While processor speeds and memory storage capacities have surged in recent decades, overall computer performance remains constrained by data transfers, where the CPU must retrieve and process data from memory, creating a bottleneck.
Hardware technologies enabling some operations to run in-memory have been in development for some time, but software that allows computers to perform processing operations directly in RAM, bypassing the CPU, has not been properly addressed.
According to a report on Techxplore, researchers at Technion (the Israel Institute of Technology) have developed a solution.
The memory wall problem"With some computations now handled by the memory, we need new software," explains Shahar Kvatinsky from the Andrew and Erna Viterbi Faculty of Electrical and Computer Engineering at Technion.
"This new software has to be based on new instructions that support in-memory computations. This new computation method is so different from the conventional one that it renders some of the existing building blocks of computer science unusable. Therefore, we need to write new code, which requires a lot of time and effort from software developers."
Kvatinsky has been exploring solutions to "the memory wall problem" - the bottleneck created by the use of different hardware components for computation - for years.
His research group, led by Ph.D. student Orian Leitersdorf in collaboration with researcher Ronny Ronen, has developed PyPIM (Python Processing-in-Memory), a platform that integrates in-memory computing with the popular programming language. PyPIM transforms high-level Python commands into machine-level instructions executed directly within the computer's memory.
The team at Technion believes this new platform will enable developers to write software for PIM computers with ease. Alongside PyPIM, the researchers have created a simulation tool to aid in hardware development and evaluate performance improvements compared to conventional computers.
The researchers' findings were recently showcased at the IEEE/ACM International Symposium on Microarchitecture in Austin, Texas, and a paper detailing their work has been made available on the arXiv preprint server.
You might also likeAn Argentine horror-fantasy film called The Witch Game is coming to theaters in the U.S. and UK, but the Spanish-language movie doesn't rely on subtitles or English speakers to voice the performances. Instead, AI tools will recreate the original actors' voices and have them speak English. It's a controversial move as it is an actual instance of the frequent warnings about AI taking people's jobs.
The Witch Game tells the story of a woman who gets a VR headset for her 18th birthday, which is capable of sending her to an eerie magical school in another world. Directly inspired by Harry Potter, The Witch Game is directed by rising horror star Fabian Forte.
The performers speak in Spanish for the film, which usually means for non-Spanish-speaking audiences, subtitles or voice actors hired to dub the movie. Instead, the English dialogue sounds like the original actors, dubbed into English using AI. The technology translates and synchronizes the characters' voices to mimic the original tone and emotion of the speech. On the one hand, it's a way to preserve the original performance. It's also cheaper, which makes global distribution of independent films more feasible.
And there's certainly demand for this kind of technology. Companies like Papercup, DeepDub, DubFormer, D-ID ElevenLabs, and other companies have all pioneered their own version of the same translate and re-dub tools. Most are still in early rollout or are aimed more at marketing and individually made videos. But there's a growing interest in what AI voices can do for films. That's one reason the Screen Actors Guild (SAG) went on strike recently and required certain guarantees from production companies before agreeing to a new contract.
AI dubbingVoice actors understandably have been outspoken critics of AI dubbing. It removes opportunities for professionals who know how to evoke the right emotion and match the cadence of dialogue in other languages, even if they don't sound exactly like the original performers. That can be a good thing since AI can't do subtext, or play with complexities, let alone be spontaneous with adjusting line readings.
There are also questions of consent and compensation when using AI. Do the original actors get the right to refuse an AI voice clone? Do they get paid for each additional language their voice clone performs?
Some performers with real power in Hollywood have already taken a stand. Robert Downey Jr. promised litigation from beyond the grave should a studio deploy an AI clone of his voice or appearance. California has passed a law prohibiting the unauthorized use of AI clones, but who knows how that will impact cinema globally. On the other hand, James Earl Jones agreed to let Disney use his voice for future Darth Vader projects before his recent passing. His contract details how and when his AI voice clone may be used, but the template is there.
These questions may not apply to The Witch Game, as it is a relatively niche film made with a non-Hollywood budget looking for wider reach. However, should it prove to be a success, it's easy to imagine other indie filmmakers around the world making a similar decision.
You might also likeAmazon has announced new image and video generation models as it steps up its fight to become an AI heavyweight.
The company unveiled Amazon Nova Canvas and Nova Reel at its AWS re:Invent 2024 event in Las Vegas, with CEO Andy Jassy revealing the launch as part of a new Nova series of AI models.
Both new models will be available in mid 2025, with the launches set to take Amazon into direct competition with the likes of OpenAI and Grok when it comes to image and video creation.
Amazon Nova Canvas and ReelThe new models look to initially target sellers and other users on Amazon's ecommerce platform, allowing them to quickly and cheaply create media content to enrich their pages.
Amazon didn't reveal too much in the way of specifics when it came to the new offerings, but did reveal Nova Canvas will allow users to create and edit images using natural language text inputs, and Nova Reel can provide "studio-quality" video, with features such as camera motion control, 360-degree rotation, and zoom.
In a blog post announcing the news, the company noted that customers on its Amazon Ads platform using the new models advertised five times more products and twice as many images per advertised product, widening their reach to buyers across the globe.
Looking forward, Jassy also revealed Amazon will be launching a Speech-to-Speech generation model in early 2025, followed by an "Any-to-Any" model in mid-2025.
The former will be able to analyse and understand streaming speech input in natural language, with the ability to interpret verbal and nonverbal cues such as tone and cadence, to reply in a natural, human-esque way.
The latter, which Jassy described as a true multimodal to multimodal model, will be able to take in text, images, audio, and video, before outputting in whichever mode is required.
