TechRadar News

• ESET discovers a new piece of malware called WolfsBane
• This malware features a dropper, a launcher, and a backdoor
• It is being used by a group known as Gelsemium

Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET, have said.

The WolfsBane malware features a dropper, launcher, a backdoor, and a modified open-source rootkit for detection evasion. While not completely outlandish, the approach is rather unconventional, since most hacking groups will develop just one of these features, and use other people’s solutions for the rest.

That being said, WolfsBane’s key ability is to grant its operators total control over the compromised system. It can execute commands coming in from the C2 server, exfiltrate data, and ultimately - manipulate the system.

Gelsemium is active

ESET doesn’t know for certain how the attackers accessed the target systems to deploy the malware in the first place, but assesses “with medium confidence” that the group exploited an unknown web application vulnerability.

The group, in this instance, is called Gelsemium, suggesting that it has at least one herbalist in its ranks. Itis a relatively known Chinese group, active since at least 2014. It mostly targets government institutions, educational organizations, electronics manufacturers, and religious institutions. The majority of its victims are located in East Asia and the Middle Easts.

ESET also suggests that the group decided to target Linux since Windows’ defenses have been getting better lately.

"The trend of APT groups focusing on Linux malware is becoming more noticeable,” ESET said.

“We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft's decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux."

Via BleepingComputer

You might also like

• Linux systems are being hit by a wide-ranging and dangerous new malware
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Monitoring call times, optimizing agent schedules, timely analytics, not to mention the ability to view the entire customer journey in real and historic-time, ensuring agents have the on-demand resources and data to deal with complex customer requests – the benefits of Artificial Intelligence (AI) in customer service are huge and still only in part realized.

The value of AI is not in replacing jobs, but in doing the jobs that enhance the ears, the eyes, and the ‘voice’ of the contact center – their agents, so that both can, put simply, do their job of looking after the customer so much better. He explains how to find your way through the AI hype to the four areas where AI will bring contact centers and employees most value.

A recent Deloitte study “2024 Global Contact Center Survey” finds that service innovators are over performing and setting a new gold standard – 1.6x in meeting strategic goals, 4.6x in improving customer satisfaction and 2.5x in employee satisfaction. The report identifies service innovators as those that invest in the use of AI and analytics as key drivers.

Using AI in the contact center can contribute massively to quality management and take away the laborious activities associated with quality management when reviewed by a human For example, AI can track whether the call went according to all rules, regulations, and company policies, it can monitor whether the tone of voice was correct, and it can determine if customer details, financial or not, have been stored correctly and safely. It can of course do all this at a much quicker rate than humans, and aids the better management of day-to-day operations.

But there’s even more potential to leverage AI - aggregating and analyzing key contact center data points – then integrating these insights into a real-time dashboard to automatically alert contact center supervisors of any exceptional activity. The potential goes on.

So you need to get on to the AI bus, but how do you find your way through the AI hype?

There are four key areas where AI is seriously improving customer contact enablement in the contact center:

1. Text channels with an AI boost keep flexibility at the core

Regardless of the number of agents operating in a contact center, AI can be a useful tool in the condensing and analysis of large amounts of data. If you think AI will be used to replace humans, read on. New research suggests that 70% of contact center managers believe AI will mean there will be more agents in the next 10 years, not fewer – and their roles are likely to evolve. Here’s how.

The use and need of AI can vary from business to business, so it’s important that a comprehensive contact center solution keeps flexibility at the heart of operations. Integrating AI into text channels, i.e., emails, SMS, web chat, and other social channels needs varying levels of flexibility. For example, does a customer wish to use AI-assist for email enquiries? Or would they simply prefer an automated email process?

AI is capable of answering simple questions. A customer query into business opening times would not warrant a human agent response, in fact, it would simply be a waste of agent time and resources. Instead, AI could answer this quickly and efficiently, leaving human agents to deal with more complex enquiries

But the human element remains. The age of personalization is not dead, and its with these more complex queries that human interaction still has a strong hold over the customer journey. Here, AI uses customer data to inform next actions dependent on the individual customer. It can route customer queries to the right person, and provide assistance for these requests – think suggested responses, summarized data, previous call history.

It all contributes to a better customer experience and employee experience. When agents are better equipped to deal with these queries, they are empowered, their efficiency is increased, and confidence and trust is instilled and builds for both customers and employees.

…and it speaks any language!

Transcription and translation services within AI make global communication easier. Even if the agent and the customer are speaking different languages, AI integrated into these text channels can help them communicate in a preferred language. The benefits are clear to see, particularly for countries with multiple languages - Belgium, as an example, has four languages!

2. The ears and eyes of the contact center: AI call routing improves CX and EX

Directing a customer query to the right place and person might sound like standard practice, but it’s a critical element of a great customer journey. Customers always demand a quick and easy resolution. It’s where a comprehensive recording helps. Call recording is not new, but the process can be made even better with the use of AI. AI will listen to the call in progress and provide summaries to the agent, and suggestive answers. It’s there to help employees and ensure they have correct tools, answers, and data to be efficient.

Using AI, the purpose of the call can be quickly analyzed. Whether it’s to ensure that previous correspondence is considered – perhaps a customer sent an email a while back, this will be added to their record – or that the reason for call is directed to the right department in the contact center. It’s important that the right agent has the means to deal with the query on the end of the call.

It’s not what you say, it’s the way that you say it.

Going a step further, AI also provides semantic recognition to monitor the tone of the call – it examines the conversation for specific words or the general sentiment or mood of the customer, such as whether they’re slightly angry, very disappointed or even laughing, for example. Sentiment analysis is used by the system to proactively analyze cases and provide agents with suggestions for how to resolve issues quickly and effectively, to ensure the customer journey is pleasant right the way through. It all aids better, more effective training.

Not only this, sentiment analysis can also send alerts directly to a supervisor for the chance to intervene or be used in future training exercises to improve employee workflows. It can work across screens, social media, and webchat, in fact, it will operate on whatever channel agents and customers are using, to support additional training and an agent’s ability to solve the issue.

3. Historical and real-time reporting: Knowledge of the past enables you to deal with the future

Reporting provides visibility into processes and events that might not be visible on quick inspection – something that is especially important in the virtual contact center where service and operations are spread out over remote locations.

When it comes to day-to-day operations, reporting within the contact center can be hugely beneficial when integrated with the use of AI in three particular areas: wasted time is reduced by ensuring human agents are focused on the jobs that matter most, human agents and distractions are monitored and assessed on how to be minimized, and the length of calls and busy peak times are reduced, as contact centers can ensure they have enough staff on during busy periods, with a focus on how calls can be more efficient.

In order to maximize the value in their data, contact centers need two types of reporting: Historical reporting and Real-time insights. Both are vital to laser in on key pain points in the customer journey and address them with precision.

4. A safe place: Keeping data secure with Microsoft Azure AI

After all this, the importance of security can’t go unnoticed. Gen-AI requires access to a large data set, and in a contact center setting this can be personal customer data that must be kept safe. If you’re storing customer data, then it’s a given that you need a secure technology stack that keeps this information private.

