Technology

Gaming peripheral manufacturer Thrustmaster has revealed the Thrustmaster Heart Controller. This new gamepad, which is compatible with both Xbox and PC, features Hall Effect thumbsticks and mechanical buttons.

Accuracy and longevity seem to be at the center of its design. The name, which is actually an acronym, stands for "Hall Effect AccuRate Technology" - a fancy marketing term for what appears to be very similar to Hall Effect technology that is already found in many of the best Xbox controllers and PC controllers.

The company claims that the controller leverages its 15 years of experience in crafting Hall effect flight sim peripherals for top accuracy and performance and will not suffer from any stick drift over time. Its mechanical buttons have a 0.3mm actuation distance and are reportedly 64% faster than regular membrane inputs, too.

This is also a wired controller, which will presumably also help cut down any potential input latency (and cost). Specs aside, the Thrustmaster Heart Controller does have quite an eye-catching overall design. It boasts a rather unconventional two-tone black and white pattern, meaning that it should match both the standard Xbox Series X and Xbox Series S models.

A bright LED strip runs down the middle of the controller, separating the two colors and lending it some extra flair. This lighting is customizable and can be set to six colors including orange, blue, and red. On the back of the controller, you can find two remappable rear inputs. A range of settings, including the ability to remap these and alter thumbstick sensitivity, can be accessed via the existing ThrustmapperX software.

The controller will be compatible with PC, Xbox Series X, Xbox Series S, and Xbox One. It is available to pre-order now for $99.99 / £89.99 via Thrustmaster and Amazon with shipping expected to begin next month.

You might also like...

• Starfield: Shattered Space finally ditches the empty expanse of space for a more finely-crafted location, and I couldn’t be happier
• Heads up, you can get two of my favorite Lego games for free right now with your Amazon Prime membership
• It's official, Shaq is coming to Fortnite - here's everything you need to know

One woman spills the beans about giving birth to rich people's children. “They were offering Scrooge McDuck buckets of money.”

In the quest for more powerful electronic chips, a persistent challenge has been how to efficiently dissipate the increased heat they generate.

Among the promising solutions, researchers are now looking towards bionics - drawing inspiration from nature - for innovative technologies that could eventually revolutionize AI data centers.

A research team led by Prof. Ye Hong from the University of Science and Technology of China has developed a groundbreaking bionic ceramic wick for Loop Heat Pipes (LHPs), inspired by the natural transpiration process of leaf stomata. Their research, published in Langmuir, addresses a key limitation of traditional LHPs, which use wicks with uniform pore sizes, reducing efficiency at high heat fluxes due to vapor blockages and increased thermal resistance.

Promising early results

The newly developed bionic wick features an asymmetric pore structure, which optimizes heat transfer by overcoming these challenges, offering a more effective solution for high-power chip cooling.

The design mimics leaf stomata, with straight finger-like pores serving as vapor channels, significantly reducing vapor transport resistance, and enhancing heat dissipation. This structure enables a higher critical heat flux, allowing for better management of high-power chip cooling. The use of ceramics, instead of metal, for these wicks also offers enhanced corrosion resistance and thermal stability, critical for the long-term performance of advanced electronics.

The manufacturing process employs phase-inversion tape casting, commonly used for producing porous ceramic membranes. This innovative method not only allows for creating the desired multiscale pore structures in a single step but also ensures a solid and consistent output.

Initial tests of the bionic wick within LHP systems have shown promising results. By optimizing the balance between capillary force and flow resistance, the bionic wick efficiently transports working fluids and enhances the system's thermal performance. This advancement has the potential to extend beyond just computing hardware, with applications in aerospace, microelectronics, and energy sectors.

This pioneering approach could redefine thermal management strategies in data centers powering artificial intelligence, paving the way for more efficient and sustainable solutions inspired by the natural world. Researchers are hopeful that continued development and adaptation of these bionic structures will help overcome existing challenges and meet the demands of next-generation electronics.

More from TechRadar Pro

• Metal foams promise 90% improved heat exchange for data center cooling
• Evolving data center cooling for AI workloads
• Forget Atlantis: How data centers can use liquid above ground to stay cool

Several key refinance rates trended upward this week, but rates are still well below last year's highs..

A handful of key mortgage rates climbed higher. Here's what experts say is next for the housing market this year.

Back in August, Android users got access to a new Gemini-powered feature called Gmail Q&A, available to those with a Google One AI Premium plan or a Workspace account. Now the same feature is going live for iPhone users as well.

As explained in a Google blog post, the idea is you use Gemini to search through your inbox and ask questions about it. The example Google gives is "show unread emails from Jordan" but prompts like "what was I talking about with Chris?" or "tell me about the emails I've had today" work as well.

"Gmail Q&A can help you answer specific questions about your emails, show you unread messages or messages from a specific sender, summarize emails about a topic in your inbox, and even answer general questions from search, all without having to leave your inbox," explains Google.

Right now, the feature is only available in English. If you're not signed up to Google AI Premium ($19.99 / £18.99 / AU$32.99 a month), you need to have a Workspace account with Gemini add-ons included, and smart features and personalization turned on.

How to use Gmail Q&A

Gemini can summarize emails from any day (Image credit: Future)

If you meet the criteria for Gmail Q&A, powered by Gemini, you should see the Gemini star icon up in the top right corner of the Gmail app for Android or iOS. If you're viewing a specific email, the same icon is up at the top near the center.

Tap this icon to launch Gemini, and you can start asking questions – it works in a similar way to Gemini on the web, so you can write in a natural way about anything to do with your email. Ask to see certain messages, or get summaries of conversations, or ask about the contents of emails stored in your inbox.

