TechRadar News

• The Intel Arc B580 graphics card has finally released
• It's gotten positive attention due to its price and performance
• This could bring back the budget PC market

The Intel Arc B580 graphics card has finally been released after months of rumors, leaks, and reports about its prospective specs, and so far the reviews of this $250 budget card have been extremely positive.

According to reviews, the Intel card boasts higher performance than both the Nvidia GeForce RTX 4060 and the AMD Radeon RX 7600 while also coming in at a lower price. While the aforementioned reports had already stated this was the case, official benchmarks from these reviews have all but confirmed it as fact.

Not only is this promising news in its own right, as Intel is offering excellent graphics cards for an even better price point which allows budget-minded gamers an affordable option for their PC without sacrificing performance. But it also heralds an even bigger change in the tech market — the rejuvenation of the budget PC.

How budget PCs can make their return

Building the best budget PC, especially a budget gaming rig, is not only the realm of those who cannot afford a premium desktop, but also a long-honored tradition among hobbyists. Finding PC components under a certain price that still offers a cost-effective value is a challenge with tangible results. We prove this with our own guides on building a budget machine, including one for less than $800.

However, in recent years the two major manufacturers of graphics cards — AMD and Nvidia — have been investing less and less in budget cards, which in turn has negatively impacted the cheap PC build. But with Intel’s Arc B580, there’s finally more competition in the market as the tech giant proves that impressive performance can come with a reasonable price tag.

The best-case scenario is that Intel’s continued presence in the budget graphics card market will encourage (and even force) Team Green and Team Red to keep competing with it by releasing their own cheaper cards. This would in turn help to bolster the cheap PC market, which is a boon for many buyers and hobbyists.

In the end, it turns out that Intel's decision not to give up on desktop graphics cards after the Battlemage line was its best decision, as the tech giant clearly has a hit niche on its hands. Especially considering the current and possible future market for tech.

• I've never taken Intel's GPU competition seriously, but the Arc B580 has left me no choice
• Intel Battlemage GPU spotted in benchmark – chill out, PC gamers, there’s no need to panic over that leaked B580 core count
• Intel’s next-gen Arc B580 spotted, backing up rumors of a December launch for Battlemage GPUs

Disney Plus has been known for its fair share of revivals, but something feels oh so right at home with this one. Malcolm in the Middle – a beloved sitcom that ran for seven seasons, is coming back as a four-episode arc that will stream on Disney Plus, as confirmed by Variety.

And here’s some even better news, especially if you’re keen to see the return of your favorite dysfunctional family. Frankie Muniz, Bryan Cranston, and Jane Kaczmarek are all set to return to their respective roles, and Linwood Boomer, the original series creator, is back on board for the revival.

You wouldn’t want a revival without the iconic cast, right? The cast is stoked as well in a teaser video that Frankie Muniz posted on Instagram and Threads, opening with iconic "Malcolm, Malcolm, Malcom!" and Muniz noting he's been waiting for 18 years to find out "where Malcolm and his family are now."

Post by @frankiemuniz4 View on Threads

In a statement, Disney Branded Television President Ayo Davis said, “Malcolm in the Middle is a landmark sitcom that captured the essence of family life with humor, heart, and relatability. Its hilarious and heartfelt portrayal of a lovably chaotic family resonated with audiences of all ages, and we’re so excited to welcome the original cast back to bring that magic to life again. With Linwood Boomer and the creative team at the helm, these new episodes will have all the laughs, pranks, and mayhem fans loved – along with a few surprises that remind us why this show is so timeless.”

Clearly, the team behind the revival – or reboot – is quite excited to welcome the iconic show back, and its teased family reunion. Variety reports the official logline as: “Malcolm (Muniz) and his daughter are drawn into the family’s chaos when Hal (Cranston) and Lois (Kaczmarek) demand his presence for their 40th wedding anniversary party.”

Indeed, it is a time jump, but like other revivals, this should hit the right tone and deliver a fun, meaningful reunion to reunite all the characters. Additionally, this seems more in line with what the creator is going after and not being pressured by the studio for a full-length season to be produced. It’s the story that Boomer and co. are hoping to tell.

No release date is set yet, but when the Malcolm in the Middle revival is ready, it’ll stream on Disney Plus. Of course, if you’re keen to stream some other titles, check out our favorite of the new arrivals to Disney Plus here.

You might also like

• Best streaming service 2024: Netflix, Hulu, Apple TV Plus, Prime Video, and more
• Moana is the most-streamed movie of the past five years – and not just on Disney Plus
• Disney Plus scores a Christmas slam-dunk with the first-ever animated basketball game

• This new ChatGPT feature helps organize interactions with the AI chatbot.
• Within a Project, ChatGPT remembers specific instructions and relevant data.
• The Projects feature is rolling out now for ChatGPT Plus, Pro, and Teams subscribers.

Day Seven of 12 Days of OpenAI may not have included a conversation with Santa Claus like the day before, but the new Projects feature for ChatGPT would likely appeal to his elves.

OpenAI CPO Kevin Weil and his compatriots debuted Projects with a demo showcasing how it can organize your interactions with ChatGPT, including any files and data. Imagine a digital version of a messy desk covered in papers representing your talks with ChatGPT. Projects are the virtual file drawer full of neatly labeled folders put together by an assistant who has read each word on those papers.

When you start a Project, you need to name it and assign it a color to make it easier to find. Then, you can group related chats and upload any relevant files. You can also set specific instructions for ChatGPT to follow while working within that particular Project space. This means if you’re collaborating on a screenplay or building a website, you don’t have to keep reminding ChatGPT about the details every time you start a new chat. You can add existing chats to a Project, start new ones, and even pull in data from your files mid-conversation. Plus, features like SearchGPT and Canvas all play nicely within the Project space.

(Image credit: Future)

If Projects feels familiar, that's because it's a feature that some of ChatGPT's rivals already offer, most notably Claude, Anthropic's AI chatbot. So, OpenAI is catching up in some ways, offering a solution to a common frustration. Until now, keeping track of conversations with ChatGPT often meant dealing with a cluttered sidebar and a lot of scrolling.

While OpenAI has made strides with features like memory and customization, the ability to group chats and files into coherent, themed bundles is arguably as significant as switching from Post-It notes to binders.

Projects are also useful for building websites. You can upload design files and content ideas and specify your preferred coding languages. ChatGPT can then help you generate code for the site and improve any design or content. Unlike the usual ChatGPT coding help, the AI will remember what you've already worked on together because it happens within the same Project space.

(Image credit: Future) Tidy AI

Weil and his team demonstrated Projects with various ways the tool might be employed. Since Santa was absent, he showed how to use Projects to organize a Secret Santa exchange instead. Instead of shuffling between spreadsheet tabs and copy-pasting the same info a million times, you create a Project with whatever rules and budget have been agreed upon, including a spreadsheet with everyone’s wish lists. All your Secret Santa data lives there, and you can tell ChatGPT to manage it, even having the AI send out anonymous emails with gift assignments.

Of course, there are a few potential issues. For one, the effectiveness of Projects depends on how clearly you communicate with ChatGPT. As the demo shows, being vague can lead to unintended results (like revealing Secret Santa secrets). Further, organizing through Projects won't make up for any sloppy prompts or not checking for errors in the output.