For example, a solution natively integrated with Microsoft Teams means the entire tech stack, including AI models, is Microsoft based. Therefore, all data is stored in Azure Open AI, and therefore all data is always kept in the tenant customer. Risk and safety monitoring, safety evaluations, prompt shields, safety system messages are just a handful of the new features coming to Microsoft Azure AI to help keep businesses safe. Take a cyberattack as an example. If a cyberattack meets certain criteria defined by the security team, AI can automate the response and isolate the affected assets. Generative AI takes this one step further by producing original natural language text, images, and other content based on patterns in existing data.

Keeping customers secure is a top priority for Microsoft, which is why the company invests $1 billion every year into security, which includes protecting the Azure infrastructure. It also employs 3,500 cybersecurity experts, including 200 who continually look for weaknesses. When it comes to how the technology works, data sent within the Azure environment is automatically encrypted by AI. Then, automated smart traffic monitoring and profiling makes it easier to detect and deflect threats as the system knows when something looks out of the ordinary.

The triple boost from AI: enhancing EX, CX, and contact center operations!

The power of AI when used correctly in the contact center can be felt along the entire contact center chain. It begins with well-trained, empowered employees that are equipped with the tools and data to perform at an exceedingly high level. They are able to answer customer queries quickly, and correctly, in whatever language the customer speaks!

Contact center operations are optimized, whether it be for the length of calls and monitoring for peak times, contact centers can use AI to reduce wait times and ensure more staff are working in busy periods. Effective reporting software gives employees access to historical information and real-time insights to assess the severity of queries. Not to mention that all their data and personal information is kept safe!

And finally, it all contributes to a better customer experience – whether it be a quick resolution, first time fixes, short wait times, or a call directed to the correct department – it all falls under the CX umbrella.

Remember, AI does the jobs better that are too time consuming for humans to do, leaving humans to do the jobs that they are good at better – customer service.

We've featured the best CCaaS (Contact Center as a Service) provider.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• OpenAI could be mulling the idea of making a browser, but it’s early days
• The browser would pack ChatGPT, but we have precious few details yet
• OpenAI has recruited some key staff involved in the making of Chrome

OpenAI appears to be gunning for another key aspect of Google’s business, with apparent plans to build a web browser to rival Chrome.

You’ll get no points for guessing that OpenAI’s creation would, naturally enough, be a heavily AI-infused take on a browser client. According to a report from The Information, OpenAI is considering the development of a web browser that would be combined with ChatGPT.

Exactly what that browser might look like, we don’t yet know, and judging from what’s in the report, this is still in the early stages – and very much a ‘might happen’ or ‘might not’ possibility at this point.

However, even though the report makes it clear that OpenAI isn’t “remotely close” to launching a browser yet, things are happening in the background which amount to enough evidence that OpenAI is taking this potential product launch seriously.

For starters, The Information has learned that OpenAI has hired two staff members who were ‘instrumental’ in making Chrome for Google, namely Ben Goodger and Darin Fisher.

The report also claims that alongside mulling its browser, OpenAI has been talking to multiple companies, or has even struck deals with some, to “power search features for travel, food, real estate and retail websites.” That’s the word from people who’ve seen prototypes or designs related to this work, and we’re told OpenAI has spoken to a number of companies about these search products, including Conde Nast, Redfin, Eventbrite and Priceline.

On top of that, there’s a further contention that OpenAI has been in discussions with Samsung about bringing its AI features to Galaxy smartphones – and muscling out Google there, which has a deal with Samsung to drive some AI features with its Gemini AI (though Samsung has its own AI concoction in the form of Bixby, too).

Analysis: Towering ambitions

(Image credit: Shutterstock / Ascannio)

Is OpenAI going for Google’s throat, then? Well, it very much looks that way given this latest info dump, and previous moves, such as OpenAI launching SearchGPT, a rival search engine product put into testing earlier this year (with the expectation that it’ll be fully realized in ChatGPT before the year is out).

The Information also underlines how OpenAI is pushing its ‘Natural Language Web’ to power conversational search features on websites (or apps) to radically change the way a person interacts with a site – talking to it, rather than navigating the website.

Okay, so much of this is still under discussion, and in the form of plans rumbling along in the background that may, or may not, happen – particularly the browser, which sounds really airy. We’re not given any details at all as to how this AI-led browser might work.

If a browser is coming, development would be a very long haul yet, of course – it’s a huge undertaking to get a software client like this right. But even if this ends up just being theorizing and mulling, it clearly shows the intent, and extent of the well-financed ambition, that’s buzzing behind the doors of OpenAI.

Certainly, Google is aware of the dangers here, and the report mentions that the company is preparing for the possibility of having to compete with OpenAI to power AI features for Samsung phones, according to a source with knowledge of what’s going on behind the scenes right now.

Meanwhile, according to the rumor mill, Google is hard at work trying to make Gemini more closely mimic a human’s ability to reason in ChatGPT fashion.

You may also like...

• OpenAI edges closer to making its first AI chip in bid to power your favorite new apps
• OpenAI’s next ‘giant breakthrough’ tipped to land soon and control your computer
• ChatGPT’s Advanced Voice Mode lands in your browser – and it’s a big step towards rumored Operator agent

Like many of you, I’ve had phone calls from scammers. They’re usually very easy to spot, even before I pick up the phone – invariably they are from an unknown mobile number, something a legitimate organization would never use. The caller then goes on to explain that they are calling from my phone provider – clearly a list of phone numbers associated with particular phone companies has been leaked at some point.

Despite their sophistication, I can get these scammers to hang up with five simple words: “who are you calling for?” They may have my number, but they don’t have my name or indeed any other personal details, so asking them who they are calling for, and repeating the question when they inevitably try to evade it, always causes them to hang up in a panic. I could, of course, end the call myself, or not take the call, but there is a small degree of satisfaction in letting criminals who exploit the most vulnerable people in our society know that they can be undone in only five words.

While typical scams can be easy to thwart, new fraud tactics are emerging every day and can fool the wariest of consumers. Even people who are well-informed can fall for what seem to outsiders to be pretty obvious scams all the time: you may recall a finance advice columnist being persuaded to hand over $50,000 dollars in cash in a shoe box to a scam caller claiming to be from the CIA. The demographic most likely to fall for scams isn’t the elderly, but digital natives under 25s.

Why is APP Fraud so prevalent?

The most common form of fraud by far is authorized push payment (APP) fraud. The definition is simple, but the ways in which it can be carried out are widely varied: at its most basic level, APP fraud is any fraud that makes use of the APP technology. Those of you who use banking apps will be familiar with the ability to send payments to friends or businesses through the app, and the multiple layers of warnings that you may be sending money to a scammer. You can also send push payments by calling a bank’s customer service line or in a branch, though these are less common, and fraudsters will try to steer you away from these solutions since bank employees are trained to look for evidence of scams.

The scale of the problem is staggering. In 2023 alone, £1.17 billion was stolen through various forms of fraud, and while APP losses decreased by 5%, the total number of APP cases rose by 12%​. Despite major efforts by banks to mitigate these losses—deploying increasingly sophisticated technology, partnering with law enforcement, and rolling out public awareness campaigns—criminals continue to evolve. In fact, 76% of APP fraud originated online, with an additional 16% coming from telecommunications​.

