CD Projekt has announced that patch 2.21 for Cyberpunk 2077 is rolling out to players on PC, PlayStation 5, and Xbox Series X and S. The brunt of the changes are largely fixes for photo mode, as well as DLSS 4 support for PC players.While patch 2.2 added a much deeper look at customization in photo mode, 2.21 adds heaps of fixes for the mode. One of the most notable is the ability to finally save characters and Vs rotation and position within your Photo Mode presets.There are also fixes present for texture and color inconsistencies for vehicles that have CrystalCoat applied, in addition to several other menu fixes for the vehicle customization system added in patch 2.11.For those looking at creating a character in future runs, you can now also preserve randomizer settings within the character creator after further customization of character attributes.There are also a handful of changes to allow Johnny Silverhand to appear more in the passenger seat of your car if youre ever feeling lonely while driving along the streets of Dogtown. Patch 2.2 originally sought to resolve this by having Johnny sitting shotgun around 25% of the time, which didnt happen. The inverse also occurred, where Johnny could appear duplicated in the passenger seat in quests where he is set to appear during a scripted event. The new patch will solve any ghostly duplications of Silverhand, and have him spend more time with V in a car this time around.Cyberpunk 2077 Update 2.1IGN's Twenty Questions - Guess the game!IGN's Twenty Questions - Guess the game!To start:...try asking a question that can be answered with a "Yes" or "No".000/250Most notably, the game has also added DLSS 4 support for PC players, as well as Multi Frame Generation for RTX 50-series GPUs. This tool will now allow players to boost their FPS by up to three times per traditionally rendered frame, so long as you have the new GPUs to run it. RTX 40-series users can also enjoy faster single frame generation with reduced memory usage." All Nvidia RTX GPU owners can also choose between the traditional CNN model in DLSS features to the new Transformer model, which CD Projekt claimed can enhance stability, lighting, and detail in motion." RTX users can also enjoy enhanced Ray Reconstruction, with fewer artifacts and smudging in patch 2.21. CD Projekt has not announced whether or not this might be a final update to Cyberpunk 2077, as the company transitions to full development on The Witcher 4.Cyberpunk 2077 update 2.21 patch notes:Patch 2.21 for Cyberpunk 2077 is being rolled out on PC, PlayStation 5 and Xbox Series X|S!This update adds support for DLSS 4 on PC and introduces various fixes, notably to SmartFrames on Xbox and Photo Mode across all platforms. For details, check the full list of changes below:Photo ModeNibbles and Adam Smasher can now be spawned while V is in the air or in water.Fixed the Facial Expression option for Adam Smasher.Fixed an issue where Adam Smasher's glowing chest cyberware was missing.Fixed an issue where, if Johnny's Alternate Appearance was enabled, both options to spawn him (default and alternate) resulted in the alternate look.Characters spawned while V is in the air or in water will no longer snap to the ground.Characters will now be properly saved in presets.Spawned characters will now be visible after adding a background.V's rotation and position will now be properly saved in presets.Fixed an issue where adjusting the Up/Down slider for V wouldn't change their position between certain values.NPCs that turn invisible after disabling the Surrounding NPCs option will no longer have collision.Fixed an issue where loading a preset could cause additional light sources to appear even when disabled, or spawn them in incorrect positions.Fixed an issue where the camera could get stuck on walls after setting Full Collision to ON.Fixed an issue where camera settings would only apply after loading a saved preset twice.Enabling a background will no longer change camera position.Rotating the camera will now work properly with a background enabled.Fixed an issue where the prompts for Move Camera and Rotate Camera would appear when the camera cannot be moved (e.g. when using the First-Person Perspective camera).Fixed an issue where it wasn't possible to move the camera after spawning a character while highlighting the Edit Character option.Disabling Chromatic Aberration in the Graphics settings will no longer affect the ability to adjust it.Fixed an issue where some items in scenes disappeared after setting the Surrounding NPCs option to OFF.Fixed an issue where enabling PhysX Cloth would unfreeze NCPD vehicles.The rule of thirds grid will now properly adapt to the selected aspect ratio.Fixed an issue where the image in a SmartFrame wouldn't be visible if accessed while V was not facing it.Fixed an issue where opening Photo Mode simultaneously with Wardrobe or Stash caused the game to become unresponsive.Fixed an issue where it was possible to access Photo Mode before a save file fully loaded, causing it to open without UI and block any further action.Fixed other minor Photo Mode issues related to spawned characters, camera movement, controls, and more.Fixed various UI issues in Photo Mode, SmartFrames and Gallery menus, including slider inconsistencies, localization errors, missing sound effects, incorrect behavior when interacting with certain features, and more.Vehicle Color CustomizationFixed several texture and color inconsistencies for vehicles that have CrystalCoat applied.Fixed an issue where the explanation of the spray paint icon was missing in the Autofixer tutorial pop-up after a vehicle contract was completed.Fixed several minor UI