Acer reveals Predator gaming routers and new Swift AI laptops

0
[ad_1]

Acer is unveiling a ton of new products at CES this year, and that includes a suite of new AI-powered laptops and a pair of gaming routers in its Predator lineup. For the laptops, Acer is announcing the Swift Go 16, the Swift Go 14, and the Swift X 14. As for the routers, there’s the Predator Connect X7 5G CPE, and the Predator Connect T7. Acer partnered with Qualcomm on both of these routers and both serve the needs of gamers. But each one of the routers is a little unique in what they offer too.

The Predator Connect X7 5G model mixes both Wi-Fi 7 and 5G connectivity for a better and more reliable connection. The tech inside uses Qualcomm’s ‘Immersive Home Platform‘ and Acer says the idea is that the router will minimize the disruption you might have with the connection. That way you get more reliable internet for gaming or any other connection-based activities.

The Predator Connect T7 does things a little differently. It still promises a fast and reliable connection for your home wireless network. But instead of mixing the Wi-Fi 7 and 5G, it’s a mesh router system that allows you to link access points together for better coverage. Acer says “wired-level latency is possible” with this mesh setup. So if wired-level latency is what you’re after, this could be a good way to get it without actually hardwiring your PC.

You can also control and manage both routers using the Predator Connect utility app.

Acer doesn’t mention the pricing or availability of the Predator gaming routers

Acer doesn’t mention pricing or availability on these yet. But does say exact pricing and availability will vary by region. These should be available for consumers in North America as most of Acer’s other Predator products are. But for now, there’s no word on cost or when they’ll hit shelves.

Acer’s new Swift laptops are powered by AI with Intel Ultra

Intel Ultra chips are becoming more and more entwined with the latest PCs, and Acer’s new Swift laptops are the latest recipients. Last year, Acer announced a range of new gaming laptops powered by Intel Ultra, and now it’s using the CPUs in one of its more mainstream lineups. The Swift Go 16, Swift Go 14, and Swift X 14 will all come with an Intel Ultra CPU but they’ll use different model chips and vary slightly with the GPU offering. Since these aren’t gaming laptops there’s nothing intense happening with the specs or features.

However, you will be able to get the Swift X 14 with up to an NVIDIA GeForce RTX 4070 GPU. So think of it like an under-the-radar gaming laptop that doesn’t look like a gaming laptop. It’ll also come with a Calman Verified 2.8K OLED display, and up to 32GB of RAM as well as 1TB of storage. The Swift X 14 is geared towards “creators and students” but it should also suit gamers just fine if they want something a little more on the down low.

The Swift Go 16 and 14 meanwhile will use Intels Arc GPUs for graphics processing, and they support up to 32GB of RAM as well as up to 2TB of storage. These definitely feel like they are designed more for students and general PC use, with battery life rated at 10.5 hours on the Swift Go 16 and 12.5 hours on the Swift Go 14.

Pricing and availability

Acer is using some quite nice displays on both models though. The 14-inch model will get a 2.8K display with a 90Hz refresh rate. Meanwhile, the 16-inch model is getting a 3.2K display with a 120Hz refresh rate. Both are also OLED panels. So expect really deep blacks and nice vibrant color contrasts. Both the Swift Go laptops will be available in March. Prices will start at $749.99 for the Swift Go 14 and $799.99 for the Swift Go 16. The Swift X 14 goes on sale in February. It will be a little more thanks to the NVIDIA GPU and other features though. Prices will start at $1,399.99.


[ad_2]
Source link

Acer’s Predator SpatialLabs View monitor adds 3D to your games

0
[ad_1]

Acer is expanding its SpatialLabs View tech to its Predator gaming monitor lineup, the company announced at CES today. This tech will add stereoscopic 3D to its Predator gaming monitors for what sounds like a pretty interesting experience. The ‘Predator SpatialLabs View 27’ will “let gamers dive deeper into the depths of 3D worlds” the company says. In more specific terms, the monitor will add stereoscopic 3D effects to your games.

