TechRadar News

After an early tease this month, Google’s Gemini Live AI assistant has now rolled out to all Android users for free. Gemini Live was initially limited to those subscribing to the Gemini Advanced plan for $20 a month, but the voice assistant is now available to anyone who downloads the Gemini app. However, it is only available in English at the moment.

For users who own one of Google’s latest devices, such as the Pixel 9 or Pixel 9 Pro, accessing Gemini Live is as simple as launching the Gemini app and selecting the Live icon at the bottom right corner of the screen. Gemini Live has ten voices to choose from, and you can pick your favorite from the list of star and constellation-based voices.

Gemini Live acts in ways familiar to those who have used Google Assistant or Alexa. The AI can understand casual language and behave in much more human ways during conversations. For instance, it can speculate, help you brainstorm ideas, and even multitask by handling your requests while still carrying on a conversation. The voice options add to the human illusion by being more emotionally expressive than the previous standard for speech.

Live is now available for all Gemini users in English on the Android app. We can’t wait for you to try it. https://t.co/jev4pnuZJ0September 30, 2024

Gemini's starring role

Gemini Live’s rollout comes even as Google’ faces a rapidly growing array of rivals in the space, including the Advanced Voice Mode for ChatGPT and Microsoft’s newly revamped Copilot AI with voice interactions. 

Like Microsoft, Google clearly hopes that making Gemini Live free will help it stand out in the crowd. The integration with the Android operating system and Google’s ecosystem of devices will likely help in that regard. But, even then, Google has to contend with Apple’s upgrades to Siri as part of the range of Apple Intelligence features that the company will begin rolling out soon. 

Still, if you’re frustrated with the limitations of current voice assistants, Gemini Live will feel like a significant upgrade. How Gemini Live stacks up against its many new competitors remains to be seen, though. 

It’s obvious that Google wants Gemini to seem more than just Google Assistant. Enhancing Gemini’s place in people’s lives, especially on mobile devices, is how the company hopes to win the current AI assistant war.

You might also like

• Google Gemini Live is the first AI that almost encourages you to be rude
• Google is making Gemini AI part of everything you do with your smartphone – here's how
• Google Gemini Live's AI voice now comes in ten more styles that take inspiration from the stars

A US jury has ruled Amazon Web Services (AWS) willingly infringed on two patents, and must now pay $30.5 million for violating the patent owner's rights in computer networking and broadcasting technology.

The offending technologies were AWS’s Cloudfront content delivery network and Virtual Private Cloud virtual network - which infringed on the patents originally owned by Boeing, but obtained by Acceleration Bay.

The two patents in this case are said to involve methods of streamlining data delivery across a network. Without getting too technical, the technologies allow data to be sent from peer to peer and flow around slow or broken connections by forming a network.

Assertion entity

Acceleration Bay describes itself as an ‘Incubator & Investor’, and recently won a separate patent trial against Activision, in which the video game developer was ordered to pay $23.4 million.

The final court’s judgement in the AWS case will come soon, but the payout could yet triple, due to the fact that Amazon 'willfully' breached the patents. AWS cloud services reportedly brings in around $9 billion operating profit per quarter - which is around 62% of Amazon’s total, so it probably won’t be hit too hard by the charges.

This isn’t the first time AWS has faced opposition with patented technology, having had to pay $525 million in damages earlier in 2024 after losing a cloud storage patent case.

The tech giant has also had a long-running spat with Nokia, with both firms bringing forward patent lawsuits against each other in recent years - most recently, in August 2024, AWS accused Nokia of over a dozen infringements for cloud computing technologies.

Since AWS is a dominant player in the cloud storage game, naturally it controls a lot of the technologies involved, which it claimed Nokia was using without permission.

Via The Register

More from TechRadar Pro

• Check out our pick of the best cloud computing services
• Google Cloud unveils major infrastructure investment across Southeast Asia
• Take a look at our best external hard drive choices

New sources claim that AMD’s RDNA 4-based graphics cards, originally rumored to be launching at the end of 2024, are behind schedule and now expected to launch in 2025.

The news doesn’t come completely out of nowhere. We previously reported on hardware leaker Kepler’s claim that AMD would not release their RDNA 4-based GPUs until CES 2025. But conflicting rumors suggested a late 2024 release.

More interesting than the news itself are the alleged reasons for the delay. Moore’s Law is Dead revealed in a recent YouTube video exclusively from a reliable source that the RDNA 4 line of GPUs is delayed because AMD is struggling to shift its top-end RDNA 3-based GPUs, in particular those built around the Navi 31, like the RX 7900 and RX 7900 XTX.

The AMD Radeon RX 7900 XTX, built on Navi 31 architecture (Image credit: Future)

Reports suggest AMD’s RDNA 4 focuses on delivering value for money, strong performance, and energy efficiency, keeping its sights firmly on the mid-range market. Nvidia, on the other hand, remains focused on its next-gen RTX 5000 series, opting to prioritize high-performance instead.

The RDNA 4 GPUs consist of the Navi 44 and 48 and will also focus on improved raytracing; they’ll have better clock speeds, GDDR6 memory, and AMD’s infinity cache. It’s said that they will offer a 10-30% performance improvement over the RDNA 3-based cards.

It’s not surprising, then, that the top-range RDNA 3-based models aren’t selling so well. Some customers may be waiting for the next-gen cards that will improve on performance at a lower price point. Others may even overlook the RDNA 4 models in anticipation for AMD’s already-in-development RDNA 5 GPUs, which are set to potentially feature more high-end models, and according to wccftech, “will be built on a completely different architecture”.

Given these reports, it seems wise for AMD to delay the launch – if there were ever plans for a late 2024 launch – to shift the remaining RDNA 3 stocks. Moore’s Law is Dead’s source also mentioned that AMD’s mid-range RDNA 3s were selling fine. The issue of low sales is only affecting its top tier range.

So it appears to remain true that AMD will first debut its flagship Navi 48 at CES 2025, with the Navi 44 still having its launch somewhere in Q2 of 2025.

As it stands, 2025 now looks like the year AMD’s RDNA 4 GPUs will finally hit the market.

You may also like

• Nvidia RTX 5080 and 5090 again rumored for CES 2025 launch – possibly alongside next-gen laptop GPUs
• We could be witnessing the death of the graphics card in real time right now, and I couldn’t be happier about it
• The best cheap graphics card prices and deals for October 2024

It's a miracle that the free Internet lasted as long as it did. It's been nearly 30 years of mostly unfettered, free content access to everything from magazine articles and newspapers to videos and recipes. The steady devolution of the online advertising business made free online content an economic equation that no one could solve.

If you need further evidence that your free internet is evaporating like snow on an early spring day, look at CNN.com. The popular online news platform, an arm of the still popular cable news network, is putting up a paywall.

