Technology

Several benchmark refinance rates ticked up this week, but rates are still well below last year's highs.

The city’s light-rail system has used 5¼-inch floppy disks for nearly 40 years. Getting off them won't come cheap.

• An unofficial video has shown One UI 7.0 in action
• There are changes to quick settings and the camera
• A beta is expected before the end of 2024

With the Samsung Galaxy S25 handsets expected to be launched in January, we're also hoping to see One UI 7.0 – Samsung's take on Android 15 – appear around the same time. Fortunately, a new hands-on video has given us an early look at the software and its features.

The video was posted by Mobile Wala Bhai (via SamMobile) and shows the software running on a Samsung Galaxy S24 Ultra device. Officially, we haven't even got a beta release of One UI 7.0 yet, so it's unclear where the software has come from.

One of the upcoming changes that's visible in this clip is a redesigned quick settings panel, which appears when you swipe down from the top of the screen: there are now more elements to this panel, with access to more options.

You're able to quickly adjust the display brightness by sliding your finger left and right for example, and enable or disable dark mode with a tap. In addition, notifications get their own panel away from other settings and toggles.

Apps and camera controls

The video also gives us a look at some of the design tweaks applied to the stock apps in One UI 7.0, including the Gallery app. We're expecting the software to show up with a more modern look across the board.

There are changes coming to the stock Camera app too, which will seemingly be easier to operate with one hand, with the options for different camera modes and zoom levels given more prominence in the revamped interface.

While it's interesting to see some of these features in use, a lot of them have already been leaked, so they're not a massive surprise. Samsung did briefly show off One UI 7.0 at its developer conference at the start of this month.

At the same conference, Samsung announced that a One UI 7.0 beta will be out before the end of this year, though we'll have to wait until 2025 for the final version. In the meantime, expect more sneak previews and leaks to appear.

You might also like

• Galaxy phones tipped to get satellite connectivity
• The Galaxy S25 could be Snapdragon powered
• Here's how One UI 7.0 could change your phone

Amazon Web Services (AWS) has fixed a security flaw in its Cloud Development Kit (CDK) which could have allowed threat actors to fully take over people’s accounts.

The AWS Cloud Development Kit (CDK) is an open source software development framework that allows developers to define cloud infrastructure using familiar programming languages like TypeScript, Python, and Java. It simplifies the process of creating and managing AWS resources by converting code into AWS CloudFormation templates, enabling infrastructure as code (IaC) practices.

In order to deploy an app, users are first required to bootstrap the environment, which includes creating necessary components such as identity and access management (IAM) ropes, permissions, policies, and an S3 staging bucket. The S3 staging buckets follow the same naming pattern: "cdk-{Qualifier}-{Description}-{Account-ID}-{Region}". That means, crooks can easily predict the name, as long as they know the AWS Account-ID, and the region in which the CDK is deployed.

Thousands of instances

“Since the Prefix is always cdk, the Qualifier is by default hnb659fds, and assets is a constant string in the bucket name, the only variables that change are the Account ID and the Region,” explained cybersecurity researchers from Aqua, who first spotted the flaw.

This means crooks could claim someone else’s CDK staging bucket name in advance, preload it with malware, and then just wait for the victim to run it.

To make matters worse, Aqua says there are “thousands” of instances with the default qualifier being used in the bootstrap process, making it super easy to claim another user’s CDK staging bucket name. In fact, the problem could "allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover," the pros explained.

Aqua reported the flaw to Amazon, who patched it in early July this year, it was said. The first clean CDK version is v2.149.0.

Via The Register

More from TechRadar Pro

• AWS has patched a rather embarrassing Kubernetes bug
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Microsoft CEO Satya Nadella took home $79.1 million in 2024, marking a 63% increase compared with the previous year, reports have claimed - despite actually requesting a reduction in his pay.

