TechRadar News

CrowdStrike, a global leader in endpoint security, incident response and cybersecurity, recently deployed an update to its Falcon sensor for Microsoft Windows systems. This update, designed to enhance the detection of novel threats, inadvertently caused significant malfunctions in the Windows operating system, leading to widespread crashes and system instability.

Notably, Mac and Linux operating systems were unaffected by this issue.

What happened?

Despite concerns, it’s important to clarify that this incident was not the result of a hack, security breach, or malicious attack. Here are three key factors that led to the CrowdStrike chaos:

Faulty internal update: The problem stemmed from an internal update error rather than external tampering.

Elevated privileges: As security software, CrowdStrike Falcon has high privileges and integrates with the Microsoft Windows kernel.

Global impact: The impact was particularly severe because CrowdStrike’s software is deeply integrated into critical infrastructure across large corporations and government agencies.

This integration, while essential for detecting and neutralizing high-level threats, also meant that when the faulty update was rolled out, it led to immediate and widespread disruptions.

The impact

CrowdStrike is widely used among enterprises and state, local and federal government agencies, so the scale of the disruption was enormous. Delta Airlines, for instance, has engaged high-profile attorney David Boise as they face potential losses exceeding $300 million due to the incident. While many other organizations of similar size recovered within hours, Delta experienced prolonged operational disruptions lasting several days, sparking industry debate over whether the fault lay with CrowdStrike’s update or Delta’s recovery plan and preparedness.

This incident triggered what may be the largest technology outage on record to date, caused by a misconfiguration or bug, with estimated damages reaching into the billions — and that figure continues to climb. The fallout was massive, thousands of flights delayed or cancelled, halting reservation systems worldwide, and causing a cascade of global disruptions. At least 8.5 million computers were affected, leading to unprecedented operational chaos

It is indeed ironic that CrowdStrike, a company renowned for its expertise in incident response, found itself at the center of such a significant episode. This event underscores the complexities and challenges even the most well-regarded firms can face, as well as the recovery plans and response preparedness.

CrowdStrike’s response

In the face of this unprecedented incident, CrowdStrike responded with prompt and decisive action. The company swiftly deployed a fix to address the issue and subsequently released a statement outlining a series of commitments aimed at preventing a recurrence. While the list of actions was thorough and comprehensive, much of it aligned with existing industry-standard practices. However, CrowdStrike notably pledged to revise its update deployment processes, a critical change expected to enhance the reliability and safety of future updates.

Observations and lessons learned

The CrowdStrike outage serves as a reminder for all size organizations to review their processes and ensure steps are in place to help mitigate the impact of future incidents. Not only having a plan, but have it tested for functionality.

Among steps for action that organizations need to have set are:

1. Ensure Robust Backup and Disaster Recovery Plans: Seems simple, but it's crucial to have well-defined backup, business continuity, and disaster recovery plans in place. Equally important is the regular testing of these plans through actual walkthroughs to ensure they function effectively when needed.

2. Be Cautious with Privileged Software: Any software with privileged access to your systems can potentially cause significant disruptions. While this incident was not a security breach, it serves as a stark reminder that even security tools can introduce vulnerabilities. Security tools, like any other software, can be a source of breaches or downtime, as demonstrated by this incident with CrowdStrike.

3. Maintain Heightened Vigilance During Outages: Large-scale outages create an attractive opportunity for attackers. Amid the noise and disruption, malicious actors can easily slip in undetected and steal data. It is essential to maintain heightened security awareness during such events to prevent opportunistic exploitation.

4. Avoid Knee-Jerk Reactions: While the instinct may be to switch vendors after an incident like this, it’s important to proceed with caution. Quick, unplanned changes can lead to even bigger problems. Any transition to a new vendor should be approached as a phased project, not an overnight swap. This is especially critical for organizations handling sensitive data, such as those involved in national security.

In conclusion, the CrowdStrike incident highlights the importance of robust systems, cautious planning, and the readiness to respond to even the most unexpected challenges.

This has become a reminder that in the realm of cybersecurity, even the leaders in the field are not immune to significant disruptions, nor are they immune from causing them – but being ready for when these may happen may be the difference between swift resolution and loss of business.

We've featured the best IT Infrastructure management service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

AI has significantly enhanced the capabilities of cybersecurity systems by enabling more sophisticated and proactive defense mechanisms. The ability of AI systems to learn from vast datasets and adapt to new threats in real-time has created a more dynamic and resilient security environment. By continuously analyzing patterns and anomalies, AI can identify potential threats more accurately and efficiently than traditional methods.  

This technological leap forward has made it possible to prevent cyber-attacks before they can cause significant damage. For example, AI-powered security solutions like Darktrace use machine learning to autonomously detect and respond to cyber threats across digital environments, stopping potential breaches in their tracks. Similarly, IBM’s Watson for Cyber Security analyses vast amounts of data and cross-references it with known threats, helping security teams quickly identify and mitigate risks. 

However, with these advancements come two major concerns. The first is the safety of AI design and coding. It is crucial to ensure that AI systems are developed with robust safety protocols to avoid errors and unintended consequences. Poorly designed AI can lead to security vulnerabilities that malicious actors could exploit. For instance, in 2020, the Clearview AI facial recognition system, which was used by law enforcement agencies, faced a massive data breach due to poor security practices, exposing sensitive information to potential misuse. Therefore, the development of AI must prioritize safety and error prevention to protect human users and systems. 

The second concern revolves around control and oversight. As AI systems become more autonomous, understanding who controls these systems and their capacity to be switched off in emergencies becomes increasingly important. The potential misuse of AI, especially in cybersecurity, poses significant risks. For instance, if an AI system were to fall into the wrong hands, it could be used for malicious purposes, such as launching cyber-attacks or manipulating information. 

These challenges underscore the need for a comprehensive approach to cybersecurity that includes AI security. The focus must extend beyond technical aspects to encompass the human impact and safety considerations. Governments worldwide have recognised the implications of AI in cybersecurity, leading to numerous AI safety summits, such as the one held at Bletchley Park in 2023. These events highlight the growing awareness and urgency to address AI’s role in cybersecurity. 

Highlighting the role of quantum computing

As we look to the future, the convergence of AI and quantum computing is set to bring about even more significant changes to the cybersecurity landscape. Quantum computing, which harnesses the principles of quantum mechanics, has the potential to process information at unprecedented speeds. Although quantum computing is still in its early stages and not yet commercially viable, this is likely to change as major corporations like IBM continue investing heavily in its development. With these advancements, quantum computing could revolutionize cybersecurity by enabling AI to analyze data and solve complex problems faster than ever before. However, even with today's advanced computing power and global networks, ensuring AI safety remains a primary concern. 

