Technology

No more snoozing the alarm ten times, this Alexa smart alarm clock is almost half off for the holidays.

• BishopFox scanned the internet for SonicWall VPNs and found hundreds of thousands that can be accessed via the internet
• Tens of thousands were running old, vulnerable software versions
• Some were past their end-of-life date, putting them at risk of attack

Tens of thousands of SonicWall VPN firewall platforms are vulnerable to different flaws, putting their users at risk of remote exploitation, data breaches, privilege escalation, and more.

Cybersecurity researchers at BishopFox scanned the internet with Shodan and BinaryEdge, and running proprietary scripts to analyze the returning data, discovered there were 430,363 endpoints exposed to the internet.

While this doesn’t necessarily mean they’re vulnerable, endpoints such as these ones should not be connected to the wider internet to begin with, since it means crooks could try to access them and look for holes.

End of life

"The management interface on a firewall should never be publicly exposed, as this presents an unnecessary risk," BishopFox said in its report. "The SSL VPN interface, although designed to provide access to external clients over the internet, should ideally be protected by source IP address restrictions."

Drilling deeper, BishopFox found that almost 120,000 endpoints were running versions affected by serious vulnerabilities, including 25,485 endpoints with critical severity flaws, and 94,018 endpoints with high severity bugs. Furthermore, they said that 20,710 endpoints were running versions of the software that are no longer supported by the vendor.

This presents a rather large attack surface that threat actors can exploit. SonicWall SSL VPN devices are often targeted in different campaigns, including the recent strikes by both Fog and Akira ransomware groups. These threat actors were abusing flaws to gain initial access to corporate networks, where they later deployed ransomware encryptors and wreaked havoc across enterprise infrastructure.

To tackle the threat, businesses should make sure they are always running the latest versions of their software, and that their endpoints are still supported by their respective vendors.

Via BleepingComputer

You might also like

• Sneaky malware abuses CAPTCHA to bypass browser protections
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

Bluetti is offering some serious discounts on its power stations and bundles just before the holiday. Our CNET-exclusive coupon code supercharges these deals.

Day 10 of the 12 Days of OpenAI went a little retro to make ChatGPT far more accessible than before. OpenAI has introduced new ways to interact with ChatGPT using a much older form of communication technology: a phone number. Specifically, you can text with ChatGPT through WhatsApp and by calling a toll-free phone number. AI by landline has arrived. Naturally, the number to call or message is 1-800-CHATGPT.

You can start a conversation with ChatGPT on WhatsApp by texting 1-800-242-8478 on the app. You can message ChatGPT like any other WhatsApp chatbot but get responses matching those from the free tier of ChatGPT on the mobile app or website. Not every ChatGPT feature is available on WhatsApp either. You can’t ask the AI to search for things online or analyze images, at least for now.

If you’d rather have your AI answers by audio, you can pick up your phone to dial 1-800-CHATGPT (that’s 1-800-242-8478), and a very friendly, very human-like female voice will answer all the same queries you might type out to send to ChatGPT. The experience is pretty much like ChatGPT’s Advanced Voice Mode, where you ask questions, and the AI responds in real-time. It can help you translate a sentence, give recommendations, or chat about whatever’s on your mind.

Even if you still you have a phone like this, you can call ChatGPT. (Image credit: Future) Search AI

There are obvious accessibility benefits to OpenAI in making ChatGPT far more globally available, even with all of the limits and caveats. It’s the same reason Google set up a phone number for Google Assistant that people could call to interact with the voice assistant. But, it also points to how OpenAI and its rivals want to see AI integrated into more communication channels. That’s why both OpenAI and Apple were keen to add ChatGPT capabilities to Siri, augmenting the iOS assistant with the AI model.

There are also limits to ChatGPT on WhatsApp and by phone. You can only message ChatGPT on WhatsApp a limited amount a day, though OpenAI is vague about what that limit actually is. You’ll get a warning when you approach the limit, so you’re not surprised by the cutoff. Similarly, ChatGPT phone conversations aren't unlimited. Instead of a message cap, you get 15 minutes a month for verbal interactions with the AI. And the phone number only works in the U.S. for now. An automated phone number was certainly a surprise for OpenAI’s latest ‘present,’ akin to finding an old wooden train under the wrapping paper. I'd expect that OpenAI will probably take a more future-facing approach to the final two gifts before the event ends.

