Home Top Ad

Responsive Ads Here

Apple’s long-rumored smart-display-powered HomePod devices could have Apple Intelligence features at their core to help control your smart...

Apple's rumored Apple Intelligence-powered smart displays could see it finally crack the smart home market

Apple’s long-rumored smart-display-powered HomePod devices could have Apple Intelligence features at their core to help control your smart home.

Mark Gurman, Bloomberg’s Apple expert wrote in his Power On newsletter Sunday, ‘Apple is taking another crack at the smart home market.’ This time, we’re expecting two smart display products akin to a HomePod with a screen, capable of running everything Apple Intelligence has to offer.

The new devices have been in the pipeline for a while now with previous reports hinting at ‘a tabletop device code-named J595 that combines a robotic limb with a large, iPad-like display.’ But Gurman says Apple is also working on a ‘low-end smart display’ codenamed J490 aimed at using FaceTime and Apple Home control.

The interesting thing about this report is not the products themselves, as we have been hearing about Apple’s smart displays for a while now, but more so that ‘Apple Intelligence tools will be at the heart of both products, helping the company bring AI into the home.’ Gurman expects the J490 to launch as early as next year as a ‘lower-end companion to the robotic device, which may cost $1,000 or more.’

homeOS

WWDC 2024

Apple Intelligence for the smart home (Image credit: Apple)

With a new product line comes a new operating system, and Gurman thinks Apple will call it homeOS. He claims tvOS from the Apple TV will be at the basis for homeOS, but expects both OS to ‘ultimately get combined and run on every Apple home device.’

Interestingly these smart display products are collaborations between Apple’s artificial intelligence and home device hardware engineering teams, making it clear that Apple Intelligence is at the heart of these products. Gurman adds, ‘The low-end smart display is designed to run apps like Calendar, Notes and Home, and will include an interface optimized for controlling home appliances and quickly seeing information.’

These rumored Apple-Intelligence powered smart display products could usher in a very exciting future for Apple’s idea of a home and give the company another crack at taking a large slice of the smart home market pie.

You may also like...



from TechRadar - All the latest technology news https://ift.tt/91ATNFZ

0 coment�rios:

There’s a tweet by John Moynes that’s been going around X.com for some time now that I can easily relate to. It goes like this: ‘Rage Aga...

Fed up with unnecessary white space when printing from the web? AI is here to fix that, and it's about time

There’s a tweet by John Moynes that’s been going around X.com for some time now that I can easily relate to. It goes like this: ‘Rage Against the Machine never specified what type of machine they were furious with, but I reckon it was probably a printer.’

Printing anything out at home remains one of the most frustrating experiences in modern life. Assuming you can actually get your PC to connect to your printer, who knows what you’re going to get out the other end because it rarely resembles the document you’re seeing on screen.

Spreadsheets mysteriously split themselves over several pages, and anything printed from a web page comes with an obligatory page or two of extra blank space at the end, maybe with a line or two random text at the bottom. Why printer companies haven’t managed to fix this yet is beyond me.

AI to the rescue

Well, perhaps it’s beyond human beings because HP has called Artificial Intelligence to fix it. Announced at its recent Imagine AI event, HP Print AI is here to fix the common problems associated with printing documents.

Its stand-out feature, Perfect Output, which is available now as a beta to select users, is designed to make what you see on screen the same as what your printer actually prints out. The first problem it’s designed to solve is to make printing from the web work, at long last.

HP estimates that half of all print jobs at home are from web pages, so it’s crazy to think it’s taken this long to sort it out. Perfect Output intelligently reformats and reorganizes the content of a web page to fit on the printed page. It also detects unwanted content like ads or web text and removes it.

More than that, it actually makes the pages look like they’ve been designed beautifully. Have a look at the before and after screenshots:

HP Print AI screenshot.

Here's what a web page looks like when you try to print it... (Image credit: HP)

HP Print AI after shot.

... and here's how it looks after Perfect Output has reformatted it. (Image credit: HP)

Perfect Output also tackles the thorny issue of printing spreadsheets. These have traditionally been difficult to print out because they tend to be formatted in landscape. Perfect Output does the hard work of making them fit on a page for you, even integrating charts intelligently into the printouts.

HP is also using AI to help you set up your printer, but frankly, we just want better-looking printouts that don’t waste reams of paper when all we wanted was a recipe for spaghetti bolognese. If AI can do that, it’s winning.

While Perfect Output is available to select customers right now as a beta, HP says it will launch HP Print AI capabilities through 2025.

You might also like...



from TechRadar - All the latest technology news https://ift.tt/wzN6I10

0 coment�rios:

Infostealer attacks are becoming an increasingly serious threat. Over the past few years, infostealer malware has increasingly become the ...

The rising threat of SYS01 infostealer: Navigating the malicious mad men of Facebook

Infostealer attacks are becoming an increasingly serious threat. Over the past few years, infostealer malware has increasingly become the weapon of choice for cybercriminals as a low-hanging fruit tactic to carry out high-impact data breaches due to their simplicity, vast availability, and low cost.

The Trustwave SpiderLabs Threat Intelligence team recently discovered a new version of the SYS01 infostealer during our ongoing research of malicious activity on Facebook. With over 2.9 billion monthly active users and 200 million business accounts on Facebook, this infostealer poses a significant risk.

In this campaign, hackers use malicious advertisements to steal account credentials to take over Facebook business and personal pages, as well as gain access to users' credentials, history, and cookies in web browsers. The captured information can include saved credit card info, passwords for accounts to other sites, and more. This can then lead to further rippling effects, including disruption of business operations and financial loss.

Expanded Facebook User Targeting

SYS01 represents a new wave of infostealer malware with more sophisticated capabilities and evasion techniques, making it a formidable threat.

Since its emergence in March 2023, SYS01 has dramatically evolved. Initially distributed through Facebook advertisements related to adult content and gaming, this new version which has been operating since September 2023, now includes ads for AI-tools and Windows themes. This evolution advances SYS01’s appearance of legitimacy and extends its reach to target the general population, making it more challenging for users to identify and avoid malicious ads.

As this malware continues to evolve and target a larger pool of potential victims, organizations should implement filtering systems to analyze ad content for signs of malware or malicious intent to help mitigate risks. It's also crucial for employees to improve their own ability to recognize spoofed ads and maintain good cybersecurity hygiene by staying informed about the latest trends and tools used by cybercriminals.

The Adaptive Nature of SYS01

SYS01 can manipulate antivirus software configurations to avoid detection and maintain presence on infected systems for extended periods. This makes it much more challenging for traditional security solutions to detect the malware. With the ability to identify virtualized environments used by security researchers for malware analysis, SYS01 can further alter its behavior or halt execution to prevent discovery by security tools.

Not only can SYS01 manipulate security tools to evade detection, but its adaptability also allows it to continue to morph and adjust to increase effectiveness with each malicious ad campaign. Leveraging calculated A/B testing, SYS01 adapts and refines its ads to maximize engagement and click-through rates and repeats use of the more successful advertisements.

