Error message

  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /home/cay45lq1/public_html/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /home/cay45lq1/public_html/includes/menu.inc).

TechRadar News

New forum topics

Subscribe to TechRadar News feed
Updated: 14 hours 20 min ago

ChatGPT o1-preview can solve riddles faster than me and I kind of hate it for it

Fri, 09/13/2024 - 14:00

When OpenAI released the much-hyped Strawberry model for ChatGPT this week, it boasted of its prowess with complex logic like software coding, gene sequencing, and quantum physics in a series of videos. I take the company at its word that the models, called o1-preview and o1-mini on ChatGPT, are capable of what they claim. Cracking advanced equations and exploring genomes seems like something it would have no problem doing. 

But, as a proud member of my middle school's logic and riddle club, I wanted to know how it did on my turf, solving and making puzzles and riddles. And then I thought I should ask the uber-logical AI for advice on other, more day-to-day issues. Could it offer sound relationship advice, tell me what a weird noise in a car meant, and perhaps even fill in plot holes in movies?

(Image credit: Screenshot / Eric Hal Schwartz )

(Image credit: Screenshot Eric Hal Schwartz) Logic yes humor no

The short answer is yes. The o1-preview and mini models are really good at solving simple and complex riddles. I played around with both, and the only real difference was how many extra steps and, therefore, the speed of the mini. But, while they may be slower than GPT-4o, they are very fast at solving those riddles compared to a human. Notably, you can actually see how it lays out the answers in different steps. I tested it on a couple of my favorites, including one from The Hobbit. The AI’s logic made sense, though it was sometimes ungrammatical, as when it explained weighing Mike the butcher.

Ok, so it could handle existing riddles, but could it make a new one? As a test, I asked it to come up with a fun riddle based on an answer I made up. After 30 seconds and the logical reasoning seen below, it came up with: “What has eight legs, four ears, two tails, and loves to bark?” I won’t keep you in suspense; I suggested “two dogs” as the answer to work back from. Several other attempts brought the same kind of question. So, riddle writers are probably safe at their jobs. It’s impressive how well the AI gets what it is supposed to do, but the model doesn’t seem able to make the leap to actual humor. 

(Image credit: Screenshot / Eric Hal Schwartz)

(Image credit: Screenshot / Eric Hal Schwartz) Useful advice, but not always creative

I decided to bring the AI out of pure logic and see if it could handle more mundane life questions as well as it handles quantum physics. I started with a mechanical question about what it means to hear a popping noise every 20 seconds while driving a car and how to fix it. The answers were good, with advice about checking the tires, engine, muffler, and brakes. The fixes were mostly about bringing in the car for repair, except for the tires, which it suggested how to replace. It’s the ‘thinking’ behind the answers that was interesting. The AI uses first-person pronouns in coming up with answers, like “I’m working through various reasons for a popping noise while driving” and “I’m piecing together causes of engine misfires, like faulty spark plugs or fuel delivery problems, and suggesting diagnostics with a scan.” It sounded a lot like an actual person trying to be logical while thinking aloud.

I finally went to what, for me, was always way more complex than quantum physics: flirting. I asked how to tell when someone is flirting and how to respond. The answer was a pretty solid, if dull, list of behaviors like if they ask a lot of questions and how I should be myself. The behind-the-scenes thinking part was both more interesting and genuinely funnier than any of the AI’s attempts at riddles. The headers included “Understanding flirting dynamics,” “Spotting interest signals,” and “Recognizing playful intimacy.” They were like a Star Trek android’s speech about love. 

One part was slightly worrisome, though. Under “Outlining user directives,” the AI wrote, “I’m clearing out disallowed content like non-consensual sexual acts and personal data. Violent content is allowed, harassment with context is okay, and personal opinions are absent.” I suspect that it’s more about where the guardrails of discussion are, as it didn’t suggest “harassment with context” as a flirting tip, but it still took me by surprise.

ChatGPT o1-preview and o1-mini don’t have all the bells and whistles of the more complete models. No image uploads, document analysis, or even web browsing can be done with them. But, they are fast and logical, and if you don’t think so, they have their reasoning laid out along with their answers. But, while they might be able to solve riddles of car noises, love, and the weight of a butcher, I’d say they aren’t going to stump anyone if they have to be inventive.

You might also like...
Categories: Technology

Youtube's pesky new pause screen ads are its latest attempt to push you to Premium

Fri, 09/13/2024 - 14:00

We've been reporting on YouTube's increasingly annoying ads for a long time now: the plans for unskippable TV ads from early last year, followed by the arrival of longer ads on smart TVs last December, and so on. And now the streamer has found a new way to really push those YouTube Premium subscriptions – it's going to make YouTube a bit more irritating.

The changes were announced earlier this year but they're rolling out now. If you're not a Premium subscriber, you'll soon start to see ads whenever you pause a YouTube video on your TV. As 9to5Google reports, it appears to be a limited rollout so far: the only advertiser that appears to be showing up is Dunkin Donuts. 

Instead of keeping your video fullscreen when you pause, YouTube now makes your video smaller and puts an advert beside it on the right of the screen with a "dismiss" button below it. 

There is some good news: these ads so far appear to be static, not video. But when you're talking about YouTube adding ad formats there tends to be an unspoken 'yet': they're not video ads... yet; they're not fullscreen... yet; YouTube isn't sneaking into your apartment, kidnapping your pets and demanding you subscribe to YouTube Premium if you want them back... yet. 

As one Redditor said about the Google screenshot, "look at all that empty space on the screen where more ads can be placed".

Time to skip YouTube?

(Image credit: Future)

Using smart TVs these days does feel rather like the urban legend of boiling a frog, with us as the frogs and ads as the water. My smart TV experience has gone from being largely ad-free to increasingly intrusive, even on services I pay for. 

I don't currently pay for YouTube on my TV, and it's already reached the point where the amount of ads means that, for me at least, it's bordering on unusable. 

I idly started watching a live concert the other evening and it didn't even manage to play one full song before interrupting with advertising. I'm sure that for some people, more ads will indeed push them towards a Premium sub (which currently costs $13.99 / £12 / AU$16.99 a month).

But for me, it just makes me less likely to watch anything at all, and drives me from my smart TV's built-in apps towards something more viewer-friendly – like the best streaming services, or even some of the best free streaming services that don't have an excessive number of ads that pop up unpredictably.

You might also like...
Categories: Technology

Ransomware attacks are soaring to a new high

Fri, 09/13/2024 - 13:48

New analysis from Symantec has revealed a significant increase in the number of ransomware attacks in the second quarter of 2024.

The company's figures claimed criminal groups claimed 1,310 attacks during the period, a 36% increase from the previous quarter, and close to the all-time high of 1,488 attacks recorded in Q3 2023.