Despite his substantial compensation package, Nadella had requested a reduction in his cash incentive, following a number security challenges affecting the company recently, which had led to a Microsoft commitment to link executive pay to security outcomes.

In response, the Microsoft board agreed to reduce Nadella's cash incentive to $5.2 million, marking a more than 50% reduction from the $10.7 million sum he was initially eligible for.

Satya Nadella got a $79 million pay packet in 2024

“The Board reviewed the Company’s performance and firmly believes that Mr. Nadella provided exceptional leadership and was both critical in achieving the extremely strong performance of the Company and personally responsible for the ongoing repositioning of its investments and priorities," an extract in a letter from the Microsoft Compensation Committee read.

"It also considered the factors that Mr. Nadella raised in requesting a reduction of his cash incentive and concluded that such an adjustment was appropriate.”

While part of this multimillion-dollar sum came in the form of pay, Nadella’s stock alone, expected to account for around $71 million, made up a major part of his earnings, according to a company filing.

At the beginning of the 2024 calendar year, Microsoft became one of the now three tech companies to reach a $3 trillion market cap after it became a $2 trillion company in 2021.

In its final financial year quarter, ending June 30, Microsoft drew in $64.7 billion in revenue, bringing its annualized revenue to $245.12 billion, up from the $211.92 billion in revenue it made the year before. The tech giant’s share price also rose by 31.2% in its most recent full year.

“Our strong performance this fiscal year speaks both to our innovation and to the trust customers continue to place in Microsoft," Nadella said at the time.

Via Reuters

More from TechRadar Pro

• We’ve rounded up a list of the best AI tools
• Want a bigger cheque? Check the best job sites and best recruitment platforms
• Nvidia could be about to knock Apple off the top spot for most valuable company

Anthropic has announced a significant update to its Claude AI chatbot allowing it to both write and execute Javascript code.

Through a new analysis tool, Claude users can process data, conduct analysis and produce real-time insights with a higher degree of mathematical accuracy, making it a much more powerful and reliable tool in industries outside of the creative context where this accuracy matters.

For example, it can perform complex calculations, analyze large data sets and generate interactive visualizations based on CSV files, which can be hard to digest.

Claude goes hands-on with Javascript

Anthropic claims Claude’s added capabilities mean that responses will be “mathematically precise and reproducible,” something that other chatbots have proven incapable of doing.

“Instead of relying on abstract analysis alone, it can systematically process your data—cleaning, exploring, and analyzing it step-by-step until it reaches the correct result," the company wrote in a blog post.

Anthropic also detailed how marketers could upload customer interaction data to let Claude suggest customer engagement optimizations, or how product managers can use it to analyze customer engagement to inform sprint planning and development focus areas.

The feature adds Claude to a growing list of AI models that integration code execution abilities, such as Google’s Gemini models which offer Python-based code execution and OpenAI, which offers Advanced Data Analysis on flagship models.

However, the company’s decision to go down the route of Javascript makes it particularly useful in the realms of web-based data processing and interactive elements.

Claude’s new Javascript abilities are available to Claude.ai users, who can enable the update through their account settings as a preview.

More from TechRadar Pro

• Google's new AI tool lets developers watermark and detect text generated by AI models
• Check out the best AI tools and best AI writers
• Here’s our list of the best cloud analytics

It's quite hard to make earbuds that stand out from the crowd in today's competitive market, which is why many firms are turning their attention to the humble charging case. JBL stuck a touchscreen into some of theirs, while LG added UV sanitization to its earbud charger. And now Cleer is joining the smart case party with its new Arc 3 true wireless open-ear buds by adding both of those features and its own addition too: a mirror.

The new case isn't just good news for anyone who's been so engrossed in a podcast that they've forgotten what they look like. It's useful too. The UV-C light promises to blast bacteria for more hygienic headphones, while the touchscreen provides easy access to key features and settings.

In addition to the case there are some key improvements in the sound department too.

