Feed aggregator

On social media, people are spreading false rumors that FEMA has abandoned victims of Tropical Storm Helene for political reasons. The reality on the ground looks a lot less partisan.

(Image credit: Gerard Albert III)

OpenAI’s spree of licensing agreements is paying off already—at least in terms of getting publishers to lower their guard.

Former President Donald Trump credited the "grace of God" for his survival of the assassination attempt in Butler, Pennsylvania on July 13 in his return to the site for a rally on Saturday.

(Image credit: Kevin Dietsch)

Comcast's Xfinity is the biggest cable internet provider in the country, and it offers the most options. But is more necessarily better?

Ryanair’s ‘Customer Verification Process’ for tickets booked via third party websites has drawn the attention of the country’s Data Protection Commission (DPC).

An affected customer speaking to consumer rights programme Rip Off Britain (via The Register), claimed the stringent process entails “an ID check, facial similarity [checks], [a] liveness check and [a] profile data check”, with some customers opting to write off the cost and book a flight with a different airline upon failing it.

The DPC has indicated that more than one European Union (EU) member state is involved in the inquiry, which will rule on whether Ryanair is keeping to its legal obligations to GDPR specifically, including whether it is being transparent as to how the data is being used, and whether the data is being used within the bounds of EU law.

Ryanair’s data protection DPC case

The perceived wisdom is that the Ryanair is entitled to perform the verification process. In July 2024, a US court ruled that online travel agent (OTA) Booking.com sold Ryanair tickets by accessing the airline’s website “without permission”, and in doing so, made it difficult for the airline to stay in contact with customers.

To this end, a Ryanair spokesperson stressed to The Register the verification process “ensures that these passengers make the necessary security declarations and receive directly all safety and regulatory protocols required when travelling, as legally required.”

They also seemed enthusiastic about settling the legal status of the verification process in court, while damning supposedly unscrupulous OTAs.

"We welcome this DPC inquiry into our Booking Verification process, which protects customers from those few remaining non-approved OTAs, who provide fake customer contact and payment details to cover up the fact that they are overcharging and scamming consumers.”

More from TechRadar Pro

• Some of the world's biggest tech firms have signed up to the EU's promise for safe AI
• User privacy must come first with biometrics
• Beware, travel apps are hungry for your data - here's how to protect your privacy

Gaming peripheral manufacturer Thrustmaster has revealed the Thrustmaster Heart Controller. This new gamepad, which is compatible with both Xbox and PC, features Hall Effect thumbsticks and mechanical buttons.

Accuracy and longevity seem to be at the center of its design. The name, which is actually an acronym, stands for "Hall Effect AccuRate Technology" - a fancy marketing term for what appears to be very similar to Hall Effect technology that is already found in many of the best Xbox controllers and PC controllers.

The company claims that the controller leverages its 15 years of experience in crafting Hall effect flight sim peripherals for top accuracy and performance and will not suffer from any stick drift over time. Its mechanical buttons have a 0.3mm actuation distance and are reportedly 64% faster than regular membrane inputs, too.

This is also a wired controller, which will presumably also help cut down any potential input latency (and cost). Specs aside, the Thrustmaster Heart Controller does have quite an eye-catching overall design. It boasts a rather unconventional two-tone black and white pattern, meaning that it should match both the standard Xbox Series X and Xbox Series S models.

A bright LED strip runs down the middle of the controller, separating the two colors and lending it some extra flair. This lighting is customizable and can be set to six colors including orange, blue, and red. On the back of the controller, you can find two remappable rear inputs. A range of settings, including the ability to remap these and alter thumbstick sensitivity, can be accessed via the existing ThrustmapperX software.

The controller will be compatible with PC, Xbox Series X, Xbox Series S, and Xbox One. It is available to pre-order now for $99.99 / £89.99 via Thrustmaster and Amazon with shipping expected to begin next month.

You might also like...

• Starfield: Shattered Space finally ditches the empty expanse of space for a more finely-crafted location, and I couldn’t be happier
• Heads up, you can get two of my favorite Lego games for free right now with your Amazon Prime membership
• It's official, Shaq is coming to Fortnite - here's everything you need to know

One woman spills the beans about giving birth to rich people's children. “They were offering Scrooge McDuck buckets of money.”