You might also like

• ChatGPT brings its conversational search engine to everyone
• ChatGPT's new Projects feature can organize your AI clutter
• ChatGPT adds eyes to its voice with new screen and video sharing feature

• Amazon's flagship Fire TV Omni Mini LED TV series will now support Dual Audio.
• This feature will allow it to stream sound to a supported hearing aid and through the TV speakers.
• A raised QR Code with access to setup instructions is being included within select Amazon Device packaging.

Amazon’s had a pretty packed few months – including new Kindles, a Fire TV Stick refresh, and an entry into Mini LED TVs – and is now debuting a new accessibility feature, expanding another, and highlighting an accessible addition for some product packaging.

A variety of Fire TV devices already support the ability to beam audio directly to hearing aids thanks to support for the Audio Streaming for Hearing Aids (ASHA) protocol. Amazon’s latest move, though, is dubbed “Dual Audio” and is exclusive to the Fire TV Omni Mini LED TV series for now – with this, you can send audio using ASHA to a hearing aid and audio through the TV’s speakers.

This is the first time a Fire TV device can send audio out in two streams. This way, if you’re wearing a hearing aid, you can watch TV with family members and have it be a communal experience without any delays. It’s exciting to see this launch for the Fire TV Omni Mini LED TV series, but I do hope Amazon can expand this to other Fire TV devices as well – be it a Fire TV 4-Series model or a streaming stick.

(Image credit: Amazon)

A software update will be required to enable this, and it will start rolling out to the Fire TV Omni Mini LED TV series in the ‘coming weeks.’ Once it’s installed, you’ll be able to turn on ‘Dual Audio’ in Settings under Accessibility. You’ll pair a compatible hearing aid with the TV to start the process, and then with it, you can have audio through the aid as well as the TV speakers. After that first setup, you can also use quick settings to turn the feature on and off.

More broadly, beyond just the Fire TV Omni Mini LED TV series, Amazon is expanding the types of hearing aids that can be paired with its Fire TV family of devices. Now supported via the audio streaming protocol for hearing aids are Widex Moment Behind-The-Ear (BTE) and Receiver-In-Canal (RIC) aids. BTE and RIC hearing aids will be supported on all ASHA-enabled Fire TV devices like the Omni TV lineup, Fire TV Cube, and the 2- and 4-Series Fire TV models.

(Image credit: Amazon)

Beyond support for more types of hearing aids and Dual Audio on the Fire TV Omni Mini LED TV series, Amazon has also added a tactical-marked, raised QR code inside the packaging of select devices. The QR code, which features raised dots, is designed to help customers who have low vision or are blind easily access quick setup guides and other support documents. You’ll scan the QR code and be taken to these; the raised QR code is found on the “top left corner on the back panel of the device Quick Start Guide” inside the packaging.

It’s not found on every device that Amazon makes, but it is found on some of the new Kindles – Colorsoft, Paperwhite, and Scribe – the Fire TV Soundbar and Soundbar Plus, Fire TV Omni Mini-LED Series, Echo Spot, Echo Show 15, and Echo Show 21.

You might also like

• Amazon unveils all-new Fire TV products, including an Omni mini-LED TV to take aim at Hisense and TCL, plus a Dolby Atmos soundbar
• The DJI Mic Mini is superb, but there's one big reason I'd pick the Rode Wireless Micro for smartphone content creation instead

We found the best internet packages in Glendale, whether you want the fastest internet provider or fiber internet options.

• Microsoft revives PC accessories with Incase, rebranding classics like the Modern Mobile Mouse and keyboards.
• Affordable, ergonomic, and wireless options headline the new lineup, starting with 23 versatile accessories.
• Surface remains Microsoft's premium gear focus, blending cutting-edge tech with its signature Surface branding.

Some people might not know that until pretty recently, Microsoft made computer accessories - and it looks like Microsoft is dipping its toe in again. The company actually has a considerable history of creating PC accessories, from ergonomic keyboards to high-precision mice. After discontinuing its own brand of PC accessories last year, Microsoft has partnered with Incase to bring back some of those back.

Incase put out a post announcing the partnership starting in 2024, promising to combine both companies’ expertise to bring you 23 computer accessories to start with and possibly more to come. You can get products that some might recognize, such as the Modern Mobile Mouse or Sculpt Ergonomic Keyboard, but now with the Incase logo and branding.

(Image credit: Incase) What Incase and Microsoft have to offer

In practical terms, these accessories will work just as well as the originals and they come at great prices that won’t make you jump out of your seat. For example, the $24.99 Mobile Mouse 1850 is a lightweight, reliable wireless mouse that’s perfect for everyday tasks, while the $39.99 Modern Mobile Mouse offers a sleeker design with better performance for on-the-go professionals. This new lineup also includes keyboards that are wireless, ergonomic, and compact, along with headsets and a webcam.

