Heres the deal: The PlayStation 5 Pro is now available, carrying a hefty price tag of $699.99. Thats steep on its own, but it gets pricier if you also need to grab the PS5 Disc Drive and Vertical Standboth of which are sold separately.If you are willing to shell out on the new premium console (or were lucky enough to unwrap one over the holidays), here's another quick PSA: The PS5 Disc Drive will cost you $79.99 and the vertical stand will set you back $29.99. The disc drive has already sold out multiple times across most retailers, and is only now available again at Amazon. Shipping is delayed at two to four weeks, and stock is extremely limited, so snap one up as soon as possible to avoid disappointment.Where to Buy PS5 Pro Disc DriveDisc Drive For PS5 Pro and Slim ConsolesInternet connection is required to pair Disc Drive and PS5 console upon setup.$79.99 at AmazonWhere to Buy PS5 Vertical StandIt's not an essential purchase, but if you really want to have you PS5 Pro standing up looking its best with optimal airflow, a vertical stand isn't a bad shout. Just a shame it's not packed in with the $700 console in all honesty. But, similar to the Disc Drive, these have been in and out of stock since the console launched.Vertical Stand For PS5 Consoles$29.94 at WalmartNow you've spent an extra $110 + tax on completing your purchase, congrats! Yeah I know, it's a tough sell. Plenty of fans have already expressed shock at the $700 price, and myriad IGN polls suggest as few as 15% of people plan to buy a PS5 Pro. In a questionnaire asking if the console is reasonably priced, with more than 50,000 responses, 73.9% of responders said it was way too expensive. The PS5 Pro has a GPU with 67% more compute units than the current PS5 console and 28% faster memory, which enables up to 45% faster rendering for gameplay.If you're looking for even more game deals, you've come to the right place. It's worth having a look at our roundups of the best PlayStation deals, the best Xbox deals, and the best Nintendo Switch deals to see the highlights from each platform, from games to hardware to accessories. We also have an overall roundup of the best video game deals that focuses on the standout offers from each platform that are worth putting your money down on. Another place to look for the best deals of the moment is our Daily Deals roundup, where you can see everything from discounts on games to new offers on tech.PlayRobert Anderson is a deals expert and Commerce Editor for IGN. You can follow him @robertliam21 on Twitter.

Disney has recast the role of fan-favorite Star Wars character Baylen Skoll in Ahsoka Season 2 following the death of actor Ray Stevenson, with Game of Thrones' The Hound actor Rory McCann taking over.As reported by The Hollywood Reporter, Disney is opting to continue Skoll's story in Ahsoka Season 2 and potentially beyond instead of bringing it to a close following the death of Stevenson in 2023.The famed actor, who also appeared in Thor, RRR, and Punisher: War Zone, suffered from a brief illness and died three months before the premiere of Ahsoka Episode 1. His portrayal of Skoll was widely considered a standout performance of the first season.Ray Stevenson (l) and Rory McCann(r). Image credit: Jeff Spicer/Getty Images for Disney and Doug Peters/Variety via Getty Images.Disney later announced that Season 2 of the show is being developed and, alongside The Mandalorian and its incoming film sequel, its story is expected to continue into a Star Wars film from Lucasfilm chief creative officer Dave Filoni.As Skoll's story was left open at the end of Ahsoka Season 1, Filoni seemingly has big plans for the character that required a recasting. McCann, who most famously played The Hound in Game of Thrones but has also appeared in Knuckles, Hot Fuzz, and more, will therefore take over beginning in Ahsoka Season 2.The first season was relatively well-received, especially perhaps for fans of Star Wars: Rebels. "Ahsoka starts off rocky before soaring into the weirdest corners of Star Wars lore," IGN said in our 8/10 review.Image Credit: Jeff Spicer/Getty Images for Disney and Doug Peters/Variety via Getty ImagesRyan Dinsdale is an IGN freelance reporter. He'll talk about The Witcher all day.

