Technology

• Researchers said that Rockstar2FA went quiet in November 2024
• But a new PaaS emerged soon afterwards, with partly overlapping infrastructure
• The new PaaS is called FlowerStorm, and it targets Microsoft365 accounts

Cybersecurity researchers from Sophos have warned a new Phishing-as-a-Service (PaaS) tool has emerged, allowing threat actors to easily hunt for people’s Microsoft 365 credentials.

This tool is called FlowerStorm, and it might have emerged from the (defunct) Rockstar2FA, the company revealed, noting how in November, detections for Rockstar2FA have “suddenly gone quiet”.

The organization’s infrastructure was taken offline, at least partly, for reasons yet unknown - but the researchers don’t think this was the work of law enforcement, though.

Long live FlowerStorm?

Rockstar2FA was a PaaS platform designed to bypass two-factor authentication (2FA), primarily targeting Microsoft 365 accounts. It worked by intercepting login processes to steal session cookies, allowing attackers to access accounts without needing credentials or verification codes. Through a simple interface and Telegram integration, threat actors that purchased a license could manage their campaigns in real time.

The new platform, which emerged in the weeks after Rockstar2FA went quiet, was dubbed FlowerStorm by the researchers. Apparently, much of its tools and features overlap with that of Rockstar2FA, which is why Sophos speculates that it could be its (spiritual) successor.

The vast majority of the targets chosen by FlowerStorm users (84%) are located in the United States, Canada, United Kingdom, Australia, and Italy, Sophos added.

Companies in the States were most frequently targeted (60%), followed by Canada (8.96%). Overall, almost all (94%) of FlowerStorm targets were either in North America or Europe, with the rest falling on Singapore, India, Israel, New Zealand, and the United Arab Emirates.

The majority of the victims are in the service industry, namely firms providing engineering, construction, real estate, and legal services and consulting.

Defending against FlowerStorm is the same as against any other phishing attack - using common sense and being careful with incoming emails.

You might also like

• This worrying new phishing attack is going after Microsoft 365 accounts
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now

Cameras can offer peace of mind, but choose carefully when you’re inviting one into your home.

• Ascension was struck by ransomware attack in May 2024
• It has now concluded its investigation into the attack
• Sensitive data on almost 5.6 million people was stolen

Hackers that struck Ascension with ransomware managed to steal a whole treasure trove of sensitive customer information, with medical information, personally identifiable information, payment data, and more all compromised.

The US healthcare giant has now released new details about the ransomware attack, and filed a new form with the Office of the Maine Attorney General.

The cyberattack occurred on May 7 and 8, leading to significant disruptions in clinical operations. Employees were unable to access electronic health records and patient portals, and some facilities were even forced to divert ambulances, and elective care was paused in the aftermath.

Disrupting healthcare

In the filing, the firm said exactly 5,599,699 people were affected by the incident, and in the update, it added that the information crooks took included:

• medical information (medical record number, date of service, types of lab tests, or procedure codes)
• payment information (credit card information or bank account number)
• insurance information (Medicaid/Medicare ID, policy number, or insurance claim)
• government identification (Social Security number, tax identification number, driver’s license number, or passport number)
• and other personal information (date of birth or address).

While the attack seems enormous, putting millions at risk of identity theft, wire fraud, phishing and social engineering attacks, Ascension is keeping a positive outlook.

“Although patient data was involved, importantly, there remains no evidence that data was taken from our Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored," it said.

The company said it will now start notifying affected individuals, and expects the job to be done within three weeks.

At press time, no threat actors took responsibility for the attack, and we don’t know if Ascension paid any ransom in exchange for the data - although it did say the attack hurt its ability to recover from the previous financial year.

You might also like

• Ascension healthcare giant forced to take systems offline following cyberattack
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now

• Two 15W drivers in a very small cube-style case
• Digital signal processing adjusts speaker output to emulate distance
• Available from Japan for roughly $255

One of the key things about stereo sound is that to get it, you need decently spaced stereo speakers. And that's a problem for small devices where you can't space the speakers out enough to get a large stereo sound stage. Manufacturers have come up with lots of tricks to make small speakers sound bigger, but to the best of my knowledge Pavé's little speaker is unique: it's got a gyroscope inside.

