The Christmas season is all about being with family and having fun. Yet, while classic board games get replaced by their online counterparts, your online privacy is increasingly at risk – not the best way to start the new year!
For instance, five of the most popular holiday-themed gaming apps are specifically Christmas-related. Worse still, free festive apps are especially data-hungry, reportedly sharing five times more data with third parties than their paid version.
These are some of the worrying findings from new research conducted by Surfshark, one of the best VPN providers on the market. Keep reading as I explain everything you need to know to stay safe.
Christmas online gaming: how much data collect?To determine the real price we pay to enjoy festive apps, the Surfshark team analyzed the 21 most popular mobile game applications on the UK App Store across the Board Games, Family Games, and Christmas lists.
These included games, but also countdowns (Santa Tracker, Christmas Countdown!), photo editing (ElfYourself), festive music (Christmas Radio+), and gift-shopping aids (Gifster).
The App Store provides a list of 35 unique data points categorized into 16 unique data point categories. The experts analyzed the data set according to the number, type, and handling of the data points collected by each app. Needless to say, the team found most of these apps to be pretty data-hungry.
Make sure to delete all the festive apps you've downloaded after the holidays are up
While the average number of unique data points collected by the most popular festive apps is seven, some gather as many as 13 out of 35.
The digital adaptation of the famous board game, Monopoli Go! tops the list of data-hungry apps with 13 unique data points collected. All of them are data linked to you, while 10 are actively used for online tracking. This means the app shares your details, including your location, with data brokers or other third parties to build your profile across different websites for targeted advertising.
The third most popular free board game app, Hexa Sort, shows a similar behavior, collecting 13 unique data points, 10 of which are tracked, including location and purchase history. Bubble Pop!, and ElfYourself are also among the most data-hungry apps.
As expected, free apps collect and share the most data, and experts found that Christmas freebies share five times more data with third parties than paid apps.
As Tomas Stamulis, Chief Security Officer at Surfshark, explains, mobile app developers are increasingly taking regulations and data protection requirements into account.
In the past, gaming apps often requested broad access to your data, while today's developers are more likely to focus on information that is truly necessary for the software to function properly.
Yet, Surfshark's research nonetheless shows how free applications consistently put your privacy at risk by sharing significantly more data with third parties compared to paid apps. This, according to Stamulis, highlights the importance of evaluating privacy implications.
He said: "A responsible approach to data protection might encourage users to opt for paid versions of apps, look for alternative apps, or consider whether the app can function without granting permissions that may not be truly necessary. If such options aren’t provided, it raises important questions about the intent behind the data collection."
Another crucial thing to keep in mind is the aftermath of the Christmas season. The likes of Christmas Countdown!, Santa Tracker, and Christmas Radio+ could track and share your location data with third parties, for example, even when you're not using the app anymore. As a rule of thumb, you should delete all the festive apps you've downloaded after the holidays are over.
While security software like virtual private network (VPN) and ad-blocker services can only boost your privacy a little – by, for instance, masking your real IP address location and protecting your device from malware – they cannot prevent the applications from tracking you. However, you could use a data removal service like Incogni afterward to ask data brokers to delete all the details they have on you.
As businesses embrace multi-cloud environments for their flexibility, scalability, and agility, they encounter new challenges in managing these complex systems. Gartner predicts that by 2028, cloud environments will become a “business necessity” and over 70% of enterprises have already embraced some form of hybrid or multi-cloud solution. The ability to distribute workloads across multiple platforms, the reduced exposure to vendor lock-in, and the potential gains in cost and performance are simply too good to pass up.
The challenge of operational silosDespite the benefits, multi-cloud environments can create operational silos among network (NetOps), security (SecOps), and cloud operations (CloudOps) teams. This fragmentation in managing critical services like DNS, DHCP, and IP address management (collectively known as DDI) exposes businesses to downtime, increased costs, and security risks caused by a lack of control and visibility across the network. The more businesses distribute their workloads, the greater the risk of silos emerging, making a strong case for unified, automated, 360-degree management of DDI (DNS, DHCP, and IP Address Management) services.
Without a unified approach to managing these network services, there is an increased risk of misconfigurations, undetected issues, and downtime. For example, if one team doesn’t have visibility into changes made by another team, the impact of those changes might not be noticed until it causes a disruption. Cost is also a factor: fragmented management often leads to inefficiencies, such as duplicated efforts or the use of multiple tools that don’t integrate well. These inefficiencies drive up operational costs as businesses spend more time and resources managing their network manually or purchasing additional solutions to bridge gaps. Silos can also weaken security: SecOps teams might not have full visibility into what the cloud or IoT networks teams are doing, leading to potential security blind spots. This fragmented view makes it harder to detect and respond to security threats across the network, leaving vulnerabilities unaddressed.
The fragmentation trapDeploying different DDI solutions across multiple cloud platforms leads to a disconnected ecosystem, with teams juggling disparate tools and workflows. The disjointed management creates bottlenecks, slows response times, and increases the risk of errors as teams often fall back on manual workarounds. When DNS solutions from different vendors are used across a hybrid or multi-cloud setup, achieving full visibility and control over the network becomes nearly impossible, because each platform typically has its own tools, interfaces, and configurations. As mentioned above, teams are then forced into workaround solutions that stifle productivity and heighten the risk of human error.
Especially manual or duplicated work can delay application deployment by weeks, affecting a company's ability to innovate and compete. Competitors with more agile processes capitalize on opportunities faster, while businesses stuck in manual workflows are left behind, facing higher operational costs and possibly damaged reputations. Consider a tech company that manually provisions critical network services for new applications. This process can take anywhere from a month to six weeks, significantly delaying product launches. We saw one customer, for instance, manage to reduce their provisioning time from six weeks to just 15 minutes by adopting the automation capabilities of our DDI solution, dramatically accelerating their time-to-market. However, the true cost of manual provisioning isn’t just about delays; it’s about lost sales and missed opportunities.