“The sharp increase in attacks in the second quarter of this year suggests that momentum is once again with attackers,” the report states. “While high-profile ransomware operations such as Noberus shut down, the pool of skilled affiliates appears to be undisturbed and many appear to simply migrate to alternative franchises.“

A new wave - with some old names

Symantec's report suggests the disruption of Lockbit, the largest ransomware as a service (RaaS) provider earlier this year, led to a dramatic decrease in ransomware attacks for the first quarter of 2024, but the latest reports show cyber criminals have bounced back. Lockbit operations in Q2 2024 accounted for 353 attacks, the highest level detected to date.

New groups like Qilin proved to be more prolific in the wake of the Lockbit takedown, claiming 97 attacks in Q2 of 2024, which was a rise of 47%. The Ransomhub group tripled its attacks from Q1 to Q2, proving perhaps that the Lockbit disruption simply diversified the landscape rather than cripple any operations.

Ransomware payments have become more expensive in recent years too, with the average demand hitting $1.5 million. As cybersecurity inevitably becomes more central to organizations, understanding and mitigating the risks of ransomware is crucial for any business.

More from TechRadar Pro
Categories: Technology

Max is adding two very different A24 movies in October and you shouldn't miss either of them

Fri, 09/13/2024 - 11:34

In my opinion, A24 is by far the most exciting production company around right now. Fewer things get me more excited than seeing their logo before a trailer, often stylized to fit the theme of whatever weird, wonderful, or downright heartwarming movie they've worked on. So naturally, I'm thrilled two more A24 movies are coming to Max for streaming.

Some of the best Max movies were made by A24 thanks to one of the best streaming services striking a deal with the indie powerhouse last year – and its catalog is about to get even bigger when two new movies arrive just in time for the spookiest time of year. Get excited, because both Tuesday and MaXXXine will be here before you know it. 

Here's everything you need to know about October's exciting new arrivals on Max.

When are MaXXXine and Tuesday available to stream?

I will not accept a life without @A24. #CivilWarMovie is now streaming. More A24 films are coming soon exclusively to Max including #ISawTheTVGlow, #Tuesday, and #MaXXXine. #MaxGetsMovies pic.twitter.com/47tk4bA6KNSeptember 13, 2024

Alongside other titles such as Civil War and I Saw the TV Glow (my favorite horror of the year, FYI), Tuesday and MaXXXine join the line-up on October 11 and October 18, respectively. 

Ti West's anticipated new movie MaXXXine completes his unholy trinity, with the always brilliant Mia Goth in the titular role. Meanwhile, in Tuesday, Julia Louis-Dreyfus and Lola Petticrew shine as a mother and daughter who are guided by Death, who takes the form of a macaw. So you've got two very different movies here, but both are absolutely worth your time.

MaXXXine is just one of the A24 movies I was excited to watch this year, and there's plenty more around the corner, so this year should be another successful one for the production company.  

You might also like
Categories: Technology

Hacker claims to have stolen 20GB data hoard from Capgemini, and is threatening to leak it all

Fri, 09/13/2024 - 10:23

A cybercriminal claims to have stolen 20 gigabytes of sensitive data from the French tech and consulting giant, Capgemini - but the company is refusing to comment so far

The hacker, alias “grep”, posted a new thread on the popular dark web forum, BreachForums, in which they detailed their loot, which allegedly included databases, source code, private keys, credentials, API keys, projects, employee data (including names, email addresses, usernames, and password hashes). The archive also contains backups, and Capgemini clients’ internal configuration details for cloud infrastructure.

"They had more data but I decided to exfiltrate only big files, company confidential, Terraform, and many more," grep wrote in the thread. The crook shared a few samples as well, which included alleged T-Mobile virtual machine logs.

No word from Capgemini yet

If this truly is the case, and the files are confirmed legitimate, then this data breach could hurt Capgemini quite a lot.

However so far the organization is silent, and has yet to confirm, or deny, the hacker’s claims. The company’s website has no statements, and neither do its X or LinkedIn pages. TechRadar Pro has reached out to Capgemini for comment and will update the article if we hear back.

Capgemini provides a range of services including IT consulting, managed services, and software development, helping businesses adopt new technologies to improve efficiency, operarating in over 50 countries and serves clients across various industries, such as finance, healthcare, and manufacturing.

Last year, it generated more than $24 billion in revenue, and this year it won a UK government contract worth up to $750 million. Under the deal, the company will run His Majesty’s Revenue and Customs’ legacy tax management systems until 2029.

Via The Register

More from TechRadar Pro
Categories: Technology

Windows 11's latest major update isn't even out yet for most users, but it's already causing problems

Fri, 09/13/2024 - 09:27

Many of us are still waiting for the rollout of Windows 11’s annual major update, version 24H2, which is already available for new Copilot+ PC devices, and with it, Microsoft has introduced smaller “checkpoint cumulative updates” or (‘differential updates’) intended to make monthly updates smaller and faster by only downloading the files your computer is missing - and it looks like it could already be causing problems. 

Basically, your PC will grab only the new or changed parts of freshly released updates instead of downloading the whole update every time. 

These updates will begin with the September 2024 checkpoint update, KB5043080, which is now available for Copilot+ PCs. Copilot+ PCs are Microsoft’s new generation of Windows 11 computers which are designed to leverage advanced AI capabilities (most of which are still in the pipeline).

(Image credit: Shutterstock/Mojahid Mottakin) A bump in the Windows Update road

Unfortunately, it appears that Microsoft’s efforts are looking a little wobbly, as after installing update KB5043080, some users are reporting issues. 

According to Windows Latest, users have taken to Microsoft’s Windows Insider Feedback Hub to express their frustrations, with one user detailing how their update installation would stall at a certain percentage and then begin a rollback procedure. Some users have been met with an ‘Operation not supported’ error, and while Microsoft hasn’t responded to users’ claims about failure to install KB5043080, it has put out a support document about potential issues that users might run into if they’ve installed the recent September 2024 Patch Tuesday update. 

It looks like the issue is primarily affecting people using PCs with certain Intel or AMD chips, and users who choose to install the update manually (through the Windows Insider Program or with installation files from the Microsoft Update Catalog). 

I imagine Microsoft will acknowledge this issue and release a fix soon enough, but in the meantime, you’ll have to resolve this manually if you’re affected by downloading and reinstalling update KB5043080 or newer.

You’ll be able to do this by finding update KB5043080 in the Microsoft Update Catalog. I would point you to Windows Latest’s advice on how to make sure you download and install the correct version for your PC (based on the kind of hardware it has). You’ll have to carefully follow those instructions step-by-step or by utilizing a special command line Windows tool. 