While financial institutions bear the brunt of combatting fraud through proactive measures, consumers are still being tricked into sending money to fraudsters. Even with layers of alerts, prompts, and security measures, scams continue to succeed, primarily because through generative AI and machine-learning tools, criminals have become expert manipulators. They exploit consumers' trust in legitimate platforms, making it harder to detect fraud until it's too late.

The hard truth about APP Fraud

So, what is the missing link? The answer is, unfortunately, consumers. No amount of regulation, no reimbursement policy, or sophisticated technology can fully replace the vigilance and awareness required at the consumer level. Banks can prevent unauthorized fraud—where payments are made without a customer’s consent—more effectively than APP fraud, where the customer themselves authorizes the transaction, albeit under false pretenses. In unauthorized fraud cases, banks are able to recover or prevent the loss of money in 64% of incidents​. APP fraud, by contrast, often sees a much lower rate of recovery, as criminals are adept at moving money quickly once they’ve gained access to an account.

APP scams often involve highly believable social engineering techniques. Fraudsters impersonate legitimate organizations such as banks, government departments, or even utility companies. In other instances, they exploit emotional vulnerabilities, like in romance scams, where victims are convinced they’re in a genuine relationship. These types of fraud play out over long periods of time, sometimes involving up to ten separate payments per case​. With such a personal touch, it’s easy to see how these scams bypass even the most robust security measures.

The financial industry has certainly stepped up, but the hard truth remains: criminals will always adapt to the latest technological advancements, meaning the fraud landscape will continue to evolve. The focus, therefore, must also shift towards empowering consumers with the skills they need to recognize fraud before it happens.

Consider the generational gap in fraud susceptibility. You might expect older adults, who are often seen as less tech-savvy, to be most at risk. Yet under-25s are statistically more likely to fall victim to online scams. This isn’t due to a lack of familiarity with technology; quite the opposite. Young adults, comfortable with digital environments, tend to be more trusting of online interactions​. They are also the demographic most likely to engage in behaviors that make them vulnerable to fraud, such as using insecure platforms for transactions or being lured by ‘too good to be true’ deals on social media.

Fighting APP fraud starts with consumers

To truly combat APP fraud, consumers need to develop a healthy level of scepticism when it comes to their digital interactions. Trusting that a bank’s warnings or anti-fraud systems will always intervene is misguided. Instead, consumers must be educated to recognize warning signs for themselves, as knowing which questions to ask could save them from falling victim to APP fraud.

Banks and fintech companies can continue to implement top-tier fraud prevention systems, and they should, but there will always be an inherent limitation to what those systems can achieve. Criminals are, by nature, opportunistic and constantly on the lookout for weak links. Unfortunately, the weakest link remains human psychology. To stop APP fraud, we must first get smart.

While the banking industry has undoubtedly made strides in combating APP fraud, it cannot be solely responsible for eliminating it. True fraud prevention will only occur when consumers become more informed, cautious, and empowered to question the legitimacy of their transactions. This is not just a financial challenge; it’s a societal one. And it’s only by working together that we can hope to turn the tide.

We've featured the best identity theft protection.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The penultimate weekend of November 2024 is upon us and, while the US' Thanksgiving celebrations are still a week away, the world's best streaming services have served up a delicious feast of new movies and shows to enjoy over the next few days.

There have been so many new films and series released this week that my colleagues and I have struggled to whittle down this list to just seven entries, too. Indeed, whether it's HBO's new crime thriller Get Millie Black or two other new Netflix movies in Joy and The Piano Lesson, we just couldn't fit everything into this week's streaming recommendations guide.

But enough chatter! Grab some snacks and settle in for a session or three in front of the TV after a long week. Enjoy! - Tom Power, senior entertainment reporter

Arcane season 2 act 3 (Netflix)

Have you got your tissues handy? You'll need them, because the final three episodes of Arcane season 2 will likely break our hearts. With Arcane's second season bringing the award-winning animated series to a close, too, there'll be no more chapters to enjoy after they're released on Netflix tomorrow (Saturday, November 23).

Nevertheless, even though I know it'll be a bittersweet end to one of the best Netflix shows ever made, I plan to enjoy Arcane's last hurrah as much as I can. I haven't watched act 3 ahead of time, either, so I'll be tuning in with the rest of you to see every jaw-dropping moment as they play out. Before you stream them, read my Arcane season 2 act 2 ending explained piece to remind yourself what happened last time out. Then, take a deep breath – you'll need to! – and hit play. See you on the other side, everyone.

Tom Power, senior entertainment reporter

• Watch Arcane season 2 act 3 on Netflix

Blitz (Apple TV Plus)

A highly-anticipated historical war drama by Steve McQueen, Blitz is one of four new Apple TV Plus movies and shows we're excited to stream in November. Set in London during World War II, nine-year-old George (Elliot Heffernan) is evacuated to the countryside by his mother Rita (Saoirse Ronan) to escape the Blitz. Determined to return to his mother, George embarks on a perilous journey back home as Rita goes on a desperate search to find him.

There's no doubt that Apple TV Plus is home to an array of high quality content – I mean, it was crowned TechRadar's Streaming Service of the Year for this very reason. Some of its best Apple TV Plus movies have attracted an array of A-list actors like Leonardo DiCaprio, Robert De Niro, Jennifer Lawrence, and Tom Hanks. Now, Oscar-nominated actress Saoirse Ronan is set to put on another astounding performance in the period drama Blitz. I'm getting the tissues ready!

Grace Morris, entertainment writer

• Watch Blitz on Apple TV Plus

Spellbound (Netflix)

One of November's many new Netflix movies Spellbound follows Princess Ellian (Rachel Zegler), the young princes of Lumbria who goes on a quest to save her family after a spell transforms her parents into monsters.

Ahead of my press screening (keep an eye out for my full review this weekend), I was expecting it to be your average children's animated fantasy. However, I left feeling surprisingly emotional at the film's moving message that many families will appreciate. Indeed, Spellbound, which may have enough about it to join our best Netflix movies, is a heart-warming and magical adventure set in a vivid world that's perfect for all the family. Oh, and there's some catchy songs to get you dancing!

Grace Morris, entertainment writer

• Watch Spellbound on Netflix

Cruel Intentions (Prime Video)

When it comes to '90s teen dramas, Cruel Intentions was one of the biggest movies of the time. Its story of bored, scheming step siblings (Sarah Michelle Gellar and Ryan Phillippe) at an elite school who try to seduce a new student (Reese Witherspoon) as part of a twisted bet is not something you'd expect to be remade into a TV show nowadays, but Amazon has done exactly that.

Not many were thrilled by the idea of a Cruel Intentions TV remake, so it's probably not surprising that the new series has a Rotten Tomatoes score of just 22% since it landed on Prime Video. While it won't make the cut for one of the best Prime Video shows, the original movie is available for free on Amazon Freevee in the US, plus Prime Video in the UK and Australia. It might not have a great critical rating either, but it does have an incredible soundtrack.

Amelia Schwanke, senior entertainment editor

• Watch Cruel Intentions on Prime Video

The Sex Lives of College Girls season 3 (Max)

If you're looking for more elite student college drama, then season 3 of The Sex Lives of College Girls, which was part of everything new on Max in November.article, is out now, too. The first episode of the returning comedy series debuted on Max on Thursday (November 21), and new episodes will air weekly from then on until January 23, 2025.