Unified DDI managementTo overcome the challenge of fragmentation and gain control and visibility over their network, organizations need a unified approach to managing DNS, DHCP, and IP Address Management across all of their cloud environments. Consolidating the management of these services into a single platform eliminates silos, enhances collaboration, and improves operational efficiency. A Universal DDI solution provides full visibility across multi-cloud environments, ensuring that all network assets, regardless of their location, are visible and manageable from a single interface, reducing the risk of oversight and enhancing operational efficiency. In addition, scalability and flexibility allows such solutions to scale seamlessly with the business’s growth and adapt to changing needs, ensuring it can handle increasing workloads and evolving technological landscapes. But it goes further than this: Automation and orchestration capabilities minimize manual intervention, reduces errors, and accelerates response times further.
Security and compliance are also critical considerations, particularly when it comes to multi-cloud environments. A unified DDI solution can offer full visibility across the entire network, allowing organizations to detect and respond to security threats more quickly, while also ensuring that all data handling and processes meet regulatory standards. Fragmented management of DNS, DHCP, and IPAM, as noted above, only increases the risk of non-compliance, particularly with regulations like GDPR or CCPA, where even minor oversights can lead to costly fines and reputational damage. A centralized approach not only reduces these risks but also bakes essential security measures – such as DNS protection – directly into critical network services management, enhancing an organization’s overall security posture.
It's time to rethink how critical network services and security are managed in the multi-cloud environment. By adopting universal management of DNS, DHCP, and IP Address Management, businesses can eliminate silos, improve efficiency, and avoid the fragmentation trap, allowing them to fully capitalize on the benefits of multi-cloud environments.
We've featured the best cloud storage.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
People in Syria are looking for their relatives and friends in prisons, hospitals and morgues. The U.N. estimates over 100,00 people have gone missing in Syria under the Assad regime.
(Image credit: Claire Harbage)
Generative AI (GenAI) is leading a widescale evolution of business processes across industries. The rapid development of use cases for the technology makes it critical that organizations invest now or risk falling behind. A recent report showed that 82% of organizations plan to introduce AI agents across their business in the next three years. It’s easy to see why. AI agents, particularly GenAI, have enormous potential to accelerate digital transformation journeys—from improving operational efficiencies to helping multi-channel contact center agents deliver experiences that delight and surprise customers.
The race to an AI-driven futureAs technology develops, organizations are under increasing pressure to demonstrate to customers and investors that they are at the forefront of innovation. They are looking to embrace GenAI to create new value by augmenting traditional business processes with new efficiencies and to drive better customer experiences. However, there is a risk of investing in technology for its own sake if they don’t embark on their adoption strategies with a clear goal in sight. This is especially true when it comes to GenAI. Two years after the emergence of ChatGPT, we’ve seen countless use cases being explored and developed. The time for experimentation is over.
In 2025, organizations need to focus on proven, value-driven applications of GenAI aligned with clear business objectives. Without this more purposeful approach, they will only scratch the surface of the benefits the technology can unlock. With the clock ticking, organizations must quickly determine which use cases to focus on and how to integrate them into their operations to create value. Here are three of the most impactful GenAI use cases that are already proven to elevate business processes to a whole new level:
1. Enhanced central business functionsGenAI should not be about reinventing the wheel. As a first step, organizations should focus on improving central business functions they already perform well. Initial use cases should be aligned to streamlining key processes such as document handling and supply chain management. These use cases will be more effective with focused AI models trained on targeted data sets that provide the rich context needed to automate specific functions with precision.
As a result, organizations will increasingly embrace Small Language Models (SLMs) in 2025. These approaches are more cost-effective, easier to customize, and have fewer parameters than Large Language Models (LLMs), making them better suited to targeted business functions. In fact, 56% of organizations plan to use SLMs within the next three years, demonstrating the central role they will play in future GenAI strategies. As they continue to curate SLMs for new use cases, organizations will be able to power further AI solutions to streamline additional business functions.
2. Improved CX and quality of lifeCustomer experience (CX) is another function organizations can take one step further with GenAI. Most significantly, GenAI assistants can make life easier for service agents and help them deliver better outcomes for the business, especially those in CX roles. For example, contact center teams may have to search multiple systems for the information they need to handle customer complaints or reschedule an appointment during a support call. This process takes time, keeping the customer waiting longer and degrading their experience — especially if they are forced to recount previous conversations with other team members.
With a GenAI assistant, time-consuming tasks associated with document processing and information gathering can be automated. This helps agents deliver experiences far beyond what callers expect, allowing organizations to surprise and delight their customers. It also enables service agents to focus on higher-value tasks such as building relationships with customers, giving them greater job satisfaction, and alleviating burnout. As these capabilities mature, leveraging a blend of humans and GenAI agents will revolutionize customer experience through predictive analysis and process automation, helping organizations to remain agile and carve out a more decisive competitive advantage.
3. Advanced communication skillsFinally, GenAI has real potential to reduce language barriers and empower service agents to support customers from any location. A recent report found that AI can deliver a 90% reduction in document translation time, resulting in efficiency savings of up to 2.79 million euros. GenAI can use a similar capability to detect language and automate responses to frequent customer queries via webchat, email, social media, and even phone. In many cases, this removes the need for customers to speak with service agents. That not only improves customer satisfaction by accelerating resolution time but extends the organization's reach by moving beyond traditional communications channels.
Human agents can also leverage AI-powered voice assistants to translate conversations during live service interactions so that they can speak with customers without being fluent in their language. This means that in 2025, human empathy and experience in dealing with complex customer challenges are the skills that will matter most for service agents, not the number of languages they speak. As their use cases for GenAI mature in this area, organizations will propel customer experience to the next level by streamlining workflows and reducing case resolution times dramatically.
Generating value with AIGenAI has huge potential to transform business processes, but organizations urgently need to move beyond the experimentation phase to tap into this opportunity. As tangible use cases continue to emerge, organizations must have clear, customer-focused objectives and a well-defined roadmap to ensure they integrate these technologies in a way that drives value. With this more considered approach, they will be much better poised to reap the rewards of GenAI and deliver market-leading innovation.