You may also likeDoes anyone miss the MacBook Pro Touch Bar so desperately that they need it back in almost any form? The answer would be yes if you're talking to Eniac, a small company that's just reinvented the not-quite-iconic Touch Bar as a Flexbar that can be used with the Mac, iPad, Android, and even your Windows PC.
Apple Introduced the Touch Bar on MacBook Pros in 2016. It was as close as a MacBook would ever come to having a touchscreen display. In practice, you often touched the Touch Bar, which sat embedded along the keyboard's top edge, while looking at the touch-averse MacBook Pro screen. The Touch Bar was almost magically contextual, switching up display features depending on the app. The loss of function buttons and Power/TouchID button annoyed many hardcore MacBook Pro users, though. And Apple, perhaps sensing it had gone too far, killed the Touch Bar when it introduced its first Apple Silicon MacBook Pro laptops in 2022.
I lamented the loss and the Touch Bar's "innate serendipity," but I also understood the Touch Bar's somewhat limited utility and recall how that OLED display went untouched for weeks at a time.
Few, not even me, saw a need for a new Touch Bar and certainly not one that sits outside the system.
(Image credit: Eniac)As envisioned by Eniac and now on offer for $119 on Kickstarter, the new Touch Bar, called a Flexbar, is an aluminum bar featuring a 10-inch, 2K OLED display on one side. It looks every bit as adaptive as the original and even features haptic feedback. But it's a thickish strip that has to sit on top of the space between your keyboard and laptop display.
Having it awkwardly lying there while also plugged into power via its USB-C port as you touch and swipe at it, seems inelegant at best and certainly not the kind of thing that would ever emerge from, say, Apple's industrial design studio. At least there's a magnetic stand to hold the Flexbar in place, but that just makes it stick up even more from the keyboard.
If someone is that desperate to add touch to a MacBook, wouldn't they simply opt for an iPad? Similarly, many Windows 11 users enjoy touch-screen laptops; why do they need another touch-screen interface below that finger-friendly display?
What the engineers at Eniac might be missing here is the appeal of the original Touch Bar lay, at least in part, in that it was integrated into the MacBook Pro chassis. That made it subtle in the best way and allowed you to use it or casually ignore it. I don't see any way of ignoring the thick, aluminum Flexbar.
Eniac obviously sees things differently. The portable design could be a bonus because it means one Flexbar can be paired with numerous systems. Plus, Eniac is clear about why they created the Flexbar. From the Kickstarter page:
"The discontinuation of the original Touch Bar didn’t mean the concept was flawed—it simply wasn’t taken far enough to reach its full. There’s something undeniable itself: the potential for a customizable, adaptive interface that could streamline workflows was immense."
Flexbar does lean hard into customizability and macros; it appears just as functional and customizable as the original Touch Bar. But I still can't see the MacBook Pro audience adopting it. It may find more fans among people who want to use it alongside Windows systems, iPads, and Android tablets. At $119 when it starts shipping in 2025, it may be cheap enough that people will say, "What the heck, I'll give it ago."
Even so, I would not call this a Touch Bar replacement as that's kind of an insult to the original's elegant design.
You might also likeBack in May 2024, cloud archive provider Geyser Data and data storage and management firm Spectra Logic introduced a new Tape-as-a-Service (TaaS) cloud offering combining the durability and cost-efficiency of traditional tape storage with the flexibility of cloud services.
This TaaS solution addresses the growing demand for secure, cost-effective data storage, supporting large volumes while minimizing environmental impact.
Geyser Data claims up to 97% lower CO2 emissions, 87% less power usage, and 85% less e-waste compared to other cloud services. It offers enhanced security with dedicated tapes and full control over encryption keys, along with the freedom of immediate access.
Subscription serviceFollowing a well-received beta phase, the TaaS offering is now generally available.
Nelson Nahum, CEO of Geyser Data, outlined some of the service's key benefits, saying, "New workloads like AI require cold data to be warmer. One of our customers' biggest challenges today is the unpredictable and skyrocketing costs tied to data retrieval and egress fees in other cloud environments. Our service provides a simple and transparent pricing model that eliminates these burdens while giving businesses the storage capacity they need without investing in new hardware."
The 'enterprise-class' tape archiving solution operates on a subscription basis. It integrates with S3 APIs, allowing businesses to manage and store large volumes of data without the variable costs typical of traditional cloud providers, the need for specialized expertise, or reliance on complex on-premises infrastructure.
“By integrating Spectra Logic's Tape Archive Platform-as-a-Service (TAPAS) with Geyser Data's robust cloud software management platform, we've developed a solution that drives significant cost savings while also addressing critical power consumption challenges faced by data-intensive technologies such as AI and machine learning," noted Mitch Seigle, Chief Marketing Officer of Spectra Logic.
"As organizations grapple with the demands of rapidly expanding data volumes, tape storage provides unmatched security, longevity, sustainability, and operational efficiency - making it a pivotal element in modern data infrastructure strategies.”
Geyser Data offers a straightforward pricing model at $28 per tape per month, with each tape capable of storing up to 18TB of uncompressed data. This equates to an effective cost of $1.56 per terabyte. There are no restrictions on the amount of data customers can archive or back up, as the Spectra Cube library is designed to scale to meet demand.
You might also likeAn employee is suing Apple on behalf of the state of California for allegedly illegally monitoring worker devices and accounts, while also hindering their free speech by restricting their discussion of compensation and working conditions.
The suit, filed by Amar Bhakta, states that software required to be installed on employee personal devices gives Apple excessive permissions to access personal emails alongside photo libraries and data relating to their health.
Bhakta filed the suit after being requested by Apple to remove details of his working conditions from his LinkedIn page, and prevented him from talking about his employment on a podcast.
Apple lawsuit“Apple's surveillance policies and practices chill, and thus also unlawfully restrain, employee whistleblowing, competition, freedom of employee movement in the job market, and freedom of speech," the lawsuit stated.