I hope to see Microsoft issue an automatically available fix soon and that the rest of the rollout of 24H2 goes more smoothly. Many of us are still waiting for the update to come to our non-Copilot+ PC devices, and Microsoft doesn't have the best reputation when it comes to problem-free releases of major Windows 11 updates. Here’s hoping that Microsoft continues ironing out issues as they come up so that the transition to Windows 11 24H2 is as painless as possible. 

YOU MIGHT ALSO LIKE...
Categories: Technology

The alarming gap between perception and reality in the corner office

Fri, 09/13/2024 - 09:17

New research reveals a staggering 81% of C-suite leaders feel confident in their cybersecurity defenses. That confidence has resulted in only 5% of leaders allocating additional budget to their cyber programs in the past 12 months.

The harsh reality paints a different picture—over 1 billion records were stolen in the first half of 2024 alone. While the C-suite feels protected, the talent on the front line is more attuned to the actual threat, with only 66% of managers saying they were confident in their organization’s cyber posture.

This alarming disconnect between perceived and actual cybersecurity readiness poses significant risks to organizations.

C-Suite overconfidence: A dangerous misstep

42% of C-suite executives believe their teams could recognize and respond to a cyberattack in 3 days or less. However, only 18% of frontline managers share this optimism. Similarly, 33% of C-suite said the frequency of cyberattacks against their business has increased in the past 12 months. Frontline managers’ report significantly higher figures, with 55% saying attacks against their organization have increased in frequency. This disparity highlights a critical gap in the C-suite’s understanding of the threat landscape their organizations and managers face.

This overconfidence is concerning, especially considering the growing sophistication of hackers. 55% of companies believe that modern cybercriminals are more advanced than their internal teams. This gap will continue to grow until the corner office comes to grip with their true cybersecurity posture and takes steps to mitigate their risk.

The factors contributing to C-Suite overconfidence

A significant factor contributing to this disconnect is a lack of transparency and trust within organizations. 58% of frontline managers are underreporting cyber incidents out of fear of losing their jobs. What's even more concerning is that, in contrast, only 12% of C-suite respondents claim to underreporting at their organizations—a drastic disconnect.

There are multiple levels to this problem, starting with capacity and fear. Understaffed teams and a lack of technology put a significant strain on front line managers to both establish security parameters and to sort through the potential attack vectors. With the cost of a data breach surging 10% in 2024 to $4.88M on average, the pressure is felt everywhere. Many fear they will be fired when breaches become public.

Cyber alert fatigue also plays a role. Excessive information and false positives are overwhelming security teams, leading to dangerous delays in response times. 63% of cyber teams spend over 4 hours a week dealing with false positives—a vulnerability underestimated by 64% of C-suite respondents.

The disconnect between C-suite executives and managers is not just a minor oversight; it’s a critical flaw in how companies approach cybersecurity. The constant sifting through of alerts and risks has made teams unable to identify genuine threats, resulting in human error, burnout, and in some cases, ignored alerts. In fact, 33% of companies admit to being delayed in responding to cyberattacks because they were dealing with false positives.

This lack of transparency from the C-suite to frontline managers has dire consequences. If incidents are not reported or properly communicated, the C-suite is left in the dark and can’t act. That is why 74% of the C-suite reports their cyber posture is mature compared with 29% of managers.

Bridging the confidence gap

To close the gap between perceived and actual cyber readiness, C-Suite leaders must:

1. Challenge their cybersecurity posture perspective: C-suite leaders must reassess their organization’s actual preparedness for the myriad of new cyber risks emerging every day. This requires a critical look at the tools and processes currently in place and a willingness to make necessary adjustments.

2. Listen and communicate: The disconnect between the C-suite and frontline managers is one of the most significant barriers to effective cybersecurity. By engaging with frontline managers and understanding their day-to-day cyber experiences and priorities, and the resources they need to be effective, C-suite leaders can gain a more accurate picture of their organization’s cybersecurity standing.

3. Prioritize technology that supports teams: Technology should enable cybersecurity teams, not hinder them. Investing in tools that alleviate the talent shortage, provide resources, and reduce cyber alert fatigue is essential. If teams aren’t supported, they can’t do their job effectively.

4. Foster a culture of transparency: Create an environment where employees feel safe reporting cyber incidents without fear of reprisal. It’s impossible to fix what you don’t know, and underreporting only compounds the problem.

Defending your organization against cyberattacks is not easy. And when your executives and team aren’t on the same page, it’s nearly impossible. Closing this gap is an essential step to protect against the ever-evolving threats in today’s cyber landscape.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Categories: Technology

VPN usage won't be banned under Malaysia's new DNS filtering plan

Fri, 09/13/2024 - 09:14

Whether you live in or plan to visit Malaysia anytime soon, you may soon access a very different internet from the rest of the world unless you're using one of the best VPN apps.

As part of an effort to enhance digital security, the government revealed, at the end of July, plans to build an internet kill switch to block harmful online content such as gambling, pornography, copyright infringements, and other illegal activities. Circumvention tools, however, can still be used to bypass potential blocks as Malaysia's telecom regulator made it clear it has no intentions of blocking VPNs.

Last week, September 7, local internet service providers (ISP) got the order to redirect all DNS queries sent to alternative DNS providers back to their own servers starting from September 30. The move attracted harsh criticism, with commentators warning against government-imposed censorship.

The backlash was so strong that, only a day after the announcement, Malaysia's Minister of Communications Fahmi Fadzil tweeted about the decision to suspend the plan – for now.

The VPN loophole

"The Malaysian authorities might have sent the decision for review, but they are not back to the drawing board. The idea is still very much on the table, and there is a good chance that it will be implemented. If not next week, then sometime this year," said Andrey Meshkov, CTO at AdGuard.

What Malaysia's government seeks to change is how ISPs manage DNS queries and servers – de facto granting them more power to control the processes. As the MCMC explained in its FAQ: "DNS redirection is the process of redirecting users' internet request to specific DNS servers, in this case, the ISP's local DNS."

While you can think of an IP address as your device's home address, the Domain Name System (DNS) acts as the internet's virtual telephone book. Every time you initiate a web query, it's the DNS that translates domain names into IP addresses so that your web browser can access websites and other internet resources.

Did you know?

NordVPN is TechRadar's favorite VPN service right now and offers easy-to-use apps, bulletproof security, loads of advanced features, and some of the fastest connection speeds we've ever recorded. It can be yours starting from as little as $3.09 per month. Check out our full review and try it out risk-free with a 30-day money-back guarantee.

As we mentioned earlier, even if the order is enforced, you will still be able to use a reliable VPN service to keep accessing the uncensored web.