While Microsoft has pretty much entirely left the PC accessory market, its Surface range includes Surface-specific gear, like the Surface Desktop Keyboard with its AI-powered Copilot+ key, which shows off Microsoft’s commitment to its premium Surface lineup. So, whether you’re looking for dependable classics under the new “Incase Designed by Microsoft” label or cutting-edge tech under the Surface brand, Microsoft has something for everyone.

Those who are familiar with Microsoft’s computer accessories will probably welcome this announcement. While some have complaints about products like Microsoft 365, Edge, and, of course, Windows, it is still a highly trusted company, and with Incase’s collaboration efforts, I think these will be pretty decent quality for the price.

YOU MIGHT ALSO LIKE...

• Are mechanical keyboards overrated or worth the switch? My keys to finding the perfect fit
• The printer market may have been cornered by a single brand, but a surprising number of people just don't have one
• The best PS4 controllers in 2024: our favorites from Sony, Victrix and more

The newest flagship phone from OnePlus will launch at the company's Winter Launch Event in January.

Expert predictions still call for rate cuts next year, but that could change if inflation reignites.

• CISA issues BOD 25-01, the first binding directive of the year
• It addresses Microsoft 365 security, which is under threat
• Other cloud providers will be added soon, as well

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued its first binding operational directive for 2025, which includes a set of rules and requirements to make sure the Microsoft 365 cloud environments meet its cybersecurity standards.

BOD 25-01 is mandatory for all Federal Civilian Executive Branch (FCEB) systems and assets, but CISA advises enterprises in the private sector to follow along, as well.

It revolves around deploying a custom automation configuration assessment tool (ScubaGear for Microsoft 365 audits), integrating with CISA’s continuous monitoring infrastructure, and then fixing any deviations from the list of required secure configuration baselines (SCB).

Mandatory policies

"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," CISA said.

"This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA's Secure Cloud Business Applications (SCuBA) secure configuration baselines."

Here is what CISA demands FCEB organizations do:

- Identify all cloud tenants within the scope of this Directive by February 21, 2025.
- Deploy all SCuBA assessment tools for in-scope cloud tenants no later than Friday, April 25, 2025
- Implement all mandatory SCuBA policies effective as of the Directive’s issuance no later than Friday, June 20, 2025
- Implement all future updates to mandatory SCuBA policies
- Implement all mandatory SCuBA Secure Configuration Baselines

The list of all mandatory policies can be found on the Required Configurations website. At press time, it included secure configuration baselines for Microsoft 365, Azure Active DIrectory / Entra ID, Microsoft Defender, Exchange Online, Power Platform, SharePoint Online & OneDrive, and Microsoft Teams.

Google and other cloud platforms are set to follow in the coming months.

CISA also has a list of mandatory actions, you can read more about those here.

Via BleepingComputer

You might also like

• Sneaky malware abuses CAPTCHA to bypass browser protections
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• LG's Signature OLED T transparent OLED TV is now available to buy in the US for $59,999.
• The design-forward TV permits a range of installation options, including in front of windows.
• Connections are made to the Signature OLED T wirelessly using LG's Zero Connect box, with 4K 120Hz support.

LG has announced that its 77-inch Signature OLED T transparent OLED TV is now available to buy. The world’s first transparent OLED TV with wireless audio and video transfer, the Signature OLED T made a big splash when it was demonstrated at CES 2024, where it was shown without any confirmed release date or price.

We now have that information: The 77-inch Signature OLED T is available at select LG retailers, Best Buy, and LG.com for $59,999 in the United States. Availability in other markets will be announced at a future date.

The LG Signature OLED T’s screen can transform from transparent to opaque at the push of a button, allowing for a range of display options, including installation in front of windows. When in transparent mode, objects on-screen appear to float in 3D space. In opaque mode, a roll-up back panel transforms it into a regular display for streaming movies and TV, and the Signature T is also optimized for gaming, with 4K at 120Hz support, AMD FreeSync Premium compatibility, and Nvidia G-Sync certification.

According to LG’s press release, the Signature OLED T provides three separate display options:

• T-Objet: an always-on display mode.
• T-Bar: an info-ticker that runs along the screen’s bottom edge, displaying info such as sports results and weather forecasts.
• T-Home: a standard smart TV interface displaying apps, settings, and other services.

