Feed aggregator

The Mega Millions prize has now grown to an estimated $1.15 billion, which could be the fifth-largest jackpot in the game's history.

(Image credit: Scott Olson)

Stay cool in the heat by using a cooling tower fan -- no air conditioning necessary!

• Nvidia CPUs designed for scalable solutions with PCIe connectivity
• Delivers 144 cores and four GPUs for AI acceleration
• 1.3 TB memory makes NVL4 ideal for data-heavy applications

Nvidia has unveiled the GB200 NVL4, an advanced platform designed to meet the needs of modern data centers and computational workloads.

The company's decision to introduce the GB200 NVL4 comes after Nvidia recently restructured its product lineup, setting aside other NVL platforms to favor newer options like the NVL4.

The GB200 NVL4 combines two Arm-based Grace CPUs with four Blackwell GPUs. It is part of Nvidia’s Grace Blackwell lineup, which aims to provide flexible and scalable solutions for diverse deployment scenarios.

High-speed and scalable

The GB200 NVL4 is designed as a mid-range option in the Grace Blackwell family, sitting below high-performance configurations like the NVL72 and NVL36. Each unit features two Grace CPUs, each equipped with 72 Arm Neoverse V2 cores, for a total of 144 cores. The addition of four Blackwell GPUs ensures robust acceleration for AI, HPC, and other compute-intensive tasks.

The six MCIO connectors beneath each CPU provide PCIe connectivity, allowing for high-speed data transfer. It also supports the inclusion of NICs, SSDs, and other essential components while maintaining efficiency.

Power consumption is a critical factor in modern data centers, but Nvidia estimates the GB200 NVL4 will consume just over 6 kW per server when fully configured. While this represents a substantial power draw, it is a marked improvement over larger platforms, with earlier systems like the Nvidia DGX-1 or HGX-1 consuming around 3.5 kW.

Furthermore, this device also supports up to 1.3 TB of combined memory, ensuring efficient data handling and processing while making it a strong candidate for memory-intensive applications. The NVL4 is expected to fill a niche for organizations seeking powerful yet relatively lower-power solutions compared to the higher GPU count NVL platforms.

The GB200 NVL4 and the higher-end NVL72 may appear similar at first glance, however, there are notable differences. The NVL72 features edge connectors for its spine configuration and focuses on larger-scale deployments with double the compute resources. In contrast, the NVL4 is designed as a more compact and power-conscious node while still delivering significant performance for its size.

You may also like

• UK data centers ready for expansion
• These are the best Nvidia graphics cards around today
• The race to build data centers is on - here’s how we keep them secure

So Google wants me to start saying ‘Hey Gemini’ now, huh? No thanks, you can get in the sea with that nonsense. I’m not having it. Call me a Luddite, call me a curmudgeon, tell me to get with the times; I couldn’t care less, I’m not going to talk to my tech.

Now, before I get into the meat and potatoes of this article, I’d like to preface it by saying that I’m not against the existence of voice control features on the whole. They’re actually an extremely vital accessibility feature that many disabled tech users rely on to get the full experience from their hardware. But for those who don’t actually need it, like myself - what the hell is wrong with just pressing some buttons or tapping a touchscreen?

I get annoyed if someone is talking too loudly on their phone on public transport. When tech companies like Google tell me that voice control is the future of how we interact with our tech, I’m immediately filled with horror at the idea of traveling through a city where everybody is constantly barking commands at their phones and tablets.

How many people really use voice controls?

I did some research into the actual statistics behind voice control use, and was surprised at the results. I’ve literally never seen a single person use their phone to search the web for something using a voice command; sure, I’ve seen people ask their Alexa smart speaker to play music or turn off a light, something I will probably also never do because I always have a phone in my pocket that can do those things, but web searches? Really?

Apparently so: according to a 2018 study by PWC, 32% of voice assistant users ask their chosen digital helper at least one thing they’d normally use a search engine for on a daily basis, with 89% doing so at least once a month. Of course, that’s only people who already use a voice assistant, but analysis from Statista claims that almost half of Americans talk to their phones or smart speakers at least semi-regularly (though that figure reduces to about 1 in 5 on a global scale).