In essence, the game will look just as it always does but with a new unique kind of view thanks to the 3D tech. Acer already offers this tech on other displays and it works with games already too. Called ‘SpatialLabs TrueGame,’ it takes existing depth information from games and applies proprietary shaders and drivers to create a 3D profile. Acer says there’s even a new 3D Ultra Mode that utilizes a second virtual camera to increase the depth and geometry that applies to every scene across the game.

The monitor features a 4K display in a 27-inch size with a 160Hz refresh rate. So it’s not just a gimmicky 3D monitor that adds no value to your gameplay. You can also switch off the 3D at any time if you want. The monitor is set to launch in the US in Q2 of this year, but it’ll be quite pricey at $1,999.

Acer is also adding this tech to a new Aspire laptop called the Aspire 3D 15. This comes with a Core i7-13620H CPU and an NVIDIA GeForce RTX 4050 GPU. In addition to up to 2TB of SSD storage and up to 32GB of RAM. Making it more than capable for casual gaming. Acer plans to launch the laptop in February starting at $1,399.

The Acer Predator SpatialLabs monitor uses a one-click system to launch games in 3D

Acer is trying to make this process as seamless as possible. And it doesn’t sound like it could get any easier. If you want to play games in 3D, you can use a patented one-click system to launch any game in its pre-configured 3D profile. Of course, the game will need to be supported. Luckily Acer already has a growing list of games that work with this tech. Including big titles like Dark Souls 3, ABZU, Days Gone, NierAutomata, Crash Bandicoot 4, and quite a few others. It also says it’s adding new games all the time. Specifically, it says titles will be added every month although it doesn’t mention how many.

Acer has more gaming monitors lined up, including a massive 57-inch model

If stereoscopic 3D isn’t your thing, or if you just want something larger than 27 inches, well Acer has you covered. It has four more Predator monitors that it’s announcing at CES. The Predator Z57 is its flagship monitor this year. It’s a massive 57-inch Dual UHD display with a lot of features to make any gamer salivate. Aside from the size, it also has a 120Hz refresh rate, a 1000R curvature, a VESA DisplayHDR 1000 certification, and two HDMI 2.1 ports so you can plug in both your PlayStation 5 and Xbox Series X. Acer says this will launch in North America in Q2 starting at $2,499.

There’s also the Predator X34 V3, Predator X34 X, and the Predator X39. All three of these will also launch in North America in Q2 with prices starting at $899, $1,299, and $1,499 respectively. Both the X34 X and the X39 use OLED panels and have the same resolution of 3440 x 1440 with a 240Hz refresh rate. The X34 V3 meanwhile is a Mini-LED panel with a 180Hz refresh rate. It also has the same resolution as the other two monitors. Unfortunately, it looks like only the Z57 supports HDMI 2.1. But if that doesn’t bother you or you only plan to use them for PC, they’re stacked up with great gaming features.


[ad_2]
Source link

How AI hallucinations are making bug hunting harder

0
[ad_1]

Bug bounty programs that pay people for finding bugs are a very useful tool for improving the security of software. But with the availability of artificial intelligence (AI) as seen in the popular large language models (LLMs) like ChatGPT, Bard, and others it looks like there is a new problem on the horizon.

Bounty hunters are using LLMs not only to translate or proofread their reports, but also to find bugs.

Daniel “Haxx” Stenberg of cURL explains in a blogpost why he sees this as a possible problem. CURL is a computer software project providing a library and command-line tool for transferring data using various network protocols. The name stands for Client for URL. Daniel is the original author and currently the lead developer.

He argues that, for some reason, bug bounty programs also attract fortune seekers that are looking for a quick buck without putting in the necessary work. According to Stenberg, developers could easily filter out these fortune seekers before they had access to LLMs.

The source of the problem lies in the bad habit of some LLMs to “hallucinate.” LLM hallucinations is the name for the events in which LLMs produce output that is coherent and grammatically correct but factually incorrect or nonsensical.

This is a problem for developers because they can often discard nonsensical reports from humans only after a short examination. But reports generated by AI look coherent, so they waste a lot more time.