One of the most current concerns is the potential for quantum computers to render current encryption methods obsolete. This could open the door for malicious actors to decrypt sensitive data, including financial transactions, intellectual property, and national security secrets. As a result, there's a growing urgency to develop quantum-resistant cryptographic algorithms that can withstand the computational power of quantum machines. Therefore, the focus on safety and regulation must remain a priority as we navigate this new frontier. The potential impact of quantum computing on AI and cybersecurity is immense, but it also highlights the need for ongoing vigilance and adaptation. As AI systems become more powerful, the cybersecurity industry must evolve to keep pace with these developments, ensuring that robust defenses and ethical considerations are in place. 

The need for greater cohesion and maturity in the industry 

Given the rapid advancements in AI and the potential threats they pose, the cybersecurity industry must develop greater cohesion and maturity. This need extends to all aspects of cybersecurity, from online safety and the defense of critical national infrastructure to the development of offensive capabilities. To achieve this, there must be a strong partnership between governments, international regulators, and big data companies. This collaboration should prioritize the greater good over profit, ensuring that cybersecurity measures are comprehensive, effective, and aligned with ethical standards. 

The threat of cyber warfare, where AI is used as a weapon, highlights the urgent need for stronger regulations and controls. In the UK, this is particularly important as we continue to face growing cyber threats from both state and non-state actors. As AI technology advances, there is also the potential for it to reach a point where it could make decisions without human input, known as singularity. If we do not establish clear guidelines and oversight now, the misuse of AI in cybersecurity could lead to disastrous outcomes, including large-scale data breaches, infrastructure attacks, or other harmful actions. Ensuring proper regulation is crucial to protect the UK's digital infrastructure and its citizens from these evolving threats. To foster greater cohesion and maturity in the industry, stakeholders must work together to develop and enforce legislation and controls that address the unique challenges posed by AI and cyber threats. This includes creating frameworks for international cooperation and establishing norms for the ethical use of AI in cybersecurity. Events such as the National Cyber and AI Awards play a crucial role in promoting industry standards by recognizing companies and individuals who demonstrate excellence and innovation in cybersecurity and AI. Such awards not only celebrate achievements but also encourage the development of best practices and the sharing of knowledge across the industry, helping to drive progress and foster a culture of responsibility and collaboration. 

Challenges of regulating a fast-moving sector 

Regulating the rapidly evolving AI and cybersecurity industry presents several challenges, particularly given its global nature and the diverse interests of various stakeholders. Geo-political considerations often complicate efforts to establish uniform regulations, as different countries may have varying priorities and approaches to AI and cybersecurity. This lack of consensus can hinder progress and leave gaps in the global security framework. 

In addition, as we progress through the digital revolution, the absence of regulation can lead to AI being used for economic gain, political power, or as a disruptive force. For example, without proper oversight, AI could be exploited to manipulate markets, influence elections, or even launch cyber-attacks against critical infrastructure. 

Another significant challenge lies in the ethical implications of AI, particularly in areas like bioengineering, where AI is used to enhance physical and mental capabilities. As we integrate AI into our bodies and minds, the ethical considerations become even more complex. In the midst of this, it is vital to ensure that these technologies are used responsibly and do not compromise our independence or well-being. 

To address these challenges, the industry must prioritize regulation and ethical considerations alongside technological advancements. This includes fostering international cooperation to develop standards that ensure the responsible use of AI in cybersecurity. By doing so, we can mitigate the risks associated with rapid technological change and create a safer, more secure digital future. 

Looking at the future  

As we navigate the rapidly evolving landscape of AI, it is crucial to prioritize safety, regulation, and ethical considerations. By fostering greater cohesion and maturity in the industry and addressing the challenges of regulation, we can harness the full potential of AI while safeguarding against its risks. The future of cybersecurity depends on our ability to adapt and innovate responsibly, ensuring that AI serves as a force for good in the digital age.

We've featured the best IT infrastructure management service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Britain’s nuclear regulator has fined the largest UK nuclear power facility £332,500 for "persistently" breaching security regulations which left IT systems vulnerable.

The instances occurred between 2019 and 2023, and although the Office for Nuclear Regulation (ONR) say there is no evidence the vulnerabilities were exploited, cybersecurity shortcomings left the facility exposed to potential loss of data and unauthorised access.

Sellafield’s reactor was shut down in 2003, but nuclear materials are still stored and plutonium is handled at the site, including a range of facilities for waste storage and processing.

All cleaned up

The site pleaded guilty to three criminal charges over the failings.

The shortfalls included failing to carry out annual security checks, which the company attributes to “sector-wide difficulties recruiting suitably qualified staff”. Since the ruling, Sellafield has made "significant improvements" to its systems and structures to ensure public safety.

A successful attack could have come in the form of a phishing campaign or a malicious insider which could have damaged facilities or disrupted operations. It was previously reported that Sellafield was breached by Russian and Chinese hackers, but both the site and the UK government have denied this.

"Failings were known about for a considerable length of time but despite our interventions and guidance, Sellafield failed to respond effectively, which left it vulnerable to security breaches and its systems being compromised.” said The ONR's Senior Director of Regulation Paul Fyfe.

Secretary of State for Energy, Ed Miliband previously commented on news that contractors could access the site network unsupervised as a “very concerning report about one of our most sensitive pieces of energy infrastructure”.

Whilst the regulator found no evidence of harm from the cybersecurity shortfalls, the site is said to be taking the charges "very seriously", which it says is reflected in the guilty plea.

Via BBC

More from TechRadar Pro

• Check out our pick of the best malware removal software
• This AI-powered malware has evolved to add image recognition
• Take a look at our best endpoint protection software choices

Spooky season is here – and, to celebrate October's arrival, the world's best streaming services are primed to deliver frights aplenty over the next four weeks.

Some aren't hanging around, too, with the likes of Netflix and Max providing some early terrifying treats to stream this weekend. But, if you're not a horror aficionado, there are plenty of other less scary recommendations on this list, including the returning of two fan-favorite shows. So, whether you're ready to get your scream on or not, we're confident you'll find something worth watching over the next few days. Enjoy!

Heartstopper season 3 (Netflix)

Heartstopper has taken the world by storm and it's easy to see why. This coming-of-age story tackles all sorts of tricky themes like LGBTQ+ representation, self-discovery, mental health, and more, so it's been refreshing to see a story like this do so well.

There are some great guest stars in season 3 too, like Marvel alumnus Hayley Atwell, who plays Nick's aunt, and Bridgerton's very own Jonathan Bailey having a cameo as an author. As well as the series regulars, then, we've got some huge new names to fall in love with again in one of the best Netflix shows' latest chapter. Just make sure you've got plenty of tissues to get you through season 3 as it's another emotional one!

Lucy Buglass, senior entertainment writer

• Watch Heartstopper season 3 on Netflix

The Legend of Vox Machina season 3 (Prime Video)

It's hard to believe it's been nearly two years since The Legend of Vox Machina last graced our screens. But, with the underappreciated Prime Video R-rated animated series' third season out now on the streaming giant, I'm ready to be reunited with the titular gang of misfits as they embark on more hilariously gross and heart-poundingly dramatic adventures.