In the quest for more powerful electronic chips, a persistent challenge has been how to efficiently dissipate the increased heat they generate.

Among the promising solutions, researchers are now looking towards bionics - drawing inspiration from nature - for innovative technologies that could eventually revolutionize AI data centers.

A research team led by Prof. Ye Hong from the University of Science and Technology of China has developed a groundbreaking bionic ceramic wick for Loop Heat Pipes (LHPs), inspired by the natural transpiration process of leaf stomata. Their research, published in Langmuir, addresses a key limitation of traditional LHPs, which use wicks with uniform pore sizes, reducing efficiency at high heat fluxes due to vapor blockages and increased thermal resistance.

Promising early results

The newly developed bionic wick features an asymmetric pore structure, which optimizes heat transfer by overcoming these challenges, offering a more effective solution for high-power chip cooling.

The design mimics leaf stomata, with straight finger-like pores serving as vapor channels, significantly reducing vapor transport resistance, and enhancing heat dissipation. This structure enables a higher critical heat flux, allowing for better management of high-power chip cooling. The use of ceramics, instead of metal, for these wicks also offers enhanced corrosion resistance and thermal stability, critical for the long-term performance of advanced electronics.

The manufacturing process employs phase-inversion tape casting, commonly used for producing porous ceramic membranes. This innovative method not only allows for creating the desired multiscale pore structures in a single step but also ensures a solid and consistent output.

Initial tests of the bionic wick within LHP systems have shown promising results. By optimizing the balance between capillary force and flow resistance, the bionic wick efficiently transports working fluids and enhances the system's thermal performance. This advancement has the potential to extend beyond just computing hardware, with applications in aerospace, microelectronics, and energy sectors.

This pioneering approach could redefine thermal management strategies in data centers powering artificial intelligence, paving the way for more efficient and sustainable solutions inspired by the natural world. Researchers are hopeful that continued development and adaptation of these bionic structures will help overcome existing challenges and meet the demands of next-generation electronics.

More from TechRadar Pro

• Metal foams promise 90% improved heat exchange for data center cooling
• Evolving data center cooling for AI workloads
• Forget Atlantis: How data centers can use liquid above ground to stay cool

Several key refinance rates trended upward this week, but rates are still well below last year's highs..

A handful of key mortgage rates climbed higher. Here's what experts say is next for the housing market this year.

Back in August, Android users got access to a new Gemini-powered feature called Gmail Q&A, available to those with a Google One AI Premium plan or a Workspace account. Now the same feature is going live for iPhone users as well.

As explained in a Google blog post, the idea is you use Gemini to search through your inbox and ask questions about it. The example Google gives is "show unread emails from Jordan" but prompts like "what was I talking about with Chris?" or "tell me about the emails I've had today" work as well.

"Gmail Q&A can help you answer specific questions about your emails, show you unread messages or messages from a specific sender, summarize emails about a topic in your inbox, and even answer general questions from search, all without having to leave your inbox," explains Google.

Right now, the feature is only available in English. If you're not signed up to Google AI Premium ($19.99 / £18.99 / AU$32.99 a month), you need to have a Workspace account with Gemini add-ons included, and smart features and personalization turned on.

How to use Gmail Q&A

Gemini can summarize emails from any day (Image credit: Future)

If you meet the criteria for Gmail Q&A, powered by Gemini, you should see the Gemini star icon up in the top right corner of the Gmail app for Android or iOS. If you're viewing a specific email, the same icon is up at the top near the center.

Tap this icon to launch Gemini, and you can start asking questions – it works in a similar way to Gemini on the web, so you can write in a natural way about anything to do with your email. Ask to see certain messages, or get summaries of conversations, or ask about the contents of emails stored in your inbox.

Based on a brief bout of testing, it all works rather well. As always with AI though, it's worth double-checking important information: handily, Gemini provides a list of its sources underneath every answer, so you can tap through on these links to read the emails it's talking about.

This is on top of the other Gemini features already in Gmail, such as tools to help you write or rewrite your emails. In its Gmail Q&A announcement, Google notes similar Gemini search tools will be arriving in Google Drive too in the near future.