In the mystery of the CVE’s that are not vulnerabilities we saw how the automated submission of bugs had raised issues before that wasted a lot of developer time. Time the developer would like to use to fix real bugs or work on new features. As Daniel put it:

“A security report can take away a developer from fixing a really annoying bug. because a security issue is always more important than other bugs. If the report turned out to be crap, we did not improve security and we missed out time on fixing bugs or developing a new feature. Not to mention how it drains you on energy having to deal with rubbish.”

This is especially annoying when the person that submitted the bug is unable to respond to additional queries in a way that clarifies the issue. Which is often the case since that person has no idea why the LLM flagged the submission as a bug in the first place.

In several areas people are working on tools that can recognize content created by AI, but these are not a full solution to this particular problem. Bug bounty hunters also use LLMs to translate their submissions from their native language to English. Which is often very helpful. But if a recognition tool were to discard all those submissions, they might end up ignoring a serious security vulnerability just because the bounty hunter wanted to submit a report in perfect English.

In the future, AI will undoubtedly proove to be useful in finding software bugs, but we expect these tools will be deployed by the developers themselves before the software goes live.


Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

LastPass starts enforcing 12-character master password for all users

0
[ad_1]

LastPass has started enforcing a 12-character minimum master password. The company is also carrying out additional measures to bolster its security against emerging threats. Previously, users could choose a weaker password despite the recommendation for a longer one. The new policy will hopefully put an end to the security breach woes that the password manager application suffered in 2022. To make matters worse, Cybersecurity experts claimed that the security lapses led to a wave of crypto thefts.

LastPass now requires mandatory 12-character master password

LastPass in a blog post revealed that since April 2023, all new users and existing users who took steps to reset their master password were required to follow the 12-character limit. However, this change did not affect legacy customers who continued using a shorter and weaker master password. For the uninitiated, the master password is the one that secures the LastPass account. All stored credentials likely get exposed if the account gets hacked. Still, the company claimed that as long as customers followed ‘best practices’ irrespective of the password strength, their data would remain secure.

Now, all master passwords on LastPass must be 12 characters or more which will remain the default setting. The master password must include uppercase, lowercase, numeric, and special characters, as is generally required for passwords nowadays.

New master password requirement is now rolling out

LastPass says that the new master password policy is rolling out in a phased manner. Free, Premium, and Family accounts are being notified first via email starting January 8. Business and Teams customers will have to comply towards the end of January 2024. Users with a 12-character login don’t need to make any changes and are good to go. Everybody else will have to create a longer master password. User accounts that don’t comply with the new policy will be logged out and asked to set a new password.

LastPass will also cross-check passwords on Dark Web

In addition to the updated longer password, starting next month, LastPass will begin checking new or reset master passwords against a database of known breached credentials on the dark web. If the chosen credential has already been exposed, the password manager will issue a security warning pop-up alerting the user to select another code.


[ad_2]
Source link

Police investigate sexual assault on an avatar

0
[ad_1]

British police are investigating a case involving a virtual sexual assault of a girl’s avatar. Even though there was no physical violence involved the incident will be investigated as it has caused psychological trauma.

By definition, an avatar is a virtual representation of a user and is driven by the user’s movements in the virtual world. In Virtual Reality (VR) an avatar is placed, behaves, and moves like a physical body.

In the investigation, a girl under the age of 16 was playing a VR game when the avatars of online strangers gang raped her avatar. The VR experience is designed to be completely immersive. For example, we’ve all seen those “funny” movies where people wreck their television set because they loose contact with reality because what they see through their VR headset is so believable. So, it’s not very hard to imagine how much of an impact the incident had on the girl.

The BBC reports that the incident left her very distraught. According to an unnamed senior officer familiar with the matter, the victim suffered psychological trauma “similar to that of someone who has been physically raped”.

Whether it is possible to punish the attackers remains to be seen. As we all know, laws always trail behind when it comes to new technological developments. For an actual assault or rape case there needs to have been physical contact.

The incident should at least be considered as a good reason to:

  • Start thinking about legislation that can deal with these sort of incidents.
  • Create platforms that can provide a safe environment, especially for children.

It is possible to utilize existing laws, for example against the creation of synthetic child abuse images, which could be used as the basis of prosecutions in virtual world cases, but specialized laws would make court proceedings a lot easier.