You'll need a ChatGPT Plus, Pro, or Teams subscription to use Projects for now, though those on the free tier will get access soon. Still, they may need to make a note to remind them about it since they don't have Projects available yet.

You might also like

• ChatGPT's new Santa Mode puts some holiday spirit in AI
• ChatGPT adds eyes to its voice with new screen and video sharing feature
• ChatGPT's Canvas feature is a real-time editor to inspire your writing and coding

• Microsoft announces new AI model Phi-4
• It's available to developers and researchers now
• Performs well at math tasks despite its small scale

Microsoft has announced a brand new AI model called Phi-4, which is a small language model (SLM) in contrast to the large language models (LLM), that chatbots like ChatGPT and Copilot use. As well as being lightweight, Phi-4 excels at complex reasoning which makes it perfect for math and language processing.

Microsoft has released a set of benchmarks showing Phi-4 outperforming even large language models like Gemini Pro 1.5 on math competition problems.

(Image credit: Microsoft)

(Image credit: Microsoft) Breakthroughs in post-training

Small language models, like ChatGPT-4o mini, Gemini 2.0 Flash, and Claude 3.5 Haiku tend to be faster and cheaper to run compared to large language models,. However, their performance has increased dramatically with recent versions.

For Microsoft, these improvements were made possibly through breakthroughs in training Phi-4 on high-quality synthetic data sets and post-training innovations. Since the bottleneck for improving AI ability has always been the vast amount of processing power and data required for the training (sometimes called the ‘pre-training data wall’), AI companies have instead been looking at ways to improve the post-training development to improve performance.

Phi-4 is currently available on Azure AI Foundry, a platform for developers to build generative AI applications. So, while Phi-4 is available under a Microsoft research license agreement, you can’t simply start chatting with it, as you would with Copilot or ChatGPT. Instead, we'll have to wait and see what people produce with it in the future.

You might also like...

• Windows 11's 'suggested actions' feature is headed to the Microsoft Graveyard - but here's what's replacing it
• Microsoft Recall offers a ‘sensitive information filter’ to avoid saving your credit card details – but whoops, it doesn’t work
• Microsoft finally delivers AirDrop-style file sharing between iPhones and PCs – here's how it works

• The rise in LOLbins used in attacks this year has been significant
• Most common ones used include RDP, PowerShell, cmd.exe, and net.exe
• Sophos has shared mitigation tips for anyone affected

The rise in the abuse of Microsoft’s LOLbins (Living Off the Land binaries) in the first half of 2024 has been nothing short of alarming, a new report from Sophos has claimed.

The Sophos 2024 Active Adversary Report, which analyzes cases handled by its Incident Response (IR) and Managed Detection and Response (MDR) teams, says that in H1 of this year, hackers used 187 LOLbins in their attacks, a 51% increase compared to 2023. In 2021, the team observed exactly 100 LOLbins used.

Living Off the Land Binaries are legitimate executables and scripts native to operating systems, often pre-installed, that attackers abuse to perform malicious actions while evading detection. They are trusted tools, such as PowerShell or cmd.exe, making their activity harder to distinguish from normal administrative tasks.

RPD rules the landscape

Sophos says commonly abused LOLbins this year included RDP, PowerShell, cmd.exe, and net.exe, with RDP alone implicated in nearly 89% of cases. This didn’t come as much of a surprise for the researchers, too: “For the most part the names in the figure above are no surprise to regular readers of the Active Adversary Report – RDP rules the landscape, with cmd.exe, PowerShell, and net.exe making their usual strong showing,” they said.

Furthermore, binaries usually used for discovery or enumeration seem to be most prevalent, as of the top 29 LOLbins, 16 served such a purpose. Microsoft’s tools are being increasingly leveraged due to their legitimacy, signed status, and ubiquity within operating systems, it was said.

To mitigate the abuse of Microsoft LOLBins, organizations should adopt a multi-layered security approach, Sophos concludes.

This includes a number of things, from restricting access to commonly abused tools, to monitoring and logging the use of the binaries. Furthermore, they should implement endpoint detection and response solutions (EDR), and disable unused LOLbins. Finally, regularly applying software updates and educating employees on recognizing phishing and social engineering attacks can further reduce risks, they said.

You might also like

• BlackByte ransomware returns with new tactics, targets VMware ESXi
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• Qualcomm talks 6G innovations beyond speed, integrating AI and IoT
• 6G promises enhanced coverage, and efficiency
• AI-native design will optimize networks and enable new use cases

The transition from 5G to 6G is set to redefine the wireless landscape, offering advancements that go far beyond speed and connectivity.

Qualcomm, a key player in wireless innovation, is building on its 5G legacy to explore the possibilities of 6G, which is expected to integrate artificial intelligence, advanced IoT applications, and seamless connectivity between terrestrial and non-terrestrial networks.

Targeted for deployment in the 2030s, 6G promises to unlock new opportunities across industries and address the growing demands of an increasingly connected world.

In an exclusive interview with TechRadar Pro, John Smee, Global Head of Wireless Research at Qualcomm, discussed the future of 6G, outlining how the company is looking to build upon the advancements of 5G and 5G Advanced.

He also highlighted Qualcomm's role in contributing to the research and development of the technology, explaining that 6G will not only enhance key performance indicators like coverage, capacity, and efficiency but also enable transformative use cases such as digital twins and edge computing.

What are the key technological advancements in 5G that are paving the way for 6G development?

There are quite a few key advancements in 5G and 5G Advanced that are paving the way for 6G. Here are just a few examples:

• Air interface foundation: we believe 6G will build on the OFDM foundation, with a focus on improving coverage, spectral efficiency, and capacity in both legacy FDD and TDD bands as well as new spectrum.
• MIMO/duplex evolution: 6G Giga-MIMO will enable new upper midband spectrum (6-15 GHz) delivering additional wide-area capacity and reusing the existing 3.5 GHz macro cell sites and backhaul. Evolution to full duplex can deliver better coverage and flexibility to meet growing data demand.
• Wireless AI: 5G Advanced kickstarted the era of AI in wireless, improving network/device performance and efficiency. AI will be an integral part of the 6G system design, with AI-native protocols across multiple layers of the stack.
• Wireless sensing: the 5G-Advanced study of integrate sensing and communication (ISAC) can complement positioning to make the wireless network more efficient and open new business opportunities for the ecosystem.
• Integrated TN/NTN: 5G introduced 5G non-terrestrial networking (NTN) by enabling satellites to deliver global coverage leveraging the cellular standard and modem implementations. 6G is expected to build on this foundation to support a seamless interworking of terrestrial networks and NTN.

How do you see the transition from 5G to 6G impacting businesses, and are there specific industries that will benefit the most?

The transition from 5G to 6G is expected to significantly enhance wireless connectivity improving fundamental KPI’s for coverage, capacity, and performance while enabling new services like AI, sensing, and digital twins. 6G will be designed to meet the increasing data transfer needs of connected AI-powered devices. Targeting 2030 deployment, 6G can efficiently enable intelligent computing everywhere creating new opportunities for value creation at the edge. Industries such as healthcare, manufacturing, transportation, and education will continue their transformations to leverage connected AI and the enhanced capabilities of 6G.

Can you explain the role of AI, and specifically Generative AI, in enhancing 5G networks and its potential impact on 6G?