This is because a VPN (virtual private network) is security software that encrypts your internet connections to make sure snoopers cannot access your data in transit. At the same time, it also spoofs your IP address to trick your ISP into thinking you're browsing from a completely different country.

The VPN encryption ensures that your ISP cannot see any of your data – DNS queries included. The only thing the ISP can see is that you're using a VPN and the servers you're connected to. The VPN's own DNS server will handle your DNS queries directly, too. Put simply, using a VPN would undermine the effectiveness of the DNS redirection order.

"By not targeting VPNs, the Malaysian government will be creating a loophole for accessing blocked content," said Meshkov, while adding that the order is still concerning for user privacy and security. "It could give ISPs and the government unfettered access to the list of domain names (like google.com or dailymail.com or pornhub.com) that the user has visited," he added.

Asked about the prospect of Malaysia eventually issuing a ban against VPNs, Meshkov believes it's unlikely to happen considering the country ranks high in terms of democratic freedoms.

"That said, we don't completely rule out the possibility. But even in that case, as the examples of Iran, China, and Russia have shown, VPN providers have found ways to continue operating in those countries," he told me.

Why is Malaysia's DNS policy controversial?

While the MCMC ensures that only access to illegal or harmful websites will be blocked, it's not difficult to envisage how the provision could be abused and misused over time.

For Andrey Meshkov, CTO at AdGuard, such an order is not compatible with the idea of a free web nor people's right to freely choose the service they want to use. 

"It's our firm belief that it’s up to the individual user to decide which content they want to consume and which content they want to block," he said. "For instance, free public DNS services like AdGuard DNS offer non-filtering, ad-blocking, and family protection modes to help users manage their online experience. The user should have the agency, and not the service provider."

This policy is ill-advised and should be rolled back. 1. It IS censorship.2. It is inefficient and opens up further cybersecurity risks (e.g. DNS poisoning)3. It's counterproductive towards the govt push for tech startups, innovation and data centres. https://t.co/FFmW9J1oVYSeptember 7, 2024

As The Register reported, other commentators were especially critical of censorship grounds and government overreach. Musician turned state legislator Syed Ahmad Syed Abdul Rahman Alhadad, for example, deemed the decision "draconian" and warned against potential negative effects on the country's digital economy. 

Similarly, Malaysian politician Lim Yi Wei defined (see tweet above) the "ill-advised" policy as censorship that could open up cybersecurity risks.  

However, Meshkov from AdGuard believes the internet freedoms of Malaysian citizens and visitors aren't the only ones on the line here. Other countries could follow suit Malaysia's example and implement a similar filtering system.  

He said: "Such policies could give pointers to other countries, especially those with little regard for democratic freedoms, setting a potentially dangerous precedent. The community must unite against these threats to the free web and make its disapproval clear. It might be Malaysia now, but your country could be next."

Categories: Technology

The anatomy of API security in 2024

Fri, 09/13/2024 - 09:07

APIs are the connective tissues of modern digital companies. So much of the applications, software and IT infrastructure we use every day are built on what came before – and APIs (Application Programming Interfaces) allow developers to quickly connect to and use existing data, code, and systems. It has sped up software development cycles, improved compatibility and boosted the functionality and features available to users. A huge amount of innovation, revenue generation and user convenience has come about as a result of these clever pieces of software connective tissue.

But the links that APIs provide to sensitive data and application business logic can also be exploited, providing useful entryways in for threat actors to compromise and breach data, hijack application operations. So many APIs are now in use across the Web, with APIs constituting over 71% of web traffic in 2023, according to Imperva’s State of API Security in 2024 report. Threat actors are keenly aware of the opportunity that poorly secured APIs pose in enabling access to sensitive data.

Almost half (46%) of all Account Takeover (ATO) attacks, for example, were aimed at API endpoints in 2023. Another growing threat is that posed by ‘bad bots’, automated traffic that impersonates normal API traffic to exploit the functionality of APIs to exfiltrate sensitive data. All this points to the importance of businesses to get a firmer grasp on the APIs they’re using every day, as well as the permissions and access they have.

Top API security challenges

Like so many other areas of a typical IT estate, a big challenge faced by security administrators around API security is visibility. They might have been created quickly by the developers to help meet a tight deadline and forgotten about – or are no longer in active use. Developers will have visibility of what they’ve used, but security administrators outside of those circles often do not share that visibility. An individual piece of software might have hundreds of different APIs in play, some in use, some not – and these unknown or ‘shadow’ APIs within an organization can be hard to detect.

Flaws within how an API works can make it vulnerable to exploitation, with this risk being particularly challenging to detect because conventional security alerts won’t be triggered by ostensibly ‘normal’ API activity. One way of regaining control here is by using tokens assigned to trusted identities to help manage access, or by placing quotas on how often a particular API can be called, and tracking its use over time. Establishing rules around throttling can help protect APIs from being used excessively.

Access to talent is another significant factor when it comes to API security. According to the Postman 2023 State of the API Report, 38% of developers have less than two years of experience developing APIs. Software developers aren’t necessarily incentivized to prioritize security when working to tight deadlines and delivery dates. Alongside ongoing programs to find and recruit skilled professionals, businesses may find turning to an automated API security solution can help bridge the gap between the scale of the challenge, and the lack of institutional knowledge.

Towards a more secure API estate

The best first step is to prioritize discovering, categorizing, and keeping an inventory of all APIs, endpoints, parameters, and payloads. Software can help here to scan a given organizations' ecosystem – as well as automatically categorizing APIs that are handling Personally Identifiable Information (PII) or Protected Health Information (PHI). Alongside tools to assist with this auditing and categorization, organizations should also consider using API Gateways to route future API calls more effectively. These can also help organizations meter and manage API consumption rates – but must be used alongside a Web Application Firewall to ensure full security of all API endpoints.

As threats from malicious bot traffic and business logic abuse continues to grow, IT leaders must also look at their APIs as a potential threat vector for their organizations – and proactively secure them. By looking at the bigger picture, and integrating elements such as such as a Web Application Firewall (WAF), API Protection, DDoS prevention, and Bot Protection in combination, organizations can better protect data and enhance their resilience.

We've featured the best firewall software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Categories: Technology

Oracle servers targeted by new Linux malware to steal passwords, crypto

Fri, 09/13/2024 - 09:07

Criminals have been spotted abusing poorly-defended Oracle WebLogic servers to mine cryptocurrency, build a DDoS botnet, and more.

Cybersecurity researchers Aqua saw several attacks in the wild, and decided to run a honeypot. They then saw a threat actor break through the weak password that was set up, and proceed to install a piece of malware called Hadooken.

This malware, used in “a few dozen” attacks over the past couple of weeks, comes with two key functionalities - cryptocurrency mining, and a distributed denial of service (DDoS) botnet. Furthermore, the malware grants the attackers full control over the compromised endpoint.