For those unfamiliar with its premise: this teen series follows roommates Whitney (Alyah Chanelle Scott), Bela (Amrit Kaur), Kimberly (Pauline Chalamet) and Leighton (Reneé Rapp) studying at the fictional Essex College. It's been a hit with audiences and critics alike, and has 95% on Rotten Tomatoes, making it one of the best Max shows.

Amelia Schwanke, senior entertainment editor

• Watch The Sex Lives of College Girls season 3 on Max (US only)

Making Manson (Peacock)

There's always a great deal of intrigue when a new true crime documentary airs. Recently, Netflix has led the charge with movies like Woman of the Hour and the latest in Ryan Murphy's Monsters franchise. If you're in the mood for something similar, then, Peacock is bringing us up close and personal to one of America's most notorious killers: Charles Manson.

This docuseries is described as "offering unfiltered insights into America's most notorious killer, Charles Manson. Through 20 years' worth of never-before-aired conversations, those closest to the case have their views challenged". So, it should be a very interesting watch, featuring clips of the man himself and those who knew him. If you prefer your crime fictionalized, though, I highly recommend Peacock's horror series Hysteria!.

Lucy Buglass, senior entertainment writer

• Watch Making Manson on Peacock (US only)

Alien: Romulus (Hulu)

Alien: Romulus has made its official streaming debut! Well, on Hulu, anyway – if you were too scared to see it in the theater, then, not to worry, because in your living room no one can hear you scream from behind your cushion. As I suggested, it's bittersweet news, though, because the latest Alien film doesn't have a Disney Plus release date yet. Fans in other territories will have to wait a little longer for an at-home release, then. But hey, at least the sci-fi horror franchise's first TV show, aka Alien: Earth, is set to simultaneously land on Hulu and Disney Plus in mid-2025.

Those of you in the US are in for a treat, however, as Alien: Romulus is one of my favorite entries in the franchise. In my opinion, it's just as good as Aliens, and people on Rotten Tomatoes are inclined to agree, given its glowing 80% rating.

If you are in the mood for a good scare and you're not in the US, you can check out 7 sci-fi horror movies on Hulu, Prime Video, and more for some eerie, out of this world entertainment.

Lucy Buglass, senior entertainment writer

• Watch Alien: Romulus on Hulu (US only)

For more streaming recommendations, read our guides on the best Disney Plus shows, best Hulu shows, best Paramount Plus movies, and best Max movies.

• Google TV has revealed its most-watched movies and TV shows of 2024
• The most-watched movie is Road House and the most-watched TV show is Shōgun
• Other movies and TV shows that made the list include Deadpool and Wolverine and Fallout

We've all had the experience of switching on the TV and struggling to find something to watch. Well, Google TV has come to the rescue with its most-watched movies and TV shows of 2024 list, which I'm sure will spark some ideas for your next movie night.

Google TV is a great app for amalgamating all the best streaming services out there, as it allows you to access all kinds of movies and TV shows all in one place. From streaming services to live TV, Google TV has it all if you've signed up to those services. As the year comes to an end, Google has revealed the most-watched movies and TV shows across its apps in 2024, which makes for a great list of this year's top entertainment.

If you're looking for a good action thriller for your movie night, then you're in luck with Google TV's most-watched movie Road House. The Prime Video remake of the 1989 classic features Jake Gyllenhaal as ex-UFC fighter Dalton. Taking the title of the most-watched show of 2024 is one of the best Hulu series, Shōgun. The ancient Japanese epic currently sits at 99% on Rotten Tomatoes.

Google's 2024 greatest hits feature some of the biggest shows of this year from the likes of Apple TV Plus and Disney Plus. As well as blockbuster hits, which cover a wide variety of genres whether you fancy some action thrills or belly laughs. You can find the "Best of 2024" list on your Google TV device or through the mobile app, but to make it easier, we've put the full list of most-watched movies and TV shows below as reported by 9 to 5 Google.

Most-watched movies of 2024 on Google TV

Deadpool and Wolverine is one of the most-watched movies on Google TV. (Image credit: Marvel Studios)

• Road House
• TMZ Presents: The Downfall of Diddy
• The Idea of You
• Descendants: The Rise of Red
• Kingdom of the Planet of the Apes
• Inside Out 2
• IF
• Dune: Part 2
• Mean Girls (2024)
• Despicable Me 4
• Godzilla x Kong: The New Empire
• The Fall Guy
• Wolfs
• Civil War
• A Quiet Place: Day One
• Kung Fu Panda 4
• The Instigators
• Twisters
• Monkey Man
• Furiosa: A Mad Max Saga
• Bad Boys: Ride or Die
• Ghostbusters: Frozen Empire
• Deadpool & Wolverine
• The Garfield Movie
• The Ministry of Ungentlemanly Warfare

Most-watched TV shows of 2024 on Google TV

Hit Prime Video show Fallout makes the most-watched TV shows list. (Image credit: JoJo Whilden/Prime Video)

• Shōgun
• Fallout
• House of the Dragon
• The Bear
• Bluey
• Tracker
• Quiet on Set: The Dark Side of Kids TV
• The Lord of the Rings: The Rings of Power
• Bad Monkey
• Agatha All Along
• Reacher
• True Detective
• High Potential
• Presumed Innocent
• The Prison Confessions of Gypsy Rose Blanchard
• Yellowstone
• Saturday Night Live
• Masters of the Air
• Love Island: USA
• Spongebob Squarepants
• Gypsy Rose: Life After Lock Up
• 911
• The Walking Dead: The Ones Who Live
• Young Sheldon

You might also like

• New movies: the most exciting films coming to theaters in November 2024
• Wicked is a blockbuster hit with 91% on Rotten Tomatoes – here are 6 more movie musicals on Netflix, Max, and more
• Creature Commandos star Sean Gunn explains why the first DCU TV show will 'feel very different' to Marvel's Guardians of the Galaxy movies

• Max has released new trailers for two intriguing-looking projects
• Juror #2 , a new (and potentially final) movie from the legendary Clint Eastwood, arrives in December
• The Pitt, which stars ER alumnus Noah Wyle, makes its debut next January

There are plenty of great things coming to Max in the months ahead and one of the world's best streaming services has just given us a taste of two such projects, albeit very different ones, in the form of two new trailers.

Winter is the perfect time to dive into some great new movies and shows, and Max is encouraging you to do exactly that. Whether or not these new titles will make it onto our best Max shows and best Max movies list remains a mystery, but I really hope that's the case!

Personally, I'm very intrigued by both of them. The first is Juror #2, which is reportedly the final film in legendary actor-turned-director Clint Eastwood's decades-long career. Having loved his previous work as a director on films like Gran Torino, I'm very excited to see this one. The other is a potentially thrilling new medical drama called The Pitt, and fans of the long-running ER will be excited to see a familiar face onboard!

Juror #2

Streaming date: December 20

If you love legal thrillers, Clint Eastwood's got you covered with his latest movie. Here, we follow Justin Kemp, a journalist called up for jury duty who realizes that he may be responsible for the victim's death.