The Cear Pavé is an exceptionally small speaker, just over three and a half inches in each dimension, that promises to sound much bigger, with a stereo image close to what you'd hear from a traditional twin-speaker setup. And to do that, it uses clever technology to mess with your brain.

Pychoacoustics, qu'est-ce que c'est?

According to Notebookcheck.net, The speaker uses a combination of digital signal processing and what's known as psychoacoustics, which is the study of how we perceive sound.

We don't just hear sound directly. We hear its reflections and its vibrations too, and with a bit of technological trickery, you can adjust the output of speakers to emulate that – so for example by slightly adjusting the timing of certain frequencies to your speaker drivers you can replicate the short delay that would come from having a speaker placed a little further away from you.

In this speaker the processing is carried out by a Qualcomm S5 Gen 2 chip and then delivered via twin 15-watt drivers to deliver a much larger-sounding stereo sound than you'd expect from such a small speaker.

The Pavé isn't the only speaker to do this, of course: Sony's Reality Audio, and similar systems from other firms, also use digital signal processing to make their speakers sound bigger. But it also contains the aforementioned gyroscope to detect the movement and positioning of the speaker and to adjust its stereo effect accordingly.

Here's how it works, according to Cear's patent: Its "sound processing device includes an equalizer that tunes the frequency characteristic so that a frequency characteristic of the sound wave listened in a second environment replicates the frequency characteristic of a sound wave listened in a first environment." So there you have it. Qualcomm has a good explainer on its developer blog too.

I haven't heard this particular speaker but I'd like to: we've come a long way from the frankly crap "virtual stereo" and "virtual surround" of early Bluetooth speakers and soundbars; when it's done well, digital signal processing can produce quite startling results.

You might also like

• The best Bluetooth speakers you can buy today
• The best wireless speakers for 2024 and beyond
• The best AirPlay speakers

It's Wi-Fi- and Bluetooth-enabled, can play music as you shower, and has a motion-sensing full-color light and even a humidity sensor.

Replacing old electrical outlets isn't glamorous, but it can make your home safer and more convenient.

An end of the year surprise to one of 2024's most interesting gadgets hints at where smart glasses are heading between here and Orion. Meta's Andrew Bosworth shares thoughts with CNET on what's next.

• Apple could launch smart home security tech
• Its smart doorbell could boast Face ID, and use iCloud for video storage
• Don't expect it until late 2025 or 2026

We’ve recently heard rumors that Apple wants to launch a smart home hub with a screen – what’s been described as an Apple HomePod with a display – but the company’s smart home visions reportedly don’t stop there. We could also see it release gadgets like an Apple video doorbell, smart lock, and security camera; so while the Apple Car concept might be dead (another rumored excursion into a previously unexplored product territory), the Apple Home might be about to take off.

This comes via Bloomberg’s Mark Gurman (behind a paywall) in the latest edition of his Power On newsletter, who says Apple is focusing its efforts on robotics, AI, and smart home tech – with smart home being the one most likely to bear fruit somewhat soon in the form of security devices like video doorbells that can deadbolt your front door or in-home security cameras.

The doorbell may be particularly interesting as it would supposedly offer a form of Face ID for your home by automatically detecting if it’s you.

While this smart home pivot may seem a little odd considering how the HomePod has been treated. It seems forever in the background of presentations and announcements, never getting its own chance in the spotlight. Gurman notes, however, that Apple’s smart home shift comes from the company’s belief it has one edge over the competition: trust in its privacy.

Many people don’t want Amazon-made cameras in their homes, or cameras from most major tech companies for that matter, due to concerns over how their private data might be used even if there’s no evidence it's being mishandled. But Apple has spent years cultivating a persona of being the best there is when it comes to privacy (it’s even a major component of its Apple Intelligence marketing, and wasn’t for other AI until Apple hit the scene), and so Gurman reports the company believes this perception will help it find success with home security tech.

He adds that it could also help Apple juice its iCloud subscription numbers as people would want to store their recordings in the cloud.

Learning from mistakes, or repeating them?