Transparent TVs get real

(Image credit: Future)

Transparent displays captured our imagination at CES 2024, with LG and Samsung making them a primary focus of their “Innovation room” exhibits. Of the two, LG’s Signature OLED T looked the most ready for prime time. Although no availability date was given, it was said to arrive in 2024.

LG has clearly made good on its promise, with the Signature OLED T arriving just in the nick of time in mid-December 2024. At $59,999, the transparent OLED is quite a bit more expensive than the best OLED TVs, even 83-inch 8K models such as the LG Z3.

Still, for those craving a design-forward TV that pushes the limits of tech and captures the imagination, the Signature OLED T might just be the ticket.

@techradar

♬ One Night - Frank Bramble & Slip.stream You might also like...

• Samsung's world-first transparent micro-LED display is at CES, and it's like a hologram
• LG wants to make transparent OLED TVs a thing at last
• 20 best gadgets of CES 2024

• Huawei may be adding HBM support to Kunpeng SoC
• Clues hint at a replacement for the Kunpeng 920, launched in 2019
• New SoC with HBM may target HPC, server market rivals

Huawei engineers have reportedly released new Linux patches to enable driver support for High Bandwidth Memory (HBM) management on the company’s ARM-based Kunpeng high-performance SoC.

The Kunpeng 920, which debuted in January 2019 as the company’s first server CPU, is a 7nm processor featuring up to 64 cores based on the Armv8.2 architecture. It supports eight DDR4 memory channels and has a thermal design power (TDP) of up to 180W. While these specifications were competitive when first introduced, things have moved on significantly since.

Introducing a new Kunpeng SoC with integrated HBM would align with industry trends as companies seek to boost memory bandwidth and performance in response to increasingly demanding workloads. It could also signal Huawei’s efforts to maintain competitiveness in the HPC and server markets dominated by Intel Xeon and AMD EPYC.

No official announcement... yet

Phoronix’s Michael Larabel notes that Huawei has not yet formally announced a new Kunpeng SoC (with or without HBM), and references to it are sparse. Kernel patches, however, have previously indicated work on integrating HBM into the platform.

The latest patches specifically address power control for HBM devices on the Kunpeng SoC, introducing the ability to power on or off HBM caches depending on workload requirements.

The patch series includes detailed descriptions of this functionality. Huawei explains that HBM offers higher bandwidth but consumes more power. The proposed drivers will allow users to manage HBM power consumption, optimizing energy use for workloads that do not require high memory bandwidth.

The patches also introduce a driver for HBM cache, enabling user-space control over this feature. By using HBM as a cache, operating systems can leverage its bandwidth benefits without needing direct awareness of the cache’s presence. When workloads are less demanding, the cache can be powered down to save energy.

While we don't have any concrete details on future Kunpeng SoCs, integrating HBM could potentially allow them compete more effectively against other ARM-based server processors, as well as Intel’s latest Xeon and AMD EPYC offerings.

You might also like

• US sanctions allow Huawei 'case-by-case' access to chip-making equipment
• Huawei is pairing its supercharged SSD with a 60-year old technology
• First AMD EPYC 9965 benchmarks are in and universally positive

This is the first case of H5N1 in the US this year that has sent a patient to the hospital.

These 2022 ANC earbuds are a steal at just $100 -- but you've only got a few hours left to grab them at the absolute lowest price we've seen.

• Secret Level will return to Prime Video for season 2
• Right now, no release date, cast, or story details have been revealed
• The news comes after more episodes dropped on the streamer yesterday (December 17)

Secret Level is getting a second season on Prime Video, even though its first season has received a mixed response from critics and fans. Nevertheless, one of the best streaming services has decided to commission more episodes following the release of season 1's final few entries yesterday (December 17).

We don't have a confirmed release date for season 2 yet, and we also don't know if any of the big stars from season 1 will return in potential sequels to the standalone stories.

The first season features plenty of big names including Arnold Schwarzenegger, Kevin Hart, and Keanu Reeves, all of whom provided voices for an anthology series that celebrates the world of gaming, with episodes based on the likes of Dungeons & Dragons, Sifu, New World, Unreal Tournament, and Warhammer 40,000 all appearing.

What has been the response to Secret Level season 1?

Currently, Secret Level season 1 has a 67% Rotten Tomatoes critical score, meaning it's not eligible to appear on our best Prime Video shows list. Indeed, reviewers haven't been overly impressed, with TechRadar's very own senior entertainment reporter Tom Power criticizing the series in our weekly round-up on December 13, saying: "I've seen all 15 episodes and, while I can vouch for how gorgeous some of them look and the intriguing stories they tell, many of them come across as hollow, cash-grab-esque advertisements".