You might also like

• Gemini in Gmail will now provide smarter quick replies
• Gmail remains by far the most popular email service
• Google says Gmail is getting even tougher on spam

The Nobel Assembly said that their discovery is "proving to be fundamentally important for how organisms develop and function."

(Image credit: Henrik Montgomery)

Apple’s rumored batch of M4 Macs could be with us shortly, and these machines might launch later in October, and go on sale soon thereafter according to the latest from the rumor mill.

This is more from Mark Gurman, a respected Apple leaker who spills gossip regularly via a weekly newsletter, the latest chatter from which insists that Macs with M4 chips will be revealed towards the end of October, and at least some of those devices are set to go on sale come November 1.

As previously rumored, the M4-toting hardware to be launched includes an entry-level MacBook Pro 14-inch, alongside higher-end models of that 14-inch laptop, and high-end MacBook Pro 16-inch flavors too (nothing on the lower-end in the latter case).

There’s also an iMac M4 on the horizon, and a redesigned, more compact, Mac mini with options for the M4 or M4 Pro chips (and also a new iPad mini M4).

More M4 Macs are coming next year, as Gurman has already told us, likely MacBook Air 13-inch and 15-inch models, which are set to arrive at some point in the first half of 2025. Previously, Gurman has hinted these could debut in Q1 of 2025, but that prediction isn’t made in this latest newsletter (possibly because it’s a whole raft of products the leaker is talking about here, including accessories, so launch timings may be a bit all over the place across the board).

Those laptops will supposedly be followed by a refreshed Mac Studio with M4 CPU (long-awaited by some folks) which could arrive around the middle of 2025, towards the start of H2 – so that might be July or August – and then a Mac Pro M4 will follow later in the second half of next year.

Also in late 2025, we can expect the first generation of M5 Macs, Gurman believes, meaning Apple will maintain its current cadence with its range of computers – this would presumably include the MacBook Pro M5 models, and maybe more.

(Image credit: Future / Lance Ulanoff) Analysis: A plausible scenario, but there’s room for doubt yet

All of this sounds plausible and it chimes with what Gurman has said before, multiple times, so the leaker appears to be confident enough in these assertions. Recently, we thought we detected a wobble in that confidence around a potential October unveiling for the M4 Macs, but it appears that any doubt has been pushed aside – if indeed there was any present in the first place.

With a potential on-sale date now being put forward, one that’s less than four weeks away, these predictions now feel more concrete – especially as we’ve seen quite a lot of leaks around the MacBook Pro M4 very recently, including purported photos of the box, which makes sense if it’s imminent.

Of course, we must still be cautious about what to expect as ever. Even if these are Apple’s plans correctly laid out as they stand now, things could still change over the course of October.

One of the big questions remains, though: are we set to see 16GB of RAM as an absolute minimum configuration for the Unified Memory loadout in the MacBook Pro models, meaning the 14-inch laptop will get this treatment as well – and indeed maybe across all Apple’s Macs? Fingers crossed that’s the case.

You might also like

• There’s more evidence that Apple’s folding-screen MacBook has been delayed
• These are the top MacBook deals right now
• I used to laugh at the Mac Mini but today I bought one

Vigils are taking worldwide to commemorate the approximately 1,200 killed in the Hamas attacks a year ago. Protests are planned to demand a cease-fire to the war that has killed nearly 42,000 in Gaza.

(Image credit: John Wessels)

Squarespace website builder review

Squarespace is a top website builder known for its elegant designs and robust features. With over 100 premium, mobile-optimized templates, it’s a favorite for creatives and businesses seeking visually stunning, professional websites.

For

• Built-in email marketing
• Essential e-commerce features with most plans
• Lots of lovely, mobile-responsive templates
• Free trial with no credit card info required
• Helpful link in bio tool
• Free SSL certificate
• Helpful 24/7 customer support and well-supplied knowledgebase
• A solid set of features

Against

• Can't switch templates without starting from scratch
• No telephone support
• Low level of customization

GoDaddy website builder review

GoDaddy Website Builder is a popular choice for beginners, offering a user-friendly interface and quick setup. With customizable templates and integrated marketing tools, it’s designed to help small businesses and entrepreneurs create functional websites with ease.