According to the Daily Mail Online, police leaders are now calling for legislation to tackle a wave of sexual offending online, saying officers’ tactics must evolve to stop perverts using new technology to exploit children.

Details about the specific platform have not been released. But it’s certain that the new technology has led to new variations of existing types of crime like the theft of rare game artifacts, fraud, and sexual offenses. Unfortunately, some people feel they can behave like savages when they are hiding behind their virtual identity.

Billions of dollars are invested in developing the metaverse, an umbrella term for virtual worlds, and to attract new VR users. We hope to see some of those dollars invested in safety precautions, which will keep the experience safe for everyone.

For parents looking for guidance on how to keep their children safe on the internet, we recommend reading Internet Safety Tips for Kids, Teens and Parents.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Galaxy S24 Ultra appears in real-life photos, front & back

0
[ad_1]

The Samsung Galaxy S24 Ultra surfaced plenty of times thus far. Its design is hardly a secret at this point, but the latest leak gave us the best look at the phone yet. The Galaxy S24 Ultra real-life photos have surfaced.

The Samsung Galaxy S24 Ultra has appeared in two real-life photos

If you check out the two photos below, you’ll see the phone in the flesh. The phone’s front and back sides are visible here, and this is obviously the Galaxy S24 Ultra, not the Galaxy S23 Ultra.

It’s easy to tell the difference between the two, as the new model has a flat display. You’ll also notice very thin bezels around that panel. The phone still has rather sharp corners, and the overall design language is the same.

A centered display camera hole is still here, as is the recognizable camera setup on the back. Each of the cameras is its own camera island, kind of. The phone’s backplate still has a matte finish, which is something many people will appreciate.

This seems to be the Titanium Gray colorway

The color variant that surfaced here seems to be grayish, with a warm tint on it. That could be due to the lighting when this image was taken, however. We believe that this is the Titanium Gray colorway that is rumored.

You will also notice that the phone’s power/lock and volume rocker buttons are placed on the right-hand side. Unfortunately, we don’t get to see the bottom of the device, but that’s where the S Pen will be accessible from.

Samsung recently confirmed that the next Galaxy Unpacked event will take place on January 17. During that event, the company will announce the Galaxy S24 series. In other words, the Galaxy S24, Galaxy S24+, and Galaxy S24 Ultra are coming. The press event will be held in San Jose, California, and yes, this will be a global launch for the Galaxy S24 series.


[ad_2]
Source link

Watch Xiaomi’s first EV park itself in multi-level garage

0
[ad_1]

Xiaomi announced its first electric car, the Xiaomi SU7, not long ago. That car comes in two models, and an interesting video just popped up. That video shows Xiaomi’s first EV park itself in a multi-level garage.

This is Xiaomi’s official video, it seems, and it was reuploaded by TechDroider to YouTube. The video itself is embedded below the article, in case you’d like to watch it, and it has a duration of around a minute.

You can now watch Xiaomi’s first EV park itself in a multi-level garage

In this video, you’ll see that the driver activates the self-driving mode upon the entrance to a multi-level garage in China. The car drives on its own to the desired parking level, and it even moves out of the way for the upcoming car.

When it reaches the level it wants, a parking spot is identified, and the Xiaomi SU7 finishes the job. This was a rather smooth job by the Xiaomi SU7, but that is to be expected considering this is an official video.

Xiaomi has promised that the Xiaomi SU7 is coming to its homeland this year. There is still no word on the global launch, and it’s possible that it will remain exclusive to China. We’ll have to wait and see.

The Xiaomi SU7 comes in two distinct models

The Xiaomi SU7 and Xiaomi SU7 Max do look the same, however, they’re different under the hood. The other EV, the Xiaomi SU7 Max, is not only more powerful, but it has a number of added perks.

The car itself does look quite sporty, and we can see influences from various other brands here. Xiaomi also announced a number of color options, but we still don’t know the price tags for either model.

This car comes as a result of a partnership with state-owned Beijing Automotive, and it has been a long time coming. Xiaomi is already working on new engines for new EVs, so this is definitely not a one-time thing for Xiaomi. You can expect to see more EVs from the company moving forward.