Adding further fuel to the "not good enough" fire, it's received five "rotten" scores from critics on the reviews aggregation website as well. So, while audiences seemed happy enough to give it a 'Popcornmeter' score of 82%, it hasn't done enough to win over critics.

Still, there's always room for improvement and I'm interested to see if season 2 will make it onto our best Prime Video shows list now that its chief creative team has had feedback from gamers worldwide everywhere. Over to you, Amazon and Blur Studio.

You might also like

• Secret Level is Prime Video’s new hit show, but it’s game over with the critics – here are 3 better anthology series to watch
• How to watch Secret Level online – stream video game anthology series from anywhere
• Prime Video is testing a great new feature that'll use AI to better recommend movies and shows

I recently reviewed the DJI Mic Mini and Rode Wireless Micro – both are superb quality wireless mics for content creation, designed to be ultra simple for capturing better audio with smartphones.

I'd recommend either in general, but if I were to pick one for myself, it would be the teeny tiny DJI Mic Mini, no question. Overall, it's a more versatile bit of kit for smartphones and cameras, with reliable connectivity via its receiver or Bluetooth, and the price difference between the two kits is negligible.

If you shoot with DJI cameras such as the Osmo Pocket 3 or Osmo Action 5 Pro, it's an even easier choice because those cameras feature built-in receivers for streamlined pairing with DJI's mics, including the pricier DJI Mic 2 – our camera accessories product of the year.

What's more, you can buy Mic Mini components individually, meaning you can save yourself a packet just picking up a mic for those DJI cameras, rather than the full kit with receiver.

All that said, more people shoot video just with smartphones, and for those people the simpler Rode Wireless Micro takes the DJI out with a knock-out punch.

(Image credit: Future / Tim Coleman) The winning one-trick pony

DJI's Mic Mini works for cameras and smartphones, while the Rode Wireless Micro is just for smartphones. I shoot with both so the choice is clear. But for smartphone-only creators, I think Rode's mic makes more sense.

The best method to connect the mics with your phone is through a receiver. That's the only method for Rode's mic, and the receiver slots neatly across the underside of your phone, connected to your USB-C (or Lightning) charging port (see gallery below). It's slim and it's simple too – there are no controls on it or the mics whatsoever.

You plug the receiver into your phone, follow the on-screen prompts (which might include selecting the wired mic option in favor of your phone's built-in mic in the camera app menu) and you're up and running in seconds. Everything is automated.

The Mic Mini's receiver is bulkier. Every time I used it with a phone, I was concerned I would snap it off – it sticks out, it's a little awkward, and a better fit with cameras, like into the hotshoe / coldshoe port. DJI's offering has another trick up its sleeve though that bypasses the receiver.

Image 1 of 2

(Image credit: Future / Tim Coleman)

The DJI Mic Mini's receiver is better designed for cameras, while the Rode Wireless Micro's is purpose-made for phones.

Image 2 of 2

(Image credit: Future / Tim Coleman)

You can also connect the DJI Mic Mini to your phone using Bluetooth, meaning no receiver whatsoever. However, I wouldn't trust a Bluetooth connection for video recording in the same way that I would a purpose-made receiver, and audio quality drops from 24-bit depth to 16-bit depth when using Bluetooth instead of the receiver.

Bluetooth connectivity is fine at a pinch and still beats the audio quality of your phone's built-in mics, even when you're armed with voice enhanced audio, like you get with the latest Google Pixel handsets.

The Mic Mini also has a few manual controls to play with. There's a one-push noise reduction mode, plus ±12db audio level control on the receiver. These are great tools to have, but for phone users I think Rode's simpler approach – an automated 'Intelligent GainAssist technology' – again makes more sense.

And so while the DJI Mic Mini outstrips the Rode Wireless Micro in most ways, it's the Rode mic's outright simplicity that wins through for smartphone creators. I just hope Rode makes the Wireless Micro components available individually in the future – some of us could save a few pennies that way, especially if replacement parts are needed.

You might also like...

• The best cameras for vlogging: top choices for every budget
• Boya launches the world's smallest and lightest wireless mic, and it's super cheap

The Anker Soundcore C30i earbuds are almost 30% off, bringing them to the lowest price of the year.

Nvidia's Jensen Huang shows off the company's new $249 Jetson Ori Nano meant for developers, students and builders in the generative AI Space.

Gift cards are a solid last-minute gift for your loved ones. Right now Amazon is also offering a credit of $5 with this purchase.

Arne Slot's Reds look to move a step closer to another trip to Wembley.