AI is poised to significantly enhance 5G and 6G system performance, operational efficiency, and user experiences, as well as unlock new use cases at scale. For instance, by leveraging AI for network optimization, predictive analytics, and automated configuration, these networks can achieve greater efficiency, reliability, and security. Generative AI can simulate various network scenarios and create synthetic data to train machine learning models, ensuring robust network performance even in complex environments. These technologies enable advanced applications like real-time edge computing, personalized services, and seamless integration with a wide range of devices. Generative AI will also often be implemented on the device and as applications expand this will increase the 5G and 6G communications data demand on uplink and downlink.

AI native is intended to make the system perform better by either replacing functional blocks with AI implementations, or allowing AI to better manage the protocol, network node, device, etc. so that it can adapt more flexibly to support a larger variety of enterprise and consumer experiences. The AI native paradigm can give more implementation flexibility and bring more innovation and differentiation to the devices and networks.

AI native can be in at least the two following forms:

• Replacing existing functionality with AI – e.g., there are a number of use cases in 3GPP (beam management, CSI feedback, positioning, mobility) that are being studied to see if there is a better solution with AI. One aspect of AI native is to include more of these features across layers, protocols and network/device for improved performance with AI. Especially relevant is work in 3GPP and ORAN to improve network automation with AI and the associated use cases. Cross node AI is also a potential example of this where the function is replaced by AI at the network and device.
• Enable AI as a part of the protocol behavior – to change the actual protocols to be defined to be AI friendly so that the protocol can adapt to the combination of radio, device and application state to determine how best to serve the traffic. This changes how the function operates to incorporate AI.

What are the expected benefits of 6G over 5G in terms of speed, latency, and connectivity?

6G will not just be designed to achieve higher speed and lower latency, but it will also focus on bringing significant efficiency enhancements to capacity, coverage, energy consumption, and deployment cost. Additionally, 6G will focus on enabling faster deployment of new services and growing the surface area of operator opportunities. The focus will be driven by use cases to create new value for the broader wireless ecosystem and society.

How will 6G technology influence the development of IoT and generative AI technologies?

6G will bring an integrated design for eMBB and IoT with shared objectives of enhanced connectivity, extended coverage, added functionalities such as positioning and sensing that allow the devices to interact more effectively with their environment, and add more use cases of IoT. Ambient IoT, which will operate without batteries using energy harvesting techniques, will help proliferate low cost IoT sensors and further integrate the physical and digital worlds. Networks and devices will support real-time AI processing and decision-making at the edge, creating value for IoT applications independent of centralized cloud systems.

How is Qualcomm contributing to the research and development of 6G technology?

Qualcomm has a storied heritage in wireless technology, including groundbreaking innovations in 5G technologies. We are building on a strong foundation to advance connectivity across all technologies including 5G Advanced, 6G, Wi-Fi, Bluetooth and more. We are leading the ecosystem in technology research and development, working closely with industry technology leaders such as mobile operators, OEMs, and academia to bring future innovations to life.

How do you envision the future of mobile communication evolving with the advent of 6G?

The future of mobile communication with the advent of 6G is envisioned as a continuum that builds upon the advancements of 5G, focusing on integrating AI into networks and devices. 6G aims to enhance the efficiency and economics of existing and new use cases in the 2030s, such as multi-device plans, fixed wireless services, AR glasses, self-driving cars and elderly-care service robots. The evolution will also involve integrated sensing and communication, enabling new solutions like digital twins and RF sensing. Additionally, 6G will leverage existing infrastructure to provide cost-effective upgrades in existing spectrum on uplink performance and edge data processing, as well as add significant capacity in new spectrum.

You may also like

• 6G: A glimpse into the future beyond 5G
• Real life 6G speed tests revealed by Japanese tech giants
• Qualcomm has launched new, "breakthrough" IoT tech for industry

• The Yoto Mini children's speaker is being recalled again due to a fire risk
• The speaker was initially deemed a fire risk back in April
• Parents should take the speaker away from children and stop using it
• You should contact Yoto for a free battery replacement kit even if you've already received the smart cable from the April 2024 recall

Another day, another overheating audio product – only for this particular speaker designed for children, it's second time unlucky.

The Yoto Mini speaker hasn't had a good year. More than 250,000 of them were recalled back in April owing to overheating batteries – at least, the cable was recalled and replaced. And it seems that wasn't enough.

The overheating issue cited is the same on both occasions – both the most recent product recall and the April recall issued by the US Consumer Product Safety Commission (CPSC) state: "the speaker’s lithium-ion battery can overheat and catch fire, posing burn and fire hazards to consumers".

This time, the CPSC's report directs owners to "immediately stop using the recalled speakers, take them away from children and contact Yoto to receive a free battery replacement kit. Consumers should request the battery replacement kit even if they already received the smart cable in the April 2024 recall."

Owners are also asked to dispose of those old lithium-ion batteries in accordance with local and state regulations, not in the trash.

Too hot to handle – apply for a Yoto Mini battery replacement kit now

The latest December 11 report states that Yoto has now received a total of nine reports from U.S. consumers (up from seven in April) and three from a UK consumer of the speaker "overheating or melting", although thankfully, no injuries have been reported.

According to the CPSC's missive, about 251,165 Yoto Mini units were sold (in addition, about 18,932 were sold in Canada) between November 2021 and April 2024. The speakers are intended for children ages three to 12, are operated by use of Yoto cards and are designed to play audiobooks, music, radio and podcasts. They were available from November 2021 through April 2024 and cost about $70, with the SKU number PRPLXX00860. Again, if you have one, be sure to stop using it, and request a free battery replacement kit from Yoto.

Yoto has issued a statement telling customers "Please be assured this does not mean you have to send your Yoto Mini (2021-2023) back. Instead, the Battery Replacement Kit uses the same battery as in Yoto Mini (2024 Edition) and will restore your Yoto Mini with a brand new battery.… Yoto Mini (2024 edition) is not affected by this issue as it contains a battery from a different supplier."

The news comes just days after Anker recalled nearly 80,000 Bluetooth speakers due to potentially hazardous overheating batteries – and the two incidents are not isolated cases. On November 20, Audio-Technica had to alert buyers that some batches of its affordable 2024 earbuds had an overheating case and on November 28, Belkin also issued a recall notice for its BoostCharge Pro (model number BPD005) power bank.

One thing's for sure: whoever can invent and deliver to the mass-market a safer and more planet-friendly portable power alternative to lithium-ion batteries – ideally one that doesn't require as much surface space as the otherwise-great Powerfoyle – will do very well indeed.

You may also like

• Are smart speakers really safe for children?
• The best laptop for kids in 2024: our favorite kid-friendly picks
• Top toy gift ideas to keep kids entertained and limit screen time

• Fallout won Best Adaptation at The Game Awards 2024
• Arcane fans feel 'robbed' that the hit animated series didn't win
• Both shows have been huge successes and are enjoyable to watch even if you're a newcomer to the video game franchises

Arcane fans have taken to social media to express their disappointment about the outcome of one of today's winners at The Game Awards 2024, following the announcement that Amazon's Fallout TV show was crowned 'Best Adaptation'.

Arcane, one of the best Netflix shows, brings to life the League of Legends universe through the use of striking animated visuals and explosive action. Meanwhile, one of the best Prime Video shows, Fallout, "brings one of gaming’s most iconic series to life with a highly satisfying blend of source material devotion and narrative originality", as Tom Power wrote in TechRadar's Fallout season 1 review.