Hadooken

Oracle WebLogic is a Java-based application server that enables the development, deployment, and management of enterprise-level applications.

A robust, scalable platform for distributed applications, many firms use it for web services, portals, and database connectivity. It is usually used to run large-scale, mission-critical applications in finance, telecommunications, and e-commerce. With all of its popularity, WebLogic is also a major target for cybercriminals since, as The Register reports, it “includes various vulnerabilities.”

So far, the researchers saw the hackers use Hadooken to mine crypto, while other functionalities are yet to be used. It was also said that Hadooken has traces of ransomware functionality. “It could be the threat actor will introduce this attack to a Linux ransomware as well, or it is already introduced if the malware runs on the system longer than a sandbox execution,” they said.

Tracing the IP addresses of the Hadooken malware, the researchers came to two IP addresses, one of which belongs to a UK hosting company, but is registered in Germany. “In the past this IP address was linked to TeamTNT and Gang 8220, but this weak link cannot attribute this attack to any of these threat actors,” the researchers said. The second IP address is registered in Russia, under the same hosting company. It is currently inactive.

Via The Register

More from TechRadar Pro
Categories: Technology

7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (September 13)

Fri, 09/13/2024 - 09:00

We have officially entered fall/autumn in the northern hemisphere – so, unless you're about enjoy some pleasant spring sunshine below the equator, we imagine you're preparing to spend plenty of nights indoors as cooler weather takes hold.

You won't spend such occasions twiddling your thumbs, however, because the world's best streaming services plan to bring you plenty of movie and TV-based content to consume. There's lots to enjoy this weekend, too – so much so that we had a hard time deciding what seven new movies and TV series to include in this edition's round-up. We think we've done a good job of catering to all kinds of viewers, though, so read on to see what's worth watching right now.

Emily in Paris season 4 part 2 (Netflix)

Emily in Paris returned to Netflix in August with the first part of its long-awaited fourth season, and it saw American marketing executive Emily Cooper (Lily Collins) trying to balance her complicated personal and professional life at a marketing agency in Paris. Now, she's saying 'au revoir!' to the City of Love to swap the titular city for Rome in Emily in Paris season 4 part 2. 

While it's not one of the best Netflix shows, I'm looking forward to seeing more amusing yet cheesy lost-in-translation moments for Emily in a different setting, as well as more drama when another new love interest comes on the scene in the form of an Italian heartthrob – watch out, Gabriel! 

Want more rom-com drama action like Emily in Paris season 4 part 2 after you've streamed it? Check out these three similar drama series with over 80% on Rotten Tomatoes.

Grace Morris, entertainment writer

Star Wars: Rebuild the Galaxy (Disney Plus)

It's been nearly 25 years – yes, I was as shocked as you are when I found that out – since the first Lego Star Wars set was released. It's fitting, then, that the Danish toy manufacturer and Lucasfilm's legendary sci-fi franchise have teamed up again to deliver another family-friendly, Lego-based adventure to enjoy in that famous galaxy far, far away.

A *ahem* 'four piece' miniseries, Star Wars: Rebuild the Galaxy stars Sig Greebling (voiced by Stranger Things' Gatan Matarazzo), an unassuming nerf-herder who uncovers a powerful artefact when he stumbles upon a Jedi Temple. Long story short: activating this object completely alters the Star Wars timeline as we know it. Cue Sig embarking on a galaxy-spanning adventure where the good guys are bad, the bad guys are good, and the galaxy needs to be reassembled from the ground up.

I'm still forlornly looking out of my window for Andor season 2 to be released on Disney Plus, but Rebuild the Galaxy – coupled with forthcoming live-action show Star Wars: Skeleton Crew – should have enough to tide me over until one of the best Disney Plus shows returns sometime in 2025.

Tom Power, senior entertainment reporter

Civil War (Max)

Strap in because this is a Max road trip like no other. I've been wanting to re-watch Civil War ever since I first saw it in the cinemas and, while those in the UK and Australia can rent or buy it, the US is finally able to stream it on Max. Out of everything that's new this week, Alex Garland's (one of my all-time favorite directors) Civil War is our big blockbuster pick that'll have your heart pumping and your head racing. 

From the moment we meet renowned war photographer Lee (Kirsten Dunst), you know you'll want to see her story out until the end. Indeed, in one of September's many new Max movies, she begrudgingly agrees to take a budding photojournalist on a road trip to DC to try to capture a group of rebels planning to storm the White House (yes, this does hit close to home). 

It's a story of succession and an unbiased view of the polarising political landscape in America that opens and closes with a bang, but its best part are the photographs throughout. The black and white stills shot on the best camera for pros, the Sony a7RV, are phenomenal and still haunt me. The DJI Ronin 4D was also used to give it an incredibly raw look and feel that's testament to the cinematography skills of the extremely talented Rob Hardy. You can absolutely count on us adding Civil War to our best Max movies list.    

Amelia Schwanke, senior entertainment editor 

The Circle season 7 (Netflix)

I love Catfish and messy competition shows, so The Circle season 7 is a welcome new arrival. There's something fun about watching people lie to each other and try to cheat their way to money, which is possibly why The Traitors has also been an international success. And, in the digital age, it's just as interesting watching people create a social media profile from scratch, choosing whether to be yourself or someone else entirely.

Unlike other popular shows like Big Brother, contestants live in the same apartment complex but never meet, communicating exclusively via profiles instead. They're able to rate each other and send messages, but there can only be one winner in this strangely addicting popularity contest.

Lucy Buglass, senior entertainment writer

The Grand Tour: One for the Road (Prime Video)

All good things must come to an end and, honestly, after 22 years of working together, seeing Jeremy Clarkson, James May, and Richard Hammond embark on one final roadtrip feels bittersweet. I remember watching the trio on Top Gear back in the day and, despite jumping ship to Prime Video years prior for a newly named but similar styled car-based series, nothing’s changed. They’re still pranking each other, being hilariously British and, more importantly, filled with a passion for all things motoring. I’m not even an enthusiast, but I grew up in a house of petrolheads, so it was inevitable that I’d have a soft spot for a programme like this, even if it's not one of the best Prime Video shows.

In their final adventure, they drive their dream cars on a trip through Zimbabwe. You can expect some crazy challenges ahead and maybe even shed a tear, if the surprisingly heartfelt trailer is anything to go by.

Lucy Buglass, senior entertainment writer

Uglies (Netflix)

Based on the novel of the same name by Scott Westerfeld, one of September's new Netflix movies Uglies is set in a futuristic dystopian society where perfection is everything. Joey King plays Tally, a teen awaiting mandatory cosmetic surgery who goes on a journey to find her missing friend.