issues in the CrystalCoat and TwinTone menus.Character CreationRandomizer settings in Character Creation will now be preserved after advancing to the Customize Attributes step.Fixed an issue where the Piercing Color option would not be available in Character Creation after enabling piercings if V initially had none.Fixed other minor issues in Character Creation, including appearance options not applying correctly, visual clipping, inconsistent UI behavior, functionality issues after using the randomizer, and more.MiscellaneousRun This Town - Fixed an issue where, under certain circumstances, it wasn't possible to deactivate the Aguilar imprint after meeting with Bennett.Fixed several instances where Johnny could appear duplicated in the passenger seat during some quests when he was already present in the scene.Fixed an issue where Johnny did not appear as a passenger often enough.Introduced several fixes to NPC and vehicle behavior for various small events throughout Night City.Fixed an issue where some vendors were not interactable as intended.Fixed an issue where voiceovers on TV news channels could be missing or too quiet.Fixed an issue where the Quadra Turbo-R V-Tech used a description of Quadra Turbo-R 740 instead of its own unique one.Fixed the missing 2.2 "check what's new" pop-up in the main menu.Console-specificFixed an issue where screenshots appeared as blank in the Gallery on Xbox if they were taken with HDR10 enabled.Added a pop-up in the Gallery to notify players when access to screenshots is blocked by the console's privacy settings on Xbox.Screenshots deleted on Xbox outside the Gallery UI will now be correctly marked in the Gallery and will disappear from occupied slots after reopening the Gallery.Fixed an issue where the Graphics Mode on Xbox Series S could be set to Quality instead of Performance by default.PC-specificAdded support for DLSS 4 with Multi Frame Generation for GeForce RTX 50 Series graphics cards, which boosts FPS by using AI to generate up to three times per traditionally rendered frame enabled with GeForce RTX 50 Series on January 30th. DLSS 4 also introduces faster single Frame Generation with reduced memory usage for RTX 50 and 40 Series. Additionally, you can now choose between the CNN model or the new Transformer model for DLSS Ray Reconstruction, DLSS Super Resolution, and DLAA on all GeForce RTX graphics cards today. The new Transformer model enhances stability, lighting, and detail in motion.Fixed artifacts and smudging on in-game screens when using DLSS Ray Reconstruction.The Frame Generation field in Graphics settings will now properly reset after switching Resolution Scaling to OFF.Sayem is a freelancer based in the UK, covering tech & hardware. You can get in touch with him at @sayem.zone on Bluesky.

EAs Origin App was introduced in 2011 so you could browse and purchase EAs PC games on its digital storefront instead of Steam. The most notable launch from this time was a strict Origin requirement for Mass Effect 3 in 2012. However, it never really seemed to take off.Due to clunky UX and frustrating login processes, many PC gamers chose to outright avoid using Origin as much as possible. Despite this, EA persisted, but has now finally decided to outright replace Origin with the equally clunky EA app.This comes along with several caveats. Own Titanfall on Origin but cant access your account? Too bad, if you dont make a formal account switch from Origin to EA, youll lose access to the games youve paid for.Along the way, anyone running a 32-bit system will also be left behind, as the EA app supports 64-bit OS only. To be fair to EA, Steam itself also dropped support for 32-bit operating systems in early 2024, with a scant few users on 32-bit systems remaining. Its extremely unlikely that anyone who has purchased a new PC or laptop, or assembled a custom gaming PC in the last five years will be running on a 32-bit OS. However, Microsoft did sell 32-bit versions of Windows 10 up to 2020. If youre on Windows 11, theres no sweat. 64-bit support was first introduced in Windows Vistas release almost 20 years ago.A quick way to check is to see how much RAM your system is running. A 32-bit OS can only use a maximum of 4GB of RAM, so if youve got more than that in your system, youve likely got nothing to worry about. However, if youve accidentally installed a 32-bit version of Windows, youll have to wipe your entire system and reinstall a 64-bit version of the OS.While support being dropped for 32-bit systems isnt too surprising in 2024, it calls into question the nature of digital ownership. Its no fun losing access to a library of games that youve owned for years due to hardware changes. Steam isnt free from this either, as Valve has also dropped 32-bit support, leaving players who cant upgrade to modern systems high and dry.Invasive digital DRM solutions like Denuvo are also becoming increasingly commonplace in PC games, since some elements require deep kernel-level access to your PC, or have arbitrary installation limits, despite your purchase.One way of preserving a legitimately purchased digital library is to support GOG, run by CD Projekt. The DRM-free nature of every game listed on the store means that once you download a title, youll be able to run it and own it on whatever hardware the title supports, forever.However, the window this opens up for developers is the possibility of software piracy. But, thats not stopped new titles from being released on the platform, with the upcoming RPG Kingdom Come: Deliverance 2 coming soon to GOG.Sayem is a freelancer based in the UK, covering tech & hardware. You can get in touch with him at @sayem.zone on Bluesky.