Speak to the orb, says Amazon. The orb is always listening. The orb hears all. (Image credit: Amazon)

The thing is, as I dug further and further into these statistics, I became less and less convinced by them. For starters, the very first set of stats I came across (which I won’t link here) claimed that “8.4 billion people worldwide are estimated to use voice assistants” - that’s… more than the current total human population. I started noticing more discrepancies in the data, as well as having to discard some sources for obvious pro-tech-marketing bias.

More confused than enlightened, I had to eventually conclude that much of the statistical research into this area of tech has been based more heavily on product sales than actual unbiased polling of the population: and that’s a serious flaw, because a person who owns one piece of voice-controlled hardware is likely to own more. I have a friend who has three identical Echo Dot smart speakers positioned in different rooms around her home, and she uses Siri on her iPhone to make music requests while in the car. Me? I just have a driving playlist that I shuffle before I start the engine.

Voice control is getting better - slowly

I will admit that my usual excuse for why I abhor voice-controlled tech doesn’t hold as much weight as it used to. That excuse was, in short: it’s crap. The early days of Siri, Cortana, and their ilk were plagued by a constant refrain of “I’m sorry, I didn’t quite understand that”, but with the dawn of AI, things are starting to improve.

Tools like Apple Intelligence and Google Gemini offer multimodal input, allowing them to understand vocal requests as well as text prompts. The large language model AIs of today do a far better job of parsing spoken words than older voice-recognition software, even able to adapt to an individual user’s speech patterns over time to provide more accurate responses.

Google Gemini has far more potential as a pocket-sized voice assistant than Cortana ever did. (Image credit: Google)

However, there are still stumbling blocks to be overcome. While voice recognition typically supports multiple languages, it frequently struggles with strong accents and speech impediments (I myself have a lisp, which doesn’t help matters). This can be due to unnoticed biases in the training data used: if an American company uses recordings of Americans speaking English to train its speech recognition AI to understand spoken English, it’s unsurprisingly going to struggle when it hears a Japanese or Swedish person speaking that language.

I do genuinely hope that one day voice controls work perfectly because the people who really need them deserve a service that works as well as simply typing a query into Google. But I won’t be using it, and I don’t want to live in a future where everybody is - you can bet I’ll be first in line to dunk on any tech company that tries to make voice commands the default mode of interacting with their product.

NFL action continues on Netflix on Christmas Day with the second game featuring the Ravens and Texans and a Beyoncé halftime show.

Never run out of storage with these secure external hard drives.

Pope Francis in his traditional Christmas message urged "all people of all nations" to find courage "to silence the sounds of arms and overcome divisions" plaguing the world, from the Middle East to Ukraine, Africa to Asia.

(Image credit: Andrew Medichini)

• Data exfiltration tactics are shifting toward Russian domains
• Remote Access Trojans see a 59% rise in phishing emails
• Malicious emails now bypass secure gateways every 45 seconds

New research has found there is a significant increase in malicious email activity as well as a shift in attack strategies.

On average, at least one malicious email bypasses Secure Email Gateways (SEGs), such as Microsoft and Proofpoint, every 45 seconds, marking a notable rise from the previous year’s rate of one every 57 seconds, the Cofense Intelligence's third-quarter Trends Report showed.

There is a sharp increase in the use of Remote Access Trojans (RATs) which allows attackers to gain unauthorized access to a victim’s system, often leading to data theft or further exploitation.

Rise in Remote Access Trojan (RAT) usage

Remcos RAT, a widely used tool among cybercriminals is a major culprit in the rise of RAT attacks. It allows remote control of infected systems which enables the attacker to exfiltrate data, deploy additional malware, and gain persistent access to compromised networks.

Open redirects as a technique in phishing campaigns are also gaining prominence as the report reveals a 627% increase in its use. These attacks exploit the functionality of legitimate websites to redirect users to malicious URLs, often masking the threat behind well-known and trusted domains.