Ring and Blink had better watch out (Image credit: Cesci Angell / Future)

If you head to the Apple Store website you’ll see Apple already boasts a respectable smart home accessory lineup complete with smart locks, smart lights, motion detectors, smart doorbells, and more – but none are made by Apple.

Instead, it relies on third-party accessories which have varying quality according to some reviewers – with this $330 Level smart lock from a few years ago being labeled ineffective as it could be lockpicked with the simplest method known to pickers – but hopefully, Apple has learned from the better options amongst its third-part stock.

As with all leaks, we should take these latest ones with a pinch of salt, and even if Apple’s smart home tech is indeed on the way it could be some time before we see it in action. Mark Gurman says he’s been told not to expect to see anything until at least the end of 2025.

There’s also a non-zero chance Apple may abandon home security before it sees the light of day. One reason for it not continuing with the Apple Car was reportedly execs fearing the company would be associated with car accidents. The same fears – but this time for home security flaws – could be enough to put Apple off expanding into this area in the end.

We’ll have to wait and see what 2025 holds for us, but with reports Apple is developing a ring, and developing AR glasses in the background too, it might not be long before we see Apple’s next big hardware launch.

You might also like

• iOS 18.2 fixes an annoying Photos app quirk
• Apple's rumored iPhone subscription service reportedly scrapped
• Your M4 iPad Pro can finally get iPadOS 18

Remote work has dramatically changed how we conduct business in recent years, opening our businesses up to a scale where the best employees could be a hemisphere away. But with remote work comes a need for technical support that can span the globe. How do we address a need to provide technical support to remote workers without compromising the integrity of their computer systems? SetMe fulfills this need with an easy-to-setup, easier-to-use expert control panel that connects support teams with remote clients.

Developed by the knowledgeable teams behind FixMe.IT, SetMe is built upon more than 17 years of experience in the remote desktop and support field. Despite the rise in remote work scenarios, the remote desktop software market has stagnated with outdated technology that can be risky for your team to use. The team behind SetMe’s experience sets this software apart because they built it with modern technology that can keep your client’s system secure while still delivering faster, better, more reliable performance compared to the tech support software of yesteryear.

(Image credit: Techinline)

Connecting with SetMe to a remote computer is a simple three-step process. Start by requesting the remote client to download and install the SetMe Client app, from which they will be assigned a randomly generated Client ID. From the expert console, click New Connection and enter the remote user’s Client ID to allow SetMe to connect. From there, tech support teams can then remotely control the desktop. It doesn’t matter if your team is running on a fleet of Macs, Windows PCs, or a combination of the two – SetMe works flawlessly with both systems to allow your tech teams to control as if they were the ones sitting at the keyboard.

A connection via SetMe is safe, reliable, and secure with end-to-end encryption technology that allows your team to access data between remote devices, even if those devices are unattended by another user. Remote work can often mean your team is scattered across multiple time zones, but you don’t need to worry about scheduling conflicts and availability with SetMe. Systems can even stay connected via SetMe through reboots, shut-downs, and when the remote computer is in sleep mode.

(Image credit: Techinline)

Security and productivity are important with remote work, and SetMe can make it easy to track your team's connectivity and login history. This allows you to make more accurate, data-driven decisions for your business without compromising the privacy or workflow of remote team members. Systems with SetMe can be locked down for strict private access rules with consent filters, or more freely available with single-click connections of unattended machines. The SetMe Expert Console is flexible and reliable for a variety of remote tech support scenarios.

All of this connectivity and support is powered by a robust toolset designed to meet the needs of today’s remote workforce. Users can effectively multitask in different windows across multiple connected computers, synchronize clipboard data for easier sharing, transfer files, and run software or other applications as the admin on the client computer. You can even manage multiple machines from one system at one time, making it easy to push updates to clients for hardware or transfer sensitive files simultaneously across your team.

SetMe’s robust tools for supporting remote clients can fulfill a multitude of needs for businesses, but that doesn’t mean the team behind the software is done with innovation. New features are always in the works to further improve the way your team can function, no matter where in the world they may be. SetMe takes feedback from its users to heart, allowing the team to further develop functionality and tools that can make remote tech support better for all of us who rely on the technology.