Sony has signalled that The Last of Us Part 2 Remastered on PC requires a PSN account three months before the games release on Steam.As spotted by VGC, the Steam page for Naughty Dogs single-player adventure includes the now-standard Sony requirement for a PlayStation Network account.PC gamers had little hope that Sony would budge on the PSN requirement for its Steam releases, and so it has proved with The Last of Us Part 2 Remastered. As a result, PC gamers in over 100 countries wont be able to buy the game on Steam because Sony does not operate PlayStation accounts in those markets.PSN is available in just 73 countries, leaving many out in the cold. The Baltics, including states that are part of the European Union (Estonia, Latvia, Lithuania), and the vast majority of countries in Africa are also excluded. For years, some players in these countries have created a PSN in a supported region to get around the restrictions, but there are concerns that Sony could ban the accounts of those who do.Sonys PC push has been controversial to say the least, with most of its games suffering negative Steam reviews as a result of the PSN requirement regardless of whether the games themselves are great or run well. In September, God of War Ragnark met with a mixed user review rating on Steam following its PC launch, with most of the complaints revolving around the PSN requirement.One disgruntled fan even created a God of War Ragnark mod that removed the requirement, but it was pulled down out of fear of reprisal from Sony. Exacerbating the backlash is that Sony has doubled down on this policy even for single-player games, such as God of War Ragnark, Until Dawn, and now The Last of Us Part 2 Remastered.Sonys PSN account requirement for its PC games was thrust into the limelight with the release of Arrowheads explosive PC and PS5 co-op shooter Helldivers 2 earlier in 2024. Helldivers 2 suffered a review bomb campaign on Steam after Sony made PSN accounts mandatory for PC gamers on Valves platform (Arrowhead subsequently decided to turn the user review history graph into a cape, which is ready for launch but has yet to release).Sony eventually backed down and reversed Helldivers 2s PSN account requirement, but the game remains unavailable in the many countries that lack PSN. And indeed all Sonys games on PC now suffer from this problem.When it announced the PSN requirement for Helldivers 2, Sony said it had to do with player security. Account linking plays a critical role in protecting our players and upholding the values of safety and security provided on PlayStation and PlayStation Studios games, Sony said in a statement issued at the time. This is our main way to protect players from griefing and abuse by enabling the banning of players that engage in that type of behavior. It also allows those players that have been banned the right to appeal.Perhaps bracing itself for a backlash it knew was to come, Sony added: We understand that while this may be an inconvenience to some of you, this step will help us to continue to build a community that you are all proud to be a part of. Many thanks for your continued support of Helldivers 2!The Last of Us Part 2 Remastered likely faces a similar backlash on launch that Sonys other PC games have seen, despite the Steam warning months in advance.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

With the spice giving everyone Dune fever and Star Trek in a second renaissance, sci-fi fans have had it good these past few years. 2025 doesnt have another Dune movie in store, but it does have a new James Cameron film, and its hard to get better than that. Additionally, weve got some smaller stories coming to streaming services, a few reimagingings of classic tales, and another movie about dino DNA. What more could you want?Star Trek: Section 31 (Jan 24)Star Trek: Discovery might be done, but the world it established continues. Star Trek: Section 31, premiering straight on Paramount+, checks in on Philippa Georgiou (Michelle Yeoh), the Mirror Universe duplicate of Michael Burnhams former beloved captain. Once the cruel Empress for the Terran Empire, Georgiou now serves in Section 31, Starfleets Black Ops division.Look, its hard not to be skeptical about Section 31. The concept was used well in its initial appearances in Deep Space Nine, but it has come to represent the edginess Discovery too often infused into its stories. Still, it does have the glorious Yeoh in the lead alongside the always likable Sam Richardson and Kacey Rohl as Rachel Garrett, the doomed Captain from the Next Generation classic Yesterdays Enterprise.Mickey 17 (March 7)We really hate even typing the date next to Mickey 17 for fear that Warner Bros. will bump back the release again or cancel the thing altogether. But it seems like we might finally, FINALLY get to see Bong Joon-hos follow-up to Best Picture winner Parasite. Bongs English-language films have always been his most bonkers, whether its casting Chris Evans as a baby-eating revolutionary or letting Jake Gyllenhaal do whatever it is Jake Gyllenhaals doing in Okja. Mickey 17 promises to continue that trend with Robert Pattinson playing several clones of a man who sold himself to a corporation. Wackiness and anti-capitalism will surely ensue.The Electric State (March 14)Before making their triumphant return to the MCU with Avengers: Doomsday, Joe and Anthony Russo have another Netflix project in the works. Based