Don't get me wrong Fallout was good but over Arcane?????? I am literally just confused. Arcane is literally one of the best series ever my god what the hell. It's rated so high all across the board how does that happen https://t.co/XCfIr2p5mrDecember 13, 2024

The point is, though, that both video game adaptations are terrific watches, but what they do have in common is the fact that they aren't just catered to fans of the video games. No matter if you're an avid fan or a newcomer to the franchise, both shows will both wow you (much like The Last of Us did for me).

However, this hasn't stopped fans flocking to social media to express their views over Fallout winning the award over Arcane, with one user even feeling "robbed" at the defeat.

BEST ADAPTATION FALLOUT??? ARCANE DIDN'T WIN BEST ADAPTATION???WHY????WE WERE SO SO ROBBED HERE #TheGameAwards pic.twitter.com/WN8BTjgbCzDecember 13, 2024

Although Arcane season 2 missed out this time, the animated series hasn't gone without its fair share of awards. Not only did it win 'Best Adaptation' at The Game Awards in 2022, it won four Emmy Awards, including the Primetime Emmy Award for Outstanding Animated Program and became the first streaming series to win the award.

HOW THE HELL DID FALLOUT BEAT ARCANE FOR BEST GAME ADAPTATION AIN’T NO WAYDecember 13, 2024

You might also like

• Netflix releases trailer for Bank of Dave 2 and I can't wait to see him take on a new rival
• New Invincible season 3 trailer teases a superhero civil war, new heroes, returning villains, and Mark's 'serious' supersuit
• Fallout season 2: release date prediction, likely cast, possible plot, and more news and rumors on the hit Prime Video show's return

• Astro Bot wins Game of the Year at The Game Awards 2024
• The PS5 platformer also took home four other major awards
• Astro Bot was in competition with some of the year's biggest titles, like Metaphor: ReFantazio and Final Fantasy 7 Rebirth

Astro Bot has won Game of the Year at The Game Awards 2024.

The annual awards ceremony celebrated its 10th anniversary last night, and close out the show Baldur's Gate 3 director Swen Vincke, who won last year's Game of the Year award, took to the stage to announce this year's winner.

Astro Bot competed in the category with some of this year's biggest titles, including Metaphor Re: Fantazio, Final Fantasy 7: Rebirth, Balatro, and Black Myth: Wukong, making the winner difficult to predict for some.

Elden Ring: Shadow of the Erdtree was also among the nominees, making it the first downloadable content (DLC) to be featured in the category.

Team Asobi's PlayStation 5 platformer was also nominated in multiple other categories and also took home three more major awards, including Best Action/Adventure, beating the likes of Silent Hill 2 and Prince of Persia: The Lost Crown, Best Game Direction, and Best Family Game.

In TechRadar Gaming's review, George Yang called the game "an engrossing and joyful platformer" and one of the best games of 2024.

"Astro Bot combines engrossing platforming mechanics across masterfully designed levels that are filled with fun obstacles and collectibles," Yang wrote. "It stands up to gaming’s biggest giants like Mario and Sonic as a result and is a joyous Game of the Year contender."

You might also like...

• Split Fiction is a new co-op game from the studio behind the award-winning It Takes Two
• Borderlands 4 has been revealed and, yeah, it looks very Borderlands to us
• The Witcher 4 officially revealed at The Game Awards 2024 with brutal trailer and confirms that Ciri will star as the titular Witcher

• Security researchers found a way to exfiltrate sensitive data through FileProvider
• The bug abuses the framework's elevated privileges
• Apple patch address issue with improved validation of symbolic links

Apple has patched a hole in iOS and macOS which could have been abused to steal sensitive data from victims.

Cybersecurity researchers from Jamf Threat Labs recently discovered, and reported, a vulnerability in FileProvider, a framework in macOS and iOS that enables apps to manage and access files stored on remote servers or locally.

Tracked as CVE-2024-44131, and carrying a severity score of 5.3, the vulnerability stems from the framework’s elevated privileges, which can be abused to move files, and even upload them to a remote server under the attackers’ control.

Manipulating symlinks

The vulnerability bypasses Apple’s Transparency, Consent, and Control (TCC) framework, often described as a “critical security protection” mechanism for Apple devices.

"This TCC bypass allows unauthorized access to files and folders, Health data, the microphone or camera, and more without alerting users," Jamf said. "This undermines user trust in the security of iOS devices and exposes personal data to risk."

In theory, if a threat actor could get a malicious app running in an Apple device, it could intercept user action that moves, or copies files within the FIles app, and send them to a place under their control.

"Specifically, when a user moves or copies files or directories using Files.app within a directory accessible by a malicious app running in the background, the attacker can manipulate symlinks to deceive the Files app," Jamf added. "The new symlink attack method first copies an innocent file, providing a detectable signal to a malicious process that the copying has started. Then, a symlink is inserted after the copying process is already underway, effectively bypassing the symlink check."

Apple fixed the bug in iOS 18, iPadOS 18, and macOS Sequoia 15, with improved validation of symbolic links (symlinks), and advised users to apply the patch as soon as possible.

Via The Hacker News

You might also like

• Apple fixes Passwords app security bug with new 18.2 update
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

• Apple has promised that the first CarPlay 2 vehicles will launch in 2024
• With just a couple of weeks to go, that deadline might be missed
• CarPlay 2 is a major overhaul, but we’ve only seen renderings so far

If you cast your mind back to Apple’s Worldwide Developers Conference (WWDC) in 2022, you might remember the company announcing that a new version of CarPlay would soon be arriving with new dashboards and features for connected cars. Well, over two years later, we’re still waiting – and Apple doesn’t have long to meet its own CarPlay 2 target.

That’s because, as noted by MacRumors, Apple’s website continues to maintain that the first vehicles bearing CarPlay 2 will arrive “in 2024.” But with under three weeks left until the end of the year, there’s not a lot of time left before that deadline passes.

CarPlay 2 is expected to bring “content for all the driver’s screens including the instrument cluster,” Apple says. Unlike the first generation of CarPlay, the new version will be able to take over more or less the entire dashboard inside your vehicle, providing relevant, customizable data in a unified interface.

Unfortunately, there’s been virtually no movement on this since Apple announced CarPlay 2 in June 2022. Sure, we’ve had a few concepts, renderings and discussions since then, but nothing more concrete than that.

With the deadline looming, we’re starting to wonder if Apple has some last-minute news (which isn't unprecedented for CarPlay) or if this is one target it just can’t hit.

Not long left

(Image credit: Apple)

You may recall that we’ve actually been here before. Last year, Apple promised that the first models equipped with the next generation of CarPlay would be previewed before the end of 2023. Well, the clock ticked and ticked until Porsche and Aston Martin finally delivered a few dashboard concepts on December 20, just barely squeaking in ahead of 2024.

But we’re not being promised renderings this time. Apple’s website claims that the “first models” will launch before the end of 2024, and that sure sounds like it’s talking about purchasable, drivable cars. There’s not long left for these vehicles to make an appearance, and it's now looking highly unlikely.

CarPlay has encountered something of a bumpy road over the last year or two, with major manufacturers like GM pulling out and the likes of Rivian saying they won’t use it in the first place.

Still, Apple boasts that over 800 car models work with CarPlay, and the system isn’t going away any time soon. But it needs to get its skates on if it’s going to arrive before the end of the year.