Based on a brief bout of testing, it all works rather well. As always with AI though, it's worth double-checking important information: handily, Gemini provides a list of its sources underneath every answer, so you can tap through on these links to read the emails it's talking about.

This is on top of the other Gemini features already in Gmail, such as tools to help you write or rewrite your emails. In its Gmail Q&A announcement, Google notes similar Gemini search tools will be arriving in Google Drive too in the near future.

You might also like

• Gemini in Gmail will now provide smarter quick replies
• Gmail remains by far the most popular email service
• Google says Gmail is getting even tougher on spam

Apple’s rumored batch of M4 Macs could be with us shortly, and these machines might launch later in October, and go on sale soon thereafter according to the latest from the rumor mill.

This is more from Mark Gurman, a respected Apple leaker who spills gossip regularly via a weekly newsletter, the latest chatter from which insists that Macs with M4 chips will be revealed towards the end of October, and at least some of those devices are set to go on sale come November 1.

As previously rumored, the M4-toting hardware to be launched includes an entry-level MacBook Pro 14-inch, alongside higher-end models of that 14-inch laptop, and high-end MacBook Pro 16-inch flavors too (nothing on the lower-end in the latter case).

There’s also an iMac M4 on the horizon, and a redesigned, more compact, Mac mini with options for the M4 or M4 Pro chips (and also a new iPad mini M4).

More M4 Macs are coming next year, as Gurman has already told us, likely MacBook Air 13-inch and 15-inch models, which are set to arrive at some point in the first half of 2025. Previously, Gurman has hinted these could debut in Q1 of 2025, but that prediction isn’t made in this latest newsletter (possibly because it’s a whole raft of products the leaker is talking about here, including accessories, so launch timings may be a bit all over the place across the board).

Those laptops will supposedly be followed by a refreshed Mac Studio with M4 CPU (long-awaited by some folks) which could arrive around the middle of 2025, towards the start of H2 – so that might be July or August – and then a Mac Pro M4 will follow later in the second half of next year.

Also in late 2025, we can expect the first generation of M5 Macs, Gurman believes, meaning Apple will maintain its current cadence with its range of computers – this would presumably include the MacBook Pro M5 models, and maybe more.

(Image credit: Future / Lance Ulanoff) Analysis: A plausible scenario, but there’s room for doubt yet

All of this sounds plausible and it chimes with what Gurman has said before, multiple times, so the leaker appears to be confident enough in these assertions. Recently, we thought we detected a wobble in that confidence around a potential October unveiling for the M4 Macs, but it appears that any doubt has been pushed aside – if indeed there was any present in the first place.

With a potential on-sale date now being put forward, one that’s less than four weeks away, these predictions now feel more concrete – especially as we’ve seen quite a lot of leaks around the MacBook Pro M4 very recently, including purported photos of the box, which makes sense if it’s imminent.

Of course, we must still be cautious about what to expect as ever. Even if these are Apple’s plans correctly laid out as they stand now, things could still change over the course of October.

One of the big questions remains, though: are we set to see 16GB of RAM as an absolute minimum configuration for the Unified Memory loadout in the MacBook Pro models, meaning the 14-inch laptop will get this treatment as well – and indeed maybe across all Apple’s Macs? Fingers crossed that’s the case.

You might also like

• There’s more evidence that Apple’s folding-screen MacBook has been delayed
• These are the top MacBook deals right now
• I used to laugh at the Mac Mini but today I bought one

Squarespace website builder review

Squarespace is a top website builder known for its elegant designs and robust features. With over 100 premium, mobile-optimized templates, it’s a favorite for creatives and businesses seeking visually stunning, professional websites.

For

• Built-in email marketing
• Essential e-commerce features with most plans
• Lots of lovely, mobile-responsive templates
• Free trial with no credit card info required
• Helpful link in bio tool
• Free SSL certificate
• Helpful 24/7 customer support and well-supplied knowledgebase
• A solid set of features

Against

• Can't switch templates without starting from scratch
• No telephone support
• Low level of customization

GoDaddy website builder review

GoDaddy Website Builder is a popular choice for beginners, offering a user-friendly interface and quick setup. With customizable templates and integrated marketing tools, it’s designed to help small businesses and entrepreneurs create functional websites with ease.

For

• 30-day free trial
• 24/7 phone and live chat support
• AI-powered tools for website optimization
• Easy-to-use editor
• Solid range of simple customizations
• Over 100 good-looking templates to choose from
• Marketing and SEO tools included

Against

• AI-generated sites lack creativity and individual touch
• Limited level of customization
• Ecommerce with top-tier plan only
• No app marketplace for additional integrations

Creating a website is easier and more affordable than ever before. From no-code website builders to finding cheap domains and hosting plans, it seems like you can do it all for a couple of bucks. But, among countless brands, two stand out. Both Squarespace and GoDaddy are well known as two of the best website builders on the market, but with many similar tools and features, it is no surprise potential customers often get confused about which one is best for them.

Squarespace primarily offers a drag-and-drop website builder, dynamic website templates, and even multiple products targetting specific businesses such as dedicated templates for sellers, Bio Sites, creator tools for freelancers/ influencers, and SEO tools for digital marketers.

GoDaddy's primary business is the sale of domains, and not very long ago, it started providing additional services like website building, logo making, and more. But this isn’t to say that GoDaddy isn’t a strong competitor in the website building space. In fact, in a short time, it has become one of the key players with powerful tools that are comparable to the likes of Squarespace.