Picking up after the show's season 2 finale, the group known as Vox Machina continue their quest to end the tyrannical rule of the Chroma Conclave – aka the seemingly unkillable dragons that currently rule Emon with an iron fist. Judging by season 3's official trailer, one of the best Prime Video shows is not only going to scratch my adult animated show itch again, but have me shouting at everyone (who'll listen, anyway) that they're missing out on an utterly fantastic series. Give it a whirl, why don't you?

Tom Power, senior entertainment writer

• Watch The Legend of Vox Machina season 3 on Prime Video

Salem's Lot (Max)

Stephen King novels been adapted multiple times down the years, including Salem's Lot, which has just been remade by Max. Previously, I was thrilled to see Salem's Lot 2024 had kept one integral detail and it does look like it's staying faithful to the source material in many ways, which is always a recipe for a great adaptation. The King of Horror has also stated he's happy with the overall product but, based on its early critical reception, it seems many don't agree with them.

Anyway, this is the perfect movie to kick off your countdown to Halloween, in my opinion. Salem's Lot has everything you could want from a classic horror flick – creepy houses, even creepier vampires, and a brooding writer returning to his strange hometown. Maybe it'll be among the best horror movies you'll stream this year? I'm sure you, rather than King himself, will be the judge of that.

Lucy Buglass, senior entertainment writer

• Watch Salem's Lot on Max

It's What's Inside (Netflix)

It’s What’s Inside is one of 2024's most-anticipated new Netflix movies – and with good reason. After the buzz it gleaned following this year's Sundance Film Festival, which took place in January, Netflix forked out $17 million for the rights for this psychological horror-thriller from Greg Jardin, who's mainly known for independent films.

The neon laced trailer gives off similar vibes to A24's Bodies Bodies Bodies in that its group of young adults are in an opulent estate, before a wedding they're all due to attend, and play a game that soon gets out of hand. It sounds like a wild ride and I can't wait to get onboard to find out if it'll deserves to be included in our best Netflix movies guide.

Amelia Schwanke, senior entertainment editor

• Watch It's What's Inside on Netflix

The Franchise (Max)

Some of my favorite movies and shows are parodies. From Mars Attacks! poking fun at Independence Day, to Shaun of the Dead’s playful pun on Dawn of the Dead, I do love a comedic twist on films that take themselves a bit too seriously. Spoofs are even better, with the likes of Cabin in the Woods putting a spin on horror flicks and now The Franchise, which aims to pick apart the best superhero movies and their less esteemed genre cousins.

But, it's not just a critique on the sub-genre. The new series also takes aim at the entertainment industry, just like Extras and Episodes did before it. Looking at the trailer and what I've read of the plot, the new comedy series pokes fun at Hollywood superhero movies like the MCU and follows a filmmaking crew as they try to make the next big screen hit. It comes from the talented minds of Jon Brown (Succession), Armando Iannucci (The Death of Stalin) and Sam Mendes (Skyfall), so it has the potential to be one of the best Max shows.

Amelia Schwanke, senior entertainment editor

• Watch The Franchise on Max

Hold Your Breath (Hulu/Disney Plus)

Now I'm not a horror fan, but if it has the legendary Sarah Paulson in it, I can't help but tune in. With spooky season upon us, Hold Your Breath (out now on Hulu and Disney Plus) could be the perfect watch to gear up for Halloween, too. Paulson stars as Margaret, a mother bringing up two young daughters in 1930s Oklahoma. Haunted by the past, she descends further into madness as she becomes convinced that a mysterious presence in dust storms is threatening her family and takes desperate measures to protect them.

After seeing Paulson in Bird Box, Ratched, and Run, I have no doubt that she'll put on a terrifyingly good performance in Hold Your Breath. But, we'll have to wait and see if it makes it onto our best Hulu movies and/or best Disney Plus movies lists.

Grace Morris, entertainment writer

• Watch Hold Your Breath on Hulu (US) and Disney Plus (internationally)

Love Is Blind season 7 (Netflix)

After watching Love Is Blind UK, I can't wait to watch Love Is Blind season 7. This time, 29 singles from Washington DC are braving the pods in a bid to find ever-lasting love without ever seeing each other.

However, as emotional connection attempts to conquer physical attraction, sometimes the unusual experiment doesn't work for everyone (although there has been several marriages and two babies produced from the show), and this often leads to drama, love triangles, secrets, and heartbreak. As a reality TV fan, I can't help but love it!

Grace Morris, entertainment writer

• Watch Love is Blind season 7 on Netflix

For more streaming recommendations, read our guides on the best Disney Plus movies, best Hulu movies, best Prime Video movies, and best Apple TV Plus shows.

Renault is, quite predictably, set to make a fairly big splash at the upcoming Paris Motor show, revealing the retro-futuristic Renault 4 and this - an eco-friendly hydrogen hybrid sent from the future.

The Emblème (remember the accent over the e) differs from other hydrogen-powered vehicles that have come before it in so much as it uses a conventional rechargeable 40 kWh battery for everyday use and a hydrogen fuel cell for longer journeys.

Compared to something like the Toyota Mirai or the Hyundai Nexo, which both use tiny, sub-2 kWh batteries that are continuously charged by a fuel cell, Renault’s Emblème would rely on the larger battery packs for the majority of journeys.

To travel longer distances, the 30kW hydrogen fuel cell kicks in, running on low-carbon hydrogen stored in a 2.8kg onboard tank. According to the French brand, this would allow the car to cover a distance of up to 1,000km (621 miles) as rapidly as a combustion engine vehicle, seeing as the two hydrogen refuelling sessions required would take less than five minutes.

There is no word on top speeds for the handsome shooting brake, nor any other performance metrics for that matter, only that Renault is aiming for an overall weight of 1,750kg, including batteries.

(Image credit: Renault)

Instead, the French marque is using Emblème as a case study, exploring ways of further decarbonising its fleet as it hopes to achieve net zero carbon by 2040 in Europe and 2050 worldwide... and it's not just through a reduction in tailpipe emissions.

Life-cycle analysis of its own gas-powered Captur model revealed that it emits 49 tonnes of CO2 throughout its entire lifespan. This is factoring in material extraction from the earth, the production process, assembly and final transportation costs.

Its latest all-electric Megane E-Tech managed to slash that CO2 figure in half, to just 24 tonnes of CO2 emitted over an average life-cycle, where the vehicle is driven for 200,000km (around 124,000 miles).

Fast-forward to a time when Emblème is in production and the goal is to reduce CO2 by 90% - that’s just 5 tonnes over its equivalent lifecycle.

Analysis: Hydrogen is back on the menu

(Image credit: Renault)

Boasting rapid refuel times and a relatively simple filling process, hydrogen was once seen as a potential silver bullet among innovative automakers looking for an alternative to pure battery electric vehicles. After all, the only thing a hydrogen vehicle emits from its tailpipes is water.

