That's right, some of the best ear buds on the market right how are heavily discounted, but these Beats UK deals won't last forever. If you've been on the fence about Apple's infamous brand tax, this is the best time to avoid it and get some solid personal audio equipment. Starting from as little as 39.96 for Beats Solo Buds to 134.99 for Beats Fit Pro there's something for everyone including the mid-range star Beats Studio Buds down to 71.96. Apple forogt about Dre, don't do the same. Here's a breakdown of todays UK Deals:Beats Ear Buds Range In Todays UK Deals As of Dec. 4, you can save up to 49% on select Beats earbuds and wireless earphones at Amazon, including discounts on Studio Buds, Powerbeats Pro, and more. Beats Studio BudsBeats Solo BudsBeats Fit ProBeats Studio Buds +Beats Powerbeats Pro Beats Studio BudsBeats Studio Buds deliver powerful, balanced sound with Active Noise Cancelling (ANC) and Transparency modes. They're great for workouts and commutes, and their IPX4 rating for sweat and water resistance means they're great for workouts and commutes. They offer up to 8 hours of listening time (24 hours with the charging case). Don't forget to apply the 12.53 voucher for the full discount. Beats Studio BudsOn-Site 12.53 Voucher AvailableBeats Solo BudsThese compact, Bluetooth-enabled earbuds pack a punch with 18 hours of battery life and noise isolation. They're ideal for everyday use and come with customizable ear tips for a comfortable fit. Apply the 9.04 voucher at checkout to decrease the price to 39.96.Beats Solo BudsOn-Site 9.04 Voucher AvailableBeats Fit ProThe Beats Fit Pro earbuds are designed for all-day wear and feature secure-fit wing tips and ANC. Spatial Audio and dynamic head tracking are perfect for music, movies, and gaming. These sweat-resistant earbuds also come with the Apple H1 chip for seamless pairing with iOS devices.Beats Fit ProBeats Studio Buds +The Beats Studio Buds + is an upgraded version, offering even better call quality with voice-targeting mics and extended battery life (36 hours total). These earbuds are sweat-resistant and equipped with ANC, which are great for fitness enthusiasts and audiophiles alike.Beats Studio Buds +Beats Powerbeats ProThe Powerbeats Pro is built for performance with up to 9 hours of listening per charge and sweat resistance for tough workouts. Adjustable ear hooks ensure a secure fit, while the Apple H1 chip and Class 1 Bluetooth provide excellent connectivity. Use the 23.04 voucher to maximize your savings.Beats Powerbeats ProOn-Site 23.04 Voucher AvailableChristian Wait is a contributing freelancer for IGN covering everything collectable and deals. Christian has over 7 years of experience in the Gaming and Tech industry with bylines at Mashable and Pocket-Tactics. Christian also makes hand-painted collectibles for Saber Miniatures. Christian is also the author of "Pokemon Ultimate Unofficial Gaming Guide by GamesWarrior". Find Christian on X @ChrisReggieWait.

This article appears in the new issue ofhere.If the past year has proven anything, its that folks in the film industry can grow accustomed to waiting on tenterhooks. After all, 2024 has been a good news/bad news situation for studios and theater owners who spent 12 months recovering from last years production delays and the pressures they placed on the release schedule.Yet while much of Hollywood can cautiously breathe a sigh of relief after the past summer slump shrank by August, much of the horror genre has proven far more resilient in its own spooky corner. There are still doom-and-gloom prophecies stirred in the trades every few months about audience fatigue every time a new release stumbles, but as seen in the back half of this year, such proclamations are shortly followed by breakout indie sensations or durable studio franchise hits in the genre.That might also be why Jason Blum, the founder and CEO of Blumhouse Productions and perhaps the most influential horror producer in this century, only smiles when we ask him to give us a state of the union for his genre of choice.Speaking as horrors commander-in-chief, Blum says with a smirk, I have to say the media landscape is generally quite bleak, but horror is a very bright spot in that rather bleak landscape. People seem to love going to horror movies in groups. As we know, the box officeis down a little bit this year, and its not totally recovered since COVID, but horror seems to really work in movie theaters. So Im very glad to say that horror is alive and well.When we catch up with Blum inside the Den of Geek studio, spooky season is still in bloom,and not one but two horror movies have opened at number one at the box office in back-to-back weeks. The producer notes that this turn of eventsincluding how the unrated indie of the pair, Terrifier 3, unseated Joker: Folie Deux in its first weekenddefies conventional industry wisdom. But he considers audiences embracing the purely monstrous thrills of Art the Clownor a smile demon as a harbinger of good, wicked things to come.It looks like there is a real appetite out there for horror, and it seems like at the momentwhat fans are really looking for is old-fashioned horror, Blum considers. They dont want deviations; they want old-fashioned, tough, gritty, scary, gory horror.This makes it