[ad_2]
Source link

Explained: SMTP smuggling | Malwarebytes

0
[ad_1]

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable.

Let’s take a closer look at what it is exactly, and how cybercriminals can use it.

The first thing we need to look at is the Simple Mail Transfer Protocol (SMTP), a protocol that allows the exchange of emails. Mail servers and other message transfer agents use SMTP to send and receive mail messages.

SMTP is very much a protocol that has developed over time since it became the standard for always-online servers in the 1980s.

Basically, an email is written using software like Microsoft Outlook or Apple Mail and is then handed over to an SMTP server. The server looks up the appropriate mail server for the domain in the recipient’s address—the part on the right side of the @ symbol, and sends the mail to that server.

It sometimes takes a few steps, but if all goes well the email will be received by the SMTP server that handles the mail for the recipient. This server may deliver the messages directly to storage, or forward it over a network using SMTP before it reaches the recipient.

Simplified, the process looks like this:

Since SMTP lacks authentication it used to be extremely easy to spoof a sender address. Several safeguards emerged to stop this:

  • SPF (Sender Policy Framework): This uses DNS records to indicate to receiving mail servers which IP addresses are authorized to send mail for a given domain. So this still leaves the work to the receiving server.
  • DKIM (Domain Key Identified Mail): This method signs outgoing emails using a private key. Receiving servers validate the sender using the sending server’s public key,.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC verifies if the email’s “From” domain aligns with SPF checks and/or DKIM signatures. Thus, the DMARC check fails if there is a mismatch between the MAIL FROM and the From domain where otherwise the SPF check would pass. Unfortunately DMARC is not very widely used.

SMTP smuggling

SMTP smuggling takes advantage of inconsistencies in the way that proxy servers and firewalls handle SMTP traffic.

Traditionally, the end of data in an SMTP conversation is indicated by a sequence <CR><LF>.<CR><LF> (CR LF stands for Carriage Return and Line Feed, which are standard text delimiters) which can also be written as \r\n.\r\n.

Researchers published about two types of SMTP smuggling, inbound and outbound. They started working from the question, what happens if outbound and inbound SMTP servers interpret the end-of-data sequence (<CR><LF>.<CR><LF>) differently?

If you can tell one server the email ends here and the other one that the full packet ends later, you can create a compartment in which you can smuggle more data.

So, the researchers started testing by putting a <LF>.<LF>  sequence in the middle of sent packages. And they found that outbound SMTP servers have different methods of dealing with it, including:

  • Dot-stuffing (Escaping the single dot with another dot):  <LF>..<LF> 
  • Replacing it with a <CR><LF> 
  • Encoding it (e.g., via quoted-printable): =0A.=0A 
  • Removing the entire sequence 
  • Not sending the message 
  • Or do nothing at all

By testing, which included sending specially constructed messages from and to different email providers, the researchers were able to find combinations that allowed them to send two email messages in one package. The sequence <LF>.<CR><LF> turned out to be effective on a custom SMTP server called NemesisSMTPd which is in use by email services provided by Ionos (e.g. GMX) which accounts for about a million hosted domains.

Second message sent smuggled along with the main message. Different sender, different receiver.
Image courtesy of SEC Consult

Some vendors (Microsoft and GMX) were quick to fix the vulnerabilities that facilitated SMTP smuggling, but the researchers urge companies using the also affected Cisco Secure Email product to manually update their vulnerable default configuration. The Cisco flaw affects more than 40,000 vulnerable instances and allows an attacker to send spoofed emails to high-value targets, such as Amazon, PayPal, eBay, and the IRS.

The recommendation by the researchers tells organizations using Cisco Secure Email Gateway (on premises) or Cisco Secure Email Cloud Gateway (cloud) to change the default settings of “CR and LF Handling” from “Clean” to “Allow,” citing Cisco guidelines to help administrators understand the change that should be made.

That may sound counterproductive, but this setting passes e-mails with bare carriage returns or line feeds on to the actual e-mail server (Cisco Secure Email Gateway is just a gateway), which only interprets <CR><LF>.<CR><LF> as end-of-data sequence. So, if you don’t want to receive spoofed e-mails with valid DMARC checks, we highly recommend changing your configuration.


Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

First global Xiaomi smartphones start getting HyperOS

0
[ad_1]

First global Xiaomi smartphones are starting to get the HyperOS update. First in line seems to be the Xiaomi 13T Pro, as the update has started popping up for consumers in Europe. Do note that the Xiaomi 13 Pro units in India and Greece also seem to be getting the update, but we’ll focus on the one that is arriving to more countries already (the Xiaomi 13T Pro).

The very first Xiaomi smartphones are starting to get HyperOS update

Last month, the company promised that the update is coming to at least 8 devices in Q1 2024. The Xiaomi 13T Pro is the first line, and the software version we’re looking at here is 1.0.3.0.EMLEUXM. Before you update, please make sure to have at least 6GB of free storage on the device.

This update does deliver the December 2023 security patch, in addition to all the changes HyperOS has to offer. The phone will notify you that the update is available, but you can also check manually via the settings.

So, what’s new? Well, the changelog has been shared by Mishaal Rahman, and there are plenty of changes to find there. Not everything is listed, of course, but the main changes are noted there.

There are plenty of changes coming, some of them are listed in the official changelog

Optimized performance is noticed, along with dynamic thread priority adjustment and dynamic task cycle evaluation. That should ensure optimal performance and power efficiency.

The storage refresh technology is also mentioned. That should help with network selection and connection quality. Some design changes are mentioned, as well as “new animation language”. Xiaomi also says that “natural colors bring vibrancy and vitality to every corner of your device”.

There is also a new system font in action, and a redesigned Weather app too. Some notification changes have also been made, and some of those you may not like, as the app icons in the status bar are now limited.

Lock screen has some additional options now, and multitasking is now “even more straightforward and convenient with an upgraded multi-window interface.”.


[ad_2]
Source link

ChromeOS 120 update brings ‘Self Share’, Virtual Desk Button & more

0
[ad_1]

Google has rolled out the ChromeOS 120 update for compatible Chromebooks. The update has arrived with a slew of important features, which will offer enhanced multitasking and customizability. Essentially, the new ChromeOS version is bringing Nearby Share “Self Share”, a Virtual Desk Button, customizations for navigation, and more features.

The new handy features will provide Chromebook users with a more seamless experience. The update has arrived a little over a month after the rollout of the ChromeOS 119 firmware.

The new “Self Share” feature offers seamless file transfers between devices

One of the biggest highlights of the ChromeOS 120 update is the new Nearby Share “Self Share” feature. Thanks to this functionality, users can automatically transfer files between all of their devices logged into the same Google Account. Notably, the transfers will happen automatically without the need to accept the request, even when the Chromebook’s screen is off.

There are additional upgrades inside the “App details” section. Users can go to the “App details” page of apps and check whether it’s a Chrome, Android, or PWA app. Notably, the new section will now also show details like from where this app has been installed, apart from the storage used.

The ChromeOS 120 update adds a new Virtual Desk Button to the Chromebook’s Shelf

The ChromeOS 120 update has made it easier to switch between “Desks” to offer a more seamless productivity experience. The update adds a new Virtual Desk Button to the Chromebook’s Shelf, which shows to the left of the pinned app. Tapping the button shows the name of the current “Desks” group. This makes it easier to change between “Desks” by hitting the left or right arrows that show up upon hovering.

ChromeOS 120 Multi Tabs

Chromebook users can also get a miniature overview of all their groups with the new Virtual Desk Button. Apart from the miniature overview of groupings, there’s also an easier way to create new ones.

The latest update for Chromebooks also brings dedicated “Mouse” settings, which were previously grouped with the Touchpad settings. Using the dedicated settings tab, the users can customize the Cursor and Scrolling speed, apart from the scroll acceleration toggle. The Touchpad settings tab now allows customization of key combinations.

Furthermore, the ChromeOS 120 update allows resizing picture-in-picture (PiP) windows using touchscreen pinching. As expected, the latest Chromebook firmware is being released in a phased manner. So it could take a few days or a couple of weeks to reach all the compatible devices.


[ad_2]
Source link