It won't block you from seeing all CNN.com posts but will limit the number you can see for free. It's unclear if that will be a few a day or a dozen per month. However, once you hit the limit, CNN.com will prompt you to subscribe for $3.99 a month or $29.99 a year. That's not a lot, and for all-you-can-eat access, some might consider it a bargain. Even so, it'll be an adjustment, especially for those who've been accessing the site since it launched "on the World Wide Web" in August of 1995.

CNN.com is not alone in this. TechRadar competitor The Verge is reportedly considering a paywall and I can guarantee similar discussions are underway at every "free website". Good content, everything from short news posts and long product reviews to essays and videos, is costly to make. If display ads (the ads that surround this post) aren't paying the bills, possibly because too many of you use an ad blocker or fewer people are viewing your content and the ads because Google is delivering AI-generated content synopsis on search results, you have to find a new way to fund that content.

Other sources

Even without those forces, traditional media like CNN.com is struggling because a large segment of the online audience is getting their news elsewhere: usually YouTube or TikTok. It's unlikely a two-minute TikTok has all the depth of a CNN.com or Washington Post piece, but that doesn't matter. Gen Z trusts those sources and will usually turn there first.

Obviously, many of us still rely on these traditional OG websites for news and information and are not used to paying for the content. And, to be honest, we don't usually willingly enter Paywall land.

There are strategies honed on platforms like The New York Times, The Atlantic, Business Insider, and others, where we find ways to see more than our share of free content. Usually, this involves opening another browser window in Private Browsing or Incognito Mode, which means you don't carry the cookies that tell the website how many posts you've already viewed. This method usually only works for a single post, but there is satisfaction in reading that one extra story.

I know I'm the last person who should be doing this, and sometimes I wonder how I can be so cheap. The truth is, I already pay for a lot of content. I have subscriptions to The New York Times and The New Yorker. We also subscribe to our local newspaper.

Also, wasn't the Internet supposed to be free?

Modeling subscriptions

Maybe not. The World Wide Web was launched for free almost by accident. When the Internet arrived, it had no interface. Then, some enterprising programmers built early web browsers that could translate Internet data via HTML into browsable and interlinked pages. (Yes, a massive oversimplification of what really happened.)

The Web grew so fast and spread so wide that no one even had time to figure out a decent economic model. We did understand the web offered content consumption and audience measurability in ways virtually impossible with traditional media. That was a bonanza for traditional advertisers who desperately wanted access to all those eyeballs.

And they got them in droves. However, the efficacy of these ads started sliding almost as soon as they started appearing. There were a lot of bad actors back then who thought it was OK not only to run online ads but also to make them pop-ups. Visiting some sites was like playing a game of whack-a-mole. Naturally, if you visited an adult site, you probably got what you deserved.

It's been almost two decades of us knowing that a full-time free internet was unsustainable, but the reality is just now catching up with our consumption. Free was a dream we all had and it was a wonderful one while it lasted. Now we're waking up on if not the wrong side of the bed, the costly side of the paywall.

You might also like

• Fed up with Disney Plus? Here's how to cancel your subscription
• I was sick of forgetting files, but this app lets me access my devices from anywhere in the world
• I was tired of scrolling – this app woke me up and made me smarter

The WashG1 is a dedicated wet floor cleaner and Dyson's first attempt to prove that it doesn't just do carpets. It launched in the UK and Australia last month but has just gone on sale in the US. It's currently only available to buy direct from Dyson, and has a list price of $699.99.

Unclutch those pearls; we all knew it was going to be expensive. I do think that some Dyson products justify their eye-watering price tags, but in this case, there are things worth factoring in before you decide to gamble your child's college fund on a wet floor cleaner.

I tested one out and you can get the full low-down in my Dyson WashG1 review, but the gist is that it works fantastically well on perfectly smooth, flat floors like linoleum or polished concrete but is nowhere near as impressive on textured or uneven floors (including tiled floors with grouting gaps).

(Image credit: Future)

This is Dyson's first dedicated wet floor cleaner (I say 'dedicated' because we do have the Dyson V15s Submarine, which is a vacuum cleaner with a wet floorhead that can be swapped in). Significantly for this brand, which has built its reputation on being really good at moving air about, it doesn't use suction. Instead, it employs a combination of agitation, hydration and separation to get your floors gleaming.

Water is expelled through the cleaner head, rollers help loosen the dirt and pick up things like hair and solid particles, and then the inner mechanisms separate liquid and solid spillages. That last part is designed to make maintenance easier.

Should you buy one?

It's very good at certain things. Like today's best Dyson vacuums, it's extremely maneuverable; the floorhead can pivot any which way, and it'll get right up close to baseboards, too. The fact that it can handle liquid and solid waste is really helpful for things like dinnertime messes. I have a small niece and nephew who cannot complete a meal without coating everything in the vicinity with whatever they've been eating, and a once-over with the WashG1 is by far the least disgusting way to deal with it that I've found so far. The base will take care of some of the maintenance by running a self-clean cycle, when you dock it, too.

(Image credit: Future)

However, it's not worth the investment if you have uneven floors. The WashG1 will struggle to clean them evenly, as I discovered when I tested mine on a flagstone floor. Because the rollers don't really 'scrub', it's only really capable of tackling surface dirt.

That includes missing the grouting cracks between tiles. (Apparently, the engineers found that adding more water is a more effective way to tackle stubborn dirt than rubbing at it, and while they might have a bit of a point, I still think there are limitations to this approach.)

Those niggles aside, it still might be a good investment for some shoppers. Because it's brand new, don't expect discounts any time soon – I have my fingers crossed for a price-drop in the Black Friday sales, though.

• View the WashG1 for $699.99 at Dyson

You might also like...

• Dyson V15 Detect vs Dyson V11: Which cordless vacuum is best for you?
• Dyson AirWrap review: updated tests
• Browse the best robot vacuums and mops

Hackers have been spotted using the Docker Engine API to target various containers with cryptojackers and other malware.

Cybersecurity researchers at Datadog, who recently observed one such campaign and reported on it in an in-depth analysis, noted the criminals first looked for internet-exposed Docker Engine APIs that are not password-protected, using different internet scanning tools.

Then, they used the Docker API to spawn an Alpine container, and mount the underlying host’s file system inside the container. The next step is to execute a shell command to pull an initialization script that effectively kickstarts the infection chain.

No evidence of abuse

The Docker Engine API is a Docker-provided interface that allows developers and systems to interact with the Docker daemon, programmatically. Via the API, users can manage and control Docker containers, networks, and images, all through HTTP requests.

The chain starts with data transfer tools which, in turn, deploy XMRig. This is a popular cryptojacker, a tool that uses the compromised device’s computing power to generate cryptocurrency tokens and send them to the attacker’s wallet address.