In this guide, we take a look at the most important areas of website building and offer a comparison between what is offered by the two players. The goal isn’t to give a generic answer to ‘which is the best website builder’, but instead provide you with the information you need to make an informed decision on which platform best suits your unique needs and goals.

Squarespace vs GoDaddy: Pricing

(Image credit: Squarespace)

Squarespace pricing is straightforward, starting with the Personal plan. For $16/month (billed annually) you get features like a custom domain, SSL security, unlimited bandwidth, and Squarespace AI.

If you need more, the Business plan for $23/month adds advanced website analytics, free invoices, promotional pop-ups, banners, and a nominal 3% transaction fee on sales. For ecommerce, the Basic Commerce plan at $27/month includes customer accounts, product waitlists, and low stock alerts and the Advanced Commerce plan adds advanced shipping, discounts, and abandoned cart recovery for $52/month.

You can also save on your Squarespace subscription by signing up for an annual plan over monthly billing and using one of the best Squarespace promo codes at checkout.

(Image credit: GoDaddy)

GoDaddy, on the other hand, starts with the Basic plan at $9.99/month, ideal for small businesses that need SSL, unlimited social media platforms alongside unified inbox and website chat. On top of this, the Standard plan adds additional marketing tools like built-in SEO and social posts for $11.99/month.

Next up, the Premium plan at $14.99/month includes all the benefits of the Standard plan, plus recurring appointments. Lastly, if you just want to build an online store, the Ecommerce plan at $24.99/month is the best choice as it covers all the essentials like product listings, shipping, and abandoned cart recovery.

My Verdict: Squarespace is a premium option with higher pricing, ideal for businesses and creatives needing strong design and e-commerce features. GoDaddy offers more affordable, simple plans, perfect for beginners or businesses looking for a quick and easy website setup.

Squarespace vs GoDaddy: Setup & page editor

(Image credit: Squarespace)

Squarespace’s setup and editing process are both minimalist and visually appealing. With a Fluid Engine drag-and-drop editor, Squarespace offers real-time previews of your edits and even offers many AI features to improve your website. You get dedicated theme patterns, tons of templates distributed on an industry basis, and limited yet versatile font options to fulfill your brand’s persona. If you plan on running an online store, Squarespace has dedicated e-commerce themes and well-organized sections for payments, shopping carts, and products.

(Image credit: GoDaddy)

GoDaddy’s layout may be less visually appealing, but its editor is simpler than Squarespace's, particularly for non-technical users. With a guided walkthrough to set up your site, you can add pictures, design pages, etc., using the swipe-to-style editor both from your desktop or even your phone. Plus, GoDaddy Airo AI creates your website, logo, and more by just using details of your business. Likewise, once your ecommerce store is ready, you can upgrade to start selling and connect with top marketplaces like Instagram, Google, Etsy, eBay, Facebook, and Amazon.

My Verdict: Squarespace is perfect if you want a visually-driven, customizable setup, while GoDaddy is better for beginners who value ease of use and speed over advanced design and customization.

Squarespace vs GoDaddy: Ecommerce

(Image credit: Squarespace)

Squarespace lets you send invoices and sell content like online courses, videos, blogs, memberships as well as physical products. Further, you can use your own domain for checkout and connect with different Point-Of-Sale (POS) systems, helping create a seamless experience for your customers.

If you want to go all in with your store, Squarespace provides product reviews for your customers, features for selling your products and services on Facebook and Instagram, limited availability labels, and abandoned cart recovery. On high-tier plans, you get advanced options for shipping, discounts, and access to Commerce APIs.

(Image credit: GoDaddy)

With the GoDaddy Ecommerce plan, you can create dedicated websites to sell products. Just integrate your online store to add products and services, set up payment methods, manage shipping options and return policies, warranties, and guarantees.

Plus, you can highlight featured products, integrate Square, PayPal, and Stripe, and keep subscribers informed about sales, coupon offers, and online events along with email marketing tools. GoDaddy also lets you customize your online store with WordPress and WooCommerce integration.

My Verdict: Both platforms have extensive ecommerce features and support flat-rate, calculated, and free shipping, along with a range of third-party app integrations. In a nutshell, consider Squarespace if you want a neatly designed and stunning-looking online store and GoDaddy if you’re a beginner on a tight budget who just wants to get started with a simple yet effective ecommerce website.

Squarespace vs GoDaddy: SEO tools

When it comes to SEO, both Squarespace and GoDaddy let you edit tags and meta descriptions, add image alt text, customize URLs, and access keyword support. But there are a few things to consider.

Squarespace site comes with a site map using the .xml format, so you don't need to create one manually. Squarespace also lets you add Meta Pixel & Ads for targeted advertising. Plus, you can explore keywords with time filters and access an SEO Checklist making optimizing your site a breeze..

On the other hand, GoDaddy has a step-by-step wizard that guides you through optimizing your homepage, and if you've used it before, you can revisit tasks to refine any page, blog post, or image. Similarly, you can track your site's performance using Google Analytics and return to optimize further as needed.

My Verdict: While Squarespace comes with an integrated sitemap and Meta Pixel for users who prefer simplicity, GoDaddy’s SEO wizard provides a more guided, step-by-step approach for beginners. Since both offer quite basic SEO tools, you can try their free trial to see which one suits your business better.

Squarespace vs GoDaddy: Verdict

Both Squarespace and GoDaddy are solid website builders, but they cater to different needs. GoDaddy is the cheaper and faster option, perfect for those who want to get online quickly without fussing over too many details. It’s great for beginners with its straightforward email marketing process and essential features at an affordable price. GoDaddy’s guided approach is ideal for those who want to get things up and running with minimal hassle.