Warning: contains finale spoilers for The Night Agent season one.The FBIs Peter Sutherland had a hell of a time in the first season of Netflixs mega-hit The Night Agent. He was blown up in a metro train bombing, hunted by assassins, framed for kidnapping the vice presidents daughter, shot at, beaten up, stabbed, and had so many high-speed car chases that his insurance premiums must be as high as his blood pressure.It paid off though. Not only did Peter meet a great girl in Silicon Valley coding whizz Rose Larkin (whom hed been tasked with protecting after shed witnessed the murders of her secret agent aunt and uncle), but he also landed his dream job. Formerly the low-level guy manning the Night Action emergency phoneline in the White House basement, now Peter is at the other end of the line. Hes a Night Agent part of an elite group of operatives working directly for the president on top-secret missions too spicy for the rest of the security services. Season one ended with Peter on a plane out of the US and off to train as a Night Agent. Tech-pro Rose waved him goodbye at the airfield before leaving for California to try again with her failed start-up. Season two and the already-confirmed season three will follow the pair into whatever new peril showrunner Shawn Ryan and novelist Matthew Quirk (whose novel inspired all this) come up with. Ahead of the shows return, heres what you need to remember from the first outing.Who Was the White House Mole?Before Roses aunt and uncle were murdered in their Virginia home by a hired assassin, she overheard them discussing a White House mole, the codename Osprey, and the threat of an attack on US soil. The mole turned out to be US vice president Ashley Redfield, who was working in conjunction with Gordon Wick, the wealthy head of military contract supplier Turn Lake, whod bankrolled Redfields political campaigns for years. Osprey was Omar Zadar, a Balkan dissident and the leader of the Peoples Independence Front or PIF political group. US president Michelle Travers was building bridges with Zadar and planning to support his leadership bid in his own country, but Redfield and Wick didnt want that to happen Redfield because he saw Zadar as a terrorist, and Wick because Zadar was protesting against Turn Lakes lucrative military contracts in his region and so Zadars premiership could lose his company billions of dollars. The Metro Bombing ConspiracyA year before the main action of The Night Agent, Redfield and Wick attempted to kill Zadar while he was on US soil by orchestrating a bombing on a metro train that would explode a gas line and take out several city blocks covering Zadars location. Unfortunately for them, low-level FBI agent Peter Sutherland happened to be in the same train carriage as the bomb was planted. Peter spotted the bomber, found the explosive, stopped the train, evacuated the car and saved countless lives. This was bad news for Redfield and Wick, who were forced to bring White House Chief of Staff Diane Farr into their conspiracy to get help in covering up their bombing. Farr reluctantly agreed to help because of her loyalty to the president, and so hired Peter Sutherland for a job at the White House to keep an eye on him and because he would make a useful fall guy if anything should go wrong with the cover-up. Peters name would be easy to smear because his father, a fellow FBI agent, was charged with selling state secrets before he died prematurely. Farr helped Redfield and Wick frame the PIF for the bombing in another attempt to discredit Omar Zadar.Who Killed Roses Aunt and Uncle?Emma and Henry Campbell were Roses closest surviving family. They were killed by hired assassins Dale and Ellen, who were working for Wick, Redfield and Diane Farr (see above) because they were close to exposing the Metro bombing conspiracy. The Campbells were undercover secret agents working for Night Action the elite group of operatives to which Peter is eventually recruited. When Roses aunt and uncle were attacked, she called the emergency phone number theyd given her, which was answered by Peter, whose new job was to staff the Night Action phone overnight shifts in the White House basement. Peter coached Rose through her escape and was assigned to protect her when she became a witness in her aunt and uncles murders. What Happened at Camp David? After Peter inadvertently saved Zadars life by stopping the metro bomb reach the city gas line, Wick and Redfield concocted a second plan to kill the PIF leader, and this time to also kill the US president Michelle Travers so that Redfield could take power. A year after the metro bombing, they smuggled two bombs and several corrupt/fake security agents into Camp David but they didnt count on Peter, Rose and secret service agent Chelsea Arrington (the VPs daughters personal security detail) being on the case. Join our mailing listGet the best of Den of Geek delivered right to your inbox!President Travers is loyal to Peter and fast-tracked him onto the Night Action programme because he saved her life at Camp David. Rose and Peter were smuggled into the compound by Diane Farr, who wasnt in on the assassination attempt. Rose used her tech skills to get the sabotaged communications back online, so the president could be warned away from the first bomb. Peter then stopped the president from boarding helicopter Marine 1, on which a second bomb was planted.Who Kidnapped the Vice Presidents Daughter?The original metro bomber hired by Gordon Wick and Ashley Redfield, Colin Worley. Wick thought hed had him killed, but after discovering his identical twin brothers corpse, Colin had assumed his identity and put a revenge plan in action. He seduced one of the vice presidents daughters professors and used him to kidnap her and blackmail the VP to publicly