TikTok and Google AMP are often used to carry out these attacks, taking advantage of their global reach and frequent use by unsuspecting individuals.

The use of malicious Office documents, especially those in .docx format, rose dramatically by nearly 600%. These documents often contain phishing links or QR codes that direct victims to harmful websites.

Microsoft Office documents remain a popular attack vector because of their widespread use in business environments, making them ideal for targeting organizations through spear-phishing campaigns.

Furthermore, there is a significant shift in data exfiltration tactics, with increased usage of .ru and .su top-level domains (TLDs). Domains using the .ru (Russia) and .su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it harder for victims and security teams to track data theft activities.

You may also like

• Cyber resilience in the age of AI
• Researchers discover widespread abuse of free popular VPN alternative for malware delivery
• These are the best VPNs with antivirus

• Castrol planning fluid-as-a-service model launch to eliminate waste and increase sustainability
• Immersion cooling has emerged as an essential component in the race to reach AGI
• Castrol wants to play a key role in immersion cooling as integrated smart city data centers become mainstream

Founded in 1899, CC Wakefield & Co. Limited initially focused on producing lubricants for trains and heavy machinery. Over time, the company expanded its expertise to develop specialized lubricants for automobiles and airplane engines, incorporating castor oil - a plant-based oil derived from castor beans - to ensure performance under extreme temperature conditions. The product was called Castrol, and the company was later renamed after its famous creation.

125 years later, Castrol remains at the forefront of innovation, applying its extensive expertise in fluid engineering to address modern challenges.

One of its key focus areas is the development of advanced dielectric fluids for immersion cooling systems. This approach sees entire servers submerged in non-conductive fluids that absorb and transfer heat away from the components, eliminating the need for traditional fans.

Advanced thermal management

The Castrol ON Liquid Cooling Centre of Excellence in Pangbourne, UK, serves as a state-of-the-art research and development hub for liquid cooling technologies.

The facility develops customized solutions and rigorously tests fluid dynamics, material compatibility, and server performance, to address the challenges of traditional cooling methods.

In a recent visit, StorageReview had the opportunity to see Castrol’s cutting-edge immersion tanks from providers like GRC and Submer and was impressed by the adaptability and efficiency of the solutions.

Writer Jordan Ranous noted, “In one of the test cells, we observed GRC’s tank, which had a striking green glow due to the specific fluid Castrol was using. The servers submerged in this tank were undergoing compatibility and performance testing. Castrol ensures that every component, from CPUs to cables, can operate effectively in immersion cooling environments without degradation.”

Castrol’s ON range of single-phase dielectric fluids, including DC15 and DC20, aims to deliver advanced thermal management, durability, and safety while maintaining efficient performance at operating temperatures between 40°C and 50°C, with some systems capable of handling up to 70°C.

Chris Lockett, VP of Electrification and Castrol Product Innovation at BP, Castrol’s parent company, told StorageReview, “At the moment, about 40% of power consumption in data centers goes toward cooling. Immersion cooling can drop that figure to less than 5%, significantly lowering power and water usage.”

Data centers account for an estimated 2–3% of global power consumption, with current liquid cooling efforts primarily focused on direct-to-chip solutions. Immersion cooling has the potential to establish a new standard for thermal management and Castrol wants to lead this transformation, positioning itself as “a one-stop partner for the liquid cooling solutions of today and tomorrow.”

You might also like

• Microsoft reveals new zero-water data center cooling design
• Why the data center of 2030 will look very different from today
• The race to build data centers is on - here’s how we keep them secure

• T-Mobile's backup solution includes free data passes for emergencies
• Each plan offers 130GB/month, plus three free 130GB passes yearly
• No hidden fees with T-Mobile's Home and Business plans

T-Mobile has unveiled enhanced Internet Backup plans for both home and small businesses which aim to give users a reliable and affordable 5G network in the event of an outage of the primary network.

However, the irony of this launch is it came on the same day that the company suffered its largest outage of 2024, which disrupted services for users across various regions in the United States.

The outage left millions of users disconnected for almost five hours, and confirmed the need for a reliable backup solution.