Dystopian book-to-screen movie adaptations have proven to be a big hit over the years, with the likes of The Hunger Games, Divergent, and The Maze Runner all becoming a blockbuster success, so it's possible that Uglies could become one of the best Netflix movies. As a fan of sci-fi films, I have high hopes that it can follow the trailblazer's within the dystopian genre by shining a light on important issues all while captivating audiences.

Grace Morris, entertainment writer

The Old Man season 2 (Hulu/Disney Plus)

Don't mess with Dan Chase (Jeff Bridges). If there's one thing we all learnt from The Old Man season 1, it's not to underestimate "an old man in a profession where men usually die young" – yes, that's a quote from Kevin Lacz, a real-life Navy SEAL veteran who's platoon inspired the movie American Sniper, but it absolutely sums up one of the best Hulu shows.

The FX series, which airs on Hulu (US) and Disney Plus (internationally), is also an adaptation of Thomas Perry's novel book. It mostly stays true to its source material, too, which tells the story of a former army intelligence officer as he's forced out of his quiet retirement with his two dogs to keep his daughter safe from a hitman. 

Now, it's back with a whole new season. Granted, there are some slow scenes of dialogue that stretch out the runtime in season 1 but The Old Man season 2 has the potential to improve on this – maybe you can teach an old dog new tricks?    

Amelia Schwanke, senior entertainment editor     

For more streaming coverage, read our guides on the best Max shows, best Disney Plus movies, best Apple TV Plus shows, and best Paramount Plus movies.

Categories: Technology

You can now store your passport in Google Wallet, but it can’t replace the real thing

Fri, 09/13/2024 - 06:03

The Google Wallet can now store a digital version of your US passport, allowing quicker passage through select TSA checkpoints, though you’ll still need to have the physical passport with you. 

Any Android phone that has the Google Wallet app can take advantage of this new feature, from the Google Pixel 9 to the Samsung Galaxy S24

Google calls this passport-based pass a digital ID, and as this name suggests it's not an overall replacement for your passport – the company says you’ll still need to carry the relevant physical ID with you while travelling, at least “for now”.

Users can create a digital ID by scanning the photo-page of their passport, scanning the security chip on the back of the passport, and taking a selfie video. This information is then sent to Google for review.

Once approved the digital ID is stored in an encrypted form, with access kept securely behind your phone’s fingerprint scanner, passcode, or PIN number.

Digital ID comes to Google Wallet as part of a wider expansion for ID support. Support for California IDs was added in August, with state-issued IDs and driver’s licenses for Iowa, New Mexico, and Ohio to follow “in the coming months”. 

Google says it is working with partners to expand the usefulness of digital ID, and lists account recovery, identity verification, and car rentals as examples of potential future use cases. 

More options for commuters

The update to Google Wallet also brings new options for commuters in the US.

In the US, Google has added support for prepaid commuter benefit cards, starting with Edenred and HealthEquity. Additionally, tickets and booking confirmations sent to Gmail will now automatically import to the Google Wallet app.

And new notifications will alert you when a pass is altered, like if your assigned seat changes. Live train status updates, including train times and delays, are also on the way soon. 

Furthermore, you can now access your passes online at wallet.google.com, meaning you don't need your Android device on-hand to check your tickets, passes, and IDs. 

Be sure to keep up with our coverage for the latest Android updates, including the latest Android 15 news.

You might also like
Categories: Technology

Microsoft is making some major Windows security changes following CrowdStrike outage

Fri, 09/13/2024 - 06:01

Microsoft has revealed plans to revise the Windows operating system to allow security vendors, including CrowdStrike, to operate outside of the Windows kernel.

The news comes after a CrowdStrike update caused a worldwide Windows outage, impacting millions of devices and taking businesses offline.

CrowdStrike’s problematic update, which caused widespread system crashes, sparked several debates about the risks of kernel access, and a recent Microsoft-hosted security summit has now led to the company’s decision to revise its OS.

Microsoft responds to CrowdStrike outage

A core component of the Windows operating system, the kernel has access to system memory and hardware. Even the slightest error can cause widespread chaos, and so Microsoft is planning to move security vendors out of the Windows kernel in order to enhance resiliency and security.

David Weston, VP of Enterprise and OS Security at Microsoft, shared: “Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which.”

The company is collaborating with a number of major security players, including CrowdStrike, Broadcom, Sophos and Trend Micro, to develop a new platform that meets the security needs of vendors without compromising system performance and threatening future outages.

Drew Bagley, VP & Counsel of Privacy and Cyber Policy at CrowdStrike, commented: “We appreciated the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers.”

Trend Micro COO Kevin Simzer added: “I applaud Microsoft for opening its doors to continue collaborating with leading endpoint security leaders

Although confirmation that Microsoft will close off kernel access isn’t explicit, its engagement in collaboratory discussions with security companies is a promising sign.

More from TechRadar Pro
Categories: Technology

CRKD reveals new Rocket League editions of three of its Nintendo Switch controllers

Fri, 09/13/2024 - 05:54

Gaming accessory brand CRKD has announced a range of premium licensed Rocket League controllers that are compatible with the Nintendo Switch. Each product is available to pre-order now and is limited to just 10,000 units.

First is the Nitro Deck Rocket League Silver Edition, a new variant of the Nitro Deck handheld dock for Nintendo Switch. As the name would suggest, this variant boasts a shiny silver pattern that incorporates elements of the Rocket League logo. Like the regular Nitro Deck, this special edition features Hall effect thumbsticks with swappable stick tops, adjustable vibration, a gyroscope, a dedicated turbo mode, remappable rear inputs, and compatibility with the CRKD Companion App.

There’s also the Nitro Deck+ Rocket League Gold Edition with Carry Case. It has a similar overall aesthetic but comes in an even more eye-catching gold. As a Nitro Deck+ model, it has a symmetrical thumbstick layout and an improved ejection system in addition to all of the features of the base model. It also comes bundled with a carrying case.

Both the Nitro Deck and Nitro Deck+ are compatible with the Nintendo Switch and Nintendo Switch OLED but, for those who would prefer a more traditional controller, the NEO S Rocket League Gold Edition with Charging Dock is worth a look. It has a striking gold and black design, with a charming graphic of a Rocket League car on its front. Its charging dock, which provides a useful way to display the controller, also bears a small gold Rocket League logo.

The Neo S works with Nintendo Switch, PC, and compatible Smart TVs. It features Hall effect thumbsticks, motion controls, rumble support, remappable rear inputs, compatibility with the CRKD Companion App, and more.

All three products are currently available for pre-order via the CRKD website and are estimated to ship in November. The Nitro Deck Rocket League Silver Edition costs $59.99 / £59.99 while the Nitro Deck+ Rocket League Gold Edition with Carry Case comes in at a more expensive $89.99 / £89.99. The Neo S Rocket League Gold Edition with Charging Dock then sells for $59.99 / £59.99.