on the illustrated novel by Simon Stlenhag, The Electric State takes place in an alternate version of 1994. Because this is a Netflix movie, Millie Bobby Brown takes the lead, this time as a woman who seeks the help of a robot to find her missing brother. The Russos have also recruited a number of MCU folks and MCU-adjacent folks to flesh out the cast, including Chris Pratt and Ke Huy Quan in live-action roles. Meanwhile Jason Alexander, Woody Harrelson, and Anthony Mackie provide voices.Read more A Minecraft Movie (April 4)Its a bad sign when even Jack Black looks tired onscreen. We can see a bit of sorrow behind the boisterous comedians eyes as he finds himself in yet another video game adaptation and yet another movie about people getting sucked into a game. The fact that hes alongside Jason Momoa coming straight from a T-Mobile commercial and recent Academy Award nominee Danielle Brooks absolutely slumming doesnt help.Then again, the video game that inspired A Minecraft Movie has always been much more than it appears on the surface. And director Jared Hess got one of Blacks strangest performances in Nacho Libre. Maybe he can craft something spectacular out of what appears to be a joyless mess.Lilo & Stitch (May 23)Okay, its easy to scoff at the upcoming remake of Lilo & Stitch, especially since people will keep calling it live-action, despite having a computer animated character at its center. Furthermore, almost all of the Disney updates to classic animated movies have been ugly cash grabs, adding nothing to the beauty and simplicity of the originals. That said, Lilo & Stitch has a few things in its favor. One, animator Chris Sanders, who co-directed the original film and helmed The Wild Robot just last year, is back on hand, if only as the voice of Stitch. Second, it is directed by Dean Fleischer Camp, who made the delightful Marcel the Shell With Shoes On shorts and movie. Maybe this thing will have a heart missing from all Disney remakes that arent Petes Dragon.Mission: Impossible The Final Reckoning (May 23)Youre just asking for trouble when you start using words like failure around Tom Cruise and/or Ethan Hunt, both of whomcould be called the living manifestation of destiny. But it sure looks like Mission: Impossible The Final Reckoning may be the last outing for the unstoppable Hunt.Although the movie no longer bears the title Dead Reckoning Part Two, The Final Reckoning picks up where the 2023 left off, with Hunts IMF team chasing an AI called the Entity. Although Ilsa Fausts death in the previous film means well go without Rebecca Ferguson for this one, the rest of Hunts team is there, which means we get more of Ving Rhames, Simon Pegg, and Vanessa Kirby, alongside new addition Hayley Atwell. Even better, Christopher McQuarrie is back again to direct Cruise doing a few more insane stunts.From the World of John Wick: Ballerina (June 6)When it was announced that the John Wick franchise would continue with the wonderfully titled From the World of John Wick: Ballerina, people kept asking if the original series director Chad Stahelski would be back after the glorious John Wick: Chapter 4. Instead journeyman Len Wiseman signed on to helm the story of newcomer (Ana de Armas) to the Ruska Roma killers.Join our mailing listGet the best of Den of Geek delivered right to your inbox!Ballerina will add some new wrinkles to the deep killer mythology, including Norman Reedus as a mysterious benefactor and Gabriel Byrne as the chief villain. Well also get to see welcome faces again, including Ian McShane as Winston and the late Lance Reddick as Charon. But the best news comes from Stahelski himself, who said Yeah, Im thinking Im back after it was revealed he directed a few action sequences for the new movie.Elio (June 13)Pixar may have dumped Turning Red directly to streaming, but it soon found an audience and established itself as one of the studios better recent entries. Turning Red director Domee Shi teams up with Adrian Molina, co-writer and co-director of the also excellent Coco, and first-time feature director Madeline Sharafian for Elio.Elio follows a nerdy 11-year-old (Yonas Kibreab) who gets beamed into space to serve as humanitys representative at an intergalactic conference. Jameela Jamil, Brad Garrett, and Shirley Henderson voice the various aliens who, probably, teach him something about life.28 Years Later (June 20)The best part of Danny Boyle and Alex Garlands 28 Days Later came when Jim (Cillian Murphy) and his fellow survivors arrive at a military base only to find not safety from rage-infected zombies, but a thoroughly human threat. Boyle and Garland will certainly have more of that in mind for their latest collaboration 28 Years Later, which begins on an island where survivors live in peace. But eventually peace always leads back into the wasteland.Our guide into that nightmare will be played this time by Aaron Taylor-Johnson, who certainly seems to be getting a lot of prime roles. Hell be joined by Ralph Fiennes and Jodie Comer, at least one of whom will certainly play a human who does terrible things. Or maybe that role will go to Jim, played by a returning Murphy.M3GAN 2.0 (July 27)The delightful Chucky TV series may have met its end, but were not done with killer dolls just yet. The TikTok eras answer to Talking Tina is back in M3GAN 2.0, along with all of the same cast and creatives. Gerard Johnstone directs and Akela Cooper writes this