confess to his part in the metro bombing.Diane Farr framed Peter for the kidnapping once she knew that hed worked out that she was part of the White House conspiracy. Luckily for Maddie, Peter was on her side and along with Rose and her security detail Chelsea Arrington and Eric Monks, figured out where she was being held and rescued her. Kidnapper Colin Worley was killed in the rescue mission.What Happened to Roses Start-Up?One of The Night Agents less exhilarating storylines, but one that may return in season two, was the betrayal Rose faced when CEO of her own cybersecurity tech start-up. Her former colleague Adam betrayed her by hacking into companies their firm was charged with protecting, thus losing Rose all her credibility and investment. The company crashed and she left California to go and live with her aunt and uncle in Virginia. At the end of season one though, she planned to return there and try again.One of the reasons Diane Farr thought Peter would make a good scapegoat is that his FBI agent father Peter Sutherland Sr. was famously found guilty of selling US secrets to foreign buyers. Peter never believed that his dad was guilty and fell out over it with his godfather Jim, a journalist who wrote an article confirming Peters dads guilt.After Peter saved the presidents life and exposed the metro bombing conspirators, he was offered a reward and chose to find out the truth about his father, whod died prematurely in what Peter thought was a car accident. The president showed him a video of his father confessing to having sold US secrets, proving that yes, his dad was guilty. However, Peter then learned that his dad had bravely agreed to act as a double agent for the US to make up for his crime. Before he could do so, he was assassinated by a foreign operative and the murder was staged as a car accident.The Night Agent seasons one and two are streaming now on Netflix.

A judge has ruled that there is a reasonable possibility that Apple illegally paid women less than men, meaning that a class action lawsuit filed on behalf of 12,000 current and former female employees will proceed.Apple admits that the pay disparities exist, but claim that these can be justified by the individual circumstances A long-running controversy for AppleThe issue first came to light back in 2021, when an internal survey organized by members of staff identified a 6% pay disparity between the salaries of male and female employees across technical roles.Around 1,400 technical roles appear in the survey results. The data shows that the median pay for men in mid-level technical roles was 6.25% higher than the median pay of women, and the median pay for white employees in these roles was 5.06% higher than that of non-white employees. Furthermore, the median number of stock grants was 11% later for non-white workers in entry-level and mid-level technical roles than for white workers.Apple responded by stating that it was committed to pay equity but also banned any further internal surveys of this kind.Lawsuit alleging Apple illegally paid women lessA class action lawsuit was filed last year on behalf of 12,000 women who are or were employed by Apple, seeking compensation for underpayment. The suit alleges that the company violated the California Equal Pay Act.Apple attempted to have the case dismissed, admitting that the pay differences existed, but claiming that this was a reflection of individual circumstances rather than a failure to meet its legal requirements for equal pay.However, Arstechnica reports that the judge in the case has rejected this argument, stating that there is sufficient evidence to allow the case to proceed.California Superior Court Judge Ethan P. Schulman filed an order that largely denies Apples motions to strike the class allegations and suspend several class claims []Schulman agreed with employees suing that there was a reasonable possibility that thousands of women in Apples California-based engineering, AppleCare, and marketing divisions experienced similar unequal pay and discrimination as alleged in the complaint.Three specific accusationsWhile nobody is suggesting that the company deliberately set out to pay women less, that is not the bar set by the law. The law requires companies to ensure that they do not have recruitment or appraisal policies or practices which inadvertently lead to this result.Specifically, Apple is accused of three things:Asking for existing salaries, and salary expectations, during recruitmentBasing offers on existing salaries would mean perpetuating existing pay disparities at other companies. Apple ceased to do this after the issue was raised, but does still ask for salary expectations, and it has been established that women are on average less confident than men when it comes to asking for higher salaries.Biased employee appraisalsIts alleged that Apples performance reviews reward men and penalize women for the same behaviors. As an example not specific to Apple, it has sometimes been found that men were praised for assertive behavior while the same actions by women were described as aggressive.Biased talent reviewsApple is also accused of carrying out talent reviews (which appear to differ from individual employee appraisals) which result in men and women of equal talent being awarded unequal pay.Apple will defend the caseApple will fight the case. The company has not responded to this development, but has previously said:Apple has a firm and longstanding commitment to pay equity. Globally, employees of all genders earn the same when engaging in similar work with comparable experience and performance. In the United States, the same is true for employees of all races and ethnicities. We dont ask for salary history during the recruiting process [9to5Mac note: It used to do so]. Our