Given the adaptive nature of SYS01, organizations should ensure they have host-based anti-malware tools to help detect and protect against malicious exploits. Security and IT teams can go a step further by keeping browsers and plugins up-to-date and configuring browsers and tasks to regularly delete persistent cookies to reduce the risk of session cookie theft of sensitive information. When prevention isn’t possible, audit controls can also help detect potential compromises.

One Infostealer After Another

As cybercriminals continue to innovate with their use of infostealers, maintaining vigilance and implementing robust security measures is critical.

SYS01 is just one of many infostealer threats. Many of its tactics exhibit striking similarities to other infostealers, such as Rilide. Disguising itself as a legitimate Google Drive extension, Rilide targets Chromium-based browsers – such as Google Chrome, Microsoft Edge, Brave, and Opera – leveraging Google Ads to carry out attacks that monitor browsing history and capture screenshots before injecting malicious scripts to withdraw funds from cryptocurrency exchanges.

To protect against such threats, security leaders should enforce the use of multi-factor authentication (MFA) across their organizations. This adds an extra layer of defense, making unauthorized access more difficult if and when users inadvertently click on malicious ads. Proactive monitoring with tools like endpoint detection and response, alongside MFA, enhances security by detecting anomalies and aggregating data across an organization’s IT infrastructure.

A Call for Proactive Defense

SYS01’s evolution and sophisticated capabilities underscore the growing threat posed by infostealers, particularly in its demonstrated ability to evade detection and continuously evolve. This flexibility highlights the need for cybersecurity professionals to stay ahead of the curve to effectively anticipate and mitigate future threats. By investing in robust defenses, monitoring solutions, and proactive threat hunting, organizations can better safeguard against the rising risks of infostealers and protect their digital assets from potential harm.

We've listed the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



from TechRadar - All the latest technology news https://ift.tt/tMYJCWX

0 coment�rios:

Full spoilers for Never Let Go follow. Never Let Go is the latest movie by hit production company Lionsgate, which is a studio known fo...

Never Let Go had a lot of promise but I’m tired of bad Hollywood endings

Full spoilers for Never Let Go follow.

Never Let Go is the latest movie by hit production company Lionsgate, which is a studio known for the huge horror franchise Saw, as well as popular action franchises The Hunger Games and John Wick (which recently got a trailer for Ballerina). Although this creepy survival horror hit, which gave similar vibes to A Quiet Place, had potential, it really ran out of steam in the third act.

It is annoying that this appears to be a common occurrence with new movies. While I'm not entirely opposed to mystery and questions, sometimes it feels like the script was missing something and the result might leave audiences disappointed, and hungry for something they'll never get to have. That was definitely the case with Never Let Go, which teased this great, evil threat and then fizzled out at the very end.

Movies shouldn't have to over-explain what's going on, but it's nice when they give us something to work with. For me, Never Let Go was ambiguous to the point of being frustrating, leaving me with more questions than I had going in, which is never a good sign.

The evil, which is just named 'The Evil', is this apparent great threat that has taken over the world and leaving Momma (even she doesn't have a name) and her two boys as the only survivors. By the end, we find out this is a lie, and it literally does not elaborate beyond that. The boys go off into this civilization they've been sheltered from their whole lives, and that's it. We don't find out what it is, if it was all in their mother's head or if it's some demonic figure isolated to their remote cabin.

The boys could not see The Evil, but it still doesn't answer why it was so central to their lives for all these years. A lot of it didn't add up and despite the good performances and the creepy atmosphere, the story was lacking compared to the best horror movies.

Should we completely do away with ambiguous endings?

Leonardo DiCaprio as Cobb, looking at his spinning top totem in Inception

Inception's final scene is an example of an open ending done right. (Image credit: Warner Bros)

No, not entirely, but they do seem to be happening in abundance and the result is not always good. But as we've seen throughout film history, it can be done very well. Take a look at Inception – one of the best Christopher Nolan movies – and its now iconic totem ending. We never get to find out if Cobb was in the real world or not, but given the richness of the hours that preceded that final shot, the ending is memorable. Frustrating, sure, but it's great.

Never Let Go wasn't able to reach those heights as we barely knew anything about the threat to begin with. There was little to keep the audience engaged, if anything I found myself braced for another jump scare where Momma would see another manifestation of The Evil but that was more to do with loud audio cues than me being scared of the antagonist. I don't really care if I know nothing about what's jumping out to scare me in the first place. Lore building is important.

Endings are tricky, but many big-budget movies are really struggling to stick the landing. A prime example of that is Lionsgate's abysmal Borderlands, which insulted video game fans everywhere and then fizzled out into an unsatisfying conclusion. Not ambiguous, just boring. Can you tell I absolutely loved it? In all seriousness, if you want to read my takedown of Borderlands, here's why I called it the death of good video game adaptations.

It's not all bleak though, 2024 has seen plenty of great movies, and A24 in particular is leading the charge with recent movies like I Saw the TV Glow and MaXXXine, which was one of five A24 movies I couldn't wait to watch in 2024 – both of which nailed that all-important finale. I just wish the bigger names would follow suit.

You might also like



from TechRadar - All the latest technology news https://ift.tt/79XWZHN

0 coment�rios:

Lenovo has unveiled the latest addition in its Yoga lineup, the Lenovo Yoga Pro 7 (14”, 9th Gen) with an AI-driven AMD Ryzen AI 9 365 proce...

Yoga Pro 7 is a reliable and efficient device for even the most demanding creative workflows with a premium 2.8k OLED screen, excellent keyboard, and a Ryzen AI 9 365 processor

Lenovo has unveiled the latest addition in its Yoga lineup, the Lenovo Yoga Pro 7 (14”, 9th Gen) with an AI-driven AMD Ryzen AI 9 365 processor.

The new device supports the Lenovo Creator Zone, a new AI-powered software suite that allows users to generate and edit images through various methods including Text-to-Image, where users input descriptions to create images, Sketch-to-Image, which combines sketches with text for visual representation, and Image-to-Image which enable variations of existing images based on reference images and descriptions.

It also supports advanced AI features such as Lenovo X Power Software Accelerate for faster previews and exports and X Power Hardware Boost for sustained performance.

A slim yet weighty device

The Yoga Pro 7 is powered by a 73Whr battery, which Lenovo claims is enough power to get through a full day of work or school on a single charge, but despite its powerful hardware, the Yoga Pro 7 maintains a slim profile. The Yoga Pro 7 measures 25.5 x 226.49 x 15.6mm and weighs 1.54 kg. While it is not entirely a lightweight device, it is only 15.6mm at its thinnest point.

The Lenovo Yoga Pro 7 is equipped with the AMD Ryzen AI 9 365 processor with 10 cores and 20 threads, designed to deliver high-performance and efficient AI processing. This processor can achieve up to 50 TOPS (Tera Operations Per Second) through its dedicated AI engine.

One of the standout features of the Yoga Pro 7 is its 14.5-inch 2.8K PureSight Pro OLED Display. It comes with a resolution of 2880 x 1800 pixels, supports a 120Hz refresh rate and a 16:10 aspect ratio. Lenovo’s PureSight Pro technology ensures color accuracy with Delta E<1, meaning that the colors displayed are as close to real life as possible. This is complemented by 100% Adobe RGB, 100% sRGB, and 100% P3 color gamut coverage.