fortuitous that the next Blumhouse title, which will arrive in cinemas in January, will be a gory and gritty throwback to the most old-fashioned of movie monsters: the Wolf Man. Blum seems to have the magic touch that Universal Pictures has been searching for with regard to their Universal Monsters legacy. To date, 2020s The Invisible Man remains the only reinvention of one of those characters to have really popped with critics and moviegoers in the last 25 years. Still, when we chat, Blum notes that its not a Blumhouse mission to remake every Universal Monster property.I dont really know what we would do with it; its kind of a case-by-case basis, Blum says. He even reveals that he took a hard look at doing a modern riff on Bride of Frankenstein but that he could never find a way into the material that fits with Blumhouses M.O. It was always sort of funny or always sort of campy, and I could never get a path to making it like a straight horror movie, and so we didnt tackle it.However, Wolf Man proved more fruitful, particularly since it is a title that ended up being written and directed by Blumhouse stalwart Leigh Whannell, the mind behind the most recent Invisible Man.Its a project Ive been passionate about for a very long time, since before we did Invisible Man with Leigh, Blum explains. I always thought if The Invisible Man worked, Id love to try and tackle The Wolf Man and try to do with the Wolf Man what Leigh did with the Invisible Man. And I would describe that as taking the monster and [not] making it a four-quadrant movie for everybody, but returning to its roots, which is a straight horror movie.At this point, Blum is aware that he has developed a familiar stable of connections with respected filmmakers in the genre. Whannell and the producer have a history going back to the first Insidious, which Whannell wrote and starred in. But like Christopher Landon, who directed horror-comedies Happy Death Day and Freaky at Blumhouse, Blum has seen that quirky and sometimes comedic voice develop into something more complex in later works.I think there are certain filmmakers, like Chris and Leigh, who can bring levity to a horror movie, which makes the movie scarier because the audience kind of relaxes for a minute and starts to laugh. And when theyre relaxed, theyre easier to scare. With that said, Blum and Landons next collaboration, Aprils Drop, is deadly serious. The producer describes the movie as a taut and super-intense 92-minute techno-thriller wherein a single mother on a blind date (Meghann Fahy) discovers an anonymous stranger is AirDropping threats to her child and family over the phone.I wrote a movie a long time ago called Disturbia, Landon says in a separate interview, which is very much a Hitchcockian thriller. This is a return to something that Ive always loved, [and] a break from the horror-comedy world. A movie that Landon describes as perfect for our current Twitter momentWe will not call it X, no one calls it X! he quipsDrop is a shot of original horror adrenaline.However, Blumhouse is also keeping one foot in returning to titles that audiences already love, including follow-ups to genre breakouts such as M3GAN and The Black Phone. I think the most important factor to creating a successful sequel is to have the people responsible for the original movie back, Blum muses. Hollywood doesnt do that a lot, but on almost all the sequels weve donenot all, but almost all the sequels weve donewe have the original people back. Theres a tone and a magic dust in a movie that connects with the culture.In the case of M3GAN 2.0, that means director Gerard Johnstone, writer Akela Cooper, and stars Allison Williams and Violet McGrawand, of course, M3GAN herself (voiced by Jenna Davis).It extends on that theme, Blum says of the first films focus on parenting in a world filled with 21st-century technology. I dont think were tackling new social issues, but were getting deeper into who M3GAN is, what makes her tick, and how lethal she can actually be. Blum is coy as to whether hes seen any dailies of sequences as TikTok-friendly as the first films dance and singing beats, but he certainly hopes to tap back into that vein since M3GAN is a personal favorite in the Blum household.Little M3GAN is very lovable, and my daughters going to be M3GAN for Halloween this year, he says. Thats the first time shes ever worn a Blumhouse costume, so clearly the movie affected the culture.Read more The first Black Phone obviously also had a major impact, which Blum largely credits to director Scott Derrickson, who has been instrumental in reinventing it for a sequel. Remember, the first films villain (Ethan Hawke as the ghastly Grabber) is no longer on this mortal coil.Scott Derrickson doesnt come back to do a sequel unless theres a real reason for it to be told besides were trying to take everybodys money again, says Blum.And while he is taciturn about what that exact reason is, he says they found a way to continue marrying the first films blend of supernatural terror with something decidedly more realistic. It definitely explores new themes, but I think in terms of the supernatural, its similar to the first movie.There is also, of course, one more sequel in 2025and a follow-up to Blumhouses biggest opening weekend to dateFive Nights