recruiters base offers on Apple employees in similar roles. And every year, we examine the compensation employees receive and ensure that we maintain pay equity.Photo byMina RadonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The UK government today announced that the Competition and Markets Authority has launched strategic market status investigations into mobile ecosystems, specifically the App Store models of iPhone and Android. The report says it will assess Apples market power, and potential exploitative conduct. This includes options for app distribution to customers, and the terms app developers must agree to to be listed in the App Store in the first place. In summary, this sounds like the UK equivalent of the EUs various enforcements under the umbrella of the Digital Markets Act.The UK investigations include evaluating the amount of competition between the Apple and Google ecosystems, including barriers to entry of rival services. They will also assess whether Apple and Google are abusing their market power of the monopolies of their mobile operating systems, such as what apps are pre-installed on the device and alternative browser choices. It is also assessing the terms that app developers are required to meet in order to be available on the App Store. The deadline for the investigations into both Apple and Googles App Store models is 22nd October 2025, so we have to wait until closer to the end of the year for the results of their findings. Remedies can include fines and interventions of business behavior. In the EU, this saw Apple forced to add support for third-party app marketplaces, web distribution of apps, browser choice screens and other changes. However, they also introduced alternative business terms and fee structures at the same time, which developers like Epic Games and Spotify protest are still unfair. The EU case is ongoing, but you can imagine that Apple will be inclined to try similar strategies in response to the UK Competition and Markets Authority.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of controls to reduce risk while accepting that some attacks will succeed. This methodology relies on detection, response, and recovery capabilities to minimize damage after a breach has already occurred, but it does not prevent the possibility of successful attacks. The good news? Finally, there's a solution that marks a true paradigm shift: with modern authentication technologies, the complete elimination of identity-based threats is now within reach. This groundbreaking advancement moves us beyond the traditional focus on risk reduction, offering organizations a way to fully neutralize this critical threat vector. For the first time, prevention is not just a goalit's a reality, transforming the landscape of identity security.What are Identity-Based Threats?Identity-based threats, such as phishing, stolen or compromised credentials, business email compromise, and social engineering, remain the most significant attack surface in enterprise environments, impacting 90% of organizations [3]. According to IBM's 2024 Cost of a Data Breach Report, phishing, and stolen credentials are the two most prevalent attack vectors, ranked among the most expensive, with an average breach cost of $4.8 million. Attackers using valid credentials can move freely within systems, making this tactic extremely useful for threat actors. The persistence of identity-based threats can be traced back to the fundamental flaws in traditional authentication mechanisms, which rely on shared secrets like passwords, PINs, and recovery questions. These shared secrets are not only outdated but also inherently vulnerable, creating a fertile ground for attackers to exploit. Let's break down the problem:Phishing Attacks: With the rise of AI tools, attackers can easily craft highly convincing traps, tricking users into revealing their credentials through emails, fake websites, and social media messages. No matter how complex or unique a password is, once the user is deceived, the attacker gains access.Verifier Impersonation: Attackers have become adept at impersonating trusted entities, such as login portals or customer support. By mimicking these verifiers, they can intercept credentials without the user ever realizing they've been compromised. This makes the theft not only effective but also invisible, bypassing many traditional defenses.Password Reset Flows: The processes designed to help users regain access after forgetting or compromising a password have become major attack vectors. Attackers exploit social engineering tactics, leveraging bits of information gathered from social media or purchased on the dark web to manipulate these workflows, bypass security measures, and take control of accounts.Device Compromise: Even when advanced mechanisms, such as multi-factor authentication (MFA), are in place, the compromise of a trusted device can undermine identity integrity. Malware or other malicious tools on a user's device can intercept authentication codes or mimic trusted endpoints, rendering these safeguards ineffective.Characteristics of an Access Solution that Eliminates Identity-Based ThreatsLegacy authentication systems are ineffective at preventing identity-based attacks because they rely on security through obscurity. These systems depend on a combination of weak factors, shared secrets, and human decision-making, all of which are prone to exploitation.The true elimination of identity-based threats requires an authentication architecture that makes entire classes of attacks technically impossible. This is achieved through strong cryptographic controls, hardware-backed security measures, and continuous validation to ensure ongoing trustworthiness throughout the authentication process.The following core characteristics