After that, the attackers deploy a few scripts to hide the presence of XMRig, after which they go for additional payloads that allow them to move laterally. Other Docker Swarm, Kubernetes, and SSH servers are targeted, and ultimately assimilated into an actor-controlled Docker Cluster.

The cluster allows the crooks to use Docker Swarm’s orchestration features for command and control tasks.

At press time, the researchers have not yet identified the group behind this campaign. The tactics, techniques, and procedures (TTP) of this campaign do overlap with the ones usually used by TeamTNT, they suggested.

"This campaign demonstrates that services such as Docker and Kubernetes remain fruitful for threat actors conducting cryptojacking at scale," Datadog said, before adding that as long as these APIs remain online without proper protection, they will be considered “low-hanging fruit” to crooks.

Via The Hacker News

More from TechRadar Pro

• Malware attacks on Docker Hub spread millions of malicious repositories
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

At its AWS re:Invent 2023 event in November 2023, CEO Adam Selipsky unveiled the company's Graviton4 chips, built on Arm’s “Demeter” Neoverse V2 core. These new processors were claimed to offer up to 30% better compute performance, 50% more cores, and 75% more memory bandwidth than the Graviton3 processors, aimed at boosting memory-optimized and compute-heavy workloads.

Graviton4-powered R8g instances became generally available in July 2024 and when Phoronix benchmarked it, the processor came in ahead of the Intel Xeon instance by about 5% and wasn’t too far behind AMD’s EPYC.

AWS has now stepped things up by introducing new memory-optimized X8g instances.

(Image credit: AWS) Improved performance

X8g instances are available in ten virtual sizes and two bare-metal configurations, featuring up to 3 TiB of DDR5 memory and 192 vCPUs. These instances are also considered AWS's most energy-efficient EC2 offerings to date. With a 16:1 memory-to-vCPU ratio, the X8g instances are also equipped with full encryption across all high-speed hardware interfaces, and offer additional security features.

The X8g instances provide notable improvements over their predecessors, offering three times more memory and vCPUs than X2gd instances. They also double the EBS and network bandwidth, making them an attractive solution for memory-heavy workloads. Graviton4’s twice the L2 cache per core and 160% higher memory bandwidth contribute to up to 60% better compute performance.

In terms of real-world applications, AWS says X8g instances are already being used for SAP HANA and SAP Data Analytics Cloud, with performance gains of up to 40% for transactional workloads compared to Graviton3.

AWS notes the X8g instances allow users to scale up or out, providing flexibility for memory-bound applications currently running on distinct instances. The new instances are now available in US East (N. Virginia), US West (Oregon), and Europe (Frankfurt) AWS regions, supporting various pricing models such as On-Demand, Spot, and Reserved Instances.

More from TechRadar Pro

• These are the fastest CPUs around today
• AWS is making it easier for start-ups to use its cloud services
• Amazon unveils next-generation Graviton4 and Trainium2 chips

Microsoft's Copilot AI assistant has a sleek new look and a slew of new and enhanced features. The tech giant is clearly keen to get more people to use its AI tools and to make it as much a part of people's lives as possible. 

It's a strategy pursued by Google and Microsoft's other AI rivals as well. To stand out, Microsoft gave Copilot a makeover regarding how you engage with the AI and its capabilities when you do so. Copilot is noticeably quicker to adapt to your preferences and does so in more ways than it could before. You can test out the new Copilot experience on the web, a mobile device, or through the Windows app. 

"Copilot will be there for you, in your corner, by your side and always strongly aligned with your interests." explained Microsoft AI CEO Mustafa Suleyman in a blog post. "We are not creating a static tool so much as establishing a dynamic, emergent and evolving interaction. It will provide you with unwavering support to help you show up the way you really want in your everyday life, a new means of facilitating human connections and accomplishments alike."

We've highlighted some of the most notable and intriguing changes and new features below.

Voice

The loudest upgrade is the new Copilot Voice feature that allows you to converse vocally with Copilot. It's a bit like OpenAI's new AdvancedVoice Mode in that you can speak to the AI like you would a human, even interrupting mid-word, and hear what it has to say back. 

You can select four voices for the experience, with multiple accents, though only in English for now. Copilot Voice can also be your newscaster with the Copilot Daily feature. You can get audio summaries of the latest news and weather personalized to your location and interests. The AI relies on Microsft's partners, including Reuters, Axel Springer, Hearst, and the Financial Times, to source and summarize the news. 

Vision and Visuals

Not only can Copilot now talk, it can 'see' too. The new Copilot Vision feature lets the AI look at what's on your screen, whether it's a website or a personal document. The AI can suggest ideas for related information or analysis, even bring up products that might better suit your interests and budget if you ask, simply using the vision on the screen. It won't work universally yet, but it can handle most of the more popular websites. This is an opt-in feature, so none of the data is stored or used for training unless you agree. Notably, Copilot Vision isn't limited to printed text; it can even read handwriting.

For your own visual creations, Copilot assists with enhancing both photos and other visiuals. The AI-powered Super Resolution feature in the Photos app can enhance old and low-resolution images to 4K without getting grainy or pixelated. And if you make an image in Paint, you can now use the AI-fueled Generative Fill and Generative Erase tools to add or remove bits from an image using a text prompt or brush strokes.

Personalized Companion

Microsoft's main goal for Copilot is for people to think of it as a useful helper to turn to both online and when working on a PC. The new Copilot's look is no longer the usual chatbot but now works as cards that are supposed to make you feel more involved in running the AI. There's also the new main page that adapts to your interests called Copilot Discover. Your conversations with the AI and stated preferences will change the Discover page to provide searches and suggestions that are relevant to you, encouraging long-term use.

A subtle but potentially very useful upgrade is how Copilot helps you find and do things on your PC. For instance, Click to Do is an AI feature that puts interactive commands on your screen, offering suggestions relevant to what's on the screen, such as summarizing text, changing an image, or looking something up online. If you're working on a presentation, Copilot might offer to help expand the text in one section, remove the background of an image, or even email someone if you have their address in the presentation.

There's also the new Recall tool, which helps you find things you were looking at recently on your computer, document, webpage, video, or anything else. The AI can remember and recognize what it was and pulls it back up again for you, even if you don't remember the location or file name. Windows Search on Copilot+ PCs will even find files and settings that you haven't opened yet by using a description you write in.

You might also like

• Copilot Wave 2 supercharges productivity with AI across all your Microsoft 365 apps
• I've been using a work laptop with a dedicated Microsoft Copilot key for months now — and it's made me realize one thing
• 3 ways Microsoft Copilot can help your business perform better

A musical crime saga and a black comedy series that feels like a realtors nightmare is going straight onto my Netflix watch list after the best streaming service released two new trailers for Emilia Pérez and No Good Deed. Both titles look like the next big comedies I’ve been waiting for but with very different plots.