Sign up now for a 15-day free trial to see if SetMe works for you. If you like having easy, reliable, and secure access to remote systems then you can take advantage of one of SetMe’s two pricing plans: Solo pricing starts at just $33 per month and is ideal for the needs of single techies or small businesses. Professional starts at $41 per seat per month, and provides all the remote tools at your fingertips with the freedom to manage an unlimited number of unattended computers. No matter how big or small your remote tech support needs are, SetMe has the features and reliability you need for your team.

Afraid of credit cards? Don't be. Just follow these tips to avoid the pitfalls.

Overhaul how you clean with one of these factory-reconditioned models at Woot for less than half the price you'd pay for a brand new model.

• More bugs have been uncovered in Windows 11’s December update
• They include some nasty problems with the Start menu falling over
• There is a workaround for the Start menu problem most users are most likely to see, but only tech-savvy folks need apply

Microsoft’s December 2024 update for Windows 11 has reportedly introduced yet more frustrating issues for some users, including a bug that causes the Start menu to stop responding.

These problems, and some other glitches, have been reported for cumulative updates KB5048667 for Windows 11 24H2, and KB5048685 for Windows 11 23H2, according to Windows Latest.

There appears to be a few separate issues pertaining to Windows 11’s Start menu, the first of which is a visual glitch whereby the search theme for the menu is showing wrongly in white when the user has a dark theme in Windows.

As a dark theme user myself, I could see this being very annoying and obviously visually inconsistent, though it’s not certain this is a widespread bug by any means.

What’s more worrying is that there are seemingly bugs here which break the Start menu after applying the mentioned updates.

Windows Latest explains that the Start menu can stop working completely if Windows 11 detects that your system has an older version of a particular DLL file (MSVCP_140_APP.dll).

The tech site suggests a possible workaround that requires updating this package, but I would only recommend trying this if you’re really confident that you know what you’re doing. Otherwise, if you’re affected, the only other way out is to ditch the December 2024 update, or put up with a non-functional Start menu until Microsoft investigates this (and hopefully implements a fix).

There’s another bug in Windows 11 that seemingly causes the Start menu to fall over in a similar vein, but the average user won’t run into this, as it’s only affecting Citrix users (in businesses) who are using Virtual Desktop Infrastructure (VDI). That one will be up to IT admins to resolve.

(Image credit: Shutterstock/Wasana Kunpol) More bugginess in the latest Windows 11 update

There are other issues involving these Windows 11 patches for December that have been reported by individual users.

One is the ‘Safely Remove Hardware’ icon staying constantly on the taskbar, and a further isolated report claims that the display looks dull after installing Windows 11 23H2 KB5048685. That could be wrapped up in the HDR-related issues that Microsoft recently confirmed, perhaps.

It’s the Start menu issues which are especially worrying here, as that’s a crucial part of Windows 11 that’s hard to avoid altogether. With reports of many bugs in recent times, particularly with Windows 11 24H2, it seems like Microsoft needs to up its game and try to make cumulative updates more stable upon their release.

Hopefully, the company will be swift and on the ball when it comes to looking into, and subsequently fixing, this latest batch of reported glitches.

YOU MIGHT ALSO LIKE...

• Microsoft lays out reasons Windows 10 gamers should upgrade to Windows 11, but I can pick a few holes in these arguments
• Windows 11’s new webcam settings will make adjusting resolution a breeze - no extra software needed
• Microsoft continues to mess up Windows 11 Recall, failing to provide fix for weird bug that breaks the feature

• Google admins can now migrate Microsoft Teams channels data to Chat
• Customization, including date ranges, is supported
• It’s available to all Google Workspace subscribers now

Google has launched a new offensive in the online collaboration market with a new service making it easier to migrate Microsoft Teams conversations into its own Chat service.

“We’re expanding our data migration experience to include the ability for Google Workspace admins to migrate conversations from channels in Microsoft Teams to spaces in Google Chat," the company noted in a Google Workspace updates blog post announcing the news.

The hope that that businesses can deploy Google Chat more easily by experiencing less downtime during the transition.