However, there are still only 10 hydrogen refuelling stations in the UK, while the Department of Energy claims there are 59 retail hydrogen stations in North America. Bottom line is that’s nowhere near enough to support any form of mass adoption.

Both Toyota and Hyundai have been pushing forwards with hydrogen fuel cell technology, with the South Korean giant particularly focussed on decarbonising commercial trucks with its XCIENT fuel cell heavy goods vehicle, as well as applications for buses.

Similarly, BMW, Honda and Mazda have all either stated their continued commitment to the technology or have actively revealed hydrogen-powered concept cars in recent years.

The technological breakthroughs that these companies have made in recent years could well see a rekindling of love for hydrogen as a fuel source by the world’s biggest automakers.

If the sticky issue of a reliable network can be navigated, it effectively offers all of the benefits of an electric vehicle, without the range anxiety and lengthy charge times. 

However, there is still much debate about how clean hydrogen actually is, seeing as it has to be manufactured. Unless it comes from comes from wind, solar or any other carbon neutral sources, that process requires energy, often from natural gas.

you might also like

• BMW, Honda and Hyundai all still think hydrogen cars are the next big thing – here's why
• Mazda’s Iconic SP concept is a rotary-engined hybrid that could run on hydrogen
• Ten months after its release, the Tesla Cybertruck is finally getting Full Self Driving capabilities

Developer Electronic Arts has revealed a brand new expansion pack for The Sims 4, which will launch on October 31, or Halloween. The downloadable content (DLC) focuses on the suitably macabre topic of death and ghosts.

Titled Life & Death, this expansion pack aims to flesh out the life simulator’s death mechanics. New additions include the ability for your sims to create a bucket list, with goals that they wish to achieve before death. Sims with items left on their bucket lists will be able to return from the dead as a ghost, potentially getting a second chance to complete their unfinished business before moving on or being reborn.

The DLC will also change how sims grieve, with four types of grieving that relate to their personality types and any relationships with the deceased. You finally get the ability to create a will, which can determine how heirlooms or money are passed down and how dependents will be treated.

There’s a new career included too, which sees you taking on the role of a grim reaper and assisting in the reaping of departed souls plus dealing with hauntings. It sounds like a lot of fun, though may end up being a little too similar to the existing Paranormal Investigator career found in the The Sims 4 Paranormal Stuff Pack for some.

Of course, no The Sims 4 expansion pack would be complete without a new town. Life & Death adds Ravenwood, a three-neighborhood town with quite varied environments. There’s a creepy countryside, grim cemetery, and haunted bog to explore. It all looks great from early screenshots and, as a big fan of the similarly spooky Moonwood Mill from the Werewolves game pack, I’m definitely on board.

The Sims 4 Life & Death is currently up for pre-order on PC at the usual expansion pack price of $39.99 / £34.99. Those who purchase it before December 12 will net the Lasting Legacy Family Portrait, Mournful Melodies Music Box, and Plumed Elegance Mask items as a bonus.

It will be available on all the platforms where The Sims 4 is currently playable, which includes PC, Xbox One, and PlayStation 4. That's on top of Xbox Series X, Xbox Series S, and PlayStation 5 via backwards compatibility.

You might also like...

• How to pick the best Sims 4 expansion pack
• A new The Sims mobile game has appeared - and no, it's not The Sims 5
• Latest Sims Project Rene leak suggests an experience more like The Sims Mobile than fans might expect

Linux systems are being targeted by a dangerous new malware that can serve as a loader, a proxy, and a cryptocurrency miner.

Called Perfctl, the malware was recently spotted by cybersecurity researchers from Aqua Security, who claim it has been around since at least 2021, and has so far infected thousands of Linux endpoints. There are two main ways threat actors deploy Perfctl - either by exploiting thousands of possible misconfigurations, or by abusing a 10/10 vulnerability discovered last year.

Misconfigurations can be pretty much anything, from weak passwords to anything else. As for the vulnerabilities, the researchers saw CVE-2023-33426 being abused. This is an out-of-bounds read flaw with a severity score of 10/10, found in the messaging and streaming platform Apache RocketMQ.

Proxy and loader

Once the malware is deployed, it goes the extra mile to remain hidden, and persistent, leaving users Reddit complaining they were unable to remove the malware from their devices, even after deleting multiple components.

When it works, Perfctl can do a number of things. Its most prominent feature seems to be mining cryptocurrency for the attackers. However, it can also serve as a proxy for a commercial service, with other crooks paying to have their traffic routed through these devices and thus anonymized. Finally, the malware can serve as a loader, to deploy other programs as necessary.

So far, the researchers have not determined who is behind the attack, or what their end goal is. They added that while the number of infected devices is in the thousands, the number of potential targets is in the millions - suggesting that Linux system operators should be on the lookout for potential indicators of compromise.

Via Ars Technica

More from TechRadar Pro

• This sneaky Linux malware went undetected for years, and is using all-new attack tactics
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now

Yes, you read that right. Basketball superstar turned entrepreneur and rapper Shaquille O’Neal is the latest in the long line of Fortnite celebrity tie-ins with not one, but two Shaq-inspired skins arriving in the game today.

The first of the skins is the Shaq (DJ Diesel) Outfit, which channels the look of his DJ Diesel alter ego. It’s available in two selectable styles, the regular version and the slick Festival Headliner variant. The skin can be further customized with a variety of accessory styles, including the ability to remove Shaq’s glasses or hat, and is also reactive. This means that it dynamically begins to light up as you rack up eliminations.

The second is the Super Shaq skin. As the name would suggest, this sees Shaq adorned with a superhero-like outfit. It is available in seven different colors. Both of these skins also have detailed Lego Fortnite counterparts.

Both skins are part of the new Shaquille O'Neal Set, which also contains the Ones N Twos and Shaq Shimmy emotes. There’s also the Shaq’s DJ Decks back bling, Super Shaq Shield back bling, Axe-Lifier pickaxe, and Shaq Attackers pickaxe. This is on top of the Shaqsleeves wrap, which applies a black and gold pattern to your chosen weapons. 

You can see some of these items in action in the newly released Fortnite X Shaquille O'Neal trailer.

Regarding the launch, Shaquille O’Neal himself said that “I conquered the court, rocked stadiums, and now it’s time to dominate Fortnite! Each chapter of my career has been about breaking boundaries and creating epic experiences through sports, music, and entertainment that bring people together.”

“Stepping into Fortnite is an exciting, new frontier for me that allows me to blend my love for music with the thrill of gaming,” he continued. “Get ready because I’m bringing the heat to the island!”

Fortnite is available now as a free-to-play title on PC, Xbox Series X, Xbox Series S, Xbox One, PlayStation 5, PlayStation 4, Nintendo Switch, and select mobile devices. Sony also recently revealed a Fortnite inspired DualSense Wireless Controller, with pre-orders live now.

You might also like...

• Fortnite Chapter 5 Season 5 release date and Season 4 ending
• Lego Fortnite's latest expansion adds a new Lost Isles map with five explorable biomes
• Best free games 2024: gaming fun at no cost

Cloudflare has claimed to have recently mitigated the biggest Distributed Denial of Service (DDoS) attack in history.

In a company blog post, Cloudflare outlined how, throughout September 2024, an unnamed threat actor targeted multiple customers in the financial services, internet, and telecommunication industries, among others.

Without naming any specific targets, Cloudflare said that the attack campaign targeted bandwidth saturation, as well as resource exhaustion of in-line applications and devices.

Bots across the world

The attack included “over one hundred hyper-volumetric L3/4 DDoS attacks”, many of which exceeded 2 billion packets per second (Bpps), and 3 terabits per second (Tbps).

A hyper-volumetric L3/4 DDoS attack is a type of DDoS attack targeting layers 3 (network) and 4 (transport) of the OSI model (framework that standardizes network communication). It overwhelms the target’s bandwidth or network infrastructure with massive amounts of traffic, often using techniques like UDP floods or TCP SYN floods. The goal is to exhaust the resources of the target system, making it unavailable to legitimate users.

Of all the attacks, one stood out - when it peaked at 3.8 Tbps. This is, according to Cloudflare, “the largest ever disclosed publicly by any organization.” It predominantly leveraged UDP on a fixed port, the company said, and originated from across the globe. The majority of the endpoints used in the attack came from Vietnam, Russia, Brazil, Spain, and the US.

Detection and mitigation was all automatic, Cloudflare says. It added that the key reason why it was able to tackle it was because the company has servers across the world, which essentially water down incoming botnet traffic.

Generally, DDoS attacks are done via botnets - vast networks of compromised endpoints such as routers, smart home devices, and similar. These attacks included traffic from MikroTik devices, DVRs, and web servers, as well as compromised ASUS home routers, which were likely exploited using a CVE 9.8 (Critical) vulnerability that was recently discovered by Censys.

Before this one, the largest-ever observed DDoS attack was 3.47 Tbps strong, and was mitigated by Microsoft in November 2021.

Via PCMag

More from TechRadar Pro

• This sneaky Linux malware went undetected for years, and is using all-new attack tactics
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now

The new Soundcore Liberty 4 Pro earbuds are here to take on the AirPods Pro 2 – and they have a very Apple-esque feature that the AirPods lack: a touch bar. Where Apple limited its touch bar to laptops and has since stopped using it, Anker's version is on its earbuds' charging case and hopefully has more staying power.

Anker isn't the first firm to put a screen in its earbud charging case – as we've written previously, JBL has converted us from cynics to enthusiastic charge-case screen supporters on the JBL Live Beam 3 – but its approach is nice and elegant: the screen itself isn't a touchscreen (it's actually inside the case but visible on the outside) but it's designed to work in conjunction with a slim touch-sensitive bar on the front of the case. 

The screen is fun, but of course, the best earbuds are about more than fancy features. And the specs here look impressive. 

Anker Soundcore Liberty Pro 4: key features and pricing

The Liberty 4 Pro earbuds have active noise cancellation courtesy of six microphones and a barometric pressure sensor to capture and isolate audio. The algorithm for the ANC is the third generation of Anker's audio tech and promises to adapt to your audio environment three times per second. Switching between noise cancellation and transparency can be done on the case's touch bar.

There's Bluetooth 5.3 with Fast Pair, support for the higher-quality LDAC codec, and the buds also offer multi-mode spatial audio. 

Playtime is up from the previous version to 10 hours / 40 hours with ANC off; with ANC on the buds still deliver 7.5 hours solo and 30 via the charging case, which is very competitive against the best noise cancelling earbuds.

As before, the bulk of the configuration is handled in the Soundcore app, which offers a new version of HearID to tailor the sound to your ears and an 8-band customizable EQ with multiple presets. 

In our Anker Liberty 3 Pro review, we liked the battery life and the ANC but weren't so keen on the fit or the touch controls; the new case should address the latter and hopefully the fit has been improved too.

The new Liberty 4 Pro comes in Glossy Light Blue, Glossy Black and White and will be available starting today on Amazon.com, Soundcore.com, and from select retailers for $129.99 in the US and £129.99 in the UK. Additional availability throughout Europe will be announced at a later date, and we don't have confirmation of an Australian launch at this time.

You might also like

• Xiaomi Buds 5 review: great-sounding cheap earbuds but sadly, there are issues
• Sony launches funky new LinkBuds earbuds with customizable cases – and a new Bluetooth speaker to match
• Edifier's awesome planar headphones tech is coming to noise-cancelling earbuds, and these could be special

Good news if you own one of the best Samsung TVs and are eager to get even more generative AI into your life: Samsung has announced that a bunch of AI features, plus the ChatGPT bot, are heading to the company's televisions in the future.

This news comes out of the Samsung Developer Conference (SDC) from SamMobile, and while details are a little thin on the ground at the moment – as you would expect from a developer conference – we do have some idea of what's coming.

At the show, Samsung emphasized an "AI for all" approach that involves getting AI just about everywhere. For TVs, that means more capabilities for the built-in Bixby assistant, in terms of searching for content and customizing on-board settings.

It sounds as though you'll be able to describe in more detail the sort of show or movie you're after, and Bixby will oblige. The smart AI-powered assistant is also getting more control over other smart-home devices too – as long as they're made by Samsung.

From phone to TV

Developers will get access to Samsung AI Cast first (Image credit: Samsung)

Samsung has also announced Samsung AI Cast, which makes it easier to get AI results from your Galaxy phone to your Samsung TV. Modern Samsung phones come packed with AI, and we can imagine generating text or images and then being able to quickly beam them across to a big screen.

We can also expect "an integration with ChatGPT" right from the Samsung TV home screen, as part of this Samsung AI Cast feature – so we're presuming that you'll be able to talk to ChatGPT on your phone and see the results on your TV.

Again, Samsung is a bit vague on the specifics – not least when these updates might start rolling out – but it gives you an idea of what's on the way in the next few months or so. You're certainly not going to be able to get away from AI anytime soon.

There was plenty of other news from SDC2024, including the announcement that One UI 7 – Samsung's take on Android 15 – would be making its way to users at the start of next year, most probably with the Samsung Galaxy S25. If you already own a Samsung phone, you might well be able to test the software before then.

You might also like

• Apple Visual Intelligence is already behind the curve
• ChatGPT's 'Canvas' is a new AI collaborator
• Gemini streamlines image sharing to AI assistant

Nvidia’s preparing to put a halt to production of another high-end Lovelace graphics card ahead of a double helping of next-gen Blackwell GPU launches - if the grapevine is correct.

This time it’s the RTX 4080 Super which is rumored to be set for discontinuation by Team Green, following recent rumors that this was the case with the RTX 4090 (and its counterpart for the Chinese market, the RTX 4090D).