Rocket League is available now as a free-to-play title on PC, Xbox One, PlayStation 4, and Nintendo Switch in addition to PlayStation 5 plus Xbox Series X and Xbox Series S via backwards compatibility.

You might also like...
Categories: Technology

This new Sonos TV streamer rumor says you should expect an unexpected OS

Fri, 09/13/2024 - 05:23

We've been hearing for some months now that Sonos is close to releasing a new TV streaming device. Its existence was first reported back in 2022, but that was when the project was still in its very early stages; the actual product launch was tipped for late 2024, or perhaps very early in 2025. And a new report suggests that not only is the device's development well advanced, but that Sonos has made a surprising choice for its streaming OS.

According to the very well-informed Janko Roettgers of Lowpass.cc, who broke the original story about Sonos' streamer, the device isn't going to run Google TV or any of the other smart TV OSes you're familiar with. Instead, it's going to use a brand new streaming OS as the first hardware partner of The Trade Desk. 

The Trade Desk is a really big digital advertising company, and it's reportedly been building its own streaming OS for five years now. That OS is apparently nearly ready to go, and you'll see it on the Sonos streamer first. 

The operating system is apparently based on Android AOSP, the open source offshoot of Android. Android TV is built atop AOSP, but it's owned and certified by Google. Other firms are welcome to use AOSP to create their own operating systems, and it seems that The Trade Desk has done exactly that.

What we know about the Sonos streamer OS

(Image credit: Sonos )

If you're wondering why Sonos didn't just make its own OS for its streamer, the ongoing and damaging debacle over Sonos's app update perhaps suggests that outsourcing this one – Sonos's very first attempt at a TV streamer – was wise. But there are other reasons for the outsourcing, too. 

As Roettgers explains, "One of the biggest challenges for hardware makers is striking agreements with the major streaming services to get access to their apps. Netflix, for instance, won’t even talk to device makers if they can’t convincingly make the case that they’re able to ship a certain number of units." By going for an OS that'll be on multiple firms' devices rather than just its own, Sonos can make itself look like a much safer bet for the big-name streamers – streamers that in many cases The Trade Desk already has strong relationships with.

This appears to be a win-win deal for Sonos and The Trade Desk: the former gets to customize the OS to suit without also having to create it from scratch, while the latter gets Sonos-quality hardware to show off what its system can do. 

And with advertising becoming an increasingly large part of every streaming provider's plans, teaming up with one of the biggest ad providers looks like a particularly smart move – for Sonos, at least. Whether the box itself lives up to its theoretical promise of being a winning mash-up of a Roku and AV receiver remains to be seen.

You might also like
Categories: Technology

Want to try Gemini Live? You don't need to subscribe to Gemini Advanced anymore, it's free for all Android users

Fri, 09/13/2024 - 05:16

Gemini Live is now free for all Android users as Google begins the mass rollout of its impressive AI-powered voice assistant.

Previously, Gemini Live was only available as part of Google’s paid Gemini Advanced subscription, which cost $20 (£18.99, AU$30). Now, Android users will be able to use the voice assistant for free, but you’ll need to be patient as not all users have access just yet.

Gemini Live is a competitor to ChatGPT’s Advanced Voice Mode as well as the upcoming Siri redesign, powered by Apple Intelligence on the best iPhones.

TechRadar’s Senior Editor, AI, Graham Barlow, has been using Gemini Live for a few weeks now and had this to say about Google’s human-sounding AI companion: “Finally, I can chat with my phone as if it were a real person, which is all I've ever wanted to do since voice assistants like Google Assistant, Siri, and Alexa became a thing.”

Yes, the monthly subscription gives you access to other perks like 2 TB of cloud storage and access to Gemini 1.5 Pro, Google’s most advanced AI model. However, most casual AI users will have upgraded to Gemini Advanced to try the new swanky Gemini Live voice assistant, which was first demoed at Google’s Pixel event in August.

If you own a compatible Android device like the brand-new Google Pixel 9 or Google Pixel 9 Pro, you can access Gemini Live by simply launching Google Gemini and hitting the Live icon in the bottom right corner. Some of TechRadar’s UK team are yet to see Live in the Gemini app, so if it doesn’t appear yet, be patient and check back regularly.

Want to read about Gemini Live? Check out our Pixel 9 Pro review.

Siri 2.0 vs Gemini Live

Just this week, Apple announced the iPhone 16 and iPhone 16 Pro with A18 and A18 Pro chips ready for Apple Intelligence. Apple’s AI tools will arrive over the coming months but we’ll need to wait until 2025 to try some of the most anticipated Apple Intelligence features like Siri 2.0. The major update to Siri with on-screen awareness is set to rival Gemini and Gemini Live as smartphone companies enter into an AI-focused battle, trying to prove who has the best software to help you in your day-to-day tasks.

Until then, Gemini and its host of powers including Gemini Live is the best use of AI we’ve seen on a smartphone yet. If you’re interested to hear more about Apple Intelligence and the future of iPhone as it looks to compete with Google’s offering, read our early hands-on iPhone 16 review.

You might also like
Categories: Technology

Teenage hacker arrested over TfL hack — as thousands of customer bank details confirmed stolen

Fri, 09/13/2024 - 05:04

The effects of the Transport for London (TfL) cyberattack continue to rumble on, with news of thousands of customer banking details confirmed to have been accessed, and a potential culprit arrested by police.

On Sunday September 1, Transport for London (TfL) detected suspicious activity within its systems, sending an email alert to TfL accounts stating that it was "currently dealing with an ongoing cyber security incident."

Now, a second email, sent on September 12, stated TfL's "investigations have identified that certain customer data has been accessed," such as Oyster card refund data which could include "bank account numbers and sort codes for a limited number of customers (around 5,000)."

TfL customer data accessed

New applications for Oyster photocards and Zip cards have been temporarily suspended as a result of the cyberattack, with some Live Tube arrival information remaining unavailable.

According to TfL, additional data including "some customer names and contact details, including email addresses and home addresses" were accessed during the attack.

TfL’s chief technology officer Shashi Verma said (via BBC), "As a precautionary measure, we will be contacting these customers directly as soon as possible to advise them of the support we can provide and the steps they can take," adding, "We continually monitor who is accessing our systems to ensure only those authorised can gain access."

"We will continue to keep our customers and our staff updated. I would like to apologise for the inconvenience this incident may cause customers and I thank everyone for their patience as we respond to this incident," he concluded.

The company is still working with the National Crime Agency and the National Cyber Security Centre to conduct an investigation into the attack. TfL also said in it's email that it will be doing an "all-staff IT identity check."