This device also supports the Yoga Premium Suite which features a Soft Touch-coated keyboard with 1.5mm key travel, 0.3mm deep dish keys, a dual speaker system, four microphones with voice ID noise cancellation, and an FHD IR camera for clear video calls.

In addition to the AMD Ryzen chip, this device is equipped with 32GB of LPDDR5X RAM, clocked at 6400 MHz, and a 1TB PCIe Gen 4 M.2 SSD. The PCIe Gen 4 interface ensures faster data transfer speeds, making it easy to move large files or run heavy applications.

The graphic performance of the Yoga Pro 7 uses an AMD RDNA 3 880M integrated graphics which is a decent chip for video editing, 3D modeling, or game development.

For connectivity, this device features Wi-Fi 6E and Bluetooth 5.3, ensuring fast and reliable wireless connections. It also comes with a variety of ports for connecting external devices. On the left side, there are two USB Type-C full-function ports (one supporting USB 4.0 Gen 1, PD 3.0, and DP 1.4), as well as an HDMI 2.1 port that supports up to 4K at 60Hz. On the right side, there’s a USB-A 3.2 Gen 1 (Always-On) port, along with an audio combo jack for headphones or speakers.

The Lenovo Yoga Pro 7 (14”, 9) is expected to be available in EMEA starting September 2024 with a price of €1,699.

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/4oqKh5W

0 coment�rios:

Bristol-based startup VyperCore is on a mission to reimagine how processors are designed, as the British firm is developing a 5nm chip and...

'From a toaster to a server': UK startup promises 5x 'speed up without changing a line of code' as it plans to take on Nvidia, AMD in the generative AI battlefield

Bristol-based startup VyperCore is on a mission to reimagine how processors are designed, as the British firm is developing a 5nm chip and card aimed at accelerating server-class applications without requiring any changes to existing software code.

By shifting the complexity of memory allocation management from software to hardware, up to 80% of the processor cycles typically required for handling memory allocation functions can be eliminated, the company claims. This approach ensures full memory safety at the gate level within the processor, while also improving cache utilization, reducing event processing latency, and lowering overall memory heap demands.

VyperCore’s memory management architecture accelerates C and C++ by two times and Python by five times without modifying the original code, making it especially valuable for handling non-optimized code generated by AI.

From a toaster to a server

VyperCore's co-founder, CEO, and chair, Russell Haggar, told eeNews Europe, “We are a processor company, and we are promising a 5x speed-up without changing a line of code, with memory safety in hardware. This can be inside every CPU from a toaster to a server.”

VyperCore raised £4m in funding last year and is currently in the process of securing further investment to fuel its product development. The company is also recruiting hardware and software engineers, aiming to double its team across its offices in Bristol and Cambridge. VyperCore's first product, a single-core RISC-V processor named Akurra, is currently running on an FPGA. The startup plans to release a single-core test chip next year, followed by a multicore commercial server chip and an accelerator card.

Haggar emphasizes that VyperCore's technology can be embedded in a variety of processors, but the initial focus is on accelerating data center applications. “We are targeting a server-class 64-bit RISC-V quad-core processor, probably in N5 [5nm] and server card hardware,” he explained. This production is targeted for the end of 2026.

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/cgupLRf

0 coment�rios:

The smart ring category is hot right now, but is Apple set to leap into the fray with its own effort? In recent months we've seen the ...

Apple Ring: all the rumors so far and what we want to see

The smart ring category is hot right now, but is Apple set to leap into the fray with its own effort?

In recent months we've seen the launch of the Samsung Galaxy Ring and the RingConn Smart Ring, while the long-term leader of the best smart rings race is the Oura Ring (now up to its third generation). Rumors that Apple might be tempted to join the party have been swirling for several years now, and it seems that there's at least something on the drawing board at Apple around this form factor.

Here, we've pulled together everything we know and think we know about the so-called Apple Ring: the leaks and rumors that have emerged, the predicted price, the possible release date and more. We've also added some of the features and specs we want to see from the Apple Ring.

Apple Ring: cut to the chase

  • What is it? A rumored smart ring, made by Apple
  • When could it release? TBC, but not before 2025
  • How much could it cost? Expect $399 / £399 / AU$750 or above

Apple Ring: price and release date predictions

Oura Ring 3 on a finger

The 3rd-gen Oura Ring (Image credit: Future)

We don't have too many clues about how much the Apple Ring could cost, but we can look at some of the other options on the market. The Samsung Galaxy Ring can be yours for $399 / £399 and up (with Australia prices to be confirmed), while the Oura Ring 3 is available for $299 / £299 and up (and isn't currently available in Australia).

That gives you some idea of the price points we're talking about. Apple will want to stay competitive, but (as the best iPhones show) isn't afraid to whack a price premium on its products. If we had to make a guess, we'd say the Apple Ring will be a little more expensive than its Samsung and Oura rivals.

It's also worth bearing in mind that the best Oura Ring features need a monthly subscription ($5.99 / £5.99 per month). Apple already has its Fitness Plus program you can sign up to if you have an Apple Watch ($9.99 / £9.99 / AU$14.99 per month), so it's entirely possible that this would also be an optional extra for its smart ring.

When it comes to a release date, 2024 and even 2025 seem unlikely, given the cadence of the leaks and rumors we've seen so far; it doesn't appear that a launch is imminent. We didn't see an Apple Ring alongside the Apple Watch 10 at the September 2024 It's Glowtime event, but there's an outside chance it might accompany the Apple Watch 11 in September 2025, assuming that device turns up as expected.

Apple Ring: leaks and rumors

Someone holding the Ringconn smart ring against a concrete background.

The RingConn Smart Ring (Image credit: Future/Becca Caddy)

The Apple Ring rumors stretch back a long way, to at least 2020. A patent Apple filed that year showed a smart ring being used to control other devices – with the idea being that you could maybe change channels on your Apple TV with a tap on your ring. Of course, patents aren't always guarantees of future products, but they show what companies are thinking about and exploring.

Fast forward to 2023, and Apple was once again filing smart ring patents that positioned its possible device as some kind of controller for other gadgets. It seems that any Apple Ring that shows up won't just be focused on health and fitness – it will also give you new ways to control functions on your other Apple devices.

It would seem Apple isn't limiting itself to wearables around your fingers, either. Yet another 2023 patent revealed plans for some kind of Apple Anklet you could wear around your ankle or around your neck. The success of the Apple Watch clearly has Apple thinking about how to get you tracking more fitness metrics.

Meanwhile, an industry report out of South Korea early in 2024 suggested an Apple smart ring was on the way, to take on Samsung and Oura. However, as nothing has emerged in the months since, either the sources of the report got it wrong or Apple changed its mind about its future product launch schedule.

We've seen one further sign that an Apple Ring might be on the way: an Apple survey sent to Apple Watch owners, asking how many of them currently wear a smart ring alongside their smartwatch. It might be a bit of a stretch to use this as evidence of an Apple Ring, but it's not nothing.