at Freddys 2. While that December 2025 release still hasnt gone before cameras, Blum seems particularly confident in what he and Scott Cawthon, the creator of the Five Nights at Freddys video game franchise, have come up with.We worked very hard on the script for this movie, Blum says. We didnt have as many drafts of the script of Five Nights at Freddys 2 as we did on [the first movie]. On that, we had about 14 different versions; on this, we had about four or five different versions. Blum credits Cawthon as being one of the most intuitive collaborators he has ever seen pick up the tricks of moviemaking. Blum also notes that the blending of the Five Nights brand between cinema and gaming is reflective of horrors current moment.I think people will continue to find horror in movies and on television; people are finding horror in short form; people are finding horror on YouTube; and obviously horror games have been popular for a long, long time, Blum posits. And I dont want to expand the company by doing other kinds of movies or other kinds of TV shows. I want to expand by scaring people in different ways. I want to scare people in games, in live events, and in movies and TV shows. In any wayI possibly can. If he achieves that, the state of the union will stay quite strong.Additional reporting by Aaron Sagers.

Vermont has attracted the strong, silent type for centuries. The New England ski capital is known for maples, mountains, and minding your own business, and its historic houses follow suitsturdy barns and Greek Revivals dot the hilly landscape, interwoven with trails, lakes, and valleys that add to the states charm. With all the natural splendor and architectural heritage Vermont has to offer, building a new house there is an intimidating proposition. One New York City couple was undaunted by the challenge after hiring Sheila Bridges to decorate the interior.Frank FrancesIn the great room of a Vermont house with architecture by TruexCullins and interiors by Sheila Bridges, vintage chairs in a Schumacher ikat surround a games table from John Rosselli & Associates. The wallpaper is by Morris & Co., and the Roman shade is of a Castel Maison fabric.It was the New York Citybased ELLE DECOR Titan designers skill with layering and texture that made her the best choice to bring warmth and character to an 8,000-square-foot house built by the Burlington, Vermontbased architecture firm TruexCullins in 2023. I fell in love with Sheilas work after seeing it in ELLE DECOR, the wife says. Her use of pattern and color is very appealing.Frank FrancesIn the barn, two Nickey Kehoe sofas in a Rogers & Goffigon fabric flank an ottoman in a Schumacher ikat. The armchairs are by Madeline Stuart, the chandelier is by Ralph Lauren for Circa Lighting, and the curtains are by the Shade Store.After the husband had floatedand subsequently kiboshedbuying a ranch in Montana, the couple scouted rugged central Vermont in one whirlwind weekend, visiting 10 properties in two days. They chose an unspoiled 240-acre plot with unobstructed views in every direction, a stunning, romantic piece of earth. But, as one might expect, it was not without some issues. There was no road into the house site. We had to park at the edge of the road and hike up, the wife says. But the minute you clear the bend, the whole world opens up before you. My husband was completely enraptured. Tour a Sheila BridgesDesigned Vermont GemThe Greek Revival house follows the form of traditional 19th-century New England connected farms. A central, rectangular structure houses the husbands library, an office, and a parlor for the wife, with four bedrooms above. Initially intended as an occasional landing for ski trips, the house has now become a regular retreat, with friends and adult children populating the bedrooms. There is a double-height, barnlike space (the only room with undecorated walls) used for larger gatherings, and to the right is the great room and kitchen, where the family spends most of their time, with the primary suite above it. Frank FrancesThe kitchen cabinets and island are painted in Farrow & Balls Calke Green. The oak barstools are by Sawkille Co., the fittings by Waterworks, the pendants by the Urban Electric Company, and the range and hood by BlueStar.Bridgess design concept began with an unexpected source of inspiration. It started with the Vermont license plate, she says. Its distinct leafy-green hue, reflected in the Morris & Co. Blackthorn Autumn wallpaper, covers the kitchen cabinets and extends into the great room. Im always inspired by nature, says Bridges, who keeps horses and homes in the Hudson Valley and in Iceland. I visited Vermont a lot throughout my childhood. When you think of the state, you think of the foliage, so it follows that this home is very rich and reflective of nature.In 30 years, I have tried not to use the same pattern or textile twice. Sheila Bridges A flora and fauna theme permeates every room of the house, with barn swallows flying on the walls of one downstairs powder room and vines and butterflies adorning another. Even the custom Roman shades in the great room were designed with animal motifs at their center. Upstairs are two more cheeky prints, with prancing deer on the walls of one bedroom while skiers zoom down slopes in another. I start every job fresh, Bridges says. In 30 years, I have tried not to use the same pattern or textile twice. Bridges goes beyond bespoke.The depictions of winter sports and forest fauna disappear in the wifes parlor, where the focus shifts to trees and foliage with two botanical prints mounted on an earthy chinoiserie grass-cloth toile by Scalamandr. In the pattern-light, green primary suite with the best views in the house, peace is the premise. Though this was a new build, I still wanted it to feel like it had a sense of history that isnt just about humans, Bridges says. History is also rooted in nature. After all, this was all forest at one point.This story originally appeared in the Winter 2025 issue of ELLE DECOR. SUBSCRIBE