Nicholas Hoult leads the cast and is joined by some great names, including Toni Collette, J. K. Simmons, and Kiefer Sutherland. Gabriel Basso stars here, too, ahead of his return in The Night Agent season 2, which will debut on Netflix early next year. So, if you're in the mood for a good legal story and an ensemble cast, don't miss Juror #2 when it arrives on Max.

The Pitt

Streaming date: January 2025 (date TBC)

Here's one for the medical fans. ER star Noah Wyle is back in the hospital once again, where he's leading the cast of a 15-episode series that's streaming sometime in January. Produced by ER and The West Wing's John Wells, the series is “a realistic examination of the challenges facing healthcare workers in today’s America as seen through the lens of the frontline heroes working in a modern-day hospital in Pittsburgh.”

It's filmed in an interesting way, too, with the entire first season taking place across a single 15-hour emergency room shift. Each hour-long episode will represent real time, then, which feels very 24-esque, and that's no bad thing!

You might also like

• 3 new action-packed Netflix trailers have landed, and I for one can’t wait to see Cameron Diaz back on my screen
• Max drops first-look clips of Peacemaker and The White Lotus in 2025 teaser trailer – these are the 4 shows I’ll be streaming first
• Max shares first look at It prequel series Welcome to Derry and now I'm desperate for a trailer

• CISA updates advisory on BianLian, originally published in May 2024
• Agency claims the group is moving away from deploying the encryptor
• Instead, BianLian exfiltrates sensitive data and threatens to release it

The infamous BianLian ransomware group has stopped deploying an encryptor on victim devices, and now focuses exclusively on data exfiltration, an updated security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and partner agencies has warned.

CISA, alongside the FBI and Australian Cyber Security Centre, first published an in-depth report on BianLian in May 2024 as part of its #StopRansomware effort, detailing the group’s techniques, tactics, and procedures, but this has now been updated with new information, including the changes to the group’s modus operandi.

As it turns out, BianLian no longer encrypts the information on the endpoints of its victims. Rather, it just steals the data, and then demands payment in exchange for not leaking it to the public.

BianLian following the trends

This is a change that the cybersecurity community has been warning about for quite some time now, and BianLian is hardly the only group that is no longer deploying the encryptor.

As it turns out, developing, maintaining, and deploying the encryption software is too tedious, too cumbersome, and too expensive. In terms of money extortion, simple data exfiltration yields the same results, anc crooks are taking notice.

The agencies also say BianLian is a Russian actor, based in the country, and with Russian affiliates. If the name threw you off, and made you think the group is likely Chinese (or elsewhere in the far East, for that) - that is intentional.

“The reporting agencies are aware of multiple ransomware groups, like BianLian, that seek to misattribute location and nationality by choosing foreign-language names, almost certainly to complicate attribution efforts,” the report claims.

In the past, the group was observed targeting organizations in the US critical infrastructure sector, and private enterprises in Australia.

You might also like

• Linux systems are being hit by a wide-ranging and dangerous new malware
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Earlier this week, EnergyWeaponUser shares a database, claiming it was stolen from Ford
• Ford responds by launching an investigation
• The investigation concluded that the data belonged to a third party, Ford said

Ford has denied suffering a data breach frecently, saying the information circulating around the web belongs to a third party and is, for the most part, publicly available.

A known leaker with the alias EnergyWeaponUser recently posted a new thread on BreachForums, claiming to be sharing Ford’s data for free. “Today, I have uploaded the Ford Motor Company internal database for you to download, thanks for reading and enjoy!,” the hacker said at the time.

“In November 2024, Ford Motor Company, an American multinational automobile company suffered a data breach,” the post further added. “It exposes 44k records of customer names, physical locations, bought product.”

No breach

A small sample was shared, in which hackers could find people’s names, postal addresses, country codes, customer type codes, city information, sales types, account codes, last update timestamps, and other records.

After the thread surfaced, the company confirmed looking into the allegations of data theft.

"Ford is aware and is actively investigating the allegations there has been a breach of Ford data," spokesperson Richard Binhammer told the press at the time. "Our investigation is active and ongoing."

Now, a few days later, Ford told the media that its data was secure. In a statement to BleepingComputer, the company said: “Ford’s investigation has determined that there was no breach of Ford’s systems or customer data. The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.”

We now wait to see EnergyWeaponUser’s response. However, given the fact that they were willing to give away such a database, lends credence to Ford’s claims. After all, all registered BreachForums members could grab the archives for eight forum credits, which is roughly two dollars.

Via BleepingComputer

You might also like

• Ford says it is investigating claims thousands of workers have had data leaked online
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• New turntable has the stiffest Planar 3 plinth ever created
• It also has an upgraded PSU and moving magnet cartridge
• It's cheaper than configuring the equivalent Planar spec

The Rega Planar 3 turntable is an audio legend, and it's been delighting listeners since the 1970s. It's been updated a few times since then to take advantage of technological and engineering advances, and now there's a brand new version of the best-seller.

The new Rega Planar 3 RS Edition isn't just the same turntable given a lick of paint. There are some important upgrades to what was already a winning formula.

The new RS Edition, aka the Rega Special, is made with a brand new plinth that uses aluminum metal skin HPL laminate, usually reserved for the Planar 6, 8 and 10, to create what Rega says is the stiffest Planar 3 plinth it's ever made.

The dark, brushed metallic finish and high-gloss black edges certainly look stunning, but there's substance as well as style here.

What's so special about the Rega Special?

(Image credit: Rega)

The RS Edition comes with a custom-matched Neo MK2 PSU, each motor vibration circuit tuned to each individual motor, and that motor drives the sub platter via Rega's Reference EBLT drive belt.

The familiar RB330 tonearm is now supplied with an award-winning Nd5 moving magnet cartridge. To spec an existing Planar 3 with the same cartridge and PSU would be considerably more expensive than the RS Edition.

The changes promise to further reduce unwanted distortion and noise to deliver an even more accurate sonic performance, and Rega goes into great detail about the engineering achievements and design decisions on its product page .

The short version is that this is the Planar 3, but even better. You can buy the Rega Planar 3 RS Edition now for $1,795 / £999 (around AU$1.900).

You might also like

• The best turntables for most people
• The best high-end turntable
• The best headphones for hearing every detail

• Some TV firms are losing money on hardware in order to profit from ads
• The trend is particularly prominent in North America
• We can't see the future because it's stuck behind an unskippable ad

If you've been thinking that your smart TV is awfully keen on showing you ads, you're not imagining it. The TV market is changing, and that's both good news and bad news for buyers.

As recently highlighted by market research firm Omdia (via FlatpanelsHD), the good news is that TVs are getting cheaper – so much so that some firms are actually losing money on the sets they sell.

The bad news is that they need to get that money back from somewhere or something. And increasingly, that somewhere is your living room and the something is you.

As Omdia notes, the business model for many TV firms is shifting away from making profit from physical sales and towards making money from ads (and while they didn't mention it specifically, from user data) instead.

The research firm's consumer electronics research director Paul Gray says that "People are happy to sell TVs below cost. You just have to look at the finances of Vizio or Roku to see they’re selling TVs at somewhere between -3 and -7% margin, just in that scramble for users."