Squarespace, while more expensive, excels in aesthetics and creative control. Its beautiful templates, drag-and-drop editor, and powerful tools like built-in SEO and automatic sitemaps make it a top choice for creatives, artists, and anyone wanting to build a visually stunning online presence. A generous student discount also makes it a great option for young entrepreneurs and creators looking to save while building something professional.

In the end, if speed, simplicity, and cost are your main concerns, GoDaddy wins. But if you're after elegance, customization, and appealing aesthetics, Squarespace is a better choice.

The Apple Intelligence release date has been leaked, and when Apple said its AI features would arrive in October, it meant… Late October.

According to top insider Mark Gurman in Bloomberg’s Power On newsletter, Apple Intelligence’s first wave of AI features will be coming to iPhone, iPad, and Mac on October 28, more than a month after the iPhone 16 and iPhone 16 Pro launch.

Apple Intelligence arrives as part of iOS 18.1 and will be accessible on a small selection of the best iPhones including the iPhone 16 lineup and the iPhone 15 Pro and iPhone 15 Pro Max. iPhone 15 users will sadly miss out on Apple’s first venture into the world of AI.

While October 28 will see the arrival of Apple Intelligence, it only spells the start of Apple’s AI rollout. This first batch of Apple Intelligence features will include Writing Tools for proofreading and rewriting, Smart Replies to quickly reply to messages, Notification Summaries, Clean Up in Photos, and a redesign of Siri.

A new era

(Image credit: Future / Apple )

Other features like ChatGPT integration, Genmoji, and Image Playground are expected to arrive with iOS 18.2 before the end of the year with Siri’s major Apple Intelligence overhaul due around March 2025.

Apple’s AI rollout has been met with some skepticism considering the iPhone 16 lineup is currently on sale advertised as the ‘first iPhone built from the ground up for Apple Intelligence.’ By the time early adopters finally get their hands on Apple Intelligence, the phones will be over a month old, despite all of Apple’s marketing heavily focused on AI.

It’s also worth noting this October 28 release date will only be for US English, users in the UK who don’t want to change their device language will need to wait until later this year to use Apple Intelligence and EU iPhone owners might not be getting AI features at all.

Our iOS 18.1 Apple Intelligence hands-on will give you all the information you need on what to expect when Apple AI finally becomes available later this month. You can also check out our iPhone 16 Pro review for early impressions on Apple Intelligence.

You might also like...

• The Apple Intelligence release date is a big deal
• iPhone 16 review
• My parent's iPhone 14 Pro Max phones are not getting Apple Intelligence

The number of attacks targeting critical infrastructure, banking and financial services, government and utilities sectors across Europe and the Middle East has increased 55% in the last four years, new research has claimed.

Distributed Denial of Service (DDoS) attacks are particularly worrying, rising by almost a third (30%) in the first half of 2024, compared to the same peiod in the previous year, to a new cybersecurity paper published by NETSCOUT SYSTEMS.

Based on DDoS attack data harvested from 216 countries and territories, 470 vertical industries, and over 14,000 ASNs, the paper argues that hacktivists are one of the key groups to be blamed for the increase in attacks.

Widespread disruptions

With the emergence of the Zergeca botnet, the number of bot-infected endpoints rose by 50%, the researchers further explained, adding that the “continued evolution” of the DDoSia botnet, used by a group called NoName057(16), also played a pivotal role.

The attacks resulted in “widespread disruptions”, NETSCOUT concluded, adding that industries were affected on a global scale. “Service slowdowns or outages can cripple revenue streams, delay critical operations, hinder productivity and significantly elevate organizational risks,” they concluded.

The researchers also added that more than 75% of newly established networks have been involved in DDoS attacks, both as targets, or as unwilling attackers, in the first 42 days of their inception. When splitting off a part of a network to a new ASN, organizations need to keep DDoS protection in mind, NETSCOUT says, adding that assuming automatic protection from upstream service providers can only lead to trouble.

“Hacktivist activities continue to plague global organizations with more sophisticated and coordinated DDoS attacks against multiple targets simultaneously,” said Richard Hummel, director of threat intelligence at NETSCOUT. “As adversaries use more resilient, take-down-resistant networks, detection and mitigation are more challenging. This report gives network operations teams insights to fine-tune their strategies to stay ahead of these evolving threats.”

More from TechRadar Pro

• The largest ever DDoS attack has just been blocked - here's how it was done
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Rapidly falling rates means now's the time to lock in a high APY.

2024 might have heralded the new Samsung Galaxy Ring and the long-awaited Oura Ring 4, but a new report says that tech giant Apple isn't planning to join the fellowship anytime soon.

Patents and rumors of an Apple Ring have been swirling for years and the popularity of other discrete fitness trackers on the market makes the industry an enticing proposition.

However, top Apple insider Mark Gurman says that Apple isn't working on one right now, and doesn't have plans to start anytime soon.

Writing in the paywalled email version of his Power On newsletter this week, Gurman revealed that "Apple isn’t actively developing a ring and has no plans to launch one."

But why would Apple pass on the chance to release an innovative new product in an emerging market? There's one simple reason – Apple Watch.

Apple is keeping fitness on the wrist, for now...

(Image credit: Future)

As Gurman notes, introducing an Apple Ring "would detract from the Apple Watch." He reveals that Apple has "no reason to cannibalize a product that still has room to grow and is the envy of the fitness-tracking industry."

While both Samsung's Galaxy Ring and the new Oura Ring 4 are impressive bits of kit, there's not a ton they offer over Apple Watch right now. Both types of device feature broadly similar fitness and health features such as exercise tracking, heart rate monitoring, sleep tracking, and more.