sci-fi horror about the titular overprotective AI doll (voiced by Jenna Davis and performed by Amie Donald), who terrorizes her creator Gemma (Allison Williams) and young girl (Violet McGraw). But the most exciting part may be seeing what viral marketing ideas Blumhouse has this time around.Jurassic World Rebirth (July 2)Wait theyre rebuilding Jurassic Park again?! If only some movie existed to warn people against putting profits over good sense. Then again, given that the last entry in the franchise, Jurassic World: Dominion, decided that big bugs would be better than dinosaurs to bring the original cast back, maybe we want Universal to give it another go.Given that Gareth Edwards of Godzilla and Rogue One fame steps in, well likely have plenty of dino action in Jurassic World Rebirth. The plot involves a group of scientists led by Scarlett Johansson and Mahershala Alis black ops expert, who search a dino reserve for a medical cure. This in turn will surely invite some conversation about humanitys hubris and chaos, and other ideas Universal will ignore when the box office receipts come in.Mercy (August 15)In Mercy, Chris Pratt plays a detective charged of a crime he did not commit. No, that doesnt sound terribly interesting, nor does it sound like sci-fi. But given that Mercy comes from director Timur Bekmambetov, a simple plot leaves more room for over-the-top action set-pieces. As he did in Wanted and Night Watch, Bekmambetov will surely fill the screen with eye-popping sequences. Moreover, Mercy takes place in a near-future, which means that there will be plenty of nifty gadgets and frightening surveillance equipment to add some oomph to the proceedings, as will co-stars Rebecca Ferguson and Annabelle Wallis.The Bride! (September 26)How do you improve on perfection? Thats the question facing veteran actor Maggie Gyllenhaal, who chose for her sophomore directorial effort a remake of Bride of Frankenstein. Her answer, it seems, is to veer as far as possible from the source material. Gyllenhaal sets The Bride! in 1930s Chicago where a murdered woman (Jessie Buckley) is resurrected as a mate for Frankensteins monster (Christian Bale). According to early synopses, the Bride will lead a womans movement in the Windy City, but if the stylish production photos are any indication, the movies tongue will be in its cheek enough to promise some zaniness to accompany its political relevance.Tron: Ares (October 10)Yes, its been a long time since 2010s Tron: Legacy, but not as long as it had been between that film and the original Tron from 1982. Still, Tron: Ares has been mired in production for several years now, as the movie went through several creatives before landing on director Joachim Rnning, who most recently made The Young Woman and the Sea. Throughout the process, Jared Leto has remained a consistent in the project. Leto plays Ares, a program who reverses the usual Tron plot and enters the human world on a secret mission. Although Daft Punk will not be on hand to score Aress adventure, they have an able replacement in Trent Reznor and Nine Inch Nails.Predator: Badlands (November 7)The original Predator was a delightful genre mash-up, one that used a sci-fi premise to inject horror into a gratuitous 80s action flick. Filmmaker Dan Trachtenberg pulled a similar trick with 2022s Prey, in which a Comanche woman fended off an alien attack in 1719. However, it remains to be seen if Trachtenberg can do it again for Predator: Badlands. Instead of directly following Prey, Badlands takes place on a wasted hunting ground where twin sisters played by Elle Fanning try to survive. Thats not the most compelling premise, but between Prey and 10 Cloverfield Lane, Trachtenberg hasnt disappointed yet.The Running Man (November 7)Edgar Wright movies are always worth keeping an eye on, and his next one is intriguingly a second adaptation of a 1982 Stephen King novel (published under the name Richard Bachman), The Running Man. While Wright wont likely be able to match the insanity of the 1987 Arnold Schwarzenegger movie and its gonzo Steven E. de Souza script, its clear that he has his own unique approach to The Running Man. In Wrights version, Glen Powell plays Ben Richards, a contestant on a post-apocalyptic game show in which hes chased by murderous hunters. Love Lies Bleeding breakout Katy M. OBrian appears as a fellow contestant, and Josh Brolin portrays Dan Killian, the shows malevolent producer.Bugonia (November 7)Another year, another Yorgos Lanthimos movie. Although the idiosyncratic Greek filmmaker is reteaming with Emma Stone and Jesse Plemons, both of whom appeared in Kinds of Kindness, Bugonia isnt an original screenplay. Instead Lanthimos remakes the 2003 Korean comedy Save the Green Planet!, directed by Jang Joon-hwan.In Bugonia, Stone plays a powerful CEO who gets kidnapped by a conspiracy theorist (Plemons) and his brother, who believe that shes an invading alien. Jang presented that material with zany lightness, but expect Lanthimos to give it lots of unusual dialogue and awkward silences.Avatar: Fire and Ash (December 19)What is there to say about Avatar: Fire and Ash? Its made by James Cameron and James Cameron never loses. Period. The third entry in the Avatar series takes its blue heroes Jake Sully (Sam Worthington) and Neytiri (Zoe Saldaa) away from the sea people joined in Avatar: The Way of Water. This time they meet the fire people, bringing their adopted