Ops 6 Season One release date, we'll likely start to hear more on what'll be added, and on the precise timings. For now, here's everything we know so far, including a look at the leaked Season One release date.

Black Ops 6 Season One release date: rumored timings so far

(Image credit: Activision)

According to a recent link from a promotional game tie-in, the Black Ops 6 Season One release date is November 14, 2024. As spotted by CharlieIntel (shown in the Tweet below), Black Ops 6's collaboration with the US pizza chain Little Caesars appears to have let the Season One launch date slip.

Breaking: Call of Duty: Black Ops 6 x Warzone Season 1 is reportedly set to start November 14 The date was included in emails sent by Little Caesars promotion (via @BobNetworkUK_) pic.twitter.com/uDo3J288VdOctober 21, 2024

In the replies to the Tweet above, emails from Little Caesars to participating players mentions: "The Battle Pass will be delivered to your Activision account at the start of Season One of Call of Duty: Black Ops 6 on November 14, 2024."

Of course, it's worth stressing that this is unconfirmed at present, though it does fit into similar timings relative to previous Call of Duty releases. Once we hear more from Activision, we'll be sure to update this page.

What we'd like to see from Black Ops 6 Season One

(Image credit: Activision)

While we wait to hear what Black Ops 6 has in store, we'll be thinking about what we'd like to see added to the game. Of course, a Battle Pass is coming but beyond that, new content is harder to predict. Given that Black Ops 6 just launched, and given the fact that it contains all new maps, some familiar maps could be a welcome addition alongside Season One. We'd like to see the team pull from older Black Ops games specifically, such as Summit, as well as some of the best offerings from last year's remastered Modern Warfare 2 maps like Rust.

There are still plenty of weapons to work through in Black Ops 6, so new weapons in Season One aren't exactly top of our list of wishes. Instead, it'd be good to see further balancing patches, especially concerning the currently essential Gunfighter Wildcard. Over the next couple of weeks, it should become clear which guns in Black Ops 6 need nerfs, and which need buff. For now, though, the current slate of weapons feels surprisingly balanced, with everything from SMGs to Marksman rifles feeling genuinely viable.

You Might Also Like...

• Modern Warfare 3 review
• Here's when to expect the next season of Fortnite
• Upcoming games 2024

It's nice to be reporting some good news about Sonos: if the early user opinions of the new Sonos Arc Ultra soundbar are representative, it looks like the firm has a hit on its hands.

A number of customers have had their Ultras delivered early, and naturally they've turned to the Sonos subreddit and to YouTube to share their initial impressions.

As ever with early adopters, when people have spent a lot of their own money on a product they're going to be approaching it from a position of excitement rather than hard-bitten cynicism, and it's worth bearing that in mind when you read or watch their reviews. But that doesn't mean what they're saying isn't worth considering – and what they're saying so far is very positive.

What are Sonos customers saying about the Sonos Arc Ultra?

Let's start on Reddit, where r/sonos is often home to some of the most passionate Sonos customers as well as some of its most disappointed app users. According to redditor AJ989, who says they got their Ultra delivered from a European retailer on Tuesday, their experience with the setup process was that everything was straightforward and smooth. Responding to a post about Ultras apparently being software-locked until 28 October they say that they didn't encounter any such issues: "from the first day I could use it and set it up in the app." It's "100% working (and sounding awesome)."

The most detailed post so far to the Sonos subreddit is by AnotherGK, who compares the new Ultra with the previous Arc. "I couldn't believe how different they sounded. The first thing I noticed is the extreme wide soundstage for a soundbar... I hoped that the Ultra [would] be better than the Arc but it is significantly better in every regard."

The feature we think most people will be curious about is the Sound Motion, which promises to deliver a bigger built-in bass experience. According to AnotherGK, "The sound isn’t filling the room anymore it seems more like the sound is the room. You can’t tell from where the sound is coming from because it is so well balanced between the front and the back."

Over on YouTube, two European customers have shared multiple videos of the Ultra in action.

Lifestyle18 has uploaded three sound tests with the soundbar by itself: one testing out the Sound Motion and then two more for music and movies. "The sound motion does move the air!" they say, adding that it's "too bad that the Atmos effects don't come through on YouTube because they are great". For music the sound is "pretty similar" to the Arc but has "better bass"; dialog is "definitely better" on the Ultra.

Roel Willemsen has also uploaded multiple demonstrations, including one comparing the Arc and Ultra for music. Of course YouTube isn't the ideal listening comparison when you're listening to someone else's room but even with that limitation the Ultra does appear to sound more spacious. "More bass, the treble is nicer. I like it," Roel says. And for movies, "The voices were lacking but now they're pronounced. They're here... I do think it's an upgrade. I do think the Arc Ultra is better."