Cleer ARC3 True Wireless Open-Ear Earbuds: key features and pricing

(Image credit: Cleer)

The new buds deliver Dolby Atmos with head tracking, version three of Cleer's dynamic bass enhancement and the new Qualcomm Snapdragon Sound S5 platform for better sound quality. That means LDAC hi-res audio as well as aptX Adaptive and aptX Lossless, AAC and SBC codecs.

The Arc 3 also promise deeper bass than before via their 16.2mm neodynium dynamic drivers, a useful improvement as open-ears tend to be a little light at the low end. Frequency response here is 50Hz to 40kHz.

The Bluetooth chip is Bluetooth 5.4 with multi-point for seamless switching between dual devices, and Cleer's automatic volume control adjusts the audio based on how noisy your listening environment becomes. And there's 50 hours of total battery life: 10 from the buds themselves and a further 40 from the case. IPX7 water and sweat resistance makes them a good choice for the gym or for outdoor running, one of the key areas where open-ears are often a better choice than in-ears with ANC.

The Cleer ARC3 True Wireless Open-Ear Earbuds are available now from the usual retailers and from Amazon. The MSRP is $219.99, which is around £169 or AU$330, but those last two prices are unofficial.

(Image credit: Cleer Audio) You may also like

• See our pick of the best earbuds, all tested by us
• And here's our guide to the best open-ear headphones on the market
• I tried the brain-hacking headphones and if you struggle to focus, you should too

Intel’s new Arrow Lake desktop processors (Core Ultra 200S range) are just out, and inevitably that means overclockers are already pushing the flagship to its limits, which thus far has resulted in an overclock of 7.5GHz for the Core Ultra 9 285K.

This was achieved by well-known overclocker Elmor as Asus explains in a blog post, with the Core Ultra 9 CPU sitting in an Asus ROG Maximus Z890 Apex motherboard.

Elmor – and a team working on the project, comprised of 3D Systems, Diabatix, ElmorLabs, and SkatterBencher (another famous overclocker) – hit 7488.8MHz, to be precise, using liquid helium cooling. By default, the Core Ultra 9 285K boosts to 5.7GHz (clocks, and power usage, are tamer with Arrow Lake than its predecessors).

Asus also highlights that the LN2 pot – which is literally a pot, the container used for the LN or liquid nitrogen (or helium) gas to cool the CPU being ramped up to ridiculous speeds – was designed using generative AI tech from Diabatix.

So, in a small way, AI helped to provide optimum cooling here in terms of the container design, or rather the ability to explore a bunch of design alternatives in a swift manner.

Asus notes: “The output of the generative AI process was unlike anything else on the market and required the cutting-edge 3D printing tech of 3D Systems to bring to life, but the results speak for themselves.”

Running at this speed, the 285K managed to set a clutch of new world records – four of them, all in 3DMark CPU – along with 19 global first place records (and 31 first places in various benchmarks, in total). A good deal of those were different Cinebench and Geekbench results as you might imagine.

Separately, Wccftech also points out that overclocker BenchMarc managed to ramp up their DDR5 RAM to an incredible speed of 12066MT/s in the Asus ROG Maximus Z890 Apex motherboard.

Analysis: Impressive stuff – but it’s unlikely to help public perception

Arrow Lake desktop chips have had a lukewarm reception, so Intel will likely take any win it can – and the Core Ultra 9 285K does do very well when it comes to the world of extreme overclocking.

The obvious problem being that this niche view of performance is clearly not relevant to the real-world – though it is at least a hint that PC enthusiasts may get more mileage out of the 285K than others, via more traditional overclocking. (Depending on how much headroom there is to push harder with the chip, mind).

In fairness to Team Blue, Arrow Lake isn’t terrible, and certainly for app performance, the new CPUs do well enough. They do not, however, represent much of a compelling upgrade over Raptor Lake or its refresh, despite efficiency gains, and the gaming side of the equation is shoddy, frankly. (The 14900K is much stronger for gaming – and the 285K is a bit all over the place in general, with some odd benchmark results in evidence).