We've featured the best AI phone.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
The Kanto Ren powered speaker system is, basically, ace. Designed with multi-functionality in mind, Ren is a broad-strokes stereo hi-fi that can speak to most anything you’d want it to. With HDMI ARC, optical, USB-C, RCA and 3.5mm aux inputs, and with strong Bluetooth 5.3 connectivity besides, this is the does-everything bookshelf hi-fi system that most people spend a long time putting together piece by piece – and it sounds brilliant, as well.
These active speakers are relatively low-profile against similarly-powered hi-fi and AV systems, but pack a punch with their 100W RMS of auditory juice. There’s nothing lacking frequency-wise, with a rich and compelling responsiveness across the spectrum. This, coupled with its incredible dynamic response, makes it a supple system for TV and video games, as well as an impressive and convenient music delivery system.
In short, these are plug-and-play stereo speakers with quality internals and unbeatable I/O, and at quite a competitive price for its unique placement in the audio-tech market. The Kanto Ren should appeal to quite a few different people, whether you’re after a new bookshelf hi-fi, an alternative to a TV soundbar or a no-fuss all-in-one sound system. Some of the best stereo speakers we've tested in a while then? Why, yes.
(Image credit: Future (James Grimshaw) ) Kanto Ren review: Price & release dateMost powered speakers of this ilk exist in the studio monitor space, as reference speakers for audio engineers and music producers – a few popular examples being Yamaha’s HS-series speakers and Adam Audio’s T5Vs (amongst a great many others we haven’t the time to profile here). These, though, are designed as practical utilities, and with music production specifically in mind – meaning fewer consumer-friendly inputs, and a frequency response curve that aims to be as flat and neutral as possible.
The Rens take the operating principles of these integrated desktop/studio solutions and brings them to the world of hi-fi, making for a genius marriage of smart audio-tech design and consumer need. In a market where customers are willing to spend upwards of four figures on a soundbar, this powerful and portable pair of highly-connectible modern bookshelf speakers is sure to stun.
(Image credit: Future (James Grimshaw) ) Kanto Ren review: FeaturesThe Kanto Ren active speaker system is a well-featured all-in-one hi-fi dealio, cramming a powerful amp with some peerless connectivity into the chassis of one of the speakers. There’s six inputs to switch between here, including: USB-C, HDMI, optical, RCA, 3.5mm aux and Bluetooth 5.3. All of these are switch-between-able on the handy included remote control, which also gives you immediate control of bass, treble and volume levels (if you don’t feel like controlling any of the latter with the powered speaker’s front-borne rotary encoder, itself a satisfyingly tactile little knob).
The Kanto Ren is a stereo speaker system, and its integrated amplifier circuitry basically follows suit – which means no extending your setup to surround-sound (though why you’d ever want to do so with this particular setup is another question entirely). There is, however, an RCA subwoofer output – which naturally cries out to be paired with Kanto’s existing SUB8 sealed subwoofer. With a subwoofer plugged in, any sounds below 80Hz are neatly and automatically redirected to it; our review is a sub-less one, though, to focus on the merits of the Rens alone.
Inside, there’s some clever digital goings-on alongside the smart convenience displayed outside. There are two digital sound profiles you can engage and switch between – namely, the Vocal Boost and Night Mode algorithms, which respectively solve the two biggest problems facing the modern TV-binger: quiet dialogue and paper-thin party walls.
Another nifty digital feature is the Ren’s auto-wake function, which you can toggle on and off with the remote. This feature ensures the speakers leap to life the moment they detect incoming audio – meaning you can enjoy their enhanced sound soon as you switch your TV on. Everything’s geared to user convenience, and it shows; using the Kanto Ren system has been nothing but a breeze from day dot.
The Kanto Ren system was first put through its paces via its optical input, connected to my TV. My partner and I had picked an excellent time to rewatch the first two seasons of Twin Peaks together; Angelo Badalamenti’s intro theme was a hugely gratifying listen every time the opening credits swelled in, and every tense spook was robustly supported by the wellsprings of low end these speakers are capable of producing.
Speaking of spooks, the dynamic range of the Rens was thoroughly tested by my tremulous playthrough of mind-bending action-horror Alan Wake II on the PS5 – an excellent game whose subtle nods to the Twin Peaks mythos are more like vociferous headbangs. From subtle tension to outright jumpscares, the game’s sound design is a dynamic delight; the Rens handle every jolt and spike with great humour, even when in neighbour-placating ‘night mode’ setting.
The sonorous bass is supported in no small part by the ported rear, which supplies a lot of air movement – and, naturally, makes for a pumpy, slightly indistinct low-end. With this less-sculpted breathy ‘flab’ at higher volumes, you can see why Kanto went to the trouble of including a subwoofer output. Granted, my corner-alcove placement for TV listening won’t be winning any awards (and neither will my makeshift stacked-book speaker stands, for that matter), particularly with respect to bass response – which is why I tested them elsewhere in my house for their Bluetooth and aux-input musical merits.
(Image credit: Future (James Grimshaw) )In testing out the Bluetooth mode, I whacked on Richard Dawson’s 2023 album The Hermit via Spotify – the title track of which is a 45-minute post-folk micro-odyssey through bucolic far-future Northumberland. This album-length song is extremely dynamically rich, and the Rens don’t falter for a moment in representing that richness.
Dawson’s croaked whispers vault into soaring leads, and tactile, distant electric guitars get swallowed by a Talk-Talk-y orchestra of loud-yet-ambient instrumentation; all of this is clear, distinct and well-separated, and as gratifyingly dynamic as the song could ever demand to be, all in spite of the potential throttling either Spotify or the Bluetooth codec can employ. Good work, Ren! That subtle breathiness in the bass is less pronounced without my bass-trappy alcove – but even within, the Rens still retained clarity and purposeful responsiveness practically everywhere else.
To test its handling of transients in a more controlled setting, I also listened to Cool Sounds’ Like That, an irreverent record full of groovy guitars and bright disco drums; Part-Time Punk’s gloriously dead 70s drums are tactile and three-dimensional, dance-y right-to-left tom fill revealing the strength of the Ren’s soundstage.