And that's it for Apple Ring rumors – no hint of prices, specs, design, or anything specific like that. The lack of particulars in the rumors imply a launch might still be some way off in the future, though there's been enough noise at this point to suggest it's at least being considered.

Apple Ring: what we want to see

Apple Watch Series 10

The Apple Watch 10 (Image credit: Future/Jacob Krol)

In the event that an Apple Ring is indeed on the way, what will it be like – and how could it beat existing models? If any Apple engineers are reading this, here's what we want to see from an Apple smart ring.

1. Stellar battery life

This shows up in every wishlist for every device, of course, but decent battery life is a must – especially as the standard Apple Watch can't go more than a day or two without a recharge. In fact, that could be a key selling point for the Apple Ring: keep tracking your steps and other activities while your Apple Watch is on charge.

2. Top-tier sleep tracking

Speaking of Apple Watch recharging, many users charge theirs overnight. This means the smartwatch often can't be used for sleep tracking, and we're hoping this means the Apple Ring will be very good at it. Besides, the smaller size and lighter weight of a smart ring makes it more suitable for tracking the tosses and turns of your sleep anyway.

3. Lots of software features without subscription

We've already mentioned Apple Fitness Plus, but we'd hope many of the features of an Apple Ring would be available without a subscription – as they are with Apple Watch. And for those who wanted extra functionality such as fitness videos, customizations around workout plans, in-session metrics and more, there could be an extra subscription option.

4. A superior design

There really are only so many ways you can design a smart ring, but we're hoping Apple brings the same aesthetic tastefulness to the Apple Ring as it's shown with the iPhone, iPad, and Apple Watch. We're thinking a super-slim and super-light form factor, a choice of different colors, and a smart ring that's one of the most comfortable on the market.

5. Seamless Apple ecosystem integration

Apple usually manages this perfectly, with iPhones, iPads, Macs, and Apple Watches getting new integrations and connections all the time – so we hope that extends to the Apple Ring. It's unlikely that Apple will want the smart ring to replace the Apple Watch, and in fact it could be a useful screen for it (bear in mind Oura has an Apple Watch app, too).

You might also like



from TechRadar - All the latest technology news https://ift.tt/thMnq1d

0 coment�rios:

What a week this was, folks. Meta Connect 2024 introduced us to a new VR headset, its first AR glasses prototype and slew of Meta AI upgra...

ICYMI: the week's 7 biggest tech stories from the PS5 Pro preorders to Meta announcing its Orion AR glasses

What a week this was, folks. Meta Connect 2024 introduced us to a new VR headset, its first AR glasses prototype and slew of Meta AI upgrades – including an in-development skill to live dub Instagram reels.

We also said hello to the Samsung Galaxy S24 FE, reviewed the new Legend of Zelda title, and prepared ourselves for heartbreak in 2025 with the arrival of The Last of Us season 2's first teaser trailer.

In case you missed all that, we've rounded up all of these top tech news stories below so you can get up to speed on everything that happened in the last seven days.

7. Is there nothing Nothing can’t do?

Nothing Ear Open, held in a hand on a black table

(Image credit: Future)

On Tuesday (September 24), Nothing unveiled its inaugural set of open-ear buds and TechRadar’s audio editor couldn’t help but share her initial thoughts. She’d already said she thought it was the best idea Nothing's had in ages (questionable ‘Ear Open’ moniker aside), and after slipping them on for a few hours, they didn’t disappoint.

Ear Open are so very Nothing; their friendly praying mantis aesthetic is so very likeable. And just as the company's Nothing Ear (a) impressed for a competitive fee, these buds are likely to be a huge hit in the open-ear space. That's particularly true given that they cost just £129, ie. the same price as the flagship Nothing Ear (which means your US and Australian prices are almost certainly $149 / AU$249). Compare that to the Bose Ultra Open Earbuds, with their $299 / £299 / AU$449.95 price-point. See?

Slip 'em on and they feel like nothing, too. The fit is excellent – even putting both on at the same time is a cinch. You get the trademark transparent-meets-monochrome-meets-titanium Nothing design language, plus on-ear pinch control, although there’s a knack to it now, purely because you need to locate where the old 'stem' idea is, to pinch. Oh, and the Advanced EQ setting? It's another level…

6. Echoes of Wisdom is here!

Key art for The Legend of Zelda Echoes of Wisdom

(Image credit: Nintendo)

We won't be surprised if not too many Nintendo fans are reading this, because right now they're probably all playing The Legend of Zelda: Echoes of Wisdom. This highly anticipated entry in the long-running Nintendo franchise is something of a landmark, letting players explore Hyrule through the eyes of Princess Zelda for the first time.

And the good news is that it's great. It combines elements from classic Zelda titles with a wealth of new mechanics for an adventure quite unlike anything that we’ve seen before.

Tasked with closing sinister rifts that threaten the kingdom, you journey through a charming open-world and experiment with a suite of magical abilities. These let you create copies of certain objects whenever you need, which is just as fun as it sounds; a summoned bed might be good for a quick nap in isolation, but makes for the perfect bridge over a perilous chasm when multiplied and stacked. You can even spawn friendly versions of enemies to fight on your behalf.

It’s all wrapped up in an adorable art direction, making everything from the characters to the world look like it was plucked straight from a cute diorama. Check out our review below.

5. The Last of Us season 2 was teased

This week we were treated to our first new trailer for The Last of Us season 2, and we’re convinced it's going to be as emotionally devastating as the videogame it’s based on. Released as part of this year’s The Last of Us Day celebrations (September 26 is the day the Cordyceps infection ravaged the world of the game/show) we got both a two-minute S2 teaser and a confirmation that it’s coming sometime in 2025.

The teaser gives us our first glimpse of characters players know from the games, including Abby and Ellie's love interest Dina, as well as providing hints at what Ellie and Joel have been up to following the 'five years of peace' that followed the events of season 1. Fans of the games know it’s not all sunshine and roses for the survivors, though, so we’re going to take these next few months to emotionally prepare ourselves for what The Last of Us has in store for us come 2025.

4. We spent some time with the Samsung Galaxy S24 FE

Samsung Galaxy S24 FE phones in blue, mint, graphite and yellow

(Image credit: Philip Berne / Future)

Samsung launched the Galaxy S24 FE alongside the Galaxy Tab S10 Ultra this week, and the new phone looks like it’ll prove the cheapest route into Samsung’s Galaxy AI ecosystem.

Among the S24 FE’s hardware upgrades over the Galaxy S23 FE are a bigger 6.7-inch display, a new Exynos 2400e chipset, and longer battery life. But while that would be enough to make it a contender in the cheap flagship stakes, it's the phone's AI tricks that we're most excited about.

Chief among them are its AI-powered ProVisual photography engine, which it inherits from the standard Galaxy S24 and which should bring improved low-light performance and optical zoom quality.

In our hands-on Samsung Galaxy S24 FE review, we described Samsung’s new device as “a great value phone for its power and features,” so here’s hoping it lives up to that billing once we’ve put it through our full review process.