Emilia Pérez is a genre-bending musical odyssey as it follows cartel leader Emilia (Karla Sofía Gascón) who enlists lawyer Rita (Zoe Saldaña) to help fake her death so she can live authentically as herself.

Meanwhile, No Good Deed sees three families competing to buy the same house in Los Angeles, but what might be their dream home soon turns into something of a nightmare. Consider me sold!

What is Emilia Pérez about?

Release date: November 13

Directed by Jacques Audiard, Emilia Pérez looks like it is filled with bold song and dance visuals. It follows four women in Mexico pursuing their own happiness. Formidable cartel boss Emilia asks Rita, an unappreciated lawyer, to take on an unexpected case: to help fake Emilia's death so she can have sex-reassignment operations and begin a new life under a new name - Emilia Pérez.

The potential best Netflix movie is described as an "audacious fever dream" by Tudum, Emilia Pérez also serves as an opera. Saldaña revealed: “It was described to me as this film noir that didn’t really exist in any of the conventional kind of genres, but it was a musical. It was actually an opera, and based in a crime world, but there was going to be a sense of justice, and validation, and sanctification. And I was just like, ‘What?’ I had to read it more than once. And then, I couldn’t stop thinking about it.”

The operatic tale also stars Selena Gomez, Adriana Paz, and Édgar Ramírez.

What is No Good Deed about?

Release date: December 12

From the creator of one of the best Netflix shows Dead to Me, No Good Deed is a dark comedy that centers on three very different families as they rush to purchase the same 1920s Spanish-style villa in the LA neighborhood of Los Feliz. But little do they know that the house of their dreams may not be so perfect after all.

The series is led by Lisa Kudrow and Ray Romano who play married couple Lydia and Paul Morgan. They have different opinions on selling their family abode, but as they struggle to hide the dangerous secrets that live inside their home, they realize that the only way they’ll escape the past is to confront it head-on.

Dead to Me star Linda Cardellini also steps into cherry red wedges for the role of Margo, along with a star-studded cast that includes Luke Wilson, Teyonah Parris, and O-T Fagbenle.

You might also like

• Squid Game season 2's stylish new trailer teases the return of a fan-favorite character and I'm even more excited for the Netflix show
• 3 new movies I can't wait to watch on Netflix in October with 90% or higher on Rotten Tomatoes
• 4 horror movies coming to Netflix in October 2024 with over 90% on Rotten Tomatoes

Meta’s first AR glasses have broken cover in the form of the game-changing Orion prototype. These glasses won’t ever be available to sale, but Meta says they’re the precursor to consumer AR Glasses. And based on what we've seen they could be the world's best AR glasses when they launch.

Those consumer AR glasses are likely a few years away, but thanks to Meta Connect 2024 and what Meta staff have said afterwards, we already have an idea of when non-prototype Meta Orion AR glasses might launch, how much they could cost, and what they’ll be capable of.

To make keeping track of all the latest Meta Orion information a breeze we’ve rounded up everything we know so far in this one article, and included a section at the end of the features we want to see at launch.

Meta Orion AR Glasses: Price

Technically Orion probably won’t ever go on sale; it’s a prototype that only select Meta staff, AR software developers, and those lucky enough to secure a demo will likely ever get to use, let alone own. Semantics aside, we already have an idea of how much the consumer version of Orion will cost when it launches. Unfortunately, it won’t be as cheap as Meta’s other XR tech and glasses.

When Mark Zuckerberg unveiled Orion, he also outlined three objectives Meta is aiming to achieve before the glasses get released to the public. One is to “make them more affordable” (via Meta) by using practices like building Orion at scale. When we heard "affordable" we hoped that meant somewhere in the region of the current Ray-Ban Meta smart glasses – which start at $299 / £299 / AU$449.

Orion won't be as cheap as the Ray-Ban smart glasses (Image credit: Meta)

Alas, this has been clarified by Meta CTO Andrew Bosworth. In an Instagram AMA in he explained that the AR glasses “probably won’t get in at, like, a Quest 3S price point, or even a Quest 3 price point” – which instantly prices them over $499.99 / £469.99 / AU$1,049.99. Instead the team is aiming at the price of affordable phones and laptops – so hopefully somewhere around $700 (around £700 / AU$1,350).

This certainly makes more sense given how impressive Orion was sounding, though it does mean we might have to wait a while longer for a truly affordable model to come along. Speaking of...

Meta Orion AR Glasses: Release date

If you want to get your hands on the consumer version of Meta’s Orion AR glasses prototype then you might not be waiting too long, with Meta CTO Andrew Bosworth revealing that the release timeline is in the region of “a couple years, but not decades.”

Our bet is on a release in 2027, as this is the release schedule from an internal meta roadmap that The Verge leaked back in early 2023. Based on Meta’s usual hardware schedule we can hone in even more on a potential release date, at around late 2027 – specifically September to December 2027.

That said, with Orion still at the prototype stage, there’s a good chance it could get delayed – resulting in it not arriving for a few more years.

Meta Orion AR Glasses: Design and features

As a prototype, Orion’s design hasn’t yet been finalized, and it’s actually one of the aspects Meta has said it wants to optimize and make more fashionable before launch. However, that’s not to say we don’t have an idea what Orion’s final form might look like.

Firstly, Meta has said it wants to slim down the glasses and keep them light. Considering Orion is already just 100g we expect the consumer version will be equally light (or lighter), and hopefully a lot less chunky – though hopefully it can do so without sacrificing battery life, which currently sits at two to three hours.

We also expect that the glasses will take design cues from Ray-Ban glasses. Meta recently announced the continuation of its partnership with EssilorLuxottica (Ray-Ban’s parent company), and it tracks that Meta would want to adopt the fashionable classic Ray-Ban style for its AR glasses and not just its AI smart glasses.

Meta might need to avoid creating clear consumer Orions like it has with the existing Ray-Ban Meta smart glasses. CTO Andrew Bosworth has a special clear pair of Orion glasses, but revealed that because their design necessitates a non-magnesium frame, the clear pair have significantly worse heat distribution properties. As a result, the clear pair “thermally tap-out” in about 30 minutes instead of lasting the full two to three hours.

(Image credit: Meta)

As for features, we know Orion boasts AR and AI tools. AR-wise we’ve seen hints of the sorts of experiences it can facilitate like giving you floating windows for virtual multitasking, the ability to have AR video chats, and we imagine there will be an AR game or two at launch (here’s hoping for a fully AR Pokemon Go).

On the AI side of things, expect to see everything currently possible on the existing Meta Ray-Ban smart glasses such as Look and Ask, as well as the new photographic memory and real-time translation tools. Plus we expect several other AI tools will launch in the coming years that Orion should also possess.

Meta Orion AR Glasses: What we want to see Transition lenses by default

(Image credit: Meta)

For glasses wearables to take off they need to work in all weather, and the only solutions to this are high-quality transition lenses or a frame design that allows you to easily swap between clear and shaded lenses manually – lenses which would have to be separate to the AR displays.

We love the Ray-Ban Meta smart glasses, but the smart sunglasses aren’t usable indoors or on days when it isn’t sunny. Conversely, smart glasses with only clear lenses won’t serve you well when it is a bright day and you want to protect your eyes. As a result, the only sensible smart glasses solution will give you a wearable that can work in any weather.

AI capabilities everywhere at launch

The biggest let-down of the Meta Ray-Ban smart glasses is the AI features shown off at their 2023 announcement weren’t available at launch, and still aren’t available in every region they’re sold. Without these AI tools the glasses just aren’t as impressive.

When Orion’s consumer version makes it to market Meta needs to make sure that every feature it announces for the specs is available everywhere when the AR and AI glasses release (or at least within a couple of months).

Apps, Apps, Apps

AR gaming is a must for Orion (Image credit: Meta)

The main issue most XR hardware struggles with is not its specs, but its software. No matter how impressive the gadget might be technically it’s useful if it doesn’t do anything to justify those specs.

For Orion to be a success, Meta will need to ensure it’s well-stocked with AR software and features at launch – which is perhaps why Meta plans to give software makers Orion prototypes as dev kits to aid them in their AR app-making efforts.

A SIM card slot, and phone connectivity

Mark Zuckerberg might envision AR glasses as the evolution of smartphones, and so it would be neat to see them able to access a network completely independently of your smartphone – like an LTE smartwatch – but we’d like the Meta Orion glasses to play nice with phones too.

This includes piggybacking off their network if you don’t want to get a second SIM, and also being able to perform actions like streaming video and audio from your phone, for when you want to swap between watching on the screen and on a heads-up display.

The latter point might seem like an obvious inclusion, but other recent AI-powered so-called smartphone replacements have taken measures to separate themselves from smartphones, much to their detriment. Smart glasses might replace phones one day, but for now they’ll gain a heck of a lot by working with smartphones, rather than against them.

Another week, another online service tried to silently change its data collection and sharing practices by default. The good news is that you still have time to opt out before any of your information gets automatically given away without your consent.

As per PayPal's policy updates page (issued on September 23 for US users), the service is set to exchange your data with third-party merchants "to help improve your shopping experience and make it more personalized for you." Starting in early Summer 2025, the new policy will not just come at the detriment of your privacy – even if you're using the best VPN apps – but PayPal will start gathering data as early as November 27, 2024.

Users appear to be opted in by default (see image below), which may be an issue under some privacy regulations like GDPR. After coming across some US-based accounts complaining about this on Twitter, I decided to check if that was the case also for people in the UK (where I'm based). When I accessed my privacy settings, the option was automatically toggled in.

The screenshots were taken at the time of writing, September 30, 2024. (Image credit: Future)

It's also important to bear in mind that the policy changes will not apply in the same ways across all jurisdictions and users. For instance, in the UK, the new data sharing is set to be enforced on October 10, 2024.

A policy update dated July 8 clarifies that, for the UK market, "merchants are permitted to share customer personal information provided to them by PayPal with their service providers."

I suggest checking your profile settings as soon as possible to reverse the change if you don't wish your data to be shared.

How to opt-out PayPal's new data sharing

Depending on where you're based, you'll find PayPal's new data-sharing option under a different name. Remember, you may not see this at all if you're based in a country that doesn't allow it.

If you're in the US, you should head to your profile Settings and tap on Data & privacy. Under Manage shared info, click on Personalized shopping. You should see the option enabled by default. Toggle off the button at the right to opt-out.

If you are in the UK like me, you'll see something different after you head to your profile Settings and tap on Data & privacy. 

Under Manage your privacy settings, here you'll see an Interest-based marketing tab – click on it. At this point, two options will appear: Interest-based marketing on PayPal and Internet-based marketing on your accounts. You have to tap on each of these and toggle off the button at the right to opt-out. These instructions can also apply if you're based in the EU.

PayPal is updating their ToS to let themselves give your data to merchants starting Nov & they're banking on people not knowing to opt out, SO to opt out before they start: go to Settings >Data & Privacy > Manage shared info >Personalized shopping, & toggle that shit offSeptember 29, 2024

PayPal isn't the first online service to silently activate more invasive data practices without asking for users' consent.

In the most recent of such instances, LinekdIn started training its AI tool on user data by default last week. Again, users had to opt out of this functionality to prevent their personal information and posts from being collected. 

Before the Microsoft-owned social platform, also Facebook, Instagram, and X (formerly known as Twitter) had silently enabled the training of their AI tools on all users' public information.

"We shouldn't have to take a bunch of steps to undo a choice that a company made for all of us," tweeted Rachel Tobac, ethical hacker and CEO of SocialProof Security, at the time to comment on the LinkedIn move. "Organizations think they can get away with auto opt-in because 'everyone does it'. If we come together and demand that organizations allow us to CHOOSE to opt-in, things will hopefully change one day."

While the business models of these platforms are unlikely to change anytime soon, I suggest keeping an eye out for any news or notifications of policy updates from PayPal  – and any other online services you have an account with, for that matter – to know exactly what information you're sharing at all times.

Green Hills Software has announced it has supplied the Trump campaign with "unhackable" communications and computing technologies in order to ‘protect election integrity and defend democracy’.

The company's equipment runs on an operating system subtly named ‘INTEGRITY-178’, currently primarily used in military applications, and in an ever-so-slightly Trumpian statement, claims it, "never fails and can’t be hacked".

Currently supplying both the FBI and US Government, Green Hills says it has ‘stepped forward’ to prevent any further hacking of Presidential campaigns, and added its tech was offered to the Harris campaign, but it's unclear if the team has adopted them.

No more vulnerabilities

In a statement, the firm says ‘all other smartphone operating systems are hacked regularly’ and that foreign actors are exploiting these vulnerabilities. The INTEGRITY-178 OS however, is certified by the NSA as highly robust and capable of protecting high value resources.

“Only a phone running on an operating system that never fails and can’t be hacked can be relied on to keep messages completely confidential. The only phone with this capability is the INTEGRITY-178 phone.” Green Hills Software says.

The Trump campaign was recently the target of a ‘hack-and-leak’ campaign, allegedly carried out by Iranian state sponsored cyber criminals, and the 2024 election cycle has been plagued by cyber attacks and online misinformation.

“Hacking by malicious foreign actors has become all too common in recent years and the time has come to take action to secure our democracy,” observed Green Hill CEO Dan O’Dowd.

“Most recent US election campaigns have been the victims of hack-and-leak operations. We owe it to our democracy to ensure that our elections are decided by the American people and not by foreign agents who wish harm to our country."

The 2024 election could be the most targeted yet, with potential hostile interference from Iran, Russia, and China reported so far, so security will be a top priority for both teams.

More from TechRadar Pro

• We've listed the best firewalls around today
• Iranian hackers charged over Trump campaign disruption
• These are the best ways to share files securely right now

Epic Games has introduced new time limit controls in Fortnite, allowing parents to restrict their child's playtime.

The studio announced the changes in a new blog post today, confirming that the new tools apply to both the popular battle royale game and Unreal Editor for Fortnite.

According to the new safety guidelines page, with 'Time Limit Controls', parents will have the ability to limit the total amount of time their child can play per day. They can also choose specific time windows when their child can play each day, and set time limits within that window.

After setting a time limit, kids will start seeing in-game banners notifying them when they have 30 minutes left in Fortnite or the Unreal Editor for Fortnite.

(Image credit: Epic Games)

"Once your child reaches their limit, they will not be able to use Fortnite or UEFN until the next day or until a new window begins, unless you choose to add more time," Epic Games explained.

Parents can also grant extra playtime with the 'Request for More Time' setting. When the setting is on, the player can request more time, but if it's turned off, they can't.

"If you have allowed your child to request more time, and they have 30 minutes or less left in their window, your child can request more time from within Fortnite," the developer continued.

An email will be sent from Epic Games to parents with a link where they can add more time for that day, even if requests are disabled, but the additional time must be added through Fortnite's main menu settings.

Epic has also added 'Time Reports', allowing parents to see how much time their child spends in the game, as well as 'Time Reports Email', which will send a weekly email to parents with a report summarizing their child’s time spent getting victory royales.

Time Limit Controls are now accessible across all consoles and devices, including PC, PlayStation, Xbox, and Nintendo Switch. As long as a player is using the same account across devices, the time limit will be enforced, no matter where the child plays.

You might also like...

• Fortnite Chapter 5 Season 5 release date and Season 4 ending
• Lego Fortnite's latest expansion adds a new Lost Isles map with five explorable biomes
• Best free games 2024: gaming fun at no cost

The Devil's Hour season 2 is nearly upon us, and I'm so excited to dive back into the gripping Prime Video thriller series where we'll see dynamics shifting and find out what happened to Gideon (Peter Capaldi) after he escaped into the night in the season one finale. All that and more will be revealed when the series releases on October 18.

A lot happens in this mind bending series so it's understandable if fans have questions – I have plenty of my own, especially since the first season explained the link between Gideon and Lucy (Jessica Raine), and we've now established two co-existing timelines. We've got social worker Lucy and police officer Lucy, thanks to Gideon's time traveling interference, so there are effectively two versions of her. Yeah, you really need to pay attention when you're watching this series, folks.

The trailer answers at least some of these burning questions, and you can take a look below.

What is the plot of The Devil's Hour season 2?

We've come a long way since season one, which saw Lucy waking up at 3:33 AM every night, which falls between the titular "devil's hour" of 3-4 AM. Now, Gideon seems to be begging for Lucy to form an alliance with him, and as unwise as that might be it does seem like their only real choice right now.

We should also expect to learn more about Lucy's son Isaac who is really going through it as he has time hopping abilities of his own and can see things that his mother can't. This series is packed full of drama, and this is only the beginning.

The official synopsis reads: "The Devil’s Hour season two sees Lucy (Jessica Raine) and Gideon (Peter Capaldi) forming an uneasy alliance in order to prevent a recurring tragedy and hunt down an elusive monster. Lucy’s double life sees her torn between family and duty as she finds herself in the crosshairs of her past-life husband, DI Ravi Dhillon (Nikesh Patel). Assisting Dhillon in his investigation is DS Sam Boyd (Saffron Hocking) who was mentored by DI Lucy Chambers in a previous life.

"Meanwhile, Isaac (Benjamin Chivers) is discovering new emotions every day and struggling to keep his balance in a reality that rejects his existence. Fresh mysteries unfold as our stories converge on one explosive moment that will change the fate of our characters for the rest of their ever-recurring lives."

Need something to watch until The Devil's Hour returns? Check out our best Prime Video shows feature for plenty of recommendations.

You might also like

• You can watch The Legend of Vox Machina for free on YouTube
• New Apple TV Plus thriller Disclaimer gets an official trailer
• Netflix serves up a thriller feast in new teaser trailer for The Platform 2

Amazon Prime has launched its own take on Shark Tank to give entrepreneurs the chance to get their products featured online.

Hosted by actor and comedian JB Smoove, Buy It Now is designed to feature everyday Americans each pitching their own innovative products in front of a live audience and a panel of investors.

Successful pitchers will secure a spot for their product in the exclusive Buy It Now storefront on Amazon, with one entrepreneur from each episode winning a $20,000 prize.

Amazon Prime to take on Shark Tank, Dragon’s Den

Although the programme uses a similar principle to America’s Shank Tank and Britain’s Dragon Den, it will place a bigger emphasis on the audience, referred to as ‘The 100,’ who will vote on whether they like the product before it goes to a panel of celebrity judges and Amazon execs.

The company has already confirmed panel appearances from Gwyneth Paltrow, Anthony Anderson, Tony Hawk and Tabitha Brown. Execs like Jenny Freshwater, VP of Amazon Fashion & Fitness, and Jamie Siminoff, founder of Ring, will also make an appearance.

Besides being on the bandwagon of a popular show format, Amazon’s move will also draw a closer link between the company’s ecommerce and entertainment businesses by featuring winning products on the dedicated storefront.

Following an initial launch of three episodes on October 30, Buy It Now will stream for a further 13 weeks until January 8.

Amazon has also planned to run a secondary weekly show – This is Small Business: Behind the Buy. The behind-the-scenes episodes will offer insights from winning entrepreneurs and other not-seen-before content.

As consumers battle rising subscription fees globally, Amazon’s efforts to intertwine two of its core businesses and create a do-it-all ecosystem, similar to Musk’s ambitions with X, could bode well for it.

More from TechRadar Pro

• Take your store online with the best ecommerce platforms and best payment gateways
• Amazon CFO says major news events cause big disruption in consumer spending
• We’ve listed the best streaming services

Two weeks ago we reported on a leak that said Sony was about to expand its weird and wonderful LinkBuds range of headphones. And now it's official, and even more interesting than the leak suggested: in addition to two new sets of LinkBuds headphones, there's a LinkBuds speaker too.

The new Linkbuds range features the new LinkBuds Fit (which replaces the Sony LinkBuds S), the new LinkBuds Open (replacing the original Sony LinkBuds), and the new LinkBuds Speaker. They're all keenly priced, with the LinkBuds Fit and LinkBuds Open at $199.99 / £179, and the LinkBuds Speaker at $179.99 / £139. 

All three products are available to order now and will ship during October. Here's what's new.

Sony LinkBuds Fit, LinkBuds Open: key features

(Image credit: Sony)

Both pairs of LinkBuds earbuds come in new colors and a wide range of custom cases and have been made with comfort in mind, with a teardrop shape and a squishy 'supporter' to really hold them in your ear. The LinkBuds Fit have a new eartips too, which are slightly shallower than those in the Sony WF-1000XM5, again improving comfort compared to many of the best wireless earbuds – something we praised the LinkBud S for.

The LinkBuds Open still have an iconic circular design to their driver, so they're closer to the best open-ear headphones, allowing outside sound in naturally. 

As expected, the Fit are water and sweat resistant with an IPX4 rating. The Open earbuds have the same certification – though the cases aren't IP certified.

Sony says that the LinkBuds Fit have Sony's best ambient sound and auto adjustment, with an automatic noise canceling optimizer and a new app to configure it all. There's a new transparency mode that's more like what you get on AirPods Pro 2, where it adjusts exactly how much sound is allowed in depending on the ambient volume. Sony gave us the example of wanting lots of fine sound in if you're out in a quiet park and someone calls your name, compared to needing some control over the sound if you're at a train station.

They also support a new Background Music mode, which changes how music sounds to feel more like a speaker at the back of the room, rather than pumping right into your ears, with the aim of making it easier to concentrate if that's useful. Bluetooth is 5.3 with multi-point and LDAC hi-res audio, plus DSEE upscaling.

(Image credit: Sony)

The LinkBuds Open have the same Bluetooth 5.3 with multi-point, and Sony claims both louder sound and richer bass than before thanks to a new circular driver. Battery life is longer – 8 hours from the buds and 22 hours via the case – and charging is faster than before. They also support Background Music mode, and have DSEE upscaling to improve low-quality streaming music. There's no LDAC support here, though.

Both the LinkBuds Fit and Open also have option silicon covers for their case and buds, meaning that you can add in more colors than they initially come with, and can mix and match tones. The covers cost a little extra: $10 / £10 each for earbuds covers, or $20 / £20 for a case cover.

Sony LinkBuds speaker: key features

(Image credit: Sony)

The LinkBuds Speaker was designed based around data that 70% of younger headphones users have a Bluetooth speaker as well, and many would love to be able to flow from one to the other with no hassle. So the centerpiece here is an auto-switching feature that means your music will move automatically from the speaker to your headphones when you put them on, or will switch back to the speaker when you come home.

This feature will work with the both new LinkBuds models, plus the LinkBuds S, the Sony WF-1000XM5 earbuds, and the Sony WH-1000XM5 over-ears. Sadly, it won't work with the five-star Sony WF-C700N or the brand-new and excellent Sony WF-C510.

The LinkBuds Speaker is small, and comes with a separate charging base and grabbable design with a loop on the back. The speaker is IPX4 splash resistant and promises up to 25 hours of play time with quick charging.

There's a woofer and tweeter facing forward, with a passive radiator on each side to help provide oomph. It'll have a 5-band audio equalizer, adjustable from the app. There's also a built-in microphone so you can use it for calls.

After solidifying its position as TechRadar's #1 best VPN service following a successful new round of testing, NordVPN has just kicked off the post-quantum transition.

The provider has implemented quantum-safe encryption on its WireGuard-based NordLynx protocol for its Linux VPN app. This soft launch will allow Nord's engineering team to gather essential performance data, such as the impact on connection times and speed, said the company. The team expects to roll out post-quantum support across all applications by March 2025 at the latest.

The need for post-quantum VPNs

The era of quantum computers may still be a few years away, but these machines are improving quickly, meaning it's just a matter of time before traditional RSA encryption methods – like those used by VPNs – become obsolete.

This is because quantum computers are expected to process computations, that today's computers can't handle, within minutes. Worse still, cybercriminals are already tailoring their attacks with this in mind.

"Trends show that cybercriminals are intensifying what is known as 'harvest now, decrypt later' attacks. Simply put, they are trying to accumulate huge quantities of encrypted data and decrypt them once quantum technology is developed," said  Marijus Briedis, CTO at NordVPN.

This is exactly why, according to Briedis, the VPN industry must now enter the PQ transition to protect users' data against future quantum computing threats. He said: "With this launch, we start a major transition to new-generation encryption of all our applications providing long-term security for our users." 

(Image credit: Getty Images)

The National Institute of Standards and Technology (NIST) officially released the first three quantum-resistant encryption standards on August 13, 2024, after over a decade of testing more than 80 algorithms and beginning a new era for VPN security in the process.

The team of engineers at NordVPN based their new PQ approach on the NIST's standards. Specifically, they added the ML-KEM algorithm (formerly known as CRYSTALS-Kyber) to the NordLynx protocol. This is the primary standard for cryptographic key exchanges needed to protect the exchange of information across a public network like in the case of VPNs.

Being just the beginning of PQ cryptography, there is the risk these new algorithms may come with security vulnerabilities. This is why, like other providers, Nord opted for a hybrid approach that sees quantum-resistant algorithms working alongside classic encryption methods.    

Explaining how this works in practice, Briedis told me: "Initially, we establish a standard WireGuard session and within this session, we perform a protocol-defined pre-shared key (PSK) exchange using ML-KEM. After the PSK exchange, both client and server use a non-zero-fill 32-byte PSK to add a quantum secure layer to session encryption."

Did you know?

(Image credit: Shutterstock)

A VPN (virtual private network) uses encryption to secure all your internet connections. Put simply, it scrambles all the data leaving your device into an unreadable form to prevent third parties from intercepting the information in transit.

Implementing post-quantum encryption in today's VPN software is anything but easy, though. 

The main challenge is especially to find a balance between security and performance. That's because PQ algorithms typically require much larger key sizes and signatures than traditional ones, which could negatively affect VPN speed and reliability.

This is exactly why, as mentioned earlier, NordVPN has only implemented quantum-safe encryption for its Linux VPN app at the time of writing. Briedis explains the team picked precisely this platform as its users tend to be more tech-savvy and proactive in flagging potential issues or aspects to improve.

"These insights will help us fine-tune the implementation of post-quantum cryptography and guide our future rollout across all platforms," Briedis told me. "By starting with Linux, we’re laying the groundwork for a seamless transition to quantum-resistant encryption methods, ensuring long-term security for all our users."

Wider PQ support is expected to be released in the first months of 2025. 

NordVPN has now joined a small group of providers already offering quantum-safe protections. These include Windscribe, ExpressVPN, PureVPN, and Mullvad, which recently added post-quantum encryption also for iPhones.