define an access solution designed to achieve complete elimination of identity-based threats.Phishing-ResistantModern authentication architectures must be designed to eliminate the risk of credential theft through phishing attacks. To achieve this, they must include: Elimination of Shared Secrets: Remove shared secrets like passwords, PINs, and recovery questions across the authentication process.Cryptographic Binding: Bind credentials cryptographically to authenticated devices, ensuring they cannot be reused elsewhere.Automated Authentication: Implement authentication flows that minimize or eliminate reliance on human decisions, reducing opportunities for deception.Hardware-Backed Credential Storage: Store credentials securely within hardware, making them resistant to extraction or tampering.No Weak Fallbacks: Avoid fallback mechanisms that rely on weaker authentication factors, as these can reintroduce vulnerabilities.By addressing these key areas, phishing-resistant architectures create a robust defense against one of the most prevalent attack vectors.Verifier Impersonation ResistanceRecognizing legitimate links is inherently challenging for users, making it easy for attackers to exploit this weakness. To combat this, Beyond Identity authentication utilizes a Platform Authenticator that verifies the origin of access requests. This approach ensures that only legitimate requests are processed, effectively preventing attacks based on mimicking legitimate sites.To fully resist verifier impersonation, access solutions must incorporate:Strong Origin Binding: Ensure all authentication requests are securely tied to their original source.Cryptographic Verifier Validation: Use cryptographic methods to confirm the identity of the verifier and block unauthorized imposters.Request Integrity: Prevent redirection or manipulation of authentication requests during transmission.Phishing-Resistant Processes: Eliminate verification mechanisms vulnerable to phishing, such as shared secrets or one-time codes.By embedding these measures, organizations can neutralize the risk of attackers impersonating legitimate authentication services.Device Security ComplianceAuthentication involves not only verifying the user but also assessing the security of their device. Beyond Identity stands out as the only Access Management (AM) solution on the market that provides precise, fine-grained access control by evaluating real-time device risk both during authentication and continuously throughout active sessions.A key benefit of a platform authenticator installed on the device is its ability to deliver verified impersonation resistance, ensuring that attackers cannot mimic legitimate authentication services. Another key benefit is its ability to provide real-time posture and risk data directly from the device, such as whether the firewall is enabled, biometrics are active, disk encryption is in place, the assigned user is verified, and more.With the Beyond Identity Platform Authenticator, organizations can guarantee user identity through phishing-resistant authentication while simultaneously enforcing security compliance on the devices requesting access. This ensures that only trusted users operating secure devices are granted access to your environment.Continuous, Risk-Based Access ControlAuthenticating the user and validating device compliance at the point of access is an important first step, but what happens if a user changes their device configurations? Even legitimate users can unknowingly create risks by disabling the firewall, downloading malicious files, or installing software with known vulnerabilities. Continuous evaluation of both device and user risks is essential to ensure that no exploitable device becomes a gateway for bad actors.Beyond Identity addresses this by continuously monitoring for any changes in the user's environment and enforcing automated controls to block access when configuration drift or risky behavior is detected. By integrating signals from the customer's existing security stack (such as EDR, MDM, and ZTNA tools) alongside native telemetry, Beyond Identity transforms risk insights into actionable access decisions. This enables organizations to create policies tailored precisely to their business needs and compliance requirements, ensuring a secure and adaptable approach to access control.Identity Admins and Security Practitioners - Eliminate Identity Attacks in Your OrganizationsYou likely already have an identity solution in place and may even use MFA. The problem is, these systems are still vulnerable, and attackers are well aware of how to exploit them. Identity-based attacks remain a significant threat, targeting these weaknesses to gain access.With Beyond Identity, you can harden your security stack and eliminate these vulnerabilities. Our phishing-resistant authentication solution ensures both user identity and device compliance, providing deterministic, cutting-edge security. Get in touch for a personalized demo to see firsthand how the solution works and understand how we deliver our security guarantees. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

Jan 23, 2025Ravie LakshmananVulnerability / Network SecuritySonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system."Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands," the company said in an advisory.It's worth noting that CVE-2025-23006 does not affect its Firewall and SMA 100 series products. The flaw has been addressed in version 12.4.3-02854 (platform-hotfix).SonicWall also said that it has been notified of "possible active exploitation" by unspecified threat actors, necessitating that customers apply the fixes as soon as possible to prevent potential attack attempts.The company credited the Microsoft Threat Intelligence Center (MSTIC) with discovering and reporting the security shortcoming."To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Management Console (CMC)," the company recommended.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