Apple reportedly prefers its employees to use Apple devices for work purposes, but many employees prefer to use their own devices over the heavily restricted work-provided devices - but to do so the employees must install a piece of software that grants Apple permission to search all files on the device.
In response to the lawsuit, Apple issued a statement claiming that the case was without merit, stating “At Apple, we're focused on creating the best products and services in the world and we work to protect the inventions our teams create for customers.”
The same lawyers who are filing Bhakta’s claim also represent two employees who are suing Apple for gender-discriminatory pay differences for women in Apple’s engineering, marketing, and AppleCare sectors. Apple has also recently faced complaints that employees are illegally prevented from talking about sex bias and pay discrimination - complaints for which Apple has denied any wrongdoing.
Via Reuters
You might also likeNintendo has announced that the NES version of Tetris will be joining Nintendo Switch Online this month.
In a new X / Twitter post shared today, Nintendo confirmed that the classic 1989 title will be added to its Nintendo Switch subscription service next week on December 12.
This console version of Tetris features two modes of play, A-Type and B-Type, each with its own unique goals. For A-Type, players must achieve the highest score, while in B-Type, the board starts with randomized blocks at the bottom of the field, and the goal is to clear 25 lines.
To play the NES version of Tetris, Nintendo Switch users must be subscribed to Switch Online for $3.99 / £3.49 / €3.99 a month, or $19.99 / £17.99 / €19.99 for a 12-month membership, both of which give access to the NES, SNES, Game Boy, and Game Boy Color collections.
To get access to the other classic catalogs, including Nintendo 64, Game Boy Advance, and Mega Drive / Genesis, users must purchase the Switch Online Expansion Pack, which costs $49.99 / £34.99 / AU$59.95 for a 12-month pass.
Last week, as part of its November 2024 update, Nintendo added three more classic Sega Genesis games to the service, including ToeJam & Earl: Panic on Funkotron, Vectorman, and Wolf of the Battlefield: Mercs.
The addition of these three titles brought the total number of Sega Genesis games in the collection to 47.
You might also like...Cybercriminals have found a new and creative way to sneak phishing emails past your onlinedefenses and into your inbox, experts have warned.
A new report from cybersecurity researchers Any.Run observed crooks distributing corrupted Microsoft Word files in their campaigns. Most phishing emails come with an attachment. That file can either be malware itself, or can contain a link to a malicious website, or download.
In response, most email security solutions these days analyze incoming attachments before the recipient can read them, warning the victim if they are being targeted.
Stealing login credentialsHowever, if the file is corrupted, security programs cannot read, or analyze it, and thus cannot flag it as malicious. So, hackers have now started deliberately corrupting the phishing files, before sending them out. The trick? Word can easily restore them.
Once they are restored, and readable, it is already too late for email security tools to scan them, and the victim is presented with the malicious content which, in this case, is a QR code leading to a fake Microsoft 365 login page.
Therefore, the goal of the recently observed campaign is to steal people’s cloud credentials.
"Although these files operate successfully within the OS, they remain undetected by most security solutions due to the failure to apply proper procedures for their file types," Any.Run said.
"They were uploaded to VirusTotal, but all antivirus solutions returned "clean" or "Item Not Found" as they couldn't analyze the file properly."
Phishing remains one of the most popular attack vectors on the internet. While there are many software solutions helping businesses minimize the threat, the best defense remains the same - using common sense and being careful with incoming email messages. This rings particularly true for messages coming from unknown sources, and messages coming with a sense of urgency.
Via BleepingComputer
You might also likeIt's a new calendar month, and you know what that means: more movies on Paramount Plus. And this month's list of new additions to the Paramount Plus catalog is a doozy, with some absolute classics joining the line-up.
With so much to choose from it's hard to pick just three favorites, but whether you're looking for a big old weepie, a beautifully acted take on a very modern obsession or just a story about a man with a really big part – and we don't necessarily mean an acting part – then Paramount Plus has you covered.
HerScore: 95%
Rating: R
Run time: 1h 59m
Director: Spike Jonze
This is even more fun if you imagine it as a prequel to the Joker movie, because the star here is Joaquin Phoenix. But this is a very different role. Phoenix plays Theodore Twombly, a quiet, sensitive man who discovers who he thinks is 'Miss Right', played by Scarlett Johansson. There's just one problem. She's Siri.
If you liked Michel Gondry’s Eternal Sunshine Of The Spotless Mind I think you'll love this. Empire magazine says it's "a sweet, smart, silly, serious film for our times, only set in the future," while RogerEbert.com said that it was "one of the most engaging and genuinely provocative movies you're likely to see this year".
45 YearsScore: 97%
Rating: R
Run time: 1h 33m
Director: Andrew Haigh
Charlotte Rampling is magnificent alongside Tom Courtenay in this incredibly poignant tale of lost love and missed opportunities. Rampling is Kate, a married woman whose life is thrown into upheaval when her husband's long-lost ex is finally discovered in sad circumstances. The revelation puts incredible strain on their relationship, and it's a definite box-of-tissues weepie thanks to the towering performances by both leads.
According to MovieFreak it's "a drama of profound majesty sure to be marveled at for many years to come," while the Associated Press was enchanted: "How many great movies could be written across the enigmatic, profound face of Charlotte Rampling? Hundreds? Thousands? At any rate, Andrew Haigh's 45 Years is one of them."
Boogie NightsScore: 94%
Rating: R
Run time: 2h 32m
Director: Paul Thomas Anderson
It's 1977 and in the San Fernando Valley Eddie (Mark Wahlberg) and his impressive attributes are discovered by porn producer Jack Horner (Burt Reynolds), who turns him into porn superstar Dirk Diggler. According to the Chicago Tribune the story is told as "a beautifully made survey of '70s excess, filtered through the trashy world of the burgeoning porno film industry in southern California".