In all, the Kanto Ren stereo pair is a delightful-sounding array, and great in practically every scenario in which they could conceivably be placed. There are obvious shortcomings with respect to the ultra-low end, but shortcomings overcome by clever design – and which aren’t all that short of the mark to begin with. They’re loud, proud and unequivocally hi-fi, beating out a great many systems built for similar or even greater price-points. For this price, and with their place in the market borne firmly in mind, they’re practically perfect.
The Kanto Ren speakers are, in a word, fetching. The MDF chassis combine considered contours with sleek surfaces; the flat front panel and its sharp vertices are offset by how beautifully the speaker cones are countersunk in – the dust covers of which are, themselves, delightfully suave.
This writer’s review set came in a fetching matte blue – but there are four other fetching matte colorways for you to pick from, including a fetchingly nostalgic orange. The slight disappointment of not getting the orange Rens to review was offset immediately by how tastefully – might I say, fetchingly? – the blue ones straddled our rather fetching orange TV stand.
The tasteful nature of the speakers extends to the soft LED dot on the active speaker unit – which smoothly changes hue depending on the audio sources you switch between. The optical source, which was used for the majority of this review, is represented by a shade of lilac I’d only describe as ‘kind’.
A small niggle, though, presents in how stubbornly finger-marks stick to that fetching matte finish. Despite the conclusions you may draw from the pictures supplied with this review, its writer’s hands are not grubby little mitts after all – but rather clumsy ones, the evidence of which is borne out by the near-unmovable streaks of dark across the otherwise-fetching front faces of the speakers. I digress.
As far as practical design is concerned, the Rens serve well. Threaded holes on the rear provide for those that might want to wall-mount their speakers, and rubber feet are provided separately so as not to rob you of choice in any matter. There are even some optional speaker grilles you can place over the front, held in place magnetically so as not to mar the sleek front with anchor slots. All told; the Kanto Ren system is designed beautifully, and considerately too.
Being active speakers, setting up the Kanto Ren stereo set is an absolute trifle – the hardest part being the safe manoeuvring of the speakers into place without scuffing that fetching (I said it again!) matte finish. There’s no additional hi-fi amp-wrangling or cable-knotting to contend with, past the simple fact of connecting speaker to speaker, and audio source to system. Indeed, setting these up is about as simple as setting up any decent hi-fi system could ever be (and especially so for AV setups).
The remote control is the thing you’ll be interacting with the most by far, and it couldn’t be simpler to operate. Everything’s clearly signposted, and you barely need the remote control ‘map’ to know what you’re pressing. A minor point presents in the occasional unresponsiveness of the volume control to repeated presses, but a little patience goes a long way with smooth control of the Ren’s various parameters (as it of course does with life in general).
The speakers ship with a length of two-core speaker cable for you to connect left speaker with right, via the screw terminals at the rear. Unfortunately, the Rens don’t ship with additional HDMI or optical cables for comprehensive out-of-the-box connectivity; if you don’t already have the requisite cables to hand, you might be ordering in and waiting a day for what you need. This writer had – and most of you will have, at that – cables aplenty to hand, but a spare HDMI wouldn’t have gone amiss as a little out-of-the-box sweetener!
The $599/£599/€719 (so, around AU$1,199) price point is not a trifling one, even if it does technically fall towards the lower end of the price spectrum in a broader field of living-room sound-system solutions. It’s an investment for an integrated hi-fi system, whichever way you slice it – but it’s a great investment too, and in all the same slice-ings.
If you’re wanting a genuine upgrade from the soundbar you got last Black Friday which sounds ‘ok I guess’, you’ll be blown away by the difference these full-throated speakers provide. If you’re looking to invest in better sound for your TV for the first ever time – and looking for a foolproof plug-and-play place to start – you couldn’t spend $599 much better if you tried. Great-sounding integrated systems are hard to come by, but for me the Kanto Ren ticks all the right boxes. As a living-room stereo pair, these are perfectly pitched to handle everything – and pretty darn well, at that.
You want excellent hi-fi sound without the faff
The Kanto Ren system packs a shedload of functionality into the form of two mid-sized bookshelf speakers. You don’t need anything else to guarantee a quality listening or watching experience – save for a decent subwoofer to tack on if you’ve a larger space to serve. With its broad connectivity, it can be your everything-system for anything – whether you connect your laptop via USB-C, your Wi-Fi streaming set-up via optical, or your TV via HDMI.
You’re thinking about buying a soundbar
Yes, soundbars are pretty nifty looking, and yes, some soundbars purport to do pseudo-surround sound really well, but all soundbars are undeniably limited by their form. The Kanto Ren brings controlled richness and huge dynamic range in an unconventional iteration of a conventional hi-fi format, and will resultingly blow any and all consumer-grade soundbars out of the water with consummate ease.
You want a surround-sound AV setup
Being an active stereo speaker array, it should not come as a surprise that the Kanto Ren’s integrated amplifier is stereo through and through, and does not have an additional 3 channels for surround sound. Still, if you’re wanting something that’s more expressly home-cinema-coded, maybe give these a miss.
You value upgradeability
The Kanto Ren is an integrated stereo amplifier system, with all the bells and whistles built right into the speakers themselves. If you like the idea of trying out some new speakers in the future, or eventually investing in some audiophile-grade tube amplifier system, you should be spending your money on a more modular type of hi-fi system.
Klipsch R-51PM
Klipsch is another vaunted name in hi-fi, on account of the incredible dynamics their speakers are capable of representing (amongst other things). These are an active bookshelf offering, with optical, USB and RCA in amongst other I/O opportunities. There’s no HDMI ARC here, but there is an incredible soundstage – and a built-in phono pre-amp for the budding vinyl enthusiasts in the room.
Read more in our full Klipsch R-51PM review View Deal
KEF LSX II
KEF’s LSXII stereo speakers are similarly impressive in terms of connectivity, with HMDI ARC, optical and USB-C as well as KEF’s own W2 streaming architecture. The cones are a little smaller, and the price a little higher – but there’s some signature KEF quality in these tiny bookshelf powerhouses.View Deal
The Kanto Ren speakers spent most of their time bookending my TV in the inner alcove of my living room, where they were put to the test, via HDMI ARC and optical input, as the primary audio system for watching TV and playing video games – as well as, in hi-fi terms, for Bluetooth streaming. Phono and Bluetooth were also trialled in my attic office, in order to assess the frequency response of the speakers in different acoustic spaces. I listened to personal-favourite records, the sound of which I could comfortably corroborate against the performance of other systems with which I’m familiar.