TechRadar is due to receive a Sonos Arc Ultra review unit this week, and we'll compare it against the older Arc and against a flagship Samsung soundbar to see how it should rank among the best soundbars available today.

You might also like

• 7 movies with stunning Dolby Atmos music and soundtracks to make your home theater sing
• I didn't care for Dolby Atmos music, but this one mind-blowing experience made me a believer
• I experienced Dolby's reference 34-speaker Dolby Atmos theater – and it made me appreciate the importance of movie theaters

The desktop computer has been upgraded with the latest M4 chip and USB-C accessories.

After plenty of leaks and speculation, Apple has officially announced the latest iMac, equipped with both the M4 chip and Apple Intelligence - the first Mac device featuring the AI-based technology.

According to Apple, the M4 iMac is "1.7x faster for daily productivity, and up to 2.1x faster for demanding workflows like photo editing and gaming," compared to the M1 iMac. Its 24-inch 4.5K Retina display has a new nano-texture glass option, and it's also outfitted with a new 12MP Center Stage camera with Desk View, and up to four Thunderbolt 4 ports. It comes standard with 16GB of unified memory and is configurable up to 32GB.

Pricing for the new M4 iMac starts at $1,299 / £1,299 / AU$1,999, a markdown from the M3 iMac, which started at $1,399 / £1,399 / AU$2,199.

You can get up to 24GB memory and 1TB storage with the 8-core M4 chip, along with Gigabit ethernet, for $1,929 / £1,929 / AU$2,939. There's also a 10-core CPU/10-core GPU option (which includes Gigabit internet) starting at $1,499 / £1,499 / AU$2,399, and if you upgrade to 32GB memory and 2TB storage, you'll pay $2,699 / £2,699 / AU$4,199.

The new M4 iMac will launch on November 8, 2024.

This article is breaking news and will be updated with new information as it is released.

Get keto-friendly meals delivered right to your door with these convenient delivery services.

Today every click, transaction, and digital interaction opens a new door for cyber criminals. Companies are increasingly digitizing their operations, which means a significant expansion of their attack surfaces. One example is the surge in vulnerabilities, with 26,447 disclosed last year alone.

As the total number of common vulnerabilities and exposures (CVEs) is projected to rise by 25% in 2024, security teams will find themselves in constant firefighting mode, struggling to manage an overwhelming volume of tickets. But can they realistically keep up with this increase? The constant scrambling to address urgent issues makes it near impossible to prioritize their responses effectively.

With studies indicating that organizations can only remediate between 5% to 20% of vulnerabilities per month. the businesses need an aggregated and contextualized view across all of their security controls to prioritize vulnerabilities. Yet gaining this view is a data science challenge that many security teams are unable to solve.

Barriers to effective vulnerability prioritization

To gain a deeper understanding of their risk management programs, many businesses have adopted standard frameworks like CVSS (Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring System). This approach allows security teams to rank vulnerabilities based on their potential impact and the likelihood of being exploited. But while the principle of prioritization for security teams might seem straightforward, there are several factors that complicate it.

With IT environments constantly evolving, new vulnerabilities pop up all the time and sometimes slip through without being appropriately prioritized. IT is becoming more democratized and spread out, and different departments often roll out their own IT assets without fully understanding the associated security responsibilities – which can let in dangerous “unknown unknowns” through a backdoor. The same is true of the rapidly evolving threat landscape, with emerging attack techniques continually “moving the goalposts”.

On top of this, the cybersecurity skills gap also grew by 12.6% last year, with 4 million additional workers needed to fill the void. This leaves teams stretched thin trying to handle the flood of new vulnerabilities every day. In fact, today 46% of security teams’ time is spent on collecting and reporting security data. That's why it's so important to focus on fixing the high-risk vulnerabilities first, making sure teams use our resources where they count the most.

Critical context considerations

To improve vulnerability prioritization, it's important to aggregate views across multiple controls with business context. This helps with better prioritization, accountability, and teamwork. Businesses should keep in mind:

• Holistic security context: Vulnerabilities should not be viewed in isolation. By incorporating a broader security context from across the business, security teams can better prioritize their actions. For example, if a vulnerability exists, the next step might not be to apply a patch but to add the server to the System Center Configuration Manager (SCCM). Vulnerabilities also include configuration issues – like default passwords and weak certificates. With a comprehensive view of a business’s security controls, these issues can be detected automatically, allowing the root cause to be addressed and prevent the same problem happening again.