Backup solution for downtime

According to T-Mobile, the Home and Small Business Internet Backup plans are offering users more robust tools to maintain connectivity during ISP outages. These plans are not meant to replace, but rather complement, traditional cable or fiber internet services.

Each plan includes 130GB of 5G data per month, which is sufficient to keep most households or small businesses online for up to seven days during disruptions. The latest update introduces an additional three free 130GB data passes per year, which can be activated during extended outages lasting either three days or until the data is consumed.

The T-Mobile 5G gateway can be set up in under 15 minutes, ensuring a quick transition to backup connectivity when primary services go offline. These plans do not include any hidden fees, which means that the 5G gateway is provided at no additional cost.

T-Mobile is also offering the Nimble Champ Pro 20k 65W portable power station at a discounted price of $49.99 for new customers to help keep devices and the 5G gateway online during blackouts.

T-Mobile’s massive November outage cast a spotlight on the vulnerabilities of even the largest telecom providers. While the company has long promoted its 5G network as a robust and reliable option, the scale of this service disruption reminded customers of the potential for unexpected failures. This incident also highlights how critical internet access is in an era where remote work, virtual learning, and online business operations are routine.

You may also like

• T-Mobile fined $60 million over unauthorized data access
• These are the best cell phone plans around today
• Millennials are indulging in impulse shopping more than ever

2025 marks a decade of me working in the tech industry. In that time, I've concocted and documented hundreds of custom PC builds and benchmarked hundreds more products, each time installing a fresh OS on every system I use – and that doesn't include reinstalls on my own rigs.

I can tell you now, nothing infuriated me more than GeForce Experience during that time. That might sound like quite the hyperbolic statement to launch an opinion piece like this, right out of the gate, but seriously – it was a program that just got more convoluted, less useful, and generally more of a pain in the ass to deal with over the years. With its retirement and replacement with the Nvidia App this year, I was at first cautiously weary, but soon enough, found myself filled with glee.

Why the big beef with Nvidia's GeForce Experience (GFE)? Well, mostly it just felt a bit grubby. When GFE was first introduced, it was simple enough – just a desktop program that would suggest some settings for games (which I'd promptly ignore), along with update recommendations to grab new drivers (cutting-edge stuff), oh, and ShadowPlay, which, let's face it, was largely written off by gamers.

Over time, GFE changed and required an Nvidia account to login. Why? Good question. I still don't know, and nothing transferred over from machine to machine with that login, plus there was no personal information stored on the app either. So, Nvidia, why did you need me to login? That remains a mystery.

Then came the captcha – good grief, the captcha. Select the squares with the traffic lights in them. Great, thanks. Does the pole count as a traffic light? That square also has the corner of a traffic light in it – does that count? Wrong, try again (argh).

Lastly, came the email notification instead to sign in, and arguably a dramatic improvement as a result. All for a driver update notification. Fantastic.

(Image credit: Shutterstock / Monkey Business Images)

How bad did it get? I actively recommended against installing GFE on machines to pretty much anyone in the PC gaming space. I treated it in the exact same manner I reserve for third-party antivirus software – just don't, it's not worth it. I never installed GFE on my own rigs, that's for sure. After every build I finished or update I did on my own PCs, I'd go straight to Nvidia's website, download the drivers directly, and install them without installing GeForce Experience, with the occasional glance for a new driver every month or so. Life was good.

Then I got the chance to check out AMD's Adrenalin software, and boy oh boy, was I impressed. From stats to settings to driver updates, the works, it was (and still is) incredible. How could Nvidia be sleeping on a treasure trove of features when the competition (which is notably struggling with GPU market share) did such a swell job with its app?

GeForce Experience and Nvidia Control Panel rolled into one

With the launch of the Nvidia App (what a name, guys – killed it) and the death of GeForce Experience, as mentioned, I was nervous at first but then I quickly became elated. This was everything I wanted in a decent GPU control app. It almost feels weird saying this, but it was great to see Team Green finally catch up with AMD.