Interior design trends span a dizzyingly wide range of areas in your home, from the expansive (think whole-home ideas like layout of rooms and what your home's exterior looks like) to the minute (details like door knobs and electrical socket covers). Kitchens are no different: Trends dictate what cabinet colors and island shapes are currently making wavesbut what about the hardware? Often called the jewelry of the kitchen by industry professionals, hardware is your kitchen's finishing touch. To give us the scoop on the hottest kitchen hardware trends for 2025, we asked designers and hardware experts to give us their predictions. They answered with a list that included a new take on black hardware, earring-like knobs, and oversized handles. Better yet, you don't need to cook regularly to enjoy these trends. Swapping out your kitchen hardware is one of the easiest and most cost-effective ways to upgrade your kitchen. It also happens to be rental-friendly. To spark your inspiration for a New Year's home refresh, read on for the top eight kitchen hardware trends on the rise for 2025.Discover more 2025 trends:

A wide-ranging interview with Apple CEO Tim Cook reveals him (kind of) denying OpenAI rumors; addressing the potential conflict between the power requirements of AI and Apples environmental goals; the journey toward Apple Glasses; and how Apples greatest legacy may be saving lives.Cook kicks off by denying that Apple was late to AI, pointing out that the company first built a neural engine into its products back in 2017 Apple wasnt late to AI, not considered charging for itCook spoke with Wireds Steven Levy.Back in 2017 we built a neural engine into our products. It was already apparent that AI and machine learning were huge. It became obvious that we had to divert lots of people to it, that it would be a new era for our products.Theres been talk of Apple potentially charging for some Apple Intelligence features in future, but Cook seems to essentially rule that out.We never talked about charging for it. We view it sort of like multitouch, which enabled the smartphone revolution and the modern tablet.Unclear denial of OpenAI rumorsBack in the summer, there were reports that Phil Schiller was going to join the board of ChatGPT creator OpenAI, in an observational role and then that he wouldnt. There was also talk of Apple investing in OpenAI.Cook denied this, though because both points were put to him in a single question, its not entirely clear what he was denying specifically.Q: First Apple was going to have an observer on OpenAIs board. Now youre not. Recently it was rumored you were going to participate in their big investment round. You didnt.A: Theres no truth behind that at all. And I would just say, our MO is not to go out and invest in a number of companies. Its rare that weve ever done that. So it would be odd, an exception, for us to do that there.Q: So you never considered investing in OpenAI?A: Im not going to say we never looked at it. Im just saying that it would be a rare move on our part to do that.AI energy usageLevy asked Cook whether there was a conflict between the extremely high energy demands of AI servers and the companys environmental goals.More challenges, yes. But are we coming off the goal? No, definitely not. With more data centers, you use more renewable energy, and weve built that muscle now. Since 2015 our carbon footprint is down over half, while our net sales have gone up well over 50 percent. I feel very good about 2030 [when Apple has said its entire supply-chain will be carbon-neutral].Levy pointed to Meta and Snap glasses, and asked whether that sort of form-factor was the end-goal for Vision Pro. Cook appeared to confirm that an Apple Glasses product is the long-term aim.Yes, its a progression over time in terms of what happens with form factors. AR is a huge deal. With Vision Pro, weve progressed to what is clearly the most advanced technology weve ever done, and I think the most advanced technology in the world in terms of electronics problems. Well see where it goes.Apples biggest legacy will be saving livesCook said that the companys biggest legacy was going to be in the health field, and noted the lives that had been saved through the companys work in this area.Its clear to me that if you zoom out way into the future, and you look back and ask what Apples biggest contribution was, it will be in the health area. Thats what I really believe. When we started pulling that string with the Apple Watch, it was a cascade of events. We