For

• 30-day free trial
• 24/7 phone and live chat support
• AI-powered tools for website optimization
• Easy-to-use editor
• Solid range of simple customizations
• Over 100 good-looking templates to choose from
• Marketing and SEO tools included

Against

• AI-generated sites lack creativity and individual touch
• Limited level of customization
• Ecommerce with top-tier plan only
• No app marketplace for additional integrations

Creating a website is easier and more affordable than ever before. From no-code website builders to finding cheap domains and hosting plans, it seems like you can do it all for a couple of bucks. But, among countless brands, two stand out. Both Squarespace and GoDaddy are well known as two of the best website builders on the market, but with many similar tools and features, it is no surprise potential customers often get confused about which one is best for them.

Squarespace primarily offers a drag-and-drop website builder, dynamic website templates, and even multiple products targetting specific businesses such as dedicated templates for sellers, Bio Sites, creator tools for freelancers/ influencers, and SEO tools for digital marketers.

GoDaddy's primary business is the sale of domains, and not very long ago, it started providing additional services like website building, logo making, and more. But this isn’t to say that GoDaddy isn’t a strong competitor in the website building space. In fact, in a short time, it has become one of the key players with powerful tools that are comparable to the likes of Squarespace.

In this guide, we take a look at the most important areas of website building and offer a comparison between what is offered by the two players. The goal isn’t to give a generic answer to ‘which is the best website builder’, but instead provide you with the information you need to make an informed decision on which platform best suits your unique needs and goals.

Squarespace vs GoDaddy: Pricing

(Image credit: Squarespace)

Squarespace pricing is straightforward, starting with the Personal plan. For $16/month (billed annually) you get features like a custom domain, SSL security, unlimited bandwidth, and Squarespace AI.

If you need more, the Business plan for $23/month adds advanced website analytics, free invoices, promotional pop-ups, banners, and a nominal 3% transaction fee on sales. For ecommerce, the Basic Commerce plan at $27/month includes customer accounts, product waitlists, and low stock alerts and the Advanced Commerce plan adds advanced shipping, discounts, and abandoned cart recovery for $52/month.

You can also save on your Squarespace subscription by signing up for an annual plan over monthly billing and using one of the best Squarespace promo codes at checkout.

(Image credit: GoDaddy)

GoDaddy, on the other hand, starts with the Basic plan at $9.99/month, ideal for small businesses that need SSL, unlimited social media platforms alongside unified inbox and website chat. On top of this, the Standard plan adds additional marketing tools like built-in SEO and social posts for $11.99/month.

Next up, the Premium plan at $14.99/month includes all the benefits of the Standard plan, plus recurring appointments. Lastly, if you just want to build an online store, the Ecommerce plan at $24.99/month is the best choice as it covers all the essentials like product listings, shipping, and abandoned cart recovery.

My Verdict: Squarespace is a premium option with higher pricing, ideal for businesses and creatives needing strong design and e-commerce features. GoDaddy offers more affordable, simple plans, perfect for beginners or businesses looking for a quick and easy website setup.

Squarespace vs GoDaddy: Setup & page editor

(Image credit: Squarespace)

Squarespace’s setup and editing process are both minimalist and visually appealing. With a Fluid Engine drag-and-drop editor, Squarespace offers real-time previews of your edits and even offers many AI features to improve your website. You get dedicated theme patterns, tons of templates distributed on an industry basis, and limited yet versatile font options to fulfill your brand’s persona. If you plan on running an online store, Squarespace has dedicated e-commerce themes and well-organized sections for payments, shopping carts, and products.

(Image credit: GoDaddy)

GoDaddy’s layout may be less visually appealing, but its editor is simpler than Squarespace's, particularly for non-technical users. With a guided walkthrough to set up your site, you can add pictures, design pages, etc., using the swipe-to-style editor both from your desktop or even your phone. Plus, GoDaddy Airo AI creates your website, logo, and more by just using details of your business. Likewise, once your ecommerce store is ready, you can upgrade to start selling and connect with top marketplaces like Instagram, Google, Etsy, eBay, Facebook, and Amazon.

My Verdict: Squarespace is perfect if you want a visually-driven, customizable setup, while GoDaddy is better for beginners who value ease of use and speed over advanced design and customization.