Those gaming oddities are possibly wrinkles that’ll be ironed out with updates from Intel, but this shouldn’t be happening with CPUs at launch (just hold them – and get it right, please, off the bat).

Still, we can’t argue with the overclocking results here, and as ever, we can expect the Core Ultra 9 285K to be pushed faster in the future, and doubtless break more heavyweight benchmarking records.

You might also like

• Intel Core Ultra 7 265K CPU is cheap on eBay, but whatever you do, don’t be tempted by any ‘bargains’
• What is a processor: Your CPU explained in plain terms
• These are all the best cheap graphics card deals

The smartwatch has a 40-millimeter screen, 16GBs of built-in storage and is available from $170.

The sooner you lock in a high APY, the more interest you stand to earn.

Looking for the best internet in Valrico? Whether it's blazing fast speeds or affordable broadband, we've got top picks for every budget and need.

APYs up to 5.25% won't last forever.

Grab yourself -- or the Force user in your life -- a pair of sneakers from the Star Wars collection, starting at $115.

It’s easier to talk about the areas of life that AI won’t affect than where it will. Businesses are at the forefront of that adoption. But where businesses go, bad actors often follow - sometimes, they’re even ahead.

Whilst Gen AI is being used positively amongst businesses, speeding up admin tasks and acting as an assistant to many, it has already gotten into the ‘wrong hands’. More and more Gen AI offerings are available on the dark web to assist wanna-be hackers and bad actors in their endeavours. The commodification of AI can help cybercriminals make phishing attacks seem more personable and realistic, which can increase the likelihood of successful intrusions that could lead to ransomware attacks. Ransomware is one of the biggest threats to businesses today, putting businesses, reputations and careers at risk, and it is here to stay.

In the face of these evolving threats, the onus is on businesses to engage all its stakeholders including C-Suite and prioritize cyber resilience to ensure business continuity. It is not a case of if an attack happens, but when. Data is every organization's most important asset and if your data is secure, your business is resilient.

Fuel to fire

Typically, we associate AI with large language models such as OpenAI’s ChatGPT and Google’s Bard AI, and not with the potential cybercrime threats that tools like Worm GPT and FraudGPT can bring.

However, in the cybercrime field, we are all too aware of cyber criminals focusing on the biggest return and reward for the lowest investment of time and effort, and Generative AI can represent a perfect synergy in this respect in the cybercrime underworld.

AI can be used by adversaries to optimize and expand the reach of their threat campaigns far more efficiently than ever before, resulting in attacks that narrow the window for defenders to respond and mitigate.

Emotional strain

As AI technology advances, the sophistication of scams is following suit. In the future, AI threats could include autonomous systems capable of making decisions on how to modify their attack strategies in real time, with the ability to analyze attack campaign effectiveness. It could enable the use of data sets to constantly evolve and improve automatically, building an adeptness at bypassing traditional security measures - something that we’ve not seen in the history of cybersecurity.

For stretched CISOs and IT teams, however, AI can appear to be an additional strain on their workloads. This is as in the UK, 92% of senior IT and security leaders in the UK reported changes to their emotional and/or psychological state as a direct result of a cyberattack, with 36% worrying over job security.

That doesn't have to be the case however. For example, Generative AI companions can help stretched teams in simplifying and automating cyber incident responses and therefore recovery.

AI for good

Despite the threats, it does pay to get ahead. Businesses need to be leveraging AI in controlled environments where they are confident of its benefits, which typically includes the automation of admin tasks, support with data compiling, and creative inspiration.

When used by CISOs and IT teams to support cyber resilience, AI can assist in the areas of analysis, investigation and threat modelling to understand potential attack vectors and enhance their anomaly detection capabilities. This not only takes away some of the strain on stretched teams, it reduces their admin time and allows them to focus on ‘bigger fish’ activity - and their cyber resilience strategies.