started with something simple, like monitoring your heart rate, and then figured out we could pick up heart signals to get to an EKG and an AFib determination. Now we are monitoring sleep apnea. Ive gotten so many notes over time from people who would have not survived had it not been for the alert on their wrist.Much of the interview naturally repeats Cooks familiar talking points, but its still an interesting read.Image: 9to5Mac collage of photos by President.gov.ua/CC4.0 and Alexander GreyonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The long-awaited Spotify Wrapped is back, now with a recap of the songs and podcasts you listened to most in 2024. This year, in addition to a new design, Spotify has also added some AI-based features to make the Wrapped experience even more personal. Read on as we detail whats new and how you can access your Spotify Wrapped.2024 Spotify Wrapped now availableFor those unfamiliar, Spotify Wrapped is Spotifys traditional annual recap similar to Apple Music Replay, which had its 2024 edition released yesterday. With Wrapped, users can revisit their year with information about their favorite songs, albums, artists and even podcasts.This year, Spotify Wrapped comes with some new features. For example, new data reveals up to three musical phases that define your year based on the genres and artists youve listened to the most. Youll also find your musical evolution organized in a new playlist that combines both familiar songs along with new suggested songs related to your musical phases.This years Wrapped will show a Longest Listening Streak for the artists you liked the most in addition to the Top Listeners which reveals what percentage of listeners youre in for your favorite artist. For the first time, Spofity will also generate a playlist of your most-watched music videos in the markets where theyre available. Wrapped will also include short messages from artists like ROS, Billie Eilish and Sabrina Carpenter.In partnership with Google, Spotify is also bringing AI-based features to this years Wrapped. Users will find an AI chatbot to create personalized playlists using their Wrapped data. Where available, an AI DJ will provide commentary on your year using your favorite songs as a soundtrack. Moreover, Spotify will generate a podcast about your 2024 Wrapped, all using AI (only available in selected regions).Top artists and songs in the worldAlong with the 2024 Wrapped, Spotify also unveiled today its global list of the artists and songs most listened to by its subscribers during the year. Taylor Swift was the artist with the most streams on Spotify during 2024, but Sabrina Carpenters Espresso took the top spot as the most played song of the year.Most-Streamed Artists Globally:Most-Streamed Songs Globally:Espresso by Sabrina CarpenterBeautiful Things by Benson BooneBIRDS OF A FEATHER by Billie EilishGata Only by FloyyMenor, Cris MjLose Control by Teddy SwimsEnd of Beginning by DjoToo Sweet by HozierOne Of The Girls (with JENNIE, Lily Rose Depp) by The WeekndCruel Summer by Taylor SwiftDie With A Smile by Bruno Mars, Lady GagaMost-Streamed Albums Globally:THE TORTURED POETS DEPARTMENT: THE ANTHOLOGYby Taylor SwiftHIT ME HARD AND SOFTby Billie EilishShort n Sweetby Sabrina CarpenterMAANA SER BONITOeternal sunshineby Ariana Grande1989 (Taylors Version)SOSby SZALoverby Taylor SwiftFireworks & Rollerbladesby Benson BooneStarboyby The WeekndMake sure you have the latest version of the Spotify app installed on your device to access Wrapped 2024. Spotify for iPhone and iPad is available for free on the App Store.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The end is nigh.My Battery Is LowNASA's Voyager 1 and 2 spacecraft have long left the farthest reaches of the solar system, entering interstellar space in 2012 and 2018 respectively.The pair were originally intended to study the solar system's outer planets when they launched in 1977. But both have outgrown their original missions, flying through the darkness of space over 15 billion miles away, far beyond those planets they were originally tasked with observing.Instead of relying on tiny glimpses of sunlight as a power source, the pair are relying on radioisotope thermoelectric generators, which use radioactively decaying plutonium-238 isotopes as a direct source of power.But decades into their journey, that onboard source of electricity is almost depleted, as Wired reports, forcing scientists to shut down scientific instruments one by one. The power output is dropping around four watts per year, giving the probes a definitive end that's now rapidly approaching.In other words, Voyager 1 and 2's days are numbered though scientists are still hopeful the pair will last until their 50th anniversary in space just over two years from now.It's Getting DarkMost recently, NASA engineers confirmed last week that they were able to restore communications with Voyager 1 after the spacecraft went dark in October.Power levels are so low that when scientists switched on one of the heaters to get one of its instruments back online, a safety feature was tripped, as Space.com reports.The feature in question ensures that non-essential systems are switched off to conserve energy. Fortunately, communications resumed on November 18.It's far from the