Not only did the Nvidia App take the best of GeForce Experience (what little there was), but it also took the ridiculously antiquated Windows XP-looking Nvidia Control Panel, and baked some of its most used features in as well. All put together in a lovely little package that, thankfully, doesn't require a login. Or a captcha! (Although you can login if you want – but I'm not sure why you would).

In almost every scenario, the Nvidia App is a major upgrade. Driver updates and notifications, check. Graphics settings for games (for those who don't like to tinker with settings), check. Monitor control options, check. There's even stuff in here to overclock your GPU and monitor in-game stats. Nice.

There is still a link out to that old-school Control Center for those who require finer details adjusting (if you're a madman who needs to adjust monitor color settings, or the other refined 3D settings, for instance), sadly, but that's not the end of the world.

However, the Nvidia App isn't flawless, and there's still room for improvement. Go on the Home tab, and you'll find links to Nvidia Broadcast, ICAT, FrameView, and GeForce Now. They act as sub-links, kind of, either pushing you to a download page, or opening the program directly from there, but full integration would make the Nvidia App seriously more potent.

(Image credit: Nvidia)

Right now, Nvidia has only just caught up with AMD (it still feels very weird to say that), and there's nothing here that really separates this app from the crowd. It's a nice update for the folks that are already with Nvidia, but there's nothing more to it than that. The Nvidia App doesn't push the envelope on what could be done with it. Still, I guess we should all be thankful that those damn traffic lights have disappeared, at least for now.

And that's the worry, really. Perhaps Team Green finally realized that it just wasn't getting as many sign-ins as it used to on GeForce Experience. That us good PC folks were dodging the bullet entirely and opting to download just the bare graphics driver, without the weird green little add-on package in tow. Perhaps this is all just a cunning ploy to get us to download this shiny new thing, with a few added bonuses, and then, six months down the line, wham: Login please, oh, and identify these bicycles while you're at it. Wrong! Try again.

You might also like

• It looks like the Nvidia App could be doing more harm than good by tanking game performance – but there’s a fix
• The best graphics card: our picks for all budgets
• Best PC games: must-play titles you don't want to miss

CNET’s experts have picked the best internet options for NYC, from the fastest providers to budget-friendly plans.

• AI boosts efficiency but requires clear strategies to succeed, report claims
• Automation drives ROI, reducing errors and saving valuable time
• Uncertainty slows AI adoption despite its transformative potential

As artificial intelligence (AI) continues to reshape industries, finance leaders are reaching a critical juncture, new research has claimed.

A survey by Basware and Financial Times Longitude reveals while interest in AI remains high, scepticism over its measurable return on investment (ROI) is causing hesitation.

Half of the Chief Financial Officers (CFOs) surveyed reported they would reduce AI spending within a year if the results were not apparent.

Rising AI interest amid uncertainty

The survey, which gathered insights from 400 CFOs and finance leaders worldwide, found that 78% of organizations plan to increase their AI investments over the next 12 to 18 months. Many leaders acknowledge the potential of AI tools to transform financial operations, but nearly one-third (31%) admit their organizations lack a strategic vision for AI implementation.

This lack of clarity is a major barrier, with 41% of finance leaders finding it difficult to prioritize AI investments amid broader macroeconomic and geopolitical uncertainty. Even major corporations, such as Meta have faced scrutiny over the challenges of proving ROI on substantial AI investments, reflecting broader industry concerns.

Despite the hesitancy, the report highlights areas where AI is already yielding results. In finance, automation is seen as a way to reduce manual tasks, improve compliance, and detect errors or fraud more quickly. According to the survey, 75% of CFOs believe AI enables teams to focus on more strategic activities, such as regulatory compliance and e-invoicing.

One promising application is accounts payable automation. Organizations that have prioritized AI in this area reported significant financial benefits, including a 136% ROI over three years.

While the benefits of AI are clear, many organizations struggle with challenges related to change management and unclear strategy. The survey found that 40% of finance leaders cite inadequate change management capabilities as a key obstacle, while 31% believe a lack of strategic vision is hindering AI adoption in the finance function.