Investing in AI tools should include training employees on its use cases in controlled environments, shining a company-wide light on cyber resilience. However, IT teams and CISOs must continue to closely monitor its use, govern access to training data, and set guardrails.

It is imperative that the C-Suite is heavily involved in cyber resilience, as the ultimate responsibility to adopt and implement compliant AI functions will always lay with the executive leadership in an organization.

A new chapter

Simply relying on prevention is not enough. To help ensure uninterrupted business operations in the face of threats, IT teams and CISOs must build cyber recovery and resilience strategies that proactively safeguard data integrity, identify sensitive data and threats, and enable a clean, rapid recovery.

The newly proposed Cyber Security and Resilience Act introduces expanded reporting requirements for ransomware attacks, providing government agencies with valuable new information on the scale of attack and the ability to increase support to affected businesses.

The aim of the bill is that mandatory reporting requirements will provide policymakers and threat intelligence agencies with valuable data on the prevalence of cyberattacks, currently seen as a "known unknown." With all of this additional data to hand, it is critical that it is managed effectively, and with law enforcement and cybersecurity companies involved, to mitigate threats effectively.

When it comes to the impact on businesses, it is important to have a balanced approach - one that combines regulatory measures with practical support for affected organizations. Despite the threats when used positively by CISOs and IT teams, AI can help with analyzing, investigating and threat modelling to help build cyber resilience strategies, and better understand potential threats.

To meet these growing threats CISOs and IT teams must fight fire with fire or risk losing the AI cyber arms race.

We've reviewed and rated the best cloud antivirus.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Only 11% of IT budgets are being earmarked for cybersecurity needs despite half of UK organizations detecting and responding to cybersecurity threats at least once a week, new research has claimed.

A survey by Vanta found the majority (54%) of firms agreeing security risks for their business have never been higher, with phishing attacks (35%), AI-based malware (34%) and compliance violations (27%) all increasing over the past year.

Despite the clear need for greater investment in cybersecurity, the report reveals 17% of an IT department’s budget represents the sweet spot, indicating that companies don’t have far to go.

Cybersecurity deserves more

While artificial intelligence has impacted security globally, only two in five (43%) UK organizations conduct regular AI risk assessments, and fewer than half have implemented an AI policy to regulate its deployment and usage among employees.

The report also highlights the burden of compliance tasks. Around two in three (69%) noted that customers, investors and suppliers require more demonstration of compliance than before. UK businesses are now spending two extra weeks each year – a total of 12 weeks – working on manual security compliance tasks compared with last year.

Furthermore, IT decision-makers (ITDMs) are spending an average of seven hours, or around one day, each week assessing and reviewing vendor risk. This is because 44% of the British companies surveyed revealed that a vendor of theirs had experienced a data breach since they started working with them, highlighting that cybersecurity threats don’t always come from within.

Besides tackling threats head-on, increased IT budget allocation for cybersecurity also promises to drive customer trust and reduce financial risks.

“To uphold trust in an AI world, security leaders need to go beyond the standard way of doing things," noted Vanta CEO Christina Cacioppo, "they need to make trust continuous, collaborative and automated across their business.”

More from TechRadar Pro

• Check out our roundup of the best endpoint protection software
• Downloaded something dodgy? Here are the best malware removal tools
• AI is making threats harder to detect - but security pros think they have the tools to fight back

This MagSafe case lets you hold your phone in a way that won't block the screen -- and you can save 20% with this launch discount.

The sun gives energy, but it can also burn your nose. This hat embraces the dichotomy.

Zero-trust access is a rigorous security model that is increasingly becoming the benchmark for companies and governments. It shifts away from traditional perimeter-based security to continuously challenge and verify the identity and authorization of users and devices before granting access – even to the CEO, who has worked there for twenty years. Users are then granted only the minimum permissions necessary to perform their tasks, limiting the potential damage they can do while ensuring they can still do their jobs.