3. Meta’s affordable Meta Quest 3S broke cover

Meta Quest 3S hands on

(Image credit: Future / Lance Ulanoff)

The least surprising announcement of Meta Connect 2024 was nevertheless an exciting one – the much-leaked Meta Quest 3S. This affordable alternative to the Meta Quest 3 still packs a solid punch with its Snapdragon XR2 Gen 2 chipset, and 8GB of RAM, but only costs $299.99 / £289.99 / AU$499.99.

In exchange you will have to accept a couple of downgrades – less sharp displays, a bulkier body, and the loss of the depth sensor – but by all accounts the Quest 3S is an impressive VR headset at its price, and looks like it could be perfect for people looking to dip their toes into XR as we head into the holiday season.

2. Meta announced game-changing AR glasses, too

Meta unveils the Orion prototype AR smart glasses

(Image credit: Future/Lance Ulanoff)

We also saw Meta’s first fully functional AR glasses – the Orion prototypes. These aren’t something anyone will be able to buy (though some are being given out as developer kits to help software creators make apps for the official specs), but from what we’ve been shown Orion looks amazing.

And it’s only set to get better, with Mark Zuckerberg promising the consumer pair will boast better displays, a more fashionable design, and a more affordable price. Although on that last point, Meta’s CTO Andrew Bosworth later clarified that Meta meant affordable in terms of smartphone and laptops rather than at “a Quest 3S price point, or even a Quest 3 price point.”

1. PS5 Pro preorders went live

PS5 Pro

(Image credit: Sony)

It suddenly feels rather like 2020 all over again. That's because pre-orders for the forthcoming PS5 Pro and the limited-edition PS5 30th Anniversary Collection went on sale this week – with predictable results. Such as? Well, such as the official PlayStation Direct website quickly being inundated with would-be buyers all eager to get their hands on Sony’s upcoming consoles and kit. Many had to wait in digital queues for upwards of an hour, just to be in with a chance of pre-ordering the mid-gen refresh, and there were reports of crashes and timeouts and (inevitably) scalpers.

Most PlayStation Direct stock sold out completely that same day; the 30th Anniversary Edition bundle was gone in minutes across the US and UK, while the limited-edition PS5 Slim, DualSense Edge and PlayStation Portal models were quick to follow. Some stock still held on, however, and at the time of writing, Sony’s website still has PS5 Pro units available to pre-order.



from TechRadar - All the latest technology news https://ift.tt/j92yrTL

0 coment�rios:

Microsoft is currently testing a new ‘Shared’ section in Windows 11’s File Explorer , which aims to make it easier to find everything that’...

Can’t remember where that shared file is in Windows 11? Microsoft promises to make it easier to find the files you need

Microsoft is currently testing a new ‘Shared’ section in Windows 11’s File Explorer, which aims to make it easier to find everything that’s been shared with you across Microsoft services.

Windows Latest flagged up that the new addition is part of the latest preview of Windows 11 (24H2) in the Dev channel (build 26120).

The Shared section sits alongside the ‘Recent’ and ‘Favorites’ tabs, showing any file that has been shared with your Microsoft account (whether that’s a document from OneDrive, an email, and so forth). This makes it easy to see these files, right upfront in File Explorer, rather than having to hunt for them.

While the feature isn’t working properly in preview right now - at least not according to testing carried out by Windows Latest - the theory is that files will be marked with their origin, and, for example, something shared in cloud storage would open in OneDrive (naturally in the Edge browser).

If you’re using Microsoft products in a work or school environment, your Shared section will also include files shared within your organization or school body. 

A screenshot of File Explorer in Windows 11

(Image credit: Microsoft)

File this one under ‘plenty’ 

Microsoft further notes in the blog post for build 26120 that you’ll also see more types of file in the Recent and Favorites tabs, as well as the new Shared section, and that includes files you’ve recently interacted with in Power BI or Microsoft Forms, for example, or Designer. Expect to see a wider selection of apps represented in these parts of the File Explorer UI, in short.

The preview build also brings a few other developments, such as new flyout menus for pinned apps in the Start menu for easier access to certain features, the ability to share files that come up in Windows search more easily, and a relocation of media controls to the bottom-center of the lock screen when you have media playing in the background.

All of this should be packaged in the upcoming big Windows 11 24H2 update, which we expect to arrive any week now. However, as ever with work in testing, we don’t know if all the features will make the cut for the release version of the update. 

It seems likely that most of these proposed changes will end up in Windows 11, though, including the Shared tab - assuming the current bugginess can be ironed out by Microsoft as the feature proceeds onward through the testing channels.

YOU MIGHT ALSO LIKE...



from TechRadar - All the latest technology news https://ift.tt/Lty4UfF

0 coment�rios:

Security leaders have become increasingly clear on one thing: Application Security (AppSec) has grown more complex and complicated than eve...

How risk executives can prioritize full stack technology coverage now

Security leaders have become increasingly clear on one thing: Application Security (AppSec) has grown more complex and complicated than ever before. With the rise of cloud computing, microservices, and continuous integration/continuous deployment (CI/CD) pipelines, the attack surface has expanded dramatically. More tools, more data, more potential vulnerabilities—it’s no wonder that many organizations are struggling to keep up. But here’s the irony: as our cybersecurity practices have become more sophisticated, they’ve also become more convoluted, and that complexity often leads to gaps in coverage.

The Growing Complexity of AppSec

Today’s AppSec environment is like a massive jigsaw puzzle with pieces that are constantly shifting. Every new application, microservice, or third-party integration adds another layer of complexity. Each layer introduces new risks, and without comprehensive technology coverage, those risks can easily go unnoticed until it’s too late. We’ve seen this play out in incidents like the 2020 Twitter hack, where attackers exploited gaps in security to access internal tools and compromise high-profile accounts. The complexity of modern AppSec makes it easy to miss these gaps if you’re not equipped with the right tools and strategies.

Why Simplification Is Key—But Not at the Expense of Accuracy

As the complexity of AppSec increases, so does the need for simplification. But —simplification doesn’t mean cutting corners or sacrificing accuracy. On the contrary, it’s about streamlining your processes and tools so that you can maintain a clear, comprehensive view of your security landscape without getting bogged down by unnecessary complications. In other words, we need to simplify without sacrificing thoroughness.

Take the 2020 MGM Resorts breach, for example. Over 10 million guests had their personal information exposed because of gaps in continuous monitoring. This wasn’t just a failure of technology; it was a failure of process. If the organization had a simpler, more streamlined approach to its security coverage—one that didn’t miss critical updates and vulnerabilities—this breach might have been avoided.

The False Sense of Control Amid Complexity

One of the biggest risks in a complex AppSec environment is the false sense of control. It’s easy to believe that more tools and more processes mean better security, but that’s not necessarily the case. The 2021 Panera Bread data breach, which exposed millions of customer records due to overlooked vulnerabilities, is a stark reminder of this. Despite having various security measures in place, the complexity of their environment created blind spots. This breach highlights the critical need for simplicity in your security approach—ensuring that nothing slips through the cracks and that every vulnerability is accounted for.

Simplified, Comprehensive Coverage: The Answer to Modern AppSec Challenges

So, how do we manage this complexity without losing control? The answer lies in achieving full stack technology coverage through simplified, yet comprehensive, processes. This means adopting a holistic approach that covers all aspects of your digital environment—applications, infrastructure, APIs, and more—without getting overwhelmed by the intricacies of each component.