Ads entertainment

In 2023, tech startup Telly (above) 'gave away' 500,000 4K TVs in the US – with the catch being a second screen for ads. (Image credit: Telly)

Those manufacturers aren't doing what Telly did in 2023, which was giving away dual-screen TVs completely free in the hope of making money back from very visible ads. But in North America especially, ads are an increasingly important part of the money mix for TV manufacturers.

That could mean US buyers in particular will increasingly have to make a choice: get the TV for a low price and put up with more ads, or pay more for a comparatively ad-free experience.

I'm not against ads; I'm writing this for an ad-supported website, of course. But the problem with firms betting the farm on ad income is that the more of them who do it, the less lucrative the payouts become – and that can cause an arms race where lower and lower per-ad revenues are compensated by higher and higher numbers of ads.

You can get around that to some extent by using a dongle or box such as a Google TV Streamer or Apple TV 4K instead of the manufacturer's own interface, but perhaps not for long.

And of course, that doesn't affect the ads that appear on the streaming services themselves. But I think we can already predict the next step: paying more for an ad-light or ad-free experience. What we save on the up-front cost may be repaid many times during the life of our TVs.

You might also like

• Google TV Streamer vs Apple TV 4K: which is best?
• Our review of the Roku Ultra 2024 "souped-up streamer"
• The best streaming services compared

• Microsoft Store apps can’t be updated or uninstalled due to a bug
• Thankfully Microsoft has now fixed the problem related to WinAppSDK
• The cure is in a Windows 10 optional update, so you may want to wait

Some Windows 10 users have been experiencing an odd bug with the operating system having problems running updates for apps from the Microsoft Store – but this issue has now been sorted.

Neowin reports that Windows 10 22H2 had a bug which meant that in some cases, apps from the Microsoft Store couldn’t be updated – or uninstalled, either – but a resolution for this has now been applied (as of November 21).

Microsoft explains that this wasn’t an issue with Windows 10 itself, but rather with the latest version of WinAppSDK. Those who received version 1.6.2, on November 12, or later – which may have been installed by an app that requires WinAppSDK, as it’ll pull down the latest version – may have been hit by the bug.

Those who’ve seen the issue will have noticed that updates fail with an unhelpful error message (‘Something happened on our end’) displayed in the downloads panel of the Microsoft Store.

Microsoft clarified that “this issue is not caused by a Windows security or preview monthly update,” while informing users that the fix for this is in the new Windows 10 update, KB5046714, which has just been released.

(Image credit: Worawee Meepian / Shutterstock) Analysis: Something happened… or not

Note that KB5046714 is an optional update for Windows 10, so it could have some bugs itself. If you’re worried about installing a preview release, you can always wait for the full version of the patch, which will be here next month (on December 10, to be precise).

Still, in this case, if you’re hit by the Microsoft Store bug and you aren’t getting any updates for your software from the store, grabbing the optional patch may be worth the risk (find it under Windows Updates, as ever).

Elsewhere, KB5046714 provides some other fixes for issues including a bug where dragging and dropping a file from a cloud provider’s folder (like OneDrive) may result in that file being moved over, rather than copied as it should be by default. Also, there’s an important solution for a problem where Windows 10 fails to activate after the PC’s motherboard has been replaced.

While you’re fixing bugs, Microsoft, you might want to do a bit of tweaking to that error message as well: ‘Something happened on our end’ is not very useful, and indeed nonsensical, really. The problem here being an update failing to apply, so in fact, the correct message should be ‘Something didn’t happen on our end,’ namely the app patch that should’ve gone through. Or ‘Nothing happened on our end,’ perhaps?

How about a simple rewording to ‘Something went wrong on our end’ – that fits better, right, Microsoft? That’s this month’s visit to ‘Pedantry Corner’ over, stay tuned for December’s ever-so-thrilling nitpicking observation.

You may also like...

• Microsoft stealthily installs Windows 10 update to nag you to upgrade to Windows 11 – and not for the first time
• How to make a bootable Windows 10 USB
• Windows 11 remains an unloved OS – but why won't people upgrade?

• Fitbit has replaced Google Fit on the Oppo Find X8 series
• It's a first for a non-Pixel Google handset
• This could be the norm for Android phones from here

The end is nigh for the Google Fit app on Android phones, it would seem: It looks as though the Fitbit app is going to replace it on these devices going forward, with Google making the most of its 2021 acquisition of the fitness company.

As spotted by 9to5Google, the newly-unveiled Oppo Find X8 comes with Fitbit installed rather than Google Fit. It's the first time we've seen that on a non-Google Android phone, and could well be the norm in the future.

If you've bought one of the Google Pixel 9 phones you'll notice Fitbit has replaced Google Fit here as well. If it's happening on handsets made by Google's manufacturing partners as well, the transition from one app to the other is just about complete.

Should you have a lot of data already in Google Fit, Google's Health Connect service can sync it to Fitbit, if needed: Tap Profile then the gear icon in the Google Fit app to set this up. You can also export your Google Fit data from inside the app by tapping your Google account avatar (top right), then Fit data and privacy.

Fitbit (and AI) is the future

The Pixel Watch 3 is Fitbit-focused (Image credit: Future)

While it's disappointing to see yet another Google app killed off, Google does at least seem to be investing in new features and upgrades for the Fitbit app – even if it did recently abandon the web interface for your Fitbit data.

Google has previously announced an AI health coach that's now in testing and is likely to soon make an appearance in the Fitbit app proper. It's not clear when everyone will get it, but it could show up before the end of the year.

The Gemini-powered feature can answer questions about your health and give you personalized insights into your activity patterns and workouts. We'll have to wait until we can test it out for ourselves to see just how accurate it is.

In recent weeks we've also heard that an AI-driven Sleep Journal is also on the way for the Fitbit app, which will give you detailed feedback on your sleep health and ways in which you might try and improve it. Whether or not these extras will be exclusive to Fitbit Premium subscribers remains to be seen.

You might also like

• The Fitbit Ace LTE just got a major new upgrade
• Choose one of the best Fitbits
• A Fitbit smart ring could be on the way

• The new Kia EV9 GT will sprint from 0-60mph in 4.3 seconds
• GT button unleashes full power, firms suspension and makes noises happen
• It's the first Kia SUV to receive electronically-controlled adaptive suspension

While this year's LA Auto Show has been disappointingly bereft of exciting new launches, Kia chose it as the platform to showcase the upcoming EV 9 GT – a model that will delivers 501hp from twin electric motors and a 0-60mph sprint time of just 4.3 seconds… despite weighing 5,886lbs (or 2.6-tonnes for imperial fans).

Based on the enormous, three-row electric SUV that was released late last year in some markets, the GT version, which will go on sale in 2025, sees a 160kW motor drive the front wheels and a 270kW motor bolted to the rear.

It’s tipped to use the same 100kWh battery as the Long Range model, which can manage around 300 miles on a single charge when driven sensibly.

But driving sensibly won’t exactly be the order of the day, as Kia has introduced a very tempting and very shiny GT button to the steering wheel that firms up the suspension, thanks to the introduction of electronically-adjustable dampers, sharpens the steering and throttle response, while adding more heft to the brake feel.

(Image credit: Kia)

Not purely a straight-line drag champion, Kia says the EV9 GT will be able to handle the twistier routes and disguise some of its planet-like mass with clever calibration of the suspension and steering. Customers are also treated to heavily bolstered sports seats and flashes of ‘GT’ throughout the cabin.