I'm not going to mince words: hearing Snoop Dogg on the Dali Epikore 11 was a highlight of High End Munich 2023, for me – and if the company's more recent form, with the cheaper 2024 five-strong Dali Rubikore series is anything to go on, the firm is on a roll.

What we have here, says Dali, is the natural evolution of its Epicon series. The now four-strong Epikore lineup has inherited several innovative technologies from the Dali Kore flagship speaker (see what they did with the naming there?) to create what Dali calls "a truly exceptional musical experience."

Three new models have been released to sit alongside the lovely Epikore 11 4.5-way floorstander: The Epikore 3, a 3-way stand-mount, EPIKORE 7, a 3.5-way floorstander, and EPIKORE 9, a 4-way floorstander. ​

The Epikore series is available in three exclusive finishes – High Gloss Black, High Gloss Walnut, and High Gloss Maroon – and shares several key technologies. These include Dali's EVO-K Hybrid Tweeter module, comprising a 35 mm soft-dome tweeter and a 55 x 10 mm HF planar element; SMC Gen-2 technology for ultra-low distortion; custom-made in-house drivers, and Clarity Cone paper and wood fibre cone structure bass/mid-range drivers.

Dali Epikore: what you need to know

So, let's dig into them!

EPIKORE 3 brings Dali Kore technology (not to be confused with core technology – Dali means tech specific to its flagship Kore range) to a compact stand-mount design. And that means smaller listening spaces – and slightly smaller budgets (hurrah!). Its 3-way architecture combines a low-loss, 7-inch bass/midrange driver with the unique Dali Evo-K Hybrid Tweeter module. A curved, real-wood veneer stand-mount cabinet completes the Epikore 3 package to create an exceptional visual and musical experience.

Dali has also developed an optional stand for the Epikore 3 – you don't have to have it, but I'd like it…

EPIKORE 7 is a compact floorstander for slightly larger rooms. Its 3½-way format combines two "muscular" low-loss 7-inch DALI bass/midrange drivers with the unique Dali Evo-K Hybrid Tweeter module.

EPIKORE 9 is a 4-way floorstander for large listening spaces. It combines two, low-loss SMC Gen-2 8-inch woofers, a low-loss SMC Gen-2 6½-inch Clarity Cone Technology midrange driver, and, of course, that unique Dali Evo-K Hybrid Tweeter module to create remarkable wide-bandwidth, low-distortion music.

The Dali Epikore 3 is available from October 1st, priced £9,999 / €9,999 (so around $13,320 / AU$19,279).

The Dali Epikore 3 optional stands are available from October 1st, priced £1,999 / €1,999 (or approximately $2,663 or AU$3,854).

The Dali Epikore 7 is available from October 1st, priced £19,999 / €19,000 (which is around $26,642 or AU$38,559).

The Dali Epikore 9 is available from October 1st, priced £29,999/ €29,999 (so around $39,964 or AU$57,839).

Are they set to become of the best stereo speakers we've had the pleasure of testing? Time will tell – but initially at least, the Epikore 3 looks incredibly tempting…

You may also like

• KEF's leveled-up speaker range now includes MAT – and yes, we are going to tell you what that is
• Jumpin' Jack Splash! The Rolling Stones just launched a range of Bluetooth speakers
• Kanto Audio's Ren isn't skimpy when it comes to wireless stereo speaker features

Rackspace has reportedly suffered a supply chain attack that resulted in some internal monitoring information belonging to its clients being accessed.

Apparently, Rackspace used its own servers to host a monitoring dashboard, built by ScienceLogic, for its customers. ScienceLogic is an IT operations management platform that provides real-time monitoring, automation, and analytics for hybrid IT environments. Bundled with this monitoring dashboard came a piece of software (which ScienceLogic does not want to identify at this time) that contained a zero-day vulnerability.

"We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package, for which no CVE has been issued," a spokesperson for ScienceLogic told The Register.

Notifying the users

As it turns out, threat actors found out about this zero-day, and used it to gain access to Rackspace’s servers. There, they grabbed some internal monitoring information belonging to the company’s clients.

The Register also obtained a copy of a letter the company sent to affected customers. In it, Rackspace says that the internal monitoring information included customer account names and numbers, customer usernames, Rackspace internally generated device IDs, names and device information, device IP address, and AES256-encrypted Rackspace internal device agent credentials.

As soon as the company discovered the intrusion, it temporarily shut down its monitoring dashboard for its customers. ScienceLogic came back with a patch, and the vulnerability was fixed. Other than that, there was no additional impact. Customer performance monitoring was left untouched, and no other customer services were disrupted, it was said.

Consequently, customers need not take any action at this time. Still, Rackspace says that “in an abundance of caution”, users should rotate the Rackspace internal device agent credentials. Besides Rackspace, ScielceLogic also notified the customers of the incident.

More from TechRadar Pro

• Rackspace confirms "security incident" across some of its servers
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

Nineteen platforms used by courts and governments in the United States carried critical vulnerabilities that allowed threat actors to tamper with the stored information.

This means highly sensitive information, such as voter data, medical information, and similar, was available for anyone with even rudimentary coding skills, who could have added, changed, or completely removed, the information stored in these platforms.

The warning comes from software developer and cybersecurity researcher Jason Parker, who recently analyzed the platforms used by hundreds of courts, government agencies, police departments, and other critical public organizations, and in an in-depth analysis posted on his blog, noted the platforms failed “at the most fundamental level of cybersecurity.”

No evidence of abuse

The 19 platforms that carried critical vulnerabilities are Inmate Management, Court Case Management Plus, CMS360, CaseLook, eFiling, GovQA, EZ-Filing (v3 and v4), Officer Profile Portal, C-Track, GovQA, Voter Cancellation, and a handful of in-house built platforms. The majority of the flaws revolve around weak permission controls, it was said. Other notable mentions include poor user input validation processes, and flawed authentication processes.

“If a voter’s registration can be canceled with little effort and confidential legal filings can be accessed by unauthorized users, what does it mean for the integrity of these systems?" Parker questioned.

The silver lining here is that there is no evidence of these flaws being exploited in the wild. Still, vendors need to step up and fix the bugs immediately, something customers should demand, as well, Parker stressed. Vendors should also actively engage in pentesting, software audits, employee training, and more. Multi-factor authentication (MFA) should be omnipresent in these platforms, he believes.

“This series of disclosures is a wake-up call to all organizations that manage sensitive public data,” Parker wrote. “If they fail to act quickly, the consequences could be devastating—not just for the institutions themselves but for the individuals whose privacy they are sworn to protect.”

Via Ars Technica

More from TechRadar Pro

• Largest US trial court forced to shut down following ransomware attack
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now