Consider the Log4j vulnerability that took the industry by storm in 2021. It affected organizations across the globe and demonstrated the need for comprehensive application visibility. But here’s the catch: those who had already implemented streamlined, full stack coverage were able to respond quickly and effectively. They weren’t scrambling to piece together a fragmented security posture; they had a clear, accurate view of their entire environment and could act with precision.

Why Full Stack Coverage Is the Simplification We Need

Full stack technology coverage doesn’t just provide a complete view of your security landscape—it simplifies the complexity of modern AppSec. By integrating advanced management tools that offer continuous updates and comprehensive visibility, you can ensure that every aspect of your environment is covered. This not only reduces the risk of missing critical vulnerabilities but also streamlines your decision-making process, allowing you to focus on what matters most: protecting your organization.

Companies like Google and Microsoft have shown us how effective this approach can be. By simplifying their security processes while maintaining thorough coverage, they’ve gained a strategic advantage. They’re not just compliant with regulations—they’re setting new standards for what it means to be secure in a world where threats are constantly evolving.

Conclusion: Simplify, Don’t Sacrifice

As a risk executive, you’re facing an AppSec landscape that’s more complex than ever before. But complexity doesn’t have to mean confusion. By prioritizing full stack technology coverage, you can simplify your approach to cybersecurity without sacrificing accuracy or thoroughness. This isn’t just about keeping up with the latest threats—it’s about staying ahead of them, ensuring that your organization is fully protected no matter how the landscape changes.

The time to simplify is now. Don’t wait until your next audit or, worse, your next breach, to realize that your current approach isn’t cutting it. Take action today to streamline your security processes, implement full stack coverage, and gain the clarity you need to make informed, strategic decisions. In a world where AppSec is only going to get more complex, simplicity—and comprehensive coverage—are your best defenses. Let’s embrace a simpler, more effective way to secure our organizations, ensuring that we’re not just reacting to the challenges of today, but proactively preparing for the threats of tomorrow.

We've listed the best cloud optimization service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



from TechRadar - All the latest technology news https://ift.tt/9dtx3RH

0 coment�rios:

It's not every day that an audio legend brings back one of its most iconic names and while also charting brand new territory. But that...

This retro music streamer and speakers combo is a stylish modern version of a classic hi-fi look

It's not every day that an audio legend brings back one of its most iconic names and while also charting brand new territory. But that's what Ruark Audio is doing with its R610 Music Console and Sabre-R bookshelf speakers. And while the looks and name of the speakers echo Ruark's greatest hits, and the music player has a design harking back to the stereo music centers of the 1970s, this new system and speakers are anything but old-fashioned. 

Let's start with the speakers. The original Sabre loudspeakers were introduced way back in 1985 with a combination of clever drive units and gorgeous cabinet work, and these new Sabre-Rs follow in that tradition. They come with 26mm silk dome tweeters with neodymium motors, 14cm natural fibre cone woofers with 30mm 4-layer voice coils and long-throw motors, and you can choose between Fused Walnut and Satin Charcoal lacquer. The price is £599 (about $800 / AU$1,170) per pair.

Ruark R610 and speakers on a marble shelf in a minimalist room

(Image credit: Ruark)

An all-in-one streamer

The R610 Music Console is a first for the brand, an all-in-one music streamer with twin 75W Class D amplifiers and all the connectivity you could ask for: Spotify Connect, TIDAL Connect, AirPlay 2 and Google Cast; DAB/DAB+/FM and internet radio; hi-res audio support up to 32-bit/384kHz; HDMI with eARC; a moving magnet RIAA phono input; aptX HD over Bluetooth; and a TOSLINK optical digital input. A matching CD drive will be launched shortly.

The player is powered by a modern switch mode power supply that provides dedicated and optimized powerlines to the motherboard and amps. Audiophile-grade components are used throughout, including Burr-Brown DACs, and according to Ruark it "is controlled and dynamic – but most importantly, it delivers a delightfully natural sound that makes music all the more enjoyable." The Ruark Audio R610 has a recommended UK selling price of £1,200 (about $1,600 / AU$2,340) and once again is available in Fused Walnut or Satin Charcoal lacquer.

According to Ruark MD Alan O'Rourke, “Early in 1984, my father and I were laying the foundations of Ruark and launched our first Sabre loudspeakers to great acclaim in 1985. Forty years on, the revival of analogue formats and an ever expanding world of music streaming means it’s the right time for Ruark to return to its roots with the Sabre-R. What’s more, our new R610 Music Console allows music lovers to build an entire system that looks every bit as beautiful as it sounds.”

Ruark R610 and speakers close up on a wooden shelf in a minimalist room

(Image credit: Ruark)

We're inclined to agree with them about the looks, even if the sound will have to wait to be judged. We saw this in the flesh at the Munich High-End show, ahead of its official reveal, and it's a lovely thing (although the dull lighting of a trade-show floor perhaps doesn't do it any favors in the image at the top of the article). But with those stark, clean lines and especially in the two-tone wood of the darker finish, it's very retro-chic. And yes, you can choose to just buy the streamer/amp and pair it with some of the best stereo speakers, but… you'll want the combo package, won't you? Of course you will.

No release date was given, and we don't know yet if they'll be released outside the UK.

You might also like…



from TechRadar - All the latest technology news https://ift.tt/GZoBLAW

0 coment�rios:

Consumers order groceries online and receive an immediate confirmation. Shoppers see an ad for a shirt and order it with a few clicks. A mo...

How consumer behavior is driving the B2B payments industry

Consumers order groceries online and receive an immediate confirmation. Shoppers see an ad for a shirt and order it with a few clicks. A money transfer app can send to a friend via a mobile device, within seconds.

With instant access permeating every aspect of consumer life, people now expect the same rapid speed and smooth experience in business-to-business payment technologies. But the reality is that most B2B payments are slow, cumbersome, and unintuitive, highlighting the need for change. Surprisingly, while consumers operate in an instant reality, businesses are often burdened with mailing paper checks, waiting for slow ACH payments, and making costly international payments.

As businesses increasingly see consumer-to-business tech operating quickly and seamlessly at home and in stores, they are demanding that B2B tech provides the same simple experience.

“Fundamentally, payments are becoming more instant, frictionless, and embedded within customer journeys – hence invisible. PayTechs will continue to drive transformation,” Ernst & Young noted in a report. Now, there is a need in the market for the ability to do business payments as effortlessly as consumer ones.

First, just look at the latest trends in consumer payments.

After analyzing how consumer payment behavior changed during the pandemic, the Federal Reserve Bank of Atlanta said the adoption of electronic peer-to-peer payment apps such as PayPal, Venmo, and Zelle increased. “Consumers who worked exclusively from home during COVID made significantly higher shares of their payments online or through mobile devices and were less likely to use cash at all compared with those who worked at least partly in person,” the report said.

In 2023, the Federal Reserve Bank of San Francisco confirmed the continued change and released a report stating that the percentage use of cash in payments had declined from 31% in 2016 to 18% in 2022. Over that same period, the use of mobile payment apps increased from 10% to 13% of payments.