While a ring might be a more discrete bit of kit than the best smartwatches on the market, it's an extra for most people who likely already wear a watch of some description.

The Samsung Galaxy Ring and the Oura Ring 4 also both cost broadly the same as an Apple Watch Series 10, but the latter delivers a more immersive experience thanks to its touchscreen display and features like music playback, calls and messages, and more.

It's possible that smart rings and other more discrete devices could one day surpass the smartwatch as the king of fitness tracking and wearable tech, but right now it seems Apple doesn't have any intention of upsetting its growing smartwatch business.

You might also like

• Best smart ring 2024: Samsung Galaxy Ring, Oura and other alternatives
• I spent 24 hours with the Samsung Galaxy Ring, and it's scarily good so far
• I tried wearing an Oura smart ring and might never go back – but it can’t replace my Apple Watch

Apache's HTTP Server is a critical component for hosting web applications worldwide. Recently, two significant vulnerabilities CVE-2024-40725 and CVE-2024-40898 have surfaced, raising alarms across industries.

These vulnerabilities present a severe risk to organizations that rely on Apache HTTP Server especially the systems using versions 2.4.0 through 2.4.61. There are over 7.6 million instances exposed to potential attacks, experts have said.

According to a recent report from CYFIRMA, while CVE-2024-40725 affects the mod_proxy module of the Apache HTTP Server, CVE-2024-40898 targets the mod_ssl module.

HTTP request smuggling & SSL authentication bypass

HTTP Request Smuggling attacks see an attacker send multiple crafted HTTP requests, which the server misinterprets due to its flawed handling of HTTP headers. The attacker exploits this misinterpretation to bypass security checks. In the case of CVE-2024-40725, the ProxyPass directive, when misconfigured, can make the server vulnerable to this type of attack.

When the ProxyPass directive is enabled with specific URL rewrite rules, it can lead to HTTP Request Smuggling attacks. Attackers can exploit this vulnerability to gain unauthorized access to restricted parts of the server, disclose sensitive information, or hijack active user sessions.

The CVE-2024-40898 vulnerability stems from improper SSL client authentication verification. If SSLVerifyClient is not configured correctly, attackers can bypass the SSL authentication mechanism. This allows them to access sensitive systems without requiring a valid client certificate thereby compromising the security posture of affected organizations.

The existence of PoC exploit codes for both vulnerabilities makes it easier for attackers to target organizations that have not yet applied the necessary patches or updated their configurations. These tools allow attackers to send specially crafted SSL requests to affected servers, which can lead to unauthorized access.

There are already discussions about these vulnerabilities on Dark Web forums, where hackers are actively sharing technical details, targeting information, and exploits, signalling a growing interest in exploiting these vulnerabilities in the wild. These discussions indicate that IP addresses of vulnerable systems are actively being circulated, heightening the urgency for prompt action.

These vulnerabilities present a high-level threat to organizations, making it imperative for system administrators to apply patch updates and review configurations immediately. Without proper mitigation, affected servers could become targets for exploitation, compromising both sensitive information and the integrity of critical systems.

To mitigate the risks, the first and most crucial step is to apply the latest patch by updating the Apache HTTP Server to version 2.4.62 or later. This update addresses both vulnerabilities, providing essential fixes to prevent exploitation.

Additionally, a thorough review of server configurations is necessary, particularly within the mod_proxy and mod_ssl modules. Ensuring that the ProxyPass directive and URL rewrite configurations are securely set up will minimize the risk of HTTP Request Smuggling, while properly configuring SSLVerifyClient will prevent authentication bypass attacks.

By deploying a Web Application Firewall (WAF), organizations can filter malicious HTTP and SSL traffic, providing an extra layer of protection against attack attempts. Moreover, conducting regular security assessments, including vulnerability scans, helps proactively identify and address any configuration issues or new vulnerabilities.

Organizations in sectors such as finance, healthcare, government, retail, and technology are particularly vulnerable due to the sensitive data they handle. Geographically, regions such as the United States, Germany, India, the Netherlands, and the United Kingdom are considered high-risk areas, given the widespread use of Apache HTTP Server in these locations.

More from TechRadar Pro

• These are the best firewalls around today
• This new keylogger uses Microsoft PowerShell scripts to quietly steal sensitive information
• Take a look at the best business VPNs

British Mountain Rescue workers have developed an automated drone system that can scour a landscape far quicker and more thoroughly than human eyes.

The past few years have been tough for the average consumer. According to the Bureau of Labor Statistics, consumer prices have risen by 3%, 5%, and 6% over the last three years. The consumer industry isn’t the only industry impacted either.

Just look at the world of enterprise tech, for example. In November of 2022 — back when the consumer price index was busy setting records of the worst kind imaginable — enterprise tech prices were quietly climbing at a rate 4 times higher than that of overall market inflation. What’s worse, this came at a time when organizations were setting records for average SaaS portfolio size. For a time, 1 in every 8 dollars spent by modern organizations went directly to SaaS costs.

Gathering Economic Storm Clouds Cast Towering Tech Stacks in a New Light

That is, until, some sudden economic headwinds caused the powers that be in the business world to second guess their towering tech stacks (and the eye-watering expenses associated with them). And so, today, we find ourselves in a period of “stack streamlining” — or, for those that view the situation with a bit more vitriol, “trimming the tech fat.”

No matter what you call it, it’s a wise move for most businesses to cast a critical eye on their SaaS expenditures. However, it’s important to remember that not all SaaS solutions are built equally. While some tools undoubtedly fall into the category of fluff, others are downright indispensable. Unfortunately, it’s not always readily apparent which applications fall into which categories.