• Integrated security tools: Each security tool provides a piece of the overall security posture, helping get a view of compound risks and high-risk combinations. Yet not all tools are deployed ubiquitously, so they only tell their side of the story. Only by tapping into data from every security tool, can this single source of truth give all stakeholders a clear view of the data journey and ensure it's reliable. For example, prioritization might differ if the vulnerability is on a server with admin privileges not in the vault, particularly if several users with those local admin privileges were missing EDR – and failed every phishing test.

• Contextualizing big problems: Understanding the broader context helps break down large problems. First, security teams need to assess the criticality of the vulnerability, whether it’s patchable, and if it’s being exploited (for example using CISA’s Known Exploitable Vulnerabilities catalog). Second, they should prioritize based on business and technical context - whether it affects high-value data or an important business service, and whether it’s internally or externally facing. For instance, if a cleaner's phone is compromised, it may not significantly impact daily operations. But, if a CEO’s computer is breached, it could lead to a major security incident.

• Clear accountability: Establishing clear paths to accountability is key. Often responsibility for applying controls and fixes lies outside of security – having the ability to assign specific tasks to individuals helps to reinforce the need for collective action. This involves assigning clear ownership and defined roles for all business infrastructure and applications. To drive accountability, businesses need regularly updated asset inventories, control mechanisms, and a comprehensive security knowledge base. This single source of truth provides a real-time snapshot of security policy adherence, highlighting strengths and areas needing attention.

• Changing regulatory questions: There is a shift in the questions asked by internal audits and external regulators, moving towards ensuring comprehensive asset scanning and demonstrable vulnerability patching. Questions like “How do you know every asset is being scanned?” and “How can you demonstrate vulnerabilities have been patched?” are becoming more common. Failure to meet regulations such as GDPR or SEC rulings can lead to significant fines, enforcement actions, and criminal charges – so data governance and risk assessment is key.

How to master vulnerability prioritization

To effectively prioritize remediation efforts, organizations need a comprehensive view that combines multiple controls with their business context. This big-picture perspective on the organization's security helps teams spot coverage gaps and allocate resources more strategically.

By using this integrated approach, organizations can streamline their vulnerability prioritization, making sure resources go to where they're needed most. It also improves accountability and boosts teamwork within security teams since everyone operates from a shared understanding. This not only strengthens overall security but also ensures that security efforts align with business goals.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Google’s Threat Analysis Group (TAG), alongside Mandiant, has released findings on what it suspects is a Russian espionage and influence campaign designed to demotivate Ukrainian soldiers and infect devices with malware.

The group has been labeled UNC5812, and established themselves as an anti-conscription group called ‘Civil Defense’ that offered apps and software to allow would-be conscripts to view real-time locations of Ukrainian military recruiters.

However, the applications would instead deliver malware alongside a decoy mapping application tracked by Google TAG and Mandiant as SUNSPINNER.

Civil Defense influence campaign

“The ultimate aim of the campaign is to have victims navigate to the UNC5812-controlled “Civil Defense” website, which advertises several different software programs for different operating systems. When installed, these programs result in the download of various commodity malware families,” the Google Threat Intelligence blog stated.

The Civil Defense website was established as early as April 2024, however the Telegram account which granted a high through-put of users to the website was only set up in September 2024.

It is understood the group paid for sponsored posts in popular Telegram groups, one of which was used to deliver missile alerts to its 80,000 subscribers.

When users were directed to the website, they were faced with a choice of files aimed at different operating systems that the victims expected to be some form of mapping software for real time updates on the location of Ukrainian military recruiters. Users would instead find their device infected with SUNSPINNER malware and infostealers.

The website also offered justification for the applications not being available through the App Store, stating that by downloading the application through the website, Civil Defense would “protect the anonymity and security” of its users from the App Store. The website also contained video instructions on how to install the applications, and how to disable Google Play Protect.

The Civil Defense telegram page also requested user video submissions of “unfair actions from territorial recruitment centers,” which Civil Defense would post to enhance its anti-conscription messaging and potentially drive more people to download the military recruitment monitoring app.

The SUNSPINNER app consists of a decoy GUI that shows a mapping tool with crowdsourced marker locations for Ukrainian recruiters. While the marker locations look to be legitimate, Google TAG and Mandiant found that the markers were all added by a single person on the same day.

The malware and influence campaign is said to still be underway, with a sponsored post for the group appearing in a Ukrainian news channel as recently as October 8.

More from TechRadar Pro

• Take a look at the best Android antivirus
• Amazon seizes domains used by Russian hackers to target Windows systems
• These are the best password managers

This change comes at a cost.