Wccftech reports that Harukaze5719 on X spotted this speculation which comes via the Board Channels forum over in China, a regular source of rumors that filter down from the hardware supply chain.

Supposedly Nvidia’s RTX 4080 Super will see limited supply in October, with production coming to an end this month, and the supply of chips to graphics card makers will run dry in November.

We’ve heard before about the RTX 4090’s timeline which is a month sooner than this – production is rumored to have already ended (that happened in September), and the supply of chips to board makers will dry up in October, later this month.

That means some graphics cards will still be put together by manufacturers, and arrive on the scene after those (rumored) final chip supply dates, but stock will start to run out.

This paves the way for the launch of the RTX 5080 and 5090, and this is another rumor that indicates Nvidia is planning a double launch for next-gen Blackwell GPUs. Indeed, the claim here is that the RTX 5080 and 5090 will be released together (though rumors in the past have suggested that the launch of these GPUs may be very slightly staggered).

(Image credit: Nvidia) Analysis: Keep watching those stock levels

Add a whole lot of seasoning here, of course, because all of this is merely chatter from the supply chain. Still, the rumor regarding Nvidia winding up the production of the RTX 4090 does appear to have some truth behind it, or at least the picture of stock levels and pricing for the Lovelace flagship suggests that possibility.

In Europe, and indeed in the US, we’ve seen the RTX 4090 starting to run low on inventory in some cases, and pricing is spiking upwards without a doubt (it’s generally 10%, or slightly more, over MSRP in the US currently – increases have been way more than that in Europe). That aligns with the idea of Nvidia having halted production, with the final chips for the RTX 4090 likely shipping right now, and maybe not for much longer.

In theory, the RTX 4080 Super will follow, then, but we haven’t seen any impact on the price of this GPU – yet. This graphics card is still at its MSRP (at least for some models). However, if what’s theorized here is true, we will likely start to see a similar state of affairs with the RTX 4080 Super later this month. For now, then, we can keep a close eye on this graphics card – and the RTX 4090 too, which may show further evidence of running low on stock (perhaps vanishing entirely).

All of this could represent fairly firm clues that the RTX 5080 and 5090 are indeed close at hand as many are predicting, with the current consensus generally converging on a CES 2025 reveal for those GPUs. It's our guess that a slightly staggered launch will then follow, though this rumor appears to indicate otherwise (pass the salt again).

You might also like

• Nvidia’s RTX 5090 now rumored to have superfast clock speeds – as well as being super-slim – could this GPU be too good to be true?
• Top gaming PCs: great rigs for serious PC gaming
• Best PC games: must-play titles you don't want to miss

Hisense is launching an entry level version of its C2 Ultra 4K short-throw projector. The new Hisense C2 lacks some of the more powerful bits of its Ultra sibling, but it comes in at a considerably lower price and includes many of the most important features. The C2 hasn't launched globally yet but the full specification has been published along with marketing materials by a German retailer, as spotted by Notebookcheck.

The C2 has a triple-laser light system just like its more expensive sibling, and the brightness is 2,000 ANSI lumens – impressive for a laser projector, although the C2 Ultra is even brighter. The contrast ratio is 1,700:1 and there's support for HDR10, HDR10+, HLG and Dolby Vision.

Hisense C2 4K projector: key features and pricing

The C2 doesn't have the zoom lens of the Ultra, so it's got a fixed projection ratio of 1.2:1. That enables you to project an image from 65 inches to 300 inches, and there's motorized focus adjustment and automatic keystone correction to deliver images in the right proportions.

The quoted refresh rate is 60Hz at 4K, but you can double that to 120Hz for gaming if you drop down to 2K/1080p resolution; 4K is delivered using a technique called pixel shifting. Instead of projecting a true 4K image, pixel shifting outputs multiple 1920 x 1080 images that overlap to give the impression of 4K. It's been common as a technique among the best 4K projectors for a long time, although it's often known by different names: Epson calls it 4K Enhancement, BenQ prefers XPR and JVC calls it E-Shift. The big benefit here is simple: it makes 4K projection possible for a fraction of the expense, though purists far prefer 'native' 4K resolution – and also, this projector isn't that cheap.

There are two HDMI inputs here, one with ALLM for games consoles, and there are twin USB 3.0 plus ethernet and a headphone jack. There's also an integrated sound system by JBL with a total output of 20W. You can stream with the built-in apps for now and AirPlay support will be available soon via a software update.

We don't know global pricing yet but the German listing has a price tag of €1,999, which is roughly $2,200 / £1,700 / AU$3,200.

You might also like

• Hisense PX3-Pro: a perfect ultra short throw projector for gaming and movies
• Epson's new portable laser projectors with Google TV promise 150 inches of streaming from a tiny box
• Samsung The Premiere 9 ultra short throw projector review: bright, beautiful images and big sound

The iPhone SE 4 is one of the most talked-about devices in the Apple ecosystem right now, and its impending release early next year could mark a major reboot of Apple’s most affordable phone. Fresh off the back of a report from journalist Mark Gurman spilling the beans on the device, news outlet 9to5Mac has chimed in with its own details on what we can expect, including an updated design and many feature improvements.

Citing its own “reliable sources,” 9to5Mac claims that the iPhone SE 4 will come with an A18 chip, better cameras, and Apple’s own 5G modem. In vouching for the sources’ trustworthiness, the website says that they “told us precise details about the iPhone 16 in advance.”

According to this source, the iPhone SE 4 will take on a much more modern design, specifically by using a similar chassis to the iPhone 14, with flat sides and a notched OLED display (although it will lack the Dynamic Island). The source used by 9to5Mac says it will have a resolution of 1170 x 2532 pixels, which is the same as the iPhone 14. It will also come with Face ID, they say, meaning an end to the Home button and Touch ID.

On the inside, there will apparently be an A18 chip with a 5-core GPU and 8GB of memory, which means the iPhone SE 4 will be compatible with Apple Intelligence. That will bring it in line with the iPhone 16 in terms of power.

(Image credit: Frederik Lipfert, Unsplash)

Aside from the design, other elements mentioned by 9to5Mac are taken from past Apple phones. It says the iPhone SE 4 will have the same 48MP main camera and 12MP front-facing camera as the iPhone 15 – that higher resolution of the rear camera could enable it to take 2x zoom images at 12MP resolution. However, the iPhone SE 4 will reportedly only have one rear camera, forgoing ultra-wide and telephoto lenses.

One of the most intriguing details in this report, however, is that the iPhone SE 4 could become the first iPhone to bear Apple’s own 5G modem, something that DigiTimes has also previously reported. Apple has supposedly been working on this component for years but has struggled to get it up to speed. Now, though, 9to5Mac claims the part is ready and will handle 5G, Wi-Fi, Bluetooth and GPS. It will also “drastically reduce battery consumption,” 9to5Mac says, especially in the iPhone’s Low Power Mode, and says that adding this component to the iPhone SE 4 before any of its flagship models is “a sort of experiment”.

When might we finally see the iPhone SE 4? That day will come in spring (March-May) 2025, 9to5Mac believes, which mirrors claims made by other outlets. Indeed, DigiTimes reported today that “Apple has begun sourcing OLED panels” for the device, indicating that Apple is gearing up to launch the iPhone SE 4 in the coming months. If that proves to be correct, it means there’s not long to wait until we see what could be the biggest overhaul in the iPhone SE’s history.

You might also like

• The iPhone SE 4 is reportedly almost ready – here’s what you can expect
• iPhone SE 4: latest news, rumors and what we want to see
• The iPhone SE 4 could finally leave Touch ID behind – and that’s a good thing

Connected home tech company Aqara has launched a new smart lock that offers keyless entry for any smart home ecosystem, whether you use Apple HomeKit, Google Home, or Alexa.

You might recognize Aqara as the brand behind one of the best video doorbells currently available (the Aqara Smart Video Doorbell G4, which we've been testing for the last few weeks), but its latest foray into home security – the Aqara Smart Lock U300 – looks particularly interesting.

As 9to5Mac explains, limited compatibility is not an issue with the Smart Lock U300, which supports Thread, Matter, Apple HomeKit, and even Apple Home Key so you can unlock your door using your iPhone or Apple Watch, even if the device is out of power.

Don't have an Apple device? You can also unlock the Aqara U300 using a fingerprint reader, custom PIN (including one-time codes for tradespeople and visitors), the Aqara mobile app, a voice assistant, an NFC card, or a physical key in case of an emergency or power outage.

The Aqara Smart Lock U300 supports Thread, Matter, Apple HomeKit, and Apple Home Key (Image credit: Aqara) How to get 20% off

The Aqara Smart Lock U300 is available to buy now from Amazon in the US, with a list price of $229.99 (about £170 / AU$340). Official pricing and availability for other territories has yet to be announced.

That's already a pretty competitive price, and it gets even better if you use the code PRNAU300 at the checkout to get 20% off, bringing it down to $183.99.

You might also like

• SwitchBot's new Lock Pro model makes securing your smart home easier to do
• Are smart home security systems more of a risk than a benefit?
• Xiaomi's new smart lock offers 10 ways to open your front door, including AI facial recognition

Some of the top browser makers around have issued a letter to the European Commission (EC) alleging that Microsoft gives the Edge browser an unfair advantage and should be subject to EU tech rules.

A letter seen by Reuters, sent by Vivaldi, Waterfox, and Wavebox, and supported by a group of web developers, also supports Opera’s move to take the EC to court over its decision to exclude Microsoft Edge from being subject to the Digital Markets Act (DMA).

Edge’s exclusion from the DMA means that it is not subjected to the same rules as other browsers, which includes restrictions aimed at making it easier for consumers to choose a service best suited to them.

Edging out the market

The letter, sent on September 17, stated, “It is paramount that the Commission reconsiders its position. Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile.”

As Edge comes pre-installed by default on Windows machines, users must navigate the Microsoft offering in order to download their browser of choice. The letter states that, “No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs.”

The authors also alleged that Edge, which accounts for just over 5% of the browser market share, mischaracterizes features of rival browsers in pop-up messages to users. However a EC decision in February deemed that Edge was not a “gatekeeper” and that Microsoft should ensure that users can uninstall Edge, alongside any other software.

TechRadar Pro has reached out to the European Commission and Microsoft for comment, but neither immediately responded.

More from TechRadar Pro

• These are the best privacy tools and anonymous browsers
• Microsoft cracks down further on Russian hackers looking to disrupt elections
• Take a look at the best firewalls

OpenAI has decided to grant all ChatGPT users on its Free tier a 10-minute-a-month preview of its Advanced Voice mode, and if you’ve got the ChatGPT app on your phone you can try it right now.

Usually only available to ChatGPT Plus subscribers, Advanced Voice mode gives you the ability to talk to ChatGPT on your smartphone and get it to talk back to you in a voice of your choosing. You can ask it pretty much anything within reason and get a human-like response. In many ways, it’s the natural evolution of the chatbot into something that feels even more futuristic.

So long, Scarlett

It feels like we're now a long way from the launch of ChatGPT Advanced Voice mode, back in May this year, when the actress Scarlett Johansson went to war with OpenAI over the use of its voice called Sky, which sounded very much like her voice from the movie Her, in which she played an AI-powered assistant.

OpenAI denied claims that it had copied her voice. A statement from CEO, Sam Altman, on May 20, 2024 read: “The voice of Sky is not Scarlett Johansson's, and it was never intended to resemble hers. We cast the voice actor behind Sky’s voice before any outreach to Ms. Johansson. Out of respect for Ms. Johansson, we have paused using Sky’s voice in our products. We are sorry to Ms. Johansson that we didn’t communicate better.”

Even though your time is limited, you get access to all the features of Advanced Voice mode for those 10 glorious minutes, including the ability to choose a voice. In the current version of Advanced Voice mode you’ll find there are nine different voices to choose between, which have different qualities: Sol, Juniper, Vale, Spruce, Breeze, Arbor, Cove, Maple, and Ember.

(Image credit: OpenAI)

Advanced Voice mode is a real step up from the previous standard voice mode that you’d find on ChatGPT – it can sense and respond to humor and you can interrupt it at any time while it's talking. Interestingly, once you’ve chosen a voice you can’t ask ChatGPT to then change to another voice. Instead, you have to go into Settings, which you get to by tapping on your name at the bottom of the screen and scrolling down until you find Voice and tapping on it.

How to know you’ve got Advanced Voice mode

It’s hard to miss Advanced Voice mode, in the iOS or Android app you’ll see a message pop up in the prompt window informing you that you have access to Advanced Voice mode and pointing to a new icon to the far right. Simply tap it to begin. The first time you access it you’ll be asked to choose a voice and once you’ve done that you’re good to go.

When you see a glowing blue orb, somewhat reminiscent of a palantír from Lord of the Rings, you know that ChatGPT is listening and you can start having a conversation - ask it what you should have for lunch today, or where would be a good place to go on a vacation. You’ll discover that the conversation feels startlingly real.

You might also like...

• ChatGPT's new 'Canvas' is the AI collaborator you didn't know you needed
• OpenAI’s Advanced Voice mode is unavailable in the EU, and now we might know why
• I tried ChatGPT as an AI website builder. Here's what I think

Android 15 has only just started rolling out to users, but we're already hearing news about what Android 16 could bring with it next year – including enhancements to the Advanced Protection Mode to help you lock down and secure your phone to an even greater extent than you already can.

This comes from some code digging done by the team over at Android Authority, which revealed the option to toggle Advanced Protection Mode on and off from the main Android Settings screen (right now you need to enrol through a dedicated website).