That’s why, in this article, we’ll take a look at some tips for how to conduct a measured, effective tech audit; and also make the case for why almost anything in the cybersecurity space should be considered absolutely last on the list of expendable enterprise apps in today’s rapidly evolving cyber threat landscape.

As the Consumer Price Index Cools, Enterprise Tech Costs Continue to Climb

Back in 2022, when enterprise tech prices were busy blowing overall consumer inflation out of the water, the eternal optimists of the world were probably reassuring their peers that this would be a flash in the pan. However, over the ensuing 12-month period ending in November of 2024, nearly two-thirds (73%) of all SaaS vendors raised their prices even further, at an average year-over-year increase of over 12%. Worse yet, more than a few vendors made those double-digit price hikes look like modest adjustments. Webflow, for example, hiked the price of their flagship software by a jaw-dropping 23% in 2023 alone.

Although SaaS prices continued to outpace overall market inflation by more than 200% — the size of the average corporate SaaS portfolio reached an all-time high of over 370 applications. However, this highwater mark for enterprise SaaS adoption was short-lived.

Executives Call Bloated Enterprise Tech Stacks into Question

As you’ve probably already imagined, it didn’t take long for the average business decision-maker to look upon SaaS costs (along with practically every other source of capital expenditure) with a critical eye — and they weren’t exactly pleased with what they saw.

Just as SaaS portfolios were reaching all-time highs in size, another study from the same period revealed that less than half (44%) of companies’ SaaS applications were actually being regularly used by employees. At the same time, studies showed that the U.S. IT departments were wasting roughly $85B per year on bad tech. Due in part to revelations like these (along with other internal and external forces), by year’s end 2023, the average SaaS portfolio size had suddenly fallen in size by over 10% YoY.

As Your Business Considers Tightening Its Purse Strings, Beware Sacrificing Security Posture

In case you’ve missed it, the past few years have brought about some profound changes in the world of cybersecurity. With massive increases in advanced phishing attacks — such as business email compromise (BEC), spear phishing, and advanced social engineering — along with the arrival of generative AI, deepfakes, and a slew of other cutting-edge threats, CISOs and their teams are feeling the heat, to say the least.

In fact, in Splunk’s 2024 State of Security survey report, when asked what types of cyberattacks are most concerning, “AI-powered attacks” topped the list as the number one most anxiety-inducing type of attack. In the same report, 32% of respondents were most concerned about attackers using generative AI to optimize existing attacks, such as crafting more realistic phishing emails or refining malicious scripts. Another oft-cited concern is the possibility of less skilled, opportunistic hackers exploiting generative AI to drive a significant uplift in social engineering attacks — contributing to the 28% of respondents that worry that generative AI will help adversaries increase the volume of existing attacks.

While I’d argue that this is not the time to skimp on any form of cybersecurity, the fact that email still represents the number one threat vector, playing a role in upwards of 96% of all breaches today, if one slice of your security architecture must be prioritized it ought to be protecting your employees’ inboxes, and, increasingly, security professionals are coming to the conclusion that the only way to effectively fight these new, AI-enabled threats is by leveraging the adaptive intelligence of AI themselves.

Whether Budgets Are Set to Fall or Stall, Security Postures Will Be Put at Risk

As businesses look to assess the worth of various tools in their technology stacks, you will inevitably hear calls for compromise in the form of budget freezes — that is, rather than cutting budgets, simply freezing the current state of one’s stack in order to prevent any further cost increases.

While this may sound reasonable at first blush, not every part of your stack is in a position to be frozen in time. And that holds especially true in the field of cybersecurity. As we cited earlier, the modern threat landscape is changing at breakneck speed — with new, much more advanced (and often AI-enabled) attack types being discovered by the day. In such an environment, simply sticking with one’s legacy security solutions — such as secure email gateways (SEGs) — is often just as problematic as making active cuts; as these types of tools are fundamentally unfit to defend against today’s modern, AI-driven cyberthreats.

At the end of the day, the future of cybersecurity will be a battle between offensive and defensive applications of AI. And as of today, most security professionals are torn as to which side of the battlefield will emerge victorious. In the aforementioned State of Security Report from Splunk, just 43% of respondents felt that AI would benefit defensive capabilities the most, while 45% felt adversaries would win the day with AI. This marks an encouraging uptick from just eight months ago, where a similar report found only 17% of respondents thought AI would advantage defenders.

Strap In, CISOs: Cost-Cutting, Complacency Join AI on the Rapidly-Expanding List of Existential Threats to Organizational Cybersecurity

In 2020 and 2021 — just as remote work, endless Zoom meetings, and the use of sketchy public wi-fi networks at your local Starbucks were becoming facts of life — business leaders across the private sector recognized the very real and immediate need for increased investment in cybersecurity.

And so, for two triumphant years, double-digit budget increases became the norm throughout the field of cybersecurity. But, not for long. According to research from IANS and Artico, by 2023, the average cybersecurity budget increase had fallen to just 6%. And yet, for a sizable percentage of organizations, matters were even worse. In the same study, well over a third (37%) of survey respondents said their organizations’ cybersecurity budgets had either remained flat or were reduced in fiscal year 2023.

While we’ve most certainly seen purse strings tighten as of late, most of today’s analysts are forecasting that tech budgets will in fact continue to grow — rather than contract — over the next 12 to 24 months — albeit at slower rates than we’ve seen in the past.

Perhaps most importantly, cuts and freezes won’t be instituted uniformly across operations. That’s why, as cost-cutting initiatives continue to gain steam, it’s up to the cybersecurity community to make the case to leadership that their budget is one that simply cannot be skimped on — and leading vectors such as email should be bolstered at any costs.

And for those not well-versed in the art of internal advocacy, hopefully this article gives you a good place to start.

We've listed the best secure email providers.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Numerous leaks have suggested that the iPad mini 7 is fast approaching, with the most telling sign perhaps being the clearance of iPad mini 6 stock, and now we have a specific date for when Apple’s next mini slate might ship.

According to Mark Gurman, writing for Bloomberg, the iPad mini 7 could ship on Friday, November 1, following an announcement around the end of October. So in other words this tablet could be announced in just a few weeks, and ship in less than four weeks.

While we’d always take release date leaks with a pinch of salt, Gurman has a solid track record for reporting Apple information, and this isn’t the first time we’ve heard mention of an October Apple event.

So we’d say there’s a high chance this date is accurate – and if so it’s welcome news, as the iPad mini (2021) is long overdue a successor.

No sign of the iPad 11

If you’re interested in new models of other Apple tablets though you’ll probably have to wait until the first half of 2025, when Gurman says Apple might launch new 11-inch and 13-inch iPad Air models, along with the iPhone SE 4.

He makes no mention of new iPad Pro models, but with the iPad Pro (2024) having only landed this year that’s not too surprising. What is slightly more surprising is that there’s also no mention of the iPad 11, despite the current standard iPad model – the iPad 10.9 (2022) – being almost two years old.

So if you’re hoping for a new model in Apple’s base or high-end iPad lines, it looks like you might be waiting a while yet.

You might also like

• Best iPad: top Apple tablets to consider right now
• Apple event: every detail of the latest launch and what could be next
• iPad Air 13-inch (2024) review: the best bet for your big-tablet dreams

The official Android app for Kaspersky antivirus software have been removed from the Google Play app store in the latest blow for the company.

BleepingComputer notes the move appears to have happened over the weekend, with Kaspersky's developer accounts also disabled and removed following a recent ban by the US government.

"The U.S. Department of Commerce’s Bureau of Industry and Security recently announced a variety of restrictions on Kaspersky. As a result, we have removed Kaspersky’s apps from Google Play," a Google spokesperson said.

Kaspersky Android app removed

In a post on its official forums, Kaspersky said it was aware of the issue, and was investigating why its software is no longer available on Google's app store.

"The downloads and updates of Kaspersky products are temporarily unavailable on the Google Play store," a Kaspersky employee posted.

"Kaspersky is currently investigating the circumstances behind the issue and exploring potential solutions to ensure that users of its products can continue downloading and updating their applications from Google Play."

The company said users could still download its apps from alternative app stores, such as Galaxy Store, Huawei AppGallery, and Xiaomi GetApps, or install the apps by downloading the .apk installation file from Kaspersky's website.

The move is the latest problem to hit the security giant, which has faced mounting issues in recent months as it faces US sanctions following concerns over national security. The US has long argued Kaspersky software is at risk of being manipulated by the Russian government to hand over secrets and control of the computers, and ordered a full ban on the sale of its products earlier in 2024.

The Russian firm was added to the US Entity List, which comprises “foreign individuals, companies, and organizations deemed a national security concern,”, with a ban on the sale of Kaspersky products starting July 20, 2024.

Subsequent updates to Kaspersky software also ceased from September 29, but the company did offer free security products and safety tips to its customers for six months.

This was followed by further controversy in September 2024 when Kaspersky customers in the US found their antivirus software replaced without warning with a new solution called UltraAV.

More from TechRadar Pro

• These are the best firewalls around right now
• Kaspersky security tools hijacked to disable online protection systems
• Take a look at the best business VPN tools on offer

Deepfake technology is rapidly emerging as AI’s latest ‘Pandora’s box. No longer limited to producing parodic content of politicians (who’ll ever forget the Pope sporting Moncler?), we are now seeing generative AI being actively weaponized, from misleading political deepfakes, clickbait celebrity advertisements, to school children deep-faking explicit pictures of classmates.

As the capabilities of AI tools race ahead of regulation, many are growing concerned of the very real threat it poses. New legislation is coming in – but much of it is too narrow, or too vague to protect people comprehensively. And on the flip side, these new rules have implications that could easily catch out professionals trying to utilize generative AI in legitimate ways.

So, what legal protection in the UK currently exists around deepfake technologies, and what behaviors are prohibited?

The Varieties of Visage

First, it’s important to actually define what makes a deepfake, a deepfake. After all, similarities exist in nature – there’s the old adage that seven people in the world look like you - but to what extent of similarity are you protected by regulation – and where can you slip up as a business? A useful example is the 2019 ruling against vape company Diamond Mist. The business’ adverts included one with the strapline “Mo’s mad for menthol” accompanied by imagery of a male model with a bald head and thick eyebrows.

Mo Farah took to Twitter to complain about the potential confusion, concerned people would think he had endorsed the product. Ultimately, the Advertising Standards Agency (ASA) ruled that the advert did indeed gave a “misleading impression”: while ‘Mo’ is a common moniker, the model’s head and eyebrows were “reminiscent” enough of the athlete that viewers would associate it with Mo Farah as one of the most well-known figures in the UK by that name.

Herein lies the crux: while the image wasn’t a deepfake, it was similar enough to confuse viewers, and the same applies to deepfakes. If it’s misleading enough to confuse someone else, you have grounds to consider litigation.

Conversely, as a business, you need to consider all potential interpretations of imagery to ensure you can use generative AI without getting caught up in legal complications. Just because the stock gen-AI photo you’re using to head up a LinkedIn article seems generic, doesn’t mean it is. Voice, gestures, and context are all factors taken into consideration., but ultimately the question is: did it confuse viewers?