Squarespace vs GoDaddy: Ecommerce

(Image credit: Squarespace)

Squarespace lets you send invoices and sell content like online courses, videos, blogs, memberships as well as physical products. Further, you can use your own domain for checkout and connect with different Point-Of-Sale (POS) systems, helping create a seamless experience for your customers.

If you want to go all in with your store, Squarespace provides product reviews for your customers, features for selling your products and services on Facebook and Instagram, limited availability labels, and abandoned cart recovery. On high-tier plans, you get advanced options for shipping, discounts, and access to Commerce APIs.

(Image credit: GoDaddy)

With the GoDaddy Ecommerce plan, you can create dedicated websites to sell products. Just integrate your online store to add products and services, set up payment methods, manage shipping options and return policies, warranties, and guarantees.

Plus, you can highlight featured products, integrate Square, PayPal, and Stripe, and keep subscribers informed about sales, coupon offers, and online events along with email marketing tools. GoDaddy also lets you customize your online store with WordPress and WooCommerce integration.

My Verdict: Both platforms have extensive ecommerce features and support flat-rate, calculated, and free shipping, along with a range of third-party app integrations. In a nutshell, consider Squarespace if you want a neatly designed and stunning-looking online store and GoDaddy if you’re a beginner on a tight budget who just wants to get started with a simple yet effective ecommerce website.

Squarespace vs GoDaddy: SEO tools

When it comes to SEO, both Squarespace and GoDaddy let you edit tags and meta descriptions, add image alt text, customize URLs, and access keyword support. But there are a few things to consider.

Squarespace site comes with a site map using the .xml format, so you don't need to create one manually. Squarespace also lets you add Meta Pixel & Ads for targeted advertising. Plus, you can explore keywords with time filters and access an SEO Checklist making optimizing your site a breeze..

On the other hand, GoDaddy has a step-by-step wizard that guides you through optimizing your homepage, and if you've used it before, you can revisit tasks to refine any page, blog post, or image. Similarly, you can track your site's performance using Google Analytics and return to optimize further as needed.

My Verdict: While Squarespace comes with an integrated sitemap and Meta Pixel for users who prefer simplicity, GoDaddy’s SEO wizard provides a more guided, step-by-step approach for beginners. Since both offer quite basic SEO tools, you can try their free trial to see which one suits your business better.

Squarespace vs GoDaddy: Verdict

Both Squarespace and GoDaddy are solid website builders, but they cater to different needs. GoDaddy is the cheaper and faster option, perfect for those who want to get online quickly without fussing over too many details. It’s great for beginners with its straightforward email marketing process and essential features at an affordable price. GoDaddy’s guided approach is ideal for those who want to get things up and running with minimal hassle.

Squarespace, while more expensive, excels in aesthetics and creative control. Its beautiful templates, drag-and-drop editor, and powerful tools like built-in SEO and automatic sitemaps make it a top choice for creatives, artists, and anyone wanting to build a visually stunning online presence. A generous student discount also makes it a great option for young entrepreneurs and creators looking to save while building something professional.

In the end, if speed, simplicity, and cost are your main concerns, GoDaddy wins. But if you're after elegance, customization, and appealing aesthetics, Squarespace is a better choice.

The Apple Intelligence release date has been leaked, and when Apple said its AI features would arrive in October, it meant… Late October.

According to top insider Mark Gurman in Bloomberg’s Power On newsletter, Apple Intelligence’s first wave of AI features will be coming to iPhone, iPad, and Mac on October 28, more than a month after the iPhone 16 and iPhone 16 Pro launch.

Apple Intelligence arrives as part of iOS 18.1 and will be accessible on a small selection of the best iPhones including the iPhone 16 lineup and the iPhone 15 Pro and iPhone 15 Pro Max. iPhone 15 users will sadly miss out on Apple’s first venture into the world of AI.

While October 28 will see the arrival of Apple Intelligence, it only spells the start of Apple’s AI rollout. This first batch of Apple Intelligence features will include Writing Tools for proofreading and rewriting, Smart Replies to quickly reply to messages, Notification Summaries, Clean Up in Photos, and a redesign of Siri.