The film was frequently compared to Quentin Tarantino's work, but as Vice suggests "the Tarantino comparison is ultimately less about technique than a shared joyful electricity of the filmmaking, the sense of an artist clearly high on the sheer act of making a movie." Entertainment Weekly was one of many publications that felt it really hit the spot. "Boogie Nights, an epic tale of porn, pleasure, and excess, offers a purer hit of exhilaration than any movie this year," it ejaculated.
You might also likeThe Tor Browser is calling for volunteers within the internet community willing to support its fight against tougher Russian censorship.
The team aims to deploy 200 new WebTunnel bridges by the end of December 2024, "to open secure access for users in Russia," wrote the team in a blog post.
A Tor bridge is a non-public server run by volunteers that helps users bypass censorship and establish a connection to the Tor network.
WebTunnel, the provider explains, is a new type of bridge designed to blend into other web traffic and fly under the radar of censors, avoiding blocks. It does so by mimicking encrypted web traffic (HTTPS) while running over a web server with a valid SSL/TLS certificate.
We are calling on the Tor and Internet freedom community to help us scale up WebTunnel bridges. If you've ever thought about running a Tor bridge, now is the time. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users…November 28, 2024
While the number of active WebTunnel bridges (now 143) has more than doubled since its launch in March, it isn't yet enough to meet the rising demand within the country.
Tor's urgent call follows an escalation in Russian censorship efforts targeting access to Tor – including its built-in censorship circumvention features such as obfs4 connections and Snowflake – and other circumventing tools, like some of the best VPN apps on the market.
As per the latest data, nearly 200 VPN services are currently blocked in Russia at the time of writing. Between July and September alone, about 60 VPN apps silently disappeared from the Apple App Store in the country, bringing the total of unavailable applications in the Big Tech giant's official store to 98.
Running a Tor WebTunnel bridgeUnredacted, a non-profit organization that provides free and open services to bypass censorship and boost privacy online, announced its plans to deploy 10 new WebTunnel bridges only a day after Tor issued its own call for help on November 28.
Tor's campaign is set to run until March 2025 and calls for even more volunteers to set up and run new Webtunnel bridges. Besides helping people in Russia enjoy a free and secure web, you'll receive a Tor t-shirt if you decide to run five or more bridges over this period.
Below are the technical requirements to take part in the initiative:
Running a Tor bridge requires some IT skills, but don't worry – Tor put together a WebTunnel guide to help you with the configuration process.
Global shipments of folding displays decreased year on year for the first time in the third quarter of 2024, despite a number of well-received flagship foldable releases during the year, including the Samsung Galaxy Z Fold 6 and Google Pixel 9 Pro Fold.
That’s according to a report from Digital Supply Chain Consultants (DSCC), which aggregates data from across the tech manufacturing chain.
According to the report, demand for foldable displays decreased by 38% year-on-year in the third quarter of 2024, with only a moderate 5% increase in demand expected for the entire of 2024.
This contrasts with a previously strong upwards trend – in every year from 2019 to 2023, demand for folding displays increased by 40%.
DSCC now estimates that demand for the displays will decrease by 4% in 2025 overall, with total shipments holding steady at around 22 million.
The report doesn’t include much information on actual sales of folding phones, but does focus on foldable handsets as the primary use case for these displays.
More releases, fewer shipmentsThis decline may come as something of a surprise, given that our list of the best foldables has seen a few new entries this year – in 2024 alone the Samsung Galaxy Z Fold 6 and Z Flip 6, Google Pixel 9 Pro Fold, and cheaper options from Motorola have all hit store shelves.
And as our reviews for these devices note, the folding phones released this year have generally been the best we’ve ever seen.
As PhoneArena notes, the decline in shipments may be related to a number of smaller phone makers exiting the folding phone sector completely – generally global-focused brands like Tecno and Oppo.
The report does hold out some optimism, stating that Apple is likely to enter the market in the second half of 2026 – a folding iPhone would be expected to sell well enough to give a significant boost to the entire folding phone market.
Foldable futureWhile we don’t expect to see folding phones disappear any time soon, the report suggests these powerful devices may remain a niche rather than posing a challenge to the traditional slab form factor.
Though foldable devices offer a lot of power and convenience, they are consistently much more expensive than their slab phone counterparts.
It could be this fact that’s led DSCC to predict that even the most popular folding phone, the Samsung Galaxy Z Flip 6, will sell 10% less than its predecessor, the Z Flip 5.
And while a cheaper Galaxy Z Flip FE has been rumored for a while, there’s still currently no truly cheap folding phone available.
If the report’s prediction of a folding iPhone turns out to be true, we could see a surge in foldable fever – but it seems the industry will have to brace through a quiet year first.
For the latest updates on folding phones, be sure to check out our phones coverage, and for more on the Galaxy Z Fold and Z Flip series, head over to our Samsung phones coverage.
You might also likeDelving deep into the code for the latest beta version of the Google Gemini app, it looks like Google’s NotebookLM AI podcast creation software might be coming to Google Gemini on your phone.
Android Authority has found the following lines of code in a beta version of Gemini:
<string name="assistant_zero_state_suggestions_create_podcast_prompt_query">Generate audio overview</string> <string name="assistant_zero_state_suggestions_create_podcast_snippet_highlight">Generate audio</string> <string name="assistant_zero_state_suggestions_create_podcast_snippet_simplified">overview</string>As you can see, both “create_podcast” and “Generate audio overview” are visible, indicating that Gemini will have the ability to generate a podcast. Moreover, the NotebookLM section that creates the podcast is called an audio overview. Taken together, these two things would seem to indicate a role for Google’s NotebookLM in a future version of Gemini.