As cybersecurity spending grows, so has cybercrime. According to the latest data from the FBI's Internet Crime Complaint Center (IC3), in 2023, a record-breaking 880,418 complaints were filed by the American public, highlighting a significant rise in cybercrime reports compared to previous years.Cyber criminals are refining and scaling their attack methods using artificial intelligence and other tools, so companies must incorporate proactive methods powered by AI, in addition to defensive methods that minimize risks and maximize security.Red teams are an integral part of a proactive security approach that companies can leverage to enhance defenses against adversaries. They play a critical role in determining a companys readiness to prevent cyberattacks by measuring the current security of the target from the threat actors perspective and then recommending improvements designed to prevent harm.While blue teams tend to focus on strengthening defense strategies and responding to incidents, red teams look to identify weaknesses and act in the same manner as an adversary would. By studying the tactics of real-world threat actors and implementing exercises that mimic their attacks, red teams can offer recommendations to help prepare for and disrupt potential threats.Related:Since its inception, the Adobe security red teams value has been felt across the company. By performing active testing using customized toolkits, they can effectively evaluate our preparedness to defend against real-world adversaries and scenarios.Here are the top five strategies I recommend to others looking to implement an effective red team:1. Imitate real-world adversaries: Red teams should be familiar with adversaries and their actions to better understand motivations and possible future scenarios. A global knowledge base like MITRE ATT&CK tracks tactics and techniques based on real-world occurrences and allows companies to gather cataloged and recorded threat intelligence. Reviewing reports from the Cyber Security Review Board can yield ideas on security approaches that are known to be ineffective.2. Replicate hypothetical attack scenarios: Another important capability of red teaming is anticipating and getting ahead of malicious attempts. Simulating techniques by cyber criminals enables red teams to explore theoretical paths that could lead to services or data being compromised.During a simulation, the red team explores hypothetical attacks, such as escalating privileges and moving laterally between systems, which could ultimately cause harm to an organization if the right defenses arent in place. These simulations provide an in-depth understanding while analyzing a myriad of possible attack vectors. After the exercise, the red team should share findings with key stakeholders to enhance controls based on their expertise.Related:3. Develop a customized toolkit: A customized toolkit can help red teams more efficiently perform exercises similar to advanced attackers. These tools may include:Custom exploits that allow the red team to manipulate systems and gain initial access for further attacks. This doesnt necessarily mean identifying completely new vulnerabilities, you can leverage code that an adversary would write to tailor an exploit attempt to be most effective in your environment.Software to effectively communicate with compromised machines (often referred to as Command and Control or C2 for short).Post-exploitation modules that target a companys services and execute them after a system is compromised.Developing these capabilities over time allows teams to stay up to date with the rapidly growing complexity of cyber-attack methods. However, the cost of developing a custom toolkit can be high, so dont let it stop you from using whatever is available from the wider security community for your team to be effective.Related:4. Enhance operations with the help of AI: Because bad actors are using AI, companies benefit from using AI in their own efforts to stay ahead of threats. Red teams can leverage AI tools to better understand the actions of real-world threats. For example, AI can be used to scale the effort of testing defenses, helping red teams get better at discovering and subsequently defending against potential threats. It can save the team time on learning new coding languages and developing tools, since it can help a red teamer to better understand a piece of code more quickly.5. Collaborate with blue teams: Probably the most crucial piece of effective red teaming is the collaboration with blue teams to enhance detection and response capabilities. This allows blue teams to test whether their assumptions of the environment theyre trying to protect hold true. Purple team exercises are joint engagements between red and blue teams. The red team simulates attack actions for the blue team, which then verifies that it detected the attempt, and if not, would have had sufficient logs to detect the actions. The collaboration helps both teams develop more effective threat detection methods.When a company uses red teams to better understand and anticipate adversarial scenarios, they can be more focused and make security investments where they make the most impact. Red teaming is a helpful element of a comprehensive cybersecurity strategy. It should always be integrated with robust technical controls, and a culture that prioritizes security and threat awareness to defend against cyber threats effectively.

In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board (CSRB) tasked with investigating state-sponsored cyber threats against the US.