First reviewed: December 2024
Read more about how we test at TechRadar
The US Cybersecurity and Infrastructure Agency (CISA) has added a new Windows flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a deadline to apply a patch, or stop using the software altogether.
The bug is a Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability with a high severity score of 7.8, tracked as CVE-2024-35250.
The bug can be used to gain system privileges in low-complexity attacks that don’t even require any user interaction.
Adobe ColdFusion"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in its advisory.
Since Microsoft did not share any further details about this vulnerability, the publication cited the DEVCORE Research team, who demonstrated how the bug works during this year’s Pwn2Own Vancouver hackathon. The same team reported the bug to Microsoft, who patched it in June’s Patch Tuesday cumulative update, A proof-of-concept (PoC) was released to GitHub a few months later.
When a vulnerability is added to KEV, that means that there is evidence of in-the-wild abuse. Federal agencies have a three-week deadline to apply the patch, or stop using the flawed software.
At the same time, CISA also added an Adobe ColdFusion vulnerability, tracked as CVE-2024-20767. This one is described as an improper access control weakness that grants unauthenticated remote threat actors the ability to read sensitive files. It affects ColdFusion versions 2023.6, 2021.12 and earlier, and has a high severity score of 7.4 - and Adobe patched it in March 2024.
“An attacker could leverage this vulnerability to access or modify restricted files,” reads the flaw’s description on CVE.org. “Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.”
CISA stressed that these types of vulnerabilities are “frequent attack vectors for malicious cyber actors” and as such pose a significant risk to the federal enterprise.
Agencies have until January 6, 2025 to apply the fixes.
Via BleepingComputer
You might also likeZotac just leaked details of what might be the initial line-up of next-gen desktop graphics cards from Nvidia.
VideoCardz did the sleuthing here, turning up details Zotac accidentally aired on its own website, showing us the Blackwell GPUs that the graphics card maker will initially debut (in theory, anyway). Furthermore, Zotac also dropped a tasty nugget of info on the VRAM configuration for what’s surely the next-gen flagship.
The models listed by Zotac – and all the spilled details have now been removed, we should clarify – were as follows:
The Nvidia RTX 5090D is the variant of the flagship for China, following in the footsteps of the RTX 4090D, as you’re likely aware.
As for the VRAM info, Zotac has filters for its GPUs to allow sorting by memory type and capacity, and mistakenly put a GDDR7 option in the former, as well as an allocation of 32GB in the latter.
This shows us that RTX 5000 graphics cards will carry GDDR7 VRAM as (heavily) rumored – all models will use this cutting-edge memory, supposedly – and that there’ll be a 32GB allocation of video RAM in the line-up, as there isn’t with the current-gen (which tops out at 24GB).
The GPU paired with 32GB must, of course, be the RTX 5090, and this is what’s already been rumored for the next-gen flagship.
(Image credit: Future / John Loeffler) Analysis: What about the RTX 5060, though?With this kind of work going on with manufacturer websites, in the background – well, it should have been on the quiet, in the background, but was accidentally sent live by a Zotac employee, clearly – shows we are about to get new RTX 5000 GPUs at CES 2025. Although Nvidia has all but said that, anyway, at this point.
The really interesting bit here is the underlining of the RTX 5090 being a mighty GPU sporting 32GB of video RAM, and the range of models available initially, which are as expected, pretty much. Well, the RTX 5090 and 5080 are, anyway, the rumor mill just isn’t quite sure if we’ll also get the RTX 5070 or the 5070 Ti – and maybe this is a suggestion that Nvidia will push out both. Alternatively, perhaps one of those RTX 5070 variants may come slightly later.
Notably, there’s no mention of the RTX 5060, which has recently floated up on the rumor winds as a possible GPU launch for later in the first quarter of 2025. Zotac may not be prepping that because it’s a couple of months down the line from these initial launches – or perhaps this is a hint that this lower-tier Blackwell graphics card won’t turn up until later in 2025.
You might also likeJohn Lewis is offering an AI-mazing Christmas present: an extra £300 off the super-powered Pixel 9 Series when you trade in an iPhone. With advanced cameras and AI photo editing, 7 years of free upgrades and Google's most powerful chip yet, the Pixel 9 Series raises the bar for, well, everything.
A phone full of firstsPixel gets the best of Google AI first. Its AI-enhanced camera enables you to take incredible pictures and to make them better than you can imagine, in ways you can't believe. With Add Me You can magically merge two photos together to add you into group shots, and with Best Take you can be sure you'll always see everybody's best side by combining multiple takes into one brilliant one. And with Photo Unblur in Google Photos you can sharpen even the fuzziest pics, old or new, with just a couple of taps.
Gemini AI gets things done, done and then someIt's tempting to spend all day just using the Pixel 9 Series' amazing camera and Google's cutting-edge AI tools. But the Pixel 9 Series with Gemini is also here to do all the things that you do every day – as well as some things you've never done before.
That's because Gemini is your AI sidekick. It'll summarise your Gmail messages and your Google Docs, tell you what's in your photo and help you find things online with the superb Circle To Search: when you see something you want to look at, just circle it on your screen and Pixel's AI will find it. Fast.
(Image credit: Google) Reimagine reality with Magic EditorWith Magic Editor you can use AI power to unleash your imagination. Want to turn the sky pink, or turn the grass into a beach? Just type what you want to see and Magic Editor will make it appear. And you can even move people or things around in your photos to get everything and everyone positioned perfectly.
One of our favourite features is Magic Eraser, which makes things disappear. Whether it's someone photobombing a group selfie or just unwanted items such as power lines or other distractions, Magic Eraser makes them history. Instantly.
The camera that's next-level amazingIn order to take great photos you need to start with a great camera. And the highly acclaimed Pixel Camera is exactly that. It enables you to take stunning photos and videos in any light, from super close-up to really far away. The combination of its 50MP wide camera and Night Sight means superbly sharp, vivid photos in low light, and Google hasn't forgotten about selfies either: the 10.5MP front camera with autofocus means super-sharp, share-worthy selfies every time.
If you're used to shooting with an iPhone you're probably familiar with one of its irritations: recent models are notorious for applying too much processing to some photos, and that's processing you can't then undo. But the Pixel Camera delivers true-to-you skin tones thanks to its Real Tone feature, which represents the nuance of skin tones beautifully, authentically and accurately. And if you have low vision, the Guided Frame feature helps your selfie game by using audio and haptics to guide you into the perfect framing for photos.
(Image credit: Google) Super powerful. Super-poweredThe first thing you'll notice about the Pixel 9 Series is how good its display looks. The 6.3-inch Actua display in the Pixel 9 isn't just super bright. It's super smooth too, with a speedy 120Hz refresh rate for incredibly smooth gaming, scrolling and switching apps. And it's teamed up with the Google Tensor G4, the most powerful Google chip yet. The Tensor G4 was made for Google Pixel's advanced AI, and with a massive 12GB of RAM it's both silky-smooth and sensationally speedy.
The weak spot for some smartphones is their battery. Not here. The Pixel 9 comes with a battery that can last over 24 hours, and if you pop it into Extreme Battery Saver mode you can get up to 100 hours between charges – brilliant if you're travelling or going off-grid. And when you get back to civilisation you can recharge it from zero to 55% in about 30 minutes.
Pixel protects you and your infoAs you'd expect from Google Pixel, the new Pixel 9 series delivers rock-solid security and protection against common mobile and online scams including online fraud and phishing scams. And that protection lasts. When you buy your Pixel 9 Series you're getting 7 years of operating system and security updates, plus free Pixel Drops to deliver new and upgraded features. That means you can be sure that you're getting the most advanced AI features first. When you buy your Pixel, you're buying a phone that gets even better over time.
The phone you'll want to holdRedesigned with damage-resistant front and back glass, curved edges and a smooth, durable frame, Pixel 9 is built to last. And of course it works brilliantly with other Pixel devices including Pixel phones, Pixel buds and Pixel Watch. Together they use the power of Google Pixel AI to deliver even more personalised, powerful help.
With its AI-mazing camera and photography tools, its super-powered Tensor G4 chip and that beautifully smooth display, the Pixel 9 isn't just advanced. It's incredible. And with up to £300 off when you trade in an iPhone at John Lewis, it's amazingly affordable too. This deal is only available from John Lewis, where you’re not just getting exceptional value for money. You’re also getting John Lewis’s exceptional customer service too.
Click here to discover the Pixel 9, your new favourite phone.
Apple has released its first beta for the upcoming macOS Sequoia 15.3 update for developers, and it reportedly brings a feature powered by Apple Intelligence that the company has been hyping up for some time now: Genmoji. This developer beta follows swiftly on the heels of the release of macOS Sequoia 15.2, which came out about a week ago.
Genmoji will allow Mac users to generate their own unique emojis based on a prompt and this is also the first time we’ll see it on a desktop (the feature was already available on iOS 18.2 for iPhones and iPadOS 18.2 for iPads and now Mac users get to join in on the party), as reported by MacRumors.
To access this developer beta version (and future developer beta releases), you have to register with Apple as a developer (which comes with a subscription fee).
Genmoji is meant to expand the way people can express themselves via custom emojis. On the support page for the feature on iPhone, Apple claims that you can give Genmoji a simple description of what you want your custom Genmoji to look like or create one based on a photo of a person, such as a friend or family member.
Once you generate a custom emoji, you’ll be able to use it like other emojis that are included in Apple software by default. These emojis will then work across devices running iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1 or later. For those using older versions or an Android device, custom-generated emojis will still show up, but as an image rather than an emoji (which are distinct as far as Apple OSs are concerned).
(Image credit: Shutterstock/DimaBerlin) How to use Genmoji on your MacYou can create a Genmoji and use it via the emoji palette on Mac. Here are some ways you can access Genmoji on Mac:
Use a keyboard shortcut: Press Control + Command + Space in any app that supports text input, like Notes or Messages
Click the emoji icon: If you’re using an app like Messages, look for the smiley face emoji button in the text bar
When the emoji palette is opened, you’ll apparently be able to see options to create and use Genmoji alongside your standard emoji.
Keep in mind that Genmoji is part of Apple’s shiny new Apple Intelligence suite of AI-powered features, which means it will require your Mac being fitted with an Apple silicon chip (like the M1, M2, or newer).
All Genmoji generation happens on whatever device you’re using without needing an internet connection so you can use it offline.
If you are particularly expressive when it comes to using emojis, I can see this being fun to try, even just to see what Genmoji spits out and how fitting it is to your prompt. It can make messaging and note-taking more personal and expand the possibilities of how people can express themselves. I don’t know if I would use this every time I wanted to send a message or even use an emoji, so it’ll be interesting to watch if it catches on with users.
As Genmoji is currently in the macOS Sequoia developer beta, it has a little way to go before rolling out to the public. It'll have to go through a public beta, which you can enroll in for free, and then if Apple thinks it's ready to go, it'll be added to a future macOS Sequoia update in the next couple months.
YOU MIGHT ALSO LIKE...NetEase has announced that a brand new, limited-time game mode will be coming to Marvel Rivals this week.
Jeff's Winter Splash Festival is part of Marvel Rivals' Winter Celebration event, a 4v4 game mode featuring Jeff the Land Shark as the star character, and is scheduled to release on December 20 at 11 PM PST / 4 PM EST / 7 PM GMT.
From the latest announcement trailer, it seems the game mode is heavily inspired by Splatoon, and will require each team of four players to cover the surface area of the winter map in their designated color in order to win.
Alongside the main event, players can also expect brand new winter-themed skins for five heroes, including Jeff, Magik, Venom, Rocket Raccoon, and Groot.
The end of the trailer confirms that Jeff's adorable new costume can be obtained for free during the event, but it looks like the four other skins will be store-exclusive.
NetEase has also revealed there will be a "special winter greeting card with gifts from Jeff", as well as "a few surprises" when the update drops later this week.
Marvel Rivals launched earlier this month for PC and consoles and was quick to garner over 444,000 concurrent players on Steam on its first day of release (via GameRant).
If you're just getting started with the hero shooter, here are the Marvel Rivals codes you can redeem for the month of December 2024.
You might also like...It’s all kicking off between Intel and Qualcomm of late, as one of the new interim co-CEOs of Team Blue has taken a pointed swipe at Snapdragon-powered Copilot+ PCs. As you might imagine, Qualcomm was quick to return fire – and in no uncertain terms.
Windows Central reports that this started with Intel’s Michelle Johnston Holthaus, who currently helms Intel along with co-CEO David Zinsner, following Pat Gelsinger’s sudden departure.
Holthaus observed that Arm-based PCs, which are a major part of Microsoft’s drive with Copilot+ laptops, powered by Qualcomm Snapdragon X chips, might not be all that popular: “If you look at the return rate for Arm PCs, you go talk to any retailer, their number one concern is, ‘Wow, I get a large percentage of these back,’ because you go to set them up, and the things that we just expect don’t work.”
So, the claim here is not that Arm PCs are less reliable on the hardware front, but that software compatibility is the main sticking point, and reason why some buyers are returning their devices.
Qualcomm then issued a statement in reply to this, published by CRN, which read: “Our devices continue to have greater than 4+ stars across consumer reviews and our products have received numerous accolades across the industry including awards from Fast Company, TechRadar, and many consumer publications. Our device return rates are within industry norm.”
In short – unsurprisingly – Qualcomm was having none of this, with the spokesperson making it clear that return rates of Snapdragon X laptops are within the expected ‘industry norm’ range for PCs.
Analysis: Laptop realities and airy assertionsThe gloves are off, then, well and truly. Intel’s been having a turbulent time this year, of course, so is this just a case of lashing out, deflecting, and drawing attention to the weaknesses of rivals?
Not as such, because I can see Intel’s point here. It’s easy to imagine a scenario where an average consumer buys an Arm laptop, gets it home, then finds out a game doesn’t run on it – or an app runs, but rather sluggishly – then they get frustrated and take it back to the shop, complaining that it’s ‘faulty’ and doesn’t work properly. Not the hardware, but the way in which the device copes with the software out there in the Windows ecosystem.
The root issue here is that Arm is a different architecture to AMD and Intel’s x86 chips, and most Windows apps are written for the latter – these are by far the dominant CPUs out there, of course, in Windows land.
Software (and game) developers have to code their products for Arm to run natively and fully performant, and if an Arm incarnation doesn’t exist, Arm-based PCs run the x86 version but have to emulate it (if it can work at all, and some software – and games in particular – can be a non-starter). That emulation involves overheads which can drag down performance somewhat.
Apple made the move to Arm, and its own M-series silicon, with its Macs, using the Rosetta translation layer for emulation (now considerably refined with version 2). Also, a major motivating factor for developers was that Apple was transitioning fully to Arm – so software and game makers coding for macOS had to get on board, or be left behind.
In Microsoft’s case, its Prism emulation – the equivalent of Rosetta – is still in its early stages, so not as refined. But more importantly, Microsoft is offering Arm PCs as an alternative, while still mostly being behind x86 chips.
So, there’s less incentive for developers to code Arm-specific apps or games for what’s a relatively small niche of laptops right now – and if that native software doesn’t come, the mentioned compatibility issues are in play, and put people off buying Arm notebooks.
Essentially, it’s a tricky situation: without the software support in place, growing the hardware base is more difficult, and without the hardware out there, motivating devs to write that native software is an uphill struggle.
(Image credit: Future)So, it’s easy to imagine the rocky road Arm on Windows is currently travelling (and has always been on, in fact). And it’s true that what Intel is claiming is plausible to an extent – and somewhat backed up anecdotally by what I’ve read online. But we’ve got to be very careful about drawing conclusions based on what are theories, ultimately, and what Intel is saying here is all too airy.
We aren’t given numbers, percentages, or facts by Intel – just an assertion that retailers are getting large quantities of Arm PCs returned. Qualcomm’s reply is vague too, merely mentioning industry norms, without setting us (or Intel) straight in terms of an actual figure here.
Also consider that there’s no doubting that Snapdragon X-based laptops are excellent in some cases – TechRadar’s current best laptop is one of these machines (Microsoft’s Surface Laptop) – despite the weaknesses of Windows on Arm, and they are definitely present.
Analyst firms are also predicting some major growth for Copilot+ PCs with Arm chips, something Intel is doubtless not going to mention. But those are just forecasts – and x86 growth is supposedly going to be strong, too, although the claim is that Arm-based PCs could own 30% of the laptop market by 2028.
I can’t tell the future, but what I can tell you is that it feels rather unseemly for Intel to be throwing stones at this point, at the close of a pretty terrible 2024 for the chip giant in many respects. Qualcomm might well be tempted to ask what the return rate is on Intel’s 13th and 14th-gen desktop CPUs, following an actual hardware fault across two entire generations of silicon, perhaps.
You might also like...Saily, one of the best travel eSIMs on the market has just added some security features to help you stay protected against online threats right from within the app.
Developed by the team behind NordVPN, Saily now boasts a virtual location option, built-in ad-blocker, and web protection tools. The team claims to be the first wireless provider "to introduce a layer of security to its offering."
A new standard for mobile connectivity"We are setting a new standard for mobile connectivity – one that prioritizes security, privacy, and innovation," says Vykintas Maknickas, CEO of Saily. "Backed by NordVPN experience, we are pioneering an eSIM connection that adds a level of protection from cyber threats without any additional apps."
The Saily app now includes three extra privacy and security features. For starters, like the best VPN services, the virtual location allows you to mask your true IP address location to trick your internet service provider (ISP) into thinking you're browsing from a completely different country in no time. At the time of writing, there are 37 locations you can choose from.
This feature is convenient when traveling abroad to keep accessing websites as you'd do at home, or bypass any potential geo-restriction without downloading or signing up to another virtual private network (VPN) app.
At the same time, a built-in ad-blocker and web protection tools will keep your device secure by blocking invasive ads, malware, and malicious or phishing websites while keeping online tracking at a minimum.
The Saily team, Maknickas explains, estimated that these features will help you to save up to 21% of mobile data too, rather than just boost your security.
(Image credit: Nord Security)As per NordVPN data, 85% of travelers are worried about getting hacked when on vacation. While travel eSIMs are a good way to stay away from unsecured public Wi-Fi hotspots, they cannot protect you from other cybersecurity risks.
"The new features were designed for travelers, enabling them to focus on exploring their destination while worrying less about cybersecurity risks," says Maknickas.
To use the new security features, all you need to do is download the Saily app and purchase any plan of your choice. Sign up by December 30 to grab a 15% discount by adding the code 'SECURITY15' at the checkout.
Remember, you'll need to activate the features directly from within the app. These will be available until either you turn them off or the data plan expires.
If you’ve encountered any social media scams this year, you’re not alone. The ESET 2024 threat report has revealed investment and crypto scams are dominating the digital landscape, alongside ransomware and infostealers -despite law enforcement's best efforts.
Most social media users will probably have noticed a serious rise in the number of scams this year, and especially in ‘investment opportunities’ targeting hopeful crypto entrepreneurs. Criminals are increasingly using deepfakes and AI generated content, often featuring celebrity images to legitimize the brand.
The primary goal of these scams is to harvest data from victims, and encourage them to invest money into fraudulent products and schemes, even going as far as to create fake testimonials, adverts, and positive reviews on X (formerly Twitter) and YouTube, in order to seem authentic - so be skeptical of any online endorsements.
Filling Lockbit’s shoesElsewhere in 2024, the infamous Lockbit disruption has left a vacuum which is being filled by new and existing groups. RansomHub stepped up to the challenge, and has claimed almost 500 victims so far, including Kawasaki and Halliburton. Although Lockbit is rebuilding its infrastructure, its reputation has taken a hit, and the group has struggled to recruit skilled hackers into its ranks.
There’s also been some upheaval in the infostealer arena, with huge players RedLine and Meta taken down by Dutch authorities in October of this year. As a result of this, competitor Lumma stealer has become more popular than ever, seeing a 368% increase in the second half of 2024.
One of the top malware players, Agent Tesla, has seen a 26% decrease in detections in the second half of the year. This doesn’t mean malware is on the decline though, as Formbook saw a resurgence, even hitting 7,000 detections in one day.
The cyberthreat landscape is fickle and unpredictable. Law enforcement have seen some important victories this year, but inevitably any disrupted groups are soon replaced by their competitors.
“The second half of 2024 seems to have kept cybercriminals busy finding security loopholes and innovative ways to expand their victim pool, in the usual cat-and-mouse game with defenders.” said ESET Director of Threat Detection Jiří Kropáč.
You might also likeA new Remote Access Trojan (RAT) malware has been detected targeting Chinese-branded web cameras and DVRs used in Western companies.
HiatusRAT, and it allows threat actors to “take over and control a targeted device from a distance”, says the FBI, which released a new Private Industry Notification (PIN) warning Hiatus’ operatives most likely kicked off their campaign in July 2022, and were looking to spy on US government organizations.
“Cybersecurity companies have also observed these actors using the malware to target a range of Taiwan-based organizations and to carry out reconnaissance against a US government server used for submitting and retrieving defense contract proposals,” the PIN says.
DVRs and web camsThe PIN noted the attackers were especially targeting web cameras and DVRs with known vulnerabilities, especially those who reached end-of-life, and those whose vendors are yet to patch the flaws.
Xiongmai and Hikvision were some of the names mentioned in the PIN, although the wording suggests that there are more vendors whose equipment is being targeted.
The FBI also said HiatusRAT scanned for IoT devices in the US, Australia, Canada, New Zealand, and the UK, for flaws including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, CVE-2021-36260. The crooks were also looking for devices with weak vendor-supplied passwords.
To run the scans, the attackers apparently used off-the-shelf, open-source software: “They used Ingram — a webcam-scanning tool available on Github — to conduct scanning activity,” the FBI said. “And they used Medusa — an open-source brute-force authentication cracking tool — to target Hikvision cameras with telnet access. Targeted TCP ports have included: 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575.”
You might also likeRoku has been on a streak of adding additional features. After updating its iconic “City” screensaver, it’s unveiling a slew of smart home features that will arrive on its streaming players and TVs.
Suffice it to say that the leading feature has been coming for a long time and will be a big win for anyone with single or multiple security cameras. Roku is bringing ‘picture-in-picture’ to its smart TV interface, meaning that if motion is detected, it won’t take over your whole screen but instead will appear in the corner of the TV.
Furthermore, if it’s an area you want to keep an eye on, you can pin that live feed to a corner of your TV. This allows you to take in whatever content you’re watching while keeping an eye on the security feed. Super handy, especially if you have a baby monitor or a dog camera. This matches the smart home picture-in-picture functionality we’ve seen on other smart TVs like Samsung’s Tizen or Google TV.
(Image credit: Roku)As you might expect, the picture-in-picture functionality will be rolling out to select Roku TVs and streaming players, and it works with the brand's indoor and outdoor wired cameras.
While this picture-in-picture feature is the leading new attraction, Roku's update also introduces several other features, including a “Camera Carousel,” an innovative fix for scrolling through cameras. This feature cycles through your Roku cameras and automatically switches to one if motion is detected.
We're also pleased to see smart home notifications for Roku devices finally appearing on Roku TVs. This way, you’ll get notified if motion is detected and you can easily jump into the live feed.
If you ever want to view your Roku cameras outside of the proprietary app or on the big screen, they’ve also created a website – cameras.roku.com – where you can authenticate and access a live feed.
These latest updates for Roku TVs and streaming players – like the new Ultra – strengthen the brand's ecosystem and give you deeper integration between all the devices. It’s a win if you already have a Roku TV and a camera, and it might make you invest further into Roku’s product lineup.
You might also like