You might also like

• Apple's next-gen CarPlay experience is coming this year – here’s what to expect
• Apple shows off next-gen CarPlay – here's what it looks like
• Apple teases next-generation of CarPlay, with Porsche and Aston Martin driving the charge

Samsung and Google have finally announced Project Moohan, their long-awaited XR headset collaboration, and I’m cautiously optimistic that Meta might finally be facing a true challenger to its XR throne, if only because I’m a little tired of recommending whatever the latest Quest VR headset is as the best option for people to buy – they’re awesome, but some variety would be nice.

However, I’m concerned that the two companies might already be making the same blunders as Apple has with its Apple Vision Pro. I’m not talking about price – at least not yet, because we don’t know how much Moohan will cost (a word of advice, Samsung: it had better cost less than $1,000) – but rather I'm looking at a factor that’s just as important: software.

I test a lot of VR headsets, and my main issue with every non-Meta device is its software. When it comes to standalone headset experiences the Quest’s offering is second to none thanks to its massive library, which offers variety and is well stocked with exclusives you can’t get anywhere else.

Project Moohan will reportedly boast a massive suite of Android apps of its own at launch, but much like the Apple Vision Pro these will be ports of existing phone and tablet apps. Yes, interacting with them in VR would bring novelty; however the Vision Pro has proven that novelty alone is not enough to shift units and make a device feel like a worthwhile alternative to our phones, tablets, and laptops.

(Image credit: Future)

What we really need are bonafide Moohan exclusives; I’m talking Google's and Samsung’s rivals to the likes of Batman: Arkham Shadow. By releasing Moohan’s developer kit now the companies are at least giving app creators a head start, so they can hopefully have some awesome exclusives ready for launch day, which at the moment the companies have suggested will be some time in 2025.

That said, Apple gave developers an early development kit too, and it proved not to be enough. A lack of time was certainly a factor – software development doesn’t happen overnight, and less than 12 months' notice has clearly proven insufficient in the case of the Vision Pro.

Financial risk plays a part too. Developing an app isn’t cheap, and developing it for an unproven system carries more risk than normal – you can’t accurately judge what your expected revenue will be if you have no idea how many people will own the system. As we've seen, the way Meta has found to get around this chicken-and-egg situation is by having its Reality Labs division throw money at VR and MR software studios in exchange for exclusive access to their creations on Quest.

Yes, there’s a fiscal recklessness to Meta’s Reality Labs gambit – that division of its company is hemorrhaging cash at a scale that even the most dodgy ‘disruptive’ Silicon Valley startups could only dream of – but it’s paying off.

Given what the Quest 3, Quest 3S, and Ray-Ban Meta smart glasses are capable of, it's impossible to look at a rival in their respective categories – XR or AI wearables – and recommend anything else. So Google and Samsung might want to throw their collective wallet around if they’d like to achieve the results Meta has.

Gemini in VR, so what? (Image credit: Google) You can’t just say “AI” and call it a day

Google and Samsung’s gambit instead seems to be the promise of AI functionality facilitated by Gemini. However, simply announcing that "Gemini will see what you see and hear what you hear," and refusing to elaborate isn’t giving developers – or us – much to go on.

Meta AI exists on Quest and it isn’t exciting, so forgive me if I think the prospect of Gemini on Moohan sounds as thrilling as watching paint dry.

If Gemini offered some tangible potential use cases that Google and Samsung were talking about – an example I frequently point to is a chatbot which could generate virtual objects you can interact with that are based on your prompts – I’d maybe be less skeptical. But simply saying Moohan has AI and calling it a day won’t cut the mustard.

Smart AR glasses are coming, too but no timeline has been set (Image credit: Google)

If, though, we're talking about the AR glasses we’ve been promised by Samsung and Google, that’s a whole different ball game. A personal assistant who can share your experiences to help inform its responses – such as to give real-time advice like what groceries to pick up for a meal or how to get to a destination on time based on crowds and delays, or give on the fly details about a landmark you’re passing – that’s actually useful. But an in-the-home headset having those same capabilities isn’t all that useful.

To that end there’s a question as to whether Samsung and Google – much like Apple – even want to make a headset. I don’t believe headsets are on their way out – much like how phones and laptops coexist, I believe AR glasses and XR headsets will stand side-by-side – but it does seem like Google and Samsung’s expertise would lend itself to the more on-the-go AR glasses.

This chimes with what the two companies have told us about their headset and glasses so far, and it's the AR glasses that I’m most excited about trying, with Moohan, despite launching first, feeling like a less interesting afterthought.

With so many unknowns around Moohan I'll reserve judgment for now – but Google and Samsung will need to tread carefully, otherwise their Vision Pro competitor might turn out to be a Vision Pro clone in all the wrong ways.

You might also like

• Quest 3 YouTube app update finally adds an essential VR social feature
• Meta Orion: if this is a prototype the finished product will be incredible
• Ray-Ban Meta Smart Glasses are getting even more AI features

• It Takes Two developer, Hazelight Studios, announces its new game Split Fiction
• Split Fiction is a new cooperative adventure game featuring a fantasy sci-fi twist
• The game launches on March 6, 2025

Hazelight Studios, the studio behind the critically acclaimed hit It Takes Two, has announced its new co-op game, Split Fiction.

During The Game Awards 2024, Hazelight's director Josef Fares took to the stage to present the game's first action-filled trailer alongside a March 6, 2025 release date for PS5, Xbox Series X, Xbox Series S, and PC.

The three-minute trailer showcased what players can expect from the studio's latest narrative adventure, which, like It Takes Two, appears to feature a ton of exciting cooperative platform puzzles spread across different locales.

In Split Fiction, players take the role of Mio and Zoe, two fiction writers - one who writes sci-fi and the other fantasy - who become trapped in their own stories after being hooked up to a machine designed to steal their creative ideas.

The pair need to rely on each other through levels inspired by their respective fantasy and sci-fi worlds and break free with their memories intact. Along the way, players will unlock a variety of abilities that will need to be mastered as they work together with their co-op partner.

"Split Fiction is a unique action-adventure experience that keeps you on the edge of your couch with unexpected moments," Hazelight Studios said. "One minute you’re taming adorable dragons and the next you’re fighting as cyber ninjas, escaping terrifying trolls, or dodging hover cars thrown by a robotic parking attendant.

"It’s weird, it’s wild, and it’s designed to be shared. Grab your co-op partner and get ready to overcome any obstacle thrown your way."

Split Fiction preorders are now available here.

You might also like...

• Borderlands 4 has been revealed and, yeah, it looks very Borderlands to us
• The Witcher 4 officially revealed at The Game Awards 2024 with brutal trailer and confirms that Ciri will star as the titular Witcher
• The Outer Worlds 2 has been announced and it's arriving in 2025

• Amazon has paused its Microsoft 365 deployment
• The deal, worth $1 billion, will see 1.5 million Amazon employees get access to Microsoft Office
• Engineers from the two companies have been working to resolve issues

Amazon has reportedly delayed its deployment of Microsoft 365 following a Russia-linked cyberattack where threat actors were believed to have accessed some employees’ email accounts.

The deal, announced in October 2023, saw Amazon commit to a $1 billion spend over a five-year period to get access to Microsoft 365 applications like Word, Excel and Outlook for 1.5 million of its employees.