According to McKinsey’s 2023 Digital Payments Consumer Survey, in the three and a half years since the pandemic’s beginning and despite a return to in-person commerce, gains in digital payments have been sustained and, in some cases, accelerated even further.

But with business payments, organizations often use one or more methods such as ACH payments (in the United States), wire transfers, credit card processing, and paper checks. These can take anywhere from a few days to several weeks to process because the amounts are far higher than most C2B payments, many occur across international borders, and there are often approvals to get and security checks to pass.

That’s not all. Users of B2B payments face many additional challenges. For one, it is time-consuming to reconcile invoices and payments coming from many different sources over various time frames. The mismatch between the time small and medium-sized businesses receive payments and the time they need to pay can cause cash flow problems, making it challenging for businesses to pay their vendors, especially when one company prefers a wire transfer but the payer wants to use a credit card.

The challenge of international payments

Everything is even more challenging with international payments. A large, international wire transfer generally costs a lot more than processing a credit card at the local supermarket, and that causes international business payments to eat away at margins, in addition to being slow and cumbersome.

Indeed, the G20 has been implementing a roadmap to increase the speed of international payments. The top three priorities are to improve payment system interoperability and extension, legal and regulatory supervisory frameworks, and data exchange and messaging standards. The G20 wants 75% of cross-border payments to be credited to the beneficiary within an hour. Of course, such plans take a long time to come to fruition.

Closing the gap between business payments and consumer payments is a necessity. After all, small business owners behave as consumers and have similar expectations. Hence, the ongoing “consumerization of B2B payments” is a trend that has taken off, especially since the pandemic. B2B payments are becoming as seamless and fast as C2B ones.

The real value is in not just making payments more quickly. The real payment revolution is enabling a business to make a payment using any method it wants – and for the receiving business to get the payment any way it wants. The former could use its business credit card, and the latter could receive the payment directly in their bank account. Or anything else. For example, businesses could pay vendors in monthly installments while the vendor receives the payment immediately thus solving cash flow challenges.

Flexibility

It is the same flexibility that consumers have always had. When people pay for something in a store, the cashier will usually say, “Cash or card?” Just imagine that the business world is that simple. These are the things that people see every day in their lives as consumers, and the B2B payment industry is catching up.

In addition to flexibility, small businesses need simplified, intuitive payment gateways and workflows. Small business owners often spend more time on admin tasks than on driving the growth of their business so automating these tasks should be a priority to increase productivity and efficiency. Same as consumers, the usability bar for business owners is much higher than it used to be when it comes to the tools they leverage.

Now is the time for businesses to assess the innovation enabled by PayTechs. As Ernst & Young wrote in the referenced report: “There is a significant opportunity to transform payment offerings to deliver better customer experiences, simplify back-end infrastructure in order to keep up with the pace of change, and leverage PayTech innovations to benefit both business and consumers.”

We've listed the best merchant service.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



from TechRadar - All the latest technology news https://ift.tt/hqK5CHj

0 coment�rios:

As a former FBI Special Agent in the Los Angeles Cyber Crime Squad, I've seen my fair share of defective software updates. However, the...

Balancing internal innovation and third-party vendor risk

As a former FBI Special Agent in the Los Angeles Cyber Crime Squad, I've seen my fair share of defective software updates. However, the recent global tech outage caused by a faulty software update from CrowdStrike has truly captured the world's attention. The shock and awe of such a well-regarded cybersecurity vendor causing a major security incident has brought to light a previously overlooked area of third-party risk. 

Given CrowdStrike’s reputation and trusted position, many companies automatically allowed its software update package into their systems without fully considering the possibility of a defect. Consequently, no CISO expected the update to result in a global tech outage, causing systemic disruption across interconnected systems.

The aftermath of the CrowdStrike incident was particularly severe for banks, hospitals, retailers, and airlines.

Interestingly, some companies with outdated systems were reportedly unscathed by the flawed update, whereas others with best-in-class systems endured outages for a few days or longer. This is not a story of old technology versus new technology, as some articles have implied. Rather, it is a nerve-wracking tale arguing the need for a risk-based approach to minimize the possibility and impact of a defective software update.

Know Thy Vendor

CrowdStrike has come under criticism for its automatic update process and not staggering or staging the release to limit the potential for widescale disruption. However, the company is not alone in its approach: keen to protect customers against a newly discovered cyberthreat, many other security vendors also automatically provide real-time updates.

Although CrowdStrike’s update was defective, the incident nonetheless spotlights the importance of balancing innovation across the IT system landscape with more diligent third-party vendor management. CISOs are reminded to foster secure innovation by collaborating with their technology peers across the organization and forging strong partnerships with the company’s third-party vendors. The two priorities are not mutually exclusive; instead, they’re intertwined.

Collaborating with technology peers yields better ways to understand, minimize, and mitigate risks, ensuring the company can continue to innovate without increasing cyber risk for the business. Partnerships with critical third-party vendors provide greater assurance that vendors are prepared to respond at scale when the next unexpected outage occurs. Understanding which vendors are distributed across a large portion of the corporate infrastructure and production environments (especially those that receive regular updates) can optimize the processes of replacing software with new and improved versions.

Controlling the Unknown

CrowdStrike’s automatic real-time updates brought these processes into sharper focus. While immediate updates enable systems to rapidly identify and neutralize threats, they also carry the risk of triggering a full system outage and consequent business disruption. On the other hand, delaying updates by a day or two might mean missing the “latest and greatest” features immediately, but it allows time to identify and address the potential flaws first. The point here is that one is not better but that both updates serve specific needs and purposes.

To determine which update is best from a security standpoint, CISOs need to identify which systems require real-time updates and which can allow for delayed ones. External-facing high-risk systems might require near real-time updates that help identify and block zero-day attacks. Lower-risk systems placed deeper in the infrastructure with extra layers of security between them and external attacks can be configured for delayed software updates of 4, 8, or 24 hours, letting the updates bake in a bit before updating more critical systems.

A faulty update issued by a cybersecurity vendor, of all things, is also a potent reminder of the need to leave no stone unturned in third-party vendor management. All vendors should be required to submit to ongoing legal, business, and technology reviews and independent audits.

CISOs must require regular confirmation of their cybersecurity certifications and SOC 2 and ISO 27001 compliance and seek supporting evidence affirming they have patched a cited vulnerability or implemented a comprehensive update.

Another takeaway from the incident is the comparative value of decentralized network security management over the centralized model. The centralized approach is touted for offering more consistency in security protocols and threat detection, but the downside is that when the central server experiences a compromise, the technologies connected to it go down with the ship.

The decentralized approach, on the other hand, makes it more challenging for hackers to compromise an entire platform. By spreading data across many connection points, if one point is hacked or endures a defective update, the rest of the ship sails forward, increasing organizational resilience. Nevertheless, decentralization alone is not a panacea. InfoSec teams still need to prioritize mission-critical systems and software, which correspondingly guides the related risk assessment and remediation.