“The office of the CFO is tasked with overseeing a complex range of functions from regulatory compliance through to cash flow management and financial reporting," noted Perttu Nihti, Chief Product Officer at Basware. "All of which are areas where AI-powered automation can help to reduce hours and relieve pressure. But the success of AI investment hangs on knowing where to start and proving impact."

"We’re at the AI tipping point. Focusing on high-value wins, such as AI-powered efficiency that demonstrate quantifiable ROI quickly, in areas such as compliance, error reduction and fraud detection, will help justify investment across a company’s organization," Nihti concluded.

You may also like

• Google is promising millions to help businesses and non-profits get the most out of AI
• These are the best AI website builders around
• UK businesses say that fear of missing out is driving AI adoption

I’m bored of the best streaming services. Or, more accurately, I’m overwhelmed by them. Which, let’s face it, has become boring.

Take Disney Plus, for example. The options that appeal to me right now range from rewatching The X-Files in its entirety to a marathon of all the Star Wars movies in order (yes, even the prequels). Or maybe a documentary about a friendly-looking otter, another about a shark-infested beach, the latest blockbuster superhero movie everyone’s talking about, the latest scary movie everyone’s talking about, or the latest drama everyone’s talking about. Just listing these choices feels exhausting.

And that’s only one platform. Every service promises endless entertainment, yet more often than not, I find myself endlessly scrolling instead of actually watching anything. Enter Mubi, a streaming service that feels refreshingly different. This year, Mubi became my favorite subscription, and here’s why.

(Image credit: Mubi) What is Mubi?

Let’s cover the basics first. Mubi is a streaming platform dedicated to films – you will find some film-length documentaries too, but not many. Unlike other services that have thousands of titles, Mubi takes a 'handpicked' approach. Its carefully curated catalog features iconic classics and acclaimed recent releases through to experimental, indie, and international gems you’d struggle to find on most other platforms.

Mubi costs $14.99 / £11.99 / AU$14.99 per month. Alternatively, you can save 33% by paying $119.88 / £95.88 / AU$119.88 annually, which works out to $9.99 / £7.99 / AU$9.99 per month. Students can get a discounted rate of $9.99 / £7.99 / AU$8.99 per month. This subscription lets you stream on up to five devices, with two simultaneous streams allowed at a time. You can also download films to your iOS or Android device for offline viewing – a lifesaver for flights or commuting.

There’s also Mubi Go, a subscription add-on that includes a free cinema ticket each week to watch a Mubi-picked film at participating cinemas and theaters. This bumps up the price to $19.99 / £18.99 / AU$19.99 a month.

(Image credit: Mubi) 1. It feels like an education in cinema

I love movies, but I’ve often felt I lacked the knowledge and breadth of exposure to truly appreciate cinema. That’s one of my favorite aspects of Mubi, it makes me feel like I’m growing as a movie lover.

Its curated mix of genres, styles, and perspectives pushes me out of my comfort zone, serving up films from indie gems to restored classics and experimental works from all over the globe that I wouldn’t have discovered otherwise.

But I like that Mubi doesn’t just show me these new films, it guides me through them. There are mini-reviews alongside each title called “Our Take” that highlight what makes these movie choices special. There’s also Mubi’s Notebook blog, which provides context, interviews, and criticism.

I also love exploring Mubi’s “Collections,” these are films that have been grouped by cinematic themes, like “You Up? Midnight Movies”, which Mubi says are erotically charged movies about vice and excess. Or “Modern Lovers”, which are complex romantic stories without cliches. Or even “A Woman’s Bite: Female Vampires,” which should be self-explanatory.

In the past, I’d watch a movie one day then choose a completely different genre the next. With “Collections,” it’s sort of like I’m attending a mini film school and I’m immersing myself into a different theme each week.

(Image credit: Mubi) 2. It’s a treasure trove of exclusives, restorations and hidden gems

Mubi isn’t just a streaming platform, it’s also a film distributor. This means that festival hits like Perfect Days, The Worst Person in the World and more recently The Substance, arrive on the platform so you can stream them shortly after they’ve been shown at cinemas and movie theaters – more often than not, they stay there exclusively.