Teams-to-Chat migration is now even easier

Within the ‘Chat migration’ menu of Google Chat, admins can connect to opposing Microsoft accounts to import Teams data. Migration maps and identity maps can be uploaded as csv files, and admins will also have the option to enter the start date for messages to be migrated from.

“You can also run a delta migration, which will migrate any messages added to Teams channels since the primary migration. Messages that are already successfully migrated are skipped," Google added.

Admins can also produce reports based on completed migrations to identify content that skipped, failed or had warnings.

Moreover, the feature requires those taking the action to be Google super admins and Microsoft Teams Global Administrators.

Google said the feature is available to all Google Workspace users now, however a screenshot of the process shared shows a ‘Beta’ icon next to the ‘Chat migration’ heading. TechRadar Pro asked Google to confirm if the feature is now generally available or whether it remains in beta, but we didn’t get a response immediately.

Although Microsoft has settled a complaint that its bundling of Teams into Microsoft 365 puts competitors at a disadvantage, the company still faces distrust if only by its competitors.

Companies that still need to use the two platforms (and/or others) should consider enabling Mio. Google announced its interoperability with Teams and Zoom using this third-party service earlier in 2024.

You might also like

• Check out the best video conferencing software around
• Gemini will yada yada your Google Chat into a neat summary
• Cut the costs with our pick of the best free office software

Google's major search algorithm updates this past year have left many smaller websites with no other choice than to lay off staff. The internet is worse for it.

Nothing in tech lasts forever. CNET's Bridget Carey says goodbye to the tech gadgets and services that vanished from our lives in 2024.

• Google has laid off 10% of managers, directors, VPs
• More than 1,300 Googlers have already lost their jobs in 2024
• The company is facing threats from rivals and regulatory bodies

Google has reportedly cut 10% of its manager, director and VP roles in an ongoing effort to boost efficiency and improve the running costs of the company.

The news (via Business Insider) comes at the end of a troubling year for the company – although layoffs have been nowhere near the 13,000+ plus seen during 2023, hundreds have lost their jobs at the company as part of several rounds of layoffs, including 1,000 at the start of 2024 and a further 300 in May (via layoffs.fyi).

The most recent change, announced by Google CEO Sundar Pichai in a recent all-hands meeting, is hoped to simplify the organizational structure.

Google is laying off its own managers

Employees familiar with the matter shared some managerial roles were being cut altogether, while others would transform into non-managerial roles. This commonly used technique is designed to reduce layers in a company’s organizational structure in an effort to boost efficiency.

The reality is that this is just another move forming part of the company’s overall ambition to be more efficient. Pichai set a goal in September 2022 to become 20% more efficient – his next major round of layoffs, affecting 12,000 in one fell swoop, likely addressed a big portion of that.

However, this may not be enough for Google, which has come under threat in more than one area. Its artificial intelligence efforts have already been dampened by OpenAI’s immeasurable success with ChatGPT, and now, that tool is threatening the market dominance of Google.com. Separately, Google’s search market dominance has recently come under fire, with other areas of the business also open to potential regulatory action.

You might also like

• Worried about the news? Here are the best job sites and best recruitment platforms
• Boost your upskilling efforts with the best online learning platforms
• Salesforce reveals major hiring push to sell AI products

• Apple has multiple teams working on AirPods health monitoring
• Heart-rate tracking is already close to Apple Watch accuracy
• Most features may not be ready for AirPods Pro 3

If you thought Apple's AirPods business was pretty sweet – last year it made more money than all of Nintendo from its headphones and earbuds alone – then you ain't seen nothing yet: Apple is reportedly pushing the best AirPods further into the healthcare business, a business that Morgan Stanley claims could be worth over $313 billion to Apple by 2027.

The latest report, from Bloomberg's Mark Gurman, says that Apple has multiple teams working on bringing multiple forms of Apple Watch-style health tracking to its earbuds, and the next big one could arrive with the AirPods Pro 3.

Why your ears could be good for your health

Apple has already taken its AirPods into the healthcare market with the addition of hearing aid features in the AirPods Pro 2. But their potential isn't limited to audio. Those little buds in your ears, it turns out, are also well placed to monitor your heart rate, your body temperature and other vitals.