daughter Kiri (Sigourney Weaver) and probably villain Miles Quaritch (Stephen Lang) with them. But you know what? It doesnt matter what the plot is because its going to look amazing and were all going to love it, and Cameron will win again.Death of a Unicorn (TBA)Even though weve got a trailer and a synopsis for Death of a Unicorn, its still hard to figure out what exactly it is. Clearly its got comedic and satirical aspects. After all, it stars Paul Rudd and Jenna Ortega as a father and daughter who hit and kill a unicorn while driving to a retreat hosted by a powerful pharmaceutical CEO. That modern medicine plot gives the movie a sci-fi angle, but A24 has been calling it a horror movie as well. Is it all of those things? None of them? Who knows, but even though it comes from a first time writer/director in Alex Scharfman, A24 tends to hit more than it misses, so were going in with optimism.Frankenstein (TBA)Its kind of surprising that Guillermo del Toro hasnt already made a Frankenstein movie. A romantic, misunderstood monster story, complete with lots of weird science, seems right up his alley. Thankfully, Netflix is finally giving del Toro the chance to make that film, and hopefully will allow him to get as expressive as he was in 2023s Pinocchio.Del Toros Frankenstein stars Oscar Isaac as Victor Frankenstein, who is urged by Dr. Pretorious (Christoph Waltz) to finish work on his monster (Jacob Elordi). Modern scream queen Mia Goth plays Frankensteins beloved Elizabeth while a perfectly cast Burn Gorman plays Frankensteins assistant Fritz. It sounds like del Toros hewing pretty closely to the Universal Monsters version of the story, so lets hope we get some florid speeches from Waltz.

A leaker with a good track record on iPhone camera improvements has lent their support to a report that the 12MP front-facing camera in current iPhones will be upgraded to 24MP in the iPhone 17 line-up. They also endorse the suggestion that all three rear cameras in the iPhone 17 Pro Max will have 48MP sensors.The latest report goes a little further, however, and suggests that this years upgrade to the 5x telephoto camera sensor will apply to the iPhone 17 Pro as well as the Pro Max The iPhone 16 Pro models currently have a mix of 12MP and 48MP camera sensors:Main camera: 48MPUltrawide: 48MP (up from 12MP in the iPhone 15 Pro)Telephoto: 12MPSelfie camera: 12MPIts more than a year since Apple analyst Ming-Chi Kuo cited supply-chain sources for a planned upgrade to the front-facing selfie camera in the iPhone 17 models.The front camera of the iPhone 17 will be upgraded to 24MP/6P lens (vs. the 12MP/5P lens of iPhone 15 & 16), which will significantly improve the image quality. Genius is the primary lens supplier for iPhone front cameras.The reference to a 6P over 5P lens refers to the number of elements in the lens. All other things being equal, more elements creates a lens with fewer distortions.Kuo also indicated that the iPhone 17 Pro Max would see the telephoto camera upgraded from 12MP to 48MP.Chinese leaker Digital Chat Station endorses both reports, but indicates that both iPhone 17 Pro models will get the new telephoto sensor, not just the Pro Max.The specifications are 48Mp 1/1.3 , ultra-wide angle 48Mp, periscope 48Mp 5X, main camera and telephoto are GP glass plastic lenses, and the front camera is upgraded to 24MpThis will mean that both Pro models have 48MP sensors for all three rear cameras.Digital Chat Station has credibility where iPhone camera upgrades are concerned, having posted accurate leaks about both the telephoto lens coming to the iPhone 16 Pro and the larger sensor size in the main camera last year.Image: Michael Bower/9to5MacAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Jan 10, 2025The Hacker NewsNetwork Security / Policy ManagementNetwork segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks. These devices often lack robust security hardening, creating significant vulnerabilities that traditional segmentation solutions struggle to address.Elisity aims to solve these challenges through an innovative approach that leverages existing network infrastructure while providing identity-based microsegmentation at the network edge. Rather than requiring new hardware, agents or complex network redesigns, Elisity customers run a few lightweight virtual connectors (called Elisity Virtual Edge) to enforce security policies through organizations' current switching infrastructure.In this hands-on review, we'll examine Elisity's technical capabilities and real-world applicability based on testing in a simulated healthcare environment that mirrors common enterprise deployment scenarios. To get a personalized demo, visit the Elisity website here.Identity-First ArchitectureAt the core of Elisity's platform is the Cloud Control Center, which provides centralized policy management and visibility. During testing, we saw how "Elisity's Virtual Edge" components can be deployed either directly on supported switches (Cisco Catalyst 9K series) or as VMs or containers in private clouds or on networks, they integrate with existing network switches including Cisco, Juniper and Arista. The test environment demonstrates that Elisity can manage segmentation at both a series of clinics that connect to the network with Cisco 9300 and 3850 switches, and hospital sites with a Cisco 9300 running the Elisity Virtual Edge on it.The Elisity IdentityGraph engine proves particularly