Amazon has asked Microsoft to make some changes to its software to protect against unauthorized access, including more detailed user activity tracking within the apps.

Amazon’s M365 rollout has been paused

The delay follows Russian hacker group Midnight Blizzard’s breach of Microsoft’s systems, which the company disclosed in January 2024. Amazon Chief Information Security Officer CJ Moses said (via Bloomberg): “At that time still, Microsoft wasn’t able to tell us if they had gotten the [hackers] out of their environment.”

Moses added: “We wanted to make sure that everything was logged, and that we had access to that logging in near-real time.”

The CISO reportedly gave Microsoft Security EVP Charlie Bell, who is handily an ex-Amazon engineering executive, a list of requests several months ago, and engineers from both companies are said to have been working together in an unlikely collaboration to address Amazon’s concerns.

Moreover, the delay reflects growing concern surrounding the security of cloud-based tools amid rising cyber threats, particularly as nations like Russia and China increase retaliation against Western restrictions like US chip sanctions.

Up until now, Amazon’s usage of Microsoft products has mostly revolved around installed copies of Office, rather than cloud-based and connected subscriptions.

Although some progress is believed to have been made, Amazon is yet to announce a new deployment timeline, however the company’s CISO has confirmed that the deal is unlikely to bew off: “We believe we’re in a good place to start redeployment next year.”

We haven’t heard anything about any regulatory action or approval process regarding the massive deal, but both Amazon and Microsoft have been treading carefully recently after facing numerous antitrust investigations and allegations of monopolistic behavior.

You might also like

• Cut the costs with the best free office software
• Amazon is set to sign a billion-dollar deal...with Microsoft 365
• Keep your data online by using the best cloud storage solutions

Apple Intelligence, in all its fullness, is emerging before our eyes, taking a big leap forward this week with the introduction of iOS 18.2. Across the iPhone landscape (at least those that can support Apple's brand of artificial intelligence), millions are experiencing their iPhone's ability to transform them into cartoon-like characters and, through Image Playground, create fantastic mashups and oddball scenarios.

I'm not immune to this allure. I used Image Playground to transform me into a wizard I can share with my unimpressed wife, who told me, "I don't need this in my life." Later, I created a tiny wizard, Genmoji Lance, that I can use as a message emoji. Perhaps she'll like that better.

Conversation is still not Siri's strong suit.

Sometimes, Apple's commitment to its Apple Intelligence efforts appears almost tentative. For instance, find the Genmoji beta. It's hidden in Messages under first the emoji and then an even tinier version of that icon with a little "+" next to the "Describe an emoji" field. It's a fun tool; why hide its light under a bushel?

After spending way too much time in Image Playground and with Genmoijis, I turned my attention to Siri and remained unimpressed.

Apple's late entry into the Generative AI space means there's more pressure for Apple to bring something truly useful to the space, and, if I'm being honest, Genmoji and Image Playground aren't it. They're fun, but what excited me most about Apple Intelligence when Apple first introduced it at WWDC 2024 was how your iPhone (as well as the Mac and iPad) might become more self-aware.

(Image credit: Future)

In a release on Apple Intelligence, Apple promised that Siri would be "able to take hundreds of new actions in and across Apple and third-party Apps." Apple claimed that I'd be able to ask Siri to “'Send the photos from the barbecue on Saturday to Malia,' and Siri will take care of it."

To be fair, Apple has noted that Apple Intelligence would roll out through late 2024 and into 2025. It's an incredibly slow schedule in a space where competitors and partners like OpenAI are releasing massive updates almost daily (see 12 Days of OpenAI).

Some of Apple's most powerful AI tricks aren't even its own.

On the other hand, the lack of clarity about exactly what's enabled on our current version of Siri is frustrating. Siri now looks completely different and is lovely, but it mostly equates to a facelift where the underlying bone structure is essentially the same.

Siri still struggles to carry on conversations, and when I tried to replicate the photo request, asking Siri to send photos from a recent holiday party to my wife, Siri simply told me, "I can only send screenshots from here." That's a long way from being system-aware and truly helpful. At the very least, I'd expect Siri to guess which recent photos I was talking about.

In photos, when I asked Siri to "Open screenshot" because I now struggle to find that album in the redesigned Photos, Siri took a screenshot of the page. Thanks, Siri, for another screenshot I'll struggle to find later.

(Image credit: Future)

There are many things Siri can now do with the system. I can switch to Dark Mode simply by asking Siri. The digital assistant is better at navigating my mumbles. I can open Home through Siri, but Siri can't help me solve my Home woes, which includes looking at my home network to see if there are other smart devices that are not part of the Home system.

Siri is still clever. I asked it what it was doing today, and it told me, "I'm pondering eternity, it's taking forever." But when I asked what that meant, Siri had no response – conversation is still not Siri's strong suit.

Similarly, third-party app integration and on-screen action awareness aren't really a thing yet. Siri can open Threads, for example, but when I asked it to compose a new post, Siri got stuck in a "to who?" loop. Since Threads is a public social media platform, the answer would be "to Everyone," I got nowhere with this request.

Image 1 of 2

(Image credit: Future)Image 2 of 2

(Image credit: Future)

Some of Apple's most powerful AI tricks aren't even its own. iOS 18.2 brought a Visual Intelligence update to Camera Control (that new "button" on the side of your iPhone). You hard press Camera Control to launch a special image capture window. Press the shutter button, and you're presented with two options: Ask or Search.

If you choose Ask, your query is sent to OpenAI's ChatGPT, and if you choose Search it goes, yes, to Google. Both of these work well, but where's Apple Intelligence in this picture? Where's Siri? Apple can't really claim the AI work of others as its own, right?

I understand that Apple Intelligence is a work in progress, but the shinest object for any generative AI platform is still the chatbot. The voice assistant on platforms like Gemini and ChatGPT can carry on lengthy conversations, see what you're seeing, understand the context, and take action.

Even after the iOS 18.2 update, Siri is miles away from that. I know how careful Apple likes to be with these things, but if it continues checking the engine before mashing the gas pedal, the rest of the AI race cars will leave it far behind. You can't win a race when it's over and won.

You might also like

• Exclusive: Inside iPhone Camera Control – it's not a button, and Apple says it's 'unlike anything we've ever developed'
• Apple Intelligence "changed my life" says Tim Cook
• I've used Genmoji and now I'm convinced Apple Intelligence will be a huge success
• I've used Apple Intelligence Writing Tools and it supercharges the Notes app

• A new rumor out of Finland seems to share details of the Galaxy S25 lineup
• We can't verify the information for ourselves
• The report makes no mention of the rumored S25 Slim

A Finnish carrier has apparently shared key details for the rumored Samsung Galaxy S25, S25 Plus, and Galaxy S25 Ultra by adding the information to a public database, which would indicate a launch is coming soon.

That’s according to Finnish tech news site Suomimobiili, which shared the story without naming the carrier in question – as such, we can’t verify this for ourselves. This means it’s difficult to afford this rumor the same amount of weight as a typical tip or claimed leak.

Nevertheless, the report says that the model names, storage options, and colors of the new phones were all briefly listed by the unknown carrier.

First off, it seems that we’re getting the same three-phone lineup as the current generation, comprising the Galaxy S25, S25 Plus, and S25 Ultra – this contrasts with prior rumors that speculated the Ultra could be reworked as a new Galaxy Note, with the Plus taking on the Pro moniker used by iPhone and Google Pixel.