The National Crime Agency has also said on September 5, a 17 year old boy was arrested in connection with the cyberattack in Walsall, West Midlands, and questioned on suspicion of Computer Misuse Act offences. He has since been bailed following the questioning.

"Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems," noted Paul Foster, head of the NCA's National Cyber Crime Unit.

"We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible."

"The swift response by TfL following the incident has enabled us to act quickly, and we are grateful for their continued co-operation with our investigation, which remains ongoing."

More from TechRadar Pro
Categories: Technology

Lucid's affordable new SUV shows it's planning to overtake Tesla as the new EV king

Fri, 09/13/2024 - 05:02

Californian EV manufacturer Lucid held a Technology and Manufacturing Day event this week, where it unveiled more information about its upcoming Gravity SUV, as well as hinting at more affordable models that will arrive in 2026 and beyond.

The company, which currently only offers its Air model – an EV that has won many plaudits for its class-leading electric range and battery efficiency – will expand into the popular SUV market with the Gravity, due to arrive later this year.

Lucid confirmed that model will come with a native Tesla North American Charging Standard (NACS), meaning it will be able to make the most of Tesla’s Supercharger charging network. 

Gravity, which offers at least 440 miles of range and more than 800bhp in some models, is expected start at around $80,000 (around £61,000 / AU$120,000), but much like the Air model, more extreme performance figures and trim specifications can see that figure skyrocket to in excess of $250,000 (or around £191,000/AU$374,000).

It is expected that Gravity pricing will follow a similar pattern, but in order to remain competitive over the coming years, Lucid also offered a sneak preview at an upcoming midsize platform that will underpin a new crossover model.

Hotly tipped to square off against Tesla’s popular Model Y, Lucid claims this upcoming EV will deliver "the same range as competitors while using a smaller battery”. It is also scheduled to start production in late 2026, with a starting price under $50,000.

This move to more affordable electric vehicles puts the company in prime position to take the fight to Tesla, arguably its closest competitor in terms of overall vision, technological advancements and its commitment to pure electric cars, with Lucid Motors CEO Peter Rawlinson telling The Verge that he feels hybrids “offer the worst of all”.

Taking the fight to Tesla

(Image credit: Lucid Motors)

Earlier this year, Lucid announced that it received another $1.5bn in funding from its largest shareholder, Saudi Arabia’s Public Investment Fund, in order to weather the global cooling off in EV demand and assist in launching its latest Gravity model.

As a result, its upcoming smaller and more affordable EV is destined to be manufactured in Saudi Arabia, while it has also hinted at a brace of upcoming models that will take on Tesla’s Model 3, as well as a move into a "more ruggedized category", according to CEO Rawlinson in that same interview with The Verge.

With Lucid’s reputation for offering a rock-solid electric range and the latest in-car tech, it is well placed to enter the more competitive mass EV market, which is still dominated by Elon Musk’s Tesla.

But with the company’s enigmatic CEO seemingly distracted by politics and saving his social media empire, a number of shareholders have publicly cited their reasons for selling up, with the general consensus being that the company has lost its focus on driving the EV market forward and promoting cleaner transportation in general. 

Lucid has already made waves in the industry with a great product, and with the promise of a rapidly expanding range of more affordable vehicles, as well as a push into European markets, it looks like it is on course to become a major player and perhaps the company Tesla once promised. 

You might also like
Categories: Technology

Schools and universities are paying higher ransomware demands

Fri, 09/13/2024 - 05:02

The majority of schools and universities suffering a ransomware attack end up paying more than the initial demand, a new report has claimed.

Polling 600 cybersecurity and IT leaders in the education sector, Sophos learned over half (55%) of those working in lower education, and 67% of those working in higher education, ended up paying more than what hackers originally asked for.

It is difficult to determine the reason, but the researchers speculate the victims are feeling pressured to keep the work going and not get disrupted.

Recovering from ransomware

At the same time, organizations in the education sector struggle to quickly recover from a ransomware attack. Less than a third (30%), in both lower and higher education, were able to fully recover within a week (down from 33% and 40% last year, respectively).

The good news is that there are now fewer attacks. Last year, 80% of lower education and 79% of higher education organizations were hit. This year - 63% and 66%, which is significantly lower. Unfortunately, the rate of data encryption has gone up a little bit, compared to last year.

Most of the time, the attack starts with an exploited vulnerability, which is why Sophos suggests a layered approach to security, that includes vulnerability scanning and patching prioritization. Organizations should also focus on getting endpoint protection solutions with anti-ransomware capabilities, and a 24/7 human-led managed detection and response services.

“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high pressure situations if they are hit and destabilized by ransomware,” commented Chester Wisniewski, director, field CTO, Sophos.

“Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay.”

More from TechRadar Pro
Categories: Technology

Watch out, Netflix fans – its app will soon no longer be supported on these older iPhones and iPads

Fri, 09/13/2024 - 05:01

If you've opened the Netflix app on a device running iOS 16 or iPadOS 16 recently, you might have seen a warning message pop up: it says support for the streaming service is coming to an end for devices running these software versions.

As spotted by 9to5Mac, as of now the latest Netflix app needs iOS 17 or iPadOS 17 to run. That doesn't mean Netflix will stop working right away on older devices, but no more app updates will be issued for the older platforms.

You'll still be able to run Netflix on iOS 16 and iPadOS 16 for now, but you're not going to get any security updates or bug fixes from this point on, and those are both pretty important when it comes to the smooth running of an app.

Eventually, Netflix will stop working on devices that can't be updated to the latest software, though we don't know exactly when that will be. If you're affected by this change, it might be time to have a look at our best iPhones and best iPads roundups for an upgrade.

Affected iPhones and iPads

The 1st-gen iPad Pro is one of the devices affected (Image credit: Future)

The iPhones that can run iOS 16 but can't run iOS 17 are the iPhone X, the iPhone 8, and the iPhone 8 Plus, all launched in 2017. These devices have long been taken off sale, but Apple still issues bug fixes and offers some repair options for them.

As for the tablets that are stuck on iPadOS 16 with no option to upgrade to iPadOS 17, we're looking at the 5th-generation iPad model, released in 2017, and the 1st-generation iPad Pro released in 2016.

Netflix support will already have been discontinued for any devices older than those we've mentioned. The iPad Air 2 (2014) and the iPad mini 4 (2015) couldn't be upgraded to iPadOS 16 for example, so support has already ended for those tablets.

Of course, iOS 18 and iPadOS 18 are about to be pushed out to millions of devices across the world, giving you another reason to think about upgrading your hardware – even if the Apple Intelligence features will take a while to arrive.

You might also like
Categories: Technology

Pages