impressive in practice. Beyond just discovering devices, it correlates identity data from multiple sources into what Elisity calls "core effective attributes" - a consolidated view of the most valid and trusted data about each asset. During testing, we saw it pull data simultaneously from Active Directory, ServiceNow, CrowdStrike and other sources, creating rich contextual profiles that inform policy decisions.Because Elistiy's Virtual Edge "connectors" are connected corporate networks they discover and sees more than just the device details, it also sends network flow data to Elisity's Cloud Control Center. This level of integration enables the platform to correlate "who is talking to who".Policy Creation and ManagementAll of this correlated meta data for users, workloads and devices becomes valuable with Elisity access policy capabilities. The policy interface uses an intuitive matrix visualization that clearly shows relationships between asset groups. A key feature demonstrated was the ability to classify assets dynamically based on multiple criteria. For example, we watched an unauthorized laptop get automatically reclassified into an authorized radiology group based on matching ServiceNow asset tags, device type, and CrowdStrike EDR status. The platform includes powerful features for policy refinement: Learning mode to understand actual traffic patterns Policy simulation before enforcement Traffic flow analytics overlaid on the policy matrix The ability to lock assets in specific groups (particularly valuable for OT environments)A particularly useful feature is the traffic flow analysis view, which overlays actual communication patterns on the policy matrix. This helps administrators identify unused paths that can be safely blocked and validate policy changes before enforcement.Healthcare Use Case Deep Dive To evaluate real-world applicability, we tested a common healthcare scenario: securing legacy medical devices running outdated operating systems. The platform automatically discovered our simulated medical equipment and provided granular visibility into their communication patterns. The demo showed how easily policies could be created for diverse medical equipment including X-ray machines, CT scanners, and EHR systems. A particularly valuable example demonstrated blocking specific ports (like SSH port 22) to legacy medical devices running outdated operating systems while maintaining necessary clinical access.Performance and ScaleTesting revealed minimal performance impact from Elisity's enforcement mechanisms. By leveraging switch ASICs for policy enforcement, the solution maintained sub-millisecond latency with no noticeable throughput reduction. The distributed architecture handled our test load efficiently, suggesting good scalability for enterprise deployments.The deployment process proved remarkably straightforward, taking under 30 minutes per site with no network downtime. This efficiency stems from Elisity's container-based approach and ability to work with existing infrastructure. Areas for Enhancement While Elisity delivers on its core promise, some areas could be improved. The wireless integration capabilities have recently been expanded to include Cisco Catalyst 9800 wireless controllers supporting inter and intra SSID segmentation or alternatively on the switch where the AP or Controller connects to the network which could be significant for healthcare environments with increasing wireless device adoption. Additionally, while the policy interface is intuitive, more predefined templates would help accelerate initial deployment.We also noted that some manual policy tuning was needed to optimize rules for specific use cases. While the platform provides good visibility for this tuning, additional automation could streamline this process. We do note that Elisity informed us that they are launching Elisity Intelligence in early 2025, which they say will provide a stronger automated policy recommendation engine.Public Case Study ExampleElisity shares that a leading U.S. health system with 800+ hospitals and healthcare clinics achieved remarkable efficiency gains and cost savings by implementing Elisity, reducing total costs from $38M to $9M - a 76% TCO reduction. The implementation required only 2 staff members per site instead of 14, with deployment taking just 4-10 hours per location while avoiding downtime and patient care disruption. Elisity's platform discovered and classified 99% of devices within 4 hours and eliminated the need for costly IoMT device re-IP processes, and provided automated, continuous device inventory updates to their CMDB with comprehensive network visibility across all locations. Read more on Elisity's successful deployments in healthcare, pharma and manufacturing on their website.ConclusionElisity successfully addresses the primary challenges of traditional microsegmentation approaches while providing a practical path to implementation. The solution's ability to leverage existing infrastructure while delivering identity-based controls makes it particularly valuable for organizations with diverse endpoint types and complex segmentation requirements. During testing, we were particularly impressed by Elisity's incident response capabilities. The platform allows organizations to maintain multiple policy sets - including pre-configured "locked down" policies that can be rapidly deployed via their SOAR playbooks or API