The brake calipers have also been sprayed in a fetching neon green, similar to the Kia EV6 GT, while the electronic Limited Slip Differential (e-LSD) from that model, which senses a loss of traction at each wheel and reduces torque for improved handling, has also been borrowed and implemented.

The final party piece is what Kia refers to as Virtual Gear Shift (VGS), which simulates the thumps of a traditional step-shift automatic transmission and is operated by paddles mounted to the steering wheel.

To compliment this, Kia has also been inspired by the Ioniq 5 N from sister company Hyundai and has seen fit to kit the EV9 GT out with similar fake engine noises (electric Active Sound Design) that are mapped to the accelerator pedal and virtual gear shifts, with the resulting soundtrack pumped in to the cabin.

Analysis: Fast, fun but probably very juicy

(Image credit: Kia)

Efficiency was never the big EV9’s strong point, as a potent cocktail of massive kerb weight and its blunt, un-aerodynamic styling means the electric range gets eaten into fast, especially when driving at constant motorway speeds or like a bit of a hooligan.

This hot GT version is only going to tempt the inner driving devil further, which will inevitably mean more time spent charging. Thankfully, the EV9’s 800V fast charging architecture means a 10-80 percent top up takes less than 25 minutes from a DC fast charger.

Plus, as of May or June next year (there is no firm date yet), Kia has also stated that all EV9 models sold in the US will come fitted as standard with Tesla’s North American Charging Standard (NACS) port, with CCS adaptors available as an optional extra for those who want the widest possible network coverage.

You might also like

• Hyundai unveils the gargantuan Ioniq 9 – a seven-seater SUV that can cruise for 385 miles on a charge and sterilize your smartphone
• I’ve driven the Kia EV3 and it's one of the best electric vehicles for most people right now
• A car that answers questions? Kia has an app for that

• Norton has unveiled its Small Business Premium plan
• Provides SMB teams with antivirus, firewall, VPN, password manager, and cloud backup
• Plan also offers 24/7 support, and financial and social media monitoring

Norton, one of the best antivirus providers around today, has launched a new offering for small businesses looking to protect themselves.

Recent government statistics have claimed small businesses account for 36% of the UKs economic turnover, but are being increasingly targeted by cyber attacks, with 58% reporting an attack or breach in the last year.

Norton’s new Small Business Premium plan is built to help weather the storm while also keeping them running in the event of a breach.

Small Business Premium from Norton

The plan provides a suite of security solutions to help protect businesses from a wide range of threats, while also offering support in financial and social media monitoring. Beyond this, the plan also offers 24/7 business tech support not only for security issues, but also for your devices, network, and software.

Small Business Premium is primarily an antivirus, as may be expected, but also includes a firewall, a VPN to keep your networks secure, along with a password manager for encrypted credential storage, and a 500GB cloud backup to keep your data safe in the event of a ransomware attack or system crash.

Suspicious transactions and unauthorized logins to social media are constantly monitored and immediately alerted to prevent fraud, scams and account takeovers. It doesn’t require any security expertise to install and quietly protects devices in the background.

The plan can be customized to support 10 or 20 devices, with the 10 device plan at £149.99 for the first year, and the 20 device plan at £199.99 for the first year. For entrepreneurs or smaller teams, the standard Small Business tier can cater to 6, 10, or 20 devices, and is £ £54.99, £69.99, and £99.99 respectively for the first year.

You might also like

• These are the best Black Friday antivirus deals
• Take a look at our guide to the best Black Friday cloud storage deals
• Top benefits of managed VPS hosting

• Apple’s Siri virtual assistant is currently bested by competitors like ChatGPT
• Apple wants to change that by developing an “LLM Siri” chatbot
• It might not launch until 2026, though

Siri has long lagged behind rivals like Google Assistant, and with the introduction of ChatGPT and other chatbots powered by large language models (LLMs), that gap has widened. But when Apple Intelligence appeared on the scene, it looked like Siri was finally turning a corner – and a new report claims Apple is planning its own LLM upgrade for Siri. Before we get too excited, though, there might be a while to wait until it arrives.

The rumor comes from Bloomberg reporter Mark Gurman, who has earned a reputation for accuracy when it comes to Apple leaks and rumors. In a new report, Gurman claims that Apple has been internally tested a version of Siri infused with LLM powers (predictably, it’s been dubbed “LLM Siri”), and the result is a more conversational, powerful version of Apple’s virtual assistant.

This new Siri will be able to conduct natural-feeling back-and-forth conversations, Gurman says, and it can also “handle more sophisticated requests in a quicker fashion” compared to the current Siri iteration.

Other new features will include the ability to “interact more like a human and handle tasks in a way that’s closer to ChatGPT and Google’s Gemini,” and it will make extensive use of Apple’s App Intents feature to precisely control third-party apps. It will also be able to use Apple Intelligence features, such as generating and summarizing text.

Coming in iOS 19?

(Image credit: Apple)

Apple will announce the upgraded Siri in 2025 as part of iOS 19 and macOS 16, the report predicts.

However, as with the current slow implementation of Apple Intelligence, the new Siri won’t immediately be ready to use. Instead, it will be rolled out in spring 2026, according to Gurman.

Will that be too late for Apple, considering rivals like ChatGPT are already far ahead of Apple’s best efforts? Time will tell, but LLM Siri will need to be a monumental effort to close the gap. If Apple can pull it off, the firm’s fans will have a lot to look forward to.

You might also like

• Apple is currently levelling up Siri’s ‘onscreen awareness,’ enabling it to interact with your screen
• Apple Intelligence features explained - everything you need to know about Apple AI and when you can use it
• iOS 18.2 beta shows exactly how Siri’s ChatGPT upgrade will work on iPhones – including new ‘daily limit’ guide

• Palo Alto Networks releases patch for two serious flaws impacting its firewalls
• The flaws were being abused in the wild to drop malware
• CISA added them to its KEV catalog

Palo Alto Networks has revealed it fixed two major vulnerabilities plaguing its firewalls.

The bugs are an authentication bypass in the PAN-OS management web interface (CVE-2024-0012), and a privilege escalation flaw in PAN-OS (CVE-2024-9474). The former has a severity score of 9.3 (critical), and grants crooks the ability to gain admin privileges on the target endpoint, and the latter has a lower score, 6.9 (medium), but helps run commands on the firewall.

Cybercriminals were chaining the flaws to gain admin privileges and run commands on exposed endpoints, it confirmed. Therefore, users are advised to apply the patches as soon as possible.

Added to CISA's KEV

Palo Alto said it was looking into ongoing attacks in which the two bugs were chained to strike “a limited number of device management web interfaces” with malware and arbitrary commands.

"This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company said in an advisory. "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."

Both vulnerabilities have since been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild abuse. Federal agencies have until December 9 to patch the bugs, or stop using the affected firewalls altogether.

Palo Alto said that only a “very small number” of firewalls is being targeted. However, citing data from the threat monitoring platform Shadowserver, BleepingComputer reported that there are more than 2,700 vulnerable PAN-OS instances.

Since a working exploit is already available, and evidence of abuse exists, Palo Alto “strongly” advises its customers to patch up, and restrict access to trusted accounts only.