The high visibility of the CrowdStrike incident offers CISOs a valuable opportunity to learn from the misfortune of others, collaborate with peers across the technology leadership teams, and partner with enterprise vendors to be better prepared and responsive when facing similar events in the future.

We listed the best network monitoring tools.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



from TechRadar - All the latest technology news https://ift.tt/qZND3V9

0 coment�rios:

When you purchase a car, would you trust it if it hadn't gone through extensive crash safety testing? Of course not. The safety and rel...

Evaluating embedded vulnerabilities and cybersecurity risks in procurement

When you purchase a car, would you trust it if it hadn't gone through extensive crash safety testing? Of course not. The safety and reliability of the vehicle are paramount and knowing that it has been rigorously tested gives you peace of mind.

Similarly, would you take a new prescription drug that hadn't gone through rigorous FDA safety and effectiveness testing? Absolutely not! We rely on these safety measures to protect our health and well-being.

So why is it that so many enterprises buy software and hardware without thoroughly evaluating the cybersecurity risks associated with these products? In today’s world, where cyber threats are increasing in frequency and sophistication, this blind trust in software security is not just risky—it’s unacceptable.

Why Should Software Security Analysis Be Part of the Enterprise Purchasing and Procurement Process?

In the modern enterprise, software is the backbone of every enterprise. It powers business processes, connects companies with customers and partners, automates back-office tasks, and even builds market presence. Today’s world is built on software – 3rd party software, open-source software, in-house developed software, operating system software, applications, containers, and device firmware to name a few.

However, this reliance on software comes with hidden dangers. Many companies operate under the assumption that the software they purchase is inherently secure. Unfortunately, recent high-profile software supply chain breaches have very much proven otherwise. The reality is that every piece of software, no matter how reputable the source, poses risks.

Despite this, current software procurement processes rarely include quantifiable methods to evaluate the cybersecurity risk of the products being considered. According to NetRise software analyses, there can be up to a 300% difference in software risk levels between similar software asset classes from different vendors. This means that some products may be significantly more secure than others, even if they appear similar on the surface.

The recognition that cybersecurity should be a key consideration in purchasing decisions isn’t new. Since at least 2018, there has been growing awareness that purchasing departments should evaluate the cybersecurity of a vendor’s software alongside traditional factors such as quality and delivery performance. The question is no longer whether to include cybersecurity in procurement processes, but why now more than ever.

Why Now?

Supply chain security cyber-attacks are very much on the rise, consider these alarming statistics:

According to Capterra’s “2023 Software Supply Chain Survey,” 61% of companies were impacted by a software supply chain cyber-attack in the 12 months preceding the survey.

Software supply chain attacks have become a global challenge, growing dramatically in scope and frequency. Yet, proactive efforts to mitigate these risks are still rare—only 7% of respondents to Sonatype’s ninth annual State of the Software Supply Chain report have made efforts to review security risks in their supply chains.

Clearly, the enterprise purchasing and procurement process is where these evaluations should begin.

But Isn’t Security Already Part of the Enterprise Procurement Process?

One might assume that security is already baked into the enterprise procurement process. To some extent, this is true. Many organizations do include supply chain security measures as part of their procurement practices. However, these measures typically do not include direct testing or evaluation of the cybersecurity risks of the software products being considered.

So, what does the typical enterprise procurement process include? According to the Cybersecurity and Infrastructure Security Agency (CISA), standard practices often involve:

  • Vendor questionnaires and assessments 
  • Reviews of the vendor's security policies and practices 
  • Audits of third-party certifications (e.g., ISO 27001) 
  • Contractual security requirements 
  • Supplier performance management

These steps are important, but they rely heavily on self-reporting by vendors. While we entrust third-party organizations like the National Highway Traffic Safety Administration (NHTSA) and the Food and Drug Administration (FDA) to conduct independent safety tests for cars and drugs, we often rely on software vendors to self-report their cybersecurity status. This is a critical gap in the process, and it’s where the principle of “trust but verify” must come into play.

Trust, But Verify: Knowing the Exact Vulnerability and Risk State of the Software You Purchase

Enterprises should take a proactive approach by directly analyzing the business software they are considering for purchase as part of their procurement process.

However, many organizations don’t realize this is even possible. But it is possible. And it can be done in minutes! Some may struggle to believe it when they first encounter the idea. But it is possible, and it can be done efficiently and effectively.

This is where “trust but verify” comes in. Blind trust in software can lead to devastating consequences—from data breaches to operational disruptions. Comprehensive visibility into all software components and dependencies is not just advisable; it’s necessary. And this level of visibility can be seamlessly integrated into every enterprise purchasing and procurement process.

Steps to Incorporate Software Analysis in Procurement

To address these challenges, organizations must prioritize integrating software analysis into their procurement workflows. The findings from the NetRise study underscore the critical importance of having a detailed understanding of all software components and risks. Here are some basic steps companies should consider:

Generate Comprehensive SBOMs: Creating detailed Software Bills of Materials (SBOMs) is the foundation of effective supply chain security. SBOMs provide a clear inventory of all software components, including third-party libraries and dependencies. This inventory is essential for identifying and managing risks effectively. In a recent Netrise study, we generated detailed SBOMs for 100 tested networking equipment devices and saw that each device contains 1,267 software components on average.

Implement Automated Software Risk Analysis: Using detailed software risk analysis methods, companies can uncover a complete risk picture of each software or firmware package, ensuring a thorough risk assessment. In the NetRise study, We find that the average network equipment device has 1,120 known vulnerabilities in the underlying software components.

Prioritize and Compare Software Risks: Once comprehensive visibility is achieved, organizations should prioritize vulnerabilities based on factors beyond CVSS scores, such as weaponization and network accessibility. This approach ensures that the most critical threats are identified. Using this prioritized list of critical threats, teams can compare and contrast the risk state of different considered software products. For example, in the NetRise study, we find that there are only 20 weaponized vulnerabilities per networking device on average, and looking closer there are only 7 weaponized vulnerabilities that are also network accessible.

Responsible Vulnerability and Risk Disclosure: Once implemented into purchasing and procurement processes, companies should establish processes for the responsible disclosure of vulnerability and risk assessment information to the considered software vendors. This information should be considered confidential and not shared outside the organization.

By focusing on these steps, organizations can significantly enhance the cybersecurity of their supply chain security processes and software and/or hardware purchases.

Conclusion

In today’s rapidly evolving cyber threat landscape, it’s no longer enough to trust that the software you purchase is secure. The risks are too great, and the consequences of a breach are too severe. By incorporating software analysis into the procurement process, organizations can ensure that they are making informed, secure choices when acquiring new software and hardware.

Comprehensive software visibility, automated risk analysis, and responsible risk disclosure are not just best practices—they are essential steps for any organization looking to protect its digital assets. It’s time to move beyond trust alone. It’s time to verify. By adopting these practices, organizations can build a robust foundation for their cybersecurity efforts and safeguard their operations against the growing wave of software supply chain attacks.

Now is the time to act. Integrate software analysis into your procurement process today and take control of your software supply chain security.

We feature the best patch management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



from TechRadar - All the latest technology news https://ift.tt/uHodG6r

0 coment�rios: