Feed aggregator

Iranian hackers are acting as Initial Access Brokers (IAB), selling access to critical infrastructure organizations in the West to the highest bidder.

A joint security advisory recently published by the US Cybersecurity and Infrastructure Agency (CISA), together with the FBI, NSA, the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ASCS), claims Iranian threat actors are actively engaged in brute force attacks (password spraying, MFA push bombing, and similar).

Since October 2023, these unnamed organizations have been targeting healthcare and public health (HPH) organizations, the government, information technology, engineering, and energy sectors.

CISA recommendations

Their goal is to obtain login credentials, and to map out the target victim’s infrastructure. They then establish persistence in various ways, including modifying MFA registrations.

This information is then sold on the dark web. “The authoring agencies assess the Iranian actors sell this information on cybercriminal forums to actors who may use the information to conduct additional malicious activity,” the report says.

To defend against these attacks, CISA and friends suggest firms review IT helpdesk password management related to initial passwords, password resets for user lockouts, and shared passwords. They should also disable user accounts and access to organizational resources for departing staff, implement phishing-resistant MFA, and continuously review MFA settings.

Furthermore, they should provide their employees basic cybersecurity training, track unsuccessful login attempts, and have users deny MFA requests they did not generate. Finally, they should ensure users with MFA-enabled accounts have appropriately set up MFA, ensure password policies that align with the latest NIST Digital Identity Guidelines, and meet the minimum password strength.

All of these are considered best cybersecurity practices, CISA concludes, “aimed at meaningfully reducing risks to both critical infrastructure operations and the American people.”

More from TechRadar Pro

• Seiko confirms thousands of user accounts were breached in cyberattack
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Your pet deserves a cozy spot to relax. Check out CNET’s top dog beds of 2024 -- tested and approved by my own dog.

Charlie Brown's Halloween special will be free for two days on Apple TV Plus. Here's how and when to watch.

Yahya Sinwar is widely considered to have been the masterminded behind Hamas’ cross-border assault on Israel a year ago.

(Image credit: Adel Hana)

As IG, Glenn Fine oversaw investigations of the mishandling of documents in the Oklahoma bombing case, the treatment of detainees at Guantanamo and corruption in the Navy. His book is Watchdogs.

One of the minor annoyances about vinyl, particularly fancy vinyl, is that you can't really show it off while it's playing – so if you have an LP with a particularly great color, or one that creates a zoetrope effect as it's playing, it's only visible if you're looking directly down on it. Wouldn't it be great if your vinyl was vertical instead?

That's the approach Fuse Audio is taking with its GLD record player. Instead of the familiar horizontal platter, your LP is held up like a Ferris Wheel so you can see it as it spins. It also comes with Bluetooth in and out, a pair of 36W powered speakers to connect directly to it, and it supports 33, 45 and 78rpm records. It's yours on Kickstarter for $229 plus tax and shipping.

That's a pretty great price for an all-in-one record player package, especially one that looks as nice as this. Obviously, we have no idea how it sounds yet, but I'm totally charmed by the appearance.

Is vertical vinyl viable?

This isn't the first vertical vinyl player. I remember thinking the Technics SL-V5 was impossibly futuristic back in the 1980s, and we've seen vertical models from firms including Mitsubishi, Sharp and even Sony. For UK readers, there was also an Amstrad vertical "music centre", the SM104, which currently goes for around £70 on eBay. Vertical vinyl wasn't just an ’80s fad, though. Pro-Ject made one in the 2010s, the VT-E BT, and you can still buy one for around $499.

But are they any good? Visually yes: they're great talking points. But as turntables, they don't have the best reputation. The Amstrad was described by one poster on Vinyl Engine as "possibly the worst turntable ever" while others derided its speakers and stylus; in their review of the VT-E BT, The Audiophile Man suggested that it was "a lifestyle design that sits among a heap of dross". While that turntable was massively better than other similar models, it still wasn't one audiophiles should consider.

If you're looking for the best turntables at any price point, a vertical one isn't going to be the best buy. It is a matter of basic physics that its going to be easier to rotate uniformly and flatly if gravity is working with you, and the same goes for stable tracking on the tonearm.

But if you want something that'll get people talking, or just want to stare lovingly at your vinyl as you kick back with one of your favorites, this looks like it could be fun.

You might also like

• This beautiful and well-priced turntable from a vinyl great looks like seriously tempting spinner
• Victrola's affordable 6-in-1 Bluetooth record player also plays cassette and CD, and has its own speakers
• Pro-Ject's affordable new T1 EVO turntables are ideal to get serious about vinyl without breaking the bank

In a series of reports reviewed by WIRED, analysts at the Department of Homeland Security warn of a “heightened risk” of right-wing extremists carrying out attacks around the election.

The company's flagship portable Bluetooth speaker sounds great for its size, and it's both sleek and durable. But is it worth $399?

Oura Ring 4: One minute review

The Oura Ring Generation 4 is better than the Samsung Galaxy Ring – provided, that is, you subscribe to the $5.99-a-month Oura Ring membership program. It’s more comfortable thanks to the lack of nodules, it’s got theoretically better heart rate, blood oxygen and skin temperature recognition thanks to the way its sensors are designed, an AI ‘Oura Advisor’ service, sophisticated women’s health tracking insights, ‘stress’ and ‘resilience’ metrics along with all the features available on the app to previous-gen Oura Ring users.

It’s a wonderfully-designed Ring, supremely comfortable to wear at night thanks to the lack of protruding inner nodes, easy on the eye, and available in six metallic finishes, all externals comprised of tough titanium. The redesigned app is great, providing detail and context missing in other smart rings with the use of timelines and easy-to-add ‘tags’. Battery life is good, with the Oura Ring matching expectations and lasting around six days as advertised with multiple workouts.

Automatic workout tracking also works terrifically, and is now able to be used for more than walking and running. The ring is able to correctly identify up to 40 different workout profiles, and I really enjoyed this aspect: it correctly identified running and yoga after I listed them as two of my most common workout types. I tried one of the guided meditations from the app’s Explore content section and felt as though it was comparable to other mindfulness services, like the Calm app. It really does feel like a futuristic wearable in every respect, from its design to its performance.

However, it’s also pricier than its contemporaries. The Samsung Galaxy Ring and Ultrahuman Ring Air are expensive wearables, but once you buy them, that’s it. The Oura Ring is also a premium device, starting at $349 / £349 (Australia pricing is TBC) with the added subscription acting as a paywall to access almost all features other than your Readiness, Activity and Sleep scores. I can understand a premium device demanding a premium price (I recently gave the pricey Garmin Fenix 8 a coveted five-star rating) but the ongoing nature of the subscription means the Oura Ring does lose half a point in the value stakes.

Garmin also continues to add new features to its devices via software on a regular basis, just like Oura. Unfortunately, Oura makes you pay for these, and only gives you a one-month free trial; comparable services, like Fitbit Premium, often give you six months free as an incentive to sign up. That said, it’s a really excellent service, and I can’t recommend it enough – if you can afford it. If you’re on a budget, though, rival smart rings offer almost as much versatility in a better-value package.

Oura Ring 4: Price and availability

(Image credit: Future)

• $349 / £349, with Australia prices TBC
• $5.99 subscription (priced in USD across all regions)
• Some colors incur an additional cost

As previously stated, the Oura Ring 4 starts at $349 / £349, with Australia pricing TBC as it’s currently unavailable in that region. Some designs and colorways cost more, with Rose Gold being the most expensive at $499 / £499.

The Oura Ring Membership, which is required if you want to unlock the ring’s full potential, costs $5.99; you get one month free when you purchase the ring. As mentioned above, If you’re going to buy the ring, you really have to subscribe to see its full potential.

The Oura Ring’s closest rival, the Samsung Galaxy Ring, costs $399 / £399 (around AU$750). That’s $50 / £50 than the base-model Oura Ring, but with no subscription attached, and other smart rings tend to hover around this price or cheaper. I don’t think the subscription is poorly priced, but as with a Whoop or a Fitbit, it smarts to pay a premium for the device, only to then have to keep paying in order to access your own data.

• Value score: 3/5

Oura Ring 4: Design

(Image credit: Future)

• Simple and elegant
• More comfortable than the Generation 3
• Redesigned app

The Oura Ring 4 is beautifully designed, and makes several leaps forward ahead of its competitors. All colorways are made of titanium now, with options of Black, Silver, Brushed Silver, Gold, Stealth (gray) and Rose Gold available. A notch on the underside of the ring shows which orientation it should be worn in.

It doesn’t have the concave design of the Samsung Galaxy Ring to protect its surface: its body is more of a traditional ‘straight’ wedding ring design. It’s tough, and should withstand a bit of beating up, but if you care about the look of your ring you will want to go careful. After a week of wear I can see some very light scratching on the surface of my Brushed Silver model, and I’m certainly too nervous to wear it to the gym without gloves.

However, the important changes here are on the underside of the ring. Gone are those skin-contact nodes, and in their place are flat sensors. These sensors are, Oura says, better at detecting signals than those on the previous models, and the ring can now be twisted 30 degrees in any direction and still take an accurate sensor reading thanks to the option of new pathways for the LED’s signals to travel. The other upside of the ring’s lack of three-dimensional nodes is that it’s more comfortable than ever to wear, especially for sleeping. It’s quite thick for a ring (but not for a smart ring, I suppose) but unlike even the best smartwatch it can be worn either to bed or during the day, and in either case you could genuinely forget you’re wearing it.

The Ring now has more sizing variety than ever, ranging from sizes 4 to 15. The larger sizes offer slightly longer battery life, up to eight days in comparison to the old Oura Ring’s maximum of seven. Of course, it also means those with slender fingers and thicker fingers can get an Oura Ring too.

The app has also seen a comprehensive redesign. Following the lead of Fitbit Premium, all content is organized across three tabs (Today, Vitals and My Health), with additional granular features available via a drop-down menu at the top-left of the screen. It’s simple and intuitive to navigate, showing your scores at the top of the page and providing options to break each one down into more detail if you want to. It’s really intuitive to use, and a logical progression from the old app.

• Design score: 5/5

Oura Ring 4: Features

(Image credit: Future)

• Sleep, Activity and Readiness scores
• Underpinned by other metrics such as Resilience
• AI health tool

There’s a whole bunch to talk about here. The Oura Ring 4 goes some way towards making itself a real fitness tracker, rather than a passive health monitor, by automatically detecting up to 40 kinds of workouts. It still doesn’t have onboard GPS (understandably, as it’s tiny) but it can crib from your phone’s GPS if you enable location settings.

The three main scores are Sleep, Activity, and Readiness, and each one can be broken down into an inordinate amount of granular detail. Activity, for example, can be broken down into separate factors such as ‘move every hour’, ‘meet daily calorie goals’, ‘training frequency’ and so on. The Timeline, a feature unique to Oura as far as I know, allows you to add context to binary data by adding tags at certain points like ‘alcohol’ or ‘yoga’ or ‘grief’. If a tag doesn’t suit your needs, you can save your own note, which creates a comprehensive health journal, and a better reason to scroll back through the app.

You can identify trends using specific information, such as deep-sleep states or heart-rate variability over a year. Other interesting metrics include Resilience, which details how well you respond to sources of stress, and Cardiovascular Age, to identify how healthy your heart might be. If you’re 32 and you have the heart of a 25-year-old, it’s likely that you’re doing pretty well. If you have a 45-year-old heart? You might want to do a bit more cardio.

Elsewhere, the app packs an AI health tool called Oura Advisor under the beta-testing program, Oura Labs. Asking this AI questions like “How can I improve my running speed?” offers good (if generic) advice, and responds to follow-up questions. Women’s Health tracking is reportedly detailed and accurate (although, of course, I haven’t tested this particular feature myself). All this builds on an absolute ton of app-based features that were already available in previous versions, ready for health nerds to dive into. Full marks.

• Features score: 5/5

Oura Ring 4: Performance

(Image credit: Future/Matt Evans)

• Battery performs as described
• Metrics are interesting and easy to navigate
• Automatic workout tracking is responsive

I really enjoyed using the Oura Ring 4. I drained its battery down, which for my Size 10 ring took five and a half days of constant use, including several workouts. It was comfortable to wear, and I only took it off a handful of times, such as when doing the washing up. The Ring picked up two separate runs automatically, and offered comparable stats to my smartwatch, minus the more specific stride and cadence information I get from Coros.

Sleep tracking was highly accurate: Oura boasts some of the best sleep tracking in the business, said to be comparable to a professional polysomnography machine, and it didn’t disappoint. It clocked a night of ‘fair’ sleep when my wife and I stayed with a friend, including the correct periods of wakefulness and an accurate wake-up time, rising to ‘good’ when I was back in my own bed the following evening. I added a ‘stay elsewhere’ tag to that night on my Timeline, and I can reuse that tag whenever I sleep in a bed that’s not my own from now on.

(Image credit: Future)

The metrics I received were interesting and easy to navigate (however, they are orientated for long-term use, so Oura is still calculating things like my Cardiovascular Age as it requires around two weeks of use to do so), and the in-app meditation content was more or less comparable to alternatives such as Calm. I completed several different sessions, and enjoyed the experience both times.

• Performance score: 5/5

Oura Ring 4: Scorecard Oura Ring 4: Should I buy?

(Image credit: Oura) Buy it if...

You’re excited about wellness

Data nerds are going to love the depth they can go into with this tiny device.

You want to track sleep

Oura’s sleep-data harvesting is pretty much the gold standard.

You hate smartwatches

This is the device to replace your smartwatch while you wear a snappy analog number.

Don't buy it if...

You’re on a budget

Oura’s ongoing subscription is essential, making its already-premium price a bit of a slap in the face.

You need GPS

Need dedicated GPS data for outdoor sports? Save your cash and get a good running watch.

You like staying connected

Want a wearable for maps, checking Whatsapp messages, and taking calls? Smart rings aren’t for you.

Also consider How I tested

I wore the Oura Ring for a week, draining the battery down completely and sleeping with it every night. I went on several runs, comparing its health stats to those from a Coros smartwatch, and tried some of its in-app meditation content. I tested Oura’s Health Advisor service, the Timeline functionality, and dove into the app as much as possible.

Google says that opening up its Play Store to third-party app stores "harms safety and privacy" and "puts users at risk."

New research found that telehealth contributed to earlier diagnosis -- and better treatment -- for lung cancer patients.

Building muscle can be a slow but rewarding process.

Ex-PlayStation executive Shawn Layden has shared his perspective on the current state of the games industry.

During a conversation at Gamescom Asia (via GamesIndustry.biz) with Raw Fury co-founder and chief publishing officer Gordon Van Dyke, Layden talked about the disappearance of AA studios and the negative impact it's had on the industry.

According to the former executive, who spent 30 years at Sony, there used to be more time spent looking at games than asking about a studio's "monetization scheme" or "recurrent revenue plan". He explained that he used to ask simple questions about a game along the lines of "Is it fun?" or "Are we having a good time", and if the answer was yes, the project would be greenlit.

"You didn't worry so much about the end piece, for better or for worse," Layden said. "Of course back then you didn't make a game for millions [of] dollars. So your risk tolerance was fairly high.

"Today, the entry costs for making a AAA game is in triple digit millions now. I think naturally, risk tolerance drops. And you're [looking] at sequels, you're looking at copycats, because the finance guys who draw the line say, 'Well, if Fortnite made this much money in this amount of time, my Fortnite knockoff can make this in that amount of time.' We're seeing a collapse of creativity in games today [with] studio consolidation and the high cost of production."

Van Dyke later asked Layden whether indie games can be a "beacon of hope" with the loss of AA studios and amid the current monetization trends in the industry.

To this Layden agreed, saying in the business there are blockbuster games like Call of Duty and Grand Theft Auto, and then there are the indie titles, but "that middle layer that used to be where Interplay, Gremlin, Ocean, THQ, all those companies, made their money... That middle piece is gone."

(Image credit: Rockstar Games)

"If you [can become] AAA, you survive, or if you do something interesting in the indie space, you could," Layden said. "But AA is gone. I think that's a threat to the ecosystem if you will. So I'm looking at indie stuff… With the advent of technologies, like the latest Unreal Engine or what Unity can give you, I think we can all say that the standard quality of video games is pretty high now compared to ten years ago."

Layden said that thanks to advancements in tools, games have now increased in quality unlike 10 years ago, adding, "Now if we can just get a bit more interest and excitement and exposure for these lower budget, but super creative and super unusual [type] of games... I'd like to see more of that," he said. "Because if we're just going to rely on the blockbusters to get us through, I think that's a death sentence."

According to Layden, AA has a "natural niche" among the blockbuster titles and indie games, and that is to bring "the new thing" instead of "a dollar store version of God of War".

"If you're going to pitch me your AA game, and in the first two pages of your deck is your monetisation and revenue, subscription scheme, I'm out. Your first page has to be 'This game needs to be made and here's why'," he said.

"I want to see that fire, I don't want to see 'here's the chief accountant on the team that's going to explain to you the [game's monetisation]'."

You might also like...

• Pre-orders for the reimagined N64, the Analogue 3D, go live next week
• Unity 6 will allow developers to create games more quickly and efficiently, and it's now available worldwide
• Rare boss Craig Duncan to take over as Xbox Game Studios' head in November

A home battery can provide backup power or help you save money on energy bills. These are our favorite home batteries.

A Singaporean remote hiring platform left a large database unprotected on the internet, accessible to anyone who knew where to look. Since the database contained plenty of sensitive information, the company has inadvertently placed hundreds of thousands of people at risk of data theft, identity theft, phishing, fraud, and more.

The Cybernews research team discovered a misconfigured Amazon AWS S3 bucket in early August 2024 said to contain more than 280,000 files, including CVs and resumes.

Further investigation attributed the database to Snaphunt, an online hiring platform that connects employers with job seekers. Although it’s based in Singapore, the company is global, and thus most likely holds sensitive information on people around the world. It offers features like pre-screening, skills assessments, and remote hiring tools.

Social engineering

The archive contained information generated between 2018 and 2023, including people’s full names, phone numbers, email addresses, places of birth, nationality, date of birth, social media links, employment history, and educational background.

“The potential for social engineering attacks is elevated, as attackers can impersonate fake recruitment agencies or leverage the leaked data to infiltrate professional networks, spreading malware or extracting further confidential information,” Cybernews explained.

Job-related scams are nothing new - just this week, news broke that a company got hacked after hiring a North Korean hacker who faked their entire identity. The unnamed firm lost sensitive data and was demanded a six-figure ransom payment in exchange.

Unprotected databases remain one of the most common causes of data leaks. Many organizations, including some of the world’s biggest enterprises, were found operating internet-accessible archives with no password protection, putting many of their customers at risk.

Most of the time, the vulnerability is nothing more than an honest employee mistake.

More from TechRadar Pro

• Mystery database containing sensitive info on 762,000 car-owners discovered by researchers
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Experiencing slow or spotty Wi-Fi? Resetting your router will likely do the trick. Here's how to reset your router in minutes.

Your nightstand is your lifeline while you're sleeping. These are the top essentials I think you need to sleep well.

Google’s incredible podcast generator, NotebookLM, is one of the wildest AI tools we’ve ever used, and it just got a massive upgrade that makes it even scarier.

Today, Google announced huge updates to its AI podcast tool, which means you can now guide the conversation and direct the hosts - yes, that’s right, you can now play the role of producer in an AI-generated podcast!

Before today’s update, the tool built with Gemini 1.5 would simply convert any text, audio, or video you fed it into a discussion between two hosts - it was really impressive and lifelike but there was no way to guide the conversation.

Now, Google has added a “Customize” button that lets you steer the discussion and give the hosts show notes. Google says to “think of it like slipping the AI hosts a quick note right before they go on the air, which will change how they cover your material.”

NotebookLM was already dystopian enough, and almost impossible to discern whether the hosts chatting were real or AI, but now with this new ability, we might start to see full AI-generated podcasts on Spotify and Apple Podcasts (that’s if they don’t exist already).

Want to try AI podcast generation for yourself? Check out how to use NotebookLM.

That’s not all, folks

(Image credit: Google/Apple)

Google may have just casually dropped the biggest NotebookLM update to date but guiding the conversation isn’t the only new addition.

A new background listening feature allows you to listen to NotebookLM Audio Overviews while working on other NotebookLM projects. That might not sound like a huge deal but considering it can take a long time to generate each audio clip, making multiple clips at once and listening to them is a significant improvement.

Combined, both new NotebookLM features take the already mind-blowing AI tool and make it substantially better. I wasn’t sold on the idea until I heard this incredible adaptation of my colleague's blog. If you want to hear just how realistic AI can be, listen below:

You might also like...

• I tried Google's new one-click AI podcast creator and now I don't know what's real anymore
• Jony Ive confirms he's working on an AI device for OpenAI – but what could it be?
• Amazon's new AI feature might be your secret weapon for winning at Prime Day

The NotebookLM tool generates AI-hosted audio podcasts on any topic. Its latest update allows users to enter prompts to personalize the output. I tried it out.

Netflix continues to deliver on the animation front. Having recently dropped another Arcane season 2 trailer, it's also released two more for two beloved film series'. Both feature animated animals and have surprisingly ominous vibes. Of course, neither will qualify for our best horror movies feature but the animations definitely have an edge to them.

The newest entry into the iconic Wallace and Gromit franchise was featured in my previous Netflix movies we're looking forward to feature and I'm even more excited now that the first proper trailer has dropped. Elsewhere, popular musical Sing is getting a new short that's arriving in time for Halloween.

Here's everything you need to know.

What can expect from Wallace and Gromit: Vengeance Most Fowl?

Release date: January 3
Director: Merlin Crossingham and Nick Park
Main cast: Ben Whitehead, Peter Kay, Reece Shearsmith, Diane Morgan

He's back! Following his first appearance in the 1993 short film The Wrong Trousers, Feathers McGraw is here to get revenge after Wallace and Gromit put him behind bars following his diamond heist. When the cheese-loving inventor creates a "smart gnome", it seems to develop a mind of its own and creates a pretty bad reputation for Wallace. It will surely come as no surprise to you that McGraw's got something to do with it.

The penguin (or is he a chicken?) has long been an ominous presence with those dead, beady eyes and he's creepy here too, as he's seen sipping from a World's Best Boss mug in the style of Michael Scott. A much creepier Michael Scott, that is.

What can we expect from Sing: Thriller?

Release date: October 16 (now playing!)
Director: Garth Jennings
Main cast: Matthew McConaughey, Tori Kelly, Nick Kroll, Scarlett Johansson, Taron Egerton

If our usual Halloween recommendations are too scary, Sing's latest short provides some spooky fun that's safe for the whole family. As you probably guessed by the trailer, it's based on the iconic Michael Jackson hit Thriller, dance moves included.

Specifically, Buster Moon and the cast of Sing: Thriller leave to celebrate at Clay Calloway’s Halloween party after staging a "spectacular" version of Thriller at the New Moon Theatre. But they discover a mysterious, multi-coloured ooze has transformed Clay and his guests into "dancing freaks", which isn't a very nice name to call them, but sure! A much more relaxed Halloween experience, I'm sure.

You might also like

• New Netflix movies: the biggest films to stream in October 2024
• I’ve finally found a good Uzumaki adaptation and every horror fan should watch it on Max immediately
• Which Netflix plan is best for you?