first time Voyager 1 has struggled to stay online and on course. In September, engineers managed to switch its ancient probe to a different set of thrusters to keep it going.In March, the probe returned nonsensical messages back to Earth, forcing scientists to get creative yet again.Voyager 2 hasn't fared much better, suffering from its own thankfully temporary communication blackout last year.But despite scientists' best efforts, little can be done about the two probes' dwindling plutonium reserves.Nonetheless, the team is still appreciative of a groundbreaking, decades-long mission that's even managed to escape the heliopause, the outer boundary of the Sun's heliosphere."I think were all happy and relieved that the Voyager probes have both operated long enough to make it past this milestone," said Voyager project manager Suzanne Dodd in a November statement. "This is what weve all been waiting for. Now were looking forward to what well be able to learn from having both probes outside the heliopause."More on Voyager: Decrepit Voyager 1 Probe Runs Into Trouble AgainShare This Article

Dec 04, 2024The Hacker NewsData Protection / Regulatory ComplianceMany organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy generic standards that don't address their specific security challenges.Creating a password policy that works to protect your organization in the real world requires a careful balance: it must be strict enough to protect your systems, flexible enough for daily work, and precise enough to be enforced consistently. Let's explore five strategies for building a password policy that works in the real world.1. Build compliant password practicesIs your organization in a regulated industry like healthcare, government, agriculture, or financial services? If so, one of your top priorities should be ensuring you adhere to your sector's password management rules. To ensure data security and privacy (and compliance), your organization must follow the password-focused standards that apply to your physical location and industry. By following industry-specific password management guidelines, you'll strengthen your security posture while fulfilling your legal obligations. For the best results, go beyond checkbox compliance and create a password policy that meets regulatory obligations while providing the greatest level of protection. 2. Review your existing password obligationsBefore drafting new password requirements, take stock of your existing obligations. If your organization is like many, you may find that you've included password requirements in various business agreements, perhaps with inconsistent standards across documents.Start by reviewing vendor contracts, client agreements, and partnership documents and remember password requirements may be buried in data handling clauses or security appendices. Don't forget to check internal documents like your employee handbook, security procedures, or even department-specific guidelines. By identifying areas where password requirements overlap and areas of potential conflict, you can determine where you may need to negotiate changes or maintain stricter standards. 3. Create a policy based on real dataToo many organizations jump straight to setting rules without understanding their actual authentication challenges. Before crafting your new password policy, get a clear picture of your security situation. Perform a thorough Active Directory audit to uncover the reality of your environment from outdated admin accounts to compromised passwords currently in use.Think of an Active Directory audit as the foundation for your entire password strategy. When you understand where passwords are weakest, which departments struggle with compliance, and what security gaps truly exist, you can build a policy that solves real problems rather than adding unnecessary complexity.When you're ready to perform your Active Directory audit, consider downloading a free tool like Specops Password Auditor. With Specops Password Auditor, you can identify active users with previously breached passwords, outdated admin accounts, and other password-related vulnerabilities. Download your free read-only tool here.4. Put some muscle in your password policyWe all know what happens on the country road the police never patrol: The speed limit sign says 55, but vehicles regularly travel much faster. Password policies are similar: It's great to have the rules documented, but without effective enforcement, people will ignore the guidelines and do what they want jeopardizing your organization's security in the process.As you create your password policy, determine how you can most effectively enforce it. What constitutes a violation? How will you detect violations? What are the penalties? And how will appeals be handled? Then, communicate your enforcement approach to all stakeholders. When employees see leadership taking password security seriously and applying consequences fairly, they're more likely to prioritize compliance.5. Create password standards that stickGive your password policy its own space rather than burying it in general IT documentation. A standalone policy document carries more weight and visibility while making updates more straightforward.Your documentation should speak plainly about what matters: which systems are covered under these rules, who must follow them, and what they must do. Skip the jargon and focus on clarity from minimum password length to required character types.Before finalizing, route your draft through reviewers at different business units. For example:Technical teams should validate feasibilityLegal teams should ensure regulatory complianceHR teams should consider usability and user-friendlinessExecutives should confirm strategic alignment. By performing a multi-angle review, you'll strengthen your policy and its adoption across the organization. Create lasting security improvementsYour organization's password policy is the foundation of its security strategy, but its effectiveness depends entirely on how well you plan and execute it. Start by understanding your regulatory requirements and existing obligations. Then look at your own organization and build a custom wordlist related to your organization, products, services, ect that you want to prevent users from using in their passwords. Next you can then build on that foundation with real data from your Active Directory environment. Create clear, enforceable standards aligning with security needs and operational realities. And most importantly, remember that a password policy isn't a static document it's a framework that requires ongoing attention and adjustment. By following these guidelines, you'll create password requirements that satisfy auditors and create lasting security improvements.Once you've planned your new policy, it's time to put it into action. Learn how Specops Password Policy can mitigate password risk, easily enforce compliance, continuously block over four billion compromised passwords, & help users create stronger passwords in AD with dynamic end-user feedback. Get serious about password security in 2025. Start eliminating your support burden at the help desk by providing end users with a better security experience. Speak to a Specops expert about your password situation today. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 04, 2024Ravie LakshmananSupply Chain AttackCybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets.The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm registry. The package is widely used, attracting over 400,000 weekly downloads."These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets," Socket said in a report.@solana/web3.js is an npm package that can be used to interact with the Solana JavaScript software development kit (SDK) for building Node.js and web apps.According to Datadog security researcher Christophe Tafani-Dereeper, "the backdoor inserted in v1.95.7 adds an 'addToQueue' function which exfiltrates the private key through seemingly-legitimate CloudFlare headers" and that "calls to this function are then inserted in various places that (legitimately) access the private key."The command-and-control (C2) server to which the keys are exfiltrated to ("sol-rpc[.]xyz") is currently down. It was registered on November 22, 2024, on domain registrar NameSilo.It's suspected that the maintainers of the npm package fell victim to a phishing attack that allowed the threat actors to seize control of the accounts and publish the rogue versions."A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dApps," Steven Luscher, one of the library maintainers, said in the release notes for version 1.95.8."This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dApps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions."Luscher also noted that the incident only impacts projects that directly handle private keys and that were updated within the window of 3:20 p.m. UTC and 8:25 p.m. UTC on December 2, 2024.Users who are relying on @solana/web3.js as a dependency are advised to update to the latest version as soon as possible, and optionally rotate their authority keys if they suspect they are compromised.The disclosure comes days after Socket warned of a bogus Solana-themed npm package named solana-systemprogram-utils that's designed to sneakily reroute a user's funds to an attacker-controlled hard-coded wallet address in 2% of transactions."The code cleverly masks its intent by functioning normally 98% of the time," the Socket Research Team said. "This design minimizes suspicion while still allowing the attacker to siphon funds."It also follows the discovery of npm packages such as crypto-keccak, crypto-jsonwebtoken, and crypto-bignumber that masquerade as legitimate libraries but contain code to siphon credentials and cryptocurrency wallet data, once again highlighting how threat actors are continuing to abuse the trust developers place in the open-source ecosystem."The malware threatens individual developers by stealing their credentials and wallet data, which can lead to direct financial losses," security researcher Kirill Boychenko noted. "For organizations, compromised systems create vulnerabilities that can spread throughout enterprise environments, enabling widespread exploitation."