You’ll also find rare gems and restorations, like the recent 4K update of Tarsem Singh’s cult classic The Fall. This mix of new, classic, and obscure titles feels like uncovering a constant stream of cinematic treasures.

To make the platform feel even more exclusive, like you’re being ushered to great new titles by your own film expert, you can also pay a little more for Mubi Go, which offers a cinema ticket each week for a specific film. Unfortunately, I couldn’t try it this year since there’s no participating cinema near me, but it’s a brilliant add-on for serious cinephiles.

3. The user experience is simple and visually stunning

(Image credit: Mubi)

With its clean layout, white background, and striking banners, browsing feels thoughtfully designed and refreshingly straightforward. Granted, it’s not too dissimilar from the grid-like layout of other streaming services, but it feels like Netflix if an incredibly hip Scandi design agency got its hands on it.

The search functionality on Mubi is simple yet effective, letting you explore by genre, country, year, awards, or filmmaker. While I’d love a few more advanced filtering options, Mubi’s simplicity is part of its charm. User-created lists, like “Mubi Top 1000” or “Essential French Films,” add a sense of being involved in a broader film-loving community, too, and you can also rate movies after you’ve seen them.

The platform also offers features that make watching and engaging with film easier, like offline viewing for iOS and Android devices, quick access to your viewing history, and a gifting option – this allows you to share some Mubi titles with a handful of people after you’ve watched them, a great way to give your friends a taste of Mubi without them subscribing.

(Image credit: Mubi) 4. It's the perfect choice for decision fatigue

Mubi feels like stepping into a curated art gallery for films. Unlike other platforms that are overloaded with thousands of titles, its carefully chosen catalog makes every choice feel purposeful.

Sure, there are still hundreds of movies here, but the way recommendations are tailored to my viewing habits is different – more complementary and thoughtful, rather than just similar. To me, it feels like having a cinema-savvy friend hand-pick my watchlist.

Mubi’s curation has also made me a more adventurous viewer, introducing me to international gems, restored classics, and bold indie debuts I’d probably never have even thought to seek out otherwise. It’s helped me see cinema in a whole new way.

You might also like

• My favorite horror movies of 2024 so far
• Best free streaming service 2024
• The best music streaming services 2024

Street gangs forced the General Hospital in Port-au-Prince to close earlier this year. As journalists gathered to cover its reopening, suspected gang members opened fire.

(Image credit: Odelyn Joseph)

In the Transcarpathia region, some locals embrace a traditional lifestyle and cultural identity. After surviving Soviet threats, now they fear President Vladimir Putin seeks to erase their culture.

(Image credit: Claire Harbage)

Russia's massive missile and drone barrage struck a thermal power plant and prompted Ukrainians to shelter in metro stations on Christmas morning.

(Image credit: AP)

• Standing privilege can be minimized using the zero trust principle
• Critical servers can be protected by enabling just-in-time access
• FreeBSD jails can help to isolate workloads and enhance defense

A recently discovered ransomware group has been observed targeting organizations with a focus on FreeBSD servers.

Launched in late September 2024, the operation employs a unique approach, using an encryptor specifically designed for FreeBSD.

Interlock has already claimed attacks on six organizations, including Wayne County, Michigan, which experienced a cyberattack in October 2024.

Interlock’s FreeBSD encryptor sets it apart

Initial information about Interlock came from cybersecurity professionals Simo and MalwareHunterTeam, who analyzed samples of the ransomware.

Interlock’s attack method involves breaching corporate networks, stealing data, spreading laterally to other devices, and encrypting files. The attackers use double-extortion tactics and threats of leaking stolen data unless ransom demands, ranging from hundreds of thousands to millions of dollars, are paid.

Unlike other ransomware groups that typically target Linux-based VMware ESXi servers, Interlock’s focus on FreeBSD encryptors makes it particularly unique. FreeBSD’s extensive use in critical infrastructure and servers makes it a prime target for disrupting vital services and pressuring victims to pay substantial ransoms.

The FreeBSD encryptor was compiled specifically for FreeBSD 10.4 and is a 64-bit ELF executable. However, testing the sample on both Linux and FreeBSD virtual machines proved challenging, as it failed to execute properly in controlled environments.

Despite this, Trend Micro researchers discovered additional samples of the FreeBSD encryptor, confirming its functionality. They noted the strategic choice of FreeBSD, highlighting its prevalence in critical systems, where attacks can cause widespread disruption.

While the FreeBSD version has presented challenges during analysis, Interlock’s Windows encryptor functions effectively. It clears event logs and, if configured, uses rundll32.exe to delete its binary after execution. The ransomware appends a ".interlock" extension to encrypted files and creates ransom notes named "!README!.txt" in affected folders.

These notes provide basic information about the encryption, threats, and links to Tor-based negotiation and data leak sites. Each victim receives a unique "Company ID" for communication with the attackers via a chat system.

Ilia Sotnikov, Security Strategist at Netwrix, advises organizations to deploy multi-layered security measures, including network and web application firewalls, intrusion detection systems, and phishing defenses to prevent initial breaches.

“The ransomware group Interlock has recently been attacking organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. The FreeBSD operating system is known for its reliability and is therefore commonly used for critical functions. Examples include web hosting, mail servers, and storage systems, all potentially lucrative targets for the attackers. Depending on the function and the configuration, the server may or may not be directly connected to the Internet, “ said Sotnikov.

“Security teams should invest in defence-in-depth, to disrupt a potential attack at an early stage, complicate each further step for the attacker, and detect the potentially harmful activity as quickly as possible with the help of monitoring tools…Since the adversary is most likely to access the FreeBSD server from inside the network, it may be a good idea to minimize standing privilege by implementing the zero trust principle, which allows a user only the necessary permissions to perform their tasks,” Sotnikov added.

Via BleepingComputer

You may also like

• Take a look at our guide to the best VPN with antivirus
• These are the best zero trust network access solutions
• US set to allow tech giants to control access to AI chips

Live NFL action has come to Netflix on Christmas Day.

• Two-step phishing evades security with user-triggered actions
• Fake Microsoft portals harvest sensitive login credentials fast
• Advanced threat detection is key to fighting phishing

A two-step phishing attack is leveraging Microsoft Visio files (.vsdx) and SharePoint, marking a new chapter in cyber deception, experts have warned.

Perception Point’s security researchers reported a dramatic increase in attacks leveraging .vsdx files.

These files, which were rarely used in phishing campaigns until now, are used as a delivery mechanism, with victims being redirected to phishing pages mimicking Microsoft 365 login portals, designed to steal user credentials.

Phishing exploits trusted platforms

Two-step phishing attacks layer malicious actions to evade detection. Instead of delivering harmful content directly, these campaigns rely on trusted platforms like Microsoft SharePoint to host seemingly legitimate files.

The attackers embed URLs within Microsoft Visio files that direct victims to malicious websites when clicked. This layered approach makes detection by traditional email security systems more challenging.

Microsoft Visio, a widely used tool for creating professional diagrams, has become a new vector for phishing. Attackers use compromised accounts to send emails containing Visio files appear to originate from trusted sources, often mimicking urgent business communications, like proposals or purchase orders to prompt immediate action.

As the attackers use stolen accounts, these emails often pass authentication checks and are more likely to bypass recipient security systems. In some instances, the attackers include .eml files within the emails, further embedding malicious URLs that lead to SharePoint-hosted files.

The attackers embed a clickable button inside the Visio file, typically labelled "View Document." To access the malicious URL, victims are instructed to hold down the Ctrl key and click the button. This interaction, requiring a manual user action, bypasses automated security systems that cannot replicate such behaviors.

To mitigate risks posed by such sophisticated phishing campaigns, Perception Point recommends organizations adopt advanced threat detection solutions, including dynamic URL analysis to identify malicious links, object detection models to flag suspicious files, and authentication mechanisms to minimize the impact of breached accounts.

You may also like

• These are the best secure email providers
• Take a loot at our list of the best firewalls
• Many employees are actually demanding more AI at work