These three models will apparently offer the same storage configurations as the S24 lineup too, with the standard S25 getting 128GB and 256GB options, the Plus getting 256GB and 512GB options, and the Ultra getting 256GB, 512GB, and 1TB options.

As for colors, four options are listed for the Galaxy S25 and S25 Plus, with a further four for the S25 Ultra. The report says that the vanilla S25 and S25 Plus will be available in Silver Shadow, Navy, Mint, and Iceblue, with the Ultra available in Titanium Whitesilver, Titanium Silverblue, Titanium Gray, and Titanium Black.

If these prove accurate, we think some of these names may change in English-speaking regions, though they do align with previous rumors.

Additionally, the carrier listed several protective cases, including some with magnets built in. Other rumors had pointed to Samsung bringing magnetic wireless charging to the S25 lineup but this may be enabled through a case instead.

The report also lists rugged cases, silicone and standing cases, and a new line of cases titled “Kindsuit”.

As the report notes, these details reflect the models coming to Finland, though this is a fair approximation of what Western markets will receive – Samsung typically releases the same models worldwide, with East Asian markets the sole exception.

There has been some talk of a Galaxy S25 Slim arriving with this year's lineup, but this report suggests we won’t be seeing it this time around. However, since the informaton isn’t linked or even really described, we’re hesitant to give too much weight to this selection of rumors.

Samsung is expected to reveal the Galaxy S25 lineup in January 2025. For the latest official updates as we hear them, be sure to keep up with our Samsung Galaxy phones coverage.

You might also like

• All four iPhone 17 models are again tipped to get 120Hz displays, and I couldn’t be happier
• United Airlines and Apple AirTags are ready to help reunite you with your lost bags
• You've got more time – the great Google Maps Timeline switch gets a new deadline date

The traditional meaning of resilience is akin to “keeping the lights on” referring to the ability to restart or recover physical infrastructure, such as a server, network switch, storage array or data center, in the event of an outage. This was often related to the data center's setup, including whether it had diverse power feeds, battery backups, or generators that were tested and ready to take on the full data center load if required.

This still matters - as evidenced by data center failures in the past year that led to prolonged outages of IT equipment and the digital service. But it’s no longer principally what is meant when businesses, governments, regulators, and others say that resilience postures need to be raised.

Newer references to resilience are perhaps better understood as digital resilience: the ability of a digital application or service to continue to operate should a problem emerge with any part of the infrastructure that supports it. This is a much broader conversation than a single data center.

Digital service delivery today involves an amalgam of infrastructure that the service provider owns or leases access to. This exposes digital service providers to third-party suppliers, suppliers of suppliers, and so on throughout the digital supply chain. A decision by a supplier that plays a role in powering the digital delivery chain can have upstream and downstream impacts. Without end-to-end visibility of that delivery chain, it can be difficult to pinpoint the root cause of any performance issue or disruption.

This is the modern meaning and challenge of resilience. It involves infrastructure under direct, indirect, as well as limited control. What sits outside organizations' purview is considerably harder to manage. Still, policymakers, governments, executives, and boards expect organizations to maintain resilience when delivering digital products and services - no matter where a service is hosted, what the user location is, or if an application is owned by someone else entirely.

Digital resilience in the digital economy

As organizations continue to embrace the realities of today’s digital economy and adopt new technologies to satisfy the needs of both customers and employees, digital resilience has come into sharper focus.

For IT teams tasked with ensuring that every digital experience delivered is flawless and always on, assuring performance across environments that are outside of their control has become a difficult challenge and concern. Depending on the severity, a relatively obscure problem anywhere along the digital supply chain has been shown to be capable of impacting entire populations and regions. Such occurrences reflect a longstanding architectural challenge: namely, the need to locate and eliminate single points of failure.

The digital delivery chain is only as strong as its weakest link or component. That has generally led organizations to re-architect and continuously optimize their digital delivery chains to try to ensure they are not exposed to single points of failure. In the case that they remain exposed it has led to the implementation of controls or other countermeasures that shield their environment from an adverse change being pushed through by the supplier controlling that link in the chain.

When it comes to solving these challenges, it is not just an IT problem, it’s a matter of business continuity. At its core, achieving digital resilience means being able to prevent, detect, and respond to events that could disrupt digital experiences and harm business outcomes. Doing this means organizations will need to embrace new, proactive management approaches that include both the systems they own, as well as the ones they don’t.

Understanding the underlying dependencies

Governments globally are increasing their influence on future directions for resilience, in many ways acknowledging the complexities of today’s interdependent digital supply chains and emphasizing the need for continuous and meaningful assurance to safeguard access and usability.

Whether the EU’s Digital Operational Resilience Act (DORA) for financial services, the U.S. Federal guidance on digital experience, or Australia’s Security of Critical Infrastructure Act and accompanying resilience requirements, there’s recognition at the policy level that building resilience requires a concerted effort and focus; that resilience planning and architecture needs to be regularly tested; and of the need for preventative maintenance to address any detected weaknesses.

Under DORA, for example, banks, insurance companies, investment firms, and their third-party ICT providers must now meet an enhanced set of requirements covering risk management, the resilience of their networks, incident reporting, and much more. These requirements mandate consistent monitoring and vigilance—not only of the own IT infrastructure, but that of third-party partners too. This, in turn, is making financial institutions take full responsibility for their entire service delivery chain, even the parts they don’t directly control themselves.

Technology has a role to play and solutions for cross-domain visibility and digital assurance are enablers for organizations involved in digital service delivery. These capabilities help in understanding the underlying dependencies along the entire digital supply chain that impact end user experiences. It utilizes various technologies, including synthetic transaction monitoring (STM) and real user monitoring (RUM), with the aim of measuring and surfacing experience health in digital delivery scenarios, particularly where the user's perspective is located across the Internet from the application or service.

To meet the current and future needs for digital resilience, whether driven by government policy or other incentives, organizations may in future require a selection of visibility and redundancy options at their disposal - where that makes financial sense. Or, in simpler terms, to see their entire digital supply chain like they own it, and to have a backup plan for their backup plan.

We've featured the best business intelligence platform.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Cybersecurity researchersuncoer new piece of malware called IOCONTROL
• It targets IoT devices in critical infrastructure organizations
• IOCONTROL is modular, and capable of targeting devices from multiple manufacturers

American and Israeli critical infrastructure is being targeted by a dangerous new piece of malware, and the culprits seem to be Iranian.

Cybersecurity researchers Claroty obtained a sample of the malware, called IOCONTROL, from a compromised industrial system, and analyzed it.

An Iranian state-sponsored group known as CyberAv3ngers is suspected of having built and deployed IOCONTROL - and while it is not known by which methods the hackers managed to infect their victims with IOCONTROL, the targets seem to be Internet of Things (IoT) devices and OT/SCADA systems used in critical infrastructure organizations in above-mentioned countries.

Modular malware

The devices mostly targeted are routers, programmable logic controllers (PLC), human-machine interfaces (HMI), IP cameras, firewalls, and fuel management systems. In fact, it was a Gasboy fuel management system - the device's payment terminal (OrPT) - from which a sample was extracted to begin with.

Claroty says the malware is modular, and can be used for data exfiltration, and possibly even service disruption. Some of the commands supported include exfiltrating detailed system information, running arbitrary OS commands, and scanning specified IP ranges and ports for other potential targets. The malware can apparently control pumps, payment terminals, and other peripherals.

IOCONTROL can be installed on D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics gear, it was added.

While the exact number of victims isn’t known, CyberAv3ngers told their followers on Telegram that they compromised 200 gas stations in Israel and the US, and Claroty believes the group isn’t exaggerating. The majority of the attacks happened late in 2023, although the researchers did spot new campaigns in mid-2024.

Iran's state-sponsored threat actors are among the most active in the global cyber threat landscape, focusing on espionage, sabotage, and disinformation campaigns. Some of the most notable ones are APT33 (AKA Refined Kitten), APT34 (OilRig/Helix Kitten), MuddyWater (Static Kitten/Seedworm), and Charming Kitten (APT35/Phosphorus).

Via BleepingComputer

You might also like

• BlackByte ransomware returns with new tactics, targets VMware ESXi
• Here's a list of the best antivirus
• These are the best endpoint protection tools right now

It’s clear that the stakes for businesses facing IT disaster recovery have never been higher. The recent CrowdStrike outage – a global IT disruption caused by a faulty software update – served as a sobering reminder of how fragile our interconnected digital ecosystems truly are. While not the result of a cyberattack, this incident highlighted the enormous financial and operational risks that come with service disruptions. According to Parametrix, this outage alone may have cost Fortune 500 companies up to $5.4 billion in losses.

Outages such as this underscore the vulnerability of our systems and the urgent need for robust disaster recovery (DR) strategies. They also provide an opportunity for companies to reassess and strengthen their data reliability, availability, and resilience. Continuous DR planning can enable companies to reduce downtime, data loss and operational disruptions while maintaining business continuity by restoring critical applications and infrastructure – ideally within minutes after an outage.

The importance of disaster recovery planning

Not only do cyberattacks threaten business continuity, but they also impact the potential for service outages, natural disasters and even regulatory non-compliance, which can bring operations to a standstill. Yet, despite growing awareness, many organizations remain unprepared for worst-case scenarios. Too often, disaster recovery is seen as a secondary priority – until a crisis occurs.

A recent report found that this lack of preparedness is pervasive, with 22% of organizations admitting they aren’t backing up critical data. In addition, 68% of IT leaders are uncertain whether their data infrastructure could recover from a ransomware attack, while only 29% are extremely confident their employees are following their security policies.

To mitigate the risks of outages and ensure business continuity, organizations need to adopt a proactive approach to disaster recovery. This can be done through the implementation of vital strategies for establishing resilient DR plans and ensuring uninterrupted operations.

Stepping towards data resilience

First, businesses should start by conducting a thorough audit of their IT infrastructure, identifying weak points, critical systems and potential failure zones. This foundation will help tailor a disaster recovery plan that meets the organization's specific needs. This plan should then include clear protocols for backup, recovery, and restoration, and should be regularly tested through real-world simulations and scenario-based drills to ensure it is effective and ready to be deployed when disruptions do occur.

Organizations should also prioritize building redundancy across multiple geographic locations. Creating multiple copies of data across different sites ensures that if one site fails, the data is still accessible from elsewhere. Data replication can also help to distribute the load across multiple servers, reducing the risk of any single point of failure, while continuous replication ensures that all copies of the data are up-to-date, providing consistency and reliability.

Further advanced technologies can also be leveraged, such as distributed computing. This technology allows for the distribution of tasks across multiple machines and can be scaled up or down based on demand, ensuring high availability. This means that even if there are localized disruptions, systems can continue to operate and data remains accessible.

Together, these technologies ensure that data and applications are always available, even in the face of hardware failures or other disruptions. Overall performance and responsiveness of applications can be enhanced, and by leveraging multiple, cheaper machines, the need for expensive and high-end hardware is also reduced.

Compliance and culture

It is also increasingly important to stay ahead of regulatory changes. As regulations like GDPR continue to evolve, organizations must ensure their DR strategies remain compliant. Regular reviews with legal and compliance experts are critical to navigating complex regulations and protecting sensitive data.

In tandem with all of this, enterprises must remember that disaster recovery isn’t just about technology – it’s also about people. Employees play a crucial role in preserving business continuity. Businesses should foster a preparedness culture by providing ongoing training and encouraging cross-departmental collaboration to ensure teams can respond quickly and efficiently in an emergency.

Turning risk into opportunity

Organizations that invest proactively in disaster recovery can turn potential crises into opportunities for growth and stronger customer relationships. By partnering with trusted data infrastructure providers, businesses can build resilient, compliant systems that not only survive disruptions but thrive in their wake.

As Cybersecurity Awareness Month emphasizes the need for preparedness, now is the perfect time for businesses to re-evaluate their disaster recovery strategies. By planning for the worst, organizations can ensure they are ready for anything – whether it’s a cyberattack, a software glitch, or the next big crisis that could bring the IT world to a standstill.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• YouTube TV's standard subscription is now 14% more expensive
• The increase already applies to new subscribers
• Existing subscriptions will see the price go up on January 13, 2025

If there's one thing we've learnt the hard way, it's that streaming prices keep going up – and by way more than inflation. And while 2025 isn't even here yet, the first big price hike of the year has just been announced and will kick in before the first fortnight of 2025 is over.

The streamer is YouTube, the service is YouTube TV, and the price hike is a whopping 14% increase on the current subscription price. To put that into context, the current US rate of inflation is 2.7%.

Not only that, but the hike has already happened: it kicked in for new subscribers yesterday, 12 December, raising the price of a basic subscription from $72.99 per month to $82.99 per month. For existing subscribers, the increase will take effect on January 13, 2025.

This may be the first 2025 streaming price hike, but it won't be the last.

A message for our members: we have always worked to offer the content you love, with features to enjoy the best of live TV. To keep up with rising content costs, we’re updating our monthly price to $82.99/mo. (1/3)December 12, 2024

Why is YouTube putting its prices up?

According to YouTube, the inflation-busting price rise is because of "the rising cost of content" and investments in service quality that apparently can't be absorbed by the streamer, whose revenues cracked $50 billion this year for the first time as ad revenues increased 12% year on year. While Google reports YouTube revenues, it doesn't detail YouTube's costs, so we'll just have to take their word for it.

If the given reason is true and Google's not just cackling as it hikes its subscription fees ever higher, it's likely to set off an avalanche of increases for other streamers – and with some streaming price increases, such as Hulu's latest price hike and Paramount Plus's UK one only just taking effect, that's a pretty bleak prospect if they haven't already factored rising costs into their most recent increases. I hope they have. After all, Hulu's last increase put the price of its With Ads subscription up by 25%.

According to research firm GWI, the ever-increasing cost of streaming is starting to have an effect on many of us: 39% of customers who have canceled or are considering canceling subscriptions cite cost as the main reason with 32% blaming price increases, while 29% say that they're simply paying too much for too many services. However, the research does say that most users – three-quarters – aren't currently considering quitting their subscriptions.

The same research has found one possible solution to the price hikes: bundling. 49% of consumers say that they'd sign up for a streaming bundle if it could cut the costs, with Gen Z and millennial viewers the most keen. That won't protect you from price increases – Hulu's recent hike put its bundle prices up too – but it might soften the blow a little bit.

You might also like

• The best streaming services
• The best streaming deals this month
• Why pay? These are the best free streaming services