What's more, apps installed on Android will be able to check in on the status of Advanced Protection Mode, and tailor their behavior accordingly – so your individual apps will have the opportunity to put up some security barriers, as well as Android as a whole.

That this code exists doesn't necessarily mean it's going to make it all the way to the final version of Android 16, of course: it might come out earlier, or later, or not at all. But for those who are particularly keen to get the strongest level of security on their Android devices, it could add some extra peace of mind.

Keep it secret, keep it safe

Android 15 rolls out to more users this month (Image credit: Shutterstock / Mojahid Mottakin)

Don't worry if you've never heard of Advanced Protection Mode before: while it's been around since 2017, it's not used too widely. Google introduced it for users with "high visibility and sensitive information" – so think journalists, politicians, people in law enforcement, and so on.

It can actually be switched on by anyone, but you need to register a physical security key or some biometric data in order to access your Google accounts. It makes it much harder for someone else to pretend to be you, even if they have your password.

At the same time, it also means logging into your Google account takes a little longer each time you do it – that's the trade-off. If you're interested in enabling the feature, you can read more about it on Google's official support pages.

Actually, this isn't the first Android 16 rumor we've come across: last month we heard that the operating system might change the way that the Quick Settings panel gets accessed. There's also been talk that test versions of Android 16 might show up a little earlier in the year than the Android 15 betas did, perhaps before July.

You might also like

• Older Samsung Galaxy phones are being bricked
• The best Android phones you can buy
• Apple may bring a guest mode to your iPhone

Google is set to clamp down even further on using certain unsupported extensions, most notably ad blockers, with its Chrome browser, given a new move in testing.

As spotted by Leopeva64, a regular leaker of browser-related info on X, there’s a change in the Canary (early test) build of Chrome whereby Google has entirely stripped away the ability to use Manifest V2 browser extensions, such as uBlock Origin, a popular ad blocker.

Google is already testing the removal of the option to re-enable unsupported extensions, in Chrome Canary the toggle to re-enable them is now greyed out, you can only remove them or find alternatives:https://t.co/aVxHvgB01N pic.twitter.com/zitGWq1SR2October 3, 2024

Let’s rewind a bit for background here – as you may have seen, Google has been ushering in a shift in Manifest, the platform its extensions are built on, from V2 to V3, as the latter is designed to offer better security, performance, and other benefits (there are plenty of folks who disagree, mind).

As we’ve seen in recent times, that move to Manifest V3 is now underway, and Chrome users have for some time now been warned that older extensions built on V2 are not supported by the browser.

Currently, though, you can still use a V2 extension like the mentioned uBlock Origin – though you’ll be warned against it – but as Leopeva64 spotted, in the latest Canary build of Chrome, the switch to use a disabled V2 extension is now greyed out. In other words, you can no longer make the decision to enable uBlock Origin or other V2 extensions for Chrome at all (in testing).

What you get instead is a choice to bin the extension, or find an alternative - for example, with uBlock Origin you might be redirected to uBlock Origin Lite, the V3 spin on this add-on (missing some key abilities, it should be noted, as the ‘Lite’ designation hints).

(Image credit: Shutterstock/Antonio Guillem) Analysis: Some alarms, but no surprises

Well, this is no surprise. Google has been a long time in enacting this shift from Manifest V2 to V3, and in fact, it was six years back that the new platform was first aired.

Google previously let us know that during this final stage of the transition to V3, there would be an option to keep using V2 extensions for those who really wanted to – the mentioned toggle – but that this would be removed in the future. That future has arrived sooner than we expected, though note, the change is still in testing right now.

We guess there’s a chance that this switch may not make the cut for release – as is the case with anything in testing – but given that Google has previously announced that it would be fully removing the option to run V2 extensions, it seems pretty certain that this move will be coming through to the stable version of Chrome probably very soon.

Clearly, Google is serious about trying to oust ad blockers from its browser, or at least those extensions with fuller (V2) levels of functionality. One of the crucial twists with V3 is that it prevents the use of remotely hosted code – as a security measure – but this also means ad blockers can’t update their filter lists without going through Google’s review process. What does that mean? Way slower updates for said filters, which hampers the ability of the ad-blocking extension to keep up with the necessary changes to stay effective.

(This isn’t just about browsers, either, as the war on advert dodgers extends to YouTube, too, as we’ve seen in recent months).

At any rate, Google is playing with fire here somewhat – or Firefox, perhaps we should say – as this may be the shove some folks need to get them considering another of the best web browsers out there aside from Chrome. Mozilla, the maker of Firefox, has vowed to maintain support for V2 extensions, while introducing support for V3 alongside to give folks a choice (now there’s a radical idea).

It should be noted that Google’s shift to Manifest V3 is a move with Chromium, the web engine, more broadly affecting other browsers using that engine – like Microsoft Edge (or Opera) – but specific moves like removing the V2 enable toggle here are just for Chrome (Chrome is the browser, Chromium is its underlying engine which is used elsewhere).

Via Neowin

You might also like

• How good is Firefox then?
• Not interested in Chrome or Firefox? Here's how to use Microsoft Edge
• This handy feature has been promised to ChromeOS users for a while now - so where is it?

Cybersecurity researchers have reported finding multiple mobile applications used in so-called ‘pig butchering’ schemes, lurking on the official Google and Apple repositories.

‘Pig butchering’ is a type of financial fraud in which the victims - called ‘pigs’ - are first “stuffed”, before being “slaughtered”. In other words, the victims get led on for weeks and months, and their wallets drained and drained, before the fraudsters finally pull the trigger and disappear with the money, completely.

The apps found by Group-IB are called SBI-INT (iOS), Finans Insights (Android), Finans Trader6 (Android), and have thousands of downloads among them, suggesting that many people fell for the trick.

Bots across the world

Pig butchering mostly targets cryptocurrency users. The fraudsters would usually assume the identities of beautiful young women, and would approach the victims in casual conversation, or even flirt with them. At some point, they would introduce them to a unique, hidden, or otherwise scarce, cryptocurrency trading platform that guarantees major gains for their users. In some instances, the victims were led to believe they would earn millions through the platform, and then ride off into the sunset with their newfound significant other.

The platform is obviously fake, and built by the fraudsters as a way to steal the victim’s money. But the trick is to keep the ruse going for as long as possible. The victim is first invited to invest a little money, and then shown - through the app - their enormous gains. Obviously, these are all just numbers on a screen and the actual money is already with the fraudsters.

The victim is then enticed to invest more and more, and by the time they decide to withdraw the money - it’s already too late. To make matters worse, the “stuffing” continues even after the victim realizes they can’t withdraw. Sometimes, they will reach out to customer support (also scammers), who would tell them they need to pay a withdrawal fee.

Both Google and Apple removed the apps from their repositories as soon as they were notified.

The best way to protect against such scams is to use common sense - if something sounds too good to be true, it most likely is.

Via BleepingComputer

More from TechRadar Pro

• New pig butchering scam looks to lure in victims with fake gold
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now