How would it work?Of all the weird and wonderful uses of AI to arrive in 2024, Google’s NotebookLM remains one of the most captivating. NotebookLM contains a number of products that use AI to help you learn any subject. You feed in your source material as a text file, PDF, or video, and it helps you organize that material. One of the ways it does this is through audio overviews.
An audio overview is essentially an audio file that takes the form of a podcast show between two hosts who are discussing whatever subject you’ve fed it via PDFs, web pages, or a YouTube video. Listening to two people discuss a subject is a great way to help you learn about it.
What makes NotebookLM great is how realistic the podcast sounds. It’s very hard to believe you’re not listening to two real people discussing the subject at hand.
If Gemini gives you the ability to create audio podcasts from data sources you feed it, then it’s going to be a great way to help you learn about new subjects.
You can imagine the situation where you upload a PDF to Gemini and then ask it, “Hey, can you make me a podcast about this PDF?” Combine that with Google Lens, and you could be able to get Gemini to generate podcasts about things you are looking at. Just imagine taking a trip around a famous building, like the Vatican, or having Gemini produce a podcast about the building that acts as a guided tour.
The potential for NotebookLM to integrate with other apps or be useful in new situations is almost unlimited, and we’d expect to see Google coming up with new and interesting ways to use it in the very near future.
You might also like...Hackers are still leaking sensitive information stolen via the MOVEit flaw, more than a year after it was first disclosed, experts have warned.
A threat actor with the alias “Nam3L3ss” recently started leaking sensitive data from six major companies to BreachForums: Xerox (42,735), Koch (237,487), Nokia (94,253), Bank of America (288,297), Bridgewater (2,141), Morgan Stanley (32,861), and JLL (62,349), The Register reports.
The publication further added that security researchers analyzed the data dump and confirmed its authenticity, adding that among the leaked information are people’s full names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.
Reader Offer: Save up to 70% on Aura identity theft protectionTechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
MOVEit files keep leakingThis is the type of information cybercriminals like most (apart from passwords and banking data, obviously), since it allows them to run phishing, identity theft, and similar attacks that can lead to ransomware, wire fraud, and more.
"This data is a goldmine for social engineering," Zack Ganot, chief strategy officer for Atlas Privacy said. "Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an org."
MOVEit is a managed file transfer (MFT) tool, used by large companies to securely share sensitive files. In late May 2023, it was discovered that it had a flaw, which was successfully exploited by a Russian ransomware actor called Cl0p. This group used the flaw to exfiltrate sensitive data from hundreds of companies using MOVEit.
Among the victims were numerous high-profile organizations across various sectors, including US government entities (Department of Energy, Office of Personnel Management), educational institutions (Johns Hopkins University), private enterprises (Shell, British Airways, Ernst & Young), and many others. In total over 62 million individuals were directly affected, with the true number likely higher.
You might also likeHackers are targeting people and businesses in Russia with malicious JavaScript, in order to install backdoors on their devices.
Researchers at Kaspersky, who named the campaign “Horns&Hooves”, noted how it started in March 2023, and has since infected roughly 1,000 endpoints.
The campaign starts with a phishing email, in which the attackers impersonate individuals and businesses, and send emails that mimic requests and bids from potential customers, or partners.
Actively developed campaignThe emails come with various attachments, among which is the JavaScript payload. This payload delivers two Remote Access Trojans (RAT): NetSupport RAT and BurnsRAT. In turn, these RATs are used to deploy the final payload: either Rhadamanthys, or Meduza.
These two are known infostealers. Since late 2022, Rhadamanthys is being offered on the dark web as a service, enabling crooks to steal a vast range of information from the target device, from system details, passwords, to browsing data. Rhadamanthys has specialized tools for stealing cryptocurrency credentials, with support for over 30 different wallets.
Meduza, on the other hand, is part of the growing threat landscape for personal and business cybersecurity. Like Rhadamanthys, it steals user credentials and other sensitive information, including login credentials for various services and applications. However, Meduza operates with a more focused scope, aiming to evade detection through various obfuscation and anti-analysis techniques.
Horns&Hooves is an actively developed campaign, the researchers are saying, stressing that the code was revamped and upgraded numerous times. While attribution proved difficult, there is reason to believe that TA569 is behind the attacks. This group, according to The Hacker News, is also called Mustard Tempest, or Gold Prelude) and is the one running the SocGholish malware.
The same publication also stated that TA569 was seen acting as an initial access broker for affiliates deploying the WastedLocker ransomware strain.
Via The Hacker News
You might also likeIt’s getting harder for organizations to identify the extent of damage incurred from a cyberattack – after the initial shock wave of panic anyway. You don’t want it to be difficult to trace the origins of an attack when the frequency of breaches is as rampant as it is today. Data breaches are more of an eventuality than a possibility.
Ask CISO heads how long it takes them to identify the blast radius of a breach, and the average response you’ll get is, at best, ‘hours.’ But ‘hours’ isn’t fast enough today. Just a single hour is all it takes for an attacker to pivot across infrastructure to access highly sensitive resources.
If the repeated Internet Archive breaches taught us anything, it’s how damaging exposure of the wrong information can be. Hackers used exposed access tokens from previous incidents to penetrate the organization’s Zendesk implementation. These API keys, left static since the original breach, provided hackers with easy access to over 800,000 support tickets. To add insult to injury, the hackers started replying to old support tickets criticizing the Internet Archive for failing to rotate these keys.
Unfortunately, the number of times we keep seeing these incidents is a symptom of how complex IT infrastructure has become. Finding out who breached your data, where, and how is often headache-inducing. This largely stems from how extremely fragmented identity silos have become, and the pile of identities needing management just keeps growing bigger. But there’s also the fact that access relationships between resources are also fragmented. This fragmentation of access and security models makes organizations vulnerable to human error.