Current Legislation around Deepfakes

To date, there is no single piece of legislation within the UK that provides blanket protection against deepfakes. Instead, individuals are protected under an assortment of regulations depending on the nature of the deepfake.

Online Safety Act 

The Online Safety Act has one main provision against deepfakes. While it has been illegal to share intimate or explicit images of someone without their consent since 2015, the Online Safety Act has compounded this ruling to make it illegal to also share intimate AI-generated images of someone without their consent. Crucially, unlike the ruling about genuine intimate content, you do not need to prove that the creator intended to cause distress in the case of deepfake imagery, although it is considered a further serious offence if a sexual intention can be demonstrated. It’s vital to note that this ruling does not criminalize the creation of an explicit deepfake, only the sharing. The Online Safety Act is also primarily focused on removing offensive content; many are concerned that provisions will prove ineffective while the creation of intimate deepfakes continues to be unregulated, while perpetrators escape punishment.

Advertising Standards Agency 

The ASA steps in when advertisements contain misleading content. In terms of deepfakes, this mostly arises in the case of scam adverts or clickbait; it’s unlikely to affect everyday people, and those running businesses should know not to use celebrities, who have usually trademarked their likeness, gestures, and voice, for example.

More interestingly, however, is the grey area of similarity that deepfakes are set to exacerbate. One thing that the Mo Farah case particularly highlighted was that likeness doesn’t need to be identical, it just needs to confuse the viewer enough to create reasonable doubt. With generative AI drawing from copyrighted material, there is now a danger that businesses could accidentally infringe ASA regulations by using gen-AI output that is accidentally similar enough to real-life celebrities to cause confusion. Intent in this case isn’t relevant: all that matters is whether viewers have been misled, and it could land businesses in hot water with the ASA.

Civil Law

The final recourse for UK citizens is under civil law. While there is no specific legislation addressing deepfakes, individuals could seek recourse in the following situations:

• Privacy: a deepfake could be considered a violation of one’s right to privacy, especially if they are able to prove the creator used personal data to create it, which is protected under UK GDPR and the Data Protection Act 2018. 
• Harassment: multiple deepfakes with intent to cause alarm or distress could form the basis of a harassment suit 
• Defamation: if a deepfake has an adverse effect on one’s reputation by portraying them in a false or damaging way, there is the potential for a defamation case

In such cases, an individual would be best to seek legal guidance on how to proceed.

Future of deepfake legislation

So, where does legislation go from here? Hopefully, forward. The UK government took a considerable step back from the issue in the run-up to the election, but with the EU AI Act leading the way it’s likely we’ll see new regulation coming down the track soon.

The greater issue, however, is enforcement. Between the three bodies we’ve discussed above, the Online Safety Act, the Advertising Standards Agency, and UK civil law, all are centered on regulating output on a case-by-case basis. Currently, the UK has no regulation in place or proposals to input greater safety measures around the programs themselves. In fact, many are celebrating the lack of regulation in the UK following the EU AI Act, hoping it leads to a boon in AI industries.

Current strategies, however, remain inefficient. Victims require legal support to make any headway in cases, and creators continue to escape repercussions. Widespread control of technology is similarly impractical – one only need look at GDPR to get a sense of that. Efforts to do so, such as the EU AI Act, still fail to tackle the problem with open-source generative technologies remaining completely unregulated.

It appears that an independent adjudicator will be required – an Ofcom for AI – but how independent, or effective, this will prove remains to be seen. Let’s just hope that the new Government manage to strike some kind of balance between industry, personal protection, and business innovation.

We've listed the best business laptops.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Mylio has announced its new platform for personal, family, or business cloud storage needs.

Mylio SecureCloud is available with a base subscription starting at $11.98 per month for 2TB of storage, which the company hopes will make it an accessible option for a wide range of users, from individuals to small businesses.

For those already subscribed to Mylio Photos+, SecureCloud can be easily managed directly within the Mylio Photos app, but the company also provides complimentary personalized setup and backup guidance sessions to help users optimize their media management.

Offline access, fast search, privacy, and a unified library all in one package

Mylio SecureCloud provides offline access to all files, thus internet connectivity is not always needed, meaning it should come in handy for frequent travelers or professionals who need to access important documents or presentations during flights or in areas with limited internet access.

In addition to offline access, Mylio also offers a search tool that enables users to find specific files quickly and efficiently. It supports search with keywords, dates, or advanced features like AI SmartTags, which is designed to locate files across a user's entire media library in seconds.

All data stored within the service is protected by encryption, ensuring that only authorized users can access it, and Mylio SecureCloud ensures data is never used for advertising, AI training, or shared with third parties. For businesses handling sensitive documents, Mylio SecureCloud offers a secure environment for storing and transferring critical files between local devices and the cloud without losing their metadata or organizational structure.

Unlike many other cloud storage services, the platform does not force users to upload all their data to the cloud. Instead, it offers flexible syncing options that allow users to decide what data stays on local devices and what is stored in the cloud.

Powered by Backblaze, Mylio SecureCloud ensures fast and efficient data synchronization. Users can upload high-resolution photos or large video files, ensuring that media is always backed up and available when needed. Moreover, quick recovery options are available in case of data loss or device failure. Media libraries can be accessed across multiple devices and operating systems, including iOS, Android, macOS, and Windows.

More from TechRadar Pro

• Want to transfer your files 9x faster than WeTransfer?
• Take a look at our roundup of the best business VPNs
• These are the best cloud backup solutions around

Here are some hints, and the answers, for the Oct. 7 Strands puzzle, No. 218.