integrations, if ransomware or other threats are detected. The platform's rapid deployment capabilities and minimal performance impact make it a compelling option for enterprises looking to improve their security posture without massive infrastructure investments. While some aspects like wireless integration could be enhanced, Elisity offers a pragmatic approach to implementing microsegmentation across the enterprise. For organizations struggling with traditional segmentation approaches, particularly those in healthcare and manufacturing sectors, Elisity provides a clear path forward that balances security requirements with operational realities. To learn more about Elisity IdentityGraph, visit the solution page here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 10, 2025Ravie LakshmananCybersecurity / AndroidCybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution.The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14."Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. "The patch adds proper input validation."Google Project Zero researcher Natalie Silvanovich, who discovered and reported the shortcoming, described it as requiring no user interaction to trigger (i.e., zero-click) and a "fun new attack surface" under specific conditions.Particularly, this works if Google Messages is configured for rich communication services (RCS), the default configuration on Galaxy S23 and S24 phones, as the transcription service locally decodes incoming audio before a user interacts with the message for transcription purposes."The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000," Silvanovich explained."While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer."In a hypothetical attack scenario, an attacker could send a specially crafted audio message via Google Messages to any target device that has RCS enabled, causing its media codec process ("samsung.software.media.c2") to crash.Samsung's December 2024 patch also addresses another high-severity vulnerability in SmartSwitch (CVE-2024-49413, CVSS score: 7.1) that could allow local attackers to install malicious applications by taking advantage of improper verification of cryptographic signature.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 10, 2025Ravie LakshmananCyber Espionage / Cyber AttackMongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024."The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an Association of Southeast Asian Nations (ASEAN) meeting," Recorded Future's Insikt Group said in a new analysis.It's believed that the threat actor compromised the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024. It's also said to have targeted various victims in Malaysia, Japan, the United States, Ethiopia, Brazil, Australia, and India from September to December 2024.RedDelta, active since at least 2012, is the moniker assigned to a state-sponsored threat actor from China. It's also tracked by the cybersecurity community under the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, Mustang Panda (and its closely related Vertigo Panda), Red Lich, Stately Taurus, TA416, and Twill Typhoon.The hacking crew is known for continually refining its infection chain, with recent attacks weaponizing Visual Studio Code tunnels as part of espionage operations targeting government entities in Southeast Asia, a tactic that's increasingly being adopted by various China-linked espionage clusters such as Operation Digital Eye and MirrorFace.The intrusion set documented by Recorded Future entails the use of Windows Shortcut (LNK), Windows Installer (MSI), and Microsoft Management Console (MSC) files, likely distributed via spear-phishing, as the first-stage component to trigger the infection chain, ultimately leading to the deployment of PlugX using DLL side-loading techniques.Select campaigns orchestrated late last year have also relied on phishing emails containing a link to HTML files hosted on Microsoft Azure as a starting point to trigger the download of the MSC payload, which, in turn, drops an MSI installer responsible for loading PlugX using a legitimate executable that's vulnerable to DLL search order hijacking.In a further sign of an evolution of its tactics and stay ahead of security defenses, RedDelta has been observed using the Cloudflare content delivery network (CDN) to proxy command-and-control (C2) traffic to the attacker-operated C2 servers. This is done so in an attempt to blend in with legitimate CDN traffic and complicate detection efforts.Recorded Future said it identified 10 administrative servers communicating with two known RedDelta C2 servers. All the 10 IP addresses are registered to China Unicom Henan Province."RedDelta's activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in Southeast Asia, Mongolia, and Europe," the company said."The group's Asia-focused targeting in 2023 and 2024 represents a return to the group's historical focus after targeting European organizations in 2022. RedDelta's targeting of Mongolia and Taiwan is consistent with the group's past targeting of groups seen as threats to the Chinese Communist Party's power."The development comes amid a report from Bloomberg that the recent cyber attack targeting the U.S. Treasury Department was perpetrated by a fellow hacking group known as Silk Typhoon (aka Hafnium), which was previously attributed to the zero-day exploitation of four security flaws in Microsoft Exchange Server (aka ProxyLogon) in early 2021.