What would fix this? A new cybersecurity paradigm – one without static credentials, eliminating the attack surface targeted by threat actors. Companies can further harden their security by shifting their access model from role-based authentication to attribute-based authentication.
The complexity of identity managementMicrosoft’s recent report identified over 600 million identity attacks in its 2024 fiscal year alone. If you’re wondering why that number is so high, it’s because humans make it easy. We leave credentials like passwords, browser cookies, and API keys lying around in the most obvious places. Further, long-lived, stale privileges allow a bad actor to pivot from their initial breach to other destinations on a network.
This makes it only a matter of time before a user inadvertently reveals too much information or prior credentials. Hackers are ready to pounce on these mistakes. We saw this happen with the initial Internet Archive breach, where an exposed GitLab configuration file contained an authentication token that enabled hackers to download the Internet Archive’s source code, which included additional credentials.
It also doesn’t help that access is often managed in completely different ways across Kubernetes clusters, cloud APIs, IoT devices, databases, etc. The silos emerging from this approach obstruct the ability to revoke access to compromised data, or to figure out who had access to what data in the first place.
If we want to begin to thwart cyberattacks, then step one to reducing the attack surface and blast radius has to be to remove all static credentials like passwords, as well as standing privileges. Our industry needs to shift to a mindset of securing identities cryptographically based on physical-world attributes that cannot be stolen (like biometric authentication). Additionally, access should only ever be enforced based on ephemeral privileges that are granted only for the period of time that work needs to be completed. Above all, companies shouldn’t treat identity management, policy governance, and access control as distinct endeavors. They are all interconnected.
Not everyone needs access, and they don’t need it anywhere, anytimeTraditionally, a lot of emphasis has been placed on assigning permissions to users based on their role within an organization – role-based authentication (RBAC). For cybersecurity models to modernize, however, there’s more companies can do to harden access controls, and one way is to ensure that resource access only ever takes place in an appropriate context.
Attribute-based authentication (ABAC) is how we get there, effectively setting very granular requirements for when someone can access a resource.
Imagine you have a database table housing sensitive data. Yes, you can grant access to employees with a certain job title – “Senior IT manager” – but there are other factors you should weigh for whether or not someone should gain access:
Where is the employee? Are they in the office? Or are they in Hawaii?
What device are they on? Are they using a work laptop, a phone, a tablet, or something else?
What time is it? Do they really need access to a resource when it’s in production?
The goal of this mindset is to give organizations the freedom to say things like, “all senior programmers trying to access database table X have to be in Milwaukee between 1pm and 3pm.” You’ve now effectively shut down the ability for anyone to access this database if they don’t fulfill these select requirements. No more access for the random guy drinking a slurpee in Hawaii.
Everyone should be able to govern on attributes when granting access to users, as opposed to granting access to anyone inside ‘the network.’ The mindset should be ‘locked by default’. That’s imperative to reducing the attack surface.
We've featured the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
By now, many enterprises are aware that integrating AI and generative AI into their work processes can streamline operations, improve efficiencies, and save them time and money. Some are on their way to meeting this reality; according to Deloitte’s recent generative AI report, 18-36% of organizations say they are already achieving the benefits they expect from the use of generative AI to a “large” or “very large” extent, depending on the type of benefit being pursued.
However, despite the clear advantages of leveraging this ground-breaking technology, integrating fast evolving AI into business operations also presents several challenges. As AI continues to develop, the obstacles facing business leaders when adopting these technologies also continue to grow. There are therefore challenges that must be overcome for organizations to fully harness the benefits of AI and generative AI – but business leaders can rest assured that there are key strategies they can implement that will play a crucial role in enabling successful integration.
Don’t do AI for AI’s sakeA common pitfall for many AI projects is the absence of a coherent strategy and defined objectives. An AI project will fail to deliver, even with heavy investment, if businesses don’t take the time to align it with their company’s goals and define exactly how it will add value – and how much value – relative to the cost of implementation. After all, there’s no point rolling out a project with the goal of adding five million pounds to your top line, if it’s going to cost you ten million to get there.
Whether you aim to deploy in your own data center or in the cloud, AI projects can be expensive, especially when you factor in both the infrastructure needed for deployment and the services needed to make it all work. Organizations therefore need to be very clear as to why they’re doing what they’re doing and what the return on investment will be. Business leaders should resist the urge to jump on the AI bandwagon and instead pursue thoughtfully conceived projects that align with the overarching goals of their organization.
Part of this means exercising caution against “AI washing” – the exaggerated promotion of overhyped AI solutions – and concentrating on pragmatic applications that deliver genuine value. These may well be smaller, more niche use cases, as opposed to massive process overhauls. For example, a construction company that counts health and safety as a key business priority might install cameras with AI onsite that can monitor workers’ workwear throughout the day. If someone isn’t wearing the right protective gear, the AI will flag to a supervisor who can step in to provide it, ensuring optimum health and safety levels at all times. In this way, the company is leveraging AI in a way that presents them with tangible, measurable business results that are right for them.
To aid them in finding these targeted use cases, organizations should look for partners who can help them to analyze their business from the outside in and identify the areas where AI can really make a difference for them.
Well-ordered data is the backbone of successful AIOnce they have defined their AI strategy, organisations then need to consider how they can successfully implement it. AI is extremely data-heavy, particularly when it comes to some of the latest generative AI use cases being explored. Businesses must therefore be able to locate all their data assets, consolidate and clean their data, and streamline their repositories, to render them suitable for AI applications. This demands a comprehensive understanding of both their data sources and storage services.
To create an AI chatbot, for example, a company needs to train it on a plethora of disparate data sources, from user manuals to previous customer call conversations. Only then can it be programmed, using that existing data, to respond accurately to common questions.