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorDecember 4, 20245 Min ReadMarcelo Mayo via Alamy Stock PhotoBoredom is easy to detect, yet difficult to define and even tougher to address. Boredom indicates that a current activity or situation isn't providing sufficient engagement or meaning. An IT leader's goal should be to help bored individuals -- even entire teams -- shift their attention to tasks and activities that are fulfilling and enriching.IT team boredom often stems from mind-numbing repetitive tasks that drain creativity and engagement, observes Carl Herberger, CEO of Corero Network Security, a threat intelligence insights and analysis firm. "The irony is that the very efficiency IT seeks to create can trap teams in a cycle of monotony," he says in an email interview.It all comes down to engagement, says Orla Daly, CIO with workforce development firm Skillsoft. "IT teams may lack engagement because the work isn't considered sufficiently challenging or feels repetitive," she explains in an online interview. Many tech professionals want the opportunity to become familiar with new technologies and to keep their skills up to date. "When organizations fail to provide a good balance of opportunities, team members can become disengaged," Daly notes.Yet engagement isn't just about gaining access to new technologies. If team members attempt to try a new task without enough skills and support resources to be successful, they may become disengaged, Daly cautions. "It's important to couple access with the right support frameworks."Related:Risky BusinessA bored IT team is a ticking time bomb, Herberger warns. "The risks are clear: increased turnover as talent walks out the door, underperformance that drags down productivity, and a contagious drop in morale that can spread like a virus across the organization," he says. "Worse, in a competitive industry, boredom kills innovation, leaving your company vulnerable to being outpaced by more engaged and agile competitors."A disengaged IT team, or team subset, can negatively impact business performance, since members are probably not contributing to their full abilities. "Additionally, it can impact company culture, creating a suboptimal work environment and lowering the drive of more motivated employees," Daly says. She points to a Gallup survey that shows disengaged employees cost organizations worldwide $8.8 trillion in lost productivity. The same report found that companies with actively engaged employees can provide enormous benefits, including 23% higher profitability and 18% lower turnover for high-turnover organizations.Related:Most at RiskIT teams stuck in the trenches of repetitive, mundane tasks -- such as routine maintenance or low-level coding -- are most at risk of succumbing to boredom, Herberger says. "These assignments often fail to provide the intellectual stimulation that keeps talent engaged, turning what could be an incubator for innovation into a dead-end job that saps motivation."Daly agrees. "While individual motivations play a big role, there's a greater risk of disengagement from teams involved in routine, repetitive tasks that could be automated, or where team members do not understand the purpose of their role and how it connects to the overall company performance."SolutionsTo reinvigorate a sagging IT team, Herberger recommends shaking things up by introducing fresh challenges and innovation opportunities: "Whether it's rotating team roles, fostering a culture of collaboration, or carving out time for passion projects, the goal is clear: disrupt the routine, reawaken creativity, and make the team feel like they're part of something bigger than just punching the clock."Meanwhile, empathy and open communication can help IT leaders identify the root causes of disengagement and identify effective solutions, such as pursuing new certificates, establishing mentorships, or reorganizing responsibilities, Daly says. "Engage in exercises that drive innovation," she suggests. "Learning something new generally excites people -- they feel like they're developing, growing, and that tends to get people engaged."Related:Workers often cite a lack of growth and development opportunities as the reason to move to a new job, Daly says. "Build opportunities for employees to propose new ideas and lend their expertise on projects they wouldn't typically be a part of, encouraging these skilled professionals to use the full scope of their abilities." She also stresses the importance of encouraging open communication.Preventative MeasuresProactive leadership is key, says Hiren Hasmukh, CEO of IT asset management solutions provider Teqtivity. "Regular check-ins, setting clear goals, and providing opportunities for professional development can help," he advises via email. "Fostering a culture of innovation, where team members can propose and lead new initiatives, can be very effective."Daly recommends that IT leaders stay close to their workforce in order to understand their engagement levels, manage mundane tasks effectively, and create space for more interesting assignments. To help prevent disengagement, he suggests offering learning opportunities and activities that promote development and growth. "Upskilling and reskilling are essential strategies to combat disengagement in the workforce."A Final ObservationIt's important to recognize that occasional lulls in excitement are normal in any job, Hasmukh says. "The key is to create an environment balanced with periods of challenge and growth."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeReportsMore Reports