A new era

(Image credit: Future / Apple )

Other features like ChatGPT integration, Genmoji, and Image Playground are expected to arrive with iOS 18.2 before the end of the year with Siri’s major Apple Intelligence overhaul due around March 2025.

Apple’s AI rollout has been met with some skepticism considering the iPhone 16 lineup is currently on sale advertised as the ‘first iPhone built from the ground up for Apple Intelligence.’ By the time early adopters finally get their hands on Apple Intelligence, the phones will be over a month old, despite all of Apple’s marketing heavily focused on AI.

It’s also worth noting this October 28 release date will only be for US English, users in the UK who don’t want to change their device language will need to wait until later this year to use Apple Intelligence and EU iPhone owners might not be getting AI features at all.

Our iOS 18.1 Apple Intelligence hands-on will give you all the information you need on what to expect when Apple AI finally becomes available later this month. You can also check out our iPhone 16 Pro review for early impressions on Apple Intelligence.

You might also like...

• The Apple Intelligence release date is a big deal
• iPhone 16 review
• My parent's iPhone 14 Pro Max phones are not getting Apple Intelligence

The number of attacks targeting critical infrastructure, banking and financial services, government and utilities sectors across Europe and the Middle East has increased 55% in the last four years, new research has claimed.

Distributed Denial of Service (DDoS) attacks are particularly worrying, rising by almost a third (30%) in the first half of 2024, compared to the same peiod in the previous year, to a new cybersecurity paper published by NETSCOUT SYSTEMS.

Based on DDoS attack data harvested from 216 countries and territories, 470 vertical industries, and over 14,000 ASNs, the paper argues that hacktivists are one of the key groups to be blamed for the increase in attacks.

Widespread disruptions

With the emergence of the Zergeca botnet, the number of bot-infected endpoints rose by 50%, the researchers further explained, adding that the “continued evolution” of the DDoSia botnet, used by a group called NoName057(16), also played a pivotal role.

The attacks resulted in “widespread disruptions”, NETSCOUT concluded, adding that industries were affected on a global scale. “Service slowdowns or outages can cripple revenue streams, delay critical operations, hinder productivity and significantly elevate organizational risks,” they concluded.

The researchers also added that more than 75% of newly established networks have been involved in DDoS attacks, both as targets, or as unwilling attackers, in the first 42 days of their inception. When splitting off a part of a network to a new ASN, organizations need to keep DDoS protection in mind, NETSCOUT says, adding that assuming automatic protection from upstream service providers can only lead to trouble.

“Hacktivist activities continue to plague global organizations with more sophisticated and coordinated DDoS attacks against multiple targets simultaneously,” said Richard Hummel, director of threat intelligence at NETSCOUT. “As adversaries use more resilient, take-down-resistant networks, detection and mitigation are more challenging. This report gives network operations teams insights to fine-tune their strategies to stay ahead of these evolving threats.”

More from TechRadar Pro

• The largest ever DDoS attack has just been blocked - here's how it was done
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

Rapidly falling rates means now's the time to lock in a high APY.

2024 might have heralded the new Samsung Galaxy Ring and the long-awaited Oura Ring 4, but a new report says that tech giant Apple isn't planning to join the fellowship anytime soon.

Patents and rumors of an Apple Ring have been swirling for years and the popularity of other discrete fitness trackers on the market makes the industry an enticing proposition.

However, top Apple insider Mark Gurman says that Apple isn't working on one right now, and doesn't have plans to start anytime soon.

Writing in the paywalled email version of his Power On newsletter this week, Gurman revealed that "Apple isn’t actively developing a ring and has no plans to launch one."

But why would Apple pass on the chance to release an innovative new product in an emerging market? There's one simple reason – Apple Watch.

Apple is keeping fitness on the wrist, for now...

(Image credit: Future)

As Gurman notes, introducing an Apple Ring "would detract from the Apple Watch." He reveals that Apple has "no reason to cannibalize a product that still has room to grow and is the envy of the fitness-tracking industry."

While both Samsung's Galaxy Ring and the new Oura Ring 4 are impressive bits of kit, there's not a ton they offer over Apple Watch right now. Both types of device feature broadly similar fitness and health features such as exercise tracking, heart rate monitoring, sleep tracking, and more.

While a ring might be a more discrete bit of kit than the best smartwatches on the market, it's an extra for most people who likely already wear a watch of some description.