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Serhii Mohylevskyi, QA Practice Leader, NIXJanuary 10, 20254 Min Readsyahrir maulana via Alamy StockArtificial intelligence is already a big deal, but not everyone is using it effectively. Many clients ask us how weve integrated AI into our QA process, but creating a real, usable approach wasnt as easy as it seemed. Today, I want to share how we approached AI in quality assurance and the lessons we learned along the way.The AI Hype and RealityTwo years ago, ChatGPT exploded onto the scene. People rushed to learn about generative AI, large language models and machine learning. Initially, the focus was on AI replacing jobs, but over time, these discussions faded, leaving behind a flood of AI-powered products claiming breakthroughs across every industry.For software development, the main questions were:How can AI benefit our daily processes?Will AI replace QA engineers?What new opportunities can AI bring?Starting the AI InvestigationAt our company, we received an inquiry from sales asking about AI tools we were using. Our response? Well, we were using ChatGPT and GitHub Copilot in some cases, but nothing specifically for QA. So, we set out to explore how AI could genuinely enhance our QA practices.What we found was that AI could increase productivity, save time, and provide additional quality gates, if implemented correctly. We were eager to explore these benefits.Related:Categorizing the AI ToolsOver the next few months, we analyzed numerous AI tools, categorizing them into three main groups:Existing tools with AI features: Many products had added AI features just to ride the hype wave. While some were good, the AI was often just a marketing gimmick, providing basic functionality like test data generation or spell-checking.AI-based products from scratch: These products aimed to be more intelligent but were often rough around the edges. Their user interfaces were lacking, and many ideas didn't work as expected. However, we saw potential for the future.False advertising: These were products promising flawless bug-free applications, usually requiring credit card information upfront. We quickly ignored these as obvious scams.What We LearnedDespite our thorough search, we didnt find any AI tools ready for large-scale commercial use in QA. Some tools had promising features, like auto-generating tests or recommending test plans, but they were either incomplete or posed security risks by requiring excessive access to source code.Yet, we identified realistic uses of AI. By focusing on general-use AI models like ChatGPT and GitHub Copilot, we realized that while QA-specific tools werent quite there yet, we could still leverage AI in our process. To make the most of it, we surveyed our 400 QA engineers about their use of AI in their daily work.Related:About half were already using AI, primarily for:Assisting with test automationGenerating test dataProofreading documentsAutomating routine tasksDeveloping a New ApproachWe then created an in-house course on generative AI tailored for QA engineers. This empowered them to use AI for tasks like test case generation, documentation, and automating repetitive tasks. As engineers learned, they discovered even more ways to optimize workflows with AI.How profitable is it? Our measurements showed that AI reduced the time spent on test case generation and documentation by 20%. For coding engineers, AI-enabled them to generate multiple test frameworks in a fraction of the time it wouldve taken manually, speeding up the process. Tasks that used to take weeks could now be done in a day.The DownsidesDespite its benefits, AI isnt perfect. It isnt smart enough to replace jobs, especially for junior engineers. AI may generate test cases, but it often overlooks important checks, or it suggests irrelevant ones. It requires constant oversight and fact-checking.Related:Why Many Companies Get It WrongThe biggest mistake companies make is jumping into AI without understanding its limitations. Many fall for the hype and end up using AI tools that dont work well, only to face frustration. The truth is that AI is a valuable assistive tool, but it needs to be used thoughtfully and alongside human oversight.Key takeaways from our journey with AI in QA:AI is not a magic bullet. It provides incremental improvements but wont radically transform your processes overnight.Implementing AI takes effort. It needs to be tailored to your needs, and blindly following trends wont get you far.AI can assist, but it cant replace human oversight. Its ineffective for junior engineers who may not be able to discern when AI is wrong.Dedicated AI testing tools still need improvement. The market isnt yet ready for specialized AI tools in QA that offer real value.AI is exciting and transforming many industries, but in QA, it remains an assistive tool rather than a game-changer. We at NIX are embracing it, but we're not throwing out the rulebook just yet.About the AuthorSerhii MohylevskyiQA Practice Leader, NIXSerhii Mohylevskyi is a QA Practice Leader at NIX, bringing over 10 years of experience in manual, automated, and performance testing. He focuses on integrating new technologies into QA processes.See more from Serhii MohylevskyiNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Every network leader seeks fast and reliable performance. Network metrics provide the insights necessary to achieve those goals.