One area where zero-trust can be effective is with log file intelligence. This is because while incredibly valuable for infosecurity and threat detection, log files can also be a system vulnerability. As such, they need to be both protected at all times and accessible to those who need them.

This article explores the challenges of implementing zero-trust log file intelligence and how emerging technologies can address these challenges.

Log files: they reveal everything

Log files are digital records that reveal information about a system's activities. They are a crucial source of intelligence as, by analyzing them, organizations can gain valuable insights into network performance, identify vulnerabilities, and detect suspicious activity.

However, their value is also their threat. As if they reveal everything, then those with access to them know everything as well. For example, an attacker could use log files to track users' activities, identify privileged accounts, and steal sensitive information. Once they have used that information to access the system, they could use log files to manipulate, steal, or hold critical information to ransom.

It is, therefore, crucial to manage log file access throughout the workflow to ensure the absolute minimum access possible for analysts and cybersecurity staff and to protect them from exposure.

Step one: secure collection and storage

To protect the integrity and security of log files, collecting and storing them in real-time in a tamper-proof and isolated environment is crucial. One way to manage the collection of this large-scale log file data is with OpenTelemetry. Its standardized approach and ability to integrate with various backends, including postgres, makes it a go-to option.

Blockchain technology, meanwhile, offers an ideal solution for their storage. Its immutable nature ensures that logs cannot be altered, preserving their integrity and ensuring a compliant and transparent record. Additionally, the decentralized nature of blockchain reduces the risk of an attack with no single point of focus.

Step two: least privilege access control

Secure log management requires balancing security and productivity to ensure logs are never exposed while still enabling them to be analyzed. This is a challenge for traditional access controls like data classification, masking, and query-based access because while they can limit exposure, they can also hinder threat detection and analyst efficiency. They are also not entirely secure, with access still granted on a wide scale to the decrypted logs.

One way to achieve the least privileged access control without compromising productivity is homomorphic encryption, a cryptography solution enabling data to remain encrypted throughout its lifecycle. This is because, with homomorphic encryption, those who require access to logs for threat intelligence are able to analyze them in an encrypted state without actually being able to read them.

This encrypted access control can also be extended beyond the analysts to anyone involved in the log management. For example, admins will be able to manage the permissions and access to the logs and check access requests without ever being able to read the logs themselves with them remaining encrypted. This is true across the full breadth of zero-trust systems using homomorphic encryption with admins and any super users not having the ability to read the data under their care but still being able to manage it.

Step three: threat intelligence and response

It is crucial to limit the amount of data that is shared externally of the secure system in order to prevent potential exposure and the creation of vulnerable access points. A potential solution to this is to use native AI instead of third-party tools for the analysis.

For example a private Small Language Model (SLM) AI working within the database could provide specialized insights and machine learning on the encrypted data without that data ever being shared externally of the system. Furthermore, as it is an SLM, the results have the potential to be more accurate and free from AI hallucinations because the model is not trained on vast pools of data that may be inaccurate or biased and instead only works on the encrypted log file data and any relevant given resources.

As the logs remain encrypted at all times and access is only granted to analyze the encrypted logs on a least privilege basis, strict zero-trust security is maintained.

Final thoughts

This article has shown that zero-trust is viable regarding the complex issue of log file intelligence and management and optimal for security and privacy. After all, logs should never be exposed, and they should never be edited. What’s better for that than an immutable system of zero-trust access?

Even if you do not adopt a zero-trust approach to your log management and intelligence, however, it is still crucial to keep this essential data pool protected at all times - even while being used.

We've reviewed and rated the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Here are the answers for The New York Times Mini Crossword for Oct. 25

Get $50 off with this Target promo code and shop these top deals to save on electronics, baby items, groceries, and more.