The Samsung Galaxy Ring and the Oura Ring 4 also both cost broadly the same as an Apple Watch Series 10, but the latter delivers a more immersive experience thanks to its touchscreen display and features like music playback, calls and messages, and more.

It's possible that smart rings and other more discrete devices could one day surpass the smartwatch as the king of fitness tracking and wearable tech, but right now it seems Apple doesn't have any intention of upsetting its growing smartwatch business.

You might also like

• Best smart ring 2024: Samsung Galaxy Ring, Oura and other alternatives
• I spent 24 hours with the Samsung Galaxy Ring, and it's scarily good so far
• I tried wearing an Oura smart ring and might never go back – but it can’t replace my Apple Watch

Apache's HTTP Server is a critical component for hosting web applications worldwide. Recently, two significant vulnerabilities CVE-2024-40725 and CVE-2024-40898 have surfaced, raising alarms across industries.

These vulnerabilities present a severe risk to organizations that rely on Apache HTTP Server especially the systems using versions 2.4.0 through 2.4.61. There are over 7.6 million instances exposed to potential attacks, experts have said.

According to a recent report from CYFIRMA, while CVE-2024-40725 affects the mod_proxy module of the Apache HTTP Server, CVE-2024-40898 targets the mod_ssl module.

HTTP request smuggling & SSL authentication bypass

HTTP Request Smuggling attacks see an attacker send multiple crafted HTTP requests, which the server misinterprets due to its flawed handling of HTTP headers. The attacker exploits this misinterpretation to bypass security checks. In the case of CVE-2024-40725, the ProxyPass directive, when misconfigured, can make the server vulnerable to this type of attack.

When the ProxyPass directive is enabled with specific URL rewrite rules, it can lead to HTTP Request Smuggling attacks. Attackers can exploit this vulnerability to gain unauthorized access to restricted parts of the server, disclose sensitive information, or hijack active user sessions.

The CVE-2024-40898 vulnerability stems from improper SSL client authentication verification. If SSLVerifyClient is not configured correctly, attackers can bypass the SSL authentication mechanism. This allows them to access sensitive systems without requiring a valid client certificate thereby compromising the security posture of affected organizations.

The existence of PoC exploit codes for both vulnerabilities makes it easier for attackers to target organizations that have not yet applied the necessary patches or updated their configurations. These tools allow attackers to send specially crafted SSL requests to affected servers, which can lead to unauthorized access.

There are already discussions about these vulnerabilities on Dark Web forums, where hackers are actively sharing technical details, targeting information, and exploits, signalling a growing interest in exploiting these vulnerabilities in the wild. These discussions indicate that IP addresses of vulnerable systems are actively being circulated, heightening the urgency for prompt action.

These vulnerabilities present a high-level threat to organizations, making it imperative for system administrators to apply patch updates and review configurations immediately. Without proper mitigation, affected servers could become targets for exploitation, compromising both sensitive information and the integrity of critical systems.

To mitigate the risks, the first and most crucial step is to apply the latest patch by updating the Apache HTTP Server to version 2.4.62 or later. This update addresses both vulnerabilities, providing essential fixes to prevent exploitation.

Additionally, a thorough review of server configurations is necessary, particularly within the mod_proxy and mod_ssl modules. Ensuring that the ProxyPass directive and URL rewrite configurations are securely set up will minimize the risk of HTTP Request Smuggling, while properly configuring SSLVerifyClient will prevent authentication bypass attacks.

By deploying a Web Application Firewall (WAF), organizations can filter malicious HTTP and SSL traffic, providing an extra layer of protection against attack attempts. Moreover, conducting regular security assessments, including vulnerability scans, helps proactively identify and address any configuration issues or new vulnerabilities.

Organizations in sectors such as finance, healthcare, government, retail, and technology are particularly vulnerable due to the sensitive data they handle. Geographically, regions such as the United States, Germany, India, the Netherlands, and the United Kingdom are considered high-risk areas, given the widespread use of Apache HTTP Server in these locations.

More from TechRadar Pro

• These are the best firewalls around today
• This new keylogger uses Microsoft PowerShell scripts to quietly steal sensitive information
• Take a look at the best business VPNs