According to Bloomberg, the tech isn't quite there yet – the most progress so far has been on heart-rate tracking, but the accuracy isn't quite up there with the Apple Watch – but Apple is very keen to make your buds into health devices as well as music and speech ones.

Apple isn't the first firm to think of this, of course. We covered a lot of the contenders for health-tracking earbuds several years ago; for example, the Amazfit Powerbuds Pro were sold on the basis of health tracking features back in 2021, but as we found in our tests, the heart-rate results were consistently wrong. That said, Amazfit doesn't exactly have Apple's R&D budget or teams of experts; if any firm can get the tech right, it's likely to be Apple.

And there are some good reasons to put your health tracker in your ear. As our very own Cat Ellis wrote back in 2021, in some circumstances your ear's a better place for a tracker than your wrist. "For example, working out in cold weather can result in reduced blood flow to your hands and fingers, which affects the accuracy of smartwatches and devices like the Oura smart ring. The darkness of your ear canal helps as well, as it means there's no ambient light to interfere with the LED light being reflected back from your skin and detected by the optical heart rate sensor."

Cat continues: "Your ears are supplied by the same artery as your brain too, which results in a consistent blood flow and a strong signal for the sensor to detect. The data from an earbud is also likely to contain less 'noise' than that from a watch or ring".

The most likely scenario for health tracking in the future is to have a range of devices for different types of people and different use cases: smart watches, smart rings and soon, smart earbuds too. Apple already offers the first, and we know it's at least experimenting with the second and third.

If you already have a pair of the fantastic AirPods Pro 2, would the addition of health sensors persuade you to upgrade? Maybe not for most people, but perhaps Apple is banking on the same question it's created for the best Apple Watches compared to other smart watches: if the AirPods could detect heart problems and dangerous falls and who knows what else… would you be mad not to buy them?

You might also like

• What happened when my dad tried AirPods Pro 2's new hearing aid mode
• Our review of the "top-tier" Oura Ring 4
• The best smartwatches for absolutely everybody

The incoming Trump administration has signaled its hostility toward EVs. Will the red-state/blue-state divide come for public charging?

North Las Vegas has a bunch of great internet providers. CNET's internet experts have found the best internet plans in the area, including the cheapest and fastest ones.

• Kaspersky recently discovered new additions to the Lazarus DreamJob campaign
• The criminalss targeted two people working in the same nuclear-related firm
• In the attack, they used updated malware to try and gain access

The infamous Lazarus Group, a threat actor linked to the North Korean government, was recently observed targeting IT professionals within the same nuclear-related organization with new malware strains.

These attacks seem to be a continuation of a campaign first kicked off in 2020, called Operation DreamJob (AKA Deathnote), were the attackers would create fake jobs and offer these dreamy positions to people working in defense, aerospace, cryptocurrency, and other global sectors, around the world.

They would reach out via social media such as LinkedIn or X, and run multiple rounds of “interviews”. At any point during these interviews, the victims would be either dropped a piece of malware, or trojanized remote access tools.

CookieTime and CookiePlus

The end goal of this campaign is to either steal sensitive information, or cryptocurrency. Lazarus has, among other things, managed to steal roughly $600 million from a crypto company back in 2022.

As Kaspersky explained in its latest writeup, in this case, Lazarus targeted two individuals with malicious remote access tools. They then used the tools to drop a piece of malware called CookieTime, which acted as a backdoor, allowing the attackers to run different commands on the compromised endpoint.

This gave them the ability to move laterally across the network and download several additional malware strains, such as LPEClient, Charamel Loader, ServiceChanger, and an updated version of CookiePlus.

Kaspersky says CookiePlus is particularly interesting, since it is a new plugin-based malicious program, discovered during the most recent investigation. It was loaded by both ServiceChanger and Charamel Loader, with variants being executed differently, depending on the loader. Since CookiePlus acts as a downloader, its functionality is limited, and it transmits minimal information.

The attacks took place in January 2024, meaning Lazarus remains a major threat coming out of North Korea.

Via The Hacker News

You might also like

• Watch out - that dream job offer could be a malware scam
• Here's a list of the best antivirus tools on offer
• These are the best endpoint protection tools right now