Get the right skills onboard and pay attention to regulationsIn order to successfully execute AI projects, enterprises must find or recruit the necessary skills into their business. With AI expertise currently in extremely high demand, those with the relevant skillset can be both hard to find and expensive, so allowing time for this should be factored in.
They must also stay abreast of evolving AI regulations to ensure compliance. For example, the European Union’s landmark AI Act recently came into effect, regulating the development, use, and application of AI for developers and deployers alike. This significant step highlights the importance placed on the safe and ethical development of AI technologies within Europe – a sentiment that we are also seeing come into force across the globe.
With these regulations, there are numerous elements to consider. If organizations are feeding data into AI models, they must, for example, ensure that they’ve obtained the right consents to use it, and that it is anonymized as required. There are also restrictions on data leaving the premises of whoever gathered it – to move it to the cloud, for example.
Back to basicsIf the right strategy, skills and data sources are not in place, AI projects could fail to be successful. However – somewhat reassuringly – this is not a new challenge; these are all obstacles that may have contributed to the failure of IT projects since such projects began. Yes, the possibilities that AI presents are different, but the fundamental elements that enterprises must think through when implementing these projects remain the same. It’s a fact that many business and IT leaders should take solace in when embarking upon their AI journeys.
If enterprises can do their homework – with support from the right partners – to ensure that the AI initiatives they look to integrate will contribute tangible value to their business, and then take the necessary steps for a rewarding implementation, they will set themselves up for success. Successful AI integration is there for the taking – organizations first just need to take the time to really get it right.
We've featured the best AI phone.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Max once again lives up to its name this month with a ton of new movies for you to stream. Its huge catalog is one of the reasons why we think Max is among the very best streaming services, but of course the downside of all that choice is that it's easy to miss some really great movies. So we're here to help.
As you can see from our guide to everything new on Max in December 2024, there are dozens of new movies adding to Max's already extensive catalog this month. There's lots of good stuff there, including these three highly rated gems; each one has a very high critical rating on Rotten Tomatoes and two are well-loved classics. The third is much more recent but no less deserving of your time.
The Shop Around the CornerScore: 99%
Rating: not rated
Run time: 1h 37m
Director: Ernst Lubitsch
This is one of the greatest romantic comedies ever made, and the years haven't dulled its considerable charm. James Stewart and Margaret Sullavan, friends off-screen, star in what the New York Times called "a genial and tender romance" in its 1940 review – it's funny but never sacrifices the story for cheap laughs.
The Shop Around the Corner is a classic odd-couple rom-com, with Stewart as his usual genial everyman and Sullavan as a straight-talking, no-nonsense woman with little time for fools. It set the template followed by later films such as You've Got Mail, but it did it first and did it better with its tale of two colleagues who can't stand each other but who fall for pen pals that turn out to be – you've guessed it – the very people they think they dislike.
The Maltese FalconScore: 99%
Rating: not rated
Run time: 1h 40m
Director: John Huston
Often imitated, occasionally parodied but rarely bettered, this glorious noir movie features Humphrey Bogart as hard-bitten private eye Sam Spade in what the London Evening Standard called "the best crook film that's ever been made".
The famously hard to please critic Pauline Kael of The New Yorker loved it too: "It is (and this is rare in American films) a work of entertainment that is yet so skillfully constructed that after many years and many viewings it has the same brittle explosiveness – and even some of the same surprise – that it had in its first run." It's beautifully shot and beautifully acted; most of it hasn't aged, although the occasionally overlong bits of exposition lifted straight from the book wouldn't make it into a modern script. But that's a minor quibble about what's widely recognized as a cinematic masterpiece.
Super/Man: The Christopher Reeve StoryScore: 98%
Rating: PG-13
Run time: 1h 44m
Director: Ian Bonhôte , Peter Ettedgui
For people of a certain age, there will only ever be one Superman: Christopher Reeve, who played the titular alien in four 70s and 80s blockbusters. But sadly Reeve's career was cut short in 1995 when he suffered terrible injuries in a horse riding accident – injuries that left him paralyzed. This documentary tells his story.
The consensus is that while structurally this is standard celeb-documentary fayre, Reeves himself makes the film something bigger – especially through his advocacy work on behalf of disabled people. As Empire magazine put it: "the film is a compelling document of a man who had special abilities in his own right, using his influence to change the ways the world views disabled people... its emotional account of Reeve’s life is a fitting tribute to a true superhuman."
You might also likeThe PC Gaming Show: Most Wanted is scheduled to air later this week where it will reveal the most anticipated PC games of 2025, as well as showcase new trailers and announcements.
If you're hoping to tune in to the broadcast, here's everything you need to know, including when and where to watch, and watch to expect.
Start TimeThe PC Gaming Show: Most Wanted is set to air on Thursday, 5 December, at 12pm PST / 3pm EST / 8pm GMT / 9pm CEST.
We're unsure how long the showcase will be at this time, but it's expected to at least last longer than one hour.
Where To WatchYou'll be able to watch the PC Gaming Show live on PC Gamer's official Twitch and YouTube channels, as well as on Ginx, Steam and China's Bilibili platform.
A number of Twitch streamers will also be live streaming the showcase, too, including Esfand, MissMikkaa, CohhCarnage, DieHardDiva, Elajjaz, GRONKH, XopO, and SodaPoppin, so fans will be able to watch along.
What To ExpectThe PC Gaming Show: Most Wanted will be presented by returning regular host Frankie Ward and narrated by Baldur's Gate 3's Amelia Tyler.
The broadcast will count down the 25 most-anticipated games in development for PC, chosen from a shortlist of 100 games, but viewers can also expect deep dives, exclusive trailers, and new game reveals during the live stream.
To name a few highlights, Avowed's game director, Carrie Patel, will answer quick-fire questions on the upcoming first-person role-playing game (RPG). A brand new trailer from The Game Breakers will be shared for its game Cairn, and a new for Killing Floor 3 will also make its debut.
Nightdive Studios will also unveil a new trailer for its restoration of the 2002 third-person survival horror game The Thing: Remastered, and ex-Kindred Aerospace CEO Martin Tweed will share an announcement about Revenge of the Savage Planet.
You might also like...AMD’s rumored Radeon RX 8800 XT could pack a real punch – especially for ray tracing – if a fresh leak about the next-gen GPU turns out to be true.
In theory, this will be the top-tier RDNA 4 graphics card – although it’ll be a mid-range GPU, as AMD isn’t doing the high-end this time around, going by the rumor mill – and the new info on performance and a possible release date comes from Zhangzhonghao, a leaker over at the Chiphell forums (in China).
Add plenty of seasoning, but the claim (as highlighted by Wccftech) is that the RX 8800 XT is a huge improvement in ray tracing performance, and a good step up for rasterization performance (no ray tracing) too.
Zhangzhonghao believes that rasterization performance will equal Nvidia’s RTX 4080 GPU, and that the 8800 XT will be more in the ballpark of the RTX 4080 Super when it comes to ray tracing.
The leaker also claims that the RX 8800 XT is 45% faster in ray tracing compared to the current flagship, the RX 7900 XTX, with the Resident Evil 4 Remake. And that in other popular games, the 8800 XT’s generational ray tracing boost is ‘epic’ albeit partly because the performance levels seen with RDNA 3 were pretty shoddy.
Another point to note is that power consumption for the 8800 XT should be 25% less than the 7900 XTX, although we aren’t provided with any specific metric here, just a vague assertion.
Regarding the release date, we’re told that the RX 8800 XT is about to start mass production in the middle of December. In theory, then, it could emerge late in January 2025, or perhaps February, which fits with current rumors of a Q1 launch for RDNA 4 graphics cards.
(Image credit: Future / John Loeffler) Analysis: Reasons to be hopefulInterestingly, most of the recent buzz is about the RX 8800 XT, and we’re not hearing anything much on the 8700 XT which would, in theory, be the likely partner GPU (based on guesswork and past rumors).
Considering that the unveiling of AMD’s RDNA 4 desktop GPUs is apparently planned for CES 2025, in just over a month, we’d expect more spillage about a sibling GPU to come through soon - unless Team Red is kicking off with a solo launch here before other RDNA 4 cards arrive further down the line, but we’d be very surprised if that was the case.
With the performance leaks, previous speculation has suggested that the top RDNA 4 GPU (in theory this 8800 XT) could be a bit faster than the 7900 XT, and equating the 8800 XT with the RTX 4080 here indicates that is indeed the case (though other rumors have suggested it’ll be level with the 7900 XT, so a touch slower than the 4080).
That’s for rasterization, but the leap with ray tracing looks to be a huge one – and that makes sense in terms of AMD wanting to fix that weakness with its next-gen desktop graphics cards. Fingers crossed on that front, as often the arguments in favor of Nvidia being the superior choice revolve around ray tracing (and DLSS too).
On the topic of power usage, with the current 7900 XTX flagship having a TDP of 355W, based on the above info, we could be looking at 265W or so for the 8800 XT, which would put it in much the same bracket as the 7800 XT. That suggests AMD is concentrating on driving performance with RDNA 4, rather than efficiency (but not performance at the cost of efficiency, crucially).
You might also likeThe best iPhones are known to last a long time, so it’s no surprise if you’re still happily rocking an older iPhone that’s several versions out of date. Despite that, you might find it’s not compatible with WhatsApp for much longer, as the developer of the popular messaging app has warned users that they’ll soon need to upgrade their iPhone or stop using the service.
As detailed by WABetaInfo, WhatsApp has begun sending notifications warning users that they need to “update to the latest version of iOS to continue using WhatsApp.” These alerts are being sent out to users who are running anything older than iOS 15.1 on their iPhones.
If that sounds like you, you’ve got around five months until WhatsApp stops working on your iPhone, as the app notification says WhatsApp will end support for older versions of iOS on May 5, 2025. WhatsApp recommends you open the Settings app and go to General > Software Update to update your iPhone.
Yet it might not be so simple to do that. If you have an iPhone 5s, iPhone 6, or iPhone 6 Plus – or any earlier iPhone – your device will not be compatible with iOS 18. That means you won’t be able to update your iPhone, and consequently WhatsApp will stop working on your device next May.
That’s not all. As pointed out by 9to5Mac, WhatsApp doesn’t have an iPad app yet (beyond a beta app that’s only available to people using Apple’s TestFlight service). That means that next year’s WhatsApp update will also end support for the first-generation iPad Air, the iPad mini 2, and the iPad mini 3, as they too only support iOS versions earlier than iOS 15.1
Time to upgrade? WhatsApp has been steadily introducing new features to its iOS and Android apps over the past year, including the ability to send photos in 'original quality' (above). (Image credit: Future)WABetaInfo states that WhatsApp could be ending support for older iPhones so that it can make use of newer features and technologies introduced in iOS 15. WhatsApp can go ahead and add these features if it doesn’t have to worry about being held back by outdated iPhones that can’t run them.
As well as that, it’s likely that there aren’t too many WhatsApp users currently on versions of iOS predating iOS 15.1, considering the iPhones in question were released years ago. WhatsApp could redirect its efforts to optimizing the app further for the larger number of users who have more modern iPhones.
If you’ve been eyeing up a new iPhone or iPad, perhaps now is the time to start looking around for the best iPhone deals and money-saving iPad bargains. Black Friday may be behind us, but that doesn’t mean you can’t score a solid discount and ensure your device can keep using WhatsApp for the foreseeable future.
You might also like