"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines," the company said.

Via BleepingComputer

You might also like

• Palo Alto Networks warns users of dangerous security threat affecting firewalls
• Here's a list of the best free antivirus tools around today
• These are the best endpoint protection tools right now

• Nvidia RTX 5070 Ti has joined the roster of leaked Blackwell GPUs
• It will purportedly use the GB203 chip that’s in the RTX 5080
• Obviously it would be a cut-down GB203, possibly with 8,960 CUDA cores

Nvidia’s next-gen GPUs are supposedly arriving at CES 2025, and we’ve just caught a fresh rumor about a new model – a purported RTX 5070 Ti.

So far, the rumor mill has been sharing details about the RTX 5090, 5080, and 5070, so the 5070 Ti is a fresh leak, coming from one of the more regular providers of GPU-related rumors on X, Kopite7kimi.

In this case, Kopite7kimi hasn’t posted any details on X, but instead shared some info directly with VideoCardz.

We’re told that the RTX 5070 Ti is going to have 8,960 CUDA cores, which would mean 70 SMs (Streaming Multiprocessors), and indicates that the graphics card will use a cut-down take on the GB203 chip from Blackwell.

That’s the same chip as the RTX 5080 is rumored to run with (with the GB202 being the flagship GPU for the RTX 5090 alone).

Kopite7kimi also claims power usage will be pitched at 300W for the RTX 5070 Ti, but it isn’t clear what metric the mentioned figure might be (TGP or TDP). At any rate, this is only speculation, so season it liberally.

There’s no info provided about clock speeds at this point, or the crucial video memory loadout. The RTX 5070 has been rumored to run with 12GB of VRAM in the past, worryingly, but other gossip has suggested that a higher-tier variant – like a 5070 Ti or Super – could run with more (to the tune of 18GB).

(Image credit: Future / John Loeffler) Analysis: The ever-swirling rumors around Blackwell

It’s certainly interesting to see the RTX 5070 Ti popping up in leaks now.

It remains unclear if, as per original rumors, Nvidia might just launch a pair of Blackwell GPUs at CES 2025, the RTX 5090 and 5080 - or whether Team Green might just squeeze in another model, such as the RTX 5070, as is already rumored. Or perhaps this RTX 5070 Ti is a possibility? We doubt it, on balance, and Kopite7kimi couldn’t be drawn to comment on that speculation (VideoCardz did pose the question).

If the core count mentioned is correct, it’d be a 16% uplift on the RTX 4070 Ti (as was before Nvidia discontinued that model). Previous leaks around the RTX 5070 have suggested its core count could be relatively low – a 6,400 CUDA core count has been mentioned in the past, for example – and so that looks a bit shakier in light of this latest leak.

It’d be a pretty hefty jump from the 5070 to 5070 Ti if that was the case, a more pronounced leap than with their predecessor graphics cards – although that could be Nvidia’s plan. Either that, or the previous RTX 5070 speculation is off the mark.

You might also like

• Black Friday graphics card deals 2024: our choice picks right now
• Nvidia’s RTX 5090 now rumored to have superfast clock speeds – as well as being super-slim – could this GPU be too good to be true?
• Best PC games: must-play titles you don't want to miss

• A Galaxy tri-fold is coming in 2025, according to a South Korean tipster
• Could launch alongside Samsung Galaxy Z Fold 7 and Galaxy Z Flip 7
• Tri-fold will apparently fold inwards to rival Huawei Mate XT

We've already heard murmurs that a Samsung Galaxy tri-fold phone – a foldable with three screens and two hinges – is being prepared for a 2025 launch, and now another well-placed source has added more credibility to the claims.

South Korean tipster Yeux1122 (via Android Authority) reckons that a Galaxy tri-fold is indeed in the pipeline, ready to launch alongside the Samsung Galaxy Z Fold 7 and the Samsung Galaxy Z Flip 7 – so presumably around July 2025.

And... that's all the information we've got from this particular leak. We don't get any more details in terms of specs or design, just another piece of evidence in the case for Samsung releasing a competitor to the Huawei Mate XT.

The Huawei Mate XT, which was unveiled to the world in September, is the first tri-fold phone to be made available to consumers (well, consumers in China at least). It's unlikely to be the last though, as other manufacturers will want to copy the form factor.

More foldables

We can expect a successor to the Galaxy Z Fold 6 next year too (Image credit: Lance Ulanoff / Future)

Back in October we heard that Samsung had plans for a tri-fold foldable in 2025, which would apparently be launching alongside a budget version of the Samsung Galaxy Z Flip 7 (see our Samsung Galaxy Z Flip 6 review for details of this year's model).

While none of these rumors are confirmed just yet, it seems as though Samsung is ready to mix up its foldables strategy in order to get more market share – extra hinges, cheaper prices, and whatever else it can try to tempt more people to make the switch to a foldable.

Google's latest effort in this category has been pretty well received – see our Google Pixel 9 Pro Fold review for details – and it seems inevitable that we'll eventually see a foldable iPhone (or iPad), even if it takes Apple a few years to catch up.

That means Samsung, which has been something of a pioneer as far as foldables go, will have to keep upping its game. We can expect to hear more rumors about this tri-fold – which is apparently going to fold inwards – between now and its launch.

You might also like

• Galaxy Z Fold 7 and Galaxy Z Flip 7 codenames leak
• The best foldables you can buy
• Our review of the Samsung Galaxy Z Fold 6

• 300,000 emails from EnamelPin, owner of gs-jj.com, exposed online
• Many originate from .gov or .mil sources, which are used by military or government workers
• The leak exposed the sites links to China

Researchers at Cybernews recently discovered over 300,000 emails from EnamelPin customers were exposed for months thanks to an open Elasticsearch instance.

EnamelPin Inc is the owner of popular gift site gs-jj.com, which sells medals, lapel pins, emblems, and more.

The leaked emails contained personal information such as full names and email addresses, around 2,500 were from .gov and .mil domains. The site is unsurprisingly popular amongst US government officials and military officers, who had ordered products such as coins, patches, and medals.

National Security Concerns

“The emails and attachments exposed sensitive information about high-ranking military officials. They could be used to determine their position in certain Army units, phone numbers, email addresses, and shipping addresses,” Cybernews researchers said.

Other security issues were discovered on the site, such as the exposure of hidden git repository configuration, folder, and file structure of the website.

The data was left exposed for months, according to researchers. The information was publicly accessible from April 22 until December 5, which left many customers at risk, particularly of identity theft.

Whilst EnamelPin Inc is registered in California and aimed at civilians, the leak exposed previous unknown links to China. Researchers found a publicly accessible Git configuration file which revealed the website’s source code repository is hosted on a Chinese server.

The company also has an ‘complete expert team in China’, long delivery times suggest overseas fulfilment, and the customer support team communicate in broken English.

“Due to the Chinese government’s broad powers to access data, it may be risky for US Government and Military officials to use Chinese services, especially in the official settings," Cybernews added.

“This leak raises OPSEC concerns, as ordering patches, emblems, and other items can inadvertently expose ranks, divisions, and personal information.”

You might also like

• Take a look at our pick of the best antivirus software around
• These are the most damaging scams around, according to Google — so be on your guard
• Check out our choices for best malware removal software