It might sound like something straight out of the 19th century, but one of the most cutting-edge areas in energy today involves drilling deep underground to hunt for materials that can be burned for energy. The difference is that this time, instead of looking for fossil fuels, the race is on to find natural deposits of hydrogen. Hydrogen is already a key ingredient in the chemical industry and could be used as a greener fuel in industries from aviation and transoceanic shipping to steelmaking. Today, the gas needs to be manufactured, but theres some evidence that there are vast deposits underground. Ive been thinking about underground resources a lot this week, since Ive been reporting a story about a new startup, Addis Energy. The company is looking to use subsurface rocks, and the conditions down there, to produce another useful chemical: ammonia. In an age of lab-produced breakthroughs, it feels like something of a regression to go digging for resources, but looking underground could help meet energy demand while also addressing climate change. Its rare that hydrogen turns up in oil and gas operations, and for decades, the conventional wisdom has been that there arent large deposits of the gas underground. Hydrogen molecules are tiny, after all, so even if the gas was forming there, the assumption was that it would just leak out. However, there have been somewhat accidental discoveries of hydrogen over the decades, in abandoned mines or new well sites. There are reports of wells that spewed colorless gas, or flames that burned gold. And as people have looked more intentionally for hydrogen, theyve started to find it. As it turns out, hydrogen tends to build up in very different rocks from those that host oil and gas deposits. While fossil-fuel prospecting tends to focus on softer rocks, like organic-rich shale, hydrogen seems most plentiful in iron-rich rocks like olivine. The gas forms when chemical reactions at elevated temperature and pressure underground pull water apart. (Theres also likely another mechanism that forms hydrogen underground, called radiolysis, where radioactive elements emit radiation that can split water.) Some research has put the potential amount of hydrogen available at around a trillion tonsplenty to feed our demand for centuries, even if we ramp up use of the gas. The past few years have seen companies spring up around the world to try to locate and tap these resources. Theres an influx in Australia, especially the southern part of the country, which seems to have conditions that are good for making hydrogen. One startup, Koloma, has raised over $350 million to aid its geologic hydrogen exploration. There are so many open questions for this industry, including how much hydrogen is actually going to be accessible and economical to extract. Its not even clear how best to look for the gas today; researchers and companies are borrowing techniques and tools from the oil and gas industry, but there could be better ways. Its also unknown how this could affect climate change. Hydrogen itself may not warm the planet, but it can contribute indirectly to global warming by extending the lifetime of other greenhouse gases. Its also often found with methane, a super-powerful greenhouse gas that could do major harm if it leaks out of operations at a significant level. Theres also the issue of transportation: Hydrogen isnt very dense, and it can be difficult to store and move around. Deposits that are far away from the final customers could face high costs that might make the whole endeavor uneconomical. But this whole area is incredibly exciting, and researchers are working to better understand it. Some are looking to expand the potential pool of resources by pumping water underground to stimulate hydrogen production from rocks that wouldnt naturally produce the gas. Theres something fascinating to me about using the playbook of the oil and gas industry to develop an energy source that could actually help humanity combat climate change. It could be a strategic move to address energy demand, since a lot of expertise has accumulated over the roughly 150 years that weve been digging up fossil fuels. After all, its not digging thats the problemits emissions. Now read the rest of The Spark Related reading This story from Science, published in 2023, is a great deep dive into the world of so-called gold hydrogen. Give it a read for more on the history and geology here. For more on commercial efforts, specifically Koloma, give this piece from Canary Media a read. And for all the details on geologic ammonia and Addis Energy, check out my latest story here. Another thing Donald Trump officially took office on Monday and signed a flurry of executive orders. Here are a few of the most significant ones for climate: Trump announced his intention to once again withdraw from the Paris agreement. After a one-year waiting period, the worlds largest economy will officially leave the major international climate treaty. (New York Times) The president also signed an order that pauses lease sales for offshore wind power projects in federal waters. Its not clear how much the office will be able to slow projects that already have their federal permits. (Associated Press) Another executive order, titled Unleashing American Energy, broadly signals a wide range of climate and energy moves. One section ends the EV mandate. The US government doesnt have any mandates around EVs, but this bit is a signal of the administrations intent to roll back policies and funding that support adoption of these vehicles. There will almost certainly be court battles. (Wired) Another section pauses the disbursement of tens of billions of dollars for climate and energy. The spending was designated by Congress in two of the landmark laws from the Biden administration, the Bipartisan Infrastructure Law and the Inflation Reduction Act. Again, experts say we can likely expect legal fights. (Canary Media)Keeping up with climate The Chinese automaker BYD built more electric vehicles in 2024 than Tesla did. The data signals a global shift to cheaper EVs and the continued dominance of China in the EV market. (Washington Post) A pair of nuclear reactors in South Carolina could get a second chance at life. Construction halted at the VC Summer plant in 2017, $9 billion into the project. Now the sites owner wants to sell. (Wall Street Journal) Existing reactors are more in-demand than ever, as I covered in this story about whats next for nuclear power. (MIT Technology Review) In California, charging depots for electric trucks are increasingly choosing to cobble together their own power rather than waiting years to connect to the grid. These solar- and wind-powered microgrids could help handle broader electricity demand. (Canary Media) Wildfires in Southern California are challenging even wildlife that have adapted to frequent blazes. As fires become more frequent and intense, biologists worry about animals like mountain lions. (Inside Climate News) Experts warn that ash from the California wildfires could be toxic, containing materials like lead and arsenic. (Associated Press) Burning wood for power isnt necessary to help the UK meet its decarbonization goals, according to a new analysis. Biomass is a